ricardozanini opened a new issue, #3109: URL: https://github.com/apache/incubator-kie-tools/issues/3109
## Background Currently, the SonataFlow Operator uses a ConfigMap (`controllers_cfg.yaml`) to inject the dependent images used during runtime: Link to current config: [https://github.com/apache/incubator-kie-tools/blob/main/packages/sonataflow-operator/config/manager/controllers\_cfg.yaml](https://github.com/apache/incubator-kie-tools/blob/main/packages/sonataflow-operator/config/manager/controllers_cfg.yaml) Example: ```yaml sonataflow: dataIndexImage: quay.io/kiegroup/data-index:latest jobServiceImage: quay.io/kiegroup/job-service:latest ... ``` These values are read at runtime and passed to the platform services (e.g., Data Index, Job Service). ## Problem Although flexible, this approach is not aligned with best practices for Operators installed via Operator Lifecycle Manager (OLM). Specifically: * **OLM provides a built-in mechanism (`relatedImages`) to declare images** used by the Operator, which is tracked and locked down for security/compliance. * The current ConfigMap-based model bypasses this and makes upgrades, security scanning, and disconnected installs more fragile. ## Proposal Transition the image management from ConfigMap injection to `relatedImages` in the CSV. ### Goals * List all dependent images in the `relatedImages` field of the CSV. * Read those values at runtime from environment variables automatically injected by OLM. * Remove the need for the image fields in `controllers_cfg.yaml`. ### Example CSV section: ```yaml relatedImages: - name: data-index image: quay.io/kiegroup/data-index:1.49 - name: job-service image: quay.io/kiegroup/job-service:1.49 - name: addon-knative image: quay.io/kiegroup/addons-knative:1.49 ``` ### Example deployment env injection (operator’s deployment YAML): ```yaml env: - name: RELATED_IMAGE_DATA_INDEX valueFrom: fieldRef: fieldPath: metadata.annotations['olm.relatedImage.data-index'] - name: RELATED_IMAGE_JOB_SERVICE valueFrom: fieldRef: fieldPath: metadata.annotations['olm.relatedImage.job-service'] ``` ### Example Go runtime code: ```go import "os" var ( dataIndexImage = os.Getenv("RELATED_IMAGE_DATA_INDEX") jobServiceImage = os.Getenv("RELATED_IMAGE_JOB_SERVICE") ) ``` ## Next Steps * [ ] Identify all images in use from `controllers_cfg.yaml` * [ ] Add them to the CSV `relatedImages` section * [ ] Refactor operator code to read from env vars instead of ConfigMap * [ ] Remove the `controllers_cfg.yaml` image entries ## References * Using OLM on Restricted Networks: [docs.openshift.com](https://docs.openshift.com/container-platform/4.8/operators/admin/olm-restricted-networks.html?utm_source=chatgpt.com) Relates to https://github.com/operator-framework/operator-sdk/issues/6931 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
