From 6002ebffe9452be1b3570d16d25262b785f3d547 Mon Sep 17 00:00:00 2001 From: Mat Kowalski Date: Tue, 23 Jun 2026 16:10:20 +0200 Subject: [PATCH 1/4] kube-vip: project onboarding --- .../kube-vip/openshift-kube-vip-main.yaml | 45 +++++ .../openshift-kube-vip-main-presubmits.yaml | 128 ++++++++++++++ .../openshift/kube-vip/_pluginconfig.yaml | 12 ++ .../openshift/kube-vip/_prowconfig.yaml | 162 ++++++++++++++++++ 4 files changed, 347 insertions(+) create mode 100644 ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml create mode 100644 ci-operator/jobs/openshift/kube-vip/openshift-kube-vip-main-presubmits.yaml create mode 100644 core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml create mode 100644 core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml diff --git a/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml b/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml new file mode 100644 index 0000000000000..86f27f82b4f4f --- /dev/null +++ b/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml @@ -0,0 +1,45 @@ +base_images: + base: + name: "5.0" + namespace: ocp + tag: base +build_root: + image_stream_tag: + name: release + namespace: openshift + tag: golang-1.26 +promotion: + to: + - name: "5.0" + namespace: ocp +releases: + initial: + integration: + name: "5.0" + namespace: ocp + latest: + integration: + include_built_images: true + name: "5.0" + namespace: ocp +resources: + '*': + limits: + memory: 4Gi + requests: + cpu: 100m + memory: 200Mi +test_binary_build_commands: go test -race ./... +tests: +- as: unit-tests + commands: make unit-tests + container: + from: src +- as: integration-tests + commands: make integration-tests + container: + from: src +zz_generated_metadata: + branch: main + org: openshift + repo: kube-vip diff --git a/ci-operator/jobs/openshift/kube-vip/openshift-kube-vip-main-presubmits.yaml b/ci-operator/jobs/openshift/kube-vip/openshift-kube-vip-main-presubmits.yaml new file mode 100644 index 0000000000000..cd88911e28be0 --- /dev/null +++ b/ci-operator/jobs/openshift/kube-vip/openshift-kube-vip-main-presubmits.yaml @@ -0,0 +1,128 @@ +presubmits: + openshift/kube-vip: + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/integration-tests + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-kube-vip-main-integration-tests + rerun_command: /test integration-tests + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=integration-tests + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )integration-tests,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/unit-tests + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-kube-vip-main-unit-tests + rerun_command: /test unit-tests + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=unit-tests + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )unit-tests,?($|\s.*) diff --git a/core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml b/core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml new file mode 100644 index 0000000000000..552a0f221592c --- /dev/null +++ b/core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml @@ -0,0 +1,12 @@ +approve: +- repos: + - openshift/kube-vip + require_self_approval: false +lgtm: +- repos: + - openshift/kube-vip + review_acts_as_lgtm: true +plugins: + openshift/kube-vip: + plugins: + - approve diff --git a/core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml b/core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml new file mode 100644 index 0000000000000..68643b897c9b2 --- /dev/null +++ b/core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml @@ -0,0 +1,162 @@ +tide: + queries: + - includedBranches: + - community-4.6 + - community-4.7 + - openshift-4.10 + - openshift-4.11 + - openshift-4.12 + - openshift-4.13 + - openshift-4.14 + - openshift-4.15 + - openshift-4.16 + - openshift-4.17 + - openshift-4.18 + - openshift-4.19 + - openshift-4.2 + - openshift-4.20 + - openshift-4.21 + - openshift-4.3 + - openshift-4.4 + - openshift-4.5 + - openshift-4.6 + - openshift-4.7 + - openshift-4.8 + - openshift-4.9 + - release-4.0 + - release-4.10 + - release-4.11 + - release-4.12 + - release-4.13 + - release-4.14 + - release-4.15 + - release-4.16 + - release-4.17 + - release-4.18 + - release-4.19 + - release-4.20 + - release-4.21 + - release-4.3 + - release-4.4 + - release-4.5 + - release-4.6 + - release-4.7 + - release-4.8 + - release-4.9 + labels: + - approved + - backport-risk-assessed + - jira/valid-bug + - jira/valid-reference + - lgtm + - verified + missingLabels: + - backports/unvalidated-commits + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - jira/invalid-bug + - needs-rebase + repos: + - openshift/kube-vip + - includedBranches: + - openshift-4.22 + - release-4.22 + labels: + - approved + - backport-risk-assessed + - jira/valid-bug + - jira/valid-reference + - lgtm + - verified + missingLabels: + - backports/unvalidated-commits + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - jira/invalid-bug + - needs-rebase + repos: + - openshift/kube-vip + - includedBranches: + - main + - master + labels: + - approved + - jira/valid-reference + - lgtm + - verified + missingLabels: + - backports/unvalidated-commits + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - jira/invalid-bug + - keep-main-query-separate + - needs-rebase + repos: + - openshift/kube-vip + - excludedBranches: + - feature-es6x + - feature-prom-connector + - main + - master + - openshift-4.1 + - openshift-4.10 + - openshift-4.11 + - openshift-4.12 + - openshift-4.13 + - openshift-4.14 + - openshift-4.15 + - openshift-4.16 + - openshift-4.17 + - openshift-4.18 + - openshift-4.19 + - openshift-4.2 + - openshift-4.20 + - openshift-4.21 + - openshift-4.22 + - openshift-4.3 + - openshift-4.4 + - openshift-4.5 + - openshift-4.6 + - openshift-4.7 + - openshift-4.8 + - openshift-4.9 + - release-3.11 + - release-4.0 + - release-4.1 + - release-4.10 + - release-4.11 + - release-4.12 + - release-4.13 + - release-4.14 + - release-4.15 + - release-4.16 + - release-4.17 + - release-4.18 + - release-4.19 + - release-4.2 + - release-4.20 + - release-4.21 + - release-4.22 + - release-4.3 + - release-4.4 + - release-4.5 + - release-4.6 + - release-4.7 + - release-4.8 + - release-4.9 + labels: + - approved + - jira/valid-reference + - lgtm + missingLabels: + - backports/unvalidated-commits + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - jira/invalid-bug + - needs-rebase + repos: + - openshift/kube-vip From 85e91d2c88ee16950f029cbd9b8048feb66e2d1b Mon Sep 17 00:00:00 2001 From: Mat Kowalski Date: Tue, 23 Jun 2026 16:20:39 +0200 Subject: [PATCH 2/4] kube-vip: add OWNERS files for ci-operator config and jobs --- ci-operator/config/openshift/kube-vip/OWNERS | 9 +++++++++ ci-operator/jobs/openshift/kube-vip/OWNERS | 9 +++++++++ 2 files changed, 18 insertions(+) create mode 100644 ci-operator/config/openshift/kube-vip/OWNERS create mode 100644 ci-operator/jobs/openshift/kube-vip/OWNERS diff --git a/ci-operator/config/openshift/kube-vip/OWNERS b/ci-operator/config/openshift/kube-vip/OWNERS new file mode 100644 index 0000000000000..4ba9ef96fbdb0 --- /dev/null +++ b/ci-operator/config/openshift/kube-vip/OWNERS @@ -0,0 +1,9 @@ +reviewers: + - cybertron + - mkowalski + - rbbratta +approvers: + - cybertron + - mkowalski + - rbbratta + - tssurya diff --git a/ci-operator/jobs/openshift/kube-vip/OWNERS b/ci-operator/jobs/openshift/kube-vip/OWNERS new file mode 100644 index 0000000000000..4ba9ef96fbdb0 --- /dev/null +++ b/ci-operator/jobs/openshift/kube-vip/OWNERS @@ -0,0 +1,9 @@ +reviewers: + - cybertron + - mkowalski + - rbbratta +approvers: + - cybertron + - mkowalski + - rbbratta + - tssurya From 9bedcb4d420d725d8ea1e627963682a6c8b1565e Mon Sep 17 00:00:00 2001 From: Mat Kowalski Date: Tue, 23 Jun 2026 16:52:40 +0200 Subject: [PATCH 3/4] kube-vip: fix build_root to use existing golang-1.26 builder tag The generated config referenced openshift/release:golang-1.26, which does not exist in the imagestream (newest convenience tag is golang-1.25). This caused the [input:root] step to fail when importing the build root: unable to import tag pipeline:root ... quay.io/openshift/ci:openshift_release_golang-1.26 not found Use rhel-9-release-golang-1.26-openshift-5.0, the real Go 1.26 builder tag used by other promoted openshift payload components targeting ocp 5.0. --- .../config/openshift/kube-vip/openshift-kube-vip-main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml b/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml index 86f27f82b4f4f..473d78d1b17ba 100644 --- a/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml +++ b/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml @@ -7,7 +7,7 @@ build_root: image_stream_tag: name: release namespace: openshift - tag: golang-1.26 + tag: rhel-9-release-golang-1.26-openshift-5.0 promotion: to: - name: "5.0" From 1cacbd48fa9fb92d9d3f28df0a9f8f52e5e8e7af Mon Sep 17 00:00:00 2001 From: Mat Kowalski Date: Tue, 23 Jun 2026 17:29:33 +0200 Subject: [PATCH 4/4] kube-vip: drop premature promotion and trim Tide branches Review feedback on the onboarding config: 1. The config had a promotion block targeting ocp/5.0 but defined no images to build, so it would only promote the synthetic src image. kube-vip is not yet onboarded to ART/the OpenShift payload and only ships an upstream Alpine/scratch Dockerfile (not a valid RHEL-based payload image). Remove the promotion block, along with the releases and base_images entries that only existed to serve it, leaving a clean CI-testing-only config (unit + integration tests). Promotion and an images stanza can be re-added once the component is ready to ship to the payload. 2. Trim the Tide queries to the active branches (openshift-4.22 / release-4.22 onward, plus main/master). The repo-init template stamped the full historical 4.0+ branch list, none of which exist for this new repo. Future release branches are appended at branch-cut time, matching other trimmed repos (e.g. bpfman-operator). --- .../kube-vip/openshift-kube-vip-main.yaml | 19 ---- .../openshift/kube-vip/_prowconfig.yaml | 105 ------------------ 2 files changed, 124 deletions(-) diff --git a/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml b/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml index 473d78d1b17ba..58437d0ab9b8d 100644 --- a/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml +++ b/ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml @@ -1,27 +1,8 @@ -base_images: - base: - name: "5.0" - namespace: ocp - tag: base build_root: image_stream_tag: name: release namespace: openshift tag: rhel-9-release-golang-1.26-openshift-5.0 -promotion: - to: - - name: "5.0" - namespace: ocp -releases: - initial: - integration: - name: "5.0" - namespace: ocp - latest: - integration: - include_built_images: true - name: "5.0" - namespace: ocp resources: '*': limits: diff --git a/core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml b/core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml index 68643b897c9b2..4053c272f2b68 100644 --- a/core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml +++ b/core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml @@ -1,64 +1,5 @@ tide: queries: - - includedBranches: - - community-4.6 - - community-4.7 - - openshift-4.10 - - openshift-4.11 - - openshift-4.12 - - openshift-4.13 - - openshift-4.14 - - openshift-4.15 - - openshift-4.16 - - openshift-4.17 - - openshift-4.18 - - openshift-4.19 - - openshift-4.2 - - openshift-4.20 - - openshift-4.21 - - openshift-4.3 - - openshift-4.4 - - openshift-4.5 - - openshift-4.6 - - openshift-4.7 - - openshift-4.8 - - openshift-4.9 - - release-4.0 - - release-4.10 - - release-4.11 - - release-4.12 - - release-4.13 - - release-4.14 - - release-4.15 - - release-4.16 - - release-4.17 - - release-4.18 - - release-4.19 - - release-4.20 - - release-4.21 - - release-4.3 - - release-4.4 - - release-4.5 - - release-4.6 - - release-4.7 - - release-4.8 - - release-4.9 - labels: - - approved - - backport-risk-assessed - - jira/valid-bug - - jira/valid-reference - - lgtm - - verified - missingLabels: - - backports/unvalidated-commits - - do-not-merge/hold - - do-not-merge/invalid-owners-file - - do-not-merge/work-in-progress - - jira/invalid-bug - - needs-rebase - repos: - - openshift/kube-vip - includedBranches: - openshift-4.22 - release-4.22 @@ -97,56 +38,10 @@ tide: repos: - openshift/kube-vip - excludedBranches: - - feature-es6x - - feature-prom-connector - main - master - - openshift-4.1 - - openshift-4.10 - - openshift-4.11 - - openshift-4.12 - - openshift-4.13 - - openshift-4.14 - - openshift-4.15 - - openshift-4.16 - - openshift-4.17 - - openshift-4.18 - - openshift-4.19 - - openshift-4.2 - - openshift-4.20 - - openshift-4.21 - openshift-4.22 - - openshift-4.3 - - openshift-4.4 - - openshift-4.5 - - openshift-4.6 - - openshift-4.7 - - openshift-4.8 - - openshift-4.9 - - release-3.11 - - release-4.0 - - release-4.1 - - release-4.10 - - release-4.11 - - release-4.12 - - release-4.13 - - release-4.14 - - release-4.15 - - release-4.16 - - release-4.17 - - release-4.18 - - release-4.19 - - release-4.2 - - release-4.20 - - release-4.21 - release-4.22 - - release-4.3 - - release-4.4 - - release-4.5 - - release-4.6 - - release-4.7 - - release-4.8 - - release-4.9 labels: - approved - jira/valid-reference