console icon indicating copy to clipboard operation
console copied to clipboard

Published 20 hours ago verified publisher icon openshift

OCPBUGS-19541: Console Operand not working for clusterwide CRDs

Open jpinsonneau opened this issue 2 years ago • 9 comments
trafficstars

This PR allows using descriptors for clusterwide CRDs. Check https://issues.redhat.com/browse/OCPBUGS-19541 for details

Before: image After: image

jpinsonneau avatar Sep 21 '23 10:09 jpinsonneau

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jpinsonneau Once this PR has been reviewed and has the lgtm label, please assign therealjon for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Sep 21 '23 10:09 openshift-ci[bot]

@jpinsonneau: This pull request references Jira Issue OCPBUGS-19541, which is invalid:

  • expected the bug to target the "4.15.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This PR allows using descriptors for clusterwide CRDs. Check https://issues.redhat.com/browse/OCPBUGS-19541 for details

Before: image After: image

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot avatar Sep 25 '23 12:09 openshift-ci-robot

/jira refresh /retest

jhadvig avatar Sep 25 '23 12:09 jhadvig

@jhadvig: This pull request references Jira Issue OCPBUGS-19541, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.15.0) matches configured target version for branch (4.15.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @yapei

In response to this:

/jira refresh /retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot avatar Sep 25 '23 12:09 openshift-ci-robot

@jpinsonneau: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Sep 25 '23 16:09 openshift-ci[bot]

I'm a little bit hesitant about this because it might be a fragile fix.

TLDR; We previously considered and decided against this approach because of the technical limitations of the API as well as UX and RBAC concerns, but it's possible we might reconsider given there is a need.

In this case, We have a cluster-scoped operand that is managed by a namespace-scoped CSV. This PR adds the name of the CSV to the route for cluster-scoped operands. There are a few implications we need to consider:

  • This breaks our convention of '/k8s/cluster' routes always referring to cluster-scoped resources, which is not ideal.
  • We have no namespace parameter to provide to the request for CSVs. Due to technical limitations, this results in a cluster-scoped list request for all CSVs, with a metadata.name=<name from URL> field selector. It's technically possible for multiple CSVs to exist with the same name, so we can't guarantee a determinate result.
  • There is at least one RBAC implication. In order for this solution to work, a user needs cluster-scoped list permissions on CSVs, which is a fairly significant escalation for users who don't have this already.
  • Probably most importantly, descriptors are legacy. I'm not sure adding changes to a legacy API is the right thing. We are encouraging operator authors to migrate to dynamic plugins as much as possible because this provides a much higher degree of control over content.

All of this being said, most of these concerns might be small enough edge cases that we could still consider using the solution.

@jhadvig @spadgett Do you have any comments?

TheRealJon avatar Nov 03 '23 17:11 TheRealJon

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Feb 02 '24 01:02 openshift-bot

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-merge-robot avatar Feb 02 '24 01:02 openshift-merge-robot

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot avatar Mar 03 '24 08:03 openshift-bot

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-bot avatar Apr 03 '24 00:04 openshift-bot

@openshift-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci[bot] avatar Apr 03 '24 00:04 openshift-ci[bot]

@jpinsonneau: This pull request references Jira Issue OCPBUGS-19541. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

In response to this:

This PR allows using descriptors for clusterwide CRDs. Check https://issues.redhat.com/browse/OCPBUGS-19541 for details

Before: image After: image

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot avatar Apr 03 '24 00:04 openshift-ci-robot