operator-lifecycle-manager icon indicating copy to clipboard operation
operator-lifecycle-manager copied to clipboard

Published 20 hours ago verified publisher icon operator-framework

Default behavior of the Subscription regarding major version updates.

Open shnoru1 opened this issue 3 years ago • 2 comments

Feature Request

Is your feature request related to a problem? Please describe. I had an issue with Keycloak deployment in the morning. There was a problem when the Keycloak operator was upgraded automatically from version 16.1.0 to version 17.0.0. After investigation, it was not the problem of Keycloak itself, but there was an incompatibility issue between Keycloak and a third party plugin (keycloak-metrics-spi in my case). Here is my environment setup.

  • operator-lifecycle-manager version: 
    / # /bin/olm --version
OLM version: 0.18.1
git commit: 02d278ba2d9d884888eb6f8a5ce2f4abdc56e581
  • Kubernetes version information: 
    Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.11-eks-f17b81", GitCommit:"f17b810c9e5a82200d28b6210b458497ddfcf31b", GitTreeState:"clean", BuildDate:"2021-10-15T21:46:21Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
  • Kubernetes cluster kind: EKS The detail of my scenario is as follows.
  • I created a Subscription with the following yaml. 
    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: keycloak-operator
  namespace: keycloak
spec:
  channel: alpha
  name: keycloak-operator
  source: operatorhubio-catalog
  sourceNamespace: olm
  • I deployed a Keycloak instance with the following yaml. 
    apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
  name: keycloak
spec:
  instances: 3
  extensions:
    - >-
      https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.3.1/keycloak-metrics-spi-2.3.1.jar
  • New install plans are created and approved automatically by default. 
    NAMESPACE   NAME            CSV                         APPROVAL   APPROVED
keycloak    install-xxxxx   keycloak-operator.v15.1.0   Automatic  true
keycloak    install-xxxxx   keycloak-operator.v15.1.1   Automatic  true
keycloak    install-xxxxx   keycloak-operator.v16.0.0   Automatic  true
keycloak    install-4dcc5   keycloak-operator.v16.1.0   Automatic  true
keycloak    install-9g7cw   keycloak-operator.v17.0.0   Automatic  true
  • When the keycloak operator's version is upgraded to 17.0.0, the keycloak-metrics-spi plugin (with version 2.3.1) complained about the method compatibility and made the whole Keycloak deployment crash.
  • I removed and re-deployed the Subscription with changes in installPlanApproval and startingCSV to solve compatibility problems. 
    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: keycloak-operator
  namespace: keycloak
spec:
  channel: alpha
  name: keycloak-operator
  source: operatorhubio-catalog
  sourceNamespace: olm
  installPlanApproval: Manual
  startingCSV: keycloak-operator.v16.1.0

Describe the solution you'd like I'd like to suggest the default behavior of the Subscription to upgrade automatically within minor or patch versions but not to major versions. I think the major versions are considered to have incompatible API changes, and almost all services follow the semver notation with their versions. I suggest the type of installPlanApproval field be divided to AutomaticPatch, AutomaticMinor, AutomaticMajor, and the original Automatic can be an alias of AutomaticMinor and AutomaticPatch.

shnoru1 avatar Feb 15 '22 14:02 shnoru1

Hi @shnoru1,

Thank you for opening this issue -- this feature request makes sense and is a reasonable ask. The default OLM behavior is to move through all versions in the catalog to the latest version based on semver, and this behavior has been standard through all releases of OLM. A feature that limits automatic updates only based on minor or patch versions would be interesting but would have to be opt-in to not break existing OLM users.

That being said, providing more flexible UX for users around installation is part of the goal of developing the new OLM v2 APIs.

exdx avatar Feb 17 '22 15:02 exdx

An alternative that Keycloak could implement: Add separate channels per major version. Their git repo for this is here.

They could have:

alpha-v15
alpha-v16
alpha-v17
alpha

This gives the consumer the option to PIN to a specific major version, allowing automatic minor and patch upgrades within that major version.

Your subscription would look like this:

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: keycloak-operator
  namespace: keycloak
spec:
  channel: v16
  name: keycloak-operator
  source: operatorhubio-catalog
  sourceNamespace: olm
  installPlanApproval: Automatic

cdjohnson avatar Feb 18 '22 20:02 cdjohnson