operator-controller
operator-controller copied to clipboard
operator-framework
Driving toward immutable bundles and adaptable successor identification, we can introduce a release attribute for bundles. This would allow operator authors to re-release a bundle without affecting catalog metadata which...
Keeping in mind one of the OLMv1's main guiding principle - "Security by default" (https://operator-framework.github.io/operator-controller/) the security posture of both `catalogd` and `operator-controller` projects should be analyzed and a threat...
[Currently](https://github.com/operator-framework/operator-controller/blob/main/catalogd/internal/source/containers_image.go#L251), if the unpacker cannot find a policy.json, it defaults to an insecure policy. We shouldn't silently move to an insecure policy. Maybe this is something that should be configured...
Catalogd currently requires pull secrets to be passed through the `Catalog` resource's `spec.source.image.pullSecret` field. The `Secret` referenced in that field must be in the same namespace as catalogd is deployed...
>We can assume that catalogs being added here were built in a pipeline that ran opm validate --flags as the final step. I feel this is not a safe assumption...
Following operator-framework/catalogd#145, we should update the `Unpack()` method of `ImageRegistry` source to be asynchronous. This will ensure we don't create a reconciliation loop block on the actual pulling and layer...
global comment: recommend switching to afero to pass around file systems for easier unit testing _Originally posted by @ncdc in https://github.com/operator-framework/catalogd/pull/145#discussion_r1347866706_
Follow-up item after operator-framework/catalogd#145 is merged Any reason not to unpack directly into `storageDir` (ie `/var/cache/catalogs`)? If `UnpackImageRegistryClient=true` and `HTTPServer=true`, why not skip the extra work of communication between the...
Follow-up item for operator-framework/catalogd#145: Re: my comment on RBAC about list/watch instead of get, I now see what it is setup that way. However, would it be possible to use...
Follow up for investigation after merging operator-framework/catalogd#145: From a time perspective, perhaps it's better to use `openssl` locally to generate a self-signed keypair, and then create the necessary secrets/configmaps from...