Tutorials

Deploy on OpenShift

Deployment on production OpenShift clusters is managed by the SWIM Operator. The operator handles the full lifecycle of SWIM services, including databases, messaging, certificates, networking, and observability.

Prerequisites

1. Install Required Operators

Install the following operators from OperatorHub before installing the SWIM Operator:

• cert-manager Operator for Red Hat OpenShift - automated certificate lifecycle for mTLS
• Red Hat AMQ Broker Operator - ActiveMQ Artemis for AMQP 1.0 messaging
• Streams for Apache Kafka (AMQ Streams) - Kafka for internal event streaming

Verify installation:

oc get pods -n cert-manager
oc get csv -n openshift-operators | grep amq-broker
oc get csv -A | grep amqstreams

2. Install the SWIM Operator

Apply the CatalogSource to register the SWIM Operator in OperatorHub:

oc apply -f - <<'EOF'
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: swim-operator-catalog
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/masales/swim-operator-catalog:v0.0.1
  grpcPodConfig:
    imagePullPolicy: Always
  displayName: SWIM Operator Catalog
  publisher: SWIM Developer Team
  updateStrategy:
    registryPoll:
      interval: 15m
EOF

Then install the operator from the OpenShift console:

1. Go to OperatorHub and search for SWIM Operator
2. Click Install and select All namespaces on the cluster
3. Choose update approval (Manual or Automatic) and click Install

Verify installation:

oc get csv -n openshift-operators | grep swim
oc get crd | grep swim

Expected CRDs:

• swimdigitalnotamconsumers.apps.swim-developer.github.io
• swimdigitalnotamproviders.apps.swim-developer.github.io
• swimdnotamconsumervalidators.apps.swim-developer.github.io
• swimdnotamprovidervalidators.apps.swim-developer.github.io
• swimed254consumers.apps.swim-developer.github.io
• swimed254providers.apps.swim-developer.github.io
• swimed254consumervalidators.apps.swim-developer.github.io

3. Configure External Services

The following services must be available before deploying SWIM Custom Resources:

• Keycloak - Deploy via Red Hat Build of Keycloak Operator. Requires realm swim for Provider OIDC/JAAS authentication
• ClusterIssuer swim-ca-issuer - cert-manager ClusterIssuer for mTLS certificate issuance

oc apply -f - <<'EOF'
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: swim-ca-issuer
spec:
  ca:
    secretName: swim-ca-secret
EOF

4. Deploy SWIM Services

Create Custom Resources in your target namespace. The operator provisions all required infrastructure (databases, brokers, certificates, networking) automatically.

# Digital NOTAM
oc apply -f config/samples/apps_v1alpha1_swimdigitalnotamprovider_minimal.yaml -n <namespace>
oc apply -f config/samples/apps_v1alpha1_swimdigitalnotamconsumer_minimal.yaml -n <namespace>
oc apply -f config/samples/apps_v1alpha1_swimdnotamconsumervalidator_minimal.yaml -n <namespace>
oc apply -f config/samples/apps_v1alpha1_swimdnotamprovidervalidator_minimal.yaml -n <namespace>

# ED-254 Arrival Sequence
oc apply -f config/samples/apps_v1alpha1_swimed254provider_minimal.yaml -n <namespace>
oc apply -f config/samples/apps_v1alpha1_swimed254consumer_minimal.yaml -n <namespace>
oc apply -f config/samples/apps_v1alpha1_swimed254consumervalidator.yaml -n <namespace>

What the operator provisions per Custom Resource

5. Verify Deployment

# Digital NOTAM
oc get swimdigitalnotamprovider,swimdigitalnotamconsumer -n <namespace>
oc get swimdnotamconsumervalidator,swimdnotamprovidervalidator -n <namespace>

# ED-254
oc get swimed254provider,swimed254consumer -n <namespace>
oc get swimed254consumervalidator -n <namespace>

# All resources
oc get all -n <namespace>
oc get routes -n <namespace>