Abhishek Koserwal

Recent Posts

Migrating a namespace-scoped Operator to a cluster-scoped Operator

Migrating a namespace-scoped Operator to a cluster-scoped Operator

Within the context of Kubernetes, a namespace allows dividing resources, policies, authorization, and a boundary for cluster objects. In this article, we cover two different types of Operators: namespace-scoped and cluster-scoped. We then walk through an example of how to migrate from one to the other, which illustrates the difference between the two.

Namespace-scoped and cluster-scoped

A namespace-scoped Operator is defined within the boundary of a namespace with the flexibility to handle upgrades without impacting others. It watches objects within that namespace and maintains Role and RoleBinding for role-based access control (RBAC) policies for accessing the resource.

Meanwhile, a cluster-scoped Operator promotes reusability and manages defined resources across the cluster. It watches all namespaces in a cluster and maintains ClusterRole and ClusterRoleBinding for RBAC policies for authorizing cluster objects. Two examples of cluster-scoped operators are istio-operator and cert-manager. The istio-operator can be deployed as a cluster-scoped to manage the service mesh for an entire cluster, while the cert-manager is used to issue certificates for an entire cluster.

These two types of Operators support both types of installation based on your requirements. In the case of a cluster-scoped Operator, upgrading the Operator version can impact resources managed by the Operator in the entire cluster, as compared to upgrading the namespace-scoped Operator, which will be easier to upgrade as it only affects the resource within its scope.

Continue reading “Migrating a namespace-scoped Operator to a cluster-scoped Operator”

Share
Operator pattern: REST API for Kubernetes and Red Hat OpenShift

Operator pattern: REST API for Kubernetes and Red Hat OpenShift

In this article, we will see a similar pattern when writing the REST API in any known framework vs. writing an Operator using Kubernetes’ client libraries. The idea behind this article is not to explain how to write a REST API, but instead to explain the internals of Kubernetes by working with an analogy.

Local setup

To follow along, you will need the following installed:

As a developer, if you have used the REST API with frameworks like Quarkus/Spring (Java), Express (Nodejs), Ruby on Rails, Flask (Python), Golang (mux), etc., understanding and writing an operator will be easier for you. We will use this experience with other languages or frameworks to build our understanding.

Continue reading “Operator pattern: REST API for Kubernetes and Red Hat OpenShift”

Share
Keycloak: Core concepts of open source identity and access management

Keycloak: Core concepts of open source identity and access management

Keycloak provides the flexibility to export and import configurations easily, using a single view to manage everything. Together, these technologies let you integrate front-end, mobile, and monolithic applications into a microservice architecture. In this article, we discuss the core concepts and features of Keycloak and its application integration mechanisms. You will find links to implementation details near the end.

Continue reading Keycloak: Core concepts of open source identity and access management

Share