Modified vSphere hybrid jobs for OCP 5

[vr4manta]

Changes

• Modified OCP 5 vSphere hybrid env jobs to be TechPreview
• Modified OCP 5 vSphere hybrid env jobs to run daily
• Added new serial job for OCP 5, 4.23 and 4.22 for vSphere hybrid env

Summary by CodeRabbit

• Tests
  • Added new serial conformance test jobs for vSphere hybrid environments (nightly/weeklies for 4.22/4.23; tech-preview serial variants for 5.0)
  • Increased cadence for several hybrid-env tests (yearly → daily) and updated periodic schedules
  • Introduced TechPreview feature-set variants and UPI/serial variants, including multi-tenant and single-tenant network modes, to expand vSphere coverage

[coderabbitai]

Walkthrough

Adds TechPreviewNoUpgrade vSphere OVN hybrid-env jobs (including serial conformance variants), adjusts existing hybrid job envs (network type), and updates periodics to reference new job names and schedules across nightly-4.22, nightly-4.23, and nightly-5.0.

Changes

Cohort / File(s)	Summary
Test Config - nightly-4.22 ci-operator/config/openshift/release/openshift-release-main__nightly-4.22.yaml	Added e2e-vsphere-ovn-hybrid-env-serial-techpreview (cron @daily; cluster_profile: vsphere-elastic; env: CSI_MANAGEMENT_REMOVED: "true", FEATURE_SET: TechPreviewNoUpgrade, NETWORK_TYPE: multi-tenant, PERSISTENT_MONITORING: "false", SETUP_IMAGE_REGISTRY_WITH_PVC: "false", TEST_SUITE: openshift/conformance/serial, TEST_SKIPS). Also added NETWORK_TYPE: single-tenant to existing e2e-vsphere-ovn-upi-hybrid-env-techpreview.
Test Config - nightly-4.23 ci-operator/config/openshift/release/openshift-release-main__nightly-4.23.yaml	Added e2e-vsphere-ovn-hybrid-env-serial-techpreview (weekly; FEATURE_SET: TechPreviewNoUpgrade, NETWORK_TYPE: multi-tenant, CSI_MANAGEMENT_REMOVED: "true", PERSISTENT_MONITORING: "false", SETUP_IMAGE_REGISTRY_WITH_PVC: "false", TEST_SUITE: openshift/conformance/serial, TEST_SKIPS). Updated e2e-vsphere-ovn-upi-hybrid-env-techpreview to include NETWORK_TYPE: single-tenant.
Test Config - nightly-5.0 ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml	Converted yearly OVN hybrid jobs to daily TechPreview variants: renamed e2e-vsphere-ovn-hybrid-env → e2e-vsphere-ovn-hybrid-env-techpreview (cron → @daily, FEATURE_SET: TechPreviewNoUpgrade, removed prior FEATURE_GATES). Replaced yearly UPI hybrid with e2e-vsphere-ovn-hybrid-env-serial-techpreview (daily; adds NETWORK_TYPE: multi-tenant, PERSISTENT_MONITORING: "false", SETUP_IMAGE_REGISTRY_WITH_PVC: "false", TEST_SUITE: openshift/conformance/serial). Added e2e-vsphere-ovn-upi-hybrid-env-techpreview (daily; NETWORK_TYPE: single-tenant, STORAGE_CO_DEGRADE_CHECK: "true", CSI_MANAGEMENT_REMOVED, FEATURE_SET: TechPreviewNoUpgrade, TEST_SKIPS).
CI Periodics ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml	Added periodics on vsphere02 for e2e-vsphere-ovn-hybrid-env-serial-techpreview for nightly-4.22 and nightly-4.23 (decorate true, skip cloning, no-builds label, variant/job-release labels, container args target+--variant). Updated nightly-5.0 periodics: changed cron from @yearly to explicit schedules, renamed targets to -serial-techpreview/-techpreview, updated container --target/--variant, and removed one reporter_config.slack stanza.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 10

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Modified vSphere hybrid jobs for OCP 5' accurately describes the main change in the changeset, which involves modifying vSphere hybrid environment jobs across OCP versions 5.0, 4.23, and 4.22 with updated configurations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	PR modifies only CI/CD configuration YAML files, not Go test files with Ginkgo test definitions, so the check does not apply.
Test Structure And Quality	✅ Passed	PR only modifies CI configuration YAML files; custom check for Ginkgo test code quality is not applicable.
Microshift Test Compatibility	✅ Passed	PR modifies only CI configuration YAML files defining test job scheduling, containing no new Ginkgo e2e test implementations.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR contains only CI operator configuration changes in YAML files with no new Ginkgo test code.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies CI/CD infrastructure configuration files only, not production Kubernetes manifests, operator code, or controllers where scheduling constraints would apply.
Ote Binary Stdout Contract	✅ Passed	The OTE Binary Stdout Contract check is not applicable to this PR as it only modifies YAML configuration files for CI test job definitions without any Go source code or stdout violations.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR modifies only YAML CI/CD configuration files, not new Ginkgo e2e test source code. Custom check for IPv6/disconnected network compatibility applies only to new test definitions and is not applicable here.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml (1)

1059-1059: Spread these daily vSphere jobs across the day.

Using @daily for all three hybrid-env jobs will enqueue them at the same time against vsphere-elastic. Most nearby vSphere jobs are explicitly staggered, so this is likely to create avoidable contention and flake. Please keep them daily, but assign distinct cron times.

Also applies to: 1071-1071, 1084-1084

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml`
at line 1059, Several hybrid-env nightly jobs are all using cron: '@daily' and
thus enqueue simultaneously against the vsphere-elastic queue; change each of
the three job cron entries (the hybrid-env jobs that target vsphere-elastic)
from '@daily' to distinct daily cron times (for example use three different UTC
times like '0 2 * * *', '0 10 * * *', '0 18 * * *') so they remain daily but are
staggered; update the cron fields for the three occurrences currently at lines
with cron: '@daily' (the hybrid-env jobs) accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml`:
- Around line 284461-284489: The job declares a volumeMount named
"gcs-credentials" (mountPath "/secrets/gcs") but lacks the corresponding volume
in the job's volumes list; add a volume entry named "gcs-credentials" with a
secret backend pointing to secretName "gcs-credentials" in the same job spec
(i.e., add the volume alongside other volumes for that job so the container's
volumeMount for gcs-credentials resolves).

---

Nitpick comments:
In
`@ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml`:
- Line 1059: Several hybrid-env nightly jobs are all using cron: '@daily' and
thus enqueue simultaneously against the vsphere-elastic queue; change each of
the three job cron entries (the hybrid-env jobs that target vsphere-elastic)
from '@daily' to distinct daily cron times (for example use three different UTC
times like '0 2 * * *', '0 10 * * *', '0 18 * * *') so they remain daily but are
staggered; update the cron fields for the three occurrences currently at lines
with cron: '@daily' (the hybrid-env jobs) accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: e3650c96-8702-4856-b931-805666708499

📥 Commits

Reviewing files that changed from the base of the PR and between f0a9c3b and e7c5438.

📒 Files selected for processing (3)

• ci-operator/config/openshift/release/openshift-release-main__nightly-4.22.yaml
• ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml
• ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the new techpreview job has gcs-credentials volume defined
# Search for the job and check if gcs-credentials volume exists in its spec

rg -A 100 'name: periodic-ci-openshift-release-main-nightly-5.0-e2e-vsphere-ovn-hybrid-env-techpreview' ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml | head -120

Repository: openshift/release

Length of output: 3222

---

Add missing gcs-credentials volume definition to this job.

