-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
None
Goal
Operator authors/pipelines can run bundle validate command to check Operator's CSV includes any k8s APIs removed in 1.25.
Why is this important?
k8s 1.25 will stop serving several deprecated API versions. There's a need from the pipeline side to run "k8s 1.25/OCP 4.12 API deprecation test" to provide some feedback to the Operator authors if identified their Operator version/bundle still includes any of those removed APIs.
Problems
However, all of these APIs cannot be directly installed by the OLM in the bundle. This means this cannot be identified simply by checking if the bundle manifests included any of these API's YAML manifests.
1. One potential approach is to check the RBAC permissions of the Operator in the bundle. However, the `rules` of the permission do not include API version
--> can only tell the Operator does use these k8s APIs
--> cannot tell the exact API version from the permission
e.g. Couchbase Community Operator (v2.3.0): "cronjob" is listed in the permission resources
--> but cannot tell the exact API version.
2. Another way to check if an Operator is still using the deprecated APIs is to check:
- {{"spec.customresourcedefinitions.owned[].resources[].kind" }}and
- "spec.customresourcedefinitions.owned[].resources[].version"
these two self-proclaimed fields by the Operator authors in the CSV YAML.
to see if any of the "kind/version" are the secondary resources of the provided custom resources.
e.g.
- Couchbase Community Operator (v2.3.0): CrobJob in "batch/v1beta1"
- Couchbase Certified Operator (v2.3.2-1): CrobJob in "batch/v1beta1"
Proposed check:
k8s 1.25 removed APIs validate command checks the CSV in the bundle and will:
- raise "WARNING" if identified removed APIs as the "resources" listed in the "permissions/clusterPermissions" stanza
- include the k8s 1.25 removed API upstream URL in the messages.
- raise "ERROR" if identified removed APIs as the "kind/version" listed in the "spec.customresourcedefinitions.owned[].resources" stanza
Acceptance Criteria
- Operator authors/pipelines can use Operator SDK to validate Operator bundle(s) statically to:
- get warning/error message if their Operator bundle may include removed APIs in k8s 1.25
- see the k8s doc for 1.25 removed APIs.
- Community pipeline team enable this validation checks for bundles.
- Red Hat pipeline team to enable this validation checks for bundles.