Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

capability of preflight running on total offline env ( on premise env) for some partners #486

Open
wying3 opened this issue Mar 15, 2022 · 7 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@wying3
Copy link

wying3 commented Mar 15, 2022

Is your feature request related to a problem? Please describe.

(A clear and concise description of what the problem is. Ex. I'm always frustrated when [...])
some Telco partner's operator are deployed on premise clusters, and Preflight also runs on server without access to Redhat registry or github.com nor PR can be submit, as no bundle manifect/metadata allowed to be stored in github.

Describe the solution you'd like.

(A clear and concise description of what you want to happen.)
Preflight can be run on offline env and generate report/logs locally, and submit the result manually back to Redhat for review and merge into catalog only

Describe alternatives you've considered.

(A clear and concise description of any alternative solutions or features you've considered.)

Additional context.

(Add any other context or screenshots about the feature request here.)

@wying3 wying3 added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 15, 2022
@bcrochet
Copy link
Contributor

I'm not sure I understand why preflight would need to be run in a completely disconnected environment. Preflight does not need to be run against a "prod" cluster. In fact, I would discourage it.

What benefit does running preflight in a disconnected environment achieve? Please describe the use case further.

Also, when you say 'submit the result manually back to Red Hat'... Do you mean not running in the hosted pipeline? A certification cannot be completed without that step.

@tkrishtop
Copy link
Contributor

I'm not sure I understand why preflight would need to be run in a completely disconnected environment.

Hi @bcrochet, we do have one new partner who has a completely disconnected environment because of security reasons. They're anyway interested in running Preflight tests, getting results, being certified, and finally appearing in the catalog (but not in the marketplace). The others are not as extreme but the situation "I'd like to be in the catalog but not in the marketplace" is a sort of standard for Telco partners.

I was going to open a similar feature request as @wying3 but let's maybe discuss it here.

@wying3
Copy link
Author

wying3 commented Mar 21, 2022

thanks @tkrishtop comment, this is exact the reason I m asking, I m dealing with Telco partners too.

@xueyl88
Copy link

xueyl88 commented Mar 22, 2022

My Telco partner have same request. Due to their security policy. They can't expose any image link to public network. So they can only run the tests in their internal disconnected environment.
And when they customer need to use their product, this Telco partner's eng team will deploy this product for the customer offline. Which mean they don't allow end customer to down their images directly.
So the deployment of the whole product is design to do in a disconnected environment. So a offline certification process is required.

@komish
Copy link
Contributor

komish commented May 18, 2022

This use case will require quite a bit of planning and discussion. I'm adding it to our Milestone 2 project so that we can start thinking about what this might look like. It's unlikely to reach completion by the end of this project board, but if we can spend cycles thinking about the problem, then we'll make progress here.

@jmontesi
Copy link

Hi,
I see that for the Operator Policy there's the possibility of setting the PFLT_SCORECARD_IMAGE environment variable to point to a scorecard image digest apparently to be used in disconnected environments. So, could that be a solution to run at least the Operator Policy tests in an offline environment or there are some other requirements besides that? And in that case, what's the purpose of this config?
Thanks.

@acornett21
Copy link
Contributor

@jmontesi The PFLT_SCORECARD_IMAGE's use case is exactly what you described, to point to a scorecard digest in disconnected environments. If this is set, and the image is mirrored, all preflight check operator checks will run and produce results locally. The ask for this issue is that, that the certification process somehow accepts local/offline results. Currently the only way to certify an operator is to either run the hosted or ci pipeline. Info about those pipelines can be found here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

7 participants