2211971 – Change cert-manager-for-openshift channel to GA vs tech-preview

Bug 2211971 - Change cert-manager-for-openshift channel to GA vs tech-preview

Summary: Change cert-manager-for-openshift channel to GA vs tech-preview

Keywords:
Status:	ON_DEV
Alias:	None
Product:	Service Telemetry Framework
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	1.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	z3
Target Release:	1.5 (STF)
Assignee:	Leif Madsen
QA Contact:	Alex Yefimov
Docs Contact:	mgeary
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-06-02 19:18 UTC by Leif Madsen
Modified:	2023-08-14 18:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	STF-1407	0	None	None	None	2023-08-14 18:11:55 UTC

Description Leif Madsen 2023-06-02 19:18:25 UTC

h2. Epic Overview

Use stable-v1 channel in Certificate Manager for OpenShift instead of tech-preview as currently documented.

h2. Goals

Moves the deployment to the default deployment channel for the Operator as of OCP 4.12.

h2. Requirements

- update any documentation references from tech-preview to stable-v1
- update existing CI pipelines to use the default channel for the applicable OCP version (e.g. OCP 4.10 uses tech-preview and OCP 4.12+ uses stable-v1)
- determine if there is existing documentation on migrating channels that we could point at instead of creating our own
- create KCS to migrate from tech-preview with cluster (AllNamespaces) scope to stable-v1 (SingleNamespace) scope
- may require an Operator removal, project removal (openshift-cert-manager-operator), and re-installation of cert-manager into service-telemetry project
- installation from STF 1.5.3 and onwards which uses the properties.yaml should be installing using the default namespace; check that properties.yaml does not call out a specific channel to install from
- add documentation for verification procedure to make sure nothing else on the cluster is using cert-manager before removing from cluster and moving to another channel
- verify that existing certificates/secrets are left along when the Operator is removed during channel migration

h2. Customer Considerations

Existing STF deployments with cert-manager installed with tech-preview will require a migration strategy, especially when moving beyond OCP 4.12 where tech-preview channel is no longer likely to exist.

h2. Documentation Considerations

Existing procedures will need to be updated unless properties.yaml is available for the deployment, and existing procedures are removed (likely). Check documentation for other cert-manager instances to make sure the procedures are accurate and working as intended.

Update any existing outputs to verify that what the admin reads is showing what they should expect.

Comment 1 Leif Madsen 2023-07-05 19:31:03 UTC

I'm converting this to a FutureFeature due to some investigation today which indicates just switching the channels is not enough due to installation scope changes between the two channels.

Comment 2 Leif Madsen 2023-07-05 19:49:55 UTC

## Original Request

Update documentation to use GA channel of Cert Manager for OpenShift instead of using tech-preview channel. Request from Slack:

https://redhat-internal.slack.com/archives/C01ED6VJ1SR/p1685637571044239

Need to verify the channel is available on all supported OCP versions for STF 1.5 which currently includes OCP 4.10 through 4.12. If it is not available on 4.10, we'll need to wait until OCP 4.14 when we drop support for OCP 4.10.

Note You need to log in before you can comment on or make changes to this bug.