Chapter 3. Customizing your environment using Operators and Operator Bundles

The Local Storage Operator (LSO) enables the provisioning of persistent storage through local volumes. Local persistent volumes provide access to local storage devices, such as drives or partitions, by using the standard persistent volume claim interface.

You can perform the following actions using Local Storage Operator (LSO):

Selecting the OpenShift Virtualization Operator, either independently or as part of the Virtualization bundle, automatically activates Local Storage Operator (LSO) in the background.

You can use LVM Storage to dynamically provision block storage on a limited resources cluster.

You can use OpenShift Data Foundation for file, block, and object storage. This storage option is recommended for all OpenShift Container Platform clusters. OpenShift Data Foundation requires a separate subscription.

The OpenShift API for Data Protection (OADP) product safeguards customer applications on OpenShift Container Platform. It offers comprehensive disaster recovery protection, covering OpenShift Container Platform applications, application-related cluster resources, persistent volumes, and internal images. OADP is also capable of backing up both containerized applications and virtual machines (VMs). OADP does not serve as a disaster recovery solution for etcd or OpenShift Operators.

Using the Assisted Installer, you can install the OADP Operator either separately through the API or as part of the Virtualization Operator bundle in the web console. For more information about the use of this Operator in OpenShift Container Platform, see "Additional resources".

You can deploy OpenShift Virtualization to perform the following tasks:

The OpenShift Virtualization Operator requires backend storage and might automatically activate a storage Operator in the background, according to the following criteria:

The Migration Toolkit for Virtualization Operator allows you to migrate virtual machines at scale to a local or remote Red Hat OpenShift Virtualization cluster. You can perform the migration from any of the following source providers:

When you select the Migration Toolkit for Virtualization Operator, the Assisted Installer automatically activates the OpenShift Virtualization Operator. For a Single-node OpenShift installation, the Assisted Installer also activates the LVM Storage Operator.

You can install the Migration Toolkit for Virtualization Operator on OpenShift Container Platform using the Assisted Installer, either independently or as part of the OpenShift Virtualization Operator bundle.

The Migration menu provides access to the Migration Toolkit for Virtualization. Use the toolkit to create and execute a migration plan with the relevant source and destination providers.

For details, see either of the following chapters in the Migration Toolkit for Virtualization Guide:

The OpenShift sandboxed containers Operator provides an additional virtual machine (VM) isolation layer for pods, which manages the installation, configuration, and updating of sandboxed containers runtime (Kata containers) on Red Hat OpenShift clusters. You can install the sandboxed containers runtime in an Red Hat OpenShift cluster by using the Assisted Installer.

Red Hat® OpenShift® Artificial Intelligence (AI) is a flexible, scalable artificial intelligence (AI) and machine learning (ML) platform that enables enterprises to create and deliver AI-enabled applications at scale across hybrid cloud environments. Red Hat® OpenShift® AI enables the following functionality:

The OpenShift AI Operator enables you to install Red Hat® OpenShift® AI on your OpenShift Container Platform cluster. From OpenShift Container Platform version 4.17 and later, you can use the Assisted Installer to deploy the OpenShift AI Operator to your cluster during the installation.

You can install the OpenShift Artificial Intelligence (AI) Operator either separately or as part of the OpenShift AI Operator bundle.

The Advanced Micro Devices (AMD) Graphics Processing Unit (GPU) Operator simplifies the deployment and management of AMD Instinct™ GPUs within a Red Hat OpenShift Container Platform cluster. The hardware acceleration capabilities of the Operator automate several key tasks, making it easier to create artificial intelligence and machine learning (AI/ML) applications. Accelerating specific areas of GPU functions can minimize CPU processing and memory usage, improving overall application speed, memory consumption, and bandwidth restrictions.

In the Assisted Installer, you can install the AMD GPU Operator separately or as part of the OpenShift AI Operator bundle. Selecting the AMD GPU Operator automatically activates the Kernel Module Management Operator.

The NVIDIA GPU Operator uses the operator framework within Kubernetes to automate the management of all NVIDIA software components needed to provision Graphical Processing Units (GPUs).

Some of these software components are as follows:

In OpenShift Container Platform, the Operator provides a consistent, automated, and cloud-native way to leverage the power of NVIDIA GPUs for artificial intelligence, machine learning, high-performance computing, and other GPU-accelerated workloads.

You can install the NVIDIA GPU Operator either separately or as part of the OpenShift AI Operator bundle. Selecting the NVIDIA GPU Operator automatically activates the Node Feature Discovery Operator.

NMState is a declarative NetworkManager API designed for configuring network settings using YAML or JSON-based instructions. The Kubernetes NMState Operator allows you to configure network interface types, DNS, and routing on the cluster nodes using NMState.

You can install the Kubernetes NMState Operator on OpenShift Container Platform using the Assisted Installer, either separately or as part of the OpenShift Virtualization Operator bundle. Installing the Kubernetes NMState Operator with the Assisted Installer automatically creates a kubernetes-nmstate instance, which deploys the NMState State Controller as a daemon set across all of the cluster nodes. The daemons on the cluster nodes periodically report on the state of each node’s network interfaces to the API server.

Red Hat OpenShift Service Mesh addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. It adds a transparent layer on existing distributed applications without requiring any changes to the application code.

Microservice architectures split the work of enterprise applications into modular services, which can make scaling and maintenance easier. However, as an enterprise application built on a microservice architecture grows in size and complexity, it becomes difficult to understand and manage. Service Mesh can address those architecture problems by capturing or intercepting traffic between services and can modify, redirect, or create new requests to other services.

Service Mesh provides an easy way to create a network of deployed services that provides discovery, load balancing, service-to-service authentication, failure recovery, metrics, and monitoring. A service mesh also provides more complex operational functionality, including A/B testing, canary releases, access control, and end-to-end authentication

Red Hat OpenShift Service Mesh requires the use of the Red Hat OpenShift Service Mesh Operator which allows you to connect, secure, control, and observe the microservices that comprise your applications. You can also install other Operators to enhance your service mesh experience. Service mesh is based on the open source Istio project.

Using the Assisted Installer, you can install the OpenShift Service Mesh Operator either separately through the API or as part of the OpenShift AI Operator bundle in the web console.

You can install the MetalLB Operator to enable the use of LoadBalancer services in environments that do not have a built-in cloud load balancer, such as bare-metal clusters.

When you create a LoadBalancer service, MetalLB assigns an external IP address from a predefined pool. MetalLB advertises this IP address on the host network, making the service reachable from outside the cluster. When external traffic enters your OpenShift Container Platform cluster through the MetalLB LoadBalancer service, the return traffic to the client has the external IP address of the load balancer as the source IP.

Using the Assisted Installer, you can install the MetalLB Operator either separately through the API or as part of the Virtualization Operator bundle in the web console. For more information about the use of this Operator in OpenShift Container Platform, see "Additional resources".

The Node Health Check Operator monitors node conditions based on a defined set of criteria to assess their health status. When detecting an issue, the Operator delegates remediation tasks to the appropriate remediation provider to remediate the unhealthy nodes. The Assisted Installer supports the following remediation providers:

Using the Assisted Installer, you can install the Node Health Check Operator either separately through the API or as part of the Virtualization Operator bundle in the web console.

You can use Fence Agents Remediation Operator to automatically recover unhealthy nodes on environments with a traditional API end-point. When a node in the OpenShift Container Platform cluster becomes unhealthy or unresponsive, the Fence Agents Remediation Operator utilizes an external set of fencing agents to isolate it from the rest of the cluster. A fencing agent then resets the unhealthy node in an attempt to resolve transient hardware or software issues. Before or during the reboot process, the Fence Agents Remediation Operator safely moves workloads (pods) running on the unhealthy node to other healthy nodes in the cluster.

Using the Assisted Installer, you can install the Fence Agents Remediation Operator either separately through the API or as part of the Virtualization Operator bundle in the web console.

The Self Node Remediation Operator automatically reboots unhealthy nodes. This remediation strategy minimizes downtime for stateful applications and ReadWriteOnce (RWO) volumes, and restores compute capacity if transient failures occur.

You can use the Self Node Remediation Operator as a remediation provider for the Node Health Check Operator. Currently, it is only possible to install the Self Node Remediation Operator through the API.

The Authorino Operator provides an easy way to install Authorino, providing configurability options at the time of installation.

Authorino is a Kubernetes-native, external authorization service designed to secure APIs and applications. It intercepts requests to services and determines whether to allow or deny access based on configured authentication and authorization policies. Authorino provides a centralized and declarative way to manage access control for your Kubernetes-based applications without requiring code changes.

Using the Assisted Installer, you can install the Authorino Operator either separately through the API or as part of the OpenShift AI Operator bundle in the web console.

The Kernel Module Management (KMM) Operator manages, builds, signs, and deploys out-of-tree kernel modules and device plugins on OpenShift Container Platform clusters.

KMM adds a new Module CRD which describes an out-of-tree kernel module and its associated device plugin. You can use Module resources to configure how to load the module, define ModuleLoader images for kernel versions, and include instructions for building and signing modules for specific kernel versions.

KMM is designed to accommodate multiple kernel versions at once for any kernel module, allowing for seamless node upgrades and reduced application downtime.

You can install the Kernel Module Management Operator either independently or as part of the OpenShift AI Operator bundle.

Red Hat OpenShift Pipelines is a cloud-native, continuous integration and continuous delivery (CI/CD) solution based on Kubernetes resources. It uses Tekton building blocks to automate deployments across multiple platforms by abstracting away the underlying implementation details. Tekton introduces various standard custom resource definitions (CRDs) for defining CI/CD pipelines that are portable across Kubernetes distributions.

The Red Hat OpenShift Pipelines Operator handles the installation and management of OpenShift Pipelines. The Operator supports the following use cases:

Using the Assisted Installer, you can install the OpenShift Pipelines Operator either separately through the API or as part of the OpenShift AI Operator bundle in the web console.

The Red Hat OpenShift Serverless Operator enables you to install and use the following components on your OpenShift Container Platform cluster:

The OpenShift Serverless Operator manages Knative custom resource definitions (CRDs) for your cluster and enables you to configure them without directly modifying individual config maps for each component.

Using the Assisted Installer, you can install the OpenShift Serverless Operator either separately through the API or as part of the OpenShift AI Operator bundle in the web console.

You can deploy the multicluster engine for Kubernetes to perform the following tasks in a large, multi-cluster environment:

You can deploy the multicluster engine with OpenShift Data Foundation on all OpenShift Container Platform clusters.

The Node Maintenance Operator facilitates planned maintenance by placing nodes into maintenance mode.

The Node Maintenance Operator watches for new or deleted NodeMaintenance custom resources (CRs). When it detects a new NodeMaintenance CR, it prevents new workloads from being scheduled on that node, and cordons off the node from the rest of the cluster. The Operator then evicts all pods that can be evicted from the node. When the administrator deletes the NodeMaintenance CR associated with the node, maintenance ends and the Operator makes the node available for new workloads.

Using the Assisted Installer, you can install the Node Maintenance Operator either separately through the API or as part of the Virtualization Operator bundle in the web console.

The Cluster Observability Operator (COO) is an optional component of the OpenShift Container Platform designed for creating and managing highly customizable monitoring stacks. It enables cluster administrators to automate configuration and management of monitoring needs extensively, offering a more tailored and detailed view of each namespace compared to the default OpenShift Container Platform monitoring system.

The Cluster Observability Operator deploys the following monitoring components:

Using the Assisted Installer, you can install the Cluster Observability Operator Operator either separately through the API or as part of the Virtualization Operator bundle in the web console. Install the Cluster Observability Operator Operator together with OpenShift Logging and OpenShift Loki Operators, to support Red Hat OpenShift Virtualization Engine deployments. For more information about the use of this Operator in OpenShift Container Platform, see "Additional resources".

The OpenShift Loki Operator provides a log aggregation system designed to store and query logs from all applications and infrastructure components. The Operator implements this functionality through the LokiStack custom resource (CR).

The LokiStack CR manages Loki, which is a scalable, highly-available, multi-tenant log aggregation system. The resource also includes a web proxy with OpenShift Container Platform authentication, which enforces multi-tenancy and facilitates the saving and indexing of data in Loki log stores. You can configure Loki as the backend to store all collected flows with a maximal level of detail.

With the Assisted Installer, you can install the OpenShift Loki Operator either separately through the API or as part of the Virtualization Operator bundle in the web console. Install the OpenShift Loki Operator together with the Cluster Observability Operator and OpenShift Logging Operators, to support Red Hat OpenShift Virtualization Engine deployments.

The OpenShift Logging Operator installs and manages the entire logging stack for your cluster. It works automatically with the OpenShift Container Platform security settings, ensuring that the system collects and stores logs without compromising multi-tenant isolation.

The Operator deploys collector agents, such as Vector or Fluentd, as pods on every node. These collectors use specific cluster roles to securely gather data from three distinct sources:

Once collected, the Operator manages the pipelines that filter and route this data. You can send your logs to internal storage such as Loki or Elasticsearch, or forward them to an external logging service. Throughout this process, the Operator ensures that all data handling follows the cluster’s built-in security and access control policies.

Using the Assisted Installer, you can install the OpenShift Logging Operator either separately through the API or as part of the Virtualization Operator bundle in the web console. Install the OpenShift Logging Operator together with the Cluster Observability Operator and OpenShift Loki Operators, to support Red Hat OpenShift Virtualization Engine deployments.

The Node Feature Discovery (NFD) Operator automates the deployment and management of the Node Feature Discovery (NFD) add-on. The Node Feature Discovery add-on detects the configurations and hardware features of each node in an OpenShift Container Platform cluster. The add-on labels each node with hardware-specific information such as vendor, kernel configuration, or operating system version, making the cluster aware of the underlying hardware and software capabilities of the nodes.

With the Node Feature Discovery (NFD) Operator, administrators can easily gather information about the nodes to use for scheduling, resource management, and more by controlling the life-cycle of Node Feature Discovery (NFD).

You can install the Node Feature Discovery Operator separately or as part of the OpenShift AI Operator bundle.

The Kube Descheduler Operator is a Kubernetes Operator that automates the deployment, configuration, and management of the Kubernetes Descheduler within a cluster. You can use the Kube Descheduler Operator to evict pods (workloads) based on specific strategies, so that the pods can be rescheduled onto more appropriate nodes.

You can benefit from descheduling running pods in situations such as the following:

Using the Assisted Installer, you can install the Kube Descheduler Operator either separately through the API or as part of the Virtualization Operator bundle in the web console.

Non-Uniform Memory Access (NUMA) is a compute platform architecture that allows different CPUs to access different regions of memory at different speeds. NUMA resource topology refers to the locations of CPUs, memory, and PCI devices relative to each other in the compute node. Colocated resources are said to be in the same NUMA zone. For high-performance applications, the cluster needs to process pod workloads in a single NUMA zone.

The NUMA Resources Operator allows you to schedule high-performance workloads in the same NUMA zone. It deploys a node resources exporting agent that reports on available cluster node NUMA resources, and a secondary scheduler that manages the workloads.

Using the Assisted Installer, you can install the NUMA Resources Operator either separately through the API or as part of the Virtualization Operator bundle in the web console. For more information about the use of this Operator in OpenShift Container Platform, see Additional resources.