|
| 1 | +# NetObserv Operator Konflux builds |
| 2 | + |
| 3 | +> [!WARNING] |
| 4 | +> This documentation is about the downstream CI/CD used to build and release Network Observability product in Openshift. |
| 5 | +> Some of the links here only work with Red Hat vpn. |
| 6 | +
|
| 7 | +## Links |
| 8 | + |
| 9 | +Usefull links |
| 10 | + |
| 11 | +[Netobserv konflux console](https://console.redhat.com/application-pipeline/workspaces/ocp-network-observab/applications) |
| 12 | + |
| 13 | +[Konlfux documentation](https://gitlab.cee.redhat.com/konflux/docs/users) |
| 14 | + |
| 15 | +[Konflux build task reference](https://github.com/konflux-ci/build-definitions/tree/main/task) contains the definitions of tasks that can be used in konflux pipeline |
| 16 | + |
| 17 | +[Konflux release configuration](https://gitlab.cee.redhat.com/releng/konflux-release-data) contains release configuration |
| 18 | + |
| 19 | +[Konflux sample project](https://github.com/konflux-ci/olm-operator-konflux-sample) is a sample project built as an example on how to use konflux |
| 20 | + |
| 21 | +[Lightspeed operator](https://github.com/openshift/lightspeed-operator/blob/main/.tekton/fbc-v4-15-pull-request.yaml) probably one of the first project to release with konflux |
| 22 | + |
| 23 | + |
| 24 | +## Builds |
| 25 | + |
| 26 | +Builds are defined in the .tekton/ directory of each project, to ensure pre-merge build and post merge buids are identical and make maintenance easier, pipeline references has been centralized in a dediceted pipeline-ref file. |
| 27 | + |
| 28 | +### Nudging |
| 29 | + |
| 30 | +Nudging is the konflux mecanism to create dependencies and update between components. When a component A is nudging a component B, Konflux will automatically create PR to update component A reference in component B. |
| 31 | + |
| 32 | +FLP, the ebpf-agent, the console plugin and the operator component are nudging the bundle build once finished and the bundle is nudging the FBC build once finished. |
| 33 | + |
| 34 | +### File Based Catalog |
| 35 | + |
| 36 | +When using Konflux to release an operator, it is required to use a File Based Catalog image. This imply some changes: |
| 37 | +- FBC will not be additive to another one, the released FBC must contain all previous versions |
| 38 | +- one FBC version must be built per Openshift version, the base image used will define the targeted Openshift version |
| 39 | +- FBC build must be the only component in an application |
| 40 | + |
| 41 | +### Konflux pull requests |
| 42 | + |
| 43 | +Konflux will regulary creates new pull request, there are three categories : |
| 44 | + |
| 45 | +- [Nudging pull request](https://github.com/netobserv/network-observability-operator/pull/969) To upgrade the reference to another component |
| 46 | +- [Konflux tasks update](https://github.com/netobserv/network-observability-operator/pull/787) Up to date tasks are required to pass security check during release. Also the migration note sometimes contains instruction to some required actions |
| 47 | +- [Dependencies update](https://github.com/netobserv/network-observability-operator/pull/962) Kondlux internally use [https://github.com/renovatebot/renovate](renovate) to automatically create this PR. |
| 48 | + |
| 49 | +## Deploying |
| 50 | + |
| 51 | +The FBC image can be added as a CatalogSource |
| 52 | + |
| 53 | +> apiVersion: operators.coreos.com/v1alpha1 |
| 54 | +> kind: CatalogSource |
| 55 | +> metadata: |
| 56 | +> name: netobserv-konflux |
| 57 | +> namespace: openshift-marketplace |
| 58 | +> spec: |
| 59 | +> displayName: netobserv-konflux |
| 60 | +> image: 'quay.io/repository/redhat-user-workloads/ocp-network-observab-tenant/network-observability-operator-fbc:latest' |
