WIP: Testing only; no merge by hongkailiu · Pull Request #1392 · openshift/cluster-version-operator

hongkailiu · 2026-05-21T03:40:47Z

/hold

Summary by CodeRabbit

New Features
- Added CLI flags --tls-min-version and --tls-cipher-suites for configurable TLS overrides.
Tests
- Added comprehensive unit tests for TLS profile management and configuration validation.
Chores
- Updated Go module dependencies to newer versions.

Honor the central TLS profile [1] with event-driven dynamic updates. Implementation uses an APIServer informer with event handlers to proactively cache TLS settings, eliminating per-handshake lister calls while maintaining dynamic reconfiguration capability. The cached settings are applied during TLS handshakes via GetConfigForClient. The commit aims to focus on availability over strict consistency on errors, such as an error fetching the API server object. The CVO provides critical metrics and as such, I am inclined towards availability instead of strict TLS configuration consistency. The TLS adherence feature is currently in Tech Preview. Components do not need to check the feature gate explicitly though [2]: > Component Interaction with the Feature Gate: The feature gate controls > whether the tlsAdherence field is accepted by the API server — > components themselves do not need to check the feature gate. > Because the field is optional (+optional, omitempty), components only > need to handle the field's value when unmarshaling the APIServer config > ... > This means components do not need to set up feature gate watching or > add feature-gate-specific code paths. The ShouldHonorClusterTLSProfile > helper in library-go encapsulates all of this logic. The ShouldHonorClusterTLSProfile helper from library-go encapsulates this logic. Configuration precedence: crypto defaults → central profile → overrides (override support added in next commit for HyperShift compatibility). [1]: https://github.com/openshift/enhancements/blob/master/enhancements/security/centralized-tls-config.md [2]: https://github.com/openshift/enhancements/blob/master/enhancements/security/centralized-tls-config.md#feature-gate Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

…perShift Add --tls-min-version and --tls-cipher-suites flags based on recommendations from the centralized TLS config enhancement [1] to support HyperShift deployments: > When these flags are set by the CPO, they take precedence over any > value the component would read from > apiservers.config.openshift.io/cluster. When they are not set, the > component falls back to its normal behavior of watching the cluster config. This allows hosted control planes components, which are deployed in the management cluster, to have different TLS setting or for the components to not need to read the management cluster Kubernetes API server. [1]: https://github.com/openshift/enhancements/blob/master/enhancements/security/centralized-tls-config.md Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

openshift-ci · 2026-05-21T03:40:51Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

openshift-ci · 2026-05-21T03:40:55Z

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

coderabbitai · 2026-05-21T03:41:01Z

Walkthrough

This PR introduces a central TLS profile manager that reads Kubernetes APIServer TLS configuration, applies it with CLI override precedence, and propagates settings through the CVO operator to its metrics server. New CLI flags allow operators to override TLS minimum version and cipher suites.

Changes

TLS Profile Manager Feature

Layer / File(s)	Summary
TLS Profile Manager package `pkg/tls/tls.go`	ProfileManager reads APIServer TLS profiles, caches apply functions, and registers informer event handlers. ApplySettings applies crypto defaults, the central profile, then override values in order of precedence. Options type parses CLI override strings into validated Settings.
TLS Profile Manager tests `pkg/tls/tls_test.go`	Eight test functions verify profile application across TLS versions, override precedence, safe default fallback on initialization/runtime errors, event handler behavior, and TLS adherence policy control.
CVO Operator integration `pkg/cvo/cvo.go`	Operator gains profileMgr field initialized by NewProfileManager with apiServerInformer and parsed overrides. New() constructor extended with apiServerInformer and *cvotls.Settings parameters. Exported ApplySettings() exposes the callback to callers.
Metrics server TLS integration `pkg/cvo/metrics.go`	RunMetrics signature updated to accept applySettings callback; invoked during TLS handshake config generation to apply central and override settings to metrics endpoint TLS.
Startup orchestration and wiring `pkg/start/start.go`	Options struct gains TLSOptions field; ValidateAndComplete parses/validates overrides; cache sync loop waits for ConfigInformerFactory; cvo.New constructor call passes APIServers informer and overrides; metrics goroutine invocation routed through CVO.ApplySettings().
CLI flag wiring `cmd/cluster-version-operator/start.go`	Adds imports for flag helpers; defines --tls-min-version and --tls-cipher-suites persistent flags wired to TLSOptions fields with dynamic help text.
Dependency updates `go.mod`	Bumped ginkgo/gomega test frameworks, OpenShift client and controller-runtime packages, core Kubernetes libraries, and transitive indirect dependencies.

