-
Enhancement
-
Resolution: Unresolved
-
Major
-
2.3.0.GA
-
None
-
False
-
False
-
Undefined
-
We are building a down stream version of the https://github.com/eclipse/che-operator/ for a commercial IBM offering that provides modified devfile and plugin catalogs tailored for a z/OS Enterprise Application development audience.
To certify our offering as IBM Certified Containers we are running it through scanners provided by the IBM Cloud Pak certification teams. Currently, the Che/CRW operator fails these scans with the errors attached to this item.
We wanted submit these results here to start a discussion if and how these issues should/could be fixed.
Here an except of the major issues found (the zip has the full list):
- Every CSV must reference a CRD that has a license specification. This CSV must contain GUI instructions for the license accept tool https://github.com/eclipse/che/issues/18716
- Not all containers have liveness or readiness probes https://issues.redhat.com/browse/CRW-916
- Liveness and readiness probes for operator https://issues.redhat.com/browse/CRW-683
- Resource limits are not explicitly defined on pods https://github.com/eclipse/che/issues/18356
- Resource definitions yaml are missing required labels https://github.com/eclipse/che/issues/18357
- All pods need to explicitly define security context https://github.com/eclipse/che/issues/18362
- Pods must define architecture-based node affinity https://github.com/eclipse/che/issues/18361
- Containers must be dropping all capabilities, and only adding the ones they need https://github.com/eclipse/che/issues/18359
- At least one CRD must include versions in its status https://github.com/eclipse/che/issues/18786
- A custom resource status block should include a list of resources that it manages using the schema https://github.com/eclipse/che/issues/18787
- CSV description should have README section https://github.com/eclipse/che/issues/18968