The following table shows the list of supported Orchestrator Operator versions with their compatible CRD version.
| Orchestrator Operator Version | CRD Version |
|---|---|
| 1.3 | v1alpha1 |
| 1.4 | v1alpha2 |
| 1.5 | v1alpha3 |
This is the multi-page printable view of this section. Click here to print.
Orchestrator CRD Versions
1 - CRD Version v1alpha3
The Go-Based Operator was introduced in Orchestrator 1.5 since the helm-based operator is currently in maintenance mode. Also, with major changes to the CRD, the v1alpha3 version of Orchestrator CRD was introduced and is not backward compatible.
In this version, the CRD field structure has completely changed with most fields either removed or renamed and restructured. To see more information about the CRD fields, check out the full Parameter list.
The following Orchestrator CR is a sample of the api v1alpha3 version.
apiVersion: rhdh.redhat.com/v1alpha3
kind: Orchestrator
metadata:
labels:
app.kubernetes.io/name: orchestrator-sample
name: orchestrator-sample
spec:
serverlessLogic:
installOperator: true # Determines whether to install the ServerlessLogic operator. Defaults to True. Optional
serverless:
installOperator: true # Determines whether to install the Serverless operator. Defaults to True. Optional
rhdh:
installOperator: true # Determines whether the RHDH operator should be installed.This determines the deployment of the RHDH instance. Defaults to False. Optional
devMode: true # Determines whether to enable the guest provider in RHDH. This should be used for development purposes ONLY and should not be enabled in production. Defaults to False. Optional
name: "my-rhdh" # Name of RHDH CR, whether existing or to be installed. Required
namespace: "rhdh" # Namespace of RHDH Instance, whether existing or to be installed. Required
plugins:
notificationsEmail:
enabled: false # Determines whether to install the Notifications Email plugin. Requires setting of hostname and credentials in backstage secret. The secret, backstage-backend-auth-secret, is created as a pre-requisite. See value backstage-backend-auth-secret. See plugin configuration at https://github.com/backstage/backstage/blob/master/plugins/notifications-backend-module-email/config.d.ts
port: 587 # SMTP server port. Defaults to 587. Optional
sender: "" # Email address of the Sender. Defaults to empty string. Optional
replyTo: "" # Email address of the Recipient. Defaults to empty string. Optional
postgres:
name: "sonataflow-psql-postgresql" # The name of the Postgres DB service to be used by platform services. Cannot be empty.
namespace: "sonataflow-infra" # The namespace of the Postgres DB service to be used by platform services.
authSecret:
name: "sonataflow-psql-postgresql" # Name of existing secret to use for PostgreSQL credentials. Required
userKey: postgres-username # Name of key in existing secret to use for PostgreSQL credentials. Required
passwordKey: postgres-password # Name of key in existing secret to use for PostgreSQL credentials. Required
database: sonataflow # Name of existing database instance used by data index and job service. Required
platform: # Contains the configuration for the infrastructure services required for the Orchestrator to serve workflows by leveraging the OpenShift Serverless and OpenShift Serverless Logic capabilities.
namespace: "sonataflow-infra"
resources:
requests:
memory: "64Mi" # Defines the Memory resource limits. Optional
cpu: "250m" # Defines the CPU resource limits. Optional
limits:
memory: "1Gi" # Defines the Memory resource limits. Optional
cpu: "500m" # Defines the CPU resource limits. Optional
eventing:
broker: { }
# To enable eventing communication with an existing broker, populate the following fields:
# broker:
# name: "my-knative" # Name of existing Broker instance.
# namespace: "knative" # Namespace of existing Broker instance.
monitoring:
enabled: false # Determines whether to enable monitoring for platform. Optional
tekton:
enabled: false # Determines whether to create the Tekton pipeline and install the Tekton plugin on RHDH. Defaults to false. Optional
argocd:
enabled: false # Determines whether to install the ArgoCD plugin and create the orchestrator AppProject. Defaults to False. Optional
namespace: "orchestrator-gitops" # Namespace where the ArgoCD operator is installed and watching for argoapp CR instances. Optional
Migrating to the v1alpha3 CRD version involves upgrading the operator. Please follow the Operator Upgrade documentation
2 - CRD Version v1alpha1
The v1alpha1 version of Orchestrator CRD is supported only on Orchestrator 1.3 version. It is deprecated and not compatible with future orchestrator versions.
The following Orchestrator CR is an sample of the api v1alpha1 version.
apiVersion: rhdh.redhat.com/v1alpha1
kind: Orchestrator
metadata:
name: orchestrator-sample
spec:
sonataFlowOperator:
isReleaseCandidate: false # Indicates RC builds should be used by the chart to install Sonataflow
enabled: true # whether the operator should be deployed by the chart
subscription:
namespace: openshift-serverless-logic # namespace where the operator should be deployed
channel: alpha # channel of an operator package to subscribe to
installPlanApproval: Automatic # whether the update should be installed automatically
name: logic-operator-rhel8 # name of the operator package
sourceName: redhat-operators # name of the catalog source
startingCSV: logic-operator-rhel8.v1.34.0 # The initial version of the operator
serverlessOperator:
enabled: true # whether the operator should be deployed by the chart
subscription:
namespace: openshift-serverless # namespace where the operator should be deployed
channel: stable # channel of an operator package to subscribe to
installPlanApproval: Automatic # whether the update should be installed automatically
name: serverless-operator # name of the operator package
sourceName: redhat-operators # name of the catalog source
rhdhOperator:
isReleaseCandidate: false # Indicates RC builds should be used by the chart to install RHDH
enabled: true # whether the operator should be deployed by the chart
enableGuestProvider: false # whether to enable guest provider
secretRef:
name: backstage-backend-auth-secret # name of the secret that contains the credentials for the plugin to establish a communication channel with the Kubernetes API, ArgoCD, GitHub servers and SMTP mail server.
backstage:
backendSecret: BACKEND_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the Backstage backend secret. Defaults to 'BACKEND_SECRET'. It's required.
github: #GitHub specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with GitHub.
token: GITHUB_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the authentication token as expected by GitHub. Required for importing resource to the catalog, launching software templates and more. Defaults to 'GITHUB_TOKEN', empty for not available.
clientId: GITHUB_CLIENT_ID # Key in the secret with name defined in the 'name' field that contains the value of the client ID that you generated on GitHub, for GitHub authentication (requires GitHub App). Defaults to 'GITHUB_CLIENT_ID', empty for not available.
clientSecret: GITHUB_CLIENT_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the client secret tied to the generated client ID. Defaults to 'GITHUB_CLIENT_SECRET', empty for not available.
k8s: # Kubernetes specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with the Kubernetes API Server.
clusterToken: K8S_CLUSTER_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the Kubernetes API bearer token used for authentication. Defaults to 'K8S_CLUSTER_TOKEN', empty for not available.
clusterUrl: K8S_CLUSTER_URL # Key in the secret with name defined in the 'name' field that contains the value of the API URL of the kubernetes cluster. Defaults to 'K8S_CLUSTER_URL', empty for not available.
argocd: # ArgoCD specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with ArgoCD. Note that ArgoCD must be deployed beforehand and the argocd.enabled field must be set to true as well.
url: ARGOCD_URL # Key in the secret with name defined in the 'name' field that contains the value of the URL of the ArgoCD API server. Defaults to 'ARGOCD_URL', empty for not available.
username: ARGOCD_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username to login to ArgoCD. Defaults to 'ARGOCD_USERNAME', empty for not available.
password: ARGOCD_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password to authenticate to ArgoCD. Defaults to 'ARGOCD_PASSWORD', empty for not available.
notificationsEmail:
hostname: NOTIFICATIONS_EMAIL_HOSTNAME # Key in the secret with name defined in the 'name' field that contains the value of the hostname of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_HOSTNAME', empty for not available.
username: NOTIFICATIONS_EMAIL_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_USERNAME', empty for not available.
password: NOTIFICATIONS_EMAIL_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_PASSWORD', empty for not available.
