How it is now?

The operator compares installed version of a component (eg: Pipeline 0.28.0) with the version of the component in an upgrade to decide whether to delete and recreate (upgrade) a deployment (eg: Pipeline-controller, triggers-controller). This works fine functionally. However, this could result in failure to supply CVE fixes in base images we use to build our images. This scenario is more likely to happen in patch releases in operator.

This scenario was observed during 1.6.0 to 1.6.1 upgrade. As triggers-webhook, pipeline-webhook deployment were not replaced (delete and create new) as the version of Pipelines and Triggers did not change in the upgrade.

Therefore, operator should use Operator version (eg: 1.6.1) to compare and decide whether a deployement should be recreated. In fact, this applies to all stateless resources (eg: services, roles, rolebindings... )

Acceptance Criteria

• All reconcilers in operator uses operator version instead of component version to decide whether stateless resources should be recreated during an upgrade

How to test the fix 🧑‍💻

After an upgrade from 1.6.1 to 1.6.2 all deployment-pods in openshift-pipelines namespace should be restarted by operator irrespective of the payload (pipelines, triggers...) version.