From 964d7b29764537a403e6f9ee619ca8b00c9f9921 Mon Sep 17 00:00:00 2001 From: "gtrivedi@redhat.com" Date: Tue, 5 Sep 2023 22:43:38 +0530 Subject: [PATCH] FBC Documentation --- .../proc_maintaining_operator_graphs.adoc | 243 ++++++++++++++++++ package-lock.json | 113 +++++--- 2 files changed, 319 insertions(+), 37 deletions(-) create mode 100644 docs/modules/ROOT/pages/how-to-guides/proc_maintaining_operator_graphs.adoc diff --git a/docs/modules/ROOT/pages/how-to-guides/proc_maintaining_operator_graphs.adoc b/docs/modules/ROOT/pages/how-to-guides/proc_maintaining_operator_graphs.adoc new file mode 100644 index 00000000..c93758bf --- /dev/null +++ b/docs/modules/ROOT/pages/how-to-guides/proc_maintaining_operator_graphs.adoc @@ -0,0 +1,243 @@ +:_content-type: PROCEDURE +:myfunctionone: maintaining_operator_graphs + +[id="maintaining_operator_graphs_{context}"] += Maintaining an Operator graph + +{ProductName} uses File-based catalogs instead of SQLite or ClusterServiceVersion (CVS) to produce an Operator catalog. File-based catalogs (FBC), often referred to as “Operator catalogs”, provide a simpler way to store and share metadata about Operator graphs written for Operator Lifecycle Manager (OLM). With {ProductName}, you can easily build, test, and release multiple components from a single Operator catalog repository. + +{ProductName} only supports use of Operator catalogs to store the Operator graphs because of the following benefits and because they have been supported since OCP 4.11: + +* *Centralized graph updates:* Operator catalogs consolidates graph updates into a single catalog file, eliminating the need for iterative updates and simplifying the management of complex graphs. + +* *Convenient management and flexibility:* Compared to SQLite, Operator catalogs offers a more convenient solution for managing graph updates. Users can define all updates in one place using file-based catalogs, streamlining the process and improving overall efficiency. This centralized management capability simplifies the process and improves overall efficiency. + +* *Improved ownership and analysis:* Operator catalogs provides users with improved ownership and control over their graphs through clean and declarative templates for comprehensive analysis and surface level checks. This simplifies upgrade possibilities determination and error state recovery, eliminating the need to rely on limited configuration options found in localized CSV files. + +For additional information, see link:https://olm.operatorframework.io/docs/reference/file-based-catalogs/[File-based Catalogs]. + +== Setting up an FBC-compatible git repository + +An FBC-compatible Git repository has the following directory structure: + +---- +Project Root +│ +├─ Dockerfile (for example, catalog.Dockerfile) +│ +├─ Directory for the targeted OCP version (for example, 4.12) +│ ├─ devfile.yaml +│ └─ catalog +| └─ catalog.yaml +│ +└─ README.md +---- + +* *`catalog.Dockerfile`*: This file contains the instructions for building the FBC image. It should specify a parent image, such as `registry.redhat.io/openshift4/ose-operator-registry`. The Dockerfile should also have a tag corresponding to the target OpenShift Container Platform (OCP) version. + ++ +*Example:* + ++ +[source,dockerfile] +---- +# The base image is expected to contain +# /bin/opm (with a serve subcommand) and /bin/grpc_health_probe +FROM registry.redhat.io/openshift4/ose-operator-registry:v4.12 + +# Configure the entrypoint and command +ENTRYPOINT ["/bin/opm"] +CMD ["serve", "/configs", "--cache-dir=/tmp/cache"] + +# Copy declarative config root into image at /configs and pre-populate serve cache +ADD catalog /configs +RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"] + +# Set DC-specific label for the location of the DC root directory +# in the image +LABEL operators.operatorframework.io.index.configs.v1=/configs +---- + +* *`catalog.yaml`*: This file contains important metadata about the Operator. There should be a `catalog.yml` file for each FBC image that is produced. + ++ +*Example:* + ++ +[source,yaml] +---- +schema: olm.composite.catalogs +catalogs: + - name: "4.13" <1> + destination: + baseImage: registry.redhat.io/openshift4/ose-operator-registry:v4.13 <2> + workingDir: . + builders: + - olm.builder.basic + - name: "4.12" + destination: + baseImage: