✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	e4aaf82
🔍 Latest deploy log	https://app.netlify.com/projects/olmv1/deploys/68f5fca96e02db0008c19b69
😎 Deploy Preview	https://deploy-preview-2267--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.14%. Comparing base (292c0db) to head (e4aaf82).
⚠️ Report is 1 commits behind head on main.

@@            Coverage Diff             @@
##             main    #2267      +/-   ##
==========================================
- Coverage   73.00%   70.14%   -2.86%     
==========================================
  Files          88       88              
  Lines        8743     8743              
==========================================
- Hits         6383     6133     -250     
- Misses       1947     2194     +247     
- Partials      413      416       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

/hold
We can't have both feature gates enabled simultaneously, as one is meant for upstream (WebhookProviderCertManager), and the other is meant for downstream (WebhookProviderOpenshiftServiceCA).

I think my preference would be to leave the feature-gates off by default, and put just the one we want into the helm/olmv1/values.yaml file, but this would mean also leaving them in the experimental.yaml file as well, which is not desirable (i.e. have it in two places). The alternative is to use an if/.Values.openshift.enabled/else sequence to separate the two flags.

BUT, the strangeness comes from the fact that we have cluster-olm-operator getting feature-gates from Openshift. I have a downstream change that would "remove" all upstream gates from values.yaml, and that might be needed before this is merged downstream.

BUT, another strangeness occurs because helm does not merge/combine lists; they are overwritten.

I need to think about this some more.

/hold

Until we decide how to do

That we have two feature-gates that can't be enabled simultaneously is causing us this headache (this should not be an issue with 99%of other features).

Although the CertManager one takes priority:

Which I guess is a reasonable default. But it means we have to explicitly turn off CertManager to get OpenshiftServiceCA, and we don't really have that capability downstream.

Due to the downstream mapping of feature-gates, we only handle "enabled" flags (i.e. we can't turn things off), and we couldn't turn things off without a way in the helm chart to do so (i.e. additional upstream effort).

And disabling features just sounds wrong to me. I really think we need to enable features.

Add in the fact that helm doesn't merge lists makes this more challenging.

I'm envisioning a number of possible solutions, none of which I really like, so I'm wondering if this is something to be discussed in a meeting (office hours)?

Options?

1. Keep these feature-gates off, explicitly turn on CertManager upstream through a new standard.yaml file, which means that experimental.yaml would also need to include it. Downstream, the OpenshiftServiceCA value would be enabled via the Openshift feature-gates.

1a. Add a new "standardFeatures" list that parallels the existing helm feature lists so that the value doesn't have to be duplicated in both standard.yaml and experimental.yaml. (this is a bunch of effort to avoid duplication of a value in a list).

2. Change the feature-gates to be on, but then add upstream and downstream and cluster-olm-operator mechanisms to be able to disable the feature gates. This would be a lot of additional work.

3. Add a new --webhook-provider option to operator-controller to select between CertManager and OpenshiftServiceCA (the default would be no provider). This effectively replaces the feature-gates with a tri-state, and would be enabled in the chart via .Values.openshift.enabled or .Values.certManager.enabled settings.

There is no default certificate provider in OLMv1. We provide explicit options to turn on and use cert-manager and/or Openshift serviceca, and I think we need to be able to reflect that.

Some fairly small changes would be needed to make the --certificate-provider a true tri-state.

Hey folks 👋

@perdasilva @tmshort

I’ve updated this PR — it now reflects what we discussed.
It looks good to merge once we get the green light from you and downstream is ready to receive it.

Please feel free to review when you get a chance 🙏

/hold cancel

@tmshort @perdasilva as we discussed lets merge this one first.
Waiting for your approvals.

/hold cancel

/lgtm
/approve
/override codecov/project

@tmshort: Overrode contexts on behalf of tmshort: codecov/project

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tmshort

The full list of commands accepted by this bot can be found here.

The pull request process is described here