The job has a volumeMount for gcs-credentials (referencing /secrets/gcs), but the corresponding volume is missing from the volumes section. This must be added to match the pattern used in other jobs:

- name: gcs-credentials
  secret:
    secretName: gcs-credentials

Without this, the pod will fail to start.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml`
around lines 284461 - 284489, The job declares a volumeMount named
"gcs-credentials" (mountPath "/secrets/gcs") but lacks the corresponding volume
in the job's volumes list; add a volume entry named "gcs-credentials" with a
secret backend pointing to secretName "gcs-credentials" in the same job spec
(i.e., add the volume alongside other volumes for that job so the container's
volumeMount for gcs-credentials resolves).

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml`:
- Around line 1083-1092: The nightly-5.0 UPI hybrid-env TechPreview job dropped
STORAGE_CO_DEGRADE_CHECK causing a config regression; restore
STORAGE_CO_DEGRADE_CHECK: "true" in the job's env block for the job named
e2e-vsphere-ovn-upi-hybrid-env-techpreview so the workflow step
ipi-install-vsphere-virt (which reads this variable) continues to perform
storage cluster operator degrade checks; update the env section to include
STORAGE_CO_DEGRADE_CHECK with the same value used in nightly-4.22/4.23 to match
behavior when CSI_MANAGEMENT_REMOVED is "true".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 1b0496b9-8f6d-4a2b-be14-4a92ef691a71

📥 Commits

Reviewing files that changed from the base of the PR and between e7c5438 and 82724b8.

📒 Files selected for processing (4)

• ci-operator/config/openshift/release/openshift-release-main__nightly-4.22.yaml
• ci-operator/config/openshift/release/openshift-release-main__nightly-4.23.yaml
• ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml
• ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml

🚧 Files skipped from review as they are similar to previous changes (2)

• ci-operator/config/openshift/release/openshift-release-main__nightly-4.22.yaml
• ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@vr4manta: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
periodic-ci-openshift-release-main-nightly-4.23-e2e-vsphere-ovn-upi-hybrid-env-techpreview	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-release-main-nightly-5.0-e2e-vsphere-ovn-hybrid-env-serial-techpreview	N/A	periodic	Periodic changed
periodic-ci-openshift-release-main-nightly-5.0-e2e-vsphere-ovn-hybrid-env-techpreview	N/A	periodic	Periodic changed
periodic-ci-openshift-release-main-nightly-5.0-e2e-vsphere-ovn-upi-hybrid-env-techpreview	N/A	periodic	Periodic changed
periodic-ci-openshift-release-main-nightly-4.23-e2e-vsphere-ovn-hybrid-env-serial-techpreview	N/A	periodic	Periodic changed
periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-hybrid-env-serial-techpreview	N/A	periodic	Periodic changed
periodic-ci-openshift-release-main-nightly-4.22-e2e-vsphere-ovn-upi-hybrid-env-techpreview	N/A	periodic	Ci-operator config changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml (1)

284513-284544: ⚠️ Potential issue | 🔴 Critical

Duplicate: gcs-credentials is still missing from the nightly-5.0 serial job.

Same blocker as previously noted: Line 284513 mounts gcs-credentials, but the spec.volumes list still ends without declaring that secret. The pod will not start until the volume is added.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml`
around lines 284513 - 284544, The pod mounts /secrets/gcs with volume name
gcs-credentials but the spec.volumes list lacks that volume; add a volume entry
under spec.volumes with name: gcs-credentials and a secret pointing to
secretName: gcs-credentials so the mount has a backing secret (locate the
mountPath /secrets/gcs / name: gcs-credentials and add the matching volume in
the spec.volumes block).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml`:
- Around line 227072-227103: The job specs mount /secrets/gcs and pass
--gcs-upload-secret but never declare the corresponding volume; add a volumes
entry named gcs-credentials under each job's spec.volumes (matching the existing
volume style) that uses a secret with secretName: gcs-credentials and, if
needed, an items mapping to the credential key/path; update both new serial job
specs where mountPath: /secrets/gcs appears so the gcs-credentials volume is
present alongside boskos, ci-pull-credentials, manifest-tool-local-pusher,
pull-secret, and result-aggregator.
- Around line 250343-250359: The periodic job
"periodic-ci-openshift-release-main-nightly-4.23-e2e-vsphere-ovn-hybrid-env-serial-techpreview"
has cron: '@weekly' but should match the source config which declares '@daily';
update the cron field for that job from '@weekly' to '@daily' (or re-run the
prowgen/generator that produces the jobs from the nightly-4.23 config) so the
generated periodic aligns with the ci-operator config.

---

Duplicate comments:
In `@ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml`:
- Around line 284513-284544: The pod mounts /secrets/gcs with volume name
gcs-credentials but the spec.volumes list lacks that volume; add a volume entry
under spec.volumes with name: gcs-credentials and a secret pointing to
secretName: gcs-credentials so the mount has a backing secret (locate the
mountPath /secrets/gcs / name: gcs-credentials and add the matching volume in
the spec.volumes block).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b75fc003-5875-4c08-a075-18c51c246839

📥 Commits

Reviewing files that changed from the base of the PR and between 82724b8 and 4f482cb.

📒 Files selected for processing (4)

• ci-operator/config/openshift/release/openshift-release-main__nightly-4.22.yaml
• ci-operator/config/openshift/release/openshift-release-main__nightly-4.23.yaml
• ci-operator/config/openshift/release/openshift-release-main__nightly-5.0.yaml
• ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml

🚧 Files skipped from review as they are similar to previous changes (2)

• ci-operator/config/openshift/release/openshift-release-main__nightly-4.23.yaml
• ci-operator/config/openshift/release/openshift-release-main__nightly-4.22.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Add the missing gcs-credentials volume to both new serial jobs.

Both jobs mount /secrets/gcs and pass --gcs-upload-secret, but neither spec.volumes block declares gcs-credentials. These pods will fail to start as written.

Suggested fix

     - name: ci-pull-credentials
       secret:
         secretName: ci-pull-credentials
+    - name: gcs-credentials
+      secret:
+        secretName: gcs-credentials
     - name: manifest-tool-local-pusher
       secret:
         secretName: manifest-tool-local-pusher

Apply the same addition to both job specs.

Also applies to: 250393-250424

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ci-operator/jobs/openshift/release/openshift-release-main-periodics.yaml`
around lines 227072 - 227103, The job specs mount /secrets/gcs and pass
--gcs-upload-secret but never declare the corresponding volume; add a volumes
entry named gcs-credentials under each job's spec.volumes (matching the existing
volume style) that uses a secret with secretName: gcs-credentials and, if
needed, an items mapping to the credential key/path; update both new serial job
specs where mountPath: /secrets/gcs appears so the gcs-credentials volume is
present alongside boskos, ci-pull-credentials, manifest-tool-local-pusher,
pull-secret, and result-aggregator.

[vr4manta]

/pj-rehearse periodic-ci-openshift-release-main-nightly-5.0-e2e-vsphere-ovn-hybrid-env-serial-techpreview

[openshift-merge-bot]

@vr4manta: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[jcpowermac]

/lgtm
/approve

[dgoodwin]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgoodwin, jcpowermac, vr4manta

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/release/OWNERS [dgoodwin]
• ci-operator/jobs/openshift/release/OWNERS [dgoodwin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vr4manta]

/pj-rehearse ack
new 5.0 job ran and included serial tests as well.

[openshift-merge-bot]

@vr4manta: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[vr4manta]

/retest

[openshift-ci]

@vr4manta: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-openshift-release-main-nightly-5.0-e2e-vsphere-ovn-hybrid-env-serial-techpreview	4f482cb	link	unknown	/pj-rehearse periodic-ci-openshift-release-main-nightly-5.0-e2e-vsphere-ovn-hybrid-env-serial-techpreview

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.