webhookDefinitions are not supported

[Honken77]

Hi

I recently upgraded our OpenShift cluster to 4.14 and activated the extra features allowing us to use OLM v1.0 in Tech Preview. All CRDs install correctly, as far as I can see.

I added a catalog (redhat-operators), and then added an operator to be installed (openshift-gitops-operator). OLM finds the package that I want to install (v1.12.2), but the BundleDeployment throws the error message:

Failed to unpack the openshift-gitops-operator-x4czwc Bundle: 
convert registry+v1 bundle to plain+v0 bundle: webhookDefinitions are not supported

I can find the error message here: https://github.com/operator-framework/rukpak/blob/main/pkg/convert/registryv1.go
on line 205-207, and the if clause makes me think there is a problem with the package itself (that webhookDefinitions in the CSV are not allowed when converting to plain+v0).

What can I do in this situation?

[joelanford]

Hi @Honken77 , this is an intentional limitation for now.

OLMv0 manages certificates and rotation automatically with its own built-in use of Go's stdlib crypto libraries. We are not going to continue doing things this way in OLMv1. For existing registry+v1 bundles that specify webhooks, we will be looking for ways to integrate existing certificate providers (e.g. cert-manager or OpenShift's service-ca-operator).

In the most recent versions of OLMv1 upstream, we have actually further restricted what is going to work:

• Only bundles that support AllNamespaces mode
• No bundles that specify webhooks
• No bundles that specify dependencies

These limitations help us keep our scope tight and focused while we iterate and build out support for more of the existing bundle content.

[Honken77]

So, essentially, the Bundle that the Operator is trying to install is incompatible with OLMv1?

[joelanford]

For now, yes. In the future, the plan is that OLMv1 will support bundles that include webhooks. We just haven't gotten there yet.