RHDEVDOCS-3411- added release notes for 1.3.0 #37968
Conversation
openshift-ci
bot
added
the
size/L
|
✔️ Deploy Preview for osdocs ready! 🔨 Explore the source changes: 77c943c 🔍 Inspect the deploy log: https://app.netlify.com/sites/osdocs/deploys/618bc6bf1eb7b30008327ec5 😎 Browse the preview: https://deploy-preview-37968--osdocs.netlify.app |
|
@reginapizza please review the release notes |
| * During migration from Dev to Keycloak, users may experience inability to login with Keycloak. After logging in with the new OpenShift user page it is constantly refreshing and it fails to load data. link:https://issues.redhat.com/browse/GITOPS-1450[GITOPS-1450] | ||
|
|
||
| Workarounds: | ||
|
|
||
| * When migrating from Dex to Keycloak (One provider to another). Uninstall `Dex (remove .spec.dex)`, wait for a couple of minutes. | ||
| Install `Keycloak(.spec.sso.provider: keycloak)` | ||
| * If you run into the above issue just uninstall and install Keycloak. |
There was a problem hiding this comment.
This section was written not by me, and I missed the wording on it in the rough draft. It's not really worded in a way that aligns with doc standards, so please change it to something that is more appropriate, maybe something like this:
* During migration from Dex to Keycloak, users may experience an inability to login with Keycloak. After logging in with the new OpenShift user page, users may notice that the page is constantly refreshing and fails to load data. link:https://issues.redhat.com/browse/GITOPS-1450[GITOPS-1450]
Workarounds:
* When migrating from Dex to Keycloak, uninstall Dex by removing `.spec.dex` and then wait a few minutes while it is uninstalling.
Install Keycloak by adding `.spec.sso.provider: keycloak`
* If you run into additional issues with Keycloak, try uninstall and re-installing Keycloak.
(getting confirmation about the last line, fyi.. I'm not clear exactly on what "above issue" that is referring to)
There was a problem hiding this comment.
@jaideepr97 on our team reworded this with a little more information as well if that would help, you can pick and choose what would be easiest for a user to understand:
* During migration from Dex to Keycloak, users may experience an inability to login with Keycloak. After logging in with the new OpenShift user page, users may notice that the page is constantly refreshing and fails to load data. This may happen if the migration occurs too quickly.
link:https://issues.redhat.com/browse/GITOPS-1450[GITOPS-1450]
Prevention:
* When migrating from Dex to Keycloak, uninstall Dex by removing the `.spec.dex` section found in the Argo CD custom resource. Allow a few minutes for Dex to finsih uninstalling completely, and then proceed to install Keycloak by adding `.spec.sso.provider: keycloak` to the Argo CD custom resource.
Workaround:
* If this issue is encountered, Keycloak should be uninstalled by removing `.spec.sso.provider: keycloak` and re-installed as per provided guidance.
| key: infra | ||
| value: reserved | ||
| ---- | ||
| . Verify that the workloads in the `openshift-gitops` namespace are now scheduled on infrastructure nodes by viewing `Pods ->Pod details` for any pod in the console UI. |
There was a problem hiding this comment.
I think you need a space between -> and Pod?
| ---- | ||
| $ oc label node <node-name> node-role.kubernetes.io/infra="" | ||
| ---- | ||
| . Apply taints and isolate the workloads on Infrastructure nodes and prevent other workloads from scheduling on these nodes. Run the following command: |
There was a problem hiding this comment.
This is an optional step, I had originally worded it as "To isolate the workloads on Infrastructure nodes and prevent other workloads from scheduling on these nodes, taints can be applied to them like so:"
I would say to either make a note that it is optional or word it in a way that lets the user know it is optional.
|
@reginapizza made the changes as per review comments. Please check |
|
https://docs.openshift.com/container-platform/4.9/cicd/gitops/configuring-sso-for-argo-cd-on-openshift.html |
| | Helm | ||
| | v3.6.0 | ||
| |=== | ||
|
|
There was a problem hiding this comment.
Let's add "Dex" v2.28.0 as well.
| * The default Argo CD instance installed by the OpenShift GitOps operator as well as accompanying controllers can now be made to run on the cluster's infrastructure nodes by setting a simple configuration toggle. | ||
|
|
||
| [discrete] | ||
| .Procedure |
There was a problem hiding this comment.
When I view in rich text, this doesn't feel indented under the second bullet point, could you please verify?
There was a problem hiding this comment.
@DebarghoGhosh adding a '+' above the [discrete] will solve the indentation issue.
But more importantly, we should not have procedures in new features, these should be just key highlights in bulleted points. I would suggest moving this procedure to an appropriate assembly in the GitOps section.
However, please note, procedures as an exception can be seen in the Known Issues section.
There was a problem hiding this comment.
@Preeticp as per discussion, removing the procedure from the New Features section and we can add it in the following page:
@reginapizza please check and confirm if we can add the procedure in the above page under Logging in into Argo CD instance section.
There was a problem hiding this comment.
that's fine with me, I agree with that decision if procedures shouldn't be in new features sections
| | TP | ||
| | {gitops-title} Application Manager (kam) | ||
| | TP | ||
| | {gitops-title} Service |
There was a problem hiding this comment.
-1 on this :)
I now we've had this in previous release notes, but I would call this "developer console integration" instead of Red Hat OpenShift Gitops Service. Please consult with @siamaksade and @wtam2018 :)
There was a problem hiding this comment.
We has dropped "Red Hat OpenShift GitOps Service" from this table as this service is an internal service.
There was a problem hiding this comment.
@DebarghoGhosh overall looks good. Have left a few suggestions, PTAL.
| == New features | ||
| In addition to the fixes and stability improvements, the following sections highlight what is new in {gitops-title} 1.3.0: | ||
|
|
||
| * After Argo CD is installed, Red Hat Single Sign On (SSO) is automatically configured. You can log into the default Argo CD instance in the `openshift-gitops` namespace using the OpenShift credentials. As an admin you can disable the Red Hat SSO installation after the operator is installed which will result in removing the Red Hat SSO deployment from the `openshift-gitops` namespace. |
There was a problem hiding this comment.
This should be, 'After the Red Hat OpenShift GitOps Operator is installed' instead of 'After Argo CD is installed'.
the Red Hat Single Sign On (SSO)
Operator- Operator is always written in title case, please see:https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/doc_guidelines.adoc#operator-name-capitalization
| In addition to the fixes and stability improvements, the following sections highlight what is new in {gitops-title} 1.3.0: | ||
|
|
||
| * After Argo CD is installed, Red Hat Single Sign On (SSO) is automatically configured. You can log into the default Argo CD instance in the `openshift-gitops` namespace using the OpenShift credentials. As an admin you can disable the Red Hat SSO installation after the operator is installed which will result in removing the Red Hat SSO deployment from the `openshift-gitops` namespace. | ||
| Additionally, for any new Argo CD instance you can enable Red Hat SSO by setting the flag to true; when the flag is not present, Red Hat SSO will be disabled by default. |
There was a problem hiding this comment.
'the Red Hat SSO' in both the instances in this sentence.
Suggest breaking the sentence into two instead of adding the semicolon. 'When the flag...'
| * After Argo CD is installed, Red Hat Single Sign On (SSO) is automatically configured. You can log into the default Argo CD instance in the `openshift-gitops` namespace using the OpenShift credentials. As an admin you can disable the Red Hat SSO installation after the operator is installed which will result in removing the Red Hat SSO deployment from the `openshift-gitops` namespace. | ||
| Additionally, for any new Argo CD instance you can enable Red Hat SSO by setting the flag to true; when the flag is not present, Red Hat SSO will be disabled by default. | ||
|
|
||
| * The default Argo CD instance installed by the OpenShift GitOps operator as well as accompanying controllers can now be made to run on the cluster's infrastructure nodes by setting a simple configuration toggle. |
There was a problem hiding this comment.
Suggest: ...controllers can now run on the...
cluster's infrastructure nodes - Do not use possessives for inanimate objects. Suggest: run on the infrastructure nodes of the cluster by setting a simple configuration toggle.
|
|
||
| [discrete] | ||
| .Procedure | ||
| . Label the existing nodes. In the terminal run the following command: |
There was a problem hiding this comment.
