diff --git a/api/v1/clusterextension_types.go b/api/v1/clusterextension_types.go index ee55109f86..18f982725b 100644 --- a/api/v1/clusterextension_types.go +++ b/api/v1/clusterextension_types.go @@ -105,6 +105,7 @@ type ClusterExtensionSpec struct { // a configuration schema the bundle is deemed to not be configurable. More information on how // to configure bundles can be found in the OLM documentation associated with your current OLM version. // + // // +optional Config *ClusterExtensionConfig `json:"config,omitempty"` diff --git a/applyconfigurations/api/v1/clusterextensionspec.go b/applyconfigurations/api/v1/clusterextensionspec.go index 56c6533923..5dfaf1883a 100644 --- a/applyconfigurations/api/v1/clusterextensionspec.go +++ b/applyconfigurations/api/v1/clusterextensionspec.go @@ -63,6 +63,8 @@ type ClusterExtensionSpecApplyConfiguration struct { // config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide // a configuration schema the bundle is deemed to not be configurable. More information on how // to configure bundles can be found in the OLM documentation associated with your current OLM version. + // + // Config *ClusterExtensionConfigApplyConfiguration `json:"config,omitempty"` // progressDeadlineMinutes is an optional field that defines the maximum period // of time in minutes after which an installation should be considered failed and diff --git a/docs/api-reference/olmv1-api-reference.md b/docs/api-reference/olmv1-api-reference.md index 3ee7f19386..01ee6f0ee8 100644 --- a/docs/api-reference/olmv1-api-reference.md +++ b/docs/api-reference/olmv1-api-reference.md @@ -343,7 +343,7 @@ _Appears in:_ | `serviceAccount` _[ServiceAccountReference](#serviceaccountreference)_ | serviceAccount specifies a ServiceAccount used to perform all interactions with the cluster
that are required to manage the extension.
The ServiceAccount must be configured with the necessary permissions to perform these interactions.
The ServiceAccount must exist in the namespace referenced in the spec.
The serviceAccount field is required. | | Required: \{\}
| | `source` _[SourceConfig](#sourceconfig)_ | source is required and selects the installation source of content for this ClusterExtension.
Set the sourceType field to perform the selection.
Catalog is currently the only implemented sourceType.
Setting sourceType to "Catalog" requires the catalog field to also be defined.
Below is a minimal example of a source definition (in yaml):
source:
sourceType: Catalog
catalog:
packageName: example-package | | Required: \{\}
| | `install` _[ClusterExtensionInstallConfig](#clusterextensioninstallconfig)_ | install is optional and configures installation options for the ClusterExtension,
such as the pre-flight check configuration. | | Optional: \{\}
| -| `config` _[ClusterExtensionConfig](#clusterextensionconfig)_ | config is optional and specifies bundle-specific configuration.
Configuration is bundle-specific and a bundle may provide a configuration schema.
When not specified, the default configuration of the resolved bundle is used.
config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide
a configuration schema the bundle is deemed to not be configurable. More information on how
to configure bundles can be found in the OLM documentation associated with your current OLM version. | | Optional: \{\}
| +| `config` _[ClusterExtensionConfig](#clusterextensionconfig)_ | config is optional and specifies bundle-specific configuration.
Configuration is bundle-specific and a bundle may provide a configuration schema.
When not specified, the default configuration of the resolved bundle is used.
config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide
a configuration schema the bundle is deemed to not be configurable. More information on how
to configure bundles can be found in the OLM documentation associated with your current OLM version.
| | Optional: \{\}
| | `progressDeadlineMinutes` _integer_ | progressDeadlineMinutes is an optional field that defines the maximum period
of time in minutes after which an installation should be considered failed and
require manual intervention. This functionality is disabled when no value
is provided. The minimum period is 10 minutes, and the maximum is 720 minutes (12 hours).
| | Maximum: 720
Minimum: 10
Optional: \{\}
| diff --git a/docs/draft/howto/single-ownnamespace-install.md b/docs/draft/howto/single-ownnamespace-install.md index 4152946871..8e6f00fe49 100644 --- a/docs/draft/howto/single-ownnamespace-install.md +++ b/docs/draft/howto/single-ownnamespace-install.md @@ -1,7 +1,8 @@ ## Description !!! note -The `SingleOwnNamespaceInstallSupport` feature-gate is enabled by default. Use this guide to configure bundles that need Single or Own namespace install modes. +This feature is still in *alpha* the `SingleOwnNamespaceInstallSupport` feature-gate must be enabled to make use of it. +See the instructions below on how to enable it. --- @@ -30,6 +31,28 @@ include *installModes*. [![OwnNamespace Install Demo](https://asciinema.org/a/Rxx6WUwAU016bXFDW74XLcM5i.svg)](https://asciinema.org/a/Rxx6WUwAU016bXFDW74XLcM5i) +## Enabling the Feature-Gate + +!!! tip + +This guide assumes OLMv1 is already installed. If that is not the case, +you can follow the [getting started](../../getting-started/olmv1_getting_started.md) guide to install OLMv1. + +--- + +Patch the `operator-controller` `Deployment` adding `--feature-gates=SingleOwnNamespaceInstallSupport=true` to the +controller container arguments: + +```terminal title="Enable SingleOwnNamespaceInstallSupport feature-gate" +kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]' +``` + +Wait for `Deployment` rollout: + +```terminal title="Wait for Deployment rollout" +kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager +``` + ## Configuring the `ClusterExtension` A `ClusterExtension` can be configured to install bundle in `Single-` or `OwnNamespace` mode through the diff --git a/docs/draft/tutorials/explore-available-content-metas-endpoint.md b/docs/draft/tutorials/explore-available-content-metas-endpoint.md index 5d04b02df1..f17271d3e4 100644 --- a/docs/draft/tutorials/explore-available-content-metas-endpoint.md +++ b/docs/draft/tutorials/explore-available-content-metas-endpoint.md @@ -91,6 +91,9 @@ Then you can query the catalog by using `curl` commands and the `jq` CLI tool to ... ``` + !!! important + OLM 1.0 supports installing extensions that define webhooks. Targeting a single or specified set of namespaces requires enabling the `SingleOwnNamespaceInstallSupport` feature-gate. + 3. Return list of packages which support `AllNamespaces` install mode, do not use webhooks, and where the channel head version uses `olm.csv.metadata` format: ``` terminal diff --git a/docs/tutorials/explore-available-content.md b/docs/tutorials/explore-available-content.md index 98bb7733c6..36e3cf8834 100644 --- a/docs/tutorials/explore-available-content.md +++ b/docs/tutorials/explore-available-content.md @@ -91,6 +91,9 @@ Then you can query the catalog by using `curl` commands and the `jq` CLI tool to ... ``` + !!! important + OLM 1.0 supports installing extensions that define webhooks. Targeting a single or specified set of namespaces requires enabling the `SingleOwnNamespaceInstallSupport` feature-gate. + 3. Return list of packages that support `AllNamespaces` install mode and do not use webhooks: ``` terminal diff --git a/hack/demo/own-namespace-demo-script.sh b/hack/demo/own-namespace-demo-script.sh index 86b3d28760..611c6dfb05 100755 --- a/hack/demo/own-namespace-demo-script.sh +++ b/hack/demo/own-namespace-demo-script.sh @@ -6,14 +6,16 @@ set -e trap 'echo "Demo ran into error"; trap - SIGTERM && kill -- -$$; exit 1' ERR SIGINT SIGTERM EXIT -# install standard CRDs -echo "Install standard CRDs..." -kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/standard.yaml" +# install experimental CRDs with config field support +kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/experimental.yaml" -# wait for standard CRDs to be available +# wait for experimental CRDs to be available kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io -# Ensure controller is healthy +# enable 'SingleOwnNamespaceInstallSupport' feature gate +kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]' + +# wait for operator-controller to become available kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager # create install namespace @@ -55,6 +57,17 @@ kubectl delete clusterextension argocd-operator --ignore-not-found=true kubectl delete namespace argocd-system --ignore-not-found=true kubectl delete clusterrolebinding argocd-installer-crb --ignore-not-found=true +# remove feature gate from deployment +echo "Removing feature gate from operator-controller..." +kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/args", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]' || true + +# restore standard CRDs +echo "Restoring standard CRDs..." +kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/base.yaml" + +# wait for standard CRDs to be available +kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io + # wait for operator-controller to become available with standard config kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager diff --git a/hack/demo/single-namespace-demo-script.sh b/hack/demo/single-namespace-demo-script.sh index 885854dd9d..9702684152 100755 --- a/hack/demo/single-namespace-demo-script.sh +++ b/hack/demo/single-namespace-demo-script.sh @@ -6,14 +6,16 @@ set -e trap 'echo "Demo ran into error"; trap - SIGTERM && kill -- -$$; exit 1' ERR SIGINT SIGTERM EXIT -# install standard CRDs -echo "Install standard CRDs..." -kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/standard.yaml" +# install experimental CRDs with config field support +kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/experimental.yaml" -# wait for standard CRDs to be available +# wait for experimental CRDs to be available kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io -# Ensure controller is healthy +# enable 'SingleOwnNamespaceInstallSupport' feature gate +kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]' + +# wait for operator-controller to become available kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager # create install namespace @@ -58,6 +60,17 @@ kubectl delete clusterextension argocd-operator --ignore-not-found=true kubectl delete namespace argocd-system argocd --ignore-not-found=true kubectl delete clusterrolebinding argocd-installer-crb --ignore-not-found=true +# remove feature gate from deployment +echo "Removing feature gate from operator-controller..." +kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/args", "value": "--feature-gates=SingleOwnNamespaceInstallSupport=true"}]' || true + +# restore standard CRDs +echo "Restoring standard CRDs..." +kubectl apply -f "$(dirname "${BASH_SOURCE[0]}")/../../manifests/base.yaml" + +# wait for standard CRDs to be available +kubectl wait --for condition=established --timeout=60s crd/clusterextensions.olm.operatorframework.io + # wait for operator-controller to become available with standard config kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager diff --git a/helm/experimental.yaml b/helm/experimental.yaml index e1c7f37cb6..b158389d48 100644 --- a/helm/experimental.yaml +++ b/helm/experimental.yaml @@ -9,6 +9,7 @@ options: operatorController: features: enabled: + - SingleOwnNamespaceInstallSupport - PreflightPermissions - HelmChartSupport - BoxcutterRuntime diff --git a/helm/olmv1/base/operator-controller/crd/standard/olm.operatorframework.io_clusterextensions.yaml b/helm/olmv1/base/operator-controller/crd/standard/olm.operatorframework.io_clusterextensions.yaml index 0b824025eb..aca133f732 100644 --- a/helm/olmv1/base/operator-controller/crd/standard/olm.operatorframework.io_clusterextensions.yaml +++ b/helm/olmv1/base/operator-controller/crd/standard/olm.operatorframework.io_clusterextensions.yaml @@ -57,44 +57,6 @@ spec: description: spec is an optional field that defines the desired state of the ClusterExtension. properties: - config: - description: |- - config is optional and specifies bundle-specific configuration. - Configuration is bundle-specific and a bundle may provide a configuration schema. - When not specified, the default configuration of the resolved bundle is used. - - config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide - a configuration schema the bundle is deemed to not be configurable. More information on how - to configure bundles can be found in the OLM documentation associated with your current OLM version. - properties: - configType: - description: |- - configType is required and specifies the type of configuration source. - - The only allowed value is "Inline". - - When set to "Inline", the cluster extension configuration is defined inline within the ClusterExtension resource. - enum: - - Inline - type: string - inline: - description: |- - inline contains JSON or YAML values specified directly in the ClusterExtension. - - It is used to specify arbitrary configuration values for the ClusterExtension. - It must be set if configType is 'Inline' and must be a valid JSON/YAML object containing at least one property. - The configuration values are validated at runtime against a JSON schema provided by the bundle. - minProperties: 1 - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - configType - type: object - x-kubernetes-validations: - - message: inline is required when configType is Inline, and forbidden - otherwise - rule: 'has(self.configType) && self.configType == ''Inline'' ?has(self.inline) - : !has(self.inline)' install: description: |- install is optional and configures installation options for the ClusterExtension, diff --git a/helm/tilt.yaml b/helm/tilt.yaml index 0fe3bec1f7..aaed7c71fb 100644 --- a/helm/tilt.yaml +++ b/helm/tilt.yaml @@ -14,6 +14,7 @@ options: operatorController: features: enabled: + - SingleOwnNamespaceInstallSupport - PreflightPermissions - HelmChartSupport disabled: diff --git a/internal/operator-controller/features/features.go b/internal/operator-controller/features/features.go index 53ee2626ae..0f99c1b28e 100644 --- a/internal/operator-controller/features/features.go +++ b/internal/operator-controller/features/features.go @@ -34,8 +34,8 @@ var operatorControllerFeatureGates = map[featuregate.Feature]featuregate.Feature // registry+v1 cluster extensions with single or own namespaces modes // i.e. with a single watch namespace. SingleOwnNamespaceInstallSupport: { - Default: true, - PreRelease: featuregate.GA, + Default: false, + PreRelease: featuregate.Alpha, LockToDefault: false, }, diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index 74fcc399f9..f308be7535 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -2452,6 +2452,7 @@ spec: - --metrics-bind-address=:8443 - --pprof-bind-address=:6060 - --leader-elect + - --feature-gates=SingleOwnNamespaceInstallSupport=true - --feature-gates=PreflightPermissions=true - --feature-gates=HelmChartSupport=true - --feature-gates=BoxcutterRuntime=true diff --git a/manifests/experimental.yaml b/manifests/experimental.yaml index 12ae10d9bc..2163b698e1 100644 --- a/manifests/experimental.yaml +++ b/manifests/experimental.yaml @@ -2358,6 +2358,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --feature-gates=SingleOwnNamespaceInstallSupport=true - --feature-gates=PreflightPermissions=true - --feature-gates=HelmChartSupport=true - --feature-gates=BoxcutterRuntime=true diff --git a/manifests/standard-e2e.yaml b/manifests/standard-e2e.yaml index 0d6060a1b9..f68e17f746 100644 --- a/manifests/standard-e2e.yaml +++ b/manifests/standard-e2e.yaml @@ -669,44 +669,6 @@ spec: description: spec is an optional field that defines the desired state of the ClusterExtension. properties: - config: - description: |- - config is optional and specifies bundle-specific configuration. - Configuration is bundle-specific and a bundle may provide a configuration schema. - When not specified, the default configuration of the resolved bundle is used. - - config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide - a configuration schema the bundle is deemed to not be configurable. More information on how - to configure bundles can be found in the OLM documentation associated with your current OLM version. - properties: - configType: - description: |- - configType is required and specifies the type of configuration source. - - The only allowed value is "Inline". - - When set to "Inline", the cluster extension configuration is defined inline within the ClusterExtension resource. - enum: - - Inline - type: string - inline: - description: |- - inline contains JSON or YAML values specified directly in the ClusterExtension. - - It is used to specify arbitrary configuration values for the ClusterExtension. - It must be set if configType is 'Inline' and must be a valid JSON/YAML object containing at least one property. - The configuration values are validated at runtime against a JSON schema provided by the bundle. - minProperties: 1 - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - configType - type: object - x-kubernetes-validations: - - message: inline is required when configType is Inline, and forbidden - otherwise - rule: 'has(self.configType) && self.configType == ''Inline'' ?has(self.inline) - : !has(self.inline)' install: description: |- install is optional and configures installation options for the ClusterExtension, diff --git a/manifests/standard.yaml b/manifests/standard.yaml index b337169e27..6db6b21ad9 100644 --- a/manifests/standard.yaml +++ b/manifests/standard.yaml @@ -630,44 +630,6 @@ spec: description: spec is an optional field that defines the desired state of the ClusterExtension. properties: - config: - description: |- - config is optional and specifies bundle-specific configuration. - Configuration is bundle-specific and a bundle may provide a configuration schema. - When not specified, the default configuration of the resolved bundle is used. - - config is validated against a configuration schema provided by the resolved bundle. If the bundle does not provide - a configuration schema the bundle is deemed to not be configurable. More information on how - to configure bundles can be found in the OLM documentation associated with your current OLM version. - properties: - configType: - description: |- - configType is required and specifies the type of configuration source. - - The only allowed value is "Inline". - - When set to "Inline", the cluster extension configuration is defined inline within the ClusterExtension resource. - enum: - - Inline - type: string - inline: - description: |- - inline contains JSON or YAML values specified directly in the ClusterExtension. - - It is used to specify arbitrary configuration values for the ClusterExtension. - It must be set if configType is 'Inline' and must be a valid JSON/YAML object containing at least one property. - The configuration values are validated at runtime against a JSON schema provided by the bundle. - minProperties: 1 - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - configType - type: object - x-kubernetes-validations: - - message: inline is required when configType is Inline, and forbidden - otherwise - rule: 'has(self.configType) && self.configType == ''Inline'' ?has(self.inline) - : !has(self.inline)' install: description: |- install is optional and configures installation options for the ClusterExtension, diff --git a/test/e2e/steps/hooks.go b/test/e2e/steps/hooks.go index 446663ce3d..f38559cb2f 100644 --- a/test/e2e/steps/hooks.go +++ b/test/e2e/steps/hooks.go @@ -70,7 +70,7 @@ var ( featureGates = map[featuregate.Feature]bool{ features.WebhookProviderCertManager: true, features.PreflightPermissions: false, - features.SingleOwnNamespaceInstallSupport: true, + features.SingleOwnNamespaceInstallSupport: false, features.SyntheticPermissions: false, features.WebhookProviderOpenshiftServiceCA: false, features.HelmChartSupport: false,