Since the operator ecosystem is still evolving, different operators may be built and operate differently, and some of them may not work correctly with KubeCarrier. This document describes the requirements for operators to be fully compatible with KubeCarrier.
KubeCarrier currently works only with operators that expose CustomResourceDefinitions (CRDs) of version v1, e.g.:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
For more information, see the related issue on GitHub.
The CustomResourceDefinition (CRD) can be either namespaced or cluster-scoped, as specified in the CRD’s scope field.
Since KubeCarrier uses Namespaces to separate individual Accounts, it counts with the ability to create Custom Resources
(CRs) in multiple namespaces. Therefore, KubeCarrier works correctly only with namespaced CRDs.
Operators can be either namespace-scoped or cluster-scoped. A namespace-scoped operator watches and manages resources in a single Namespace, or a fixed list of Namespaces, whereas a cluster-scoped operator watches and manages resources cluster-wide. Since KubeCarrier uses Namespaces to separate individual Accounts, it counts with the ability to create Custom Resources (CRs) in multiple namespaces and expects operators to be cluster-scoped to properly handle events on Custom Resources in any namespace.
Operators built using the Operator Framework often use the environment variable
WATCH_NAMESPACE for switching between namespace-scoped and cluster-scoped mode. In that case, we expect it to be set
to an empty string / unset:
env:
- name: WATCH_NAMESPACE
value: ""
For more information, read the Operator Scope part of the Operator Framework documentation.
Operators built using the Kubebuilder SDK can restrict the namespace their controllers will watch for resources within the initialization of their Manager. To correctly work with KubeCarrier, we expect their Namespace option to be set to an empty string / unset:
mgr, err := ctrl.NewManager(cfg, manager.Options{Namespace: ""})
Apart from operator namespace settings, the RBAC permissions for the operator have to be set cluster-wide as well (i.e. they should be using ClusterRoles and ClusterRoleBinding as opposed to Roles and RoleBinding).
The following list contains few examples of operators known to be working correctly with KubeCarrier: