openshift
diff --git a/‎_topic_map.yml
Lines changed: 5 additions & 1 deletion b/‎_topic_map.yml
Lines changed: 5 additions & 1 deletion
diff --git a/‎modules/about-operator-sdk.adoc
Lines changed: 1 addition & 1 deletion b/‎modules/about-operator-sdk.adoc
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/building-memcached-operator-using-osdk.adoc
Lines changed: 4 additions & 5 deletions b/‎modules/building-memcached-operator-using-osdk.adoc
Lines changed: 4 additions & 5 deletions
diff --git a/‎modules/building-operator-with-helm-using-osdk.adoc
Lines changed: 350 additions & 0 deletions b/‎modules/building-operator-with-helm-using-osdk.adoc
Lines changed: 350 additions & 0 deletions
@@ -126,10 +126,14 @@ Distros: openshift-*
 Topics:
 - Name: Getting started with the Operator SDK
   File: osdk-getting-started
-- Name: Operator SDK CLI Reference
+- Name: Operators based on Helm charts
+  File: osdk-helm
+- Name: Operator SDK CLI reference
   File: osdk-cli-reference
 - Name: Migrating to Operator SDK v0.1.0
   File: migrating-to-osdk-v0-1-0
+- Name: Appendices
+  File: operators-appendices
 ---
 Name: Aggregated EFK Logging
 Dir: logging
 
@@ -2,7 +2,7 @@
 //
 // * operators/osdk-getting-started.adoc
 
-[id='about-opreator-sdk-{context}']
+[id='about-operator-sdk-{context}']
 = About the Operator SDK
 
 The link:https://coreos.com/operators/[Operator Framework] is an open source
 
@@ -18,10 +18,9 @@ using tools and libraries provided by the SDK.
 
 - Operator SDK CLI installed on the development workstation
 - Operator Lifecycle Manager (OLM) installed on a Kubernetes-based cluster (v1.8
-or above to support the `apps/v1beta2` API group), for example {product-title}
-3.11 with Technology Preview OLM enabled
-- Access to the cluster using an account with cluster-admin permissions
-- link:https://kubernetes.io/docs/tasks/tools/install-kubectl/[`kubectl`] v1.11.0+
+or above to support the `apps/v1beta2` API group), for example {product-title} 4.0
+- Access to the cluster using an account with `cluster-admin` permissions
+- link:https://kubernetes.io/docs/tasks/tools/install-kubectl/[`kubectl`] v1.11.3+
 (can alternatively use `oc`)
 
 .Procedure
@@ -38,7 +37,7 @@ $ cd memcached-operator
 +
 [TIP]
 ====
-See xref:operator-project-scaffolding-layout_osdk-getting-started[Appendices] to
+See xref:operators-appendices.adoc#operator-project-scaffolding-layout_operator-appendices[Appendices] to
 learn about the project directory structure created by the previous commands.
 ====
 
