Insights pulling SCA certs - graduation criteria update #960
Conversation
| @@ -139,7 +139,7 @@ This feature is planned as a technical preview in OCP 4.9 and is planned to go G | |||
|
|
|||
| #### Tech Preview -> GA | |||
| - ~~`Share` resource object is automatically created by the Insights Operator~~ - This is no longer the GA requirement. `Share` object will still be a tech preview and can be added later by different component (from Build team) | |||
| - inform a cluster user about the error state (problem with pulling the certificates) | |||
| - inform a cluster user about the error state (problem with pulling the certificates) - The OCM API returns HTTP 404 if the entitlement certificates are not enabled for the corresponding organization. To inform user/cluster admin about this fact, we can create a new ClusterOperator condition (e.g "ScaNotEnabled") and create a new info alert based on this new condition. | |||
There was a problem hiding this comment.
Another option (instead of the ClusterOperator condition) would metric (probably counting number of 404 responses).....but I think I like the condition approach more.
There was a problem hiding this comment.
What about setting the Degraded=true condition with an appropriate Reason and Message?
There was a problem hiding this comment.
It seems too much to degrade the operator just because the related subscription (I guess it's a subscription) is not enabled. My understanding is that a user doesn't have to be interested in this entitlement certs at all. Does it make sense to mark it as degraded then?
I only want to inform a user about this particular (404) case. Degraded=true is OK for responses like >=500 IMO, but do we really want to force users to enable it (when he/she's receiving the 404)?
There was a problem hiding this comment.
hm, so essentially you're saying this is an optional functionality of the Insights operator, and getting 404s retrieving certs is potentially "to be expected" even when the cluster is running+configured correctly?
In that case your original proposal seems ok. Though i'd make it "SCANotEnabled" since i'm not a fan of lowercased acronyms, but if you've got a precedent to cite, i won't stand in the way.
There was a problem hiding this comment.
Yes that's what I am trying to say :-)
I am fine with "SCANotEnabled"...I don't have any precedent. Thanks
There was a problem hiding this comment.
Updated the name suggestion.
|
/approve |
|
@bparees: Overrode contexts on behalf of bparees: ci/prow/markdownlint In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bparees The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
tremes
force-pushed
the
ocm_communication
branch
from
b81d73e
to
d2de5df
Compare
|
@tremes someone from your team should lgtm this |
|
@bparees: Overrode contexts on behalf of bparees: ci/prow/markdownlint In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
OK. It does make sense. So, let's give it a try to see if I can add the label. |
|
/override ci/prow/markdownlint |
|
@bparees: Overrode contexts on behalf of bparees: ci/prow/markdownlint In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is an update to the graduation criterion for informing user about the error state - especially when Insights receives HTTP 404, which means that the SCA/entitlements are not enabled in the OCM.