Skip to content

WiP: research for legacy-to-operator migrations#20120

Draft
porridge wants to merge 5 commits intomasterfrom
porridge/migraion
Draft

WiP: research for legacy-to-operator migrations#20120
porridge wants to merge 5 commits intomasterfrom
porridge/migraion

Conversation

@porridge
Copy link
Copy Markdown
Contributor

Description

change me!

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

change me!

porridge and others added 5 commits April 20, 2026 14:22
…script

Ran --help for all four modes (openshift/k8s x pvc/hostpath), diffed
them pairwise, and created a master options list.

Key findings:
- PVC modes have --db-name, --db-size, --db-storage-class
- Hostpath modes have --db-hostpath, --db-node-selector-key/value
- OpenShift modes add --openshift-monitoring and --openshift-version
- --lb-type includes "route" only in OpenShift modes

Added strip-randomness.sh which replaces all content that changes
between runs (PEM cert/key blocks, bcrypt hashes, generated secret
name suffixes, DB passwords, plaintext password file) and deletes
the helm/ subdirectory. Verified byte-for-byte identical output
across two runs for all four modes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ran each of the four commands with default options and captured the
output directory tree. Randomized values (certs, keys, passwords)
have been stripped using strip-randomness.sh, and the helm/ subdirectory
has been removed since we only care about kubectl output.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…direct-grpc, client-only

Tested 14 options across all applicable modes. Key findings:
- PVC options (db-name/size/storage-class) affect only the central-db PVC
- Hostpath options (db-hostpath, db-node-selector) affect only central-db Deployment
- OpenShift monitoring=false removes ServiceMonitors, RBAC, port 9091, TLS volumes
- OpenShift version=3 additionally removes OCP4 CA injection, SCCs, OAuth
- PSP adds 4 PodSecurityPolicy files
- Telemetry=false replaces telemetry env vars with DISABLED marker
- Offline sets ROX_OFFLINE_MODE=true in central Deployment
- direct-grpc has NO manifest impact (client-side only)
- Client-only options (endpoint, force-http1, no-color, server-name) verified no impact
- password only changes value, not structure
- disable-admin-password adds adminPassword block to generated-values secret

Also updated strip-randomness.sh to handle adminPassword: key pattern.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e-config, TLS

Tested 15 remaining options across all applicable modes. Key findings:
- All 6 image flags + image-defaults change container image references
- --main-image has wide blast radius (also changes scanner-v4 registry, setup scripts)
- --scanner-v4-image and --scanner-v4-db-image silently discard the provided registry
- --lb-type adds central/01-central-15-exposure.yaml (Service or Route)
- --plaintext-endpoints adds ROX_PLAINTEXT_ENDPOINTS env var to 7 containers
- --istio-support appends DestinationRules to 5 service files
- --declarative-config-config-maps/secrets add volume+mount to central Deployment
- --default-tls-cert/key adds central-default-tls-cert Secret
- --ca has NO manifest impact (client-side TLS trust, silently ignored)

Updated strip-randomness.sh to handle adminPassword: key pattern.
Master list now complete — all options documented with kubectl commands.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 21, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, we are unable to review this pull request

The GitHub API does not allow us to fetch diffs exceeding 300 files, and this pull request has 7160

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 21, 2026

🚀 Build Images Ready

Images are ready for commit d42f492. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.11.x-703-gd42f492dac

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant