Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-719

Bootstrap OpenShift Builds Operator

XMLWordPrintable

    • 8
    • False
    • None
    • False
    • SECFLOWOTL-27 - Shared Resource CSI Driver GA
    • Release Note Not Required
    • Done
    • 8
    • Pipeline Integrations #3252, Pipeline Integrations #2260

      Story (Required)

      As a cluster admin trying to add OpenShift Builds to my cluster I want to install an operator that gives me an API to manage components.

      <Describes high level purpose and goal for this story. Answers the questions: Who is impacted, what is it and why do we need it? How does it improve the customer’s experience?>

      Background (Required)

      <Describes the context or background related to this story>

      Our first version of the OpenShift Builds operator is based on the upstream Shipwright operator. Shipwright is not a suitable upstream home for the Shared Resource CSI driver - and thus the upstream operator should not contain logic to deploy it.

      As a first step, this story will bootstrap a new OLM operator repo that provides a new API for managing OpenShift Build components.

      Out of scope

      <Defines what is not included in this story>

      • Deploying Shipwright components via the new operator.
      • Deploying the Shared Resource CSI Driver via the new operator.
      • Integration testing that involves deploying on an OpenShift cluster.
      • Releasing the operator through Konflux.

      Approach (Required)

      <Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

      1. Create a new GitHub organization - "redhat-openshift-builds"
      2. Create repository within new org - "operator"
      3. Initialize with operator-sdk, create a stub API:
        • Group: operator.openshift.io
        • Version: v1alpha1
        • Kind: OpenShiftBuild
      4. Onboard operator repository to Konflux
        • rh-openshift-builds for the Konflux workspace name.
        • Application name: "Builds for Red Hat Openshift" (builds-rh-openshift )?
      5. Enable security tasks in Konflux via the customized pipeline:
        1. ClamAV scan (Malware detection)
        2. Snyk code scan (SAST)
        3. SBOM generation and upload (Manifest + Bill of Materials)
      6. Configure basic CI checks through Konflux (most likely a separate Pipelines as Code pipeline that runs `make test` in a container)

      Initial sketch of the API discussed in https://github.com/openshift/enhancements/pull/1457

      Dependencies

      <Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

      • Operator SDK with OLM support/features.

      Acceptance Criteria (Mandatory)

      <Describe edge cases to consider when implementing the story and defining tests>

      <Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>

      • New GitHub repository for the operator
      • OpenShiftBuilds custom resource is installed via OLM when the operator is installed.
      • Konflux is able to build the operator container image. Team is able to manage the build process in the Konflux workspace.
      • We are able to run the operator-sdk "make test" target on Konflux infrastructure.

      INVEST Checklist

      • Dependencies identified
      • Blockers noted and expected delivery timelines set
      • Design is implementable
      • Acceptance criteria agreed upon
      • Story estimated

      Legend

      • Unknown
      • Verified
      • Unsatisfied

      Done Checklist

      • Code is completed, reviewed, documented and checked in
      • Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
      • Continuous Delivery pipeline(s) is able to proceed with new code included
      • Customer facing documentation, API docs etc. are produced/updated, reviewed and published
      • Acceptance criteria are met

              rh-ee-sabiswas Sayan Biswas
              adkaplan@redhat.com Adam Kaplan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: