Ensure bundles include all the Required Infrastructure Annotations

[mrkisaolamb]

Implements: OSPRH-7936

[gibizer]

I cannot comment on the TLS flag. I think we need somebody from security to make a decision. I don't know what are the "well known" tunables, and and also the "any workloads it manages" is a very blanket statement.

[SeanMooney]

i guess this is superceeded by features.operators.openshift.io/disconnected: "true"

[mrkisaolamb]

Yes this is also a deprecated type of annotation https://docs.okd.io/latest/operators/operator_sdk/osdk-generating-csvs.html#osdk-csv-annotations-infra_osdk-generating-csvs

[SeanMooney]

this one we were a littel unsure about.
the only tls endpoint the operator has is the webhook.

if this is referring to the deployment of placement then in theory you can use the service override to tweak the tls profile of the relevant openshfit route that is used to expose it so in that context it would be true.

did we get clarity on if that counted in this context.

[mrkisaolamb]

for a now there is no clarity with tls so I put this pr on hold

[gibizer]

this is aligned with what we agreed on the today's podified call.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gibizer, mrkisaolamb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [gibizer,mrkisaolamb]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment