Hi, I'm trying to go through the certification steps described here. One of the errors I'm seeing is the following, and I'm not sure the cause:

[get-supported-versions : supported-version-check] ++ cat config.yaml
[get-supported-versions : supported-version-check] ++ yq -r .organization
[get-supported-versions : supported-version-check] + ORGANIZATION=certified-operators
[get-supported-versions : supported-version-check] ++ ocp-version-info operators/couchbase-enterprise-certified certified-operators
[get-supported-versions : supported-version-check] Traceback (most recent call last):
[get-supported-versions : supported-version-check]   File "/usr/local/bin/ocp-version-info", line 33, in <module>
[get-supported-versions : supported-version-check]     sys.exit(load_entry_point('operatorcert==1.0.0', 'console_scripts', 'ocp-version-info')())
[get-supported-versions : supported-version-check]   File "/usr/local/lib/python3.9/site-packages/operatorcert/entrypoints/ocp_version_info.py", line 41, in main
[get-supported-versions : supported-version-check]     version_info = ocp_version_info(bundle_path, args.pyxis_url, args.organization)
[get-supported-versions : supported-version-check]   File "/usr/local/lib/python3.9/site-packages/operatorcert/__init__.py", line 142, in ocp_version_info
[get-supported-versions : supported-version-check]     bundle_annotations = get_bundle_annotations(bundle_path)
[get-supported-versions : supported-version-check]   File "/usr/local/lib/python3.9/site-packages/operatorcert/__init__.py", line 43, in get_bundle_annotations
[get-supported-versions : supported-version-check]     raise RuntimeError("Annotations file not found")
[get-supported-versions : supported-version-check] RuntimeError: Annotations file not found
[get-supported-versions : supported-version-check] + VERSION_INFO=

Is this an annotation file that I'm supposed to add somewhere?

PR #2200 got merged but got stuck at publishing step, the check is still in pending state for a long time.

Even after merge of this PR: #392 i don't see any files in this repo, what migth be the reason?

What is the process for removing an Operator that we previously added that we are no longer are supporting and want to remove from the repository and catalog?

Certified Minio operator 4.0.9 failed to install on OCP 4.8 because some requirements are not met.
The following are the requirements.

  requirementStatus:
    - group: operators.coreos.com
      kind: ClusterServiceVersion
      message: CSV minKubeVersion (1.19.0) less than server version (v1.21.6+bb8d50a)
      name: minio-operator.v4.0.2
      status: Present
      version: v1alpha1
    - group: apiextensions.k8s.io
      kind: CustomResourceDefinition
      message: CRD is present and Established condition is true
      name: tenants.minio.min.io
      status: Present
      uuid: a587e2cb-53e9-4316-a625-9f038ec5338c
      version: v1
    - group: ''
      kind: ServiceAccount
      message: Service account does not exist
      name: minio-operator
      status: NotPresent
      version: v1

I don't know if it's intentional or not, but the installed version and the version shown in the operator are different.

I have been trying to push to certified a new version (#3063), but it is failing. Not sure what's going on. I hope this is the right channel to request some help.

I extracted the follwing url from the tests results log:
https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-redhat-openshift-ecosystem-certified-operators-prod-ocp-4.13-preflight-prod-claim/1720538876218445824.

Error:

preflight-trigger failed: unable to import latest-preflight-prod-claim release image: timed out waiting for the condition

We are using a certified operator of version v4.10 and cockroach DB is not available within this version of the certified operator.

Would you please provide it for version v4.10 certified operators?

The readme states "Pull request can't modify already merged operators"; so what is the protocol for updating an already merged operator bundle?

After we merged this PR, we discovered a problem with the OperatorHub installer for OCP v4.8.

(For the curious, it's a problem that this PR addresses: operator-framework/operator-registry@8720e3d -- our bundle is too big and v4.8 has no gzip option.)

Now we want to update all our 5.3.0 bundles so that the minimum OCP is 4.9. How do we go about updating this already merged operator bundle? Is there a set protocol that we can do or do we require different permissions to, say, delete the operator 5.3.0 bundle and re-add it with the appropriate changes?

(Duplicate of k8s-operatorhub/community-operators#2092 since this affects both repos, in case there's a solution that covers both.)

PR #2242 has been merged but stops/hangs at the acquire-lease step, meaning that the operator does not appear under the list of certified operators.

We have deployed Crunchy Postgres Operator 5.4.1 with scoped permissions according to https://docs.openshift.com/container-platform/4.12/operators/admin/olm-creating-policy.html

The rules listed in .spec.install.spec.permissions.0.rules in CSV were used to create the role that is bound to the scoped serviceaccount.

Now after a while we noticed that the installed operator shows status "Failed Up to date".
CSVshows the following status:
install strategy failed: install strategy failed: deployments.apps "pgo" is forbidden: User "system:serviceaccount:postgres-operator:scoped" cannot update resource "deployments" in API group "apps" in the namespace "postgres-operator"

Adding update to the role fixes the issue.

Suggestion: insert update here: https://github.com/redhat-openshift-ecosystem/certified-operators/blob/main/operators/crunchy-postgres-operator/5.5.0/manifests/crunchy-postgres-operator.clusterserviceversion.yaml#L355

Can we open a pr to delete older versions of a specific operator bundles?

Problem

Both bundles only work on OCP versions >= 4.9 because their size is bigger than > 1MB:

• confluent-for-kubernetes.v2.1.1 ( skipRange >=2.0.3 <2.1.1 - channel: 2.1 )
• confluent-for-kubernetes.v2.2.1 ( no upgrade graph config - first bundle published for this channel / chanel: stable)

See in 4.8:

time="2022-02-24T12:04:13Z" level=info msg="Using in-cluster kube client config"
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/confluent-for-kubernetes.clusterserviceversion.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/confluent-operator-licensing_v1_secret.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/confluent-operator-service_v1_service.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_confluentrolebindings.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_connectors.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_connects.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_controlcenters.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_kafkarestclasses.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_kafkarestproxies.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_kafkas.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_kafkatopics.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_ksqldbs.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_migrationjobs.yaml
time="2022-02-24T12:04:13Z" level=info msg="Reading file" file=/bundle/manifests/platform.confluent.io_schemaregistries.yaml
time="2022-02-24T12:04:13Z" level=error msg="File with size 130712 exceeded 1048576 limit, aboring" file=/bundle/manifests/platform.confluent.io_schemaregistries.yaml
Error: error loading manifests from directory: file platform.confluent.io_schemaregistries.yaml bigger than total allowed limit
Usage:
  opm alpha bundle extract [flags]

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2054514

Questions

a) Would it be possible to allow us to update the OCP labels by pushing a PR to replace "v4.6-v4.9" with "=v4.9" for we have these solutions published only in 4.9?

• https://github.com/redhat-openshift-ecosystem/certified-operators/blob/main/operators/confluent-for-kubernetes/2.2.1/metadata/annotations.yaml#L10
• https://github.com/redhat-openshift-ecosystem/certified-operators/blob/main/operators/confluent-for-kubernetes/2.2.0/metadata/annotations.yaml#L10

So that, we could ensure that these bundles are not published in OCP catalogs where them does not work at all.

b) Would be possible afterwards:

• Push another PR with these both dirs 2.2.1 and 2.2.0 like as 2.2.1.v4.6_v4.8 and 2.2.0.v4.6_v4.8
• Then, ensure that 2.2.1.v4.6_v4.8 and 2.2.0.v4.6_v4.8 are < ~1MB
• Keep them with the identical versions, names, etc. and with the OCP label "v4.6-v4.8"

So that, we can have smaller workable bundle versions (< 1MB) that would end up only 4.6, 4.7, 4.8 only?

OR

c) Would be a better approach:

• replace both bundles with smaller versions < (~1MB)
• keep the OCP label v4.6-v4.9
• and then, afterwards, if we want to have bigger bundles > (~1MB), publish the next/future ones with OCP label ranges that will be valid from 4.9 to avoid the same scenario occurring?

