Documentation ¶
Index ¶
Constants ¶
const ( PodDisruptionBudgetKind = "PodDisruptionBudget" PriorityClassKind = "PriorityClass" RoleKind = "Role" ClusterRoleKind = "ClusterRole" PodDisruptionBudgetAPIGroup = "policy" SCCAPIGroup = "security.openshift.io" )
const ContainerToolsKey = "container-tools"
ContainerToolsKey defines the key which can be used by its consumers to inform where to find the container tool that should be used to inspect the image
const DeprecateMessage = "this bundle is using APIs which were deprecated and removed in v%v.%v. " +
"More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v%v-%v. " +
"Migrate the API(s) for %s"
DeprecateMessage defines the content of the message that will be raised as an error or warning when the removed apis are found
const IndexImagePathKey = "index-path"
IndexImagePathKey defines the key which can be used by its consumers to inform where their index image path is to be checked
Variables ¶
var AlphaDeprecatedAPIsValidator interfaces.Validator = interfaces.ValidatorFunc(validateDeprecatedAPIsValidator)
AlphaDeprecatedAPIsValidator implements Validator to validate bundle objects for API deprecation requirements.
Note that this validator looks at the manifests. If any removed APIs for the mapped k8s versions are found, it raises a warning.
This validator only raises an error when the deprecated API found is removed in the specified k8s version informed via the optional key `k8s-version`.
The K8s versions supported and checks are:
- 1.22 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22
- 1.25 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25
- 1.26 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26
IMPORTANT: Note that in the case scenarios of 1.25 and 1.26 it is very unlikely the OperatorAuthors add manifests on the bundle using these APIs. On top of that some Kinds such as the CronJob are not currently a valid/supported by OLM and never would to be added to bundle. See: https://github.com/operator-framework/operator-registry/blob/v1.19.5/pkg/lib/bundle/supported_resources.go#L3-L23
var BundleValidator interfaces.Validator = interfaces.ValidatorFunc(validateBundles)
var CRDValidator interfaces.Validator = interfaces.ValidatorFunc(validateCRDs)
var CSVValidator interfaces.Validator = interfaces.ValidatorFunc(validateCSVs)
var CaseSensitiveAnnotationKeySet = map[string]string{ strings.ToLower(v1.OperatorGroupAnnotationKey): v1.OperatorGroupAnnotationKey, strings.ToLower(v1.OperatorGroupNamespaceAnnotationKey): v1.OperatorGroupNamespaceAnnotationKey, strings.ToLower(v1.OperatorGroupTargetsAnnotationKey): v1.OperatorGroupTargetsAnnotationKey, strings.ToLower(v1.OperatorGroupProvidedAPIsAnnotationKey): v1.OperatorGroupProvidedAPIsAnnotationKey, strings.ToLower(v1alpha1.SkipRangeAnnotationKey): v1alpha1.SkipRangeAnnotationKey, }
CaseSensitiveAnnotationKeySet is a set of annotation keys that are case sensitive and can be used for validation purposes. The key is always lowercase and the value contains the expected case sensitive string. This may not be an exhaustive list.
var CommunityOperatorValidator interfaces.Validator = interfaces.ValidatorFunc(communityValidator)
CommunityOperatorValidator validates the bundle manifests against the required criteria to publish the projects on the community operators
Note that this validator allows to receive a List of optional values as key=values. Currently, only the `index-path` key is allowed. If informed, it will check the labels on the image index according to its criteria.
Deprecated - The checks made for this validator were moved to the external one: https://github.com/redhat-openshift-ecosystem/ocp-olm-catalog-validator
Please no longer use this check it will be removed in the next releases.
var GoodPracticesValidator interfaces.Validator = interfaces.ValidatorFunc(goodPracticesValidator)
GoodPracticesValidator validates the bundle against criteria and suggestions defined as good practices for bundles under the operator-framework solutions. (You might give a look at https://sdk.operatorframework.io/docs/best-practices/)
This validator will raise an WARNING when:
- The resources request for CPU and/or Memory are not defined for any of the containers found in the CSV
- The channel names seems are not following the convention https://olm.operatorframework.io/docs/best-practices/channel-naming/
- CRDs defined in the bundle have empty descriptions
- Check if the CSV has permissions to create CRDs. Note that: a) "Operators should own a CRD and only one Operator should control a CRD on a cluster. Two Operators managing the same CRD is not a recommended best practice. In the case where an API exists but with multiple implementations, this is typically an example of a no-op Operator because it doesn't have any deployment or reconciliation loop to define the shared API and other Operators depend on this Operator to provide one implementation of the API, e.g. similar to PVCs or Ingress."
b) "An Operator shouldn't deploy or manage other operators (such patterns are known as meta or super operators or include CRDs in its Operands). It's the Operator Lifecycle Manager's job to manage the deployment and lifecycle of operators. For further information check Dependency Resolution: https://olm.operatorframework.io/docs/concepts/olm-architecture/dependency-resolution/"
WARNING: if you create CRD's via the reconciliations or via the Operands then, OLM cannot handle CRDs migration and update, validation. - The bundle name (CSV.metadata.name) does not follow the naming convention: <operator-name>.v<semver> e.g. memcached-operator.v0.0.1
NOTE: The bundle name must be 63 characters or less because it will be used as k8s ownerref label which only allows max of 63 characters.
var K8sVersionsSupportedByValidator = []string{"1.22.0", "1.25.0", "1.26.0"}
K8sVersionsSupportedByValidator defines the k8s versions which this validator is implemented to perform the checks
var MultipleArchitecturesValidator interfaces.Validator = interfaces.ValidatorFunc(multipleArchitecturesValidate)
MultipleArchitecturesValidator validates the bundle against criteria to support Multiple Architectures. For further information check: https://olm.operatorframework.io/docs/advanced-tasks/ship-operator-supporting-multiarch/
This validator will inspect the images with the chosen container-tool. One of: [docker, podman, none] (By default docker) and then: (It is only used to $container-tool manifest inspect)
- raise a error(s) when is possible to confirm that images do not provide the support defined via to the labels in the CSV
- raise a warning when it is possible to check that the Operator manager image(s) supports architecture(s) not defined via labels. Therefore, it shows like the labels are missing.
