From e57a2fc45ff31e233ae0faea36a7d5ecf608a007 Mon Sep 17 00:00:00 2001 From: Joe Lanford Date: Thu, 4 Dec 2025 09:43:37 -0500 Subject: [PATCH] Clarify single controller assumption in OLM v1 design Updates the design decision documentation to explicitly state that exactly one controller should exist to reconcile an object, not just "a controller". This clarifies the expected behavior and configuration --- docs/project/olmv1_design_decisions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/project/olmv1_design_decisions.md b/docs/project/olmv1_design_decisions.md index 6051bc2d8c..ed9a16b79a 100644 --- a/docs/project/olmv1_design_decisions.md +++ b/docs/project/olmv1_design_decisions.md @@ -31,7 +31,7 @@ The Kubernetes design assumptions are: - CRDs and their controllers are trusted cluster extensions. - If an object for an API exists a controller WILL reconcile it, no matter where it is in the cluster. -OLM v1 will make the same assumption that Kubernetes does and that users of Kubernetes APIs do. That is: If a user has RBAC to create an object in the cluster, they can expect that a controller exists that will reconcile that object. If this assumption does not hold, it will be considered a configuration issue, not an OLM v1 bug. +OLM v1 will make the same assumption that Kubernetes does and that users of Kubernetes APIs do. That is: If a user has RBAC to create an object in the cluster, they can expect that exactly one controller exists that will reconcile that object. If this assumption does not hold, it will be considered a configuration issue, not an OLM v1 bug. This means that it is a best practice to implement and configure controllers to have cluster-wide permission to read and update the status of their primary APIs. It does not mean that a controller needs cluster-wide access to read/write secondary APIs. If a controller can update the status of its primary APIs, it can tell users when it lacks permission to act on secondary APIs.