Skip to content

WiP: research for legacy-to-operator migrations#20120

Draft
porridge wants to merge 5 commits intomasterfrom
porridge/migraion
Draft

WiP: research for legacy-to-operator migrations#20120
porridge wants to merge 5 commits intomasterfrom
porridge/migraion

Conversation

@porridge
Copy link
Copy Markdown
Contributor

@porridge porridge commented Apr 21, 2026

Description

change me!

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

change me!

porridge and others added 5 commits April 20, 2026 14:22
@porridge @claude
Catalog roxctl central generate options and add randomness stripping …
dacdf82 
…script

Ran --help for all four modes (openshift/k8s x pvc/hostpath), diffed
them pairwise, and created a master options list.

Key findings:
- PVC modes have --db-name, --db-size, --db-storage-class
- Hostpath modes have --db-hostpath, --db-node-selector-key/value
- OpenShift modes add --openshift-monitoring and --openshift-version
- --lb-type includes "route" only in OpenShift modes

Added strip-randomness.sh which replaces all content that changes
between runs (PEM cert/key blocks, bcrypt hashes, generated secret
name suffixes, DB passwords, plaintext password file) and deletes
the helm/ subdirectory. Verified byte-for-byte identical output
across two runs for all four modes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@porridge @claude
Establish baseline output for all four roxctl generate modes
8d627b1 
Ran each of the four commands with default options and captured the
output directory tree. Randomized values (certs, keys, passwords)
have been stripped using strip-randomness.sh, and the helm/ subdirectory
has been removed since we only care about kubectl output.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@porridge @claude
Test batch 1: storage, OpenShift, password, PSP, telemetry, offline, …
1abf714 
…direct-grpc, client-only

Tested 14 options across all applicable modes. Key findings:
- PVC options (db-name/size/storage-class) affect only the central-db PVC
- Hostpath options (db-hostpath, db-node-selector) affect only central-db Deployment
- OpenShift monitoring=false removes ServiceMonitors, RBAC, port 9091, TLS volumes
- OpenShift version=3 additionally removes OCP4 CA injection, SCCs, OAuth
- PSP adds 4 PodSecurityPolicy files
- Telemetry=false replaces telemetry env vars with DISABLED marker
- Offline sets ROX_OFFLINE_MODE=true in central Deployment
- direct-grpc has NO manifest impact (client-side only)
- Client-only options (endpoint, force-http1, no-color, server-name) verified no impact
- password only changes value, not structure
- disable-admin-password adds adminPassword block to generated-values secret

Also updated strip-randomness.sh to handle adminPassword: key pattern.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@porridge @claude
Test batch 2: images, lb-type, plaintext-endpoints, istio, declarativ…
4c446fc 
…e-config, TLS

Tested 15 remaining options across all applicable modes. Key findings:
- All 6 image flags + image-defaults change container image references
- --main-image has wide blast radius (also changes scanner-v4 registry, setup scripts)
- --scanner-v4-image and --scanner-v4-db-image silently discard the provided registry
- --lb-type adds central/01-central-15-exposure.yaml (Service or Route)
- --plaintext-endpoints adds ROX_PLAINTEXT_ENDPOINTS env var to 7 containers
- --istio-support appends DestinationRules to 5 service files
- --declarative-config-config-maps/secrets add volume+mount to central Deployment
- --default-tls-cert/key adds central-default-tls-cert Secret
- --ca has NO manifest impact (client-side TLS trust, silently ignored)

Updated strip-randomness.sh to handle adminPassword: key pattern.
Master list now complete — all options documented with kubectl commands.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@porridge
more
d42f492
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 21, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

sourcery-ai[bot]
sourcery-ai bot reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, we are unable to review this pull request

The GitHub API does not allow us to fetch diffs exceeding 300 files, and this pull request has 7160

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 21, 2026
edited
Loading

🚀 Build Images Ready

Images are ready for commit d42f492. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.11.x-703-gd42f492dac

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@porridge