registry.redhat.io/openshift4/ose-operator-registry:v4.12 + workingDir: . + builders: + - olm.builder.basic +---- +<1> The OCP version. +<2> The parent image that the system uses to build the FBC fragments. + + +* *`devfile.yaml`*: This file is used by {ProductName} to detect the type of component and to set up a build. You must set the `language: FBC` parameter to ensure that the build process runs successfully. + ++ +*Example:* + ++ +[source,yaml] +---- +schemaVersion: 2.2.0 +metadata: + name: fbc-4.12 + displayName: FBC 4.12 + description: 'File based catalog' + language: fbc <1> + provider: Red Hat +components: + - name: image-build + image: + imageName: "" + dockerfile: + uri: catalog.Dockerfile <2> + buildContext: "4.12" <3> + - name: kubernetes + kubernetes: + inlined: placeholder + attributes: + deployment/container-port: 50051 + deployment/cpuRequest: "100m" + deployment/memoryRequest: 512Mi + deployment/replicas: 1 + deployment/storageRequest: "0" +commands: + - id: build-image + apply: + component: image-build" +---- +<1> Indicates to {ProductName} that the component being build is an FBC component. It is a required parameter since auto-detection does not work to identify FBC components. +<2> Specifies the Dockerfile as defined earlier. +<3> Specifies the context directory needed to specify the FBC component corresponding to the OCP version being targeted, according to the referenced Dockerfile. + + +== Adding a component +Users should manage all the FBC components through a single application. This centralized management enables synchronized updates for graphs across all OCP versions. + +.Prerequisites + +* You have access to link:https://console.redhat.com/beta/hac/application-pipeline[App Studio]. +* You have a Git repository with FBC components. +* You have link:https://redhat-appstudio.github.io/docs.appstudio.io/Documentation/main/how-to-guides/Import-code/proc_importing_code/#creating-a-red-hat-container-registry-token[created a Red Hat Container Registry token]. + +.Procedures + +. Go to App Studio and select *Create application*. +. In the *Git repository URL* field, enter the URL of your FBC-compatible Git repository. +. Select *Import code*. The system displays the Configure your components for deployment page. +. Disable the Default build pipeline. +. In the Secrets section, select *Add secret*. +. From the *Secret type* dropdown list, select *Image pull secret*. +. In the *Select or enter name*, enter *registry-redhat-io-docker*. +. In the *Value* field, copy and paste or upload the downloaded secret. +. Select *Create*. +. Select *Create application*. The system displays a Manage build pipelines pop-up and tries to send a pull request. +. If you have not already installed the App Studio GitHub application, select *Install GitHub application* on the Manage build pipelines popup page. + ++ +NOTE: If you want to restrict the GitHub application’s access to certain repositories only, use the *Only select repositories* option in GitHub during the installation. + +. Returning to the Manage build pipelines page in {ProductName}, select *Send pull request*. +. Select *Merge in GitHub*. +. In GitHub, merge the pull request from the `red-hat-trusted-app-pipeline` bot. +. Let {ProductName} complete PipelineRun for the upgraded build pipeline. + +.Verification + +. Go to *Activity > Pipeline* runs. + +. Select the most recent *PipelineRun*. + +. View the `fbc-validate` and the `fbc-related-image-check` task within the build pipeline. Ensure that the build process is executing these tasks as part of the build process and that they are not indicating a “skip checks” status. + ++ +If these tasks display a green checkmark, it indicates that the build process has successfully validated the FBC components against an existing link:https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels_package[Enterprise Contract] policy. However, if they do not show a green checkmark, it indicates some potential issues with the FBC components. + ++ +NOTE: The `fbc-validate` task checks the existence and functionality of binaries, and runs validation on configurations within an FBC image. + +.Next steps + +The application image is now available, and the next step is to release it by setting up the wrokspace. + +== Setting up workspaces to release an FBC application + +Two teams work together to release an application: + +* *Development team* - The team that develops and supports the application in a pre-production environment. +* *Managed environment team* - The team that supports the production instance of that application. + +To release an application to a managed environment, the development team creates a `ReleasePlan` object in the developer workspace. The `ReleasePlan` object includes a reference to the application that the development team wants to release, along with the namespace and workspace where the application is supposed to release. + +=== Creating a ReleasePlan object + +.Prerequisites + +* You have an existing development and managed workspace. +* You have installed the OpenShift CLI (`oc`). +* You have completed the steps listed in the link:https://redhat-appstudio.github.io/docs.appstudio.io/Documentation/main/getting-started/getting_started_in_cli/[Getting started in the CLI] page. + +.Procedures + +. Create a `release_plan.yaml` file locally. + ++ +Example `release_plan.yaml` file: + ++ +[source,yaml] +---- +apiVersion: appstudio.redhat.com/v1alpha1 +kind: ReleasePlan <1> +metadata: + labels: + release.appstudio.openshift.io/auto-release: 'true' + release.appstudio.openshift.io/standing-attribution: 'true' +name: manual-fbc-release <2> +spec: + application: fbc-example <3> + displayName: manual-fbc-release + target: managed-release-team-tenant <4> +---- +<1> The name of the resource that you are creating. +<2> The name of the release plan. +<3> The name of the application that you want to deploy to the managed workspace. +<4> The workspace to which the system deploys the application. This workspace is created by the Managed environment team (for example, your organization’s SRE team). + +. In the development workspace, add that `release_plan.yaml` file by running the following command: + ++ +[source,terminal] +---- +$ oc apply -f releaseplan.yaml -n dev +---- + ++ +This command adds the required configuration to your workspace that is needed to execute a release pipeline in a managed workspace. + ++ +NOTE: For every `ReleasePlan` object, there must be a corresponding `ReleasePlanAdmission` in the managed environment you wish to release the FBC application. + +.Verification + +. Browse to the application you are creating and select the **Deployments** tab. The **Deployment** tab lists all the `ReleasePlan` objects that you created. +. Review the appropriate `ReleasePlan` object for more information about the `ReleasePlan` objects you created. + + +== Additional information +For information about releasing an application to production, see link:https://redhat-appstudio.github.io/docs.appstudio.io/Documentation/main/how-to-guides/proc_release_application/[Releasing an application]. \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index c0eeed1d..5c7796f6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -743,12 +743,27 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/define-data-property": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.0.tgz", + "integrity": "sha512-UzGwzcjyv3OtAvolTj1GoyNYzfFR+iqbGjcnBEENZVCpM4/Ng1yhGNvS3lR/xDS74Tb2wGG9WzNSNIOS9UVb2g==", + "dev": true, + "dependencies": { + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/define-properties": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.0.tgz", - "integrity": "sha512-xvqAVKGfT1+UAvPwKTVw/njhdQ8ZhXK4lI0bCIuCMrp2up9nPnaDftrLtmpTazqd1o+UY4zgzU+avtMbDP+ldA==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", "dev": true, "dependencies": { + "define-data-property": "^1.0.1", "has-property-descriptors": "^1.0.0", "object-keys": "^1.1.1" }, @@ -881,9 +896,9 @@ "dev": true }, "node_modules/fast-redact": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.2.0.tgz", - "integrity": "sha512-zaTadChr+NekyzallAMXATXLOR8MNx3zqpZ0MUF2aGf4EathnG0f32VLODNlY8IuGY3HoRO2L6/6fSzNsLaHIw==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.3.0.tgz", + "integrity": "sha512-6T5V1QK1u4oF+ATxs1lWUmlEk6P2T9HqJG3e2DnHOdVgZy2rFJBoEnrIedcTXlkAHU/zKC+7KETJ+KGGKwxgMQ==", "dev": true, "engines": { "node": ">=6" @@ -1066,6 +1081,18 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "dev": true, + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", @@ -1092,13 +1119,13 @@ } }, "node_modules/handlebars": { - "version": "4.7.7", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.7.tgz", - "integrity": "sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==", + "version": "4.7.8", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", + "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", "dev": true, "dependencies": { "minimist": "^1.2.5", - "neo-async": "^2.6.0", + "neo-async": "^2.6.2", "source-map": "^0.6.1", "wordwrap": "^1.0.0" }, @@ -1220,10 +1247,20 @@ } }, "node_modules/html-entities": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.3.3.tgz", - "integrity": "sha512-DV5Ln36z34NNTDgnz0EWGBLZENelNAtkiFA4kyNOG2tDI6Mz1uSWiq1wAKdyjnJwyDiDO7Fa2SO1CTxPXL8VxA==", - "dev": true + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.3.6.tgz", + "integrity": "sha512-9o0+dcpIw2/HxkNuYKxSJUF/MMRZQECK4GnF+oQOmJ83yCVHTWgCH5aOXxK5bozNRmM8wtgryjHD3uloPBDEGw==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/mdevils" + }, + { + "type": "patreon", + "url": "https://patreon.com/mdevils" + } + ] }, "node_modules/htmlparser2": { "version": "6.1.0", @@ -1790,9 +1827,9 @@ } }, "node_modules/pino": { - "version": "8.14.1", - "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.1.tgz", - "integrity": "sha512-8LYNv7BKWXSfS+k6oEc6occy5La+q2sPwU3q2ljTX5AZk7v+5kND2o5W794FyRaqha6DJajmkNRsWtPpFyMUdw==", + "version": "8.14.2", + "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.2.tgz", + "integrity": "sha512-zKu9aWeSWTy1JgvxIpZveJKKsAr4+6uNMZ0Vf0KRwzl/UNZA3XjHiIl/0WwqLMkDwuHuDkT5xAgPA2jpKq4whA==", "dev": true, "dependencies": { "atomic-sleep": "^1.0.0", @@ -1822,24 +1859,25 @@ } }, "node_modules/pino-abstract-transport/node_modules/readable-stream": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.0.tgz", - "integrity": "sha512-kDMOq0qLtxV9f/SQv522h8cxZBqNZXuXNyjyezmfAAuribMyVXziljpQ/uQhfE1XLg2/TLTW2DsnoE4VAi/krg==", + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.2.tgz", + "integrity": "sha512-Lk/fICSyIhodxy1IDK2HazkeGjSmezAWX2egdtJnYhtzKEsBPJowlI6F6LPb5tqIQILrMbx22S5o3GuJavPusA==", "dev": true, "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", "events": "^3.3.0", - "process": "^0.11.10" + "process": "^0.11.10", + "string_decoder": "^1.3.0" }, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, "node_modules/pino-pretty": { - "version": "10.0.0", - "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.0.tgz", - "integrity": "sha512-zKFjYXBzLaLTEAN1ayKpHXtL5UeRQC7R3lvhKe7fWs7hIVEjKGG/qIXwQt9HmeUp71ogUd/YcW+LmMwRp4KT6Q==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.1.tgz", + "integrity": "sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA==", "dev": true, "dependencies": { "colorette": "^2.0.7", @@ -1862,24 +1900,25 @@ } }, "node_modules/pino-pretty/node_modules/readable-stream": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.0.tgz", - "integrity": "sha512-kDMOq0qLtxV9f/SQv522h8cxZBqNZXuXNyjyezmfAAuribMyVXziljpQ/uQhfE1XLg2/TLTW2DsnoE4VAi/krg==", + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.2.tgz", + "integrity": "sha512-Lk/fICSyIhodxy1IDK2HazkeGjSmezAWX2egdtJnYhtzKEsBPJowlI6F6LPb5tqIQILrMbx22S5o3GuJavPusA==", "dev": true, "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", "events": "^3.3.0", - "process": "^0.11.10" + "process": "^0.11.10", + "string_decoder": "^1.3.0" }, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, "node_modules/pino-std-serializers": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-6.2.1.tgz", - "integrity": "sha512-wHuWB+CvSVb2XqXM0W/WOYUkVSPbiJb9S5fNB7TBhd8s892Xq910bRxwHtC4l71hgztObTjXL6ZheZXFjhDrDQ==", + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-6.2.2.tgz", + "integrity": "sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==", "dev": true }, "node_modules/process": { @@ -2188,9 +2227,9 @@ } }, "node_modules/thread-stream": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-2.3.0.tgz", - "integrity": "sha512-kaDqm1DET9pp3NXwR8382WHbnpXnRkN9xGN9dQt3B2+dmXiW8X1SOwmFOxAErEQ47ObhZ96J6yhZNXuyCOL7KA==", + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-2.4.0.tgz", + "integrity": "sha512-xZYtOtmnA63zj04Q+F9bdEay5r47bvpo1CaNqsKi7TpoJHcotUez8Fkfo2RJWpW91lnnaApdpRbVwCWsy+ifcw==", "dev": true, "dependencies": { "real-require": "^0.2.0" @@ -2290,9 +2329,9 @@ } }, "node_modules/tslib": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz", - "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg==", + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==", "dev": true }, "node_modules/uglify-js": {