If you’re using CRC, then you probably want to host your operator using the internal registry provided by the OCP environment.
That means we need to push the container to it using its external route, but before we can do that we must first make docker trust the repo
Get the router CA certificate
oc extract secret/router-ca --keys=tls.crt -n openshift-ingress-operator --confirm --to=-
On Debian/Ubuntu you can make the OS trust the Cert by adding it to you ca-certificates
oc extract secret/router-ca --keys=tls.crt -n openshift-ingress-operator --confirm --to=- | sudo tee /usr/local/share/ca-certificates/crc-router.crt sudo update-ca-certificates
Then login to the repo
docker login -p $(oc whoami -t) -u unused default-route-openshift-image-registry.apps-crc.testing
These instructions assume you are using the OCP 4.x image-repository in CRC. Change the image name if you’re deploying onto a real OCP environment
We need the OCP project to exist first, else we can’t upload images for it.
oc new-project lb-nginx-com
build and push to our new project.
export IMAGE=default-route-openshift-image-registry.apps-crc.testing/lb-nginx-com/nginx-lb-operator:latest operator-sdk build $IMAGE docker push $IMAGE
Alternatively you can push to the default project (or any other project) as long as your project has access.
Enable cross namespace repo access with:
oc policy add-role-to-group registry-viewer system:serviceaccounts:<consumer> --namespace=<publisher>
Eg:
oc policy add-role-to-group registry-viewer system:serviceaccounts:lb-nginx-com --namespace=default
Then push to default (or other) project…
export IMAGE=default-route-openshift-image-registry.apps-crc.testing/default/nginx-lb-operator:latest operator-sdk build $IMAGE docker push $IMAGE
You can ofcourse build and push to an extneral docker registry too ;-)
oc create -f deploy/crds/lb.nginx.com_controllers_crd.yaml oc create -f deploy/crds/lb.nginx.com_applications_crd.yaml oc create -f deploy/crds/lb.nginx.com_certificates_crd.yaml oc create -f deploy/crds/lb.nginx.com_components_crd.yaml oc create -f deploy/crds/lb.nginx.com_gateways_crd.yaml
The Operator is namespace-scoped, so each project needs to run it’s own operator. It might make more sense to deploy as a cluster-scoped operator, but for now it per namespace.
Check that you’re on the correct project, and then deploy the operator
export IMAGE=image-registry.openshift-image-registry.svc:5000/default/nginx-lb-operator:latest
sed -e "s|REPLACE_IMAGE|${IMAGE}|g" deploy/operator.yaml > deploy/operator-for-reals.yaml
oc create -f deploy/service_account.yaml
oc create -f deploy/role.yaml
oc create -f deploy/role_binding.yaml
oc create -f deploy/operator-for-reals.yaml