Open Elyytscha opened 8 months ago
akijakya
commented
8 months ago Hi @Elyytscha, I am going to raise this on the next sync with the maintainers but there are some uncertainties around the operator and it is not guaranteed we will continue with updating it on OperatorHub.io.
Elyytscha
commented
7 months ago well as we are lazy devs, we like operatorhub and the idea that we can update our installed software due to this mostly automated without even touching (installPlanApproval: Automatic) sometime something breaks, but we are aware of the fact that every operator is basically a different opensource project and we have to decide per project(=operator) basis if its worth to run automatic upgrades or not, but ~95% of our operators are on automatic upgrade without issues. basically our prometheuses, alertmanagers, grafanas, argocds, tekton, etc are upgrading automated due to operatorhub and operators.
would be cool if we could do this too for our vault again :)
also its a really good opportunity to have a place where your operator is bundled with an explicit version of hashicorp vault against the operator was tested, often a new release on operatorhub for an operator just means the operator was tested and verifed (and released&published) with a new version of the software the operator operates.
ramizpolic
commented
5 months ago I am not sure how safe it is to have BV on automated upgrade as breaking changes could reflect on the whole stack usability. We could probably add it to operatorhub without issues, but I would really like to avoid this. This often creates a lot of issues due to lack of transparency between upgrades which creates a lot of problems for us as well in terms of debugging and answering issues that are mostly related to upgrades (we are lazy too so I feel you :smile:). I'm sure it has its benefits, but I would advise doing manual upgrades of BV either way.
Elyytscha
commented
5 months ago which is not a problem with olm or operatorhub because you can do always:
If an installed Operator has the approval strategy in its subscription set to Manual, when new updates are released in its current update channel, the update must be manually approved before installation can begin.apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: my-operator
namespace: operators
spec:
channel: stable
name: my-operator
source: my-catalog
sourceNamespace: operators
installPlanApproval: Manualor you can just hardcode the vault version in the vault cr.
but as I expierienced, its way more safe to auto update operators and DONT hardcode the version for the application in the CR itself, because as said, mostly an operator upgrade means the operator is ready for a new version of the app it operators, which mean the old version of the app hardcoded in the cr could be incomaptible with the new operator version, those issues i saw already arise.
just to note, teams which are managing 100+ kubernetes clusters have to rely on automatic upgrades, the can't uprgade 100+ clusters per hand or any of the cluster systems itslef, this has to be done automatically and errors arising through this have to be sent via acurate notification channels (example pagerduty[automated email,slack,sms,phone-call based on severity])
what to add is, that this is a state which BV does not want imo because the actual state is, any openshift cluster in the world, which utilizes olm and operatorhub per default, will install a really old version of the bv vault operator, which could result in potential reputation damage for BV itself.
also generally to say is olm has way more advanced capabilites then helm for installing and managing operators, feels way more manageable then helm charts, feels way more enterprise ready
larsks
commented
5 months ago I am not sure how safe it is to have BV on automated upgrade as breaking changes could reflect on the whole stack usability
If the operator declares versions and channels properly, you can simply pin your operator subscription to the current minor release (e.g., channel: stable-1.21) and avoid breaking changes as long as the bank-vault developers follow standard versioning practices.
DrummyFloyd
commented
1 month ago any news regarding this https://operatorhub.io/operator/vault
it's stuck to 0.4.10
any will to update ?
Elyytscha
commented
1 month ago As far as I have understood there is no will to update:
We could probably add it to operatorhub without issues, but I would really like to avoid this.
Just to note: olm solves things which helm does not (managing the correct crd versions on the cluster for the operator)
ramizpolic
commented
1 month ago As far as I have understood there is no will to update:
We could probably add it to operatorhub without issues, but I would really like to avoid this.
Just to note: olm solves things which helm does not (managing the correct crd versions on the cluster for the operator)
We are revisiting this and will re-release the operator under OperatorHub. We have a bit of work at hand and would like to finish up the work we started on new Bank-Vaults projects before addressing this.
Elyytscha
commented
1 month ago I would like to help with this in my spare time, I just didn't feel convinced to contribute something, which isn't wanted by the maintainers :)
I can recommend to look at this, it can serve as reference | howto, this could be done basically the exact same way https://argocd-operator.readthedocs.io/en/latest/developer-guide/development/ https://github.com/argoproj-labs/argocd-operator/blob/master/Makefile
Elyytscha
commented
1 month ago just wanted to let you know that i'm already at a state which basically works, just need some spare time to look into the issues which i'm seeing right now
Preflight Checklist
Problem Description
https://operatorhub.io/operator/vault is really old i noticed, could you please update this again?
Proposed Solution
make pr's at the operatorhub repo for new vault operator versions
Alternatives Considered
No response
Additional Information
No response