-
Epic
-
Resolution: Obsolete
-
Critical
-
None
-
None
-
Global Operator tenant visibility controls
-
False
-
False
-
To Do
-
OCPPLAN-7751 - Descoping Preparation
-
OCPPLAN-7751Descoping Preparation
-
Undefined
-
L
Epic Goal
- Non-admin users can understand what services are available for them to use even though these are provided by elements outside of their namespace
- Authors and admins have fine-grained control over which tenant in a cluster can see what services
- The implementation to make operators discoverable by users must scale well / remove the need to copy data around in the clusters into every namespace
Why is this important?
- Cluster visibility is a common reason given to why operator authors avoid "AllNamespace" operators - they don't want the operator to be visible for every tenant in the cluster. AllNamespace operators are the simplest to treat as "descoped", so if we can solve the visibility problem today, we can avoid migration pain in the future.
Related work
Scenarios
- As a non-admin user, I would like to tell what services (operators and their apis) I am permitted to use.
- As an operator author, I would like to control the default visibility of the operator and its services.
- As an admin, I would like to adjust the visibility of an operator and its services after installation.
- As a admin, I want to enable global operators on clusters with a lot of namespaces without massive resource overhead in the OLM controllers
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- Scale testing - the new mechanism must scale better than manifest size * namespaces
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- is incorporated by
-
OCPSTRAT-550 OLM v1: Ability to configure user/group permissions to provided APIs (a part of F12)
- New