subscription:
namespace: rhdh-operator # namespace where the operator should be deployed
channel: fast-1.3 # channel of an operator package to subscribe to
installPlanApproval: Automatic # whether the update should be installed automatically
name: rhdh # name of the operator package
source: redhat-operators # name of the catalog source
startingCSV: "" # The initial version of the operator
targetNamespace: rhdh-operator # the target namespace for the backstage CR in which RHDH instance is created
rhdhPlugins: # RHDH plugins required for the Orchestrator
npmRegistry: "https://npm.registry.redhat.com" # NPM registry is defined already in the container, but sometimes the registry need to be modified to use different versions of the plugin, for example: staging(https://npm.stage.registry.redhat.com) or development repositories
scope: "@redhat"
orchestrator:
package: "backstage-plugin-orchestrator@1.3.0"
integrity: sha512-A/twx1SOOGDQjglLzOxQikKO0XOdPP1jh2lj9Y/92bLox8mT+eaZpub8YLwR2mb7LsUIUImg+U6VnKwoAV9ATA==
orchestratorBackend:
package: "backstage-plugin-orchestrator-backend-dynamic@1.3.0"
integrity: sha512-Th5vmwyhHyhURwQo28++PPHTvxGSFScSHPJyofIdE5gTAb87ncyfyBkipSDq7fwj4L8CQTXa4YP6A2EkHW1npg==
notifications:
package: "plugin-notifications-dynamic@1.3.0"
integrity: sha512-iYLgIy0YdP/CdTLol07Fncmo9n0J8PdIZseiwAyUt9RFJzKIXmoi2CpQLPKMx36lEgPYUlT0rFO81Ie2CSis4Q==
notificationsBackend:
package: "plugin-notifications-backend-dynamic@1.3.0"
integrity: sha512-Pw9Op/Q+1MctmLiVvQ3M+89tkbWkw8Lw0VfcwyGSMiHpK/Xql1TrSFtThtLlymRgeCSBgxHYhh3MUusNQX08VA==
signals:
package: "plugin-signals-dynamic@1.3.0"
integrity: sha512-+E8XeTXcG5oy+aNImGj/MY0dvEkP7XAsu4xuZjmAqOHyVfiIi0jnP/QDz8XMbD1IjCimbr/DMUZdjmzQiD0hSQ==
signalsBackend:
package: "plugin-signals-backend-dynamic@1.3.0"
integrity: sha512-5Bl6C+idPXtquQxMZW+bjRMcOfFYcKxcGZZFv2ITkPVeY2zzxQnAz3vYHnbvKRSwlQxjIyRXY6YgITGHXWT0nw==
notificationsEmail:
enabled: false # whether to install the notifications email plugin. requires setting of hostname and credentials in backstage secret to enable. See value backstage-backend-auth-secret. See plugin configuration at https://github.com/backstage/backstage/blob/master/plugins/notifications-backend-module-email/config.d.ts
package: "plugin-notifications-backend-module-email-dynamic@1.3.0"
integrity: sha512-sm7yRoO6Nkk3B7+AWKb10maIrb2YBNSiqQaWmFDVg2G9cbDoWr9wigqqeQ32+b6o2FenfNWg8xKY6PPyZGh8BA==
port: 587 # SMTP server port
sender: "" # the email sender address
replyTo: "" # reply-to address
postgres:
serviceName: "sonataflow-psql-postgresql" # The name of the Postgres DB service to be used by platform services. Cannot be empty.
serviceNamespace: "sonataflow-infra" # The namespace of the Postgres DB service to be used by platform services.
authSecret:
name: "sonataflow-psql-postgresql" # name of existing secret to use for PostgreSQL credentials.
userKey: postgres-username # name of key in existing secret to use for PostgreSQL credentials.
passwordKey: postgres-password # name of key in existing secret to use for PostgreSQL credentials.
database: sonataflow # existing database instance used by data index and job service
orchestrator:
namespace: "sonataflow-infra" # Namespace where sonataflow's workflows run. The value is captured when running the setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `sonataflow-infra`.
sonataflowPlatform:
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
tekton:
enabled: false # whether to create the Tekton pipeline resources
argocd:
enabled: false # whether to install the ArgoCD plugin and create the orchestrator AppProject
namespace: "" # Defines the namespace where the orchestrator's instance of ArgoCD is deployed. The value is captured when running setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `orchestrator-gitops` in the setup.sh script.
networkPolicy:
rhdhNamespace: "rhdh-operator" # Namespace of existing RHDH instance
3 - CRD Version v1alpha2
The v1alpha2 version of Orchestrator CRD was introduced in Orchestrator 1.4 version and is currently supported.
New Fields
In OSL 1.35, these new features are introduced:
- Support for Workflow Monitoring
- Support for Knative Eventing
Hence, the CRD schema extends to allow configuration for these features by the user.
- orchestrator.sonataflowPlatform.monitoring.enabled
- orchestrator.sonataflowPlatform.eventing.broker.name
- orchestrator.sonataflowPlatform.eventing.broker.namespace
Deleted Fields
In RHDH 1.4, the notifications and signals plugins are now part of RHDH image and no longer need to be configured by the user.
