Upgrade of IBM Secret Share operator and related dependencies

[mhcastro]

Hi folks! What would be the process to take on new updates of the IBM Secret Share Operator with their respective containers?

The following indicates an automatic upgrade process every 45 minutes for the IBM Common Services catalog.

spec:
  displayName: IBMCS Operators
  image: docker.io/ibmcom/ibm-common-service-catalog:latest
  publisher: IBM
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 45m

However, when a Cloud Registry image scanners identify any vulnerability on the latest, for example, OpenShift Quay Security Scanner, what would be the approach to highlight and patch these images? For example, the following image:

Pod Template:
  Labels:           name=secretshare
  Annotations:      productID: xxxxxx
                    productMetric: FREE
                    productName: IBM Cloud Platform Common Services
  Service Account:  secretshare
  Containers:
   ibm-secretshare-operator:
    Image:      quay.io/opencloudio/ibm-secretshare-operator@sha256:xxxx

Thanks!

[Daniel-Fan]

The secretshare-operator could been seen as the dependency of ibm-common-service-operator.

It will be deployed and updated directly by ibm-common-service-operator, which means each time when there is a new version of ibm-common-service-operator available, the new ibm-common-service-operator will trigger the update of corresponding secretshare-operator.

And any vulnerability issues will be fixed in the newer version of secretshare-operator. But as what we said above, its image updating is depending on ibm-common-service-operator.