Bug 2211971

Summary: Change cert-manager-for-openshift channel to GA vs tech-preview
Product: Service Telemetry Framework Reporter: Leif Madsen <lmadsen>
Component: DocumentationAssignee: Leif Madsen <lmadsen>
Status: ON_DEV --- QA Contact: Alex Yefimov <ayefimov>
Severity: medium Docs Contact: mgeary <mgeary>
Priority: medium    
Version: 1.5Keywords: FutureFeature, Triaged
Target Milestone: z3   
Target Release: 1.5 (STF)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Leif Madsen 2023-06-02 19:18:25 UTC 
h2. Epic Overview

Use stable-v1 channel in Certificate Manager for OpenShift instead of tech-preview as currently documented.

h2. Goals

Moves the deployment to the default deployment channel for the Operator as of OCP 4.12.

h2. Requirements

- update any documentation references from tech-preview to stable-v1
- update existing CI pipelines to use the default channel for the applicable OCP version (e.g. OCP 4.10 uses tech-preview and OCP 4.12+ uses stable-v1)
- determine if there is existing documentation on migrating channels that we could point at instead of creating our own
- create KCS to migrate from tech-preview with cluster (AllNamespaces) scope to stable-v1 (SingleNamespace) scope
  - may require an Operator removal, project removal (openshift-cert-manager-operator), and re-installation of cert-manager into service-telemetry project
- installation from STF 1.5.3 and onwards which uses the properties.yaml should be installing using the default namespace; check that properties.yaml does not call out a specific channel to install from
- add documentation for verification procedure to make sure nothing else on the cluster is using cert-manager before removing from cluster and moving to another channel
- verify that existing certificates/secrets are left along when the Operator is removed during channel migration

h2. Customer Considerations

Existing STF deployments with cert-manager installed with tech-preview will require a migration strategy, especially when moving beyond OCP 4.12 where tech-preview channel is no longer likely to exist.

h2. Documentation Considerations

Existing procedures will need to be updated unless properties.yaml is available for the deployment, and existing procedures are removed (likely). Check documentation for other cert-manager instances to make sure the procedures are accurate and working as intended.

Update any existing outputs to verify that what the admin reads is showing what they should expect.
Comment 1 Leif Madsen 2023-07-05 19:31:03 UTC 
I'm converting this to a FutureFeature due to some investigation today which indicates just switching the channels is not enough due to installation scope changes between the two channels.
Comment 2 Leif Madsen 2023-07-05 19:49:55 UTC 
## Original Request

Update documentation to use GA channel of Cert Manager for OpenShift instead of using tech-preview channel. Request from Slack:

https://redhat-internal.slack.com/archives/C01ED6VJ1SR/p1685637571044239

Need to verify the channel is available on all supported OCP versions for STF 1.5 which currently includes OCP 4.10 through 4.12. If it is not available on 4.10, we'll need to wait until OCP 4.14 when we drop support for OCP 4.10.