-
Feature
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
None
-
False
-
False
-
?
-
No
-
?
-
?
-
?
-
17% To Do, 0% In Progress, 83% Done
-
Undefined
-
XL
Feature Goal
- Provide a way for OLM Operators to be installed out of the box in OpenShift / by default as part of the cluster deployment using the OLM Subscription API
- Provide a way for those operators to lifecycle with the cluster (upgrade when the cluster is upgraded, participate in blocking cluster install/upgrade completion until they are installed/upgraded)
See the platform operator portions of
https://docs.google.com/presentation/d/1U2zYAyrNGBooGBuyQME8Xn905RvOPbVv3XFw3stddZw
And this roadmap for platform operators:
https://hackmd.io/MFwDuS_XS7quls3Q4ANKLw
Why is this important?
- Several Operator teams are looking to be installed on OpenShift by default for a regular cluster deployment, e.g. cert-manager, ServiceBindingOperator, LocalStorageOperator
- This is an OpenShift Downstream ask, because the only other option to ship an operator with every cluster install would be to use CVO which does not allow opting out of cluster defaults without putting the cluster into an unsupported state
Use Cases
- A way exists to configure which Operators should be installed by default that are not in the core payload (day0 operator)
- The list of available day0 operators is under Red Hat's control
- Day0 operators should also be available via the regular OperatorHub catalogs
- Users are allowed to uninstall such default Operators post-install
- Users are allow to configure whether such Operators should be installed by default on Day 0 or not (opt-out)
- A default Operator can temporarily prevent a cluster upgrade in case if its in a critical process
- An OpenShift install is not considered complete until all of the day0 operators are installed
- An OpenShift install is considered failed if any of the day0 operators failed to install
- A default Operator can change versions as part of a cluster upgrade
- A default Operator can be uninstalled as part of a cluster upgrade
- When a default Operator is removed such that only the controller is removed, but not the CRDs nor CRs
- It should be possible to control for Red Hat which version of the day0 operator gets installed / updated
- It should be possible to control for Red Hat from which channel a day0 gets installed / updated
- A default Operator needs to be mirrored as part of mirroring OpenShift Release Payloads to enable a cluster in disconnected environments
- A default operator is directed to be installed but the required catalogs aren't available yet
- A disconnected customer wants to rely on Operators installed by default
- A day0 operator failed to upgrade/install during a cluster upgrade/install and a cluster admins wants to troubleshoot why
- A day0 operator is the process of being installed or upgrades and a cluster admins wants to observe progress
Day0 Operator Criteria
- must ship in all arches that OCP supports
Acceptance Criteria
- The above user scenarios need to be achievable
- OpenShift clusters for self-managed installs ship ServiceBindingOperator by default via this mechanism
- It should be independent of the current OperatorHub API (which we are likely going to deprecate in the future)
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- Downstream documentation
Dependencies (internal and external)
- OpenShift installer needs to bundle desired day-0 operators in it's payload / default scaffolding of post-install manifests.
Potential Candidates for Day0 operators:
- cert-manager
- Servince Binding Operator
- Local Storage Operator
Open questions:
- Do we need a special catalog for day-0 operators? Should this be part of the payload vs. an optional component?
- What happens during cluster updates?
- Does this block cluster installs?
- How are these operator's discovered for offline mirroring?
- Who is ultimately in control of day0 operator updates? The customer or Red Hat?
- Are day0 operators always auto-updating? Do we allow users to change that?
- Do we need to consider how to create an aggregated status that includes both CVO and OLM operators? (i.e. something that aggregates both CVO's ClusterOperator and OLM's OperatorCondition)
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- blocks
-
CNV-14625 [2017442] [certificate renewal] virt-template-validator-certs secret certificate is not updated according to HCO CR certconfig
- New
-
CNV-15131 [2017415] [certificate renewal] ssp-operator-service-cert secret certificate is not updated according to HCO CR certconfig
- New
- is related to
-
AUTH-51 Spike: deployment methods for cert-manager-operator
- Closed
- relates to
-
APPSVC-849 Distribution of SBO with OLM
- Closed
-
OCPSTRAT-1308 OpenShift Optional Capabilities (Phase 7)
- New
-
OCPSTRAT-36 OpenShift Optional Capabilities (Phase 4)
- Closed
-
OCPSTRAT-421 OpenShift Optional Capabilities (Phase 5)
- Closed
-
OCPSTRAT-731 OpenShift Optional Capabilities (Phase 6)
- Closed
-
OCPSTRAT-147 OpenShift Optional Capabilities (Phase 3)
- Closed