ACS Operator Index

This repository is for building and releasing the ACS operator indexes on Konflux.
It's for updating Operator Catalogs, i.e., so OpenShift clusters can see new versions of ACS operator in their OperatorHub.

Development

Restarting Konflux pipeline

If some pipeline failed, you can restart it by commenting in the PR /test <pipeline-name> (e.g. /test operator-index-ocp-v4-16-on-push). See more in our docs.

Adding new ACS operator version

1. Open bundles.yaml file.
2. Add a new operator bundle image with version. It would look like this:

      - image: quay.io/rhacs-eng/release-operator-bundle@sha256:c82e8330c257e56eb43cb5fa7b0c842a7f7f0414e32e26a792ef36817cb5ca02
        version: 4.7.9

   • Note that the image must be referenced by digest, not by tag.
   • Keep entries sorted by version.
   • You may add bundle images from quay.io, brew.registry.redhat.io and so on (provided they exist and are pullable) during development and/or when preparing to release.
     Ultimately, all released bundle images must come from registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle repo because this is where customers expect to find them. There's a CI check which should make it impossible to push to master if there's any bundle from a different repo.
3. Update oldest_supported_version value:
   • Check Life Cycle Dates table in Red Hat Advanced Cluster Security for Kubernetes Support Policy.
   • Set oldest_supported_version to be the oldest Y-Stream version still in support according to that table, including Maintenance Support. Patch number should always be .0. For example, if 4.6 is the oldest in support (maintenance phase), set oldest_supported_version: 4.6.0.
4. Update catalogs (follow updating catalogs steps)
5. Open a PR with Add 4.Y.Z version title.

Updating catalogs

Run

make clean && make valid-catalogs

Note: this will take a while.

If a new bundle was added then you should see that catalog-template.yaml, catalog-bundle-object/rhacs-operator/catalog.json and catalog-csv-metadata/rhacs-operator/catalog.json files are changed.

Historical note

The following documentation was used for setting up catalogs update (this and this).

Getting built images for specific commit

Run ./scripts/get-built-images.sh [COMMIT] to fetch built operator catalog images for the provided COMMIT for each supported OCP version. Note: The script uses current branch commit if no COMMIT argument provided.

Catalog formats

This directory contains two versions of the catalog, in subdirectories catalog-bundle-object and catalog-csv-metadata. The former is expected by OpenShift versions up to and including 4.16, and the latter - by 4.17 and later.

See konflux docs.

Release File-based operator catalog

Release process

1. Make sure you logged in to the Konflux cluster.
2. Make sure you checked out the latest master branch: git checkout master && git pull
3. Generate Release and Snapshot CRs by running ./scripts/generate-releases.sh <stage|prod>. Use stage for test release and prod for production one.
4. (Skip for stage release.) Create a PR which adds the file created by the script, get the PR reviewed and merged.
5. (Skip for stage release.) Go to the #acs-operator-index-release channel, and:
   1. make sure the previous operator index release is complete (has a green check mark emoticon)
   2. if not, coordinate with the person conducting that release
   3. once that release is complete, start a new thread for your release
6. Apply generated CRs to the cluster: oc create -f release-history/<YYYYMMDD>-<stage|prod>-<SHA>.yaml
7. Monitor release using monitor release script. Each supported OCP version has its own Release. Successfully finished Release has Succeeded status.
8. Follow the restarting release step below if any of the Releases fails for any OCP version.
9. (Skip for stage release.) Once done, go back to the Slack thread you started earlier, add a message that your release is done and add a green check mark emoticon on the initial message of the thread.
10. Once releases for all OCP versions successfully finish, then the operator catalog release is done. If you perform it as part of a bigger release procedure, you should go back to that procedure and continue with further steps.

Monitoring Release

Run ./scripts/monitor-release.sh [COMMIT] to see the current status for the releases associated with the provided COMMIT. Note: The script uses current branch commit if no COMMIT argument provided.

Restarting Konflux Release

If a particular Release fails (i.e. the CRs status changes to Failed), you should restart it until it succeeds. Failing to do so will leave corresponding OpenShift Operator catalog without updates.

1. Go to the list of Konflux applications.

Click to see Release rerun navigation gif

2. Open acs-operator-index-ocp-v4-XX Konflux application for OCP version you want to restart (XX means minor part of the OCP version).
3. Select Releases tab.
4. Find release by name you want to restart.
5. Click on the action menu (3 dots) on the right.
6. Press "Re-run release" option. This creates a new Release CR.
7. Monitor the new release.
8. Repeat restarting release if the release keeps failing. If you find yourself re-running a given Release five times or more, open a high severity request in #konflux-users Slack channel describing the problem and providing names/links to Release CRs.