- raise warnings when it is possible to verify that the images defined in the CSV do not provide the same architecture(s) supported by the Operator manager image(s) or defined via the labels
### What is checked?
On this check, we aggregate the platform architecture(s) and OS(s) provided via the labels and those which are found by checking the images so that, we can check:
- If your CSV is missing labels
- If your Operator bundle specifies images which do not support all architectures found for your Operator image(s) (probably supported by your project)
- If your deployment spec follows the best practice of setting nodeAffinity to ensure image(s) are only scheduled on compatible platform nodes.
Note: To better guess the case scenarios where authors might have missed the labels, the following check will verify all architectures supported by the Operator image(s). However, by looking at the CSV we are not able to ensure what is the Operator image because this info is not provided. Therefore, we know by SDK the Operator image container will be called manager.
### How the Operator image(s) are identified?
The container named as manager under the CSV Deployment InstallStrategy (`Spec.InstallStrategy.StrategySpec.DeploymentSpecs`) And if the above not found, all images under the InstallStrategy excluding the container named as `kube-rbac-proxy` since it is also scaffolded by default via SDK
var ObjectValidator interfaces.Validator = interfaces.ValidatorFunc(validateObjects)
var OperatorGroupValidator interfaces.Validator = interfaces.ValidatorFunc(validateOperatorGroups)
OperatorGroupValidator is a validator for OperatorGroup
var OperatorHubValidator interfaces.Validator = interfaces.ValidatorFunc(validateOperatorHub)
OperatorHubValidator validates the bundle manifests against the required criteria to publish the projects on OperatorHub.io.
This validator will ensure that:
- The annotations capabilities into the CSV has a valid option, which are:
* Basic Install
* Seamless Upgrades
* Full Lifecycle
* Deep Insights
* Auto Pilot
- The annotations categories into the CSV has a valid option, which are:
* AI/Machine Learning
* Application Runtime
* Big Data
* Cloud Provider
* Developer Tools
* Database
* Integration & Delivery
* Logging & Tracing
* Modernization & Migration
* Monitoring
* Networking
* OpenShift Optional
* Security
* Storage
* Streaming & Messaging
NOTE: The OperatorHub validator can verify against custom bundle categories by setting the OPERATOR_BUNDLE_CATEGORIES environment variable. Setting the OPERATOR_BUNDLE_CATEGORIES environment variable to the path to a json file containing a list of categories will enable those categories to be used when comparing CSV categories for OperatorHub validation. The json file should be in the following format:
```json { "categories":[ "Cloud Pak", "Registry", "MyCoolThing", ] } ```
- The `csv.Spec.Provider.Name` was provided
- The `csv.Spec.Maintainers` elements contains both name and email
- The `csv.Spec.Links` elements contains both name and url
- The `csv.Spec.Links.Url` is a valid value
- The `csv.Spec.Version` is provided
- The `csv.Spec.Icon` was provided and has not more than one element
- The `csv.Spec.Icon` elements should contain both data and `mediatype`
- The `csv.Spec.Icon` elements should contain both data and `mediatype`
- The `csv.Spec.Icon` has a valid `mediatype`, which are
* image/gif
* image/jpeg
* image/png
* image/svg+xml
- If informed ONLY, check if the value csv.Spec.MinKubeVersion is parsable according to semver (https://semver.org/) Also, this validator will raise warnings when:
- The channel names seems are not following the convention https://olm.operatorframework.io/docs/best-practices/channel-naming/
- The usage of the removed APIs on Kubernetes 1.22 is found. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22
Note that this validator allows to receive a List of optional values as key=values. Currently, only the `k8s-version` key is allowed. If informed, it will perform the checks against this specific Kubernetes version where the operator bundle is intend to be used and will raise errors instead of warnings. Currently, this check is capable of verifying the removed APIs only for Kubernetes 1.22 version.
var PackageManifestValidator interfaces.Validator = interfaces.ValidatorFunc(validatePackageManifests)
Functions ¶
func ValidateAnnotationNames ¶ added in v0.6.1
func ValidateAnnotationNames(annotations map[string]string, value interface{}) (errs []errors.Error)
ValidateAnnotationNames will check annotation keys to ensure they are using proper case. Uses CaseSensitiveAnnotationKeySet as a source for keys which are known to be case sensitive. It also checks to see if the olm.properties annotation is defined in order to add a warning if present. This function can be used anywhere annotations need to be checked for case sensitivity.
Arguments ¶
• annotations: annotations map usually obtained from ObjectMeta.GetAnnotations()
• value: is the field or file that caused an error or warning
Returns ¶
• errs: Any errors that may have been detected with the annotation keys provided
Types ¶
type CSVChecks ¶ added in v0.8.0
type CSVChecks struct {
// contains filtered or unexported fields
}
type CommunityOperatorChecks ¶ added in v0.9.0
type CommunityOperatorChecks struct {
// contains filtered or unexported fields
}