IBM Platform API Operator

Important: Do not install this operator directly. Only install this operator using the IBM Common Services Operator. For more information about installing this operator and other Common Services operators, see Installer documentation. If you are using this operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak to learn more about how to install and use the operator service. For more information about IBM Cloud Paks, see IBM Cloud Paks that use Common Services.

The Platform API operator provides REST services for viewing information about your cluster, manage your cluster, download CLI tools, and much more.

For more information about the available IBM Cloud Platform Common Services, see the IBM Knowledge Center.

Supported platforms

Red Hat OpenShift Container Platform 4.3 or newer installed on one of the following platforms:

• Linux x86_64
• Linux on Power (ppc64le)
• Linux on IBM Z and LinuxONE

Operator versions

• 3.25.0

Prerequisites

Before you install this operator, you need to first install the operator dependencies and prerequisites:

• For the list of operator dependencies, see the IBM Knowledge Center Common Services dependencies documentation.

• For the list of prerequisites for installing the operator, see the IBM Knowledge Center Preparing to install services documentation.

PodSecurityPolicy Requirements

See IBM Platform API Chart README

Documentation

To install the operator with the IBM Common Services Operator follow the the installation and configuration instructions within the IBM Knowledge Center.

• If you are using the operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak. For a list of IBM Cloud Paks, see IBM Cloud Paks that use Common Services.
• If you are using the operator with an IBM Containerized Software, see the IBM Cloud Platform Common Services Knowledge Center Installer documentation.

SecurityContextConstraints Requirements

The Platform API service requires running with the OpenShift Container Platform 4.x default restricted Security Context Constraints (SCCs).

To use a custom SCC

1. Create and customize the following platform-api-scc SCC

apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  annotations:
    kubernetes.io/description: "This policy is the most restrictive for platform-api, 
      requiring pods to run with a non-root UID, and preventing pods from accessing the host.
      The UID and GID will be bound by ranges specified at the Namespace level." 
    cloudpak.ibm.com/version: "1.1.0"
  name: platform-api-scc
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
defaultAddCapabilities: null
fsGroup:
  type: MustRunAs
groups:
- system:authenticated
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
  type: MustRunAsRange
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: RunAsAny
users: []
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret

2. Add the platform-api-scc SCC to ibm-platform-api-operand service account

# oc adm policy add-scc-to-user platform-api-scc -z ibm-platform-api-operand

3. Restart the platform-api pods

# oc delete po -l app=platform-api

4. Verify the SCC is applied

# oc describe po -l app=platform-api | grep scc

For more information about the OpenShift Container Platform Security Context Constraints, see Managing Security Context Constraints.

Backup and recovery

This operator does not persist any data. There is no backup and recovery procedure needed.

Developer guide

If, as a developer, you are looking to build and test this operator to try out and learn more about the operator and its capabilities, you can use the following developer guide. This guide provides commands for a quick install and initial validation for running the operator.

Important: The following developer guide is provided as-is and only for trial and education purposes. IBM and IBM Support does not provide any support for the usage of the operator with this developer guide. For the official supported install and usage guide for the operator, see the the IBM Knowledge Center documentation for your IBM Cloud Pak or for IBM Cloud Platform Common Services.

Quick start guide

Use the following quick start commands for building and testing the operator:

Cloning the operator repository

# git clone git@github.com:IBM/ibm-platform-api-operator.git
# cd ibm-platform-api-operator

Building the operator image

# make build

Installing the operator

# make install

Uninstalling the operator

# make uninstall

Debugging guide

Use the following commands to debug the operator:

Check the Cluster Service Version (CSV) installation status

# oc get csv
# oc describe csv ibm-platform-api-operator.v3.25.0

Check the custom resource status

# oc describe platformapis platform-api
# oc get platformapis platform-api -o yaml

Check the operator status and log

# oc describe po -l name=ibm-platform-api-operator
# oc logs -f $(oc get po -l name=ibm-platform-api-operator -o name)

End-to-End testing

For more instructions on how to run end-to-end testing with the Operand Deployment Lifecycle Manager, see ODLM guide.