ForgeOps

DS Operator

The DS operator is currently in technology preview status for production deployments. Do not use the operator in production deployments of the platform.

The DS operator is supported in developer and demonstration deployments. The cdk install ds command checks to see whether the DS operator is present in your cluster, and installs it if it’s not.

The DS operator uses the Kubernetes operator design pattern to let you easily deploy and manage DS instances running in a Kubernetes cluster. After you install the ds-operator custom resource definition (CRD) in a cluster, you can use it to create DS instances, scale them, and manage backup and restore.

To deploy the platform by using the DS operator, install the CDK (not the legacy CDK). During installation, progress messages indicate that the cdk command installs the DS operator:

Checking ds-operator and related CRDs: ds-operator CRD not found. Installing ds-operator.
namespace/fr-system created
customresourcedefinition.apiextensions.k8s.io/directoryservices.directory.forgerock.io created
role.rbac.authorization.k8s.io/ds-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/ds-operator-directoryservice-editor-role created
clusterrole.rbac.authorization.k8s.io/ds-operator-manager-role created
rolebinding.rbac.authorization.k8s.io/ds-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/ds-operator-directoryservice-editor-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/ds-operator-manager-rolebinding created
deployment.apps/ds-operator-ds-operator created

Waiting for ds-operator…​
customresourcedefinition.apiextensions.k8s.io/directoryservices.directory.forgerock.io condition met
deployment.apps/ds-operator-ds-operator condition met
pod/ds-operator-ds-operator-f974dd8fc-z4vx8 condition met
. . .
Deploying ds.yaml. This is includes all directory resources.
directoryservice.directory.forgerock.io/ds-idrepo created
. . .

After you get the CDK up and running, you can explore the DS operator. Some things you might try:

  • Show the operator’s status:

    $ kubectl describe directoryservice

Name:         ds-idrepo
Namespace:    my-namespace
Labels:       app.kubernetes.io/component=directory
              app.kubernetes.io/instance=ds-idrepo
              app.kubernetes.io/name=ds
              app.kubernetes.io/part-of=forgerock
Annotations:  <none>
API Version:  directory.forgerock.io/v1alpha1
Kind:         DirectoryService
Metadata:
  Creation Timestamp:  2021-05-18T23:18:27Z
  Generation:          2
  Managed Fields:
    API Version:  directory.forgerock.io/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
        f:labels:
          .:
          f:app.kubernetes.io/component:
          f:app.kubernetes.io/instance:
          f:app.kubernetes.io/name:
          f:app.kubernetes.io/part-of:
      f:spec:
        .:
        f:image:
        f:keystores:
          .:
          f:keyStoreSecretName:
        f:passwords:
          .:
          f:uid=admin:
            .:
            f:key:
            f:secretName:
          f:uid=am-config,ou=admins,ou=am-config:
. . .

  • Scale one or both of the DS pods. For example:

    $ kubectl scale directoryservice/ds-idrepo --replicas=2

directoryservice.directory.forgerock.io/ds-idrepo scaled

  • Modify DS properties:

    $ kubectl edit directoryservice/ds-idrepo

    For example, you could modify the backup properties (under spec) to enable backups, or to change the backup interval.

  • Take a volume snapshot. For more information, see Volume Snapshots (Preview) in the DS operator README.

Copyright © 2010-2024 ForgeRock, all rights reserved.