Sequence Diagram(s)

sequenceDiagram
  participant CLI as CLI Flags
  participant Startup as Start Options
  participant Manager as TLS Manager
  participant CVO as CVO Operator
  participant Metrics as Metrics Server
  participant APIServer as APIServer Resource
  CLI->>Startup: Parse --tls-min-version, --tls-cipher-suites
  Startup->>Startup: ValidateAndComplete: parse & validate overrides
  Startup->>Manager: NewProfileManager(apiServerInformer, overrides)
  Manager->>APIServer: Read TLS profile spec
  Manager->>Manager: Cache apply function + register event handlers
  Startup->>CVO: cvo.New(..., apiServerInformer, overrides)
  CVO->>CVO: Initialize profileMgr
  Startup->>Metrics: RunMetrics(..., CVO.ApplySettings())
  APIServer->>Manager: Emit add/update/delete events on changes
  Manager->>Manager: Update cached TLS profile
  Metrics->>Manager: GetConfigForClient calls applySettings(config)
  Manager->>Metrics: Apply central profile + overrides to TLS config

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'WIP: Testing only; no merge' is unrelated to the actual changeset, which implements TLS profile management and override flags for the cluster-version-operator.	Update the title to reflect the main change, such as 'Add dynamic TLS profile management with override support' or similar, as the current WIP placeholder does not describe the actual implementation.
Test Structure And Quality	⚠️ Warning	Tests lack proper resource cleanup. All 9 informer factories created and started in tests are never explicitly stopped (0 Stop() calls), violating cleanup requirement.	Add defer informerFactory.Stop() after each Start() call in all tests; fix Test_tlsProfileManager_EventHandlers marked with t.Skip("TODO").

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 92.86% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in pkg/tls/tls_test.go are stable and deterministic static strings with no dynamic information, UUIDs, timestamps, pod names, or other generated identifiers.
Microshift Test Compatibility	✅ Passed	PR adds only standard Go unit tests (pkg/tls/tls_test.go with 8 Test_* functions), not Ginkgo e2e tests. Custom check targets new Ginkgo e2e tests only.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds only standard Go unit tests in pkg/tls/tls_test.go (using testing.T), not Ginkgo e2e tests. SNO check applies only to Ginkgo e2e tests (It/Describe/Context/When constructs).
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds TLS configuration management code only, with no scheduling constraints introduced. No deployment manifests, affinity rules, or nodeSelector modifications are present.
Ote Binary Stdout Contract	✅ Passed	No OTE Binary Stdout Contract violations found. All logging uses klog configured with alsologtostderr=true for stderr output. No fmt.Print* or os.Stdout writes in modified process-level code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds only standard Go unit tests (using testing.T), not Ginkgo e2e tests. No tests with Ginkgo patterns (It(), Describe(), Context(), When()) were found. The check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

⚔️ Resolve merge conflicts

Resolve merge conflict in branch pr1338

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-05-21T03:41:08Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hongkailiu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [hongkailiu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (2)

go.mod (1)
30-35: 🏗️ Heavy lift

Verify Kubernetes direct dependency patch skew is intentional.

Direct k8s.io/* dependencies are mixed across v0.35.1 and v0.35.2. If this isn’t deliberate, aligning patch versions usually reduces resolver/compatibility surprises in controller-runtime stacks.

Also applies to: 37-37
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 30 - 35, The go.mod has mixed Kubernetes patch versions
(some v0.35.1 and some v0.35.2) which can cause resolver/compatibility issues;
update the entries for k8s.io/api, k8s.io/apiextensions-apiserver,
k8s.io/apimachinery, k8s.io/apiserver, k8s.io/client-go, and
k8s.io/component-base so they all use the same patch level (e.g., all v0.35.2 or
all v0.35.1) to align patch versions consistently across the direct k8s.io/*
dependencies, then run go mod tidy to refresh the lock info.
pkg/tls/tls_test.go (1)
425-493: 🏗️ Heavy lift

Before enabling this test, stop bypassing the production handler path.

After NewProfileManager registers its own informer handler, this test adds a second handler that calls mgr.updateSettings directly. Once t.Skip is removed, the assertions can still pass with broken registerEventHandlers wiring because the test-owned handler keeps the manager updated. Prefer observing the state changes driven by the manager's existing handler, or test registerEventHandlers in isolation.

If helpful, I can sketch a deterministic fake-client/informer version of this test.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/tls/tls_test.go` around lines 425 - 493, The test bypasses the manager's
own event handler by adding a second informer handler that calls
mgr.updateSettings directly; remove that AddEventHandler block and instead
exercise the manager's production path by either calling the manager's
registerEventHandlers (or exposing a method to register handlers) and starting
the informer factory (informerFactory.Start(...) and wait for cache sync), then
create/update/delete APIServer objects via the fakeClient so the manager's
registered handler processes them and pushes updates; keep the existing helpers
(waitForEvent, verifyMinVersion) but drive events through
fakeClient.ConfigV1().APIServers().Create/Update/Delete so
registerEventHandlers, NewProfileManager, and updateSettings are exercised
deterministically.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 11-12: go.mod declares github.com/onsi/ginkgo/v2 v2.28.1 but also
contains a replace directive pointing github.com/onsi/ginkgo/v2 =>
github.com/openshift/onsi-ginkgo/v2 v2.6.1-0... which creates a version
mismatch; either remove the replace to use upstream v2.28.1 or update the
replace target to an openshift/onsi-ginkgo commit that is API-compatible with
v2.28.x so the required and replaced versions align, and similarly reconcile
k8s.io/* versions (e.g., k8s.io/api vs k8s.io/apiserver) so their minor/patch
versions are consistent per project compatibility policy and tests.

In `@pkg/tls/tls.go`:
- Around line 171-196: CreateOverrides currently preserves o.settings from prior
runs when there are no overrides or when validation later fails; to fix, clear
the cached overrides at the start of CreateOverrides by setting o.settings = nil
(or otherwise resetting the cached Settings) so each call recomputes from flags;
keep the rest of the validation logic as-is (references: CreateOverrides method
and the o.settings field, also GetOverrides/ProfileManager which read
o.settings).

---

Nitpick comments:
In `@go.mod`:
- Around line 30-35: The go.mod has mixed Kubernetes patch versions (some
v0.35.1 and some v0.35.2) which can cause resolver/compatibility issues; update
the entries for k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery,
k8s.io/apiserver, k8s.io/client-go, and k8s.io/component-base so they all use
the same patch level (e.g., all v0.35.2 or all v0.35.1) to align patch versions
consistently across the direct k8s.io/* dependencies, then run go mod tidy to
refresh the lock info.

In `@pkg/tls/tls_test.go`:
- Around line 425-493: The test bypasses the manager's own event handler by
adding a second informer handler that calls mgr.updateSettings directly; remove
that AddEventHandler block and instead exercise the manager's production path by
either calling the manager's registerEventHandlers (or exposing a method to
register handlers) and starting the informer factory (informerFactory.Start(...)
and wait for cache sync), then create/update/delete APIServer objects via the
fakeClient so the manager's registered handler processes them and pushes
updates; keep the existing helpers (waitForEvent, verifyMinVersion) but drive
events through fakeClient.ConfigV1().APIServers().Create/Update/Delete so
registerEventHandlers, NewProfileManager, and updateSettings are exercised
deterministically.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 05bceda1-1010-40cc-8afd-cda40eeacddc

📥 Commits

Reviewing files that changed from the base of the PR and between bb338d4 and 8e68c4a.

⛔ Files ignored due to path filters (198)

go.sum is excluded by !**/*.sum, !go.sum
vendor/github.com/google/btree/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/README.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/btree.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/merge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/profile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/proto.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/prune.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/format/format.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/net/http2/transport.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/net/trace/events.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/net/websocket/hybi.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sync/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sync/PATENTS is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/term/terminal.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !vendor/**, !**/vendor/**
vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !vendor/**, !**/vendor/**
vendor/gomodules.xyz/jsonpatch/v2/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/gomodules.xyz/jsonpatch/v2/jsonpatch.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/ciphersuites_flag.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/colon_separated_multimap_string_string.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/configuration_map.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/flags.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/langle_separated_map_string_string.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/map_string_bool.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/map_string_string.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/namedcertkey_flag.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/noop.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/omitempty.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/sectioned.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/string_flag.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/string_slice_flag.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/tracker_flag.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/component-base/cli/flag/tristate.go is excluded by !vendor/**, !**/vendor/**
vendor/k8s.io/utils/buffer/ring_fixed.go is excluded by !vendor/**, !**/vendor/**
vendor/modules.txt is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/.gitignore is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/.golangci.yml is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/.gomodcheck.yaml is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/CONTRIBUTING.md is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/FAQ.md is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/Makefile is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/OWNERS is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/OWNERS_ALIASES is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/README.md is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/RELEASE.md is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/SECURITY_CONTACTS is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/TMP-LOGGING.md is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/VERSIONING.md is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/alias.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/code-of-conduct.md is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/builder/controller.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/builder/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/builder/options.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/builder/webhook.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/cache.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/delegating_by_gvk_cache.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/informer_cache.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/cache_reader.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/informers.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/internal/selector.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cache/multi_namespace_cache.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/certwatcher.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics/metrics.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/apimachinery.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/apiutil/errors.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/client.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/client_rest_resources.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/config/config.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/dryrun.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/fake/client.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/fake/versioned_tracker.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/fieldowner.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/fieldvalidation.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/interceptor/intercept.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/interfaces.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/namespaced_client.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/options.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/patch.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/typed_client.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/client/unstructured_client.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cluster/cluster.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/cluster/internal.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/config/controller.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/controller/controller.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/controller/controllerutil/controllerutil.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/controller/controllerutil/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/controller/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/controller/name.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/controller/priorityqueue/metrics.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/controller/priorityqueue/priorityqueue.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/event/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/event/event.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/handler/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/handler/enqueue.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/handler/enqueue_mapped.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/handler/enqueue_owner.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/handler/eventhandler.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/healthz/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/healthz/healthz.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/metrics/metrics.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/httpserver/server.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/metrics/workqueue.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/recorder/recorder.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/source/event_handler.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/source/kind.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/internal/syncs/syncs.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/leaderelection/leader_election.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/log/deleg.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/log/log.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/log/null.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/internal.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/manager.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/runnable_group.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/server.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/signals/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/signals/signal.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/signals/signal_posix.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/manager/signals/signal_windows.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/metrics/client_go_adapter.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/metrics/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/metrics/leaderelection.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/metrics/registry.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/metrics/server/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/metrics/server/server.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/metrics/workqueue.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/predicate/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/predicate/predicate.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/reconcile/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/reconcile/reconcile.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/recorder/recorder.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/source/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/source/source.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/decode.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/defaulter_custom.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/http.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/metrics/metrics.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/multi.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/response.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/validator_custom.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/webhook.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/alias.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/conversion/conversion.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/conversion/conversion_hubspoke.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/conversion/conversion_registry.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/conversion/decoder.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/conversion/metrics/metrics.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/doc.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics/metrics.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/structured-merge-diff/v6/schema/elements.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/structured-merge-diff/v6/typed/remove.go is excluded by !vendor/**, !**/vendor/**
vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (7)

cmd/cluster-version-operator/start.go
go.mod
pkg/cvo/cvo.go
pkg/cvo/metrics.go
pkg/start/start.go
pkg/tls/tls.go
pkg/tls/tls_test.go

coderabbitai · 2026-05-21T03:50:25Z

+	github.com/onsi/ginkgo/v2 v2.28.1
+	github.com/onsi/gomega v1.39.1


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail # Show go.mod with line numbers around the cited regions. echo "=== go.mod lines 1-180 (numbered, but keep it bounded) ===" nl -ba go.mod | sed -n '1,180p' # Extract just the relevant require/replace entries (if present). echo "=== Matching ginkgo/gomega entries ===" rg -n "github.com/onsi/ginkgo/v2|github.com/onsi/gomega|openshift/onsi-ginkgo/v2" go.mod || true echo "=== Matching k8s.io/* direct deps and versions ===" # Print k8s.io.* lines inside require blocks. rg -n "^\s*k8s\.io/.*\sv0\." go.mod || true echo "=== Matching all k8s.io/* replace directives (if any) ===" rg -n "^\s*replace\s+k8s\.io/|replace\s+\(k8s\.io/" go.mod || true

