Skip to content

Add documentation for operator features and security hardening#455

Open
posikoya wants to merge 1 commit into
openstack-k8s-operators:mainfrom
posikoya:posikoya/update-docs
Open

Add documentation for operator features and security hardening#455
posikoya wants to merge 1 commit into
openstack-k8s-operators:mainfrom
posikoya:posikoya/update-docs

Conversation

@posikoya

Copy link
Copy Markdown
Contributor

Document configurable OpenStack config, network attachments, nodeSelector/tolerations, security hardening, privileged mode capabilities, image creation timeout, and tempest cleanup in crds.rst. Add ServiceConfigReady condition diagnostics to guide.rst.

To run docs:
./docs/build-docs.sh
sphinx-autobuild docs/source docs/build/html

@openshift-ci openshift-ci Bot requested review from imatza-rh and kstrenkova June 18, 2026 07:04
@openshift-ci

openshift-ci Bot commented Jun 18, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: posikoya
Once this PR has been reviewed and has the lgtm label, please assign adrianfusco for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Document configurable OpenStack config, network attachments,  nodeSelector/tolerations, security hardening, privileged mode  capabilities, image creation timeout, and tempest cleanup in crds.rst.  Add ServiceConfigReady condition diagnostics to guide.rst.
@posikoya posikoya force-pushed the posikoya/update-docs branch from 9264978 to 336ffee Compare June 18, 2026 07:09
@posikoya posikoya self-assigned this Jun 18, 2026
@posikoya posikoya requested review from adrianfusco and belolipa June 18, 2026 12:28

@kstrenkova kstrenkova left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the work you put into this, this PR is much needed!

Saying that, I have left a lot of comments asking for changes. Overall, it is all about the same thing: please make it more compact. I don't think users want to read through sentences that are giving them no new information. I think the documentation should go straight to the point while having the most needed information :D

The change tackles the right things, however it could use some polishing to match the old style of the documentation and some sections moved to a different place.

Comment thread docs/source/crds.rst
The :code:`ansibleGitBranch` field accepts any valid git ref — branch names,
tag names, or commit SHAs all work.

.. note::

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this note is necessary, this information is already in the first section of this feature.

Comment thread docs/source/crds.rst
If :code:`ansibleGitBranch` is omitted or set to an empty string, the
repository's default branch is used.

.. note::

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think this explanation is needed as well. The logic related to the merging of the workflows should be in a more visible place. What you have described is not something specific to the AnsibleTest Git Branch, but works like that for all workflow features.

Comment thread docs/source/crds.rst

spec:
ansibleGitRepo: "https://github.com/myorg/openstack-tests"
ansibleGitBranch: "v3.0.0"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure this works? Even if it does, I would not include this example, I think the one on line 89 is enough to get the picture :D

Comment thread docs/source/crds.rst

* :ref:`ansibletest-custom-resource`

.. _configurable-openstack-config:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is in the right place. I wouldn't say it's such a big feature to be added under this section. It rather makes a bit cluttered with a feature that will not be used as much. I would put it under Run Tests via Test Operator and make it a lot shorter.

Comment thread docs/source/crds.rst

Network Attachments
===================
OpenStack deployments distribute services across multiple isolated networks.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would drop this paragraph, it doesn't give any useful information imho. The next paragraph about The networkAttachments field allows users to specify additional.... is enough in that regard.

Comment thread docs/source/crds.rst
all four test CRDs (Tempest, Tobiko, AnsibleTest, and HorizonTest). When
omitted, the scheduler uses its default placement logic.

Behaviour Per Test

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this subsection is needed as well.

Comment thread docs/source/crds.rst
effect: "NoSchedule"
containerImage: quay.io/podified-antelope-centos9/openstack-ansible-tests:current-podified

The toleration grants permission to run on the tainted node. The

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be up in the first paragraph.

Comment thread docs/source/crds.rst

.. _security-hardening:

Security Hardening

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this whole security hardening should get a new page and not clutter this one.

Comment thread docs/source/guide.rst

.. _service-config-ready-condition:

ServiceConfigReady Condition

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section is a good idea. I wouldn't necessarily call it ServiceConfigReady Condition, but maybe Checking Conditions. Then sum up how a user can check the conditions and what does it mean really briefly.

Comment thread docs/source/guide.rst

.. _tempest-rerun-failed-tests:

Tempest Re-run Failed Tests

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section is in the wrong page imho. I would say to remove it all together or brainstorm where to put it. Again, the content is too long with little key information, I would suggest shortening it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants