What is a Kubernetes Operator and Where it Can be Used?

What is a Kubernetes Operator and Where it Can be Used?

Building Your Own Kubernetes Operator With Ease: Pro Guide

In one of our previous posts from the Kubernetes consulting series, we shared with you an overview of the open-source Prometheus Operator software with a step-by-step setup guide. In this article, we are going to teach you how to create a Kubernetes operator.

Kubernetes also referred to as k8s, is a trending, open-source platform mainly used to manage containerized workloads and services. This system allows us to deploy, scale, and manage applications across clusters of hosts.

An operator is a term that stands for a controller that works in association with custom resources to automate the tasks that generally have to be performed by “human operators.”

The key reason why there is a need for a k8s operator is that doing all the work manually can be too time-consuming. There are too many things to take care of manually, including:

  • Create namespaces for new teams, set RBAC, Limit Ranges, Quota limits
  • Put registry credentials to namespaces

These and other routine processes require lots of effort and time. However, using Kubernetes service operator for their automation can help you make the workflow much simpler and less time-consuming. In general, it has the potential to make the workflow 90% faster compared to when all customization is done manually. Besides, it is much more convenient. While manual processes may require the participation of a whole team of specialists, the operator optimizes the flow and handles everything on its own, not requiring human intervention.

Looking for a smart solution for routine processes automation, we’ve created a Kubernetes Operator that handles all of those tasks not requiring participation of actual specialists.

How can it be used further? In a nutshell, an operator can be used for automating a large variety of processes. For example, after creating and deploying a config file in a few seconds, we can get a configured environment or service like Cache service (Redis, Memchace), Proxy (NGNX, HAProxy), Databases (Mysql), etc.

Operator capability level (source)


How to Create a Kubernetes Operator?

In this part of our article, we are going to share with a comprehensive guide on how to write a basic operator for Kubernetes with the help of operator-SDK and Ansible. The guidelines given below were provided by dedicated specialists from our DevOps Consulting company.

Would you like to discuss your needs or next project in a no-obligation consultation?
Our DevOps Experts are Ready to Help.
Contact Us HERE

In the guide below, we are not going to focus on the installation process, step-by-step guide on how to install Kubernetes operator SDK can be found at GitHub. Instead, we are going to make an emphasis on the specific sets of actions required to write an operator.

The operator we are going to create will perform two core functions:

  • Create a namespace and apply Limit Ranges and Resource Quota to it
  • Create a deployment Nginx in a namespace

Now, let’s get down to the steps you need to take!

First Steps

First of all, you need to create a new project. To do this, we are going to use the CLI:

This command will create a project with the operator that will subscribe to the resource ResourcesAndLimits with APIVersion krusche.io/v1alpha1 and Kind ResourcesAndLimits.

The structure of the directory will look the following way:

Directory/File  –  Goal

build/ – Contains scrips using which operator-SDK will be assembled and initialized

deploy/  – Contains a set of Kubernetes manifests using which operator will be deployed in the cluster

roles/  – сontains Ansible roles

watches.yaml  – Contains Group, Version, Kind, and method of launch Ansible

The file watches contains:

  • group: The group in Custom Resource to which our operator subscribes.
  • version: The version of Custom Resource to which our operator subscribes.
  • kind: The type of Custom Resource to which our operator subscribes.
  • role (default): The path to our Ansible roles.
  • playbook: The path to Ansible playbook. It is required for the case if we will use a playbook instead of a role.
  • vars: Described in the form of key-value. Will be passed as extra_vars
  • reconcilePeriod (optional): The negotiation interval that defines how often the role will run for this CR.
  • manageStatus (optional): If the value is set to true (default), the operator will manage the state of CR. If the value is set to false, then the status of CR is managed elsewhere with the help of the specified role/playbook of a separate controller.

Here is an example of the file Watches:

Preparing and Installing an Operator in a Kubernetes Cluster

Since our operator will create namespaces, it needs the rights on a cluster, not only on a namespace.

In the file deploy/role:

  • Change Kind: Role to Kind: ClusterRole

Also, you need to add namespaces, resourcequotas, limitranges to resources and apiGroups: «» to rules

In the file deploy/role_binding.yaml, you need to apply the following changes:

  • RoleBinding for ClusterRoleBinding
  • Role for ClusterRole in the roleRef section
  • Specify the namespace in which the operator will be expanded

In the file deploy/operator.yaml, you need to apply the following change:


In the roles/resourcesandlimits/tasks/main.yml we change everything for:

In the file deploy/crds/krusche.io_v1alpha1_resourcesandlimits_cr.yaml we also change everything for:

Keep in mind:

Variables from CR:

  • In the metadata section: name, namespace — are transferred to ansible as «{{ meta.name }}» , «{{ meta.namespace }}»
  • In the spec section:
    somevar — without capital letters, just as it is, is transferred to ansible as «{{ somevar }}»
    someVar — with capital letters is transferred to ansible as «{{ some_var }}»

Now, let’s deploy our CRD:

Assemble the operator and write the following in the registry:

The next step is to change the generated fields docker image and imagePullPolicy to deploy/operator.yaml:

For macOS:

Then, we need to deploy it as follows:

Work with CR

After the successful launch of the operator, we need to deploy our CR to create namespace:

Let’s take a look at our CR:

Our operator was supposed to create namespace developers-team-a:

We see that our namespace has appeared:

Next, we need to check the settings of the namespace:

We can see that our settings were applied:

Preparing Another CR

Now, let’s prepare one more controller for adding deployment Nginx to any namespace.

Create deploy / crds / nginx_cr.yaml:

And deploy/crds/nginx-1.17.6.yaml:

Add the following lines to the watches.yml file:

Copy the resourcesandlimits directory and rename it to Nginx:

Change the entire contents of the roles/nginx/tasks/main.yml file for:

Next, we need to rebuild the operator with the new version of the docker image:

Change docker image in deploy/operator.yaml:

For macOS:

Add CR:

Update operator:

Create namespace and deploy our CR:

Now, we can check everything:

That’s it! Following this guide, you can easily build your own k8s operator.

The Bottom Line

With the help of the guide presented in this article, we’ve created a Kubernetes operator. What makes it a good solution? As was said earlier, sometimes, there is just too much work to be done manually, which can be a pain. The operator we created in this guide subscribes to k8s resources and manages them on its own, not requiring human interaction. This basically means that this Kubernetes operator-SDK can help you automate routine daily work and get rid of the need to customized basic processes manually.

What tech stack has been used? All we needed to build our operator were operator-SDK framework and Ansible.

Interested? No matter what needs and objectives you have, whether you need a piece of advice regarding Kubernetes from a team of experts or looking for other DevOps services, the K&C is here to give you a helping hand! Our team has a high level of expertise to serve any specific needs of yours. Thus, if you are looking for professional consulting, don’t hesitate to Reach Out to us and we will be happy to serve you!

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry that something went wrong, repeat again!
Contact us