doc: add internal image proposal #1097
Conversation
openshift-ci-robot
added
the
size/M
|
@robszumski Along these same lines, there is also a distinction between workload/application CRDs and data-only CRDs. Such a distinction would make running the SDK scorecard more reliable and may be helpful metadata for a user. Thoughts on that? And if you agree, would it make sense to include this concept in this proposal as well? |
|
+1 ! We were looking to see if there's a good way to hide some of the CRDs which the users don't need to , on the UI ( and other places where we want to hide out details/abstractions ) : This sounds like a good idea. |
| metadata: | ||
| name: hivetables.metering.openshift.io | ||
| annotations: | ||
| operators.coreos.com/internal-object: true |
There was a problem hiding this comment.
Let's make it apps.kubernetes.io/internal-object:true ? :)
|
Merging these two comments together would leave us with: kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: hivetables.metering.openshift.io
annotations:
apps.kubernetes.io/internal-object:true
apps.kubernetes.io/data-object:trueI don't see any issues with that and can get the proposal updated. WDYT @joelanford @sbose78? |
|
That'll be good, @robszumski . |
openshift-ci-robot
added
size/L
|
PTAL again, updated title, filename and added the new annotations. |
|
Unfortunately, we can't use the k8s namespace without upstream approval. Can we use
|
| metadata: | ||
| name: hivetables.metering.openshift.io | ||
| annotations: | ||
| apps.kubernetes.io/internal-object:true |
openshift-ci-robot
added
size/M
|
@robszumski: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Would this annotation be appropriate to hide things that should not show up to end-users in things like the Developer Catalog but instead can only be created by cluster admins? Or will this annotation also hide it from cluster admins in screens outside of just the Developer Catalog? In my case, I want admins to see the option to create a |
|
@robszumski what about supporting these annotations on the CSV. Looks like the console will have an issue: |
|
@christianvogt Are you thinking it goes on to |
|
The problem here for console is that normal users can't list CRDs, so there's no way to console read the annotation. We currently look at |
|
@sbose78 had suggested an annotation on the CSV which was originally a whitelist array of CRDs kinds I believe. A agree though that a blacklist approach is better. |
|
My initial suggestion was to have :
What do you folks think ? |
|
@sbose78 Turning that into a blacklist seems like a good solution to me |
|
An annotation on CSV whose value is an array of names |
|
@christianvogt & @robszumski : Sounds good.
|
|
@robszumski @sbose78 |
|
Sounds good. |
|
@sbose78 @christianvogt Please let me know if this is to be changed
As part of CR the annotation considered is |
|
@sbose78 @robszumski |
|
@robszumski do you have time to fix this proposal up to match the decisions made in the comments here? |
|
Is this still planed to be able to hide some CRDs ? |
|
@matzew This is already implemented in console |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ecordell, robszumski The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
doc-only, merging without tests. |
With github.com/operator-framework/operator-lifecycle-manager/pull/1097 OM supports a mechanism to hide internal CRDs on OLM console. Start using it. By default only - hyperconvergeds.hco.kubevirt.io - v2vvmwares.kubevirt.io - hostpathprovisioners.hostpathprovisioner.kubevirt.io are going to be visible. The list of visible CRDs can be override as a CLI parameter to the csv-merger tool. Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
Description of the change:
This PR adds a proposal for marking a subset of CRDs as "internal", meaning they are not for end-user consumption or manipulation.
Motivation for the change:
Many Operators have internal concepts that are confusing to end-users when they show up in user interfaces or CLIs like operatorhub.io. This proposal solidifies this concept into a standard convention that others can follow to hide these CRDs and downstream user interfaces by hide them if deemed necessary for their user base.