Container Operator Developer Instructions

This topic describes instructions using the SDK version 1.29.0 for the Operator.

Deploy the Operator without using an Image

To install dependencies to verify the kubeconfig context:

make deploy OPERATOR_REPLICAS=0

To run the Operator from the terminal to verify the kubeconfig context:

make run

From your editor, run and debug main.go to verify the KUBECONFIG environment variable.

Install the Dataplane on your own Control Plane

Under the Carbon Black Container Cluster CR:

spec:
  apiGatewaySpec:
    adapter: {MY-ADAPTER-NAME}

where {MY-ADAPTER-NAME} is your control plane adapter name. The default value is containers.

Uninstall the Container Operator

From a terminal, run the following command:

make undeploy

Note: This command does not clean up the Carbon Black directory on the dataplane nodes.

Changing Security Context Settings

Hardening enforcer/state_reporter security context settings:

You can change the values under cbcontainers/state/hardening/objects for enforcer_deployment.go or state_reporter_deployment.go.

Using defaults:

Defaults in the OpenAPISchema is a feature in apiextensions/v1 version of CustomResourceDefinitions. These default values are supported by kubebuilder by using tags; for example, kubebuilder:default=something. For backwards compatibility, all defaults should also be implemented and set in the controllers to make sure that they work on clusters v1.15 and below.

Note: kubebuilder does not support an empty object as a default value. See related issue (external link). The root issue is in regard to maps, but the same code causes issues with objects.

Therefore, the following specification will not apply the default for test unless the user specifies bar.

spec:
  properties:
    bar:
      properties:
        test:
          default: 10
          type: integer

Applying this YAML will save an empty object for bar: spec: {}.

Instead, applying spec: { bar: {} } works as expected and saves the following object:

spec: { bar: { test: 10 }}

For example:

spec:
  properties:
    bar:
      default: {}
      properties:
        test:
          default: 10
          type: integer

kubebuilder cannot currently produce that output. Therefore, replacing all instance of <> with {} so that using kubebuilder:default=<> produces the correct output.

Defaulting is not supported by v1beta1 versions of CRD.

Local Debugging

To debug locally, run make run-delve. This command builds and starts a delve debugger in headless mode. Then use an editor to start a remote session and connect to the delve instance.

For goland, the built-in go remote configuration works.

Custom Namespace

If the Operator is not deployed in the default namespace (cbcontainers-dataplane), you must set the OPERATOR_NAMESPACE environment variable when using make run or make run-delve.