Updates stf-run-ci setup playbook to use cert-manager in stable-v1

[vkmc]

For newer OCP versions (OCP >= 4.12), cert-manager should be consumed from the stable-v1 channel. This differs from previous versions of OCP, in which we were consuming cert-manager from the tech-preview channel.

The way of installing both operators is different (the tech-preview requires a specific namespace and operator group, whereas the stable-v1 version does not).

This change adds a conditional block checking the versions of OCP in which we are running this playbook and executing the installation steps that correspond which each version.

[vkmc]

Ran smoke tests on an environment with cert-manager from stable-v1 installed in the way that it is being installed in this patch set to verify sanity of the deployment, it is passing.

Some validation of the creation of the subscription should be added, is https://github.com/infrawatch/service-telemetry-operator/blob/master/build/validate_deployment.sh a good place for this? cc @csibbitt @leifmadsen @elfiesmelfie

[csibbitt]

Ran smoke tests on an environment with cert-manager from stable-v1 installed in the way that it is being installed in this patch set to verify sanity of the deployment, it is passing.

👍

Some validation of the creation of the subscription should be added, is https://github.com/infrawatch/service-telemetry-operator/blob/master/build/validate_deployment.sh a good place for this? cc @csibbitt @leifmadsen @elfiesmelfie

I think if the cert-manager doesn't work, then validate_deployment.sh will fail while waiting for the QDR to deploy.

[csibbitt]

LGTM, let's try CI on 4.10 and 4.12

[csibbitt]

test

[csibbitt]

There was some side discussion that we may want to pin testing to the tech-preview channel in all cases where it's available, since that's what we'd expect people to be using if they installed following the docs. If that's the case then we might want to keep this structure and just adjust the versions?

[elfiesmelfie]

Ran smoke tests on an environment with cert-manager from stable-v1 installed in the way that it is being installed in this patch set to verify sanity of the deployment, it is passing.

Some validation of the creation of the subscription should be added, is https://github.com/infrawatch/service-telemetry-operator/blob/master/build/validate_deployment.sh a good place for this? cc @csibbitt @leifmadsen @elfiesmelfie

https://github.com/infrawatch/service-telemetry-operator/blob/master/build/stf-run-ci/tasks/preflight_checks.yml is also an option.
pre-flight checks runs before stf deployment.
validate_deployment runs after everything is deployed.

With the index-based deployment changes, I'm not sure at which point the cert-manager subscription needs to be checked.
Do you check for a csv having been created? -> pre-flight checks

[vkmc]

Considering we will stick to tech-preview for STF up to 1.5.2 we should

• Drop this change, since we still have cert-manager from tech-preview channel available in OCP 4.12
• Revert Use stable-v1 cert-manager in CI for OCP >= 4.12 #424

For OCP 4.13 we will add dependency resolution and customers are no longer expected to pre-install cert-manager. We will need to reflect those changes in our CI. For that case, the steps followed will look like

• Create namespace
• Create operatorgroup
• Create subscription to STO
• Verify all dependencies are installed (SGO, cert-manager, AMQ Interconnect, OBO)

[vkmc]

Related PR #444

Will close this PR once we agreed on the approach