OCPBUGS-78: Cleanup conversion webhooks when an operator is uninstalled

[perdasilva]

Problem: When uninstalling a CSV, OLM has always avoided deleting the
associated CRD as all CRs on cluster are subsequently deleted, possibly
resulting in user dataloss.

OLM supports defining conversion webhooks within the CSV. On cluster,
conversion webhooks are defined with a CRD and point to a service that
handles conversion. If the service is unable to fulfill the request,
all requests against the CRs associated with the CRD will fail.

When uninstalling a CSV, OLM does not remove the conversion webhook from
the CRD, meaning that all requests against the CRs associated with the
CRD will fail, resulting in at least two concerns:

1. OLM is unable to subsequently reinstall the operator. When installing
   a CSV, if the CRD already exists and instances of CRs exist as well,
   OLM performs a series of checks which ensure that none of the CRs are
   invalidated against the new schema. The existing CRD's conversion
   webhooks points to a non-existant service, causing the check to fail
   and preventing installs.
2. Broken conversion webhooks causes kubernete's garbage collection to
   fail.

Solution: When a CSV is deleted, if no CSV exists that is replacing it,
set the CRD's conversion strategy to None.

Signed-off-by: Alexander Greene [email protected]

Upstream-commit: 94374983d448c56d031f0493b84b6dce37b84741
Upstream-repository: operator-lifecycle-manager

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [perdasilva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[perdasilva]

/hold don't merge before #359 gets merged and qe approves

[oceanc80]

/lgtm

[perdasilva]

/retest

[perdasilva]

/retest

[perdasilva]

/retest

[perdasilva]

/retest

[anik120]

/retest

[openshift-ci-robot]

@perdasilva: This pull request references [Jira Issue OCPBUGS-78](https://issues.redhat.com//browse/OCPBUGS-78), which is invalid:

• expected the bug to target the "4.12.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Problem: When uninstalling a CSV, OLM has always avoided deleting the
associated CRD as all CRs on cluster are subsequently deleted, possibly
resulting in user dataloss.

OLM supports defining conversion webhooks within the CSV. On cluster,
conversion webhooks are defined with a CRD and point to a service that
handles conversion. If the service is unable to fulfill the request,
all requests against the CRs associated with the CRD will fail.

When uninstalling a CSV, OLM does not remove the conversion webhook from
the CRD, meaning that all requests against the CRs associated with the
CRD will fail, resulting in at least two concerns:

1. OLM is unable to subsequently reinstall the operator. When installing
   a CSV, if the CRD already exists and instances of CRs exist as well,
   OLM performs a series of checks which ensure that none of the CRs are
   invalidated against the new schema. The existing CRD's conversion
   webhooks points to a non-existant service, causing the check to fail
   and preventing installs.
2. Broken conversion webhooks causes kubernete's garbage collection to
   fail.

Solution: When a CSV is deleted, if no CSV exists that is replacing it,
set the CRD's conversion strategy to None.

Signed-off-by: Alexander Greene [email protected]

Upstream-commit: 94374983d448c56d031f0493b84b6dce37b84741
Upstream-repository: operator-lifecycle-manager

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[perdasilva]

/bugzilla refresh

[perdasilva]

/jira refresh

[openshift-ci-robot]

@perdasilva: This pull request references [Jira Issue OCPBUGS-78](https://issues.redhat.com//browse/OCPBUGS-78), which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.12.0) matches configured target version for branch (4.12.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST)

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@perdasilva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Retaining the bugzilla/valid-bug label as it was manually added.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[perdasilva]

/hold cancel

[jianzhangbjz]

We will cancel /hold after the testing passes.
/hold

[jianzhangbjz]

/hold

[kuiwang02]

/label qe-approved
/unhold

[grokspawn]

/lgtm

[openshift-ci-robot]

/retest-required

Remaining retests: 2 against base HEAD f8c466a and 8 for PR HEAD 9ac51ba in total

[openshift-ci]

@perdasilva: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-ci-robot]

@perdasilva: All pull requests linked via external trackers have merged:

• openshift/operator-framework-olm#360

[Jira Issue OCPBUGS-78](https://issues.redhat.com//browse/OCPBUGS-78) has been moved to the MODIFIED state.

In response to this:

Problem: When uninstalling a CSV, OLM has always avoided deleting the
associated CRD as all CRs on cluster are subsequently deleted, possibly
resulting in user dataloss.

OLM supports defining conversion webhooks within the CSV. On cluster,
conversion webhooks are defined with a CRD and point to a service that
handles conversion. If the service is unable to fulfill the request,
all requests against the CRs associated with the CRD will fail.

When uninstalling a CSV, OLM does not remove the conversion webhook from
the CRD, meaning that all requests against the CRs associated with the
CRD will fail, resulting in at least two concerns:

1. OLM is unable to subsequently reinstall the operator. When installing
   a CSV, if the CRD already exists and instances of CRs exist as well,
   OLM performs a series of checks which ensure that none of the CRs are
   invalidated against the new schema. The existing CRD's conversion
   webhooks points to a non-existant service, causing the check to fail
   and preventing installs.
2. Broken conversion webhooks causes kubernete's garbage collection to
   fail.

Solution: When a CSV is deleted, if no CSV exists that is replacing it,
set the CRD's conversion strategy to None.

Signed-off-by: Alexander Greene [email protected]

Upstream-commit: 94374983d448c56d031f0493b84b6dce37b84741
Upstream-repository: operator-lifecycle-manager

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[timflannagan]

/cherrypick release-4.11

[openshift-cherrypick-robot]

@timflannagan: new pull request created: #388

In response to this:

/cherrypick release-4.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[asmacdo]

/cherrypick release-4.10

[openshift-cherrypick-robot]

@asmacdo: #360 failed to apply on top of branch "release-4.10":

Applying: Cleanup conversion webhooks when an operator is uninstalled (#2832)
Using index info to reconstruct a base tree...
M	staging/operator-lifecycle-manager/pkg/controller/operators/olm/operator.go
M	staging/operator-lifecycle-manager/test/e2e/csv_e2e_test.go
M	staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go
M	vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/olm/operator.go
Falling back to patching base and 3-way merge...
Auto-merging vendor/github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/olm/operator.go
Auto-merging staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go
CONFLICT (content): Merge conflict in staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go
Auto-merging staging/operator-lifecycle-manager/test/e2e/csv_e2e_test.go
Auto-merging staging/operator-lifecycle-manager/pkg/controller/operators/olm/operator.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Cleanup conversion webhooks when an operator is uninstalled (#2832)
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-4.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.