Merge pull request #69171 from adellape/anno

adellape · web-flow · commit 2eb5fad8c57a · 2023-12-13T11:49:22.000-07:00
OSDOCS#9025: Add new infra annotations for Operators
diff --git a/modules/osdk-csv-annotations-dep.adoc b/modules/osdk-csv-annotations-dep.adoc
@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-generating-csvs.adoc
+
+[id="osdk-csv-manual-annotations-deprecated_{context}"]
+= Deprecated annotations
+
+The following Operator annotations are deprecated.
+
+[discrete]
+== operators.openshift.io/infrastructure-features
+
+Starting in {product-title} 4.14, the `operators.openshift.io/infrastructure-features` group of annotations are deprecated by the group of annotations with the `features.operators.openshift.io` namespace. While you are encouraged to use the newer annotations, both groups are currently accepted when used in parallel.
+
+These annotations detail the infrastructure features that an Operator supports. Users can view and filter by these features when discovering Operators through OperatorHub in the web console or on the link:https://catalog.redhat.com/software/search?deployed_as=Operator[Red Hat Ecosystem Catalog].
+
+.Deprecated `operators.openshift.io/infrastructure-features` annotations
+[cols="2a,4a",options="header"]
+|===
+|Valid annotation values |Description
+
+|`disconnected`
+|Operator supports being mirrored into disconnected catalogs, including all dependencies, and does not require internet access. All related images required for mirroring are listed by the Operator.
+
+|`cnf`
+|Operator provides a Cloud-native Network Functions (CNF) Kubernetes plugin.
+
+|`cni`
+|Operator provides a Container Network Interface (CNI) Kubernetes plugin.
+
+|`csi`
+|Operator provides a Container Storage Interface (CSI) Kubernetes plugin.
+
+|`fips`
+|Operator accepts the FIPS mode of the underlying platform and works on nodes that are booted into FIPS mode.
+
+[IMPORTANT]
+====
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
+====
+
+|`proxy-aware`
+|Operator supports running on a cluster behind a proxy. Operator accepts the standard proxy environment variables  `HTTP_PROXY` and `HTTPS_PROXY`, which Operator Lifecycle Manager (OLM) provides to the Operator automatically when the cluster is configured to use a proxy. Required environment variables are passed down to Operands for managed workloads.
+|===
+
+.Example CSV with `disconnected` and `proxy-aware` support
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware"]'
+----
diff --git a/modules/osdk-csv-annotations-infra.adoc b/modules/osdk-csv-annotations-infra.adoc
@@ -0,0 +1,76 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-generating-csvs.adoc
+
+[id="osdk-csv-annotations-infra_{context}"]
+= Infrastructure features annotations
+
+The following Operator annotations detail the infrastructure features that an Operator might support, denoted with a `true` or `false` value. Users can view and filter by these features when discovering Operators through OperatorHub in the web console or on the link:https://catalog.redhat.com/software/search?deployed_as=Operator[Red Hat Ecosystem Catalog].
+
+[NOTE]
+====
+The following infrastructure feature annotations are supported in {product-title} 4.10 and later.
+====
+
+.Infrastructure features annotations
+[cols="4a,5a,3a,options="header"]
+|===
+|Annotation |Description |Valid values
+
+|`features.operators.openshift.io/disconnected`
+|Specify whether an Operator leverages the `spec.relatedImages` CSV field and can run without an internet connection by referring to any related image by its digest.
+|`true` or `false`
+
+|`features.operators.openshift.io/fips-compliant`
+|Specify whether an Operator accepts the FIPS-140 configuration of the underlying platform and works on nodes that are booted into FIPS mode. In this mode, the Operator and any workloads it manages (operands) are solely calling the {op-system-base-full} cryptographic library submitted for FIPS-140 validation.
+|`true` or `false`
+
+|`features.operators.openshift.io/proxy-aware`
+|Specify whether an Operator supports running on a cluster behind a proxy by accepting the standard `HTTP_PROXY` and `HTTPS_PROXY` proxy environment variables. If applicable, the Operator passes this information to the workload it manages (operands).
+|`true` or `false`
+
+|`features.operators.openshift.io/tls-profiles`
+|Specify whether an Operator implements well-known tunables to modify the TLS cipher suite used by the Operator and, if applicable, any of the workloads it manages (operands).
+|`true` or `false`
+
+|`features.operators.openshift.io/token-auth-aws`
+|Specify whether an Operator supports configuration for tokenzied authentication with AWS APIs via AWS Secure Token Service (STS) by using the Cloud Credential Operator (CCO).
+|`true` or `false`
+
+|`features.operators.openshift.io/token-auth-azure`
+|Specify whether an Operator supports configuration for tokenzied authentication with Azure APIs via Azure Managed Identity by using the Cloud Credential Operator (CCO).
+|`true` or `false`
+
+|`features.operators.openshift.io/token-auth-gcp`
+|Specify whether an Operator supports configuration for tokenzied authentication with Google Cloud APIs via GCP Workload Identity Foundation (WIF) by using the Cloud Credential Operator (CCO).
+|`true` or `false`
+
+|`features.operators.openshift.io/cnf`
+|Specify whether an Operator provides a Cloud-Native Network Function (CNF) Kubernetes plugin.
+|`true` or `false`
+
+|`features.operators.openshift.io/cni`
+|Specify whether an Operator provides a Container Network Interface (CNI) Kubernetes plugin.
+|`true` or `false`
+
+|`features.operators.openshift.io/csi`
+|Specify whether an Operator provides a Container Storage Interface (CSI) Kubernetes plugin.
+|`true` or `false`
+
+|===
+
+.Example CSV with infrastructure feature annotations
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    features.operators.openshift.io/disconnected: "true"
+    features.operators.openshift.io/fips-compliant: "false"
+    features.operators.openshift.io/proxy-aware: "false"
+    features.operators.openshift.io/tls-profiles: "false"
+    features.operators.openshift.io/token-auth-aws: "false"
+    features.operators.openshift.io/token-auth-azure: "false"
+    features.operators.openshift.io/token-auth-gcp: "false"
+----
diff --git a/modules/osdk-csv-annotations-other.adoc b/modules/osdk-csv-annotations-other.adoc
@@ -0,0 +1,53 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-generating-csvs.adoc
+
+[id="osdk-csv-annotations-other_{context}"]
+= Other optional annotations
+
+The following Operator annotations are optional.
+
+.Other optional annotations
+[cols="5a,5a",options="header"]
+|===
+|Annotation |Description
+
+|`alm-examples`
+|Provide custom resource definition (CRD) templates with a minimum set of configuration. Compatible UIs pre-fill this template for users to further customize.
+
+|`operatorframework.io/initialization-resource`
+|Specify a single required custom resource by adding `operatorframework.io/initialization-resource` annotation to the cluster service version (CSV) during Operator installation. The user is then prompted to create the custom resource through a template provided in the CSV.  Must include a template that contains a complete YAML definition.
+
+|`operatorframework.io/suggested-namespace`
+|Set a suggested namespace where the Operator should be deployed.
+
+|`operatorframework.io/suggested-namespace-template`
+|Set a manifest for a `Namespace` object with the default node selector for the namespace specified.
+
+|`operators.openshift.io/valid-subscription`
+|Free-form array for listing any specific subscriptions that are required to use the Operator. For example, `'["3Scale Commercial License", "Red Hat Managed Integration"]'`.
+
+|`operators.operatorframework.io/internal-objects`
+|Hides CRDs in the UI that are not meant for user manipulation.
+
+|===
+
+.Example CSV with an {product-title} license requirement
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    operators.openshift.io/valid-subscription: '["OpenShift Container Platform"]'
+----
+
+.Example CSV with a 3scale license requirement
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    operators.openshift.io/valid-subscription: '["3Scale Commercial License", "Red Hat Managed Integration"]'
+----
diff --git a/modules/osdk-csv-manual-annotations.adoc b/modules/osdk-csv-manual-annotations.adoc
@@ -5,75 +5,4 @@
 [id="osdk-csv-manual-annotations_{context}"]
 = Operator metadata annotations
 
-Operator developers can manually define certain annotations in the metadata of a cluster service version (CSV) to enable features or highlight capabilities in user interfaces (UIs), such as OperatorHub.
-
-The following table lists Operator metadata annotations that can be manually defined using `metadata.annotations` fields.
-
-.Annotations
-[cols="5a,5a",options="header"]
-|===
-|Field |Description
-
-|`alm-examples`
-|Provide custom resource definition (CRD) templates with a minimum set of configuration. Compatible UIs pre-fill this template for users to further customize.
-
-|`operatorframework.io/initialization-resource`
-|Specify a single required custom resource by adding `operatorframework.io/initialization-resource` annotation to the cluster service version (CSV) during Operator installation. The user is then prompted to create the custom resource through a template provided in the CSV.  Must include a template that contains a complete YAML definition.
-
-|`operatorframework.io/suggested-namespace`
-|Set a suggested namespace where the Operator should be deployed.
-
-|`operatorframework.io/suggested-namespace-template`
-|Set a manifest for a Namespace object with the namespace default node selector specified.
-
-|`operators.openshift.io/infrastructure-features`
-|Infrastructure features supported by the Operator. Users can view and filter by these features when discovering Operators through OperatorHub in the web console. Valid, case-sensitive values:
-
-- `disconnected`: Operator supports being mirrored into disconnected catalogs, including all dependencies, and does not require internet access. All related images required for mirroring are listed by the Operator.
-- `cnf`: Operator provides a Cloud-native Network Functions (CNF) Kubernetes plugin.
-- `cni`: Operator provides a Container Network Interface (CNI) Kubernetes plugin.
-- `csi`: Operator provides a Container Storage Interface (CSI) Kubernetes plugin.
-- `fips`: Operator accepts the FIPS mode of the underlying platform and works on nodes that are booted into FIPS mode.
-
-[IMPORTANT]
-====
-When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
-====
-- `proxy-aware`: Operator supports running on a cluster behind a proxy. Operator accepts the standard proxy environment variables  `HTTP_PROXY` and `HTTPS_PROXY`, which Operator Lifecycle Manager (OLM) provides to the Operator automatically when the cluster is configured to use a proxy. Required environment variables are passed down to Operands for managed workloads.
-
-|`operators.openshift.io/valid-subscription`
-|Free-form array for listing any specific subscriptions that are required to use the Operator. For example, `'["3Scale Commercial License", "Red Hat Managed Integration"]'`.
-
-|`operators.operatorframework.io/internal-objects`
-|Hides CRDs in the UI that are not meant for user manipulation.
-
-|===
-
-[discrete]
-[id="osdk-csv-manual-annotations-examples_{context}"]
-== Example use cases
-
-.Operator supports disconnected and proxy-aware
-[source,terminal]
-----
-operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware"]'
-----
-
-.Operator requires an {product-title} license
-[source,terminal]
-----
-operators.openshift.io/valid-subscription: '["OpenShift Container Platform"]'
-----
-
-.Operator requires a 3scale license
-[source,terminal]
-----
-operators.openshift.io/valid-subscription: '["3Scale Commercial License", "Red Hat Managed Integration"]'
-----
-
-.Operator supports disconnected and proxy-aware, and requires an {product-title} license
-[source,terminal]
-----
-operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware"]'
-operators.openshift.io/valid-subscription: '["OpenShift Container Platform"]'
-----
+Operator developers can set certain annotations in the metadata of a cluster service version (CSV) to enable features or highlight capabilities in user interfaces (UIs), such as OperatorHub or the link:https://catalog.redhat.com/software/search?deployed_as=Operator[Red Hat Ecosystem Catalog]. Operator metadata annotations are manually defined by setting the `metadata.annotations` field in the CSV YAML file.
diff --git a/operators/operator_sdk/osdk-generating-csvs.adoc b/operators/operator_sdk/osdk-generating-csvs.adoc
@@ -30,19 +30,26 @@ include::modules/osdk-manually-defined-csv-fields.adoc[leveloffset=+1]
 
