Announcing OLM v1: Next-Generation Operator Lifecycle Management

Operator Lifecycle Management (OLM) has been a cornerstone of the success of Red Hat OpenShift 4, driving ecosystem growth and enabling crucial solutions like Red Hat Advanced Cluster Management for Kubernetes, Red Hat Advanced Cluster Security for Kubernetes, OpenShift Service Mesh, and OpenShift Virtualization. It has also unlocked advanced workloads such as GPU, Precision Time Protocol (PTP), and SR-IOV networking. For the vast majority of our connected customers using OLM, it's an important component of operation, which is why we're excited to introduce OLM v1.

The next-generation Operator Lifecycle Manager has been specifically redesigned to improve how you manage operators on OpenShift. Developed directly from user feedback, OLM v1 delivers enhancements across the board, simplifying operator management, enhancing security, and boosting reliability.

Simplified API

Managing operators is now easier with OLM v1's new, user-friendly API. OLM v1 treats operators (custom controllers and CRDs) as integral extensions of the cluster, not just as installed applications. This caters to the special lifecycle requirements of custom resource definitions (CRD), and manages them as cluster-wide singletons. By interacting with ClusterExtension API objects, you can effortlessly manage the lifecycle of your operator packages, quickly understand operator status, and troubleshoot any issues.

Streamlined declarative workflows

OLM v1 uses streamlined declarative workflows to improve automation. Leveraging the simplified API, you can easily define your desired operator states, and then let OLM v1 maintain those states using integrated tools like Git and zero-touch provisioning. This helps minimize human error and unlocks a wider range of use cases.

Uninterrupted operations with continuous reconciliation and optional rollbacks

OLM v1 enhances reliability through continuous reconciliation. Rather than relying on single attempts, OLM v1 proactively addresses operator installation and update failures, automatically retrying until an issue is resolved. This eliminates manual steps previously required, such as deleting the InstallPlan API objects. This greatly simplifies the resolution of off-cluster issues, such as missing container images or catalog problems. Fix the underlying problem, and OLM v1 automatically reconciles and recovers across a fleet of your clusters.  For added peace of mind, OLM v1 offers optional rollbacks so you can revert operator version updates under specific conditions, after carefully assessing any potential risks.

Granular update control for smoother deployments

Take full control of your operator updates with OLM v1's granular update control. You can select a specific version, or define a range of acceptable versions. Suppose you've tested version 1.2.3 of an operator in staging and you've decided it's good to go. Instead of hoping the latest version works just as well in production, you can use version pinning. Just specify 1.2.3 as the version you want, and that is exactly what gets deployed.

You get the precise control you need for a safe and predictable update. Alternatively, the automatic Z-stream updates provide a seamless and security-focused experience by automatically applying security fixes without manual intervention, minimizing operational disruptions.

Enhanced security with user-provided ServiceAccounts

OLM v1 prioritizes security by minimizing permission requirements and giving you control over access. Using user-provided ServiceAccounts for operator lifecycle operations restricts OLM v1's access to only necessary permissions, significantly reducing the control plane’s attack surface and improving overall security. Similar to Helm’s removal of the highly privileged Tiller, OLM v1 adopts a least-privilege model to minimize the impact of a compromise. 

Manage operators as ClusterExtensions

OLM v1's design aligns more closely with Kubernetes principles. It treats operators, which consist of custom controllers and CRDs, as cluster-wide singletons. With OLM v1, installing an operator package is as simple as creating and applying a ClusterExtension API object in your cluster. OpenShift continues to give you access to the latest operator packages, patches, and updates through default Red Hat operator catalogs.  

Ready to get hands-on?

Want to see how easy it is to install, upgrade, and manage operators using the new ClusterExtension API?  Check out our companion post for copy-and-paste examples covering key user scenarios: Getting Started with OLM v1: Walking Through Core Tasks with Simple Examples

What’s next for OLM v1?

The future of OLM v1 focuses on broader applicability, deeper OpenShift integration, and enhanced comprehensiveness:

• Broader Applicability: Leverage simplified APIs for easier integration with GitOps and Zero-Touch Provisioning across various form factors.
• Deeper OpenShift Integration: Align with platform-wide signature trust policies for enhanced content integrity and authenticity verification.
• Expanded Compatibility: Support Helm charts alongside existing bundle formats for greater flexibility.

The OLM v0 will maintain full support throughout the OpenShift 4 lifecycle. We invite you to explore OLM v1, engage with the upstream community to contribute to the project's roadmap and share your valuable feedback with us.