diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 5b01a5a264..b457dc70b5 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=35 KUBE_GIT_VERSION=v1.35.3 -KUBE_GIT_COMMIT=872bd3722d0954b31459f715fbd4fb7612aaf338 +KUBE_GIT_COMMIT=d8d517e6bbe7cf7359026cac26bb96ea45e18806 KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index ff987370b4..a9127b279d 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 5.0.0-0.nightly-arm64-2026-06-10-025037 +OCP_VERSION := 5.0.0-0.nightly-arm64-2026-06-19-034904 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index a931f60b4f..e75904f5ed 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 5.0.0-0.nightly-2026-06-09-112600 +OCP_VERSION := 5.0.0-0.nightly-2026-06-18-000016 diff --git a/assets/components/multus/kustomization.aarch64.yaml b/assets/components/multus/kustomization.aarch64.yaml index 773e81016a..120edee733 100644 --- a/assets/components/multus/kustomization.aarch64.yaml +++ b/assets/components/multus/kustomization.aarch64.yaml @@ -2,7 +2,7 @@ images: - name: multus-cni-microshift newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:12f6644c521588d72e607d5761c7fa3e9a73bb0aab88b08420a8c5e4d4236ec5 + digest: sha256:559deea32b9f6bea46f875c3f7ef5aeb599d82c2200bb69001aaa9392cf159c0 - name: containernetworking-plugins-microshift newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:fc47b7c1f5138b74498c9c7ce7ad845f8fe73aa51fed2c735d6ebfa8882545a3 + digest: sha256:6a53a8b286d211bfd60777c65c0c9fc1af826098b3f4efe3b81feabc68c3866d diff --git a/assets/components/multus/kustomization.x86_64.yaml b/assets/components/multus/kustomization.x86_64.yaml index 89dcabff80..2d3e765302 100644 --- a/assets/components/multus/kustomization.x86_64.yaml +++ b/assets/components/multus/kustomization.x86_64.yaml @@ -2,7 +2,7 @@ images: - name: multus-cni-microshift newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:457d82310a2ecd6823e5eb2a1650d14443c2730ecda4d62ad8b88d181f63463d + digest: sha256:eff2622ebea71d70f23b98a575163ace705dadde13c6fce7f76b56a43695b168 - name: containernetworking-plugins-microshift newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:db6025036ff280675e8d784ab0457acfcfa29ec4af35e823e64f04901d39da72 + digest: sha256:55fc72faf4c19e112deb552adc957f23fd969be1b58ac8b0f304876fe30ae424 diff --git a/assets/components/multus/release-multus-aarch64.json b/assets/components/multus/release-multus-aarch64.json index e989ae6e20..3ea5f14450 100644 --- a/assets/components/multus/release-multus-aarch64.json +++ b/assets/components/multus/release-multus-aarch64.json @@ -1,9 +1,9 @@ { "release": { - "base": "5.0.0-0.nightly-arm64-2026-06-10-025037" + "base": "5.0.0-0.nightly-arm64-2026-06-19-034904" }, "images": { - "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:12f6644c521588d72e607d5761c7fa3e9a73bb0aab88b08420a8c5e4d4236ec5", - "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:fc47b7c1f5138b74498c9c7ce7ad845f8fe73aa51fed2c735d6ebfa8882545a3" + "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:559deea32b9f6bea46f875c3f7ef5aeb599d82c2200bb69001aaa9392cf159c0", + "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:6a53a8b286d211bfd60777c65c0c9fc1af826098b3f4efe3b81feabc68c3866d" } } diff --git a/assets/components/multus/release-multus-x86_64.json b/assets/components/multus/release-multus-x86_64.json index 702fdc0e29..8879f3c120 100644 --- a/assets/components/multus/release-multus-x86_64.json +++ b/assets/components/multus/release-multus-x86_64.json @@ -1,9 +1,9 @@ { "release": { - "base": "5.0.0-0.nightly-2026-06-09-112600" + "base": "5.0.0-0.nightly-2026-06-18-000016" }, "images": { - "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:457d82310a2ecd6823e5eb2a1650d14443c2730ecda4d62ad8b88d181f63463d", - "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:db6025036ff280675e8d784ab0457acfcfa29ec4af35e823e64f04901d39da72" + "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:eff2622ebea71d70f23b98a575163ace705dadde13c6fce7f76b56a43695b168", + "containernetworking-plugins-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:55fc72faf4c19e112deb552adc957f23fd969be1b58ac8b0f304876fe30ae424" } } diff --git a/assets/components/ovn/multi-node/master/daemonset.yaml b/assets/components/ovn/multi-node/master/daemonset.yaml index d739afcdfe..38429b1890 100644 --- a/assets/components/ovn/multi-node/master/daemonset.yaml +++ b/assets/components/ovn/multi-node/master/daemonset.yaml @@ -353,6 +353,46 @@ spec: containerPort: {{.OVN_SB_PORT}} terminationMessagePolicy: FallbackToLogsOnError + # ovnkube cluster-manager: allocates subnets to nodes, handles cluster-wide IPAM + - name: ovnkube-cluster-manager + image: {{ .ReleaseImage.ovn_kubernetes_microshift }} + command: + - /bin/bash + - -c + - | + set -xe + if [[ -f "/env/_master" ]]; then + set -o allexport + source "/env/_master" + set +o allexport + fi + + echo "$(date -Iseconds) - starting ovnkube-cluster-manager, Node: ${K8S_NODE}" + exec /usr/bin/ovnkube \ + --init-cluster-manager "${K8S_NODE}" \ + --config-file=/run/ovnkube-config/ovnkube.conf \ + --loglevel "${OVN_KUBE_LOG_LEVEL}" \ + --enable-multicast + env: + - name: OVN_KUBE_LOG_LEVEL + value: "4" + - name: K8S_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /run/ovnkube-config/ + name: ovnkube-config + - mountPath: {{.KubeconfigDir}} + name: kubeconfig + - mountPath: /env + name: env-overrides + resources: + requests: + cpu: 10m + memory: 10Mi + terminationMessagePolicy: FallbackToLogsOnError + # ovnkube master: convert kubernetes objects in to nbdb logical network components - name: ovnkube-master image: {{ .ReleaseImage.ovn_kubernetes_microshift }} @@ -376,10 +416,7 @@ spec: echo "I$(date "+%m%d %H:%M:%S.%N") - ovnkube-master - start ovnkube --init-master ${K8S_NODE}" exec /usr/bin/ovnkube \ - --init-cluster-manager "${K8S_NODE}" \ --init-ovnkube-controller "${K8S_NODE}" \ - --nb-address "{{.OVN_NB_DB_LIST}}" \ - --sb-address "{{.OVN_SB_DB_LIST}}" \ --config-file=/run/ovnkube-config/ovnkube.conf \ --loglevel "${OVN_KUBE_LOG_LEVEL}" \ ${gateway_mode_flags} \ diff --git a/assets/components/ovn/multi-node/node/daemonset.yaml b/assets/components/ovn/multi-node/node/daemonset.yaml index 5c76589d34..4d460606b4 100644 --- a/assets/components/ovn/multi-node/node/daemonset.yaml +++ b/assets/components/ovn/multi-node/node/daemonset.yaml @@ -141,8 +141,6 @@ spec: echo "I$(date "+%m%d %H:%M:%S.%N") - ovnkube-node - start ovnkube --init-node ${K8S_NODE}" exec /usr/bin/ovnkube \ --init-node "${K8S_NODE}" \ - --nb-address "{{.OVN_NB_DB_LIST}}" \ - --sb-address "{{.OVN_SB_DB_LIST}}" \ --config-file=/run/ovnkube-config/ovnkube.conf \ --loglevel "${OVN_KUBE_LOG_LEVEL}" \ --allow-no-uplink \ diff --git a/assets/components/ovn/single-node/master/daemonset.yaml b/assets/components/ovn/single-node/master/daemonset.yaml index b45fb9be17..ebabb14610 100644 --- a/assets/components/ovn/single-node/master/daemonset.yaml +++ b/assets/components/ovn/single-node/master/daemonset.yaml @@ -295,6 +295,46 @@ spec: memory: 10Mi terminationMessagePolicy: FallbackToLogsOnError + # ovnkube cluster-manager: allocates subnets to nodes, handles cluster-wide IPAM + - name: ovnkube-cluster-manager + image: {{ .ReleaseImage.ovn_kubernetes_microshift }} + command: + - /bin/bash + - -c + - | + set -xe + if [[ -f "/env/_master" ]]; then + set -o allexport + source "/env/_master" + set +o allexport + fi + + echo "$(date -Iseconds) - starting ovnkube-cluster-manager, Node: ${K8S_NODE}" + exec /usr/bin/ovnkube \ + --init-cluster-manager "${K8S_NODE}" \ + --config-file=/run/ovnkube-config/ovnkube.conf \ + --loglevel "${OVN_KUBE_LOG_LEVEL}" \ + --enable-multicast + env: + - name: OVN_KUBE_LOG_LEVEL + value: "4" + - name: K8S_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /run/ovnkube-config/ + name: ovnkube-config + - mountPath: {{.KubeconfigDir}} + name: kubeconfig + - mountPath: /env + name: env-overrides + resources: + requests: + cpu: 10m + memory: 10Mi + terminationMessagePolicy: FallbackToLogsOnError + # ovnkube master: convert kubernetes objects in to nbdb logical network components - name: ovnkube-master image: {{ .ReleaseImage.ovn_kubernetes_microshift }} @@ -335,9 +375,8 @@ spec: # the functionality depends on ip_forwarding being enabled fi - echo "I$(date "+%m%d %H:%M:%S.%N") - ovnkube-master - start ovnkube --init-master ${K8S_NODE} --init-node ${K8S_NODE}" + echo "I$(date "+%m%d %H:%M:%S.%N") - ovnkube-master - start ovnkube --init-node ${K8S_NODE}" exec /usr/bin/ovnkube \ - --init-cluster-manager "${K8S_NODE}" \ --init-ovnkube-controller "${K8S_NODE}" \ --init-node "${K8S_NODE}" \ --allow-no-uplink \ @@ -346,8 +385,6 @@ spec: ${gateway_mode_flags} \ ${gw_interface_flag} \ --inactivity-probe="180000" \ - --nb-address "" \ - --sb-address "" \ --enable-multicast \ --disable-snat-multiple-gws \ --single-node \ diff --git a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml index d7f365ab30..6f60d86573 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml @@ -2,13 +2,13 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:a65b0dcf06f57dd03e2569f33649f06bc51f0845ceea01ecb141b76eaea485c1 + digest: sha256:8639c41af3487c28275e94450b27a7c62ca2df26ba9e1b9bc3a4476ea06836fe - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:15d824e3b808602a5b4257a9aa51a807745754a46322c43ba4ba01ee56d73818 + digest: sha256:093f0ff21decec40f02ea27a40fdab4834355b0938f156ee1636ce2e36d8fb2e - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:6f5dc0bdcbb044810e7b09b01f80df866b3c3af938bd150d818c2914344fb4b2 + digest: sha256:486787c72634c5413731f0bbfc5f26351abf20de8e56e7f52d131740e12b1cb3 patches: - patch: |- @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:15d824e3b808602a5b4257a9aa51a807745754a46322c43ba4ba01ee56d73818 + value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:093f0ff21decec40f02ea27a40fdab4834355b0938f156ee1636ce2e36d8fb2e - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:a65b0dcf06f57dd03e2569f33649f06bc51f0845ceea01ecb141b76eaea485c1 + value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:8639c41af3487c28275e94450b27a7c62ca2df26ba9e1b9bc3a4476ea06836fe target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml index b607a5ae73..396ffa475f 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml @@ -2,13 +2,13 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:1e28d2b718e7ad024fd6ac20e5ec4ac5e30ebcc81c136b0c733165a47483625b + digest: sha256:ef956b49fd9d0a45d3ba02bcbf3b0ab90ed8f81411ee2e15c0c763bbf1707317 - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:cae1efda5b44d38b54fbc0fa7acee126a8334b4af380691f8c05981d27afb690 + digest: sha256:ab7a0c9c6245cb66f3219f4fe9186ccb6e21c0d2c71c1634d2e0da099c165c0b - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v5.0-art-dev - digest: sha256:cd84fae073953125e6eed47e7feacb146161df6d5222f5d899704686f917c50d + digest: sha256:425ef32d3424933f2364d25fb46ab603d7f0369e98a9fd6a345acb1164cdd2a9 patches: - patch: |- @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:cae1efda5b44d38b54fbc0fa7acee126a8334b4af380691f8c05981d27afb690 + value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:ab7a0c9c6245cb66f3219f4fe9186ccb6e21c0d2c71c1634d2e0da099c165c0b - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:1e28d2b718e7ad024fd6ac20e5ec4ac5e30ebcc81c136b0c733165a47483625b + value: quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:ef956b49fd9d0a45d3ba02bcbf3b0ab90ed8f81411ee2e15c0c763bbf1707317 target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json index 7e3b68ea10..2db08cbcf6 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json @@ -1,10 +1,10 @@ { "release": { - "base": "5.0.0-0.nightly-arm64-2026-06-10-025037" + "base": "5.0.0-0.nightly-arm64-2026-06-19-034904" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:a65b0dcf06f57dd03e2569f33649f06bc51f0845ceea01ecb141b76eaea485c1", - "operator-registry": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:15d824e3b808602a5b4257a9aa51a807745754a46322c43ba4ba01ee56d73818", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:6f5dc0bdcbb044810e7b09b01f80df866b3c3af938bd150d818c2914344fb4b2" + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:8639c41af3487c28275e94450b27a7c62ca2df26ba9e1b9bc3a4476ea06836fe", + "operator-registry": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:093f0ff21decec40f02ea27a40fdab4834355b0938f156ee1636ce2e36d8fb2e", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:486787c72634c5413731f0bbfc5f26351abf20de8e56e7f52d131740e12b1cb3" } } diff --git a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json index 5179725c0b..3a88c299de 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json @@ -1,10 +1,10 @@ { "release": { - "base": "5.0.0-0.nightly-2026-06-09-112600" + "base": "5.0.0-0.nightly-2026-06-18-000016" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:1e28d2b718e7ad024fd6ac20e5ec4ac5e30ebcc81c136b0c733165a47483625b", - "operator-registry": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:cae1efda5b44d38b54fbc0fa7acee126a8334b4af380691f8c05981d27afb690", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:cd84fae073953125e6eed47e7feacb146161df6d5222f5d899704686f917c50d" + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:ef956b49fd9d0a45d3ba02bcbf3b0ab90ed8f81411ee2e15c0c763bbf1707317", + "operator-registry": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:ab7a0c9c6245cb66f3219f4fe9186ccb6e21c0d2c71c1634d2e0da099c165c0b", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:425ef32d3424933f2364d25fb46ab603d7f0369e98a9fd6a345acb1164cdd2a9" } } diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 7ceb44b017..52e4aa4248 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,16 +1,16 @@ { "release": { - "base": "5.0.0-0.nightly-arm64-2026-06-10-025037" + "base": "5.0.0-0.nightly-arm64-2026-06-19-034904" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:335cc4f16ae535d0d2e72206f63bba97db6c7f3d7ae8896842e179548e1db76b", - "coredns": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:9c3900c948954ad3c9206147f75a9cd3039e6e95947f4bf82ee994db9317202a", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:b3308350dc53d829dcdad213454159c207ecc634dd2378db4916dea3614c9c9c", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:6f5dc0bdcbb044810e7b09b01f80df866b3c3af938bd150d818c2914344fb4b2", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:59eba69120cff661709251ed6c21cc5b53ec8f288b5576014f8d893705153e99", - "pod": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:56ac733f8a19c57d0027aba6bebd7063d85f1cf1b6f474c0180cd8f7d862c71f", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:cbcbf4bacdc37322bfa70addad27cbc09d1d57dae05e0be5c0bdbab27fd4edc3", + "cli": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:9171ae39c9e75541786022580c12ca4f6db626f281b2b8a52eda9fcfd282ef09", + "coredns": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:8b544070e2f4c9d7ad45088fbe70aa7ae55a9cef62b4491bca8fabee0a2ba103", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:c47e4b6043