-
Story
-
Resolution: Done
-
Major
-
None
-
8
-
False
-
None
-
False
-
SECFLOWOTL-27 - Shared Resource CSI Driver GA
-
Release Note Not Required
-
Done
-
-
-
8
-
Pipeline Integrations #3252, Pipeline Integrations #2260
Story (Required)
As a cluster admin trying to add OpenShift Builds to my cluster I want to install an operator that gives me an API to manage components.
<Describes high level purpose and goal for this story. Answers the questions: Who is impacted, what is it and why do we need it? How does it improve the customer’s experience?>
Background (Required)
<Describes the context or background related to this story>
Our first version of the OpenShift Builds operator is based on the upstream Shipwright operator. Shipwright is not a suitable upstream home for the Shared Resource CSI driver - and thus the upstream operator should not contain logic to deploy it.
As a first step, this story will bootstrap a new OLM operator repo that provides a new API for managing OpenShift Build components.
Out of scope
<Defines what is not included in this story>
- Deploying Shipwright components via the new operator.
- Deploying the Shared Resource CSI Driver via the new operator.
- Integration testing that involves deploying on an OpenShift cluster.
- Releasing the operator through Konflux.
Approach (Required)
<Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>
- Create a new GitHub organization - "redhat-openshift-builds"
- Create repository within new org - "operator"
- Initialize with operator-sdk, create a stub API:
- Group: operator.openshift.io
- Version: v1alpha1
- Kind: OpenShiftBuild
- Onboard operator repository to Konflux
- rh-openshift-builds for the Konflux workspace name.
- Application name: "Builds for Red Hat Openshift" (builds-rh-openshift )?
- Enable security tasks in Konflux via the customized pipeline:
- ClamAV scan (Malware detection)
- Snyk code scan (SAST)
- SBOM generation and upload (Manifest + Bill of Materials)
- Configure basic CI checks through Konflux (most likely a separate Pipelines as Code pipeline that runs `make test` in a container)
Initial sketch of the API discussed in https://github.com/openshift/enhancements/pull/1457
Dependencies
<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>
- Operator SDK with OLM support/features.
Acceptance Criteria (Mandatory)
<Describe edge cases to consider when implementing the story and defining tests>
<Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>
- New GitHub repository for the operator
- OpenShiftBuilds custom resource is installed via OLM when the operator is installed.
- Konflux is able to build the operator container image. Team is able to manage the build process in the Konflux workspace.
- We are able to run the operator-sdk "make test" target on Konflux infrastructure.
INVEST Checklist
- Dependencies identified
- Blockers noted and expected delivery timelines set
- Design is implementable
- Acceptance criteria agreed upon
- Story estimated
Legend
- Unknown
- Verified
- Unsatisfied
Done Checklist
- Code is completed, reviewed, documented and checked in
- Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
- Continuous Delivery pipeline(s) is able to proceed with new code included
- Customer facing documentation, API docs etc. are produced/updated, reviewed and published
- Acceptance criteria are met
- blocks
-
BUILD-720 Include Shipwright Operator as library
- Release Pending
-
BUILD-722 Manufacture Shipwright Build Images on Konflux
- Release Pending
-
BUILD-760 Builds for OpenShift Operator Branding
- Release Pending
-
BUILD-920 Install in "openshift-builds" namespace
- Release Pending
-
BUILD-721 Support upgrade from v1.0 to v1.1
- Closed
- is related to
-
BUILD-847 SPIKE: Build Operator with Konflux
- Closed
- links to