NE-2217: Add haproxyOCPVersion in IngressController API

[jcmoraisjr]

Add haproxyOCPVersion field in IngressController API. This field adds the ability to revert HAProxy version to a previous one, as well as pin the current HAProxy version during OCP upgrades.

EP: openshift/enhancements#1965

Jira: https://redhat.atlassian.net/browse/NE-2217

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci]

Hello @jcmoraisjr! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci-robot]

@jcmoraisjr: This pull request references NE-2217 which is a valid jira issue.

Details

In response to this:

Add haproxyOCPVersion field in IngressController API. This field adds the ability to revert HAProxy version to a previous one, as well as pin the current HAProxy version during OCP upgrades.

EP: openshift/enhancements#1965

Jira: https://redhat.atlassian.net/browse/NE-2217

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 98103265-cfd6-4298-bd53-bf241cad878d

📥 Commits

Reviewing files that changed from the base of the PR and between 2c6e76b and 6d7c1c8.

⛔ Files ignored due to path filters (5)

• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*
• operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/zz_generated*
• operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerMultipleHAProxyVersions.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*

📒 Files selected for processing (1)

• operator/v1/types_ingresscontroller.go

🚧 Files skipped from review as they are similar to previous changes (1)

• operator/v1/types_ingresscontroller.go

---

📝 Walkthrough

Walkthrough

This change extends the IngressController API type in operator/v1/types_ingresscontroller.go with three additions. A new OCPVersion string type is introduced with kubebuilder validations enforcing an X.Y version format. An optional HAProxyOCPVersion field of this type is added to IngressControllerSpec (JSON: haproxyOCPVersion) to allow pinning the default HAProxy version to a specific OCP release, gated by the IngressControllerMultipleHAProxyVersions feature gate. A corresponding optional EffectiveHAProxyOCPVersion field is added to IngressControllerStatus (JSON: effectiveHAProxyOCPVersion) to report the resolved value currently in use, under the same feature gate.

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title directly and clearly describes the main change: adding the haproxyOCPVersion field to the IngressController API, which is exactly what the changeset implements.
Description check	✅ Passed	The PR description is directly related to the changeset, explaining the purpose of the haproxyOCPVersion field for reverting and pinning HAProxy versions during OCP upgrades.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR introduces no Ginkgo tests—only API type definitions for IngressController in operator/v1/types_ingresscontroller.go. No test titles to validate.
Test Structure And Quality	✅ Passed	The Ginkgo test infrastructure (tests/generator.go, tests/suite_test.go) in this PR follows all quality requirements: (1) Single responsibility - each test via DescribeTable tests one behavior; (2)...
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests for IngressController HAProxyOCPVersion feature are added in this PR. The changes are limited to API type definitions and CRD validation manifests, making the check not appl...
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests that assume multi-node clusters were added. Tests added are envtest-based integration tests and AI evaluation tests, not e2e cluster tests.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only modifies operator/v1/types_ingresscontroller.go, which is an API type definition file containing CRD structs. No deployment manifests, controller implementations, or pod scheduling con...
Ote Binary Stdout Contract	✅ Passed	PR adds only API type definitions (OCPVersion, HAProxyOCPVersion field, EffectiveHAProxyOCPVersion field) with no executable code, functions, or stdout writes in operator/v1/types_ingresscontroller...
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds only API type definitions (fields and types) to IngressController and does not add any Ginkgo e2e tests. The check applies only to new tests.
No-Weak-Crypto	✅ Passed	PR adds API type definitions only. No weak crypto algorithms, custom crypto implementations, or non-constant-time secret comparisons found in the changes.
Container-Privileges	✅ Passed	PR adds only API type definitions (HAProxyOCPVersion, EffectiveHAProxyOCPVersion, OCPVersion) with no container privileges, security contexts, or Kubernetes manifest changes that would trigger the...
No-Sensitive-Data-In-Logs	✅ Passed	The PR adds two new fields (HAProxyOCPVersion and EffectiveHAProxyOCPVersion) of type OCPVersion (a string restricted to X.Y format like "4.22") to the IngressController API. These fields contain o...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jcmoraisjr]

Rebase after merging EP and #2852

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@operator/v1/types_ingresscontroller.go`:
- Around line 2258-2271: The EffectiveHAProxyOCPVersion field is marked as
optional but its comment does not document the expected behavior when the field
is omitted. Update the comment for the EffectiveHAProxyOCPVersion field to
explicitly specify what it means when this status field is absent, such as
whether omission indicates an unresolved value, feature-gate-disabled state, or
another condition. This clarification is required as per coding guidelines for
all optional fields.
- Around line 2341-2346: The OCPVersion type has kubebuilder validation markers
for MinLength=3 and MaxLength=8, but the comment only documents the format
requirement without mentioning the length constraints. Update the comment for
the OCPVersion type to include explicit documentation of the length constraints
(minimum 3 characters, maximum 8 characters) in human-readable terms alongside
the existing format documentation to match the validation markers and follow
coding guidelines.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 302ef052-c626-4396-a8ab-1df4406a6900

📥 Commits

Reviewing files that changed from the base of the PR and between 5346161 and 2c6e76b.

⛔ Files ignored due to path filters (5)

• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*
• operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/zz_generated*
• operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerMultipleHAProxyVersions.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*

📒 Files selected for processing (1)

• operator/v1/types_ingresscontroller.go

[jcmoraisjr]

@yuqi-zhang here is the API update for the openshift/enhancements#1965 you also reviewed.

[openshift-ci]

@jcmoraisjr: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify-client-go	6d7c1c8	link	true	/test verify-client-go
ci/prow/verify	6d7c1c8	link	true	/test verify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.