Repository: openshift/cluster-version-operator

Length of output: 198

🏁 Script executed:

#!/bin/bash set -u echo "=== go.mod lines 1-180 (numbered) ===" awk '{printf "%6d\t%s\n", NR, $0}' go.mod | sed -n '1,180p' echo "=== Matching ginkgo/gomega entries ===" rg -n "github.com/onsi/ginkgo/v2|github.com/onsi/gomega|openshift/onsi-ginkgo/v2" go.mod || true echo "=== Matching k8s.io/* require lines (v0.35.*) ===" rg -n "^\s*k8s\.io/.*\sv0\.35\." go.mod || true echo "=== Matching k8s.io/* replace directives ===" rg -n "^\s*replace\s+k8s\.io/|replace\s+\(k8s\.io/" go.mod || true

Repository: openshift/cluster-version-operator

Length of output: 6966

Resolve Ginkgo require vs replace contract mismatch in go.mod.

go.mod requires github.com/onsi/ginkgo/v2 v2.28.1 (lines 11-12) but overrides it with replace github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 (line 115), so the effective Ginkgo version differs from the declared one.

Prefer removing the replace if upstream v2.28.1 is intended, or move the replace target to an openshift/onsi-ginkgo commit known to be API-compatible with v2.28.x.

Direct k8s.io/* deps are skewed between v0.35.1 and v0.35.2 (e.g., k8s.io/api v0.35.2 vs k8s.io/apiserver v0.35.1); keep this only if the repo’s compatibility policy/tests validate it.

Suggested fix

- replace github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 + // Option A: remove replace if upstream v2.28.1 is intended + // Option B: move replace target to an openshift/onsi-ginkgo commit that is API-compatible with v2.28.x

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@go.mod` around lines 11 - 12, go.mod declares github.com/onsi/ginkgo/v2 v2.28.1 but also contains a replace directive pointing github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0... which creates a version mismatch; either remove the replace to use upstream v2.28.1 or update the replace target to an openshift/onsi-ginkgo commit that is API-compatible with v2.28.x so the required and replaced versions align, and similarly reconcile k8s.io/* versions (e.g., k8s.io/api vs k8s.io/apiserver) so their minor/patch versions are consistent per project compatibility policy and tests.

coderabbitai · 2026-05-21T03:50:25Z

+func (o *Options) CreateOverrides() error {
+	// If no overrides, return nil (central profile or defaults will be used)
+	if o.MinVersionOverride == "" && len(o.CipherSuitesOverride) == 0 {
+		return nil
+	}
+
+	validated := &Settings{}
+
+	if o.MinVersionOverride != "" {
+		minVersion, err := cliflag.TLSVersion(o.MinVersionOverride)
+		if err != nil {
+			return fmt.Errorf("invalid --tls-min-version %q: %w (valid values: %v)", o.MinVersionOverride, err, cliflag.TLSPossibleVersions())
+		}
+		validated.MinVersion = minVersion
+	}
+
+	if len(o.CipherSuitesOverride) > 0 {
+		cipherSuites, err := cliflag.TLSCipherSuites(o.CipherSuitesOverride)
+		if err != nil {
+			return fmt.Errorf("invalid --tls-cipher-suites: %w", err)
+		}
+		validated.CipherSuites = cipherSuites
+	}
+
+	o.settings = validated
+	return nil


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Reset cached overrides before each parse.

CreateOverrides preserves o.settings from the last successful call. If the same Options instance is validated again after clearing flags, or after introducing an invalid value, GetOverrides() still returns the old overrides and ProfileManager can apply settings the caller no longer requested.

Proposed fix

func (o *Options) CreateOverrides() error { + o.settings = nil + // If no overrides, return nil (central profile or defaults will be used) if o.MinVersionOverride == "" && len(o.CipherSuitesOverride) == 0 { return nil } validated := &Settings{}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

func (o *Options) CreateOverrides() error {

// If no overrides, return nil (central profile or defaults will be used)

if o.MinVersionOverride == "" && len(o.CipherSuitesOverride) == 0 {

return nil

}

validated := &Settings{}

if o.MinVersionOverride != "" {

minVersion, err := cliflag.TLSVersion(o.MinVersionOverride)

if err != nil {

return fmt.Errorf("invalid --tls-min-version %q: %w (valid values: %v)", o.MinVersionOverride, err, cliflag.TLSPossibleVersions())

}

validated.MinVersion = minVersion

}

if len(o.CipherSuitesOverride) > 0 {

cipherSuites, err := cliflag.TLSCipherSuites(o.CipherSuitesOverride)

if err != nil {

return fmt.Errorf("invalid --tls-cipher-suites: %w", err)

}

validated.CipherSuites = cipherSuites

}

o.settings = validated

return nil

func (o *Options) CreateOverrides() error {

o.settings = nil

// If no overrides, return nil (central profile or defaults will be used)

if o.MinVersionOverride == "" && len(o.CipherSuitesOverride) == 0 {

return nil

}

validated := &Settings{}

if o.MinVersionOverride != "" {

minVersion, err := cliflag.TLSVersion(o.MinVersionOverride)

if err != nil {

return fmt.Errorf("invalid --tls-min-version %q: %w (valid values: %v)", o.MinVersionOverride, err, cliflag.TLSPossibleVersions())

}

validated.MinVersion = minVersion

}

if len(o.CipherSuitesOverride) > 0 {

cipherSuites, err := cliflag.TLSCipherSuites(o.CipherSuitesOverride)

if err != nil {

return fmt.Errorf("invalid --tls-cipher-suites: %w", err)

}

validated.CipherSuites = cipherSuites

}

o.settings = validated

return nil

}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/tls/tls.go` around lines 171 - 196, CreateOverrides currently preserves o.settings from prior runs when there are no overrides or when validation later fails; to fix, clear the cached overrides at the start of CreateOverrides by setting o.settings = nil (or otherwise resetting the cached Settings) so each call recomputes from flags; keep the rest of the validation logic as-is (references: CreateOverrides method and the o.settings field, also GetOverrides/ProfileManager which read o.settings).

DavidHurta and others added 6 commits May 6, 2026 23:23

deps: Run go mod tidy and go mod vendor

af2798c

TLS has its own pkg

9870395

Move things around

43c87d3

Fix tests

8e68c4a

openshift-ci Bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels May 21, 2026

openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 21, 2026

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 21, 2026

coderabbitai Bot reviewed May 21, 2026

View reviewed changes

hongkailiu mentioned this pull request May 21, 2026

OTA-1836: Honor the centralized TLS configuration #1338

Open

hongkailiu closed this May 21, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WIP: Testing only; no merge#1392

WIP: Testing only; no merge#1392
hongkailiu wants to merge 6 commits into
openshift:mainfrom
hongkailiu:pr1338

hongkailiu commented May 21, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

openshift-ci Bot commented May 21, 2026

Uh oh!

openshift-ci Bot commented May 21, 2026

Uh oh!

coderabbitai Bot commented May 21, 2026 •

edited

Loading

❌ Failed checks (2 warnings)

Uh oh!

openshift-ci Bot commented May 21, 2026

Uh oh!

coderabbitai Bot left a comment

Uh oh!

coderabbitai Bot May 21, 2026

Uh oh!

coderabbitai Bot May 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

		github.com/onsi/ginkgo/v2 v2.28.1
		github.com/onsi/gomega v1.39.1

Conversation

hongkailiu commented May 21, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

openshift-ci Bot commented May 21, 2026

Uh oh!

openshift-ci Bot commented May 21, 2026

Uh oh!

coderabbitai Bot commented May 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

❌ Failed checks (2 warnings)

Uh oh!

openshift-ci Bot commented May 21, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 21, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 21, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

hongkailiu commented May 21, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 21, 2026 •

edited

Loading