This version is under construction, please use an official release version

Operator Compatibility

Since the operator ecosystem is still evolving, different operators may be built and operate differently, and some of them may not work correctly with KubeCarrier. This document describes the requirements for operators to be fully compatible with KubeCarrier.

CRD Versions

KubeCarrier currently works only with operators that expose CustomResourceDefinitions (CRDs) of version v1, e.g.:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition

For more information, see the related issue on GitHub.

CRD Scope

The CustomResourceDefinition (CRD) can be either namespaced or cluster-scoped, as specified in the CRD’s scope field. Since KubeCarrier uses Namespaces to separate individual Accounts, it counts with the ability to create Custom Resources (CRs) in multiple namespaces. Therefore, KubeCarrier works correctly only with namespaced CRDs.

Operator Scope

Operators can be either namespace-scoped or cluster-scoped. A namespace-scoped operator watches and manages resources in a single Namespace, or a fixed list of Namespaces, whereas a cluster-scoped operator watches and manages resources cluster-wide. Since KubeCarrier uses Namespaces to separate individual Accounts, it counts with the ability to create Custom Resources (CRs) in multiple namespaces and expects operators to be cluster-scoped to properly handle events on Custom Resources in any namespace.

Operators built using the Operator Framework often use the environment variable WATCH_NAMESPACE for switching between namespace-scoped and cluster-scoped mode. In that case, we expect it to be set to an empty string / unset:

    env:
      - name: WATCH_NAMESPACE
        value: ""

For more information, read the Operator Scope part of the Operator Framework documentation.

Operators built using the Kubebuilder SDK can restrict the namespace their controllers will watch for resources within the initialization of their Manager. To correctly work with KubeCarrier, we expect their Namespace option to be set to an empty string / unset:

mgr, err := ctrl.NewManager(cfg, manager.Options{Namespace: ""})

Apart from operator namespace settings, the RBAC permissions for the operator have to be set cluster-wide as well (i.e. they should be using ClusterRoles and ClusterRoleBinding as opposed to Roles and RoleBinding).

Examples of Compatible Operators

The following list contains few examples of operators known to be working correctly with KubeCarrier: