- 
                Notifications
    You must be signed in to change notification settings 
- Fork 68
✨ Single/Own Namespace Install Mode Support #1724
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Single/Own Namespace Install Mode Support #1724
Conversation
| ✅ Deploy Preview for olmv1 ready!
 To edit notification comments on pull requests, go to your Netlify site configuration. | 
| Codecov ReportAttention: Patch coverage is  
 
 Additional details and impacted files@@            Coverage Diff             @@
##             main    #1724      +/-   ##
==========================================
+ Coverage   68.39%   68.43%   +0.03%     
==========================================
  Files          62       63       +1     
  Lines        5117     5132      +15     
==========================================
+ Hits         3500     3512      +12     
- Misses       1388     1390       +2     
- Partials      229      230       +1     
 Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. | 
| Wow, I am impressed with how simple that is with the existing code we have. | 
| @joelanford @perdasilva Are we planning to write a RFC for this feature  | 
8088b37    to
    24d0e36      
    Compare
  
    24d0e36    to
    b1880bb      
    Compare
  
    b1880bb    to
    594c0e4      
    Compare
  
    df1ec13    to
    c13abce      
    Compare
  
    0635ae8    to
    5a566fe      
    Compare
  
    Signed-off-by: Per Goncalves da Silva <[email protected]>
Signed-off-by: Per Goncalves da Silva <[email protected]>
Signed-off-by: Per Goncalves da Silva <[email protected]>
Signed-off-by: Per Goncalves da Silva <[email protected]>
Signed-off-by: Per Goncalves da Silva <[email protected]>
Signed-off-by: Per Goncalves da Silva <[email protected]>
5a566fe    to
    79940bf      
    Compare
  
    There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
        a75e794
      
    79940bf    to
    a75e794      
    Compare
  
    Signed-off-by: Per Goncalves da Silva <[email protected]>
a75e794    to
    e39a1f5      
    Compare
  
    | /lgtm | 
| OLMv1 will not attempt multi-tenancy (see [design decisions document](../../project/olmv1_design_decisions.md)) and will think of operators | ||
| as globally installed, i.e. in OLMv0 parlance, as installed in *AllNamespaces* mode. However, there are operators that | ||
| were intended only for the *SingleNamespace* and *OwnNamespace* install modes. In order to make these operators installable in v1 while they | ||
| transition to the new model, v1 is adding support for these two new *installModes*. It should be noted that, in line with v1's no multi-tenancy policy, | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed in the separate venue, @joelanford , there is set of use cases, where it is expected for OLMv1 to allow multiple installation of the same operator with different scopes each, on the same cluster. Just want to make sure this PR is an incremental step towards this and not the final decision.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OLMv1 won't directly support multi-tenancy as a first class concept. This PR doesn't change that one way or the other. All this PR does is make it possible to install registry+v1 bundles that support Own/SingleNamespace mode, but not AllNamespace mode.
This PR does not preclude multiple installations of the same bundle in different namespaces, so long as the installation of that bundle does not violate OLMv1's single owner policy. One fairly obvious outcome is that bundles that ship CRDs will never be able to be installed twice because CRD names are validated according to their resource name and group. Also of note, the registry+v1 format does not allow for templated names of objects in the bundle, so if a bundle has any cluster-scoped objects, it will only be installable once per cluster. But this is a registry+v1 limitation, not an OLMv1 limitation. In the future, I expect OLMv1 to handle bundle formats that do support arbitrary templating.
I can see how this text makes it seem like we're making a blanket statement about one install per cluster, but that is not technically the case. From a practical perspective, I'm guessing >95% of bundles include a cluster-scoped object, which largely makes this sentence true for end users for now.
Description
Part of #593
Closes #1751 and #1752
Adds initial implementation of
SingleNamespaceandOwnNamespaceinstall mode support for registry+v1 bundle behindSingleOwnNamespaceInstallSupportalpha feature-gate.The user can install a registry+v1 bundle in SingleNamespace or OwnNamespace install mode by setting the watch namespace through the
olm.operatorframework.io/watch-namespaceannotation on the ClusterExtension, as long as the following criteria is met:Single-and/orOwnNamespaceinstall modesSingleOwnNamespaceInstallSupportfeature-gate is enabled on the controllerolm.operatorframework.io/watch-namespaceannotation points to a single existing namespaceThe annotation value will determine the install mode:
AllNamespacesmode.spec.namespace) in the ClusterExtension: bundle is installed inOwnNamespacemode (orSingleNamespacemode ifOwnNamespacemode is not supported).spec.namespace) in the ClusterExtension: bundle is installed inSingleNamespacemodeNote: SingleNamespace mode also covers the case where the watchNamespace ==
.spec.namespace. If the operator only supportsOwnNamespaceinstall mode, this means it can ONLY watch the install namespace.If the annotation is not present, standard behavior applies:
AllNamespacesmode.If annotation value is not a valid namespace name the installation will halt with an error.
Notes:
DEMOS
SingleNamespace
OwnNamespace
Reviewer Checklist