So that, we do not have the directories duplicated here (maybe easier to keep maintained), we can still work with bundles > ~1MB and release them from 4.9 only.

Hi,

The operator is currently not available for Red Hat OpenShift Platform Container 4.14.
Is there an ETA for a release to support the latest OCP version?

Hi team,

I am pushing the PR #3058 for the sn-operator certificate but the CI logs tell me that there is a duplicate PR #2806 and refuse to test my PR.

[submission-validation : submission-validation] 2023-11-03 14:32:55,335 [operator-cert] DEBUG GET GitHub request url: https://api.github.com/repos/redhat-openshift-ecosystem/certified-operators/pulls
[submission-validation : submission-validation] 2023-11-03 14:32:55,335 [operator-cert] DEBUG GET GitHub request params: None
[submission-validation : submission-validation] 2023-11-03 14:32:56,232 [operator-cert] ERROR There is more than one pull request for the Operator Bundle sn-operator
[submission-validation : submission-validation] 2023-11-03 14:32:56,232 [operator-cert] ERROR DUPLICATE: operator sn-operator (0.2.1-rc): https://github.com/redhat-openshift-ecosystem/certified-operators/pull/2806
[submission-validation : submission-validation] Traceback (most recent call last):
[submission-validation : submission-validation]   File "/home/user/.venv/bin/verify-pr-uniqueness", line 8, in <module>
[submission-validation : submission-validation]     sys.exit(main())
[submission-validation : submission-validation]              ^^^^^^
[submission-validation : submission-validation]   File "/home/user/.venv/lib/python3.11/site-packages/operatorcert/entrypoints/verify_pr_uniqueness.py", line 51, in main
[submission-validation : submission-validation]     verify_pr_uniqueness(repos, args.pr_url, args.bundle_name)
[submission-validation : submission-validation]   File "/home/user/.venv/lib/python3.11/site-packages/operatorcert/__init__.py", line 399, in verify_pr_uniqueness
[submission-validation : submission-validation]     raise RuntimeError("Multiple pull requests for one Operator Bundle")
[submission-validation : submission-validation] RuntimeError: Multiple pull requests for one Operator Bundle

But the PR 2806 author account is disabled. Could you help close that PR and unblock my PR 3058? Thanks a lot.

I have an operator that I want certified. The pipeline task get-supported-versions is failing with the following logs

step-supported-version-check
++ cat config.yaml
++ yq -r .organization

• ORGANIZATION=certified-operators
  ++ ocp-version-info operators/ako-operator/1.5.2 certified-operators
  Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 174, in _new_conn
  conn = connection.create_connection(
  File "/usr/local/lib/python3.9/site-packages/urllib3/util/connection.py", line 73, in create_connection
  for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
  File "/usr/lib64/python3.9/socket.py", line 954, in getaddrinfo
  for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
  socket.gaierror: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 358, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 186, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f7914850ee0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='catalog.redhat.com', port=443): Max retries exceeded with url: /api/containers/v1/operators/indices?filter=organization%3D%3Dcertified-operators&ocp_versions_range=v4.6-v4.9&page_size=500&sort_by=ocp_version%5Bdesc%5D&include=data.ocp_version%2Cdata.path (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7914850ee0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/ocp-version-info", line 33, in
sys.exit(load_entry_point('operatorcert==1.0.0', 'console_scripts', 'ocp-version-info')())
File "/usr/local/lib/python3.9/site-packages/operatorcert/entrypoints/ocp_version_info.py", line 36, in main
version_info = ocp_version_info(bundle_path, args.pyxis_url, args.organization)
File "/usr/local/lib/python3.9/site-packages/operatorcert/init.py", line 159, in ocp_version_info
indices = get_supported_indices(
File "/usr/local/lib/python3.9/site-packages/operatorcert/init.py", line 118, in get_supported_indices
rsp = requests.get(url, params=params)
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='catalog.redhat.com', port=443): Max retries exceeded with url: /api/containers/v1/operators/indices?filter=organization%3D%3Dcertified-operators&ocp_versions_range=v4.6-v4.9&page_size=500&sort_by=ocp_version%5Bdesc%5D&include=data.ocp_version%2Cdata.path (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7914850ee0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

• VERSION_INFO=

I am running the pipeline as a Minimal Pipeline Run.

