mareknovotny · April 10, 2026 08:55
diff --git a/gistfile1.txt b/gistfile1.txt
 I'll fetch the file to analyze it and provide improvement suggestions.Here are several improvements for this ClusterServiceVersion file:

 ## Key Issues & Recommendations:

 ### 1. **Duplicate RBAC Rules (lines 362-409)**
 You have the same resources listed under both `apiGroups: [""]` (core APIs) and `apiGroups: ["apps"]`. The `apps` group rules are redundant since those resources belong to the core API group.

 **Action:** Remove the duplicate `apps` apiGroup section (lines 386-409).

 ### 2. **Incorrect Resource Names (lines 457-458, 573-574, 693-694, 702-703)**
 Several resources are listed as singular when they should be plural:
 - Line 457: `service` → should be `services`
 - Line 573: `route` → should be `routes`
 - Line 693: `service` → should be `services`
 - Line 702: `broker` → should be `brokers`

 **Action:** Update these to use the correct plural forms.

 ### 3. **Version Mismatch (line 919)**
 The manifest shows `version: 0.0.0` and `replaces: logic-operator.v0.0.0`. This indicates a placeholder version that should be updated to a real semantic version (e.g., `0.1.0`).

 **Action:** Update to a proper release version.

 ### 4. **Missing Image Digest**
 Line 774 references `logic-rhel9-operator:main` as the tag, which is a development/floating tag. For production stability:

 **Action:** Replace `:main` with a specific version tag or image digest.

 ### 5. **Hardcoded Namespace Placeholder (line 142)**
 The namespace is set to `placeholder`, which won't work in production.

 **Action:** Use a proper namespace or allow it to be overridden by the operator installer.

 ### 6. **Over-Permissive Permissions**
 Some of the permissions granted are quite broad (e.g., lines 362-385 grant many verbs on core resources). Consider the principle of least privilege.

 **Action:** Review whether all listed verbs are necessary for each resource type.

 ### 7. **Example Content Formatting (lines 5-119)**
 The `alm-examples` annotation contains valid YAML/JSON examples, but they're embedded as a JSON string. Consider extracting these to separate files for better maintainability.

 ### 8. **Missing Resource Requests CPU (line 823)**
 The kube-rbac-proxy requests only 5m CPU, which might be too low for production workloads.

 **Action:** Review and adjust resource requests based on actual usage patterns.

 Would you like me to create a pull request with these fixes, or would you prefer guidance on any specific improvement?


 *what are the relatedImages: good for when we have these declared in environment properties?

 Great question! The `relatedImages` field (lines 902-918) and the environment variable declarations (lines 760-773) serve **complementary but distinct purposes**:

 ## Purpose of `relatedImages`

 **It's metadata for the Operator Lifecycle Manager (OLM) and disconnected/air-gapped environments.** The `relatedImages` field:

 1. **Catalog and discovery** - OLM uses this to display all images used by the operator in the UI/marketplace
 2. **Air-gapped deployments** - Critical for environments without external network access. Tools can scan this list to pre-pull all required images into a private registry before installation
 3. **Image validation** - Security scanners can analyze all images declared in the operator
 4. **Version tracking** - Provides a complete manifest of dependencies for the release

 ## Why You Need Both

 The environment variables define **how the operator will actually use the images at runtime**, while `relatedImages` provides **operator metadata for deployment tooling**.

 ```yaml
 # RUNTIME: The operator code reads this and uses the image
 - name: RELATED_IMAGE_JOBS_SERVICE_POSTGRESQL
  value: registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel9:main

 # METADATA: OLM uses this for catalog/mirroring
 relatedImages:
 - image: registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel9:main
  name: jobs-service-postgresql
 ```

 ## Issues I Notice

 1. **Tag mismatch** - You're using `:main` tags in both places, which are floating/development tags. For production, use specific version tags or image digests (like line 812).

 2. **Missing operator image** - The main operator image (line 774: `logic-rhel9-operator:main`) isn't in `relatedImages`, but it should be!

 3. **Kube-rbac-proxy inconsistency** - Line 917 includes `kube-rbac-proxy:v0.13.1` in `relatedImages`, but line 812 uses a different digest. These should match for consistency.