We can remove the second sentence completely. Just say: Label the existing nodes:
| ---- | ||
| $ oc label node <node-name> node-role.kubernetes.io/infra="" | ||
| ---- | ||
| If required, you can also apply taints and isolate the workloads on Infrastructure nodes and prevent other workloads from scheduling on these nodes. Run the following command: |
There was a problem hiding this comment.
Make this as an optional step, see the guidelines on the OCP docs repo for it for details.
. Optional: If required, you can apply taints...
infrastructure nodes - if the case consistent, see guidelines for when title case is used, otherwise in majority of cases lower case is preferred.
Remove the second sentence and add colon after the first sentence.
| * You will now have access to custom health checks in Argo CD for `DeploymentConfig` resources, Route resources, and `OLM` operators. | ||
| * The GitOps Operator will now conform the naming conventions recommended by the latest operator-sdk by introducing the following changes: | ||
| ** The prefix `gitops-operator-` will be added to all resources | ||
| ** Service account will be renamed to `gitops-operator-controller-manager` |
There was a problem hiding this comment.
Suggest replacing 'will be' to 'is'
There was a problem hiding this comment.
Not sure why the above correction was not made. Is this going to be implemented in the future? If yes then the sentence on Line 59 needs to change to something like - The GitOps Operator is now adapting to the naming conventions.
| == Fixed issues | ||
| The following issues were resolved in the current release: | ||
|
|
||
| * Previously, if you were setting a new namespace to be managed by a new instance of Argo CD, it would immediately be “Out Of Sync” due to the new roles and bindings that the operator creates to manage that new namespace. This behavior is fixed. link:https://issues.redhat.com/browse/GITOPS-1384[GITOPS-1384] |
There was a problem hiding this comment.
“Out Of Sync” remove quotes, use bold format instead.
Operator, search and correct all instances in the PR, please.
| == Known issues | ||
| These are the known issues in {gitops-title} 1.3.0: | ||
|
|
||
| * While migrating from Dev to Keycloak, you may experience login issues with Keycloak. link:https://issues.redhat.com/browse/GITOPS-1450[GITOPS-1450] |
There was a problem hiding this comment.
Dev/Dex
the Dex authentication provider to the Keycloak provider
|
|
||
| Workarounds: | ||
|
|
||
| * If you run into the above issue, uninstall Keycloak by removing `.spec.sso.provider: keycloak` and then re-install. |
There was a problem hiding this comment.
When a user skims the KIs the separate sections give the impression that there are three KIs but actually there is only one. Suggest making the prevention and workaround as paragraphs. Also there is only one workaround so Workarounds does not sound right.
Suggest:
As a prevention, when migrating, uninstall Dex by removing....
As a workaround, If you run into the above issue, uninstall...
|
|
||
| [id="known-issues-1-3_{context}"] | ||
| == Known issues | ||
| These are the known issues in {gitops-title} 1.3.0: |
There was a problem hiding this comment.
Since there is only one KI suggest dropping this sentence. WDYT?
DebarghoGhosh
force-pushed
the
release-notes-1.3-3411
branch
from
c63ac45
to
50a09a0
Compare
| $ oc label node <node-name> node-role.kubernetes.io/infra="" | ||
| ---- | ||
| + | ||
| .Optional: If required, you can also apply taints and isolate the workloads on infrastructure nodes and prevent other workloads from scheduling on these node: |
There was a problem hiding this comment.
As per conventions for optional steps, add a space between the '.' and 'Optional' to make it into a numbered step, right now it is formatted as a discrete heading.
| key: infra | ||
| value: reserved | ||
| ---- | ||
| . Verify that the workloads in the `openshift-gitops` namespace are now scheduled on the infrastructure nodes by viewing `Pods -> Pod details` for any pod in the console UI. |
There was a problem hiding this comment.
Please use markup as per guidelines here:https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/doc_guidelines.adoc#quick-markup-reference see the fourth row.
| |*OpenShift GitOps* 6+|*Component Versions*|*OpenShift Versions*|*Support status* | ||
|
|
||
| |*Version*|*kam*|*Helm*|*Kustomize*|*Argo CD*|*ApplicationSet*|*Dex*|| | ||
| |1.0.0|0.0.21|3.5.0|3.8.1|1.8|N/A|N/A|4.6|TP |
There was a problem hiding this comment.
Reverse the order in the table. 1.3.1 at the top and 1.1.0 at the bottom.
|
|
||
| Some features in this release are currently in Technology Preview. These experimental features are not intended for production use. | ||
|
|
||
| link:https://access.redhat.com/support/offerings/techpreview[Technology Preview Features Support Scope] |
There was a problem hiding this comment.
Rolfe has removed the link from here and added it to the previous sentence, we could do the same here: https://github.com/openshift/openshift-docs/pull/37369/files#diff-f69a75041cab614e9a1c81c8b8612628915db7991e4f7c62a22fbb41a900b468R18-R20
If you make the change make it in the module as well.
| == New features | ||
| In addition to the fixes and stability improvements, the following sections highlight what is new in {gitops-title} 1.3.0: | ||
|
|
||
| * After the Red Hat OpenShift GitOps Operator is installed, the Red Hat Single Sign On (SSO) is automatically configured. You can log into the default Argo CD instance in the `openshift-gitops` namespace using the OpenShift credentials. As an admin you can disable the Red Hat SSO installation after the Operator is installed which will result in removing the Red Hat SSO deployment from the `openshift-gitops` namespace. |
There was a problem hiding this comment.
Please search for Red Hat OpenShift GitOps in all the files in this PR and use {gitops-title} instead, in case any changes are needed at a latter stage we can simply update this attribute from the attribute file (modules/gitops-document-attributes.adoc).
Add comma before 'which...'
|
|
||
| === Compatibility and support matrix | ||
|
|
||
| Some features in this release are currently in Technology Preview. These experimental features are not intended for production use. + |
There was a problem hiding this comment.
Not sure if we need the extra + at the end of the sentence. Strangely, I do not see it in the rendered version
| $ oc adm taint nodes -l node-role.kubernetes.io/infra | ||
| infra=reserved:NoSchedule infra=reserved:NoExecute | ||
| ---- | ||
| . Add `runOnInfra` toggle in the `GitOpsService` custom resource: |
There was a problem hiding this comment.
the runOnInfra toggle
these nodes - plural
| key: infra | ||
| value: reserved | ||
| ---- | ||
| . Verify that the workloads in the `openshift-gitops` namespace are now scheduled on the infrastructure nodes by viewing `Pods -> Pod details` for any pod in the console UI. |
There was a problem hiding this comment.
Please use the correct formatting as per the OCP docs guidelines for: Pods -> Pod details
| spec: | ||
| runOnInfra: true | ||
| ---- | ||
| . Add `tolerations` to the `GitOpsService` custom resource if taints have been added to the nodes, for example: |
There was a problem hiding this comment.
Since adding taints is optional, I think this step is optional too. @reginapizza can you confirm?
Also, suggest starting the sentence with - If taints have been added to the nodes, then add tolerations...
This helps users to decide if it is worth reading the next part of the sentence. They will read it only if they have used taints.
Also, in short can we mention what these tolerations do like how taints are used to isolate workloads?
There was a problem hiding this comment.
@reginapizza please suggest
There was a problem hiding this comment.
@saumeya can you provide input? I believe this step is optional as well but I'm not positive
There was a problem hiding this comment.
@Preeticp yes that step is optional, we can add your suggestion, i'll try adding a brief about tolerations and taints, there is a jira about already assigned to me, i'll work on it.
|
|
||
| [NOTE] | ||
| ==== | ||
| Any manually added `nodeSelectors` and `tolerations` added to the default Argo CD custom resource are overwritten by toggle and `tolerations` in the `GitOpsService` custom resource. |
There was a problem hiding this comment.
Any manually added nodeSelectors and tolerations added to the default/Any nodeSelectors and tolerations manually added to the default
by toggle and/by the toggle and the tolerations
There was a problem hiding this comment.
I didn't understand this, could you elaborate?
There was a problem hiding this comment.
Maybe this can be rephrased this way?:
Any nodeSelectors and tolerations manually added to the default Argo CD custom resource will be superseded by the toggle and tolerations present in the GitOpsService custom resource
|
Would it make sense to limit the support matrix table to supported releases (1.1+)? Also do we need to include the patch releases? |
|
|
||
| Note the following scope of support on the Red Hat Customer Portal for these features: | ||
|
|
||
| .Compatibility and Support matrix |
There was a problem hiding this comment.
I suggest we drop the table at module level as was done for the Pipeline release notes PR. The information is repeated, and this would reduce maintenance as well as potential errors.
| @@ -0,0 +1,57 @@ | |||
| // Module included in the following assembly: | |||
| // | |||
| // * etting-started-with-openshift-gitops.adoc | |||
There was a problem hiding this comment.
Replace above with: gitops/configuring_argo_cd_to_recursively_sync_a_git_repository_with_your_application/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
|
|
||
| = Running the Argo CD instance at the cluster-level | ||
|
|
||
| The default Argo CD instance installed by the OpenShift GitOps Operator as well as accompanying controllers can now run on the infrastructure nodes of the cluster by setting a simple configuration toggle. |
There was a problem hiding this comment.
Use the attribute instead of: OpenShift GitOps
| * The default Argo CD instance installed by the Operator as well as accompanying controllers can now run on the infrastructure nodes of the cluster by setting a simple configuration toggle. | ||
| * Internal communications in Argo CD can now be secured using the TLS and the OpenShift cluster certificates. The Argo CD routes can now leverage the OpenShift cluster certificates in addition to using external certificate managers such as the cert-manager. | ||
| * Use the improved *environment details* view in the *Developer* perspective of the console 4.9 to gain insights into the GitOps environments. | ||
| * You can now have access to custom health checks in Argo CD for `DeploymentConfig` resources, Route resources, and `OLM` Operators. |
There was a problem hiding this comment.
You can now access custom health checks
Route/Route
DebarghoGhosh
force-pushed
the
release-notes-1.3-3411
branch
from
0789fdc
to
fbf4915
Compare
|
|
||
| = Running the Argo CD instance at the cluster-level | ||
|
|
||
| The default Argo CD instance installed by the {gitops-title} as well as accompanying controllers can now run on the infrastructure nodes of the cluster by setting a simple configuration toggle. |
There was a problem hiding this comment.
- 'by the {gitops-title} Operator as well as the accompanying'
- On looking at this sentence again, the placement of 'as well as accompanying controllers' is confusing. It can be interpreted as the Argo CD instance installed by the operator and the controllers.
Suggest something like this:
The default Argo CD instance and the accompanying controllers, installed by the {gitops-title} Operator, can now run...
@reginapizza please let us know if this is technically accurate.
There was a problem hiding this comment.
yes @Preeticp your suggestion looks good.
| * The default Argo CD instance installed by the Operator as well as accompanying controllers can now run on the infrastructure nodes of the cluster by setting a simple configuration toggle. | ||
| * Internal communications in Argo CD can now be secured using the TLS and the OpenShift cluster certificates. The Argo CD routes can now leverage the OpenShift cluster certificates in addition to using external certificate managers such as the cert-manager. | ||
| * Use the improved *environment details* view in the *Developer* perspective of the console 4.9 to gain insights into the GitOps environments. | ||
| * You can now access to custom health checks in Argo CD for `DeploymentConfig` resources, `Route` resources, and `OLM` Operators. |
There was a problem hiding this comment.
Please remove 'to' from: You can now access to custom health checks
There was a problem hiding this comment.
@saumeya @jaideepr97 @reginapizza the only mention of OLM-Operator in the OCP docs is here:https://docs.openshift.com/container-platform/4.9/security/certificate_types_descriptions/olm-certificates.html
My question hence is should this be written as olm-operator, and if it should be singular or plural, as in, operator/operators.
Also in this context is Route a custom resource?
I wonder if this should be written as:
- You can now access custom health checks in Argo CD for
DeploymentConfigresources, routes, andOLM-Operators.
@DebarghoGhosh please change depending on answers to the above question.
There was a problem hiding this comment.
@saumeya please suggest
There was a problem hiding this comment.
@praveenkumar, @chetan-rns please suggest
There was a problem hiding this comment.
I believe olm-operator has a different meaning since it is one of the OLM components. Here "OLM Operators" refers to the operators installed using OLM. And Route is an OpenShift custom resource.
There was a problem hiding this comment.
Thank you, Chetan. In that case @DebarghoGhosh we simply need to replace OLM Operators with 'Operators installed using OLM.'
There was a problem hiding this comment.
Hey Debargho, @praveenkumar is our CRC rockstar :) We might need either a developer in the team, Praveen Thangdancha or another QE from the team to provide an LGTM before we merge.
DebarghoGhosh
force-pushed
the
release-notes-1.3-3411
branch
from
93de70b
to
987d830
Compare
Preeticp
added
branch/enterprise-4.8
branch/enterprise-4.9
branch/enterprise-4.10
peer-review-done
| == New features | ||
| In addition to the fixes and stability improvements, the following sections highlight what is new in {gitops-title} 1.3.0: | ||
|
|
||
| * After the Operator is installed, the Red Hat Single Sign On (SSO) is automatically configured. You can log into the default Argo CD instance in the `openshift-gitops` namespace using the OpenShift credentials. As an admin you can disable the Red Hat SSO installation after the Operator is installed which will result in removing the Red Hat SSO deployment from the `openshift-gitops` namespace. |
There was a problem hiding this comment.
This statement is not true. Please replace Red Hat Single Sign on with Dex. It should look something like this.
For a fresh install of v1.3.0, Dex is automatically configured. You can log into the default Argo CD instance in the openshift-gitops namespace using the OpenShift credentials. As an admin you can disable the Dex installation after the Operator is installed which will result in removing the Dex deployment from the openshift-gitops namespace.
There was a problem hiding this comment.
We should mention that they can use kubeadmin credentials with dex as well, right?
There was a problem hiding this comment.
@iam-veeramalla and @jaideepr97 I have made the changes. Please check and confirm. Need your LGTM before merging
| In addition to the fixes and stability improvements, the following sections highlight what is new in {gitops-title} 1.3.0: | ||
|
|
||
| * After the Operator is installed, the Red Hat Single Sign On (SSO) is automatically configured. You can log into the default Argo CD instance in the `openshift-gitops` namespace using the OpenShift credentials. As an admin you can disable the Red Hat SSO installation after the Operator is installed which will result in removing the Red Hat SSO deployment from the `openshift-gitops` namespace. | ||
| Additionally, for any new Argo CD instance you can enable the Red Hat SSO by setting the flag to true. When the flag is not present, the Red Hat SSO will be disabled by default. |
There was a problem hiding this comment.
Please remove this last line.
DebarghoGhosh
force-pushed
the
release-notes-1.3-3411
branch
from
7ebcb3a
to
46434ce
Compare
made review changes as per comments made review changes build error fixed fix build error2 made changes as per review comments added new tables made review changes changes made to the links made review changes removed 1.0 from the table removed z versions from the table made review changes review changes done added +
DebarghoGhosh
force-pushed
the
release-notes-1.3-3411
branch
from
1708fbf
to
77c943c
Compare
|
@sbose78 thank you for approving the PR. |
|
/cherrypick enterprise-4.8 |
|
/cherrypick enterprise-4.9 |
|
/cherrypick enterprise-4.10 |
|
@Preeticp: new pull request created: #38562 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@Preeticp: new pull request created: #38563 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@Preeticp: new pull request created: #38564 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Aligned team: Dev Tools
OCP version for cherry-picking: enterprise-4.8, enterprise-4.9
JIRA issues: RHDEVDOCS-3411 GitOps Release Notes, Known Issues and Bug Fixes for 1.3
https://issues.redhat.com/browse/RHDEVDOCS-3411
Preview pages: https://deploy-preview-37968--osdocs.netlify.app/openshift-enterprise/latest/cicd/gitops/gitops-release-notes#gitops-release-notes-1-3_gitops-release-notes
SME+QE review: @reginapizza
Peer-review: @Preeticp