OpenShift
SDP operators are certified for the OpenShift platform and can be installed from the OperatorHub.
| OpenShift installations with FIPS mode enabled are not supported. This is because neither the SDP operators, nor the supported Apache products are FIPS-compliant. |
Customizing operator installations
Depending on the cluster size, you may need to customize the resources requested by the SDP operator Pods.
This is possible when installing the operators from the command line.
For example, to assign 256Mi of memory to the Apache Kafka operator, you need to create a custom Subscription as follows:
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: stackable-kafka-operator
namespace: stackable-operators
spec:
channel: stable
installPlanApproval: Automatic
name: stackable-kafka-operator
source: certified-operators
sourceNamespace: openshift-marketplace
startingCSV: kafka-operator.v23.11.0
config:
resources:
limits:
memory: 256Mi
requests:
memory: 256MiIn addition, You can restrict the operator to watch a specific namespace. By default, the operator watches all namespaces.
For example, to restrict the Kafka operator to watching only a namespace called kafka-namespace you add the following properties to the Subscription manifest:
spec:
config:
env:
- name: WATCH_NAMESPACE
value: kafka-namespaceSecurity context constraints
Starting with the release version 24.7.0, all products run with the nonroot-v2 security context constraints (SCC) on OpenShift. This security context is used by the product’s cluster role.
Operators (with two exceptions) don’t request a specific SCC to run with. Usually OpenShift will select the restricted or restricted-v2 SCC unless the cluster admins have specifically assigned a different one to the namespace where the operators are running.
The two exceptions are the secret and the listener operators. These need additional permissions not available in the restricted SCCs to propagate volume mounts to the requesting pods.