Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4604

Include New required Infrastructure Annotations

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • Logging 5.8.z
    • Log Collection
    • 1
    • False
    • None
    • False
    • NEW
    • NEW
    • Release Note Not Required
    • Log Collection - Sprint 245, Log Collection - Sprint 246, Log Collection - Sprint 247, Log Storage - Sprint 244

      Latest by Q1 2024, you MUST provide either the string value (not boolean) "true" or "false" for each of the required infrastructure annotations.

      ref:

      https://docs.engineering.redhat.com/display/CFC/Best_Practices#Best_Practices-(New)RequiredInfrastructureAnnotations

      In order to drive a positive user experience when customers are using the OperatorHub in the cluster and catalog.redhat.com to discover operator-based offerings and reason about their capabilities, you MUST provide information about infrastructure integration that is specific to OpenShift clusters.

      This is a change from an earlier convention up until OpenShift 4.13 where the annotation operators.openshift.io/infrastructure-features was used as a mere list.

      You may use both in parallel, but the release pipelines will start to block in case of absence of the annotations in the namespace features.operators.openshift.io in Q1 2024. The old annotations weren't enforced in the pipeline because of their format providing no way to differentiate between deliberate absence of a value from human obliviousness. Support for the new annotations will be backported all the way to OpenShift 4.10.

      ------------------------

      Latest by Q1 2024, you MUST provide either the string value (not boolean) "true" or "false" for each of the following list of annotations:

      Annotation Meaning
      features.operators.openshift.io/token-auth-gcp Whether the operator supports configuration for tokenzied authentication with Google Cloud APIs via GCP Workload Identity Foundation (WIF) using the CloudCredentialOperator.
      features.operators.openshift.io/token-auth-azure Whether the operator supports configuration for tokenzied authentication with Azure APIs via Azure Managed Identity using the CloudCredentialOperator.
      features.operators.openshift.io/token-auth-aws Whether the operator supports configuration for tokenzied authentication with AWS APIs via AWS Secure Token Service (STS) using the CloudCredentialOperator.
      features.operators.openshift.io/tls-profiles Whether the operator implements well-known tunables to modify the TLS cipher suite used by the operator and, if applicable, any of the workloads it manages (operands).
      features.operators.openshift.io/proxy-aware Whether the operator supports running on a cluster behind a proxy by accepting standard proxy environment variables HTTP_PROXY and HTTPS_PROXY. If applicable the operator passes this information down to the workload it manages (operands).
      features.operators.openshift.io/fips-compliant Whether the opperator accepts the FIPS-140 configuration of the underlying platform and works on nodes that are booted into FIPS mode. In this mode, the operator and any workloads it manages (operands) are solely calling the RHEL cryptographic library submitted for FIPS-140 validation.
      features.operators.openshift.io/disconnected Whether the operator leverages spec.relatedImages and can run without internet connection by referring to any related image via its digest.
      features.operators.openshift.io/csi Whether the operator provides a Container Storage Interface (CSI) Kubernetes plugin.
      features.operators.openshift.io/cni Whether the operator provides a Container Network Interface (CNI) Kubernetes plugin.
      features.operators.openshift.io/cnf Whether the operator provides a Cloud-Native Network Function (CNF) Kubernetes plugin.

              jcantril@redhat.com Jeffrey Cantrill
              cahartma@redhat.com Casey Hartman
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: