Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-997

GitOps Operator can't be installed in ROSA cluster due namespaces used

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.2
    • 1.1, 1.1.1
    • Operator
    • 8
    • False
    • False
    • Undefined
    • GITOPS Sprint 204

      Bugzilla Ticket:

      https://bugzilla.redhat.com/show_bug.cgi?id=1963041

       
      Description of problem:

      The GitOps Operator can't be installed in ROSA cluster due the namespace used is `openshift-gitops` and is hardcoded here[1]:

      ~~~
      var (
      port int32 = 8080
      portTLS int32 = 8443
      backendImage string = "quay.io/redhat-developer/gitops-backend:v0.0.1"
      backendImageEnvName = "BACKEND_IMAGE"
      serviceName = "cluster"
      insecureEnvVar = "INSECURE"
      insecureEnvVarValue = "true"
      serviceNamespace = "openshift-gitops"
      depracatedServiceNamespace = "openshift-pipelines-app-delivery"
      clusterVersionName = "version"
      )
      ~~~

      Per ROSA policies [2] the namespaces `openshift-*` are considered as a core namespaces only for SRE use, so the customer can't use them.

      **
      [1]
      https://github.com/redhat-developer/gitops-operator/blob/a15f0c70541c9dcc7b9541c35e7e29bb9a880e3b/pkg/controller/gitopsservice/gitopsservice_controller.go#L49
      [2]
      https://docs.openshift.com/rosa/rosa_policy/rosa-policy-process-security.html#rosa-policy-rh-access_rosa-policy-process-security
      Version-Release number of selected component (if applicable):

      How reproducible: Install the Operator and see that the namespace is not configurable

      Actual results: The Operator is installed but the customer don't have privileges to work with it

       

      Description:

      Add a subscription env to disable creation of the default operator

      Enabling additional support for the GitOps OpenShift console UI will be handled by a subsequent story/epic.

       

      Acceptance Criteria:

      • The operator Subscription should support an environment variable which, when set, prevents the creation of the default ArgoCD instance in gitops-operator namespace
      • Environment variable should be documented for public users
      • ArgoCD monitoring (via ServiceMonitors) should continue to work for ArgoCD instances that the user creates.
      • When running in this mode, the UI will not work for this Argo CD instance (similar to user-scoped ArgoCD instances installed in other namespaces); verify that this doesn't significantly affect the openshift-console.

       

      Reference: https://docs.google.com/document/d/15D0_zHDC7DOjFhcgv9ARIyRpOQ8BT2tlU2I-KdVeGCA/edit#heading=h.sjry3ffn2zpl

       

              jgwest Jonathan West
              wtam_at_redhat William Tam
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: