From b321394efb5c3d04b21ece843e5e0f35a8a06744 Mon Sep 17 00:00:00 2001 From: Leif Madsen Date: Mon, 27 Nov 2023 13:26:45 -0500 Subject: [PATCH] Adjust Operator dependency version requirements (#538) (#543) * Adjust Operator dependency version requirements (#538) Adjust the operator package dependency requirements to align to known required versions. Primarily reduce the version of openshift-cert-manager from 1.10 to 1.7 in order to support the tech-preview channel which was previously used. Lowering the version requirement allows for the openshift-cert-manager-operator installed previously to be used during the STF 1.5.2 to 1.5.3 update, removing the update from being blocked. Related: STF-1636 (cherry picked from commit 77dea87dec0656c48d0c7e0b9a09d0fe826425aa) * Only require Interconnect and Smart Gateway (#541) * Only require Interconnect and Smart Gateway Update the dependency management within Service Telemetry Operator to only require AMQ Interconnect and Smart Gateway Operator, which is enough to deploy STF with observabilityStrategy: none. Other Operators can be installed in order to satisfy data storage of telemetry and events. Installation of cert-manager is also required, but needs to be pre-installed similar to Cluster Observability Operator, either as a cluster-scoped operator with the tech-preview channel, or a single time on the cluster as a namespace scoped operator, which is how the stable-v1 channel installs. Documentation will be updated to adjust for this change. Related: STF-1636 * Perform CI update to match docs install changes (#542) * Perform CI update to match docs install changes Update the stf-run-ci scripting to match the documented installation procedures which landed in https://github.com/infrawatch/documentation/pull/513. These changes are also reflected in #541. * Update build/stf-run-ci/tasks/setup_base.yml Co-authored-by: Emma Foley --------- Co-authored-by: Emma Foley * Also drop cert-manager project The cert-manager project gets created with workload items when deploying the cert-manager from the cert-manager-operator project. When removing cert-manager this project is not cleaned up, so we need to delete it as well. --------- Co-authored-by: Emma Foley (cherry picked from commit ba9c918ec3e5344a599a911c8ef616ae88c55227) --- build/stf-run-ci/tasks/create_catalog.yml | 2 +- build/stf-run-ci/tasks/pre-clean.yml | 7 +- build/stf-run-ci/tasks/preflight_checks.yml | 4 + build/stf-run-ci/tasks/setup_base.yml | 200 +++++++++--------- build/stf-run-ci/tasks/setup_stf.yml | 15 +- .../metadata/properties.yaml | 23 -- 6 files changed, 114 insertions(+), 137 deletions(-) diff --git a/build/stf-run-ci/tasks/create_catalog.yml b/build/stf-run-ci/tasks/create_catalog.yml index 6a464afd9..6eb6b49df 100644 --- a/build/stf-run-ci/tasks/create_catalog.yml +++ b/build/stf-run-ci/tasks/create_catalog.yml @@ -170,4 +170,4 @@ securityContextConfig: legacy updateStrategy: registryPoll: - interval: 1m + interval: 5m diff --git a/build/stf-run-ci/tasks/pre-clean.yml b/build/stf-run-ci/tasks/pre-clean.yml index 8e6df8bef..712d188bf 100644 --- a/build/stf-run-ci/tasks/pre-clean.yml +++ b/build/stf-run-ci/tasks/pre-clean.yml @@ -122,7 +122,6 @@ name: smart-gateway-operator-catalog namespace: "{{ namespace }}" -# Remove the cert manager since we install it as part of the CI/documented pre-install process - name: Remove openshift-cert-manager-operator namespace kubernetes.core.k8s: state: absent @@ -131,7 +130,11 @@ apiVersion: project.openshift.io/v1 kind: Project metadata: - name: openshift-cert-manager-operator + name: "{{ item }}" + loop: + - openshift-cert-manager-operator + - cert-manager-operator + - cert-manager - name: Remove Elasticsearch ignore_errors: true diff --git a/build/stf-run-ci/tasks/preflight_checks.yml b/build/stf-run-ci/tasks/preflight_checks.yml index 5c68b5405..870931789 100644 --- a/build/stf-run-ci/tasks/preflight_checks.yml +++ b/build/stf-run-ci/tasks/preflight_checks.yml @@ -21,6 +21,10 @@ oc describe csv $(oc get csv | grep "service-telemetry-operator" | awk '{print $1}') > {{ logfile_dir }}/oc_get_csv_sto.log 2>&1 cat {{ logfile_dir }} + - name: "Show service-telemetry-operator CSV information" + ansible.builtin.debug: + var: csv_sto.stdout + - name: "Show fail message if CSV isn't Succeeded after the alotted time" ansible.builtin.fail: msg: "Service Telemetry Operator CSV not Succeeded after 10 minutes. Check {{ logfile_dir }}/oc_get_csv_sto.log for more information" diff --git a/build/stf-run-ci/tasks/setup_base.yml b/build/stf-run-ci/tasks/setup_base.yml index cf9c92fdf..6f60de71f 100644 --- a/build/stf-run-ci/tasks/setup_base.yml +++ b/build/stf-run-ci/tasks/setup_base.yml @@ -16,6 +16,7 @@ - disabled: false name: community-operators +# documented procedure: https://infrawatch.github.io/documentation/#deploying-service-telemetry-operator_assembly-installing-the-core-components-of-stf - name: Create OperatorGroup for service-telemetry kubernetes.core.k8s: definition: @@ -28,65 +29,88 @@ targetNamespaces: - "{{ namespace }}" -# deploy cert-manager from tech-preview when using versions of OCP < 4.12 -- when: not __deploy_from_index_enabled | bool and ocp_ver.stdout is version ('4.12', '<') - block: - - name: Create openshift-cert-manager-operator namespace - kubernetes.core.k8s: - definition: - apiVersion: project.openshift.io/v1 - kind: Project - metadata: - name: openshift-cert-manager-operator - spec: - finalizers: - - kubernetes +# documented procedure: https://infrawatch.github.io/documentation/#deploying-observability-operator_assembly-installing-the-core-components-of-stf +- name: Subscribe to Red Hat Obervability Operator + kubernetes.core.k8s: + definition: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + labels: + operators.coreos.com/observability-operator.openshift-operators: "" + name: observability-operator + namespace: openshift-operators + spec: + channel: stable + installPlanApproval: Automatic + name: observability-operator + source: community-operators + sourceNamespace: openshift-marketplace + when: + - __service_telemetry_observability_strategy in ['use_redhat', 'use_hybrid'] - - name: Create openshift-cert-manager-operator OperatorGroup - kubernetes.core.k8s: - definition: - apiVersion: operators.coreos.com/v1 - kind: OperatorGroup - metadata: - name: openshift-cert-manager-operator - namespace: openshift-cert-manager-operator - spec: {} +# undocumented procedure, used for testing updates or old deployment models +- name: Subscribe to Prometheus Operator + kubernetes.core.k8s: + definition: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: prometheus + namespace: "{{ namespace }}" + spec: + channel: beta + installPlanApproval: Automatic + name: prometheus + source: community-operators + sourceNamespace: openshift-marketplace + when: + - __service_telemetry_observability_strategy == "use_community" - - name: Subscribe to Cert Manager for OpenShift Operator - kubernetes.core.k8s: - definition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - name: openshift-cert-manager-operator - namespace: openshift-cert-manager-operator - spec: - channel: "tech-preview" - installPlanApproval: Automatic - name: openshift-cert-manager-operator - source: redhat-operators - sourceNamespace: openshift-marketplace +# documented procedure: https://infrawatch.github.io/documentation/#deploying-certificate-manager-for-openshift-operator_assembly-installing-the-core-components-of-stf +- block: + - name: Create project for cert-manager for Red Hat OpenShift + kubernetes.core.k8s: + definition: + apiVersion: project.openshift.io/v1 + kind: Project + metadata: + name: cert-manager-operator + spec: + finalizers: + - kubernetes -# deploy cert-manager from stable-v1 in 4.12 and later using namespace scoped operator -- when: not __deploy_from_index_enabled | bool and ocp_ver.stdout is version ('4.12', '>=') - block: - - name: Subscribe to Cert Manager for OpenShift Operator - kubernetes.core.k8s: - definition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - labels: - operators.coreos.com/openshift-cert-manager-operator.service-telemetry: "" - name: openshift-cert-manager-operator-stable-v1-redhat-operators-openshift-marketplace - namespace: "{{ namespace }}" - spec: - channel: stable-v1 - installPlanApproval: Automatic - name: openshift-cert-manager-operator - source: redhat-operators - sourceNamespace: openshift-marketplace + - name: Create OperatorGroup for cert-manager for Red hat OpenShift + kubernetes.core.k8s: + definition: + apiVersion: operators.coreos.com/v1 + kind: OperatorGroup + metadata: + name: cert-manager-operator + namespace: cert-manager-operator + spec: + targetNamespaces: + - cert-manager-operator + upgradeStrategy: Default + + - name: Subscribe to cert-manager for Red Hat OpenShift Operator + kubernetes.core.k8s: + definition: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + labels: + operators.coreos.com/openshift-cert-manager-operator.service-telemetry: "" + name: openshift-cert-manager-operator + namespace: cert-manager-operator + spec: + channel: stable-v1 + installPlanApproval: Automatic + name: openshift-cert-manager-operator + source: redhat-operators + sourceNamespace: openshift-marketplace +# installed by properties.yaml definition as of STF 1.5.3 - when: not __deploy_from_index_enabled | bool block: - name: Subscribe to AMQ Interconnect Operator @@ -104,63 +128,29 @@ source: