Skip to content

OCPBUGS-83863: Simplify Dockerfile.openshift to rhel9-only#285

Open
sdodson wants to merge 4 commits intoopenshift:mainfrom
sdodson:el9-only
Open

OCPBUGS-83863: Simplify Dockerfile.openshift to rhel9-only#285
sdodson wants to merge 4 commits intoopenshift:mainfrom
sdodson:el9-only

Conversation

@sdodson
Copy link
Copy Markdown
Member

@sdodson sdodson commented Apr 21, 2026
edited by coderabbitai Bot
Loading

Summary

  • Removes the rhel8 builder stage from Dockerfile.openshift (rhel8 workers no longer supported as of 4.20)
  • Strips binaries with -s -w ldflags to reduce image size
  • Removes the rhel10 builder stage (rhel10 golang builder doesn't exist yet — it was just a duplicate of rhel9)
  • Simplifies runtime to copy rhel9 binaries as default, with OS detection that prefers a version-specific binary directory when one exists
  • Adds comments documenting how to add future RHEL versions

Context

Support for rhel8 workers was removed in 4.20, so rhel8 binaries can be dropped. The rhel10 stage was using the rhel9 golang builder anyway, producing identical binaries. This PR consolidates to a single rhel9 build stage with a flexible runtime layout that can easily accommodate rhel10 when its builder becomes available.

Test plan

  • Verify the OpenShift image builds successfully with only the rhel9 stage
  • Verify binaries are present and stripped in /usr/src/multus-cni/bin/ in the built image
  • Verify entrypoint.sh functions correctly with the simplified directory layout
  • Verify file command shows binaries are stripped (no debug info)

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Simplified OpenShift image build: consolidated per-release binaries into a single RHEL 9-based output and replaced per-version packaging with unified binary placement and versioned views.
    • Adjusted Go build to produce stripped binaries (debug symbols removed) to reduce artifact size while preserving version and build metadata.

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 21, 2026
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Apr 21, 2026

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is invalid:

  • expected the bug to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

  • Removes the rhel8 builder stage and versioned subdirectory structure (rhel8/bin, rhel9/bin) from Dockerfile.openshift
  • Builds only rhel9 binaries directly into /usr/src/multus-cni/bin/
  • Adds a comment documenting how to re-introduce multi-version support (e.g., for rhel10) if needed in the future

Test plan

  • Verify the OpenShift image builds successfully with only the rhel9 stage
  • Verify binaries are present in /usr/src/multus-cni/bin/ in the built image
  • Verify entrypoint.sh functions correctly with the simplified directory layout

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 21, 2026
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 21, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1f68319e-742e-489b-a789-71bea1d64946

📥 Commits

Reviewing files that changed from the base of the PR and between 5a7953f and cb8fb34.

📒 Files selected for processing (1)
  • Dockerfile.openshift

Walkthrough

Removed rhel8/rhel10 builder stages and changed final image to copy rhel9 binaries once and expose rhel9/rhel10 bins as links; removed dynamic OS-version copy logic. Added Go linker flags -s -w to strip debug symbols in hack/build-go.sh.

Changes

Cohort / File(s) Summary
OpenShift Dockerfile
Dockerfile.openshift		 Dropped dedicated rhel8 and rhel10 builder stages and their COPY --from packaging. Final base-rhel9 stage now copies built binaries once into /usr/src/multus-cni/bin and creates /usr/src/multus-cni/rhel9/bin and /usr/src/multus-cni/rhel10/bin as links to the same binaries; removed previous OS-release-driven selection logic that populated the unversioned bin directory.
Build script
hack/build-go.sh		 Appended Go linker options -s -w to LDFLAGS (strip symbol/debug info); existing -X variable assignments preserved with minor whitespace/formatting adjustments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 12
✅ Passed checks (12 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and clearly describes the main change: simplification of Dockerfile.openshift to use only RHEL9, which aligns with the removal of RHEL8 and RHEL10 builder stages and consolidation to a single RHEL9 build stage.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed This PR only modifies Dockerfile.openshift and hack/build-go.sh, neither of which are test files. No Ginkgo test files are modified.
Test Structure And Quality ✅ Passed The custom check for Ginkgo test structure is not applicable to this PR as it only modifies build and infrastructure files with no test code.
Microshift Test Compatibility ✅ Passed PR modifies only infrastructure/build files (Dockerfile.openshift, hack/build-go.sh) with no Ginkgo test patterns or new e2e tests.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No Ginkgo e2e tests were added; only build infrastructure files were modified, making this check not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed This pull request modifies only build-time files (Dockerfile.openshift and hack/build-go.sh) for container image construction and binary optimization, with no changes to deployment manifests, operator code, controllers, or runtime scheduling configurations.
Ote Binary Stdout Contract ✅ Passed This pull request does not introduce violations of the OTE Binary Stdout Contract. Changes are limited to Docker build stage consolidation and build-time linker flags for binary stripping, neither modifying Go source code or introducing new stdout writes.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed This PR only modifies build and deployment configuration files (Dockerfile.openshift and hack/build-go.sh), which contain no Ginkgo e2e test code, making this check not applicable.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Review rate limit: 9/10 reviews remaining, refill in 6 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from bpickard22 and dougbtv April 21, 2026 14:17
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 21, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sdodson
Once this PR has been reviewed and has the lgtm label, please assign s1061123 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 21, 2026
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Apr 21, 2026

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
Details

In response to this:

Summary

  • Removes the rhel8 builder stage and versioned subdirectory structure (rhel8/bin, rhel9/bin) from Dockerfile.openshift
  • Builds only rhel9 binaries directly into /usr/src/multus-cni/bin/
  • Adds a comment documenting how to re-introduce multi-version support (e.g., for rhel10) if needed in the future

Test plan

  • Verify the OpenShift image builds successfully with only the rhel9 stage
  • Verify binaries are present in /usr/src/multus-cni/bin/ in the built image
  • Verify entrypoint.sh functions correctly with the simplified directory layout

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Refactor
  • Simplified the container build process by consolidating binary packaging and removing OS-version-specific binary management. The build now directly prepares a single binary directory instead of maintaining separate versioned subdirectories.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@sdodson @claude
OCPBUGS-83863: Remove rhel8 build stage from Dockerfile.openshift
5c4ba89 
Drop the rhel8 builder stage and versioned subdirectory structure,
building only rhel9 binaries directly into /usr/src/multus-cni/bin/.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Apr 21, 2026

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
Details

In response to this:

Summary

  • Removes the rhel8 builder stage from Dockerfile.openshift
  • Keeps rhel10 and rhel9 build stages with OS-detection to select the correct binaries at build time

Context

Support for rhel8 workers was removed in 4.20, so no cluster upgrading from 4.20 to 4.21 should ever have rhel8 workers. Clusters upgrading from 4.18 to 4.20 through 4.19 may have rhel8 workers, although this is unlikely. Therefore rhel8 binaries are only necessary through 4.20 and can be dropped going forward.

Test plan

  • Verify the OpenShift image builds successfully without the rhel8 stage
  • Verify binaries are present in /usr/src/multus-cni/bin/ in the built image
  • Verify entrypoint.sh functions correctly with the simplified directory layout

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 21, 2026
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 21, 2026

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details 
{}

@sdodson @claude
OCPBUGS-83863: Strip binaries to reduce image size
e01d7ac 
Add -s -w linker flags to remove the symbol table and DWARF debug
info from all built binaries. These are not needed at runtime and
stripping them significantly reduces the final image size.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sdodson sdodson mentioned this pull request Apr 21, 2026
Open
4 tasks
@sdodson
Copy link
Copy Markdown
Member Author

sdodson commented Apr 21, 2026

/hold
Need to test all of these together

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 21, 2026
@sdodson @claude
OCPBUGS-83863: Remove rhel10 build stage from Dockerfile.openshift
5a7953f 
The rhel10 golang builder doesn't exist yet, so the rhel10 stage was
just a duplicate of rhel9. Remove it and simplify the runtime to copy
rhel9 binaries as the default, with OS detection that prefers a
version-specific binary directory when one exists.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sdodson sdodson changed the title OCPBUGS-83863: Remove rhel8 build stage from Dockerfile.openshift OCPBUGS-83863: Simplify Dockerfile.openshift to rhel9-only Apr 28, 2026
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Apr 28, 2026

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

  • Removes the rhel8 builder stage from Dockerfile.openshift (rhel8 workers no longer supported as of 4.20)
  • Strips binaries with -s -w ldflags to reduce image size
  • Removes the rhel10 builder stage (rhel10 golang builder doesn't exist yet — it was just a duplicate of rhel9)
  • Simplifies runtime to copy rhel9 binaries as default, with OS detection that prefers a version-specific binary directory when one exists
  • Adds comments documenting how to add future RHEL versions

Context

Support for rhel8 workers was removed in 4.20, so rhel8 binaries can be dropped. The rhel10 stage was using the rhel9 golang builder anyway, producing identical binaries. This PR consolidates to a single rhel9 build stage with a flexible runtime layout that can easily accommodate rhel10 when its builder becomes available.

Test plan

  • Verify the OpenShift image builds successfully with only the rhel9 stage
  • Verify binaries are present and stripped in /usr/src/multus-cni/bin/ in the built image
  • Verify entrypoint.sh functions correctly with the simplified directory layout
  • Verify file command shows binaries are stripped (no debug info)

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
  • Simplified OpenShift image build to consolidate binaries into a single RHEL 9 output and streamline OS-version selection.
  • Adjusted the Go build to produce stripped binaries (debug/symbols removed) for smaller releases.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@sdodson @claude
OCPBUGS-83863: Simplify OS version bin layout with hardlinks
cb8fb34 
Replace the runtime OS-detection script with hardlinks that place the
same el9 binaries into both rhel9/bin and rhel10/bin directories. This
removes the conditional copy logic while still providing version-specific
bin paths.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 29, 2026

@sdodson: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security cb8fb34 link false /test security
ci/prow/e2e-aws-upgrade cb8fb34 link true /test e2e-aws-upgrade

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bpickard22 bpickard22 Awaiting requested review from bpickard22

@dougbtv dougbtv Awaiting requested review from dougbtv

Assignees

No one assigned

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sdodson @openshift-ci-robot