| 61 | +> publisher: Netobserv team |
| 62 | +> sourceType: grpc |
| 63 | +
|
| 64 | +An `ImageDigestMirrorSet` is then required |
| 65 | + |
| 66 | +> apiVersion: config.openshift.io/v1 |
| 67 | +> kind: ImageDigestMirrorSet |
| 68 | +> metadata: |
| 69 | +> name: netobserv |
| 70 | +> spec: |
| 71 | +> imageDigestMirrors: |
| 72 | +> - mirrors: |
| 73 | +> - quay.io/redhat-user-workloads/ocp-network-observab-tenant/network-observability-operator-1-7 |
| 74 | +> source: registry.redhat.io/network-observability/network-observability-rhel9-operator |
| 75 | +> - mirrors: |
| 76 | +> - quay.io/redhat-user-workloads/ocp-network-observab-tenant/flowlogs-pipeline-1-7 |
| 77 | +> source: registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9 |
| 78 | +> - mirrors: |
| 79 | +> - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-ebpf-agent-1-7 |
| 80 | +> source: registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9 |
| 81 | +> - mirrors: |
| 82 | +> - quay.io/redhat-user-workloads/ocp-network-observab-tenant/network-observability-console-plugin-1-7 |
| 83 | +> source: registry.redhat.io/network-observability/network-observability-console-plugin-rhel9 |
| 84 | +> - mirrors: |
| 85 | +> - quay.io/redhat-user-workloads/ocp-network-observab-tenant/network-observability-cli-1-7 |
| 86 | +> source: registry.redhat.io/network-observability/network-observability-cli-rhel9 |
| 87 | +> - mirrors: |
| 88 | +> - quay.io/redhat-user-workloads/ocp-network-observab-tenant/network-observability-operator-bundle-1-7 |
| 89 | +> source: registry.redhat.io/network-observability/network-observability-operator-bundle |
| 90 | +
|
| 91 | +## Release |
| 92 | + |
| 93 | +[Konflux release configuration](https://gitlab.cee.redhat.com/releng/konflux-release-data) define the release process for konflux built projects. |
| 94 | + |
| 95 | +For new releases two differents directory are important : |
| 96 | +- The [ReleasePlanAdmission](https://gitlab.cee.redhat.com/releng/konflux-release-data/-/tree/main/config/stone-prd-rh01.pg1f.p1/product/ReleasePlanAdmission/ocp-network-observab) directory. The `ReleasePlanAdmission` defines the images that are going to be released and the release target. |
| 97 | + |
| 98 | +- The [ReleasePlan](https://gitlab.cee.redhat.com/releng/konflux-release-data/-/tree/main/tenants-config/cluster/stone-prd-rh01/tenants/ocp-network-observab-tenant?ref_type=heads) directory. The `ReleasePlan` object define which `ReleasePlanAdmission` are going to be part of the release. |
| 99 | + |
| 100 | +To be able to see release pipeline, a read access to the `rhtap-releng` namespace is required, this access must be requested in the konflux-user slack channel. |
| 101 | + |
| 102 | +## Branching |
| 103 | + |
| 104 | +After creating a new release branch, the following steps need to be done: |
| 105 | +- create a new konflux component |
| 106 | +- create new component inside the new application, one for each image except the FBC |
| 107 | +- edit the new component build pipeline to point to the pipeline-ref file |
| 108 | +- creating the new `ReleasePlanAdmission` objects, one for staging one for production |
| 109 | +- creating the new `ReleasePlan` objects, one for staging, one for production, note that the `auto-release` label in the production file must be false |
| 110 | + |
| 111 | +Once it is ready to be released, a new `Release` objects needs to be created to trigger the production release pipeline. |
| 112 | + |
| 113 | +## After release |
| 114 | + |
| 115 | +After a release, the following steps should be done: |
| 116 | +- moving release candidate file in the catalog to the already released directory |
| 117 | +- bumping version label inside the different conteiner images |
0 commit comments