Hence, these plugin fields are now removed from the CRD schema.
- rhdhPlugins.notifications.package
- rhdhPlugins.notifications.integrity
- rhdhPlugins.notificationsBackend.package
- rhdhPlugins.notificationsBackend.integrity
- rhdhPlugins.signals.package
- rhdhPlugins.signals.integrity
- rhdhPlugins.signalsBackend.package
- rhdhPlugins.signalsBackend.integrity
- rhdhPlugins.notificationsEmail.package
- rhdhPlugins.notificationsEmail.integrity
Renamed Fields
For consistency in the subscription resource/configuration in the CRD, these fields are renamed.
- sonataFlowOperator.subscription.source
- serverlessOperator.subscription.source
The following Orchestrator CR is an sample of the api v1alpha2 version.
apiVersion: rhdh.redhat.com/v1alpha2
kind: Orchestrator
metadata:
name: orchestrator-sample
spec:
sonataFlowOperator:
isReleaseCandidate: false # Indicates RC builds should be used by the chart to install Sonataflow
enabled: true # whether the operator should be deployed by the chart
subscription:
namespace: openshift-serverless-logic # namespace where the operator should be deployed
channel: alpha # channel of an operator package to subscribe to
installPlanApproval: Automatic # whether the update should be installed automatically
name: logic-operator-rhel8 # name of the operator package
source: redhat-operators # name of the catalog source
startingCSV: logic-operator-rhel8.v1.35.0 # The initial version of the operator
serverlessOperator:
enabled: true # whether the operator should be deployed by the chart
subscription:
namespace: openshift-serverless # namespace where the operator should be deployed
channel: stable # channel of an operator package to subscribe to
installPlanApproval: Automatic # whether the update should be installed automatically
name: serverless-operator # name of the operator package
source: redhat-operators # name of the catalog source
startingCSV: serverless-operator.v1.35.0 # The initial version of the operator
rhdhOperator:
isReleaseCandidate: false # Indicates RC builds should be used by the chart to install RHDH
enabled: true # whether the operator should be deployed by the chart
enableGuestProvider: true # whether to enable guest provider
secretRef:
name: backstage-backend-auth-secret # name of the secret that contains the credentials for the plugin to establish a communication channel with the Kubernetes API, ArgoCD, GitHub servers and SMTP mail server.
backstage:
backendSecret: BACKEND_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the Backstage backend secret. Defaults to 'BACKEND_SECRET'. It's required.
github: # GitHub specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with GitHub.
token: GITHUB_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the authentication token as expected by GitHub. Required for importing resource to the catalog, launching software templates and more. Defaults to 'GITHUB_TOKEN', empty for not available.
clientId: GITHUB_CLIENT_ID # Key in the secret with name defined in the 'name' field that contains the value of the client ID that you generated on GitHub, for GitHub authentication (requires GitHub App). Defaults to 'GITHUB_CLIENT_ID', empty for not available.
clientSecret: GITHUB_CLIENT_SECRET # Key in the secret with name defined in the 'name' field that contains the value of the client secret tied to the generated client ID. Defaults to 'GITHUB_CLIENT_SECRET', empty for not available.
gitlab: # Gitlab specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with Gitlab.
host: GITLAB_HOST # Key in the secret with name defined in the 'name' field that contains the value of Gitlab Host's name. Defaults to 'GITHUB_HOST', empty for not available.
token: GITLAB_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the authentication token as expected by Gitlab. Required for importing resource to the catalog, launching software templates and more. Defaults to 'GITLAB_TOKEN', empty for not available.
k8s: # Kubernetes specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with the Kubernetes API Server.
clusterToken: K8S_CLUSTER_TOKEN # Key in the secret with name defined in the 'name' field that contains the value of the Kubernetes API bearer token used for authentication. Defaults to 'K8S_CLUSTER_TOKEN', empty for not available.
clusterUrl: K8S_CLUSTER_URL # Key in the secret with name defined in the 'name' field that contains the value of the API URL of the kubernetes cluster. Defaults to 'K8S_CLUSTER_URL', empty for not available.
argocd: # ArgoCD specific configuration fields that are injected to the backstage instance to allow the plugin to communicate with ArgoCD. Note that ArgoCD must be deployed beforehand and the argocd.enabled field must be set to true as well.
url: ARGOCD_URL # Key in the secret with name defined in the 'name' field that contains the value of the URL of the ArgoCD API server. Defaults to 'ARGOCD_URL', empty for not available.
username: ARGOCD_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username to login to ArgoCD. Defaults to 'ARGOCD_USERNAME', empty for not available.
password: ARGOCD_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password to authenticate to ArgoCD. Defaults to 'ARGOCD_PASSWORD', empty for not available.
notificationsEmail:
hostname: NOTIFICATIONS_EMAIL_HOSTNAME # Key in the secret with name defined in the 'name' field that contains the value of the hostname of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_HOSTNAME', empty for not available.
username: NOTIFICATIONS_EMAIL_USERNAME # Key in the secret with name defined in the 'name' field that contains the value of the username of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_USERNAME', empty for not available.
password: NOTIFICATIONS_EMAIL_PASSWORD # Key in the secret with name defined in the 'name' field that contains the value of the password of the SMTP server for the notifications plugin. Defaults to 'NOTIFICATIONS_EMAIL_PASSWORD', empty for not available.
subscription:
namespace: rhdh-operator # namespace where the operator should be deployed
channel: fast-1.4 # channel of an operator package to subscribe to
installPlanApproval: Automatic # whether the update should be installed automatically
name: rhdh # name of the operator package
source: redhat-operators # name of the catalog source
startingCSV: "" # The initial version of the operator
targetNamespace: rhdh-operator # the target namespace for the backstage CR in which RHDH instance is created
rhdhPlugins: # RHDH plugins required for the Orchestrator
npmRegistry: "https://npm.registry.redhat.com" # NPM registry is defined already in the container, but sometimes the registry need to be modified to use different versions of the plugin, for example: staging(https://npm.stage.registry.redhat.com) or development repositories
scope: "https://github.com/rhdhorchestrator/orchestrator-plugins-internal-release/releases/download/1.4.0-rc.7"
orchestrator:
package: "backstage-plugin-orchestrator-1.4.0-rc.7.tgz"
integrity: sha512-Vclb+TIL8cEtf9G2nx0UJ+kMJnCGZuYG/Xcw0Otdo/fZGuynnoCaAZ6rHnt4PR6LerekHYWNUbzM3X+AVj5cwg==
orchestratorBackend:
package: "backstage-plugin-orchestrator-backend-dynamic-1.4.0-rc.7.tgz"
integrity: sha512-bxD0Au2V9BeUMcZBfNYrPSQ161vmZyKwm6Yik5keZZ09tenkc8fNjipwJsWVFQCDcAOOxdBAE0ibgHtddl3NKw==
notificationsEmail:
enabled: false # whether to install the notifications email plugin. requires setting of hostname and credentials in backstage secret to enable. See value backstage-backend-auth-secret. See plugin configuration at https://github.com/backstage/backstage/blob/master/plugins/notifications-backend-module-email/config.d.ts
port: 587 # SMTP server port
sender: "" # the email sender address
replyTo: "" # reply-to address
postgres:
serviceName: "sonataflow-psql-postgresql" # The name of the Postgres DB service to be used by platform services. Cannot be empty.
serviceNamespace: "sonataflow-infra" # The namespace of the Postgres DB service to be used by platform services.
authSecret:
name: "sonataflow-psql-postgresql" # name of existing secret to use for PostgreSQL credentials.
userKey: postgres-username # name of key in existing secret to use for PostgreSQL credentials.
passwordKey: postgres-password # name of key in existing secret to use for PostgreSQL credentials.
database: sonataflow # existing database instance used by data index and job service
orchestrator:
namespace: "sonataflow-infra" # Namespace where sonataflow's workflows run. The value is captured when running the setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `sonataflow-infra`.
sonataflowPlatform:
monitoring:
enabled: true # whether to enable monitoring
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
eventing:
broker:
name: "my-knative" # Name of existing Broker instance. Optional
namespace: "knative" # Namespace of existing Broker instance. Optional
tekton:
enabled: false # whether to create the Tekton pipeline resources
argocd:
enabled: false # whether to install the ArgoCD plugin and create the orchestrator AppProject
namespace: "" # Defines the namespace where the orchestrator's instance of ArgoCD is deployed. The value is captured when running setup.sh script and stored as a label in the selected namespace. User can override the value by populating this field. Defaults to `orchestrator-gitops` in the setup.sh script.
networkPolicy:
rhdhNamespace: "rhdh-operator" # Namespace of existing RHDH instance