Skip to content

CNTRLPLANE-2207: Upgrade to CAPI 1.11#8594

Merged
openshift-merge-bot[bot] merged 13 commits into
openshift:mainfrom
enxebre:capi-1.11-bump-dev
Jun 3, 2026
Merged

CNTRLPLANE-2207: Upgrade to CAPI 1.11#8594
openshift-merge-bot[bot] merged 13 commits into
openshift:mainfrom
enxebre:capi-1.11-bump-dev

Conversation

@enxebre
Copy link
Copy Markdown
Member

@enxebre enxebre commented May 27, 2026
edited by coderabbitai Bot
Loading

What this PR does / why we need it:

Bumps hypershift to use CAPI v1.11 including the following tasks:

  • Update CAPI and all providers to a v1.11 compatible version in go.mod.
  • Removes @csrwng's fork containing a temporary fix.
  • Update controller-gen goal in Makefile.
  • Update install assets: CAPI CRDs.
  • Patch CAPI CRDs to use v1beta1 as storage version.
  • Adds conversion webhooks for v1beta1 <-> v1beta2.
  • Removes the temporary CAPI image overrides (OCPBUGS-74247: CAPI image overrides aware of registry config #7575).
  • Check in updated vendored dependencies.

Which issue(s) this PR fixes:

Fixes CNTRLPLANE-2207

Special notes for your reviewer:

Checklist:

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Summary by CodeRabbit

  • New Features

    • Conversion webhook support for hosted cluster CRDs with a CLI flag to enable/disable CAPI conversion.
    • CRD storage-version override support and refined CRD generation.

  • Bug Fixes

    • Improved MachineDeployment completeness detection via conversion metadata validation.
    • Enhanced scale-from-zero capacity reporting to prefer newer CAPI capacity fields.

  • Chores

    • Bumped dependencies and removed legacy CAPI image override helper.
    • Updated build image and linter/config tweaks.

  • Tests

    • Added CRD inclusion and webhook-behavior tests; expanded machine/coverage tests.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 27, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 27, 2026
edited by openshift-ci Bot
Loading

@enxebre: This pull request references CNTRLPLANE-2207 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "5.0." or "openshift-5.0.", but it targets "openshift-4.22" instead.

Details

In response to this:

What this PR does / why we need it:

Bumps hypershift to use CAPI v1.11 including the following tasks:

  • Update CAPI and all providers to a v1.11 compatible version in go.mod.
  • Removes @csrwng's fork containing a temporary fix.
  • Update controller-gen goal in Makefile.
  • Update install assets: CAPI CRDs.
  • Patch CAPI CRDs to use v1beta1 as storage version.
  • Adds conversion webhooks for v1beta1 <-> v1beta2.
  • Removes the temporary CAPI image overrides (OCPBUGS-74247: CAPI image overrides aware of registry config #7575).
  • Check in updated vendored dependencies.

Which issue(s) this PR fixes:

Fixes CNTRLPLANE-2207

Special notes for your reviewer:

Checklist:

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Summary by CodeRabbit

Release Notes

  • Chores
  • Updated Go module dependencies to newer versions for improved stability and security.
  • Adjusted build configuration for CRD generation to optimize the build process.
  • Updated linter configuration to address deprecated package deprecations.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@enxebre
Copy link
Copy Markdown
Member Author

enxebre commented May 27, 2026

supersedes #7590

@openshift-merge-bot
Copy link
Copy Markdown
Contributor

openshift-merge-bot Bot commented May 27, 2026

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 27, 2026
edited
Loading

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 82f996c8-0a5a-47c2-8ffb-9c4d85df4d05

📥 Commits

Reviewing files that changed from the base of the PR and between 9d70224 and 1be104e.

📒 Files selected for processing (7)
  • .codespellignore
  • cmd/install/install.go
  • cmd/install/install_test.go
  • hypershift-operator/controllers/nodepool/capi_test.go
  • hypershift-operator/controllers/nodepool/nodepool_controller.go
  • karpenter-operator/controllers/karpenter/karpenter_controller.go
  • karpenter-operator/controllers/karpenter/karpenter_controller_test.go
✅ Files skipped from review due to trivial changes (1)
  • .codespellignore
🚧 Files skipped from review as they are similar to previous changes (6)
  • karpenter-operator/controllers/karpenter/karpenter_controller.go
  • karpenter-operator/controllers/karpenter/karpenter_controller_test.go
  • hypershift-operator/controllers/nodepool/nodepool_controller.go
  • cmd/install/install.go
  • hypershift-operator/controllers/nodepool/capi_test.go
  • cmd/install/install_test.go
📝 Walkthrough

Walkthrough

This PR centralizes CRD inclusion and conversion wiring (crdIncludeFilter, CAPICRDOverrides), adds --disable-capi-conversion-webhook and operator webhook defaulting, narrows Makefile CRD generation, registers a hostedcluster conversion webhook, migrates Cluster API imports to api/core v1beta1, removes backwardcompat CAPI-image logic (adding ClusterImagePolicy normalization), updates go.mod dependency versions, extends nodepool completion to consult conversion-data, and updates related tests and e2e AWS capacity checks.

Sequence Diagram(s)

sequenceDiagram
  participant CLI
  participant Installer
  participant CRDLoader as setupCRDs
  participant CAPIO as crdassets.CAPICRDOverrides
  participant CRD as CustomResourceDefinition
  participant Operator
  participant Webhook as conversion.Webhook

  CLI->>Installer: parse --disable-capi-conversion-webhook
  Installer->>CRDLoader: build CRD list & apply crdIncludeFilter
  CRDLoader->>CAPIO: consult CAPICRDOverrides by CRD name
  CAPIO->>CRDLoader: provide StorageVersion/NeedsConversion
  CRDLoader->>CRD: set storage version and spec.conversion as needed
  Installer->>Operator: set EnableWebhook based on flags/options
  Operator->>Webhook: register /convert endpoint (hostedcluster)
Loading
  • Suggested reviewers:
    • csrwng
    • bryan-cox
🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Topology-Aware Scheduling Compatibility ⚠️ Warning PR hardcodes HyperShift operator replicas to 2 when webhooks are enabled (default) without checking ControlPlaneTopology, breaking Single Node OpenShift and other constrained topologies. Check infrastructure.Status.ControlPlaneTopology before setting replicas; cap replica count to actual schedulable nodes for SNO, DualReplica, and HighlyAvailableArbiter topologies.
✅ Passed checks (10 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly references the main objective of the PR: upgrading HyperShift to use Cluster API (CAPI) v1.11. The changes across the codebase (import updates, dependency bumps, CRD patching, webhook configuration, and removal of temporary workarounds) all directly support this upgrade goal.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All new tests use stable, deterministic names with no dynamic values like timestamps, UUIDs, pod names, or generated suffixes.
Test Structure And Quality ✅ Passed Tests have single responsibility, meaningful assertion messages, proper timeouts on cluster operations, cleanup with defer patterns, table-driven test structure.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests (It(), Describe(), etc.) were added in this PR. The PR only adds unit tests and enhances existing e2e test helper functions; the custom check is not applicable.
No-Weak-Crypto ✅ Passed No weak cryptography detected. PR contains no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB usage, custom crypto implementations, or non-constant-time secret comparisons.
Container-Privileges ✅ Passed No privilege escalation settings detected in modified files. PR updates CAPI dependencies without introducing privileged containers or security escalations.
No-Sensitive-Data-In-Logs ✅ Passed PR logs only JSON unmarshal errors (not sensitive data) and machine deployment metrics. No credentials, passwords, tokens, PII, or customer data exposed in logs.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@enxebre enxebre mentioned this pull request May 27, 2026
Closed
12 tasks
@openshift-ci openshift-ci Bot requested review from bryan-cox and muraee May 27, 2026 09:46
@openshift-ci openshift-ci Bot added area/api Indicates the PR includes changes for the API area/cli Indicates the PR includes changes for CLI approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release area/platform/aws PR/issue for AWS (AWSPlatform) platform area/platform/azure PR/issue for Azure (AzurePlatform) platform area/platform/gcp PR/issue for GCP (GCPPlatform) platform area/platform/ibmcloud PR/issue for IBMCloud (IBMCloudPlatform) platform area/platform/kubevirt PR/issue for KubeVirt (KubevirtPlatform) platform area/platform/openstack PR/issue for OpenStack (OpenStackPlatform) platform area/platform/powervs PR/issue for PowerVS (PowerVSPlatform) platform area/testing Indicates the PR includes changes for e2e testing and removed do-not-merge/needs-area labels May 27, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 27, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 90.00000% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 41.29%. Comparing base (eb04f61) to head (1be104e).
⚠️ Report is 28 commits behind head on main.

