OTA-1861: cmd/cluster-version-operator/render: Add --cluster-version-manifest-path option#1315
OTA-1861: cmd/cluster-version-operator/render: Add --cluster-version-manifest-path option#1315wking wants to merge 1 commit intoopenshift:mainfrom
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@wking: This pull request references OTA-1861 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
WalkthroughAdds a new CLI flag to provide a ClusterVersion manifest path, parses that manifest to extract component overrides, and threads those overrides through the payload rendering pipeline so included manifests can be adjusted accordingly. Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes ✨ Finishing touches
🧪 Generate unit tests (beta)
No actionable comments were generated in the recent review. 🎉 🧹 Recent nitpick comments
Comment |
openshift-ci
bot
added
the
approved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@pkg/payload/render.go`:
- Around line 193-220: The function parseClusterVersionManifest has a mismatched
parameter name: the signature declares featureGateManifestPath but the body
references clusterVersionManifestPath; rename the parameter in
parseClusterVersionManifest's signature to clusterVersionManifestPath (or
alternatively update all uses in the body to featureGateManifestPath) so the
identifier matches, ensuring the function compiles and the checks/manifest
loading (manifests :=
manifest.ManifestsFromFiles([]string{clusterVersionManifestPath}) etc.) use the
corrected parameter name.
…r-version-manifest-path Like 9bbe172 (data/bootstrap/files/usr/local/bin/bootkube: Pass CVO render --feature-gate-manifest-path, 2024-08-07, openshift#8813), but for the ClusterVersion manifest laid down by pkg/asset/ignition/bootstrap/cvoignore.go. To populate the new flag provided by [1]. [1]: openshift/cluster-version-operator#1315
wking
force-pushed
the
cluster-version-overrides-on-render
branch
from
ba1ac8d to
a837056
Compare
…ath option Like a3a6a16 (cmd/render: Add --feature-gate-manifest-path option, 2024-08-07, openshift#1078), but for ClusterVersion spec.overrides. We need this in place to avoid bootstrapping failure when the CVO renders the ClusterImagePolicy despite OPENSHIFT_INSTALL_EXPERIMENTAL_DISABLE_IMAGE_POLICY having been set to trigger the installer to set an override waiving the ClusterImagePolicy [1]: $ curl -s https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/logs/periodic-ci-openshift-release-master-nightly-4.22-e2e-aws-ovn-serial-1of2/2020129461281755136/artifacts/e2e-aws-ovn-serial/ipi-install-install/artifacts/log-bundle-20260207143404.tar | tar -tvz | grep 'cluster.*image.*polic' -rw-r--r-- core/core 1678 2026-02-07 06:34 log-bundle-20260207143404/rendered-assets/openshift/cvo-bootstrap/manifests/0000_90_openshift-cluster-image-policy.yaml -rw-r--r-- core/core 1678 2026-02-07 06:34 log-bundle-20260207143404/rendered-assets/openshift/manifests/0000_90_openshift-cluster-image-policy.yaml The rendered ClusterImagePolicy is consumed by the bootstrap machine-config operator, and it breaks the ability of unsigned nightly control-plane nodes to launch [1]: $ curl -s https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/logs/periodic-ci-openshift-release-master-nightly-4.22-e2e-aws-ovn-serial-1of2/2020129461281755136/artifacts/e2e-aws-ovn-serial/ipi-install-install/artifacts/log-bundle-20260207143404.tar | tar -tvz | grep 'control-plane.*journal.log.gz' -rw-r--r-- core/core 98143 2026-02-07 06:34 log-bundle-20260207143404/control-plane/10.0.110.120/journals/journal.log.gz -rw-r--r-- core/core 101064 2026-02-07 06:34 log-bundle-20260207143404/control-plane/10.0.5.2/journals/journal.log.gz -rw-r--r-- core/core 96700 2026-02-07 06:34 log-bundle-20260207143404/control-plane/10.0.71.227/journals/journal.log.gz $ curl -s https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/logs/periodic-ci-openshift-release-master-nightly-4.22-e2e-aws-ovn-serial-1of2/2020129461281755136/artifacts/e2e-aws-ovn-serial/ipi-install-install/artifacts/log-bundle-20260207143404.tar | tar -xOz log-bundle-20260207143404/control-plane/10.0.5.2/journals/journal.log.gz | zgrep 'signature was required' | head -n4 Sat 2026-02-07 13:51:08 UTC ip-10-0-5-2 machine-config-daemon-pull.service[2026]: Error: Source image rejected: A signature was required, but no signature exists Sat 2026-02-07 13:51:08 UTC ip-10-0-5-2 machine-config-daemon-pull.service[2026]: 2026-02-07 13:51:08.129594235 +0000 UTC m=+0.399222333 image pull-error quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4b3cc836d480ea7156ea797712e9af742fb73e5fb56a9cf9e63aeae11875315 Source image rejected: A signature was required, but no signature exists Sat 2026-02-07 13:51:09 UTC ip-10-0-5-2 machine-config-daemon-pull.service[2037]: Error: Source image rejected: A signature was required, but no signature exists Sat 2026-02-07 13:51:09 UTC ip-10-0-5-2 machine-config-daemon-pull.service[2037]: 2026-02-07 13:51:09.533298454 +0000 UTC m=+0.389622944 image pull-error quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4b3cc836d480ea7156ea797712e9af742fb73e5fb56a9cf9e63aeae11875315 Source image rejected: A signature was required, but no signature exists [1]: https://prow.ci.openshift.org/view/gs/test-platform-results/logs/periodic-ci-openshift-release-master-nightly-4.22-e2e-aws-ovn-serial-1of2/2020129461281755136
|
/verified by cluster-bot /lgtm |
openshift-ci-robot
added
the
verified
|
@QiWang19: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: QiWang19, wking The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@wking: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/overide ci/prow/e2e-agnostic-ovn |
|
/override ci/prow/ee2e-aws-ovn-techpreview |
|
@wking: /override requires failed status contexts, check run or a prowjob name to operate on.
Only the following failed contexts/checkruns were expected:
If you are trying to override a checkrun that has a space in it, you must put a double quote on the context. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
3 participants
Like a3a6a16 (#1078), but for ClusterVersion
spec.overrides. We need this in place to avoid bootstrapping failure when the CVO renders the ClusterImagePolicy despiteOPENSHIFT_INSTALL_EXPERIMENTAL_DISABLE_IMAGE_POLICYhaving been set to trigger the installer to set an override waiving the ClusterImagePolicy:The rendered ClusterImagePolicy is consumed by the bootstrap machine-config operator, and it breaks the ability of unsigned nightly control-plane nodes to launch: