|
| 1 | +# OLM Personas |
| 2 | + |
| 3 | +This document attempts to identify essential roles in the OLM lifecycle and associate the duties logically performed by each role. Though some roles can be (and even may typically be) performed by the same actor, they are logically distinct roles with different goals. |
| 4 | + |
| 5 | +OLM roles are broadly categorized here as **Producers** or **Consumers**, indicating whether that role typically is producing content for use in the ecosystem or is using (consuming) content. |
| 6 | + |
| 7 | +# Consumers |
| 8 | +## Cluster Admin |
| 9 | +*Who is it?* |
| 10 | + |
| 11 | +This role encompasses the basic full-permissions-required creation/maintenance of a cluster, and any non-OLM-ecosystem activities, such as creating, scaling, and upgrading a cluster. |
| 12 | + |
| 13 | +*What does it do?* |
| 14 | + |
| 15 | +- Creates cluster |
| 16 | +- Scales cluster |
| 17 | +- Miscellaneous Cluster Administration |
| 18 | +- Upgrades cluster |
| 19 | + |
| 20 | +## Cluster Extension Admin |
| 21 | +*Who is it?* |
| 22 | + |
| 23 | +This role encompasses privileged operations required for OLMv1 and associated operators to deploy workloads to the cluster. This role may exist as a set of activities executed by a cluster admin, but also may operate independently of that role, depending on the necessary privileges. |
| 24 | +Here `extension` represents any individual OLMv1 installable, including (but not limited to) `registry+v1` bundles. |
| 25 | + |
| 26 | +*What does it do?* |
| 27 | + |
| 28 | +- Creates enabling infrastructure for extension lifecycle (service accounts, etc.) |
| 29 | +- Installs extensions |
| 30 | +- Upgrades extensions |
| 31 | +- Removes extensions |
| 32 | +- Browses extensions offered in installed `ClusterCatalogs` |
| 33 | +- Derives minimum privilege for installation |
| 34 | +- filters visibility on installable extensions |
| 35 | +- Verifies that extension health is detectable to desired sensors |
| 36 | + |
| 37 | +## Cluster Catalog Admin |
| 38 | +*Who is it?* |
| 39 | + |
| 40 | +This role encompasses the control of `ClusterCatalogs` on the running cluster. This role may exist as a set of activities executed by a cluster admin, but also may operate independently of that role, depending on the necessary privileges. This role is a collaboration with **Catalog Curators** and may also interact with **Catalog Manipulators** |
| 41 | + |
| 42 | +*What does it do?* |
| 43 | + |
| 44 | +- Adds/removes/updates catalogs |
| 45 | +- Enables/disables catalogs |
| 46 | +- Configures pull secrets necessary to access extensions from catalogs |
| 47 | + |
| 48 | +## Cluster Monitors |
| 49 | +*Who is it?* |
| 50 | + |
| 51 | +This role represents any actor which monitors the status of the cluster and installed workloads. This may include |
| 52 | +- Platform status |
| 53 | +- Extension health |
| 54 | +- Diagnostic notifications |
| 55 | + |
| 56 | + |
| 57 | +# Producers |
| 58 | +## Extension Author |
| 59 | +*Who is it?* |
| 60 | + |
| 61 | +This role encompasses folks who want to create an extension. It interacts with other **Producer** roles by generating a _catalog contribution_ to make extensions available on-cluster to **Cluster Extension Admins**. For example, a catalog contribution for a registry+v1 bundle is one/more bundle image and the upgrade graph expressed in [FBC](https://olm.operatorframework.io/docs/reference/file-based-catalogs/). |
| 62 | + |
| 63 | +*What does it do?* |
| 64 | +- Creates extension |
| 65 | +- Builds/releases extension |
| 66 | +- Validates extension |
| 67 | +- Adjusts upgrade graph |
| 68 | +- Publishes artifacts (i.e. images for registry+v1 bundle) |
| 69 | + |
| 70 | +## Contribution Curator |
| 71 | +*Who is it?* |
| 72 | + |
| 73 | +This role is responsible for taking catalog contributions from **Extension Authors**, applying any changes necessary for publication, and supplying the resulting artifacts to the **Catalog Curator**. This role is frequently fulfilled by different developers than **Extension Authors**. |
| 74 | + |
| 75 | +*What does it do?* |
| 76 | +- Validates contributions |
| 77 | +- Publishes contributions to registry |
| 78 | + |
| 79 | +## Catalog Curator |
| 80 | +*Who is it?* |
| 81 | + |
| 82 | +This role is responsible for publishing a catalog index image to be used by **Consumers** to make workloads available on-cluster. Typically this role operates over multiple extensions, versions, and versioned releases of the final, published catalog. |
| 83 | + |
| 84 | +*What does it do?* |
| 85 | +- Aggregates contributions |
| 86 | +- Validates aggregate catalog |
| 87 | +- Publishes aggregate catalog |
| 88 | + |
| 89 | +## Catalog Manipulator |
| 90 | +*Who is it?* |
| 91 | + |
| 92 | +This role is a general category for users who consume published catalogs and re-publish them in some way. Possible use-cases include |
| 93 | +- Restricting available extension versions |
| 94 | +- Providing enclave services to disconnected environments |
| 95 | +- Reducing catalog size by restricting the number of included extensions |
| 96 | + |
| 97 | +*What does it do?* |
| 98 | +- Filters content |
| 99 | +- Defines content access mapping to new environments (if modified) |
| 100 | +- Provides catalog access in restricted environments |
| 101 | + |
| 102 | + |
| 103 | + |
0 commit comments