 
@@ -0,0 +1,350 @@
+// Module included in the following assemblies:
+//
+// * operators/osdk-helm.adoc
+
+[id='building-operator-with-helm-using-osdk_{context}']
+= Building an Operator with Helm charts using the Operator SDK
+
+This procedure walks through an example of building a simple Nginx Operator
+powered by a Helm chart using tools and libraries provided by the Operator SDK.
+
+[TIP]
+====
+It is best practice to build a new Operator for each chart. This can allow for
+more native-behaving Kubernetes APIs (e.g., `oc get Nginx`) and flexibility if
+you ever want to write a fully-fledged Operator in Go, migrating away from a
+Helm-based Operator.
+====
+
+.Prerequisites
+
+- Operator SDK CLI installed on the development workstation
+- Access to a Kubernetes-based cluster v1.11.3+ (for example {product-title} 4.0)
+using an account with `cluster-admin` permissions
+- link:https://kubernetes.io/docs/tasks/tools/install-kubectl/[`kubectl`] v1.11.3+
+(can alternatively use `oc`)
+
+.Procedure
+
+. *Create a new project.*
++
+To create a new Helm-based, namespace-scoped `nginx-operator` project, use the
+`operator-sdk new` command:
++
+----
+$ operator-sdk new nginx-operator \
+  --api-version=example.com/v1alpha1 --kind=Nginx --type=helm
+$ cd nginx-operator
+----
++
+[TIP]
+====
+See
+xref:operators-appendices.adoc#operator-project-scaffolding-layout_operator-appendices[Appendices]
+to learn about the project directory structure created by the previous commands.
+====
++
+This creates the `nginx-operator` project specifically for watching the Nginx
+resource with APIVersion `example.com/v1apha1` and Kind `Nginx`.
++
+.Operator scope
++
+A namespace-scoped Operator (the default) watches and manages resources in a
+single namespace, whereas a cluster-scoped operator watches and manages
+resources cluster-wide. Namespace-scoped operators are preferred because of
+their flexibility. They enable decoupled upgrades, namespace isolation for
+failures and monitoring, and differing API definitions.
++
+However, there are use cases where a cluster-scoped operator may make sense. For
+example, the `cert-manager` operator is often deployed with cluster-scoped
+permissions and watches so that it can manage issuing certificates for an entire
+cluster.
++
+If you would like to create your `nginx-operator` project to be cluster-scoped,
+use the following `operator-sdk new` command instead:
++
+----
+$ operator-sdk new nginx-operator \
+    --cluster-scoped --api-version=example.com/v1alpha1 \
+    --kind=Nginx --type=helm
+----
++
+Using the `--cluster-scoped` flag will scaffold the new Operator with the
+following modifications:
++
+--
+* `deploy/operator.yaml`: Set `WATCH_NAMESPACE=""` instead of setting it to the
+Pod's namespace.
+* `deploy/role.yaml`: Use `ClusterRole` instead of `Role`.
+* `deploy/role_binding.yaml`:
+** Use `ClusterRoleBinding` instead of `RoleBinding`.
+** Set the subject namespace to `REPLACE_NAMESPACE`. This must be changed to the
+namespace in which the Operator is deployed.
+--
+
+. *Customize the Operator logic.*
++
+For this example, the `nginx-operator` executes the following reconciliation
+logic for each Nginx Custom Resource (CR):
++
+--
+* Create a Nginx Deployment if it does not exist.
+* Create a Nginx Service if it does not exist.
+* Create a Nginx Ingress if it is enabled and does not exist.
+* Ensure that the Deployment, Service, and optional Ingress match the desired
+configuration (e.g., replica count, image, service type) as specified by the
+Nginx CR.
+--
++
+By default, the `nginx-operator` watches `Nginx` resource events as shown in the
+`watches.yaml` file and executes Helm releases using the specified chart:
++
+----
+---
+- version: v1alpha1
+  group: example.com
+  kind: Nginx
+  chart: /opt/helm/helm-charts/nginx
+----
+
+.. *Review the Nginx Helm chart.*
++
+When a Helm Operator project is created, the Operator SDK creates an example Helm chart that contains a set of templates for a simple Nginx release.
++
+For this example, templates are available for Deployment, Service, and Ingress
+resources, along with a `NOTES.txt` template, which Helm chart developers use to
+convey helpful information about a release.
++
+If you are not already familiar with Helm Charts, take a moment to review the
+link:https://docs.helm.sh/developing_charts/[Helm Chart developer documentation].
+
+.. *Understand the Nginx CR spec.*
++
+Helm uses a concept called
+link:https://docs.helm.sh/using_helm/#customizing-the-chart-before-installing[values]
+to provide customizations to a Helm chart's defaults, which are defined in the
+Helm chart's `values.yaml` file.
++
+Override these defaults by setting the desired values in the CR spec. You can
+use the number of replicas as an example:
+
+... First, inspect the `helm-charts/nginx/values.yaml` file to find that the chart
+has a value called `replicaCount` and it is set to `1` by default. To have 2
+Nginx instances in your deployment, your CR spec must contain `replicaCount: 2`.
++
+Update the `deploy/crds/example_v1alpha1_nginx_cr.yaml` file to look like the
+following:
++
+----
+apiVersion: example.com/v1alpha1
+kind: Nginx
+metadata:
+  name: example-nginx
+spec:
+  replicaCount: 2
+----
+
+... Similarly, the default service port is set to `80`. To instead use `8080`,
+update the `deploy/crds/example_v1alpha1_nginx_cr.yaml` file again by adding the
+service port override:
++
+----
+apiVersion: example.com/v1alpha1
+kind: Nginx
+metadata:
+  name: example-nginx
+spec:
+  replicaCount: 2
+  service:
+    port: 8080
+----
++
+The Helm Operator applies the entire spec as if it was the contents of a values
+file, just like the `helm install -f ./overrides.yaml` command works.
+
+. *Deploy the CRD.*
++
+Before running the Operator, Kubernetes needs to know about the new custom
+resource definition (CRD) the operator will be watching. Deploy the following CRD:
++
+----
+$ kubectl create -f deploy/crds/example_v1alpha1_nginx_crd.yaml
+----
+
+. *Build and run the Operator.*
++
+There are two ways to build and run the Operator:
++
+--
+* As a Pod inside a Kubernetes cluster.
+* As a Go program outside the cluster using the `operator-sdk up` command.
+--
++
+Choose one of the following methods.
+
+.. _Option 1:_ Run as a Pod inside a Kubernetes cluster. This is the preferred
+method for production use.
++
+Build the `nginx-operator` image and push it to a registry:
++
+----
+$ operator-sdk build quay.io/example/nginx-operator:v0.0.1
+$ docker push quay.io/example/nginx-operator:v0.0.1
+----
++
+Kubernetes deployment manifests are generated in the `deploy/operator.yaml`
+file. The deployment image in this file needs to be modified from the
+placeholder `REPLACE_IMAGE` to the previous built image. To do this, run:
++
+----
+$ sed -i 's|REPLACE_IMAGE|quay.io/example/nginx-operator:v0.0.1|g' deploy/operator.yaml
+----
++
+If you created your Operator using the `--cluster-scoped=true` flag, update the
+service account namespace in the generated `ClusterRoleBinding` to match where
+you are deploying your Operator:
++
+----
+$ export OPERATOR_NAMESPACE=$(kubectl config view --minify -o jsonpath='{.contexts[0].context.namespace}')
+$ sed -i "s|REPLACE_NAMESPACE|$OPERATOR_NAMESPACE|g" deploy/role_binding.yaml
+----
++
+[NOTE]
+====
+If you are performing these steps on OSX, use the following commands instead:
+
+----
+$ sed -i "" 's|REPLACE_IMAGE|quay.io/example/nginx-operator:v0.0.1|g' deploy/operator.yaml
+$ sed -i "" "s|REPLACE_NAMESPACE|$OPERATOR_NAMESPACE|g" deploy/role_binding.yaml
+----
+====
++
+Deploy the `nginx-operator`:
++
+----
+$ kubectl create -f deploy/service_account.yaml
+$ kubectl create -f deploy/role.yaml
+$ kubectl create -f deploy/role_binding.yaml
+$ kubectl create -f deploy/operator.yaml
+----
++
+Verify that the `nginx-operator` is up and running:
++
+----
+$ kubectl get deployment
+NAME                 DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+nginx-operator       1         1         1            1           1m
+----
+
+.. _Option 2:_ Run outside the cluster. This method is preferred during the
+development cycle to speed up deployment and testing.
++
+It is important that the chart path referenced in the `watches.yaml` file exists
+on your machine. By default, the `watches.yaml` file is scaffolded to work with
+an Operator image built with the `operator-sdk build` command. When developing
+and testing your operator with the `operator-sdk up local` command, the SDK
+looks in your local file system for this path.
++
+It is recommend to create a symlink at this location to point to your Helm
+chart's path:
++
+----
+$ sudo mkdir -p /opt/helm/helm-charts
+$ sudo ln -s $PWD/helm-charts/nginx /opt/helm/helm-charts/nginx
+----
++
+To run the Operator locally with the default Kubernetes configuration file
+present at `$HOME/.kube/config`:
++
+----
+$ operator-sdk up local
+INFO[0000] Go Version: go1.10.3
+INFO[0000] Go OS/Arch: linux/amd64
+INFO[0000] operator-sdk Version: v0.3.0+git
+----
++
+To run the Operator locally with a provided Kubernetes configuration file:
++
+----
+$ operator-sdk up local --kubeconfig=<path_to_config>
+INFO[0000] Go Version: go1.10.3
+INFO[0000] Go OS/Arch: linux/amd64
+INFO[0000] operator-sdk Version: v0.3.0+git
+----
+
+. *Deploy the Nginx custom resource.*
++
+Apply the Nginx CR that you modified earlier:
++
+----
+$ kubectl apply -f deploy/crds/example_v1alpha1_nginx_cr.yaml
+----
++
+Ensure that the `nginx-operator` creates the Deployment for the CR:
++
+----
+$ kubectl get deployment
+NAME                                           DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+example-nginx-b9phnoz9spckcrua7ihrbkrt1        2         2         2            2           1m
+----
++
+Check the Pods to confirm two replicas were created:
++
+----
+$ kubectl get pods
+NAME                                                      READY     STATUS    RESTARTS   AGE
+example-nginx-b9phnoz9spckcrua7ihrbkrt1-f8f9c875d-fjcr9   1/1       Running   0          1m
+example-nginx-b9phnoz9spckcrua7ihrbkrt1-f8f9c875d-ljbzl   1/1       Running   0          1m
+----
++
+Check that the Service port is set to `8080`:
++
+----
+$ kubectl get service
+NAME                                      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
+example-nginx-b9phnoz9spckcrua7ihrbkrt1   ClusterIP   10.96.26.3   <none>        8080/TCP   1m
+----
+
+. *Update the `replicaCount` and remove the port.*
++
+Change the `spec.replicaCount` field from `2` to `3`, remove the `spec.service`
+field, and apply the change:
++
+----
+$ cat deploy/crds/example_v1alpha1_nginx_cr.yaml
+apiVersion: "example.com/v1alpha1"
+kind: "Nginx"
+metadata:
+  name: "example-nginx"
+spec:
+  replicaCount: 3
+
+$ kubectl apply -f deploy/crds/example_v1alpha1_nginx_cr.yaml
+----
++
+Confirm that the Operator changes the Deployment size:
++
+----
+$ kubectl get deployment
+NAME                                           DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
+example-nginx-b9phnoz9spckcrua7ihrbkrt1        3         3         3            3           1m
+----
++
+Check that the Service port is set to the default `80`:
++
+----
+$ kubectl get service
+NAME                                      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)  AGE
+example-nginx-b9phnoz9spckcrua7ihrbkrt1   ClusterIP   10.96.26.3   <none>        80/TCP   1m
+----
+
+. *Clean up the resources:*
++
+----
+$ kubectl delete -f deploy/crds/example_v1alpha1_nginx_cr.yaml
+$ kubectl delete -f deploy/operator.yaml
+$ kubectl delete -f deploy/role_binding.yaml
+$ kubectl delete -f deploy/role.yaml
+$ kubectl delete -f deploy/service_account.yaml
+$ kubectl delete -f deploy/crds/example_v1alpha1_nginx_cr.yaml
+----