Operator SDK FAQ

    Operator SDK offers additional features on top of the basic project scaffolding that Kubebuilder provides. By default, operator-sdk init generates a project integrated with:

    • Operator Lifecycle Manager, an installation and runtime management system for operators
    • Operator SDK , a tool for ensuring operator best-practices and developing cluster tests Operator SDK supports operator types other than Go as well, such as Ansible and Helm.

    For further context about the relationship between Kubebuilder and Operator SDK, see this blog post.

    Controller Runtime FAQ

    Please see the upstream Controller Runtime FAQ first for any questions related to runtime mechanics or controller-runtime APIs.

    You should not have separate logic. Instead design your reconciler to be idempotent. See the [controller-runtime FAQ][controller-runtime_faq] for more details.

    When my Custom Resource is deleted, I need to know its contents or perform cleanup tasks. How can I do that?

    Use a finalizer.

    This is completely normal and expected behavior.

    This warning should not be stifled. It ensures that the informer is not stuck or wedged.

    Never seeing this warning may suggest that your watch or cache is not healthy. If the message is repeating every few seconds, this may signal a network connection problem or issue with etcd.

    For more information on kube-apiserver request timeout options, see the

    My Ansible module is missing a dependency. How do I add it to the image?

    Unfortunately, adding the entire dependency tree for all Ansible modules would be excessive. Fortunately, you can add it easily. Simply edit your build/Dockerfile. You’ll want to change to root for the install command, just be sure to swap back using a series of commands like the following right after the FROM line.

    If you aren’t sure what dependencies are required, start up a container using the image in the line as root. That will look something like this:

    1. docker run -u 0 -it --rm --entrypoint /bin/bash quay.io/operator-framework/ansible-operator:<sdk-tag-version>

    If you run into the following error message, it means that your operator is unable to watch the resource:

    1. // +kubebuilder:rbac:groups=some.group.com,resources=myresources,verbs=watch

    Alternatively, if the resource you’re attempting to cannot be watched (like above), you can specify that objects of this type should not be cached by adding the following to main.go:

    Then in your controller file, add an RBAC directive to generate a config/rbac/role.yaml with get privileges:

    1. // +kubebuilder:rbac:groups=image.openshift.io,resources=imagestreamtags,verbs=get

    Now run make manifests to update your role.yaml.

    I keep hitting errors like “is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can’t set finalizers on:”, how do I fix this?

    If you are facing this issue, it means that the operator is missing the required RBAC permissions to update finalizers on the APIs it manages. This permission is necessary if the OwnerReferencesPermissionEnforcement plugin is enabled in your cluster.

    For Helm and Ansible operators, this permission is configured by default. However for Go operators, it may be necessary to add this permission yourself by adding an RBAC directive to generate a config/rbac/role.yaml with update privileges on your CR’s finalizers:

    Now run to update your role.yaml.