Files with missing lines Patch % Lines
...controllers/hostedcluster/hostedcluster_webhook.go 0.00% 8 Missing ⚠️
cmd/install/assets/crds/assets.go 0.00% 3 Missing and 1 partial ⚠️
cmd/install/install.go 97.33% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8594      +/-   ##
==========================================
+ Coverage   41.26%   41.29%   +0.02%     
==========================================
  Files         755      755              
  Lines       93443    93456      +13     
==========================================
+ Hits        38563    38593      +30     
+ Misses      52148    52134      -14     
+ Partials     2732     2729       -3
Files with missing lines Coverage Δ
cmd/cluster/core/dump.go 4.27% <ø> (ø)
...ontrollers/hostedcontrolplane/v2/kas/kubeconfig.go 0.00% <ø> (ø)
...operator/hostedclusterconfigoperator/api/scheme.go 0.00% <ø> (ø)
...tor/controllers/inplaceupgrader/inplaceupgrader.go 59.03% <ø> (ø)
...onfigoperator/controllers/inplaceupgrader/setup.go 0.00% <ø> (ø)
...usterconfigoperator/controllers/machine/machine.go 67.00% <ø> (ø)
...clusterconfigoperator/controllers/machine/setup.go 0.00% <ø> (ø)
...stedclusterconfigoperator/controllers/node/node.go 38.70% <ø> (ø)
...tor/controllers/spotremediation/spotremediation.go 65.71% <ø> (ø)
...trollers/hostedcluster/hostedcluster_controller.go 44.91% <100.00%> (+0.14%) ⬆️
... and 26 more

... and 1 file with indirect coverage changes

Flag Coverage Δ
cmd-support 34.87% <92.94%> (+<0.01%) ⬆️
cpo-hostedcontrolplane 43.50% <ø> (+0.01%) ⬆️
cpo-other 42.79% <ø> (ø)
hypershift-operator 51.08% <85.45%> (+0.07%) ⬆️
other 31.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

coderabbitai[bot]
coderabbitai Bot reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go (1)

2508-2543: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add unit coverage for the CAPI manager behavior change.

This now changes both the image-selection path and the rendered ClusterRoleBinding subjects, but there’s no matching unit coverage in the provided diff. A focused test around reconcileCAPIManager / reconcileCAPIManagerClusterRoleBinding would lock down the annotation-only image path and the extra capi-provider subject.

As per coding guidelines, "Unit test any code changes and additions".

Also applies to: 2962-2984

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`
around lines 2508 - 2543, Add focused unit tests for reconcileCAPIManager and
reconcileCAPIManagerClusterRoleBinding: create tests that (1) verify image
selection when the hyperv1.ClusterAPIManagerImage annotation is present (ensure
capimanagerv2.NewComponent receives the annotation image path /
capiManager.Reconcile is invoked with that image) and (2) validate the rendered
ClusterRoleBinding subjects include the extra "capi-provider" subject introduced
by reconcileCAPIManagerClusterRoleBinding (use
clusterapi.CAPIManagerClusterRoleBinding to construct expected object and assert
subjects list). Exercise both the annotation-only image path and the default
image path, mocking or faking the createOrUpdate flow and controlPlaneNamespace
lookups as needed so reconcileCAPIManager and
reconcileCAPIManagerClusterRoleBinding behavior is asserted deterministically.
test/e2e/autoscaling_test.go (1)

748-751: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

The scale-from-zero workload is no longer constrained to the scale-from-zero NodePool.

Without targeting the labeled NodePool, pods can schedule on existing nodes and the test may pass/fail without actually validating scale-from-zero behavior.

Proposed fix 
 		workload := &batchv1.Job{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      "scale-from-zero-workload",
 				Namespace: "default",
 			},
 			Spec: batchv1.JobSpec{
 				Template: corev1.PodTemplateSpec{
 					Spec: corev1.PodSpec{
+						NodeSelector: map[string]string{
+							"scale-from-zero-test": "true",
+						},
 						Containers: []corev1.Container{

Also applies to: 889-928

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/autoscaling_test.go` around lines 748 - 751, The test's pods aren't
constrained to the scale-from-zero NodePool because the workload spec doesn't
target the NodePool's label; update the workload pod/Deployment/Job spec to
include a nodeSelector or nodeAffinity that matches the NodePool label key
"scale-from-zero-test" with value "true" so pods can only schedule on nodes from
scaleFromZeroNP (ensure you modify the workload creation code that references
scaleFromZeroNP and add the selector/affinity there); apply the same change to
the other similar test block that uses scaleFromZeroNP further down in the file.
🧹 Nitpick comments (1)
hypershift-operator/controllers/nodepool/capi_test.go (1)

3283-3422: 💤 Low value

Consider adding t.Parallel() for consistency with other tests in this file.

Most other tests in this file use t.Parallel(). Since this test has no shared state and uses table-driven subtests, it would benefit from parallel execution.

 func TestMachineDeploymentComplete(t *testing.T) {
+	t.Parallel()
 	two := int32(2)
 	three := int32(3)
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hypershift-operator/controllers/nodepool/capi_test.go` around lines 3283 -
3422, The TestMachineDeploymentComplete test should run in parallel like other
tests: add t.Parallel() as the first statement inside the
TestMachineDeploymentComplete function, and inside the t.Run closure capture the
loop variable (e.g. tc := tc) then call t.Parallel() immediately after entering
the subtest so each table-driven subtest runs concurrently; update the
TestMachineDeploymentComplete function and its t.Run anonymous func accordingly
(referencing TestMachineDeploymentComplete and the t.Run closure).
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`:
- Around line 2508-2543: Add focused unit tests for reconcileCAPIManager and
reconcileCAPIManagerClusterRoleBinding: create tests that (1) verify image
selection when the hyperv1.ClusterAPIManagerImage annotation is present (ensure
capimanagerv2.NewComponent receives the annotation image path /
capiManager.Reconcile is invoked with that image) and (2) validate the rendered
ClusterRoleBinding subjects include the extra "capi-provider" subject introduced
by reconcileCAPIManagerClusterRoleBinding (use
clusterapi.CAPIManagerClusterRoleBinding to construct expected object and assert
subjects list). Exercise both the annotation-only image path and the default
image path, mocking or faking the createOrUpdate flow and controlPlaneNamespace
lookups as needed so reconcileCAPIManager and
reconcileCAPIManagerClusterRoleBinding behavior is asserted deterministically.

In `@test/e2e/autoscaling_test.go`:
- Around line 748-751: The test's pods aren't constrained to the scale-from-zero
NodePool because the workload spec doesn't target the NodePool's label; update
the workload pod/Deployment/Job spec to include a nodeSelector or nodeAffinity
that matches the NodePool label key "scale-from-zero-test" with value "true" so
pods can only schedule on nodes from scaleFromZeroNP (ensure you modify the
workload creation code that references scaleFromZeroNP and add the
selector/affinity there); apply the same change to the other similar test block
that uses scaleFromZeroNP further down in the file.

---

Nitpick comments:
In `@hypershift-operator/controllers/nodepool/capi_test.go`:
- Around line 3283-3422: The TestMachineDeploymentComplete test should run in
parallel like other tests: add t.Parallel() as the first statement inside the
TestMachineDeploymentComplete function, and inside the t.Run closure capture the
loop variable (e.g. tc := tc) then call t.Parallel() immediately after entering
the subtest so each table-driven subtest runs concurrently; update the
TestMachineDeploymentComplete function and its t.Run anonymous func accordingly
(referencing TestMachineDeploymentComplete and the t.Run closure).
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 3dd6979b-e808-49a4-a4e9-6adff6e87c10

📥 Commits

Reviewing files that changed from the base of the PR and between 89e19f8 and c4b3c5e.

⛔ Files ignored due to path filters (230)
  • api/go.sum is excluded by !**/*.sum
  • api/vendor/modules.txt is excluded by !**/vendor/**
  • api/vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go is excluded by !**/vendor/**
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachinepools.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-azure/infrastructure.cluster.x-k8s.io_azureclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-azure/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsimages.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-kubevirt/infrastructure.cluster.x-k8s.io_kubevirtclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-openstack/infrastructure.cluster.x-k8s.io_openstackclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-openstack/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/addons.cluster.x-k8s.io_clusterresourcesetbindings.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/addons.cluster.x-k8s.io_clusterresourcesets.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_clusterclasses.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_clusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinedeployments.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinedrainrules.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinehealthchecks.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinepools.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinesets.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/ipam.cluster.x-k8s.io_ipaddressclaims.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/ipam.cluster.x-k8s.io_ipaddresses.yaml is excluded by !cmd/install/assets/**/*.yaml
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/_metadata.json is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/assets.json is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/client.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/tsp-location.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets/version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/Azure/go-ansiterm/osc_string_state.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-instance.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-network.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-routes.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-sap-instance.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-shared-processor-pool.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-ssh-key.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-virtual-serial-number.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-vpn-policy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-vpn.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/clients/instance/ibm-pi-workspaces.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/errors/errors.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/helpers/constants.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/p_cloud_s_a_p/pcloud_sap_getall_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/p_cloud_virtual_serial_number/p_cloud_virtual_serial_number_client.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/p_cloud_virtual_serial_number/pcloud_pvminstances_virtualserialnumber_put_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/p_cloud_virtual_serial_number/pcloud_virtualserialnumber_softwaretiers_getall_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/p_cloud_virtual_serial_number/pcloud_virtualserialnumber_softwaretiers_getall_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/power_iaas_api_client.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/routes_client.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_delete_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_delete_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_get_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_get_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_getall_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_getall_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_post_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_post_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_put_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_put_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_report_get_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/routes/v1_routes_report_get_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/ssh_keys_client.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_delete_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_delete_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_get_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_get_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_getall_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_getall_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_post_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_post_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_put_parameters.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/client/ssh_keys/v1_sshkeys_put_responses.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/create_server_virtual_serial_number.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/create_workspace_ssh_key.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/get_server_virtual_serial_number.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/network.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/network_create.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/network_reference.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/network_update.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/p_vm_instance_create.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/placement_group.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/placement_group_create.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/route.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/route_create.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/route_report.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/route_report_route.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/route_update.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/routes.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/s_a_p_create.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/s_a_p_profile.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/s_p_p_placement_group.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/s_p_p_placement_group_create.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/snapshot.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/snapshot_create.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/snapshot_update.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/software_tier.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/supported_software_tier.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/supported_software_tier_list.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/system.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/system_resources.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/update_server_virtual_serial_number.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/update_workspace_ssh_key.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/virtual_serial_number.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/workspace_ssh_key.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM-Cloud/power-go-client/power/models/workspace_ssh_keys.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/authenticator_factory.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/base_service.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/constants.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/container_authenticator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/cp4d_authenticator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/iam_assume_authenticator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/iam_authenticator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/mcsp_v1_authenticator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/mcsp_v2_authenticator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/go-sdk-core/v5/core/version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/ibm-cos-sdk-go/aws/version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/networking-go-sdk/common/version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/networking-go-sdk/transitgatewayapisv1/transit_gateway_apis_v1.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/platform-services-go-sdk/common/version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/platform-services-go-sdk/globalcatalogv1/global_catalog_v1.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/platform-services-go-sdk/globaltaggingv1/global_tagging_v1.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/platform-services-go-sdk/iamidentityv1/iam_identity_v1.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/platform-services-go-sdk/iampolicymanagementv1/iam_policy_management_v1.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/vpc-go-sdk/common/version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/IBM/vpc-go-sdk/vpcv1/vpc_v1.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/.golangci.yml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/internal/json/json.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/internal/json/parser.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gabriel-vasile/mimetype/tree.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/flatten.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/flatten_name.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/flatten_options.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/internal/debug/debug.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/internal/flatten/replace/replace.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/internal/flatten/sortref/keys.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/mixin.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/analysis/schema.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/loads/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/loads/TODO.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/loads/loaders.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/loads/spec.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/bytestream.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/client/request.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/client/runtime.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/csv.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/csv_options.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/logger/standard.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/context.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/denco/router.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/go18.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/pre_go18.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/rapidoc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/redoc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/request.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/router.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/spec.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/swaggerui.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/swaggerui_oauth2.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/ui_defaults.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/ui_options.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/runtime/middleware/validation.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/spec/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/spec/expander.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/BENCHMARK.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/default_validator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/example_validator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/formats.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/helpers.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/object_validator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/options.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/pools.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/pools_debug.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/result.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/schema.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/schema_option.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/schema_props.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/slice_validator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/spec.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/spec_messages.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/type.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/go-openapi/validate/validator.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gophercloud/gophercloud/v2/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gophercloud/gophercloud/v2/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gophercloud/gophercloud/v2/endpoint_search.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gophercloud/gophercloud/v2/provider_client.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gophercloud/gophercloud/v2/results.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gophercloud/gophercloud/v2/service_client.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/gophercloud/gophercloud/v2/util.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**, !**/*.pb.go
  • vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**, !**/*.pb.go
  • vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/moby/term/term_unix.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift-online/ocm-common/pkg/resource/validations/kms_arn_regex_validation.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/cluster-api-provider-agent/api/v1alpha1/agentcluster_types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/cluster-api-provider-agent/api/v1alpha1/agentmachine_types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/cluster-api-provider-agent/api/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*.go, !**/zz_generated*
  • vendor/github.com/openshift/cluster-api-provider-agent/api/v1beta1/agentcluster_types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/cluster-api-provider-agent/api/v1beta1/agentmachine_types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/cluster-api-provider-agent/api/v1beta1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*.go, !**/zz_generated*
  • vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go is excluded by !vendor/**, !**/vendor/**
  • vendor/go.mongodb.org/mongo-driver/bson/unmarshal.go is excluded by !vendor/**, !**/vendor/**
  • vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/LICENSE is excluded by !vendor/**, !**/vendor/**
  • vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/exporter.go is excluded by !vendor/**, !**/vendor/**
  • vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/attribute.go is excluded by !vendor/**, !**/vendor/**
  • vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/instrumentation.go is excluded by !vendor/**, !**/vendor/**
  • vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/resource.go is excluded by !vendor/**, !**/vendor/**
  • vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/span.go is excluded by !vendor/**, !**/vendor/**
📒 Files selected for processing (70)
  • .codespellignore
  • .golangci.yml
  • Makefile
  • api/go.mod
  • cmd/cluster/core/dump.go
  • cmd/install/assets/crds/assets.go
  • cmd/install/install.go
  • cmd/install/install_test.go
  • contrib/gomaxprocs-webhook/Dockerfile
  • control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
  • control-plane-operator/hostedclusterconfigoperator/api/scheme.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/globalps/globalps_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation_test.go
  • go.mod
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/aws/aws.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/azure/azure.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/gcp/gcp.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/platform.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
  • hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go
  • hypershift-operator/controllers/nodepool/aws.go
  • hypershift-operator/controllers/nodepool/aws_test.go
  • hypershift-operator/controllers/nodepool/azure_test.go
  • hypershift-operator/controllers/nodepool/capi.go
  • hypershift-operator/controllers/nodepool/capi_test.go
  • hypershift-operator/controllers/nodepool/conditions.go
  • hypershift-operator/controllers/nodepool/conditions_test.go
  • hypershift-operator/controllers/nodepool/gcp.go
  • hypershift-operator/controllers/nodepool/metrics/metrics.go
  • hypershift-operator/controllers/nodepool/nodepool_controller.go
  • hypershift-operator/controllers/nodepool/nodepool_controller_test.go
  • hypershift-operator/controllers/nodepool/powervs.go
  • hypershift-operator/controllers/nodepool/scale_from_zero_test.go
  • hypershift-operator/controllers/nodepool/version.go
  • hypershift-operator/controllers/nodepool/version_test.go
  • support/api/capi_types.go
  • support/api/scheme.go
  • support/backwardcompat/backwardcompat.go
  • support/backwardcompat/backwardcompat_test.go
  • support/k8sutil/resources.go
  • support/upsert/upsert.go
  • test/e2e/autoscaling_test.go
  • test/e2e/nodepool_day2_tags_test.go
  • test/e2e/nodepool_kv_advanced_multinet_test.go
  • test/e2e/nodepool_osp_advanced_test.go
  • test/e2e/nodepool_rolling_upgrade_test.go
  • test/e2e/nodepool_spot_termination_handler_test.go
  • test/e2e/upgrade_hypershift_operator_test.go
  • test/e2e/util/util.go
  • test/e2e/v2/backuprestore/cleanup.go
💤 Files with no reviewable changes (3)
  • support/backwardcompat/backwardcompat_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/platform.go
  • support/backwardcompat/backwardcompat.go

coderabbitai[bot]
coderabbitai Bot reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
cmd/install/install.go (1)

355-361: 💤 Low value

Verify intentional asymmetry with EnableAuditLogPersistence.

The replica scaling condition here doesn't include opts.EnableAuditLogPersistence, but the EnableWebhook assignment at line 1256 does. This means if only EnableAuditLogPersistence is true (with DisableCAPIConversionWebhook=true and other webhooks disabled), the operator will run with 1 replica but have webhooks enabled.

If this is intentional (audit log mutating webhook doesn't need HA), no change needed. If webhooks generally require 2 replicas for availability, consider adding || o.EnableAuditLogPersistence here.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/install/install.go` around lines 355 - 361, The replica-setting branch
for o.HyperShiftOperatorReplicas omits o.EnableAuditLogPersistence, causing
inconsistent behavior versus the webhook enablement logic; update the
conditional that sets o.HyperShiftOperatorReplicas (the case that currently
checks o.EnableDefaultingWebhook || o.EnableConversionWebhook ||
o.EnableValidatingWebhook || !o.DisableCAPIConversionWebhook) to also include ||
o.EnableAuditLogPersistence so that when audit-log persistence enables the
mutating webhook the operator scales to 2 replicas consistently with the webhook
flags.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@cmd/install/install.go`:
- Around line 355-361: The replica-setting branch for
o.HyperShiftOperatorReplicas omits o.EnableAuditLogPersistence, causing
inconsistent behavior versus the webhook enablement logic; update the
conditional that sets o.HyperShiftOperatorReplicas (the case that currently
checks o.EnableDefaultingWebhook || o.EnableConversionWebhook ||
o.EnableValidatingWebhook || !o.DisableCAPIConversionWebhook) to also include ||
o.EnableAuditLogPersistence so that when audit-log persistence enables the
mutating webhook the operator scales to 2 replicas consistently with the webhook
flags.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c787e632-093a-43b4-8ac4-832bc81c3965

📥 Commits

Reviewing files that changed from the base of the PR and between c4b3c5e and 5e84119.

📒 Files selected for processing (1)
  • cmd/install/install.go

@hypershift-jira-solve-ci hypershift-jira-solve-ci Bot mentioned this pull request May 27, 2026
Open
4 tasks
@enxebre enxebre force-pushed the capi-1.11-bump-dev branch from 5e84119 to 3569ce9 Compare May 27, 2026 12:46
@enxebre enxebre force-pushed the capi-1.11-bump-dev branch from 3569ce9 to 819cca6 Compare May 27, 2026 13:14
clebs and others added 6 commits June 2, 2026 17:24
@clebs @enxebre
feat(capi): Add conversion webhooks for v1beta1/v1beta2
59db58b 
Signed-off-by: Borja Clemente <bclement@redhat.com>
@clebs @enxebre
build(deps): update vendor dependencies for CAPI 1.11
b32be7d 
Signed-off-by: Borja Clemente <bclement@redhat.com>
@clebs @enxebre
fix(capi): remove hardcoded image overrides
cbe47a0 
Remove the temporary hardocded CAPI image overrides now that hypershift
supports CAPI 1.11

Signed-off-by: Borja Clemente <bclement@redhat.com>
@clebs @enxebre
fix(conversion): give capi-provider access to CRDs
c91aa4f 
For conversion to work, the CAPI provider needs to be able to access
CRDs cluster-wide to list available versions.

Signed-off-by: Borja Clemente <bclement@redhat.com>
@jhjaggars @enxebre
fix: update scale-from-zero test for CAPI 1.11 native capacity
e9bfcaa 
Update TestScaleFromZero to support both CAPI 1.11+ native Status.Capacity
and pre-1.11 annotation-based capacity information.

In CAPI 1.11, cluster-api-provider-aws now populates Status.Capacity
directly on AWSMachineTemplate, making the workaround annotations
unnecessary. The HyperShift controller detects this and skips setting
annotations when Status.Capacity is present.

The test now:
- First checks AWSMachineTemplate.Status.Capacity (CAPI 1.11+)
- Falls back to MachineDeployment annotations (pre-CAPI 1.11)
- Logs the capacity source for debugging

This makes the test backward compatible and fixes the failure in PR openshift#7590.
@clebs @enxebre
fix(machineset): don't explicitly set the MinReadySeconds default
942e387 
Setting the MinReadySeconds default to 0 explicitly on the nodepool
controller causes infinite reconciliaiton due to a lossy v1beta1 ->
v1beta2 conversion and flipping value between 0 and nil.

Removing the explicit setting should not have any other side effect
since the zero value of the field is the same.

Signed-off-by: Borja Clemente <bclement@redhat.com>
@enxebre enxebre force-pushed the capi-1.11-bump-dev branch from 58135e0 to 9d70224 Compare June 2, 2026 15:30
coderabbitai[bot]
coderabbitai Bot reviewed Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`:
- Around line 4373-4376: The code dereferences OVNKubernetesConfig.IPv6 fields
when only OVNKubernetesConfig is checked; update the conditional that sets
ipv6JoinSubnet and ipv6TransitSubnet to also verify
hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6 !=
nil (or guard access with a separate nil check) before reading
IPv6.InternalJoinSubnet and IPv6.InternalTransitSwitchSubnet so the reconciler
won’t panic on IPv4-only or absent IPv6 configs; ensure the logic that sets
ipv6JoinSubnet/ipv6TransitSubnet falls back to empty/default values when the
IPv6 struct is nil.
- Around line 2252-2257: kasServingCertHashFromEndpoint currently calls
tls.Dialer.DialContext using the reconcile ctx with no timeout; update this
probe to derive a short-lived context via context.WithTimeout (e.g., a few
seconds) and use that derived context when calling DialContext so the dial
cannot hang indefinitely. Locate kasServingCertHashFromEndpoint and the
tls.Dialer.DialContext call and wrap the dial in a context.WithTimeout/Cancel,
pass the new ctx into DialContext, and ensure you defer the cancel to release
resources.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: f889e68d-e39a-441c-84f2-1602dddc56ec

📥 Commits

Reviewing files that changed from the base of the PR and between 819cca6 and 9d70224.

⛔ Files ignored due to path filters (35)
  • api/go.sum is excluded by !**/*.sum
  • api/vendor/modules.txt is excluded by !**/vendor/**
  • api/vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go is excluded by !**/vendor/**
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachinepools.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-azure/infrastructure.cluster.x-k8s.io_azureclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-azure/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsimages.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-kubevirt/infrastructure.cluster.x-k8s.io_kubevirtclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-openstack/infrastructure.cluster.x-k8s.io_openstackclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-openstack/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/addons.cluster.x-k8s.io_clusterresourcesetbindings.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/addons.cluster.x-k8s.io_clusterresourcesets.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_clusterclasses.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_clusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinedeployments.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinedrainrules.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinehealthchecks.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinepools.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinesets.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/ipam.cluster.x-k8s.io_ipaddressclaims.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/ipam.cluster.x-k8s.io_ipaddresses.yaml is excluded by !cmd/install/assets/**/*.yaml
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (63)
  • .codespellignore
  • .golangci.yml
  • Makefile
  • api/go.mod
  • cmd/cluster/core/dump.go
  • cmd/install/assets/crds/assets.go
  • cmd/install/install.go
  • cmd/install/install_test.go
  • contrib/gomaxprocs-webhook/Dockerfile
  • control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
  • control-plane-operator/hostedclusterconfigoperator/api/scheme.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/globalps/globalps_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation_test.go
  • go.mod
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/aws/aws.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/azure/azure.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/gcp/gcp.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/platform.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
  • hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go
  • hypershift-operator/controllers/nodepool/aws.go
  • hypershift-operator/controllers/nodepool/aws_test.go
  • hypershift-operator/controllers/nodepool/azure_test.go
  • hypershift-operator/controllers/nodepool/capi.go
  • hypershift-operator/controllers/nodepool/capi_test.go
  • hypershift-operator/controllers/nodepool/conditions.go
  • hypershift-operator/controllers/nodepool/conditions_test.go
  • hypershift-operator/controllers/nodepool/gcp.go
  • hypershift-operator/controllers/nodepool/metrics/metrics.go
  • hypershift-operator/controllers/nodepool/nodepool_controller.go
  • hypershift-operator/controllers/nodepool/nodepool_controller_test.go
  • hypershift-operator/controllers/nodepool/powervs.go
  • hypershift-operator/controllers/nodepool/scale_from_zero_test.go
  • hypershift-operator/controllers/nodepool/version.go
  • hypershift-operator/controllers/nodepool/version_test.go
  • karpenter-operator/controllers/karpenter/karpenter_controller.go
  • karpenter-operator/controllers/karpenter/karpenter_controller_test.go
  • support/api/capi_types.go
  • support/api/scheme.go
  • support/backwardcompat/backwardcompat.go
  • support/backwardcompat/backwardcompat_test.go
  • support/k8sutil/resources.go
  • support/upsert/upsert.go
💤 Files with no reviewable changes (39)
  • hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go
  • support/upsert/upsert.go
  • support/k8sutil/resources.go
  • hypershift-operator/controllers/nodepool/powervs.go
  • hypershift-operator/controllers/nodepool/scale_from_zero_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/aws/aws.go
  • hypershift-operator/controllers/nodepool/metrics/metrics.go
  • hypershift-operator/controllers/nodepool/aws.go
  • karpenter-operator/controllers/karpenter/karpenter_controller_test.go
  • hypershift-operator/controllers/nodepool/version.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud_test.go
  • hypershift-operator/controllers/nodepool/conditions_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent.go
  • hypershift-operator/controllers/nodepool/gcp.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
  • hypershift-operator/controllers/nodepool/aws_test.go
  • support/api/capi_types.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud.go
  • hypershift-operator/controllers/nodepool/version_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/azure/azure.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
  • support/api/scheme.go
  • hypershift-operator/controllers/nodepool/azure_test.go
  • hypershift-operator/controllers/nodepool/conditions.go
  • karpenter-operator/controllers/karpenter/karpenter_controller.go
  • support/backwardcompat/backwardcompat.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/gcp/gcp.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/platform.go
  • hypershift-operator/controllers/nodepool/nodepool_controller_test.go
  • hypershift-operator/controllers/nodepool/capi.go
  • support/backwardcompat/backwardcompat_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt.go
  • hypershift-operator/controllers/nodepool/capi_test.go
  • hypershift-operator/controllers/nodepool/nodepool_controller.go
✅ Files skipped from review due to trivial changes (3)
  • .codespellignore
  • cmd/cluster/core/dump.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation.go
🚧 Files skipped from review as they are similar to previous changes (19)
  • contrib/gomaxprocs-webhook/Dockerfile
  • .golangci.yml
  • api/go.mod
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/globalps/globalps_test.go
  • cmd/install/assets/crds/assets.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/setup.go
  • Makefile
  • control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader.go
  • control-plane-operator/hostedclusterconfigoperator/api/scheme.go
  • cmd/install/install.go
  • cmd/install/install_test.go
  • go.mod

coderabbitai[bot]
coderabbitai Bot reviewed Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`:
- Around line 4373-4376: The code dereferences OVNKubernetesConfig.IPv6 fields
when only OVNKubernetesConfig is checked; update the conditional that sets
ipv6JoinSubnet and ipv6TransitSubnet to also verify
hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6 !=
nil (or guard access with a separate nil check) before reading
IPv6.InternalJoinSubnet and IPv6.InternalTransitSwitchSubnet so the reconciler
won’t panic on IPv4-only or absent IPv6 configs; ensure the logic that sets
ipv6JoinSubnet/ipv6TransitSubnet falls back to empty/default values when the
IPv6 struct is nil.
- Around line 2252-2257: kasServingCertHashFromEndpoint currently calls
tls.Dialer.DialContext using the reconcile ctx with no timeout; update this
probe to derive a short-lived context via context.WithTimeout (e.g., a few
seconds) and use that derived context when calling DialContext so the dial
cannot hang indefinitely. Locate kasServingCertHashFromEndpoint and the
tls.Dialer.DialContext call and wrap the dial in a context.WithTimeout/Cancel,
pass the new ctx into DialContext, and ensure you defer the cancel to release
resources.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: f889e68d-e39a-441c-84f2-1602dddc56ec

📥 Commits

Reviewing files that changed from the base of the PR and between 819cca6 and 9d70224.

⛔ Files ignored due to path filters (35)
  • api/go.sum is excluded by !**/*.sum
  • api/vendor/modules.txt is excluded by !**/vendor/**
  • api/vendor/sigs.k8s.io/structured-merge-diff/v6/value/reflectcache.go is excluded by !**/vendor/**
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachinepools.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-aws/infrastructure.cluster.x-k8s.io_awsmachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-azure/infrastructure.cluster.x-k8s.io_azureclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-azure/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-gcp/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmpowervsimages.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io_ibmvpcmachines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-kubevirt/infrastructure.cluster.x-k8s.io_kubevirtclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-openstack/infrastructure.cluster.x-k8s.io_openstackclusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api-provider-openstack/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/addons.cluster.x-k8s.io_clusterresourcesetbindings.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/addons.cluster.x-k8s.io_clusterresourcesets.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_clusterclasses.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_clusters.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinedeployments.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinedrainrules.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinehealthchecks.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinepools.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machines.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/cluster.x-k8s.io_machinesets.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/ipam.cluster.x-k8s.io_ipaddressclaims.yaml is excluded by !cmd/install/assets/**/*.yaml
  • cmd/install/assets/crds/cluster-api/ipam.cluster.x-k8s.io_ipaddresses.yaml is excluded by !cmd/install/assets/**/*.yaml
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (63)
  • .codespellignore
  • .golangci.yml
  • Makefile
  • api/go.mod
  • cmd/cluster/core/dump.go
  • cmd/install/assets/crds/assets.go
  • cmd/install/install.go
  • cmd/install/install_test.go
  • contrib/gomaxprocs-webhook/Dockerfile
  • control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
  • control-plane-operator/hostedclusterconfigoperator/api/scheme.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/globalps/globalps_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation_test.go
  • go.mod
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/aws/aws.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/azure/azure.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/gcp/gcp.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/platform.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
  • hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go
  • hypershift-operator/controllers/nodepool/aws.go
  • hypershift-operator/controllers/nodepool/aws_test.go
  • hypershift-operator/controllers/nodepool/azure_test.go
  • hypershift-operator/controllers/nodepool/capi.go
  • hypershift-operator/controllers/nodepool/capi_test.go
  • hypershift-operator/controllers/nodepool/conditions.go
  • hypershift-operator/controllers/nodepool/conditions_test.go
  • hypershift-operator/controllers/nodepool/gcp.go
  • hypershift-operator/controllers/nodepool/metrics/metrics.go
  • hypershift-operator/controllers/nodepool/nodepool_controller.go
  • hypershift-operator/controllers/nodepool/nodepool_controller_test.go
  • hypershift-operator/controllers/nodepool/powervs.go
  • hypershift-operator/controllers/nodepool/scale_from_zero_test.go
  • hypershift-operator/controllers/nodepool/version.go
  • hypershift-operator/controllers/nodepool/version_test.go
  • karpenter-operator/controllers/karpenter/karpenter_controller.go
  • karpenter-operator/controllers/karpenter/karpenter_controller_test.go
  • support/api/capi_types.go
  • support/api/scheme.go
  • support/backwardcompat/backwardcompat.go
  • support/backwardcompat/backwardcompat_test.go
  • support/k8sutil/resources.go
  • support/upsert/upsert.go
💤 Files with no reviewable changes (39)
  • hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go
  • support/upsert/upsert.go
  • support/k8sutil/resources.go
  • hypershift-operator/controllers/nodepool/powervs.go
  • hypershift-operator/controllers/nodepool/scale_from_zero_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/aws/aws.go
  • hypershift-operator/controllers/nodepool/metrics/metrics.go
  • hypershift-operator/controllers/nodepool/aws.go
  • karpenter-operator/controllers/karpenter/karpenter_controller_test.go
  • hypershift-operator/controllers/nodepool/version.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud_test.go
  • hypershift-operator/controllers/nodepool/conditions_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/agent/agent.go
  • hypershift-operator/controllers/nodepool/gcp.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_webhook.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt_test.go
  • hypershift-operator/controllers/nodepool/aws_test.go
  • support/api/capi_types.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/ibmcloud/ibmcloud.go
  • hypershift-operator/controllers/nodepool/version_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/openstack/openstack.go
  • hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/azure/azure.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
  • support/api/scheme.go
  • hypershift-operator/controllers/nodepool/azure_test.go
  • hypershift-operator/controllers/nodepool/conditions.go
  • karpenter-operator/controllers/karpenter/karpenter_controller.go
  • support/backwardcompat/backwardcompat.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/gcp/gcp.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/platform.go
  • hypershift-operator/controllers/nodepool/nodepool_controller_test.go
  • hypershift-operator/controllers/nodepool/capi.go
  • support/backwardcompat/backwardcompat_test.go
  • hypershift-operator/controllers/hostedcluster/internal/platform/kubevirt/kubevirt.go
  • hypershift-operator/controllers/nodepool/capi_test.go
  • hypershift-operator/controllers/nodepool/nodepool_controller.go
✅ Files skipped from review due to trivial changes (3)
  • .codespellignore
  • cmd/cluster/core/dump.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation.go
🚧 Files skipped from review as they are similar to previous changes (19)
  • contrib/gomaxprocs-webhook/Dockerfile
  • .golangci.yml
  • api/go.mod
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/spotremediation/spotremediation_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/setup.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/globalps/globalps_test.go
  • cmd/install/assets/crds/assets.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/machine/machine_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/node/node_test.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/setup.go
  • Makefile
  • control-plane-operator/controllers/hostedcontrolplane/v2/kas/kubeconfig.go
  • control-plane-operator/hostedclusterconfigoperator/controllers/inplaceupgrader/inplaceupgrader.go
  • control-plane-operator/hostedclusterconfigoperator/api/scheme.go
  • cmd/install/install.go
  • cmd/install/install_test.go
  • go.mod
🛑 Comments failed to post (2)
hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go (2)

2252-2257: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go"

echo "# function body"
sed -n '2252,2265p' "$file"

echo
echo "# call sites"
rg -n 'kasServingCertHashFromEndpoint\s*\(' "$file"

echo
echo "# timeout-related calls in this file"
rg -n 'WithTimeout|WithDeadline|DialContext' "$file"

Repository: openshift/hypershift

Length of output: 1052

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go"

echo "# call site around 1805"
sed -n '1785,1830p' "$file"

echo
echo "# call site around 2212"
sed -n '2185,2265p' "$file"

echo
echo "# timeout/deadline helpers in the file (broader search)"
rg -n --hidden --glob '!**/vendor/**' 'WithTimeout|WithDeadline|Deadline\(' "$file"

echo
echo "# nearby structured usage of ctx cancellation in reconcile (optional context)"
rg -n 'Reconcile\(|ctx :=|context\.With' "$file"

Repository: openshift/hypershift

Length of output: 5766

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go"

echo "# any WithTimeout/WithDeadline/Deadline usage in this file"
rg -n 'WithTimeout|WithDeadline|Deadline\(' "$file" || true

echo
echo "# Reconcile entrypoint signature/body (find where ctx originates)"
rg -n '^func \(r \*HostedClusterReconciler\) Reconcile\(' "$file"
# print a small window after the function line
line=$(rg -n '^func \(r \*HostedClusterReconciler\) Reconcile\(' "$file" | head -n1 | cut -d: -f1)
start=$((line-5))
end=$((line+60))
sed -n "${start},${end}p" "$file"

Repository: openshift/hypershift

Length of output: 2786

Add a dedicated timeout to the KAS certificate probe
kasServingCertHashFromEndpoint dials with tls.Dialer.DialContext(ctx, ...) using the reconcile ctx passed from Reconcile, and this file doesn’t derive any WithTimeout/WithDeadline for that probe. Wrap the dial in context.WithTimeout (short duration like a few seconds) and pass the derived context to DialContext.

🧰 Tools
🪛 ast-grep (0.43.0)

[warning] 2253-2256: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{
InsecureSkipVerify: true,
ServerName: "kubernetes",
}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🪛 OpenGrep (1.22.0)

[ERROR] 2254-2257: TLS certificate verification is disabled via InsecureSkipVerify. This allows man-in-the-middle attacks. Remove InsecureSkipVerify or set it to false.

(coderabbit.tls.go-insecure-skip-verify)

[ERROR] 2254-2257: TLS certificate verification is disabled via InsecureSkipVerify. This allows man-in-the-middle attacks. Remove InsecureSkipVerify or set it to false.

(coderabbit.tls.go-insecure-skip-verify)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`
around lines 2252 - 2257, kasServingCertHashFromEndpoint currently calls
tls.Dialer.DialContext using the reconcile ctx with no timeout; update this
probe to derive a short-lived context via context.WithTimeout (e.g., a few
seconds) and use that derived context when calling DialContext so the dial
cannot hang indefinitely. Locate kasServingCertHashFromEndpoint and the
tls.Dialer.DialContext call and wrap the dial in a context.WithTimeout/Cancel,
pass the new ctx into DialContext, and ensure you defer the cancel to release
resources.

4373-4376: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Guard the optional IPv6 OVN config before dereferencing it.

Line 4375 reads OVNKubernetesConfig.IPv6.* after only checking OVNKubernetesConfig != nil. On IPv4-only or otherwise unset IPv6 configs, this will panic the reconciler instead of returning validation output.

🛡️ Proposed fix 
 		var ipv6JoinSubnet, ipv6TransitSubnet string
 		if hc.Spec.OperatorConfiguration != nil && hc.Spec.OperatorConfiguration.ClusterNetworkOperator != nil &&
-			hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil {
+			hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil &&
+			hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6 != nil {
 			ipv6JoinSubnet = hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6.InternalJoinSubnet
 			ipv6TransitSubnet = hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6.InternalTransitSwitchSubnet
 		}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

		var ipv6JoinSubnet, ipv6TransitSubnet string
		if hc.Spec.OperatorConfiguration != nil && hc.Spec.OperatorConfiguration.ClusterNetworkOperator != nil &&
			hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil &&
			hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6 != nil {
			ipv6JoinSubnet = hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6.InternalJoinSubnet
			ipv6TransitSubnet = hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6.InternalTransitSwitchSubnet
		}
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`
around lines 4373 - 4376, The code dereferences OVNKubernetesConfig.IPv6 fields
when only OVNKubernetesConfig is checked; update the conditional that sets
ipv6JoinSubnet and ipv6TransitSubnet to also verify
hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6 !=
nil (or guard access with a separate nil check) before reading
IPv6.InternalJoinSubnet and IPv6.InternalTransitSwitchSubnet so the reconciler
won’t panic on IPv4-only or absent IPv6 configs; ensure the logic that sets
ipv6JoinSubnet/ipv6TransitSubnet falls back to empty/default values when the
IPv6 struct is nil.

csrwng and others added 5 commits June 3, 2026 11:12
@csrwng @claude @enxebre
fix(nodepool): use conversion-data annotation for MachineDeploymentCo…
f1b235f 
…mplete check

Replace the 1-second sleep workaround for OCPBUGS-77922 with a deterministic
cross-check of the v1beta2 conversion-data annotation. In CAPI v1.11+, the
v1beta1 UpdatedReplicas field maps from deprecated.v1beta1.updatedReplicas
rather than the native upToDateReplicas, which can transiently disagree.
When v1beta1 fields indicate completion, we now verify against the authoritative
v1beta2 status in the conversion-data annotation before declaring complete.

Jira: https://issues.redhat.com/browse/OCPBUGS-77922

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@clebs @enxebre
fix(codespell): Add uptodate to codespellignore
c00576c 
The word uptodate and all its casing variants are a false positive on
codespell. They are defined as such in CAPI.

Signed-off-by: Borja Clemente <bclement@redhat.com>
@enxebre
feat(install): add DisableCAPIConversionWebhook option
45e53af 
Add --disable-capi-conversion-webhook flag (default false) to allow
disabling CAPI CRD conversion webhooks during the v1beta1/v1beta2
transition period. The flag feeds into EnableWebhook and the replica
count computation.

Signed-off-by: Alberto Garcia <algarcia@redhat.com>
@enxebre @claude
fix(install): extract crdIncludeFilter to reduce cyclomatic complexity
cedd0fa 
Moves the CRD include filter logic from setupCRDs into a standalone
crdIncludeFilter function to bring cyclomatic complexity under the
gocyclo threshold of 30.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@enxebre @claude
fix(karpenter): update CAPI import path for 1.11
1be104e 
CAPI 1.11 moved api/v1beta1 to api/core/v1beta1. Update the karpenter
controller import added on main by e148f7d.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@enxebre enxebre force-pushed the capi-1.11-bump-dev branch from 9d70224 to 1be104e Compare June 3, 2026 09:12
@enxebre
Copy link
Copy Markdown
Member Author

enxebre commented Jun 3, 2026

/test e2e-aws

@enxebre
Copy link
Copy Markdown
Member Author

enxebre commented Jun 3, 2026

/pipeline required

@openshift-merge-bot
Copy link
Copy Markdown
Contributor

openshift-merge-bot Bot commented Jun 3, 2026

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aks-4-22
/test e2e-aws-4-22
/test e2e-aks
/test e2e-aws
/test e2e-aws-upgrade-hypershift-operator
/test e2e-azure-self-managed
/test e2e-kubevirt-aws-ovn-reduced
/test e2e-v2-aws
/test e2e-v2-gke

@hypershift-jira-solve-ci
Copy link
Copy Markdown

hypershift-jira-solve-ci Bot commented Jun 3, 2026

AI Test Failure Analysis

Job: pull-ci-openshift-hypershift-main-e2e-aks | Build: 2062104392756105216 | Cost: $4.1839657500000005 | Failed step: hypershift-azure-run-e2e

View full analysis report

Generated by hypershift-analyze-e2e-failure post-step using Claude claude-opus-4-6

@hypershift-jira-solve-ci
Copy link
Copy Markdown

hypershift-jira-solve-ci Bot commented Jun 3, 2026
edited by openshift-ci Bot
Loading

Both the metrics-proxy and endpoint-resolver are running. The EnsureMetricsForwarderWorking test failure is at the Prometheus level — it finds the kube-apiserver target but its health stays down with context deadline exceeded when trying to scrape https://10.132.0.24:9443/metrics/kube-apiserver. This is a different issue — likely a network connectivity issue between Prometheus and the metrics-proxy endpoint in the hosted cluster.

Now I have all the evidence. Let me compile the final report:

Test Failure Analysis Complete

Job Information

  • Prow Job: pull-ci-openshift-hypershift-main-e2e-gke
  • Build ID: 2062100060249788416
  • Target: e2e-gke
  • Type: presubmit (PR CNTRLPLANE-2207: Upgrade to CAPI 1.11 #8594CNTRLPLANE-2207: Upgrade to CAPI 1.11)
  • Start Time: 2026-06-03T09:12:20Z
  • Duration: ~2h48m
  • Result: 38 tests, 10 skipped, 6 failures

Test Failure Analysis

Error

TestCreateClusterHABreakGlassCredentials/ValidateHostedCluster: 
  Degraded=True: UnavailableReplicas(capi-provider deployment has 1 unavailable replicas)
  EtcdAvailable=False: StatefulSetNotFound
  KubeAPIServerAvailable=False: NotFound(Kube APIServer deployment not found)
  Available=False: KubeconfigWaitingForCreate

TestCreateCluster/Main/EnsureMetricsForwarderWorking:
  kube-apiserver target found but health=down, lastError=Get "https://10.132.0.24:9443/metrics/kube-apiserver": context deadline exceeded

Summary

The e2e-gke job failed with 6 test failures across two independent hosted clusters. The TestCreateClusterHABreakGlassCredentials cluster never came up at all — the capi-provider deployment remained permanently unavailable because its availability-prober init container (which probes kube-apiserver:6443/readyz) never succeeded, indicating the kube-apiserver was never deployed. This cascaded: no etcd (StatefulSetNotFound), no kube-apiserver (NotFound), no kubeconfig, and ultimately a 10-minute timeout waiting for the hosted cluster to reach valid conditions. The TestCreateCluster cluster came up successfully but its EnsureMetricsForwarderWorking subtest failed because Prometheus could not scrape the kube-apiserver metrics endpoint through the metrics-proxy (persistent context deadline exceeded), eventually timing out after ~691 seconds. The Teardown then timed out (4367s) because the management cluster API credentials expired during the long test run.

Root Cause

There are two distinct failure paths:

Failure 1: TestCreateClusterHABreakGlassCredentials — Hosted cluster never provisioned (CAPI-related)

The HA Break Glass Credentials hosted cluster (e2e-clusters-p24kj/ha-break-glass-creds-h2cp5) failed to provision entirely. The root cause chain:

  1. The capi-provider-768c6459d5-wfl4n pod was stuck in PodInitializing state — its availability-prober init container started at 09:55:28Z and never completed
  2. The availability-prober probes https://kube-apiserver:6443/readyz — it never got a successful response
  3. Without the capi-provider running, no nodes could be provisioned, etcd was never deployed (StatefulSetNotFound), and the kube-apiserver was never created (NotFound)
  4. The HostedCluster reported Degraded=True: UnavailableReplicas(capi-provider deployment has 1 unavailable replicas)
  5. The test waited 10 minutes for the kubeconfig to be published, then timed out

Critically, the TestCreateCluster cluster's capi-provider pod started at the same time (09:55:28Z) and its availability-prober completed successfully by 09:58:44Z — indicating this is not a universal CAPI 1.11 regression but rather a race condition or resource contention in the HA configuration. The two hosted clusters were running in parallel, and the HA Break Glass cluster may have encountered a resource limit or scheduling conflict on the GKE management cluster that prevented its control plane from starting.

Failure 2: TestCreateCluster/Main/EnsureMetricsForwarderWorking — Metrics scraping failure

The TestCreateCluster hosted cluster provisioned successfully (nodes ready, cluster operators healthy), but the EnsureMetricsForwarderWorking subtest failed. The metrics-proxy and endpoint-resolver deployments were deployed and running, but guest cluster Prometheus could not scrape the kube-apiserver metrics via the metrics-proxy at https://10.132.0.24:9443/metrics/kube-apiserver. The target was found but reported health=down with context deadline exceeded persistently for ~691 seconds. This appears to be a network connectivity issue — possibly konnectivity-server proxy issues as indicated by the initial 500 Internal Server Error from konnectivity-server-local:8090 errors.

Failure 3: TestCreateCluster/Teardown — Credential expiry (consequential)

The Teardown phase (4367s) failed because management cluster API credentials expired during the long-running test, causing Unauthorized errors. This is a consequence of the overall test duration exceeding credential lifetimes, not a root cause.

Recommendations

  1. Investigate HA Break Glass cluster provisioning failure: The capi-provider's availability-prober never completed in the HA cluster while it succeeded in the non-HA cluster. Check whether the CAPI 1.11 upgrade introduced changes to how HA mode deploys control plane components (kube-apiserver, etcd) that could cause a bootstrap ordering issue or race condition in the GKE provider.

  2. Check for resource contention: Both hosted clusters started provisioning at the same time on the same GKE management cluster. The HA variant may require more resources (3 replicas vs 1), potentially hitting GKE node resource limits. Verify management cluster capacity during parallel HC creation.

  3. Re-run the job: Given that TestCreateCluster's capi-provider succeeded while TestCreateClusterHABreakGlassCredentials' did not, this may be intermittent. A re-run would help determine if the failure is consistent with the CAPI 1.11 changes or a flaky resource contention issue.

  4. Investigate metrics-proxy scraping: The EnsureMetricsForwarderWorking failure (kube-apiserver target health=down via metrics-proxy) may be a pre-existing flake unrelated to CAPI 1.11. Check if this test has a history of failures on the main branch.

  5. Extend credential lifetime or add refresh: The Teardown Unauthorized errors indicate management cluster credentials expire within ~2 hours. Consider refreshing credentials during long-running test suites.

Evidence
Evidence Detail
Failed Tests 6 failures: TestCreateClusterHABreakGlassCredentials/ValidateHostedCluster, TestCreateClusterHABreakGlassCredentials, TestCreateCluster/Main/EnsureMetricsForwarderWorking, TestCreateCluster/Main, TestCreateCluster/Teardown, TestCreateCluster
capi-provider pod (HA cluster) Pod capi-provider-768c6459d5-wfl4n stuck in PodInitializing; init container availability-prober running since 09:55:28Z, never completed; pod conditions: Initialized=False reason=ContainersNotInitialized
capi-provider pod (non-HA cluster) Pod capi-provider-64bccbc99f-9rhp4 healthy; init container availability-prober completed at 09:58:44Z with exitCode 0; all containers Ready
HA cluster conditions Degraded=True: UnavailableReplicas(capi-provider deployment has 1 unavailable replicas), EtcdAvailable=False: StatefulSetNotFound, KubeAPIServerAvailable=False: NotFound, Available=False: KubeconfigWaitingForCreate
Metrics failure kube-apiserver target found but health=down, lastError=Get "https://10.132.0.24:9443/metrics/kube-apiserver": context deadline exceeded — persisted for 691s
Konnectivity errors proxy error from konnectivity-server-local:8090 while dialing 10.0.0.3:10250, code 500: 500 Internal Server Error
Teardown failure Unauthorized errors from hypershift.openshift.io/v1beta1 API — management cluster credential expiry
Test step hypershift-gcp-run-e2e timed out at 2h0m45s; exit code 127
Prow Job URL https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_hypershift/8594/pull-ci-openshift-hypershift-main-e2e-gke/2062100060249788416

@enxebre
Copy link
Copy Markdown
Member Author

enxebre commented Jun 3, 2026

/test e2e-aws-4-22
test e2e-aks

@enxebre
Copy link
Copy Markdown
Member Author

enxebre commented Jun 3, 2026

/test e2e-aks

@enxebre enxebre added the lgtm Indicates that a PR is ready to be merged. label Jun 3, 2026
@openshift-merge-bot
Copy link
Copy Markdown
Contributor

openshift-merge-bot Bot commented Jun 3, 2026

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

@enxebre
Copy link
Copy Markdown
Member Author

enxebre commented Jun 3, 2026

/hold cancel
/verified by e2e @enxebre

@openshift-ci openshift-ci Bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 3, 2026
@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jun 3, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Jun 3, 2026

@enxebre: This PR has been marked as verified by e2e @enxebre.

Details

In response to this:

/hold cancel
/verified by e2e @enxebre

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Jun 3, 2026

@enxebre: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gke 1be104e link false /test e2e-gke

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot Bot merged commit b593a02 into openshift:main Jun 3, 2026
46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@muraee muraee Awaiting requested review from muraee

+1 more reviewer

@bryan-cox bryan-cox bryan-cox approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@bryan-cox bryan-cox

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/api Indicates the PR includes changes for the API area/cli Indicates the PR includes changes for CLI area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release area/karpenter-operator Indicates the PR includes changes related to the Karpenter operator area/platform/aws PR/issue for AWS (AWSPlatform) platform area/platform/azure PR/issue for Azure (AzurePlatform) platform area/platform/gcp PR/issue for GCP (GCPPlatform) platform area/platform/ibmcloud PR/issue for IBMCloud (IBMCloudPlatform) platform area/platform/kubevirt PR/issue for KubeVirt (KubevirtPlatform) platform area/platform/openstack PR/issue for OpenStack (OpenStackPlatform) platform area/platform/powervs PR/issue for PowerVS (PowerVSPlatform) platform area/testing Indicates the PR includes changes for e2e testing jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@enxebre @openshift-ci-robot @bryan-cox @cwbotbot @JoelSpeed @clebs @jhjaggars @csrwng