Skip to content

AGENT-1522: Graduate InternalReleaseImage from v1alpha1 to v1#2880

Open
pawanpinjarkar wants to merge 6 commits into
openshift:masterfrom
pawanpinjarkar:pr-2863-branch
Open

AGENT-1522: Graduate InternalReleaseImage from v1alpha1 to v1#2880
pawanpinjarkar wants to merge 6 commits into
openshift:masterfrom
pawanpinjarkar:pr-2863-branch

Conversation

@pawanpinjarkar

Copy link
Copy Markdown
  • Created machineconfiguration/v1/types_internalreleaseimage.go with v1 API
  • Updated compatibility level from 4 (alpha) to 1 (stable/GA)
  • Registered InternalReleaseImage types in v1 scheme
  • Created v1 integration test suite
  • Updated payload CRD script to use v1 instead of v1alpha1
  • Generated all CRD manifests, deepcopy, and swagger docs

Original PR from @sadasu #2863

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 8, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 8, 2026

Copy link
Copy Markdown

@pawanpinjarkar: This pull request references AGENT-1522 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

  • Created machineconfiguration/v1/types_internalreleaseimage.go with v1 API
  • Updated compatibility level from 4 (alpha) to 1 (stable/GA)
  • Registered InternalReleaseImage types in v1 scheme
  • Created v1 integration test suite
  • Updated payload CRD script to use v1 instead of v1alpha1
  • Generated all CRD manifests, deepcopy, and swagger docs

Original PR from @sadasu #2863

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci

openshift-ci Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Hello @pawanpinjarkar! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This pull request introduces the InternalReleaseImage cluster-scoped singleton API: new Go types and validation markers, registration of InternalReleaseImage and InternalReleaseImageList with the machineconfiguration v1 scheme, updated generated CRD payloads to publish v1 schema text and tightened status validation, a YAML test suite covering create/update validation and reconciliation scenarios, and a change to hack/update-payload-crds.sh removing the old v1alpha1 internalreleaseimages glob.

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and specifically summarizes the main change: graduating InternalReleaseImage from v1alpha1 to v1, which is the primary objective reflected throughout the changeset.
Description check ✅ Passed The description is directly related to the changeset, listing the key modifications including the v1 types file, compatibility level update, scheme registration, test suite, CRD script updates, and generated artifacts.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All test names in the added test file are stable and deterministic. The 10 test cases use purely descriptive static strings with no dynamic content like timestamps, UUIDs, or generated identifiers.
Test Structure And Quality ✅ Passed Test file follows Ginkgo quality patterns: (1) Single responsibility: each test validates one behavior - onCreate tests focus on spec validation, onUpdate tests validate controller behavior (spec→s...
Microshift Test Compatibility ✅ Passed No Ginkgo e2e tests were added in this PR. The test file added is a YAML manifest structure for CRD validation, not a Ginkgo test file. The check is not applicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No Ginkgo e2e tests were added in this PR. The PR adds Go API type definitions, registration code, and YAML CRD validation test manifests, but not e2e test code. The check does not apply.
Topology-Aware Scheduling Compatibility ✅ Passed PR only contains API type definitions, CRD schemas, and tests—no deployment manifests, operator code, or controllers with scheduling constraints. Topology-aware scheduling check is not applicable.
Ote Binary Stdout Contract ✅ Passed PR modifies only API type definitions, scheme registration, test manifests, and CRD files. No process-level code (main, init, TestMain, suite setup) with stdout writes found.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No Ginkgo e2e tests (It(), Describe(), Context(), etc.) were added. The PR only adds Go API types and a YAML CRD test fixture, not e2e tests.
No-Weak-Crypto ✅ Passed No weak crypto, custom crypto implementations, or insecure comparison patterns found. PR contains API schema definitions and test fixtures with no cryptographic code.
Container-Privileges ✅ Passed None of the PR changes involve container/K8s manifests with privilege escalation. Files contain API type definitions, CRD schemas, and build scripts with no privileged, hostPID, hostNetwork, hostIP...
No-Sensitive-Data-In-Logs ✅ Passed The PR adds type definitions, CRD manifests, and test fixtures with no logging statements or sensitive data exposure (no passwords, tokens, API keys, PII, or internal hostnames logged).