 * xref:../../operators/understanding/olm-what-operators-are.adoc#olm-maturity-model_olm-what-operators-are[Operator maturity model]
 
-include::modules/osdk-csv-manual-annotations.adoc[leveloffset=+2]
+include::modules/osdk-csv-manual-annotations.adoc[leveloffset=+1]
+include::modules/osdk-csv-annotations-infra.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-restricted-network_osdk-generating-csvs[Enabling your Operator for restricted network environments] (disconnected mode)
+ifndef::openshift-dedicated,openshift-rosa[]
+* xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography]
+endif::openshift-dedicated,openshift-rosa[]
 
+include::modules/osdk-csv-annotations-other.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-crds-templates_osdk-generating-csvs[CRD templates]
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-init-resource_osdk-generating-csvs[Initializing required custom resources]
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-suggested-namespace_osdk-generating-csvs[Setting a suggested namespace]
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-suggested-namespace-default-node_osdk-generating-csvs[Setting a suggested namespace with default node selector]
-* xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-restricted-network_osdk-generating-csvs[Enabling your Operator for restricted network environments] (disconnected mode)
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-hiding-internal-objects_osdk-generating-csvs[Hiding internal objects]
-ifndef::openshift-dedicated,openshift-rosa[]
-* xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS crytography]
-endif::openshift-dedicated,openshift-rosa[]
+
+include::modules/osdk-csv-annotations-dep.adoc[leveloffset=+2]
+
 
 include::modules/olm-enabling-operator-restricted-network.adoc[leveloffset=+1]
 include::modules/olm-enabling-operator-for-multi-arch.adoc[leveloffset=+1]
