OpenShift 4¶
A installation guide for Operator Lifecycle Manager, Sealed Secrets Operator (Helm), Sealed Secrets and kubeseal command line interface in OpenShift 4.x (OCP, OKD, CRC).
Note
You have to be in the cluster-admin ClusterRole to install all prerequisites, the operator and Sealed Secrets.
Operator Installation¶
It’s possible to install the operator using the Operator Lifecycle Manager or manually.
Note
The operator manages a single namespace installation of Sealed Secrets. Therefore you have to install the operator and Sealed Secrets in the same namespace. For simplicity we recommend creating a namespace sealed-secrets.
Operator Lifecycle Manager¶
This installation method installs the operator using an OLM Catalog.
oc apply -f guides/ocp4/olm/namespace.yaml
oc apply -f guides/ocp4/olm/catalog-source.yaml
oc apply -f guides/ocp4/olm/operator-group.yaml
oc apply -f guides/ocp4/olm/subscription.yaml
oc rollout status -w deployment/sealed-secrets-operator-helm -n sealed-secrets
Manual¶
You can install the operator from local sources without having to install an OLM Catalog. This can be helpful if your cluster runs in an isolated environment with no direct internet access.
Note
No channel subscription and automatic operator updates available with this method.
oc apply -f guides/ocp4/manual/namespace.yaml
oc apply -f guides/ocp4/manual/service-account.yaml
oc apply -f guides/ocp4/manual/role.yaml
oc apply -f guides/ocp4/manual/role-binding.yaml
oc apply -f guides/ocp4/manual/crd.yaml
oc apply -f guides/ocp4/manual/deployment.yaml
oc rollout status -w deployment/sealed-secrets-operator-helm -n sealed-secrets
Sealed Secrets Installation¶
Install Sealed Secrets Controller and kubeseal command line interface.
Sealed Secrets Controller¶
Note
This operator shares all configuration values from the Sealed Secrets Helm Chart.
oc apply -f examples/ocp.yaml -n sealed-secrets
oc get SealedSecretControllers sealed-secret-controller -n sealed-secrets
oc rollout status -w deployment/sealed-secret-controller-sealed-secrets -n sealed-secrets
Cleanup¶
Ants are very clean species too!
Sealed Secrets Controller installation¶
The uninstallation process will remove the Sealed Secrets installation (CRD) but NOT the CRs. You have to remove them manually:
oc delete SealedSecretController sealed-secret-controller -n sealed-secrets
oc delete crd sealedsecrets.bitnami.com
Operator Marketplace deinstallation¶
oc delete -f guides/ocp4/olm/subscription.yaml
oc delete csv sealed-secrets-operator-helm.v0.0.1 -n sealed-secrets
oc delete crd sealedsecretcontrollers.bitnami.com
oc delete -f guides/ocp4/olm/catalog-source.yaml
oc delete -f guides/ocp4/olm/operator-group.yaml
oc delete -f guides/ocp4/olm/namespace.yaml
Manual deinstallation¶
oc delete -f guides/ocp4/manual/deployment.yaml
oc delete -f guides/ocp4/manual/crd.yaml
oc delete -f guides/ocp4/manual/role-binding.yaml
oc delete -f guides/ocp4/manual/role.yaml
oc delete -f guides/ocp4/manual/service-account.yaml
oc delete -f guides/ocp4/manual/namespace.yaml