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 8, 2026
@openshift-ci openshift-ci Bot requested review from everettraven and yuqi-zhang June 8, 2026 19:56

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml (1)

1-307: ⚡ Quick win

Consider adding test for singleton name constraint.

The CRD has a validation rule enforcing metadata.name == 'cluster', but there's no onCreate test verifying that a different name (e.g., metadata.name: not-cluster) is properly rejected. This would help ensure the singleton constraint is working correctly.

📋 Suggested test case

Add this test case to the onCreate section:

  - name: Should reject non-cluster name (singleton constraint)
    initial: |
      apiVersion: machineconfiguration.openshift.io/v1
      kind: InternalReleaseImage
      metadata:
        name: not-cluster
      spec:
        releases:
          - name: ocp-release-bundle-4.18.0-x86_64
    expectedError: "internalreleaseimage is a singleton, .metadata.name must be 'cluster'"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml`
around lines 1 - 307, Add an onCreate test to verify the singleton name
constraint for InternalReleaseImage: in the onCreate array add a test (e.g.,
name "Should reject non-cluster name (singleton constraint)") that creates an
InternalReleaseImage with metadata.name: not-cluster and a minimal spec.releases
entry, and set expectedError to the singleton rejection message (e.g.,
"internalreleaseimage is a singleton, .metadata.name must be 'cluster'"). Locate
the block handling onCreate tests and the InternalReleaseImage test entries
(symbols: onCreate, InternalReleaseImage, metadata.name, spec.releases) and
ensure the new test follows the same YAML structure as the other onCreate cases.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@machineconfiguration/v1/types_internalreleaseimage.go`:
- Around line 19-24: The type comment for InternalReleaseImage lacks
documentation that this is a cluster-scoped singleton; update the top-of-file
doc comment for InternalReleaseImage to state that only one instance is allowed
and its metadata.name must equal "cluster" (i.e., singleton resource enforced by
validation metadata.name == 'cluster'), and mention it is cluster-scoped so
consumers understand it represents a single cluster-wide configuration.
- Around line 103-120: Update the comment for the Conditions field to document
the MinItems/MaxItems validation and optionality: state that when the optional
Conditions slice is present it must contain between 1 and 5 metav1.Condition
entries (inclusive) corresponding to the allowed types (Mounted, Installing,
Available, Removing, Degraded), but the entire field may be omitted when no
status is available; ensure this text is added right above the Conditions
[]metav1.Condition `json:"conditions,omitempty"` declaration so reviewers can
see the +kubebuilder:validation:MinItems=1 and
+kubebuilder:validation:MaxItems=5 constraints are documented.
- Around line 70-78: Update the comment for the Conditions field on the
InternalReleaseImage type to document the +kubebuilder:validation:MinItems=1 and
+kubebuilder:validation:MaxItems=20 constraints and clarify the +optional
behavior: state that the field may be omitted entirely, but if present it must
contain between 1 and 20 metav1.Condition entries (valid types: Degraded), and
note the listType=map/listMapKey behavior as already described; edit the comment
immediately above the Conditions []metav1.Condition declaration to include this
text so reviewers can see the validation rules and optionality.

---

Nitpick comments:
In
`@machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml`:
- Around line 1-307: Add an onCreate test to verify the singleton name
constraint for InternalReleaseImage: in the onCreate array add a test (e.g.,
name "Should reject non-cluster name (singleton constraint)") that creates an
InternalReleaseImage with metadata.name: not-cluster and a minimal spec.releases
entry, and set expectedError to the singleton rejection message (e.g.,
"internalreleaseimage is a singleton, .metadata.name must be 'cluster'"). Locate
the block handling onCreate tests and the InternalReleaseImage test entries
(symbols: onCreate, InternalReleaseImage, metadata.name, spec.releases) and
ensure the new test follows the same YAML structure as the other onCreate cases.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 662c10ce-ee1a-4b46-8b2b-217c2756384d

📥 Commits

Reviewing files that changed from the base of the PR and between 1194f4c and 582270b.

⛔ Files ignored due to path filters (6)
  • machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
  • machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
  • machineconfiguration/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
  • machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/zz_generated*
  • machineconfiguration/v1/zz_generated.featuregated-crd-manifests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
  • machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
📒 Files selected for processing (6)
  • hack/update-payload-crds.sh
  • machineconfiguration/v1/register.go
  • machineconfiguration/v1/tests/internalreleaseimages.machineconfiguration.openshift.io/NoRegistryClusterInstall.yaml
  • machineconfiguration/v1/types_internalreleaseimage.go
  • payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-Hypershift.crd.yaml
  • payload-manifests/crds/0000_80_machine-config_01_internalreleaseimages-SelfManagedHA.crd.yaml
💤 Files with no reviewable changes (1)
  • hack/update-payload-crds.sh

Comment thread machineconfiguration/v1/types_internalreleaseimage.go
Comment thread machineconfiguration/v1/types_internalreleaseimage.go
Comment thread machineconfiguration/v1/types_internalreleaseimage.go
@pawanpinjarkar

Copy link
Copy Markdown
Author

/assign @yuqi-zhang

@andfasano

Copy link
Copy Markdown
Contributor

/lgtm

Note for the reviewers: this is required for the NoRegistryClusterInstall feature promotion, see #2859

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 9, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change
/test minor-e2e-upgrade-minor

@pawanpinjarkar

Copy link
Copy Markdown
Author

/retest-required

@pawanpinjarkar

Copy link
Copy Markdown
Author

/verified later @pawanpinjarkar

@openshift-ci-robot openshift-ci-robot added verified-later verified Signifies that the PR passed pre-merge verification criteria labels Jun 9, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@pawanpinjarkar: This PR has been marked to be verified later by @pawanpinjarkar.

Details

In response to this:

/verified later @pawanpinjarkar

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@pawanpinjarkar

Copy link
Copy Markdown
Author

/retest-required

@yuqi-zhang

yuqi-zhang commented Jun 10, 2026

Copy link
Copy Markdown
Contributor
/verified later @pawanpinjarkar

For this PR I would say let's verify through CI directly. Like what we did for openshift/machine-config-operator#6076 (comment) . We can't merge this by itself, and we shouldn't merge without proving all the component pieces work together with an overall switch

The overall API itself looks mostly good, just some minor cleanup needed

@openshift-ci-robot

Copy link
Copy Markdown

@yuqi-zhang: This PR has been marked to be verified later by @pawanpinjarkar.

Details

In response to this:

/verified later @pawanpinjarkar

For this PR I would say let's verify through CI directly. Like what we did for openshift/machine-config-operator#6076 (comment) . We can't merge this by itself, and we shouldn't merge without proving all the component pieces work together with an overall switch

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

// conditions represent the observations of an internal release image current state. Valid types are:
// Mounted, Installing, Available, Removing and Degraded.
//
// If Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a question, can multiple conditions be true at the same time? Or can only 1 be true at a time?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potentially there could be more conditions true simultaneously. For example, Mounted will be set to True when the ISO will be discovered, and if the user decides to add its content (by editing the IRI resource) also Installing will become true

@yuqi-zhang

Copy link
Copy Markdown
Contributor

/verified cancel

@openshift-ci-robot

Copy link
Copy Markdown

@yuqi-zhang: The /verified command must be used with one of the following actions: by, later, remove, or bypass. See https://docs.ci.openshift.org/docs/architecture/jira/#premerge-verification for more information.