 ## Recommendation

 Add the operator's main image to `relatedImages`:
 ```yaml
 - image: registry.redhat.io/openshift-serverless-1/logic-rhel9-operator:main
  name: logic-operator
 ```

 This ensures OLM can properly catalog and mirror all images your operator needs.
	I'll fetch the file to analyze it and provide improvement suggestions.Here are several improvements for this ClusterServiceVersion file:

	## Key Issues & Recommendations:

	### 1. Duplicate RBAC Rules (lines 362-409)
	You have the same resources listed under both `apiGroups: [""]` (core APIs) and `apiGroups: ["apps"]`. The `apps` group rules are redundant since those resources belong to the core API group.

	Action: Remove the duplicate `apps` apiGroup section (lines 386-409).

	### 2. Incorrect Resource Names (lines 457-458, 573-574, 693-694, 702-703)
	Several resources are listed as singular when they should be plural:
	- Line 457: `service` → should be `services`
	- Line 573: `route` → should be `routes`
	- Line 693: `service` → should be `services`
	- Line 702: `broker` → should be `brokers`

	Action: Update these to use the correct plural forms.

	### 3. Version Mismatch (line 919)
	The manifest shows `version: 0.0.0` and `replaces: logic-operator.v0.0.0`. This indicates a placeholder version that should be updated to a real semantic version (e.g., `0.1.0`).

	Action: Update to a proper release version.

	### 4. Missing Image Digest
	Line 774 references `logic-rhel9-operator:main` as the tag, which is a development/floating tag. For production stability:

	Action: Replace `:main` with a specific version tag or image digest.

	### 5. Hardcoded Namespace Placeholder (line 142)
	The namespace is set to `placeholder`, which won't work in production.

	Action: Use a proper namespace or allow it to be overridden by the operator installer.

	### 6. Over-Permissive Permissions
	Some of the permissions granted are quite broad (e.g., lines 362-385 grant many verbs on core resources). Consider the principle of least privilege.

	Action: Review whether all listed verbs are necessary for each resource type.

	### 7. Example Content Formatting (lines 5-119)
	The `alm-examples` annotation contains valid YAML/JSON examples, but they're embedded as a JSON string. Consider extracting these to separate files for better maintainability.

	### 8. Missing Resource Requests CPU (line 823)
	The kube-rbac-proxy requests only 5m CPU, which might be too low for production workloads.

	Action: Review and adjust resource requests based on actual usage patterns.

	Would you like me to create a pull request with these fixes, or would you prefer guidance on any specific improvement?


	*what are the relatedImages: good for when we have these declared in environment properties?

	Great question! The `relatedImages` field (lines 902-918) and the environment variable declarations (lines 760-773) serve complementary but distinct purposes:

	## Purpose of `relatedImages`

	It's metadata for the Operator Lifecycle Manager (OLM) and disconnected/air-gapped environments. The `relatedImages` field:

	1. Catalog and discovery - OLM uses this to display all images used by the operator in the UI/marketplace
	2. Air-gapped deployments - Critical for environments without external network access. Tools can scan this list to pre-pull all required images into a private registry before installation
	3. Image validation - Security scanners can analyze all images declared in the operator
	4. Version tracking - Provides a complete manifest of dependencies for the release

	## Why You Need Both

	The environment variables define how the operator will actually use the images at runtime, while `relatedImages` provides operator metadata for deployment tooling.

	```yaml
	# RUNTIME: The operator code reads this and uses the image
	- name: RELATED_IMAGE_JOBS_SERVICE_POSTGRESQL
	value: registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel9:main

	# METADATA: OLM uses this for catalog/mirroring
	relatedImages:
	- image: registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel9:main
	name: jobs-service-postgresql
	```

	## Issues I Notice

	1. Tag mismatch - You're using `:main` tags in both places, which are floating/development tags. For production, use specific version tags or image digests (like line 812).

	2. Missing operator image - The main operator image (line 774: `logic-rhel9-operator:main`) isn't in `relatedImages`, but it should be!

	3. Kube-rbac-proxy inconsistency - Line 917 includes `kube-rbac-proxy:v0.13.1` in `relatedImages`, but line 812 uses a different digest. These should match for consistency.

	## Recommendation

	Add the operator's main image to `relatedImages`:
	```yaml
	- image: registry.redhat.io/openshift-serverless-1/logic-rhel9-operator:main
	name: logic-operator
	```

	This ensures OLM can properly catalog and mirror all images your operator needs.
No results found