Draft: Milestone 4: Authenticate to the API + handle deletion (finalizer) + manage ownership (!10) · Merge requests · paas-tools / operators / cern-landb-operator

Create applications: 1 for prod/stg clusters https://application-portal.web.cern.ch/manage/landb-operator-okd4-prod and 1 for dev/CI clusters https://application-portal.web.cern.ch/manage/landb-operator-okd4-qa
Store secrets in Vault
Update vault policies https://gitlab.cern.ch/ai/it-puppet-vault-metadata/-/merge_requests/30
Create instance of the API client and authenticate (create secret with application credentials in okd4-install)
Add the application to groups
Add manual commands - and for shared domains
Add the first phases in the reconcilation logic
- phase 1: fetch resource from k8s api
- phase 2: handle deletion

Manage ownership:

the ownership will be managed the same way as the old landb-operator using spec.description
the spec.description is set to the ownership string which in the old operator looks like: "MANAGED BY landb-operator CLUSTER='{{ cluster_name }}' NAMESPACE='{{ ansible_operator_meta.namespace }}' NAME='{{ ansible_operator_meta.name }}'"

Edited Nov 21, 2025 by Chrysoula Dikonimaki

Draft: Milestone 4: Authenticate to the API + handle deletion (finalizer) + manage ownership