redhat-operators sourceNamespace: openshift-marketplace - - name: Subscribe to Prometheus Operator +# undocumented procedure: used for backwards compatilibity verification +- block: + - name: Subscribe to Elastic Cloud on Kubernetes Operator kubernetes.core.k8s: definition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - name: prometheus + name: elasticsearch-eck-operator-certified namespace: "{{ namespace }}" spec: - channel: beta + channel: stable installPlanApproval: Automatic - name: prometheus - source: community-operators + name: elasticsearch-eck-operator-certified + source: certified-operators sourceNamespace: openshift-marketplace - when: - - __service_telemetry_observability_strategy == "use_community" - -- name: Subscribe to Red Hat Obervability Operator - kubernetes.core.k8s: - definition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - labels: - operators.coreos.com/observability-operator.openshift-operators: "" - name: observability-operator - namespace: openshift-operators - spec: - channel: stable - installPlanApproval: Automatic - name: observability-operator - source: community-operators - sourceNamespace: openshift-marketplace - when: - - __service_telemetry_observability_strategy in ['use_redhat', 'use_hybrid'] - -- name: Subscribe to Elastic Cloud on Kubernetes Operator - kubernetes.core.k8s: - definition: - apiVersion: operators.coreos.com/v1alpha1 - kind: Subscription - metadata: - name: elasticsearch-eck-operator-certified - namespace: "{{ namespace }}" - spec: - channel: stable - installPlanApproval: Automatic - name: elasticsearch-eck-operator-certified - source: certified-operators - sourceNamespace: openshift-marketplace -- name: Wait for Elasticsearch CRD to appear - kubernetes.core.k8s_info: - api_version: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: elasticsearches.elasticsearch.k8s.elastic.co - register: eckCRD - until: eckCRD.resources[0] is defined - retries: 5 - delay: 30 + - name: Wait for Elasticsearch CRD to appear + kubernetes.core.k8s_info: + api_version: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: elasticsearches.elasticsearch.k8s.elastic.co + register: eckCRD + until: eckCRD.resources[0] is defined + retries: 5 + delay: 30 diff --git a/build/stf-run-ci/tasks/setup_stf.yml b/build/stf-run-ci/tasks/setup_stf.yml index ce4713931..c608fd58c 100644 --- a/build/stf-run-ci/tasks/setup_stf.yml +++ b/build/stf-run-ci/tasks/setup_stf.yml @@ -9,7 +9,7 @@ namespace: openshift-marketplace spec: displayName: InfraWatch Operators - image: quay.io/infrawatch-operators/infrawatch-catalog:stable-1.5 + image: quay.io/infrawatch-operators/infrawatch-catalog:nightly-1.5 publisher: InfraWatch sourceType: grpc updateStrategy: @@ -49,6 +49,14 @@ sourceNamespace: openshift-marketplace when: service_telemetry_operator_subscription_manifest is not defined +# enable catalogsource +- name: Enable InfraWatch Catalog Source + kubernetes.core.k8s: + definition: + '{{ infrawatch_catalog_source_manifest }}' + +# subscribe to the Operators from the defined CatalogSource sources. +# STO will automatically install SGO via dependencies but pre-subscribe in case deployment from different CatalogSources is specified in an override (for testing purposes). - name: Subscribe to Smart Gateway Operator kubernetes.core.k8s: definition: @@ -58,8 +66,3 @@ kubernetes.core.k8s: definition: '{{ service_telemetry_operator_subscription_manifest }}' - -- name: Enable InfraWatch Catalog Source - kubernetes.core.k8s: - definition: - '{{ infrawatch_catalog_source_manifest }}' diff --git a/deploy/olm-catalog/service-telemetry-operator/metadata/properties.yaml b/deploy/olm-catalog/service-telemetry-operator/metadata/properties.yaml index 2a0d93436..5ffce5254 100644 --- a/deploy/olm-catalog/service-telemetry-operator/metadata/properties.yaml +++ b/deploy/olm-catalog/service-telemetry-operator/metadata/properties.yaml @@ -19,26 +19,3 @@ properties: package: packageName: amq7-interconnect-operator versionRange: '>=1.10.0' - - type: olm.constraint - value: - failureMessage: Require certificate management for Service Telemetry Framework - all: - constraints: - - failureMessage: Package openshift-cert-manager-operator is needed for AMQ Interconnect setup - package: - packageName: openshift-cert-manager-operator - versionRange: '>=1.10.0' - - type: olm.constraint - value: - failureMessage: Require Prometheus backend for data storage of metrics for Service Telemetry Framework - any: - constraints: - - package: - packageName: prometheus - versionRange: '>=0.56.0' - - package: - packageName: observability-operator - versionRange: '>=0.0.1' - - package: - packageName: cluster-observability-operator - versionRange: '>=0.0.1'