Update k8s-best-practices-cnf-operator-requirements.adoc

redhat-best-practices-for-k8s · Oct 1, 2024 · 2307f70 · 2307f70
1 parent ac069f0
commit 2307f70
Showing 1 changed file with 59 additions and 0 deletions.
diff --git a/modules/k8s-best-practices-cnf-operator-requirements.adoc b/modules/k8s-best-practices-cnf-operator-requirements.adoc
@@ -114,3 +114,62 @@ All required RBAC must be included in the OLM operator bundle so that it's manag
 ====
 It is not recommended for a workload application to share a proprietary operator with another workload application if that application does not share the same version lifecycle. If a workload application does share an operator the CRDs must be backwards compatible.
 ====
+
+[IMPORTANT]
+====
+Applications providing OLM catalogs to bring their operators into a platform environment must ensure that their catalog has less than 1,000 images per application team, however applications should target a much lower number than this (preferably under 150-200 images)
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+Applications providing OLM catalogs to bring their operators into a platform environment must ensure that their catalog uses a FQDN name specific to their brand for their docker registry and provide a pull secret so that the images from their hosted registry can be accessed.
+====
+
+.CNF recommendation
+[IMPORTANT]
+====
+It is recommended applications limit the scope of their OLM catalog to only operator packages needed for lifecycle upgrades, and the latest version installs following operator framework best practices by utilizing olm.skipRange to keep operator catalogs as small as possible.
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+When an operator subscription is created into a namespace, the operator's install plan must install all resources to that specific operator namespace. The only exception here are cluster scoped objects such as CRD's.
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+Operators must install to our environment using a subscription object only.  Pre-configuration or custom configuration using config maps should not be required to install your operator to our environment.
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+Operators are not permitted to use huge pages.
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+The size of operator catalog and all images required by operator catalog cannot exceed 200GB of storage for an application catalog.
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+Application vendors will need to increment their operator version to supply any hotfix or upgrade.  For example If your existing operator version is 1.6.9-0, and you need to supply a hotfix, then your new OLM package should be 1.6.9-1 and the new operator CSV should have a replace tag for the existing operator CSV.
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+Global operators are versioned to a release of the platform.  These versions only change when there is a new platform release.
+====
+
+.VCP CNF requirement
+[IMPORTANT]
+====
+Operators are not permitted to be installed into a tenant app namespace. Operators that are installed with the  "Single Namespace" olm install mode must be installed into the tenants dedicated operator namespace.  Upstream 3rd party operators will be installed Globally with "All Namespaces" olm install mode into the openshift-operators namespace.
+====