Details

In response to this:

/verified cancel

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@yuqi-zhang

Copy link
Copy Markdown
Contributor

/verified remove

@openshift-ci-robot openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label Jun 10, 2026
@JoelSpeed

Copy link
Copy Markdown
Contributor

So I don't think anything would break if both versions were installed, and in fact it would allow all of the other changes to be merged at leisure instead of them having to be simultaneous.

Lets try this out. Lets copy the v1alpha1 schema to a manual override in the v1 API so that the v1 version includes both schemas, merge that, and then migrate the rest over the next few days

Add manual CRD override to include v1alpha1 schema alongside v1 schema
for InternalReleaseImage API. This allows both API versions to coexist
during the graduation period, enabling gradual migration from v1alpha1
to v1 across dependent repositories.

The manual override contains the complete v1alpha1 schema from the
featuregated manifest, which will be merged with the v1 schema during
code generation to produce a CRD that serves both versions.

This addresses the review feedback to support both schemas simultaneously
rather than requiring all consumers to update at once.

Related: openshift#2880 (comment)
During code generation, the manifest-merge tool combines this override with the v1
schema generated from Go types to produce a final CRD that serves both versions:

- v1 (storage: true): New stable API with MaxItems=5 for Conditions
- v1alpha1 (storage: false): Original alpha API with MaxItems=20 for Conditions

Both versions are served, but v1 is the storage version. Resources submitted
via v1alpha1 are automatically converted to v1 for storage in etcd, then
converted back to v1alpha1 when read, ensuring backward compatibility without
requiring simultaneous updates across all consuming repositories.
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 1, 2026
@pawanpinjarkar

Copy link
Copy Markdown
Author

@JoelSpeed Please review the new changes.

/cc @andfasano @bfournie @sadasu

@openshift-ci openshift-ci Bot requested review from andfasano, bfournie and sadasu July 1, 2026 18:01
@pawanpinjarkar pawanpinjarkar requested a review from yuqi-zhang July 1, 2026 18:04
@andfasano

Copy link
Copy Markdown
Contributor

/retest-required

@andfasano

Copy link
Copy Markdown
Contributor

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 2, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change
/test minor-e2e-upgrade-minor

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andfasano, bfournie, everettraven

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@andfasano

Copy link
Copy Markdown
Contributor

/test minor-e2e-upgrade-minor

@andfasano

Copy link
Copy Markdown
Contributor

/test minor-e2e-upgrade-minor

This job seems to have some issue

@pawanpinjarkar

Copy link
Copy Markdown
Author

/verified later

@openshift-ci-robot

Copy link
Copy Markdown

@pawanpinjarkar: /verified later <@username> requires at least one GitHub @username to be specified (it can be a comma delimited list). It indicates the engineer(s) that will be performing the verification. See https://docs.ci.openshift.org/docs/architecture/jira/#premerge-verification for more information.

Details

In response to this:

/verified later

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@pawanpinjarkar

Copy link
Copy Markdown
Author

/verified later @pawanpinjarkar

@pawanpinjarkar

Copy link
Copy Markdown
Author

/retest-required

@openshift-ci-robot openshift-ci-robot added verified-later verified Signifies that the PR passed pre-merge verification criteria labels Jul 2, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@pawanpinjarkar: This PR has been marked to be verified later by @pawanpinjarkar.

Details

In response to this:

/verified later @pawanpinjarkar

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@pawanpinjarkar

Copy link
Copy Markdown
Author

/hold cancel

@openshift-ci openshift-ci Bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 2, 2026
@andfasano

Copy link
Copy Markdown
Contributor

/test e2e-aws-ovn-hypershift

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

/retest-required

Remaining retests: 0 against base HEAD b56324c and 2 for PR HEAD 02030eb in total

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@pawanpinjarkar: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. verified Signifies that the PR passed pre-merge verification criteria verified-later

Projects

None yet

Development

Successfully merging this pull request may close these issues.

10 participants