From fc1fda46ce159a0cd64643aefb2f4c8a7ba9408e Mon Sep 17 00:00:00 2001 From: Predrag Knezevic Date: Wed, 13 May 2026 15:41:55 +0200 Subject: [PATCH] Pass all feature gates explicitly in controller deployments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, only non-default feature gates were passed as --feature-gates args to controller pods. Standard deployments had no feature gate args at all, and experimental deployments only listed flags that differed from defaults. This made it impossible to determine the active feature gate configuration by inspecting a running deployment or pod spec. Now all 10 feature gates (9 operator-controller + 1 catalogd) are listed explicitly in every deployment variant, improving readability when inspecting deployments or pods. WebhookProviderOpenshiftServiceCA is listed as disabled in standard defaults because getCertificateProvider() checks WebhookProviderCertManager first — when both are enabled, OpenshiftServiceCA has no effect. Co-Authored-By: Claude Opus 4.6 --- helm/experimental.yaml | 11 +++++++---- helm/olmv1/values.yaml | 16 +++++++++++++--- manifests/experimental-e2e.yaml | 10 ++++++---- manifests/experimental.yaml | 10 ++++++---- manifests/standard-e2e.yaml | 10 ++++++++++ manifests/standard.yaml | 10 ++++++++++ 6 files changed, 52 insertions(+), 15 deletions(-) diff --git a/helm/experimental.yaml b/helm/experimental.yaml index d5fe64b227..9db3a4a1d2 100644 --- a/helm/experimental.yaml +++ b/helm/experimental.yaml @@ -11,13 +11,15 @@ options: replicas: 2 features: enabled: - - SingleOwnNamespaceInstallSupport - - PreflightPermissions - - HelmChartSupport - BoxcutterRuntime - - DeploymentConfig - BundleReleaseSupport + - DeploymentConfig + - HelmChartSupport + - PreflightPermissions + - SingleOwnNamespaceInstallSupport + - WebhookProviderCertManager disabled: + - SyntheticPermissions - WebhookProviderOpenshiftServiceCA # List of enabled experimental features for catalogd # Use with {{- if has "FeatureGate" .Values.options.catalogd.features.enabled }} @@ -28,5 +30,6 @@ options: features: enabled: - APIV1MetasHandler + disabled: [] # This can be one of: standard or experimental featureSet: experimental diff --git a/helm/olmv1/values.yaml b/helm/olmv1/values.yaml index c5845b9a1b..1458be7d2b 100644 --- a/helm/olmv1/values.yaml +++ b/helm/olmv1/values.yaml @@ -11,8 +11,17 @@ options: replicas: 1 extraArguments: [] features: - enabled: [] - disabled: [] + enabled: + - WebhookProviderCertManager + disabled: + - BoxcutterRuntime + - BundleReleaseSupport + - DeploymentConfig + - HelmChartSupport + - PreflightPermissions + - SingleOwnNamespaceInstallSupport + - SyntheticPermissions + - WebhookProviderOpenshiftServiceCA podDisruptionBudget: enabled: true minAvailable: 1 @@ -24,7 +33,8 @@ options: extraArguments: [] features: enabled: [] - disabled: [] + disabled: + - APIV1MetasHandler podDisruptionBudget: enabled: true minAvailable: 1 diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index 6c3aa302ed..df8f0b7b02 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -2823,12 +2823,14 @@ spec: - --metrics-bind-address=:8443 - --pprof-bind-address=:6060 - --leader-elect - - --feature-gates=SingleOwnNamespaceInstallSupport=true - - --feature-gates=PreflightPermissions=true - - --feature-gates=HelmChartSupport=true - --feature-gates=BoxcutterRuntime=true - - --feature-gates=DeploymentConfig=true - --feature-gates=BundleReleaseSupport=true + - --feature-gates=DeploymentConfig=true + - --feature-gates=HelmChartSupport=true + - --feature-gates=PreflightPermissions=true + - --feature-gates=SingleOwnNamespaceInstallSupport=true + - --feature-gates=WebhookProviderCertManager=true + - --feature-gates=SyntheticPermissions=false - --feature-gates=WebhookProviderOpenshiftServiceCA=false - --tls-cert=/var/certs/tls.crt - --tls-key=/var/certs/tls.key diff --git a/manifests/experimental.yaml b/manifests/experimental.yaml index 954fcd2744..31343e5c44 100644 --- a/manifests/experimental.yaml +++ b/manifests/experimental.yaml @@ -2729,12 +2729,14 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect - - --feature-gates=SingleOwnNamespaceInstallSupport=true - - --feature-gates=PreflightPermissions=true - - --feature-gates=HelmChartSupport=true - --feature-gates=BoxcutterRuntime=true - - --feature-gates=DeploymentConfig=true - --feature-gates=BundleReleaseSupport=true + - --feature-gates=DeploymentConfig=true + - --feature-gates=HelmChartSupport=true + - --feature-gates=PreflightPermissions=true + - --feature-gates=SingleOwnNamespaceInstallSupport=true + - --feature-gates=WebhookProviderCertManager=true + - --feature-gates=SyntheticPermissions=false - --feature-gates=WebhookProviderOpenshiftServiceCA=false - --tls-cert=/var/certs/tls.crt - --tls-key=/var/certs/tls.key diff --git a/manifests/standard-e2e.yaml b/manifests/standard-e2e.yaml index 66c65b5ae0..6f55abc173 100644 --- a/manifests/standard-e2e.yaml +++ b/manifests/standard-e2e.yaml @@ -1805,6 +1805,7 @@ spec: - --metrics-bind-address=:7443 - --pprof-bind-address=:6060 - --external-address=catalogd-service.olmv1-system.svc + - --feature-gates=APIV1MetasHandler=false - --tls-cert=/var/certs/tls.crt - --tls-key=/var/certs/tls.key - --pull-cas-dir=/var/ca-certs @@ -1955,6 +1956,15 @@ spec: - --metrics-bind-address=:8443 - --pprof-bind-address=:6060 - --leader-elect + - --feature-gates=WebhookProviderCertManager=true + - --feature-gates=BoxcutterRuntime=false + - --feature-gates=BundleReleaseSupport=false + - --feature-gates=DeploymentConfig=false + - --feature-gates=HelmChartSupport=false + - --feature-gates=PreflightPermissions=false + - --feature-gates=SingleOwnNamespaceInstallSupport=false + - --feature-gates=SyntheticPermissions=false + - --feature-gates=WebhookProviderOpenshiftServiceCA=false - --tls-cert=/var/certs/tls.crt - --tls-key=/var/certs/tls.key - --catalogd-cas-dir=/var/ca-certs diff --git a/manifests/standard.yaml b/manifests/standard.yaml index 84b940f5ee..870f10e3fc 100644 --- a/manifests/standard.yaml +++ b/manifests/standard.yaml @@ -1724,6 +1724,7 @@ spec: - --leader-elect - --metrics-bind-address=:7443 - --external-address=catalogd-service.olmv1-system.svc + - --feature-gates=APIV1MetasHandler=false - --tls-cert=/var/certs/tls.crt - --tls-key=/var/certs/tls.key - --pull-cas-dir=/var/ca-certs @@ -1861,6 +1862,15 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8443 - --leader-elect + - --feature-gates=WebhookProviderCertManager=true + - --feature-gates=BoxcutterRuntime=false + - --feature-gates=BundleReleaseSupport=false + - --feature-gates=DeploymentConfig=false + - --feature-gates=HelmChartSupport=false + - --feature-gates=PreflightPermissions=false + - --feature-gates=SingleOwnNamespaceInstallSupport=false + - --feature-gates=SyntheticPermissions=false + - --feature-gates=WebhookProviderOpenshiftServiceCA=false - --tls-cert=/var/certs/tls.crt - --tls-key=/var/certs/tls.key - --catalogd-cas-dir=/var/ca-certs