-
Task
-
Resolution: Done
-
Critical
-
Logging 5.8.z
-
1
-
False
-
None
-
False
-
NEW
-
NEW
-
Release Note Not Required
-
-
-
Log Collection - Sprint 245, Log Collection - Sprint 246, Log Collection - Sprint 247, Log Storage - Sprint 244
Latest by Q1 2024, you MUST provide either the string value (not boolean) "true" or "false" for each of the required infrastructure annotations.
ref:
In order to drive a positive user experience when customers are using the OperatorHub in the cluster and catalog.redhat.com to discover operator-based offerings and reason about their capabilities, you MUST provide information about infrastructure integration that is specific to OpenShift clusters.
This is a change from an earlier convention up until OpenShift 4.13 where the annotation operators.openshift.io/infrastructure-features was used as a mere list.
You may use both in parallel, but the release pipelines will start to block in case of absence of the annotations in the namespace features.operators.openshift.io in Q1 2024. The old annotations weren't enforced in the pipeline because of their format providing no way to differentiate between deliberate absence of a value from human obliviousness. Support for the new annotations will be backported all the way to OpenShift 4.10.
------------------------
Latest by Q1 2024, you MUST provide either the string value (not boolean) "true" or "false" for each of the following list of annotations:
| Annotation | Meaning |
| features.operators.openshift.io/token-auth-gcp | Whether the operator supports configuration for tokenzied authentication with Google Cloud APIs via GCP Workload Identity Foundation (WIF) using the CloudCredentialOperator. |
| features.operators.openshift.io/token-auth-azure | Whether the operator supports configuration for tokenzied authentication with Azure APIs via Azure Managed Identity using the CloudCredentialOperator. |
| features.operators.openshift.io/token-auth-aws | Whether the operator supports configuration for tokenzied authentication with AWS APIs via AWS Secure Token Service (STS) using the CloudCredentialOperator. |
| features.operators.openshift.io/tls-profiles | Whether the operator implements well-known tunables to modify the TLS cipher suite used by the operator and, if applicable, any of the workloads it manages (operands). |
| features.operators.openshift.io/proxy-aware | Whether the operator supports running on a cluster behind a proxy by accepting standard proxy environment variables HTTP_PROXY and HTTPS_PROXY. If applicable the operator passes this information down to the workload it manages (operands). |
| features.operators.openshift.io/fips-compliant | Whether the opperator accepts the FIPS-140 configuration of the underlying platform and works on nodes that are booted into FIPS mode. In this mode, the operator and any workloads it manages (operands) are solely calling the RHEL cryptographic library submitted for FIPS-140 validation. |
| features.operators.openshift.io/disconnected | Whether the operator leverages spec.relatedImages and can run without internet connection by referring to any related image via its digest. |
| features.operators.openshift.io/csi | Whether the operator provides a Container Storage Interface (CSI) Kubernetes plugin. |
| features.operators.openshift.io/cni | Whether the operator provides a Container Network Interface (CNI) Kubernetes plugin. |
| features.operators.openshift.io/cnf | Whether the operator provides a Cloud-Native Network Function (CNF) Kubernetes plugin. |