The Nutanix CSI operator defines various images that are not mentioned into the operator CSV.
For that reason tools like oc mirror or oc adm mirror fails to locally download those image and creating the related ImageContentSourcePolicy.

• Nutanix CSI Helm charts: https://github.com/nutanix/helm/blob/master/charts/nutanix-csi-storage/values.yaml#L122-L145
• nutanix-csi-operator images:

$ podman run -it --entrypoint '/bin/sh' registry.connect.redhat.com/nutanix/nutanix-csi-operator@sha256:fbb5204d196f84b2b38278ae411b1a2fa63919a194febe333fe5ed932b3a328f -c "grep image: helm-charts/nutanix-csi-storage/values.yaml"
  image: registry.connect.redhat.com/nutanix/ntnx-csi-os@sha256:66693da887ba2d9388aff5c4459a16a717246127c07bebdf36c573095a3e2118
  image: registry.connect.redhat.com/nutanix/ntnx-csi-os@sha256:66693da887ba2d9388aff5c4459a16a717246127c07bebdf36c573095a3e2118
    image: k8s.gcr.io/sig-storage/csi-node-driver-registrar@sha256:0103eee7c35e3e0b5cd8cdca9850dc71c793cdeb6669d8be7a89440da2d06ae4
    image: k8s.gcr.io/sig-storage/csi-provisioner@sha256:8027dd89dfd93741e06afced6ab6d6862dcb2a4b21f90070ae5802f46a894534
    image: k8s.gcr.io/sig-storage/csi-snapshotter@sha256:ad16874e2140256a809cada2b4ac3d931d5b73b0bee23ed0f8d60bdd778cfec2
    image: k8s.gcr.io/sig-storage/csi-resizer@sha256:8f7520bd957e7151fda9886eb5090739439811aeec5ddffb50ad7c8191548d97
    image: k8s.gcr.io/sig-storage/livenessprobe@sha256:933940f13b3ea0abc62e656c1aa5c5b47c04b15d71250413a6b821bd0c58b94e

• Operator CSV's relatedImages: https://github.com/redhat-openshift-ecosystem/certified-operators/blob/main/operators/nutanixcsioperator/2.5.4/manifests/nutanixcsioperator.clusterserviceversion.yaml#L327-L333

A release PR which was attempting to fix a broken release was merged before required fixes were made:
#2063.
Is there a procedure to ensure that we can avoid automatically merging pull requests?

The recently updated seldon core operator listing for v1.12.0 (merged via #405) does not seem to reflect an updated on the certified operators list - i.e. "updated 5 months ago", whereas it should be last month.

This was reported in our repo on SeldonIO/seldon-core#3965.

We can confirm that the certified images are present https://catalog.redhat.com/software/containers/search?q=seldon.

What would be the steps to ensrue that the listing shows the latest operator?

I had a PR, #2207 that was successful and published. I have noticed I have a mistake in the clusterserviceversion.yaml, line 205:
replaces: t8c-operator.v42.28.0

This should be 42.29.0, so it is a mistake. Can I just open up a new PR and have it update the released bundle?

Hello,

I was about to update our operator to 0.5.1 and I noticed that the last changes for 0.5.0 are not in main even if #367 was merged.

i cannot submit a PR due to submission-validation failure
i have asked for permissions on the slack channel #cloudpak-redhat-certification but did not see any progress and this is an urgent need to resolve a customer issue

Okay, so we can't change the contents of a directory? But how do we update an extant version? Is the answer really nothing? FYI, the currently certified release of cilium does not reference and existing operator image. It points to nothing, so it won't work. Obviously, I'd like to fix this.

These are the changes I'd like to make.