You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Documentation/design/operatorgroups.md
+7-8Lines changed: 7 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ If there exists more than one `OperatorGroup` in a single namespace, any CSV cre
21
21
22
22
### InstallModes and Supported OperatorGroups
23
23
24
-
An `InstallMode` consists of an `InstallModeType` field and a boolean `Supported` field. A CSV's spec can contain a set of `InstallModes` of four distinct `InstallModeTypes`:
24
+
An `InstallMode` consists of an `InstallModeType` field and a boolean `Supported` field. A CSV's spec can contain a set of `InstallModes` of four distinct `InstallModeTypes`:
25
25
*`OwnNamespace`: If supported, the operator can be a member of an `OperatorGroup` that selects its own namespace
26
26
*`SingleNamespace`: If supported, the operator can be a member of an `OperatorGroup` that selects one namespace
27
27
*`MultiNamespace`: If supported, the operator can be a member of an `OperatorGroup` that selects more than one namespace
@@ -56,11 +56,11 @@ kind: OperatorGroup
56
56
metadata:
57
57
name: my-group
58
58
namespace: my-namespace
59
-
spec:
60
-
targetNamespaces:
61
-
- my-namespace
62
-
- my-other-namespace
63
-
- my-other-other-namespace
59
+
spec:
60
+
targetNamespaces:
61
+
- my-namespace
62
+
- my-other-namespace
63
+
- my-other-other-namespace
64
64
```
65
65
66
66
> Note: If both `spec.targetNamespaces` and `spec.selector` are defined, `spec.selector` is ignored.
@@ -142,7 +142,7 @@ When a CSV becomes an active member of an `OperatorGroup` and is not in a failed
142
142
* A `<kind.group-version-admin>` ClusterRole is generated with the `*` verb on `<group>` `<kind>` with aggregation labels `rbac.authorization.k8s.io/aggregate-to-admin: true` and `olm.opgroup.permissions/aggregate-to-admin: <operatorgroup-name>`
143
143
* A `<kind.group-version-edit>` ClusterRole is generated with the `create, update, patch, release` verbs on `<group>` `<kind>` with aggregation labels `rbac.authorization.k8s.io/aggregate-to-edit: true` and `olm.opgroup.permissions/aggregate-to-edit: <operatorgroup-name>`
144
144
* A `<kind.group-version-view>` ClusterRole is generated with the `get, list, watch` verbs on `<group>` `<kind>` with aggregation labels `rbac.authorization.k8s.io/aggregate-to-view: true` and `olm.opgroup.permissions/aggregate-to-view: <operatorgroup-name>`
145
-
145
+
146
146
* If |target namespaces| == 1 and contains `*`:
147
147
* A ClusterRole and corresponding ClusterRoleBinding are generated for each permission defined in the CSV's permissions field. All resources generated are given the `olm.owner: <csv-name>` and `olm.owner.namespace: <csv-namespace>` labels
148
148
* Else for each target namespace:
@@ -215,4 +215,3 @@ Each time an `OperatorGroup` syncs:
215
215
* If `olm.providedAPIs` contains any extraneous provided APIs:
216
216
* `olm.providedAPIs` is pruned of any extraneous provided APIs (not provided on cluster)
217
217
* All CSVs that provide the same APIs across all namespaces (including those removed) are requeued. This notifies conflicting CSVs in intersecting groups that their conflict has possibly been resolved, either through resizing or through deletion of the conflicting CSV.
0 commit comments