133e0ebbe5964383513e9932720c699f95a7b9c4d2fc16a8b76121", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:486787c72634c5413731f0bbfc5f26351abf20de8e56e7f52d131740e12b1cb3", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:19da252fc46f4c73fced39bd74b2b83897d98eb17ee475bd17dab30b9e78d762", + "pod": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:30665ad20778e682dda0f17d0cbfdebde2cd3405baad20ec1f5079eab3583278", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:ca744ab369ba2b611c79fc0383696b204ce3acdb8612831fe6f3ae3450ebc3eb", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:e77365e44676fbd8ab9e4ce53f3a406856bbdfef3467c545a7df1197d84477af", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:a1d1ef4683809a939a4c7e44d459e141c9c1be5808bfba303fd7a422373a5070" + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:cfc74ac04331b1114a76f256f92db3d8caea5778586e98e87b6c3a8dd70e2f1c" } } diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index a79a10a009..bc7bf4d707 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,16 +1,16 @@ { "release": { - "base": "5.0.0-0.nightly-2026-06-09-112600" + "base": "5.0.0-0.nightly-2026-06-18-000016" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:4e9157049bcb87590c356e522fb74ddb350b5f6e375f2007e36b20ecc841cd13", - "coredns": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:3707f170213eda5d37f45c8f2f5605c3d4db80acd55f3b7943d90ad0248f8582", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:39fdc41a150c6665c192f1ec06563c5c1f7b8f65e8377a5e2d16cf495c5bca50", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:cd84fae073953125e6eed47e7feacb146161df6d5222f5d899704686f917c50d", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:78d59d56dd6fb55ffa858fc96f7e67193a28b3baac9cfca46ee1b6a1a4e1bca4", - "pod": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:0b69d8c02c7d6231928b1737e74ee30ade20bce70887b6c7c1d68ae034bc9dcd", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:065512cd13378b366cd1adad78b9047f099bd777dccd0dbb4a99f25f504381e4", + "cli": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:9555e02d5df78c1c2df121d163577a0b41081e7134699f9721a9ade4b91873c5", + "coredns": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:3f8d0dc54f17a26b25dba87f9ad3ced992efd47585c652f9a137d20d77ced9ef", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:40028b8216c362e8e67596f58ce90e9f75c55efc0f245f27f2086de2066f1692", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:425ef32d3424933f2364d25fb46ab603d7f0369e98a9fd6a345acb1164cdd2a9", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:6fcff26611bf328bfe6f8afa3c3a8a9d9769152a03cba7c5472b39964b277519", + "pod": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:48e001d0cdcb2b16f701f501f755a243009642183ff8ca4b1de12e3bee88fd4d", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:0af6833a51a2dc20bf266a5e6ae86a9cbf5d46b48c2121b58ce0d1f7283c24f0", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:10c9ccab4f2857d113b55e12cac29aed0dc97d5a4e29ed2e4ea0f77551ee55f8", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:c254280d6a89ed1d0c570544fd1ae40e804fc3c81dc671d161e56bb922add9e9" + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:0ee1f91dd0077f06274317a980ec4863c6b3e80f541c042e8cd0cd31277ccaef" } } diff --git a/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/k8s-tests.go b/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/k8s-tests.go index 640062df5f..113f3dab1c 100644 --- a/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/k8s-tests.go +++ b/deps/github.com/openshift/kubernetes/openshift-hack/cmd/k8s-tests-ext/k8s-tests.go @@ -70,9 +70,16 @@ func main() { Qualifiers: []string{withExcludedTestsFilter(`(name.contains('[Serial]') || labels.exists(l, l == '[Serial]')) && labels.exists(l, l == "Conformance")`)}, }) + // AddGlobalSuite so the umbrella starts with zero qualifiers and inherits + // exclusively from its children via mergeParentQualifiers in origin. + kubeTestsExtension.AddGlobalSuite(e.Suite{ + Name: "kubernetes/conformance", + }) + kubeTestsExtension.AddSuite(e.Suite{ Name: "kubernetes/conformance/parallel", Parents: []string{ + "kubernetes/conformance", "openshift/conformance/parallel", }, Qualifiers: []string{withExcludedTestsFilter(`(!name.contains('[Serial]') && !labels.exists(l, l == '[Serial]'))`)}, @@ -81,6 +88,7 @@ func main() { kubeTestsExtension.AddSuite(e.Suite{ Name: "kubernetes/conformance/serial", Parents: []string{ + "kubernetes/conformance", "openshift/conformance/serial", }, Qualifiers: []string{withExcludedTestsFilter(`(name.contains('[Serial]') || labels.exists(l, l == '[Serial]'))`)}, diff --git a/go.mod b/go.mod index f265c6ee06..3df196fb1d 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( github.com/gogo/protobuf v1.3.2 github.com/golang/snappy v0.0.4 github.com/openshift/cluster-policy-controller v0.0.0-20260420102459-bb429f5b2a7d - github.com/openshift/route-controller-manager v0.0.0-20260526224403-1916ceb059f5 + github.com/openshift/route-controller-manager v0.0.0-20260611182032-e454c01fbe56 github.com/prometheus/client_model v0.6.2 github.com/prometheus/common v0.67.5 github.com/prometheus/prometheus v0.302.1 diff --git a/go.sum b/go.sum index b20160773d..32c6a6492e 100644 --- a/go.sum +++ b/go.sum @@ -330,8 +330,8 @@ github.com/openshift/library-go v0.0.0-20260520180710-3a6f949c22c3 h1:AHjJETxL4n github.com/openshift/library-go v0.0.0-20260520180710-3a6f949c22c3/go.mod h1:gKG9lctU0yEftSoT3DUyeIWz1oAgF0EHUpwI4pnCo4o= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20251120221002-696928a6a0d7 h1:02E4Ttpu+7yCQLQxtY42JfcfHU7TBGnje6uB2ytBSdU= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20251120221002-696928a6a0d7/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= -github.com/openshift/route-controller-manager v0.0.0-20260526224403-1916ceb059f5 h1:s6RpuCCneK83XdWh6KHb1kpoXSR3hI/ZG8g5b/M4+N8= -github.com/openshift/route-controller-manager v0.0.0-20260526224403-1916ceb059f5/go.mod h1:CQPEBwTmpfLFhayttl243qBVr3CeBXpsUBsF5bQFvNg= +github.com/openshift/route-controller-manager v0.0.0-20260611182032-e454c01fbe56 h1:hX5oJuUnVXDk3FBDiMiteZWy+b+JSP7UcQdlcqBSD/o= +github.com/openshift/route-controller-manager v0.0.0-20260611182032-e454c01fbe56/go.mod h1:D5jarnF94awXjzy6WNR/pImmNof2fuyI612hqjhfy/4= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/ovn-kubernetes/libovsdb v0.8.2-0.20260302130604-c07ce22366ac h1:D7Ex9/u5HMz+xvqel1RCCO1AxVG7XRAx9AcP02/nyzk= github.com/ovn-kubernetes/libovsdb v0.8.2-0.20260302130604-c07ce22366ac/go.mod h1:x2keWyG0K1WmZeZLRh+z4fWwcqp99Yu9/HAiMucj5D0= diff --git a/packaging/crio.conf.d/10-microshift_amd64.conf b/packaging/crio.conf.d/10-microshift_amd64.conf index bc2042e60d..4d55ea0d10 100644 --- a/packaging/crio.conf.d/10-microshift_amd64.conf +++ b/packaging/crio.conf.d/10-microshift_amd64.conf @@ -2,6 +2,6 @@ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:0b69d8c02c7d6231928b1737e74ee30ade20bce70887b6c7c1d68ae034bc9dcd" +pause_image = "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:48e001d0cdcb2b16f701f501f755a243009642183ff8ca4b1de12e3bee88fd4d" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/10-microshift_arm64.conf b/packaging/crio.conf.d/10-microshift_arm64.conf index 2bc16bcbfc..159ac1dfce 100644 --- a/packaging/crio.conf.d/10-microshift_arm64.conf +++ b/packaging/crio.conf.d/10-microshift_arm64.conf @@ -2,6 +2,6 @@ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:56ac733f8a19c57d0027aba6bebd7063d85f1cf1b6f474c0180cd8f7d862c71f" +pause_image = "quay.io/openshift-release-dev/ocp-v5.0-art-dev@sha256:30665ad20778e682dda0f17d0cbfdebde2cd3405baad20ec1f5079eab3583278" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index f8de7a5969..b9e5f8e746 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,39 +1,386 @@ -- cluster-kube-apiserver-operator embedded-component 24b60d04b3478e04a728fb0ae1385abc6a478d20 to a61282875d032c4b8cc7ea5567830942583ec378 - - 75e998a 2026-06-08T13:41:30+02:00 NO-JIRA: Automatic agentic rebase: Update library-go to 0469313 - - e126bb0 2026-06-01T12:29:56+02:00 Fix kube-apiserver-to-kubelet-signer refresh interval +- api embedded-component 1194f4c62539275cd6dec231cc2bf7e0a010bd94 to 05673ba6e6503fa49f049fb7a85903cb1f7a34ed + - aa06d197 2026-06-16T09:06:46-03:00 NE-2278: Move ingresscontroller api file to proper name + - c204af10 2026-06-12T14:50:04+01:00 Add MachineAPIMigration platform-specific featuregates for Azure, BareMetal, GCP, and PowerVS + - 880765ae 2026-06-12T14:34:46+01:00 NO-JIRA: tools: fix verify-codegen in git worktrees + - 564b1995 2026-06-11T13:31:27-04:00 Promote AWS ClusterHostedDNS to Default + - 1bf28d79 2026-06-10T14:30:56-04:00 Revert "TRT-2701: Revert "SPLAT-2793: Promoted VSphereMultiVCenterDay2 feature gate to TP"" + - 6889b9c1 2026-06-10T16:13:57+01:00 rewrite api review command to skill + - e8598fc2 2026-06-10T13:12:05Z Revert "SPLAT-2793: Promoted VSphereMultiVCenterDay2 feature gate to TP" + - 936a2b0a 2026-06-09T09:32:35-04:00 Promoted VSphereMultiVCenterDay2 feature gate to TP + - ee7dc415 2026-06-07T19:39:21Z Updating ose-cluster-config-api-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-cluster-config-api.yml + - b4b461bd 2026-06-04T19:21:24+02:00 Remove all KMS changes from retention PR vs rebase base + - 94f7c093 2026-06-04T18:44:42+02:00 Drop unrelated apiservers KMS test changes from retention PR + - d4cc57b4 2026-06-04T17:40:33+02:00 Revert unrelated KMS changes to match master + - c67898b0 2026-06-04T17:12:29+02:00 fix review comments + - a8a2c339 2026-06-04T17:12:29+02:00 Tombstone legacy retention fields and tighten duration/size validation + - f6e2e929 2026-06-04T17:12:28+02:00 Fix retention API schema compatibility and validation tests + - 68a8b0db 2026-06-04T17:12:28+02:00 Clarify retention duration semantics and fix tombstone comments + - 602d6f4e 2026-06-04T17:12:28+02:00 Use Prometheus Operator retention strings in ClusterMonitoring API + - db4e70fa 2026-06-04T17:11:47+02:00 Use durationInHours for Prometheus retention and tune limits + - b479107f 2026-06-04T10:27:34-04:00 promote OSStreams to GA in self-managed clusters + - a6130498 2026-05-18T13:43:30+01:00 Add eval suite for /api-review command + - 8ecf6a78 2026-05-14T11:13:38-04:00 Lower maximum allowed etcd quota from 32 to 16GiB -- cluster-kube-controller-manager-operator embedded-component 9d636ab4992bd501006d2b0c1d3ac512666c6ca7 to c35307f04313369c9ba4dcab3308506a3987065e - - aa0c868 2026-06-03T17:05:46+05:30 fix lock failure cases +- cluster-csi-snapshot-controller-operator embedded-component 108f37f0e378accc322cbeb68136ec500ec35b94 to d6dbe6dd6aaed30d36409d8e54adb0c5b60b6744 + - b8f89e3 2026-06-12T17:16:27+02:00 STOR-3003: Update group snapshot CRDs to support both v1 and v1beta2 APIs + - 9915fa5 2026-06-09T12:19:21+02:00 Fix group snapshots on HyperShift + - a2cf0e8 2026-06-06T13:54:10Z Updating ose-cluster-csi-snapshot-controller-operator-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-cluster-csi-snapshot-controller-operator.yml -- etcd embedded-component c543fe15324510d13e896c31232ecd5d100d9de5 to bf6c0094589afdf6c814a28c24f8f1bb5a577816 - - d4656811 2026-06-06T16:04:21Z Updating ose-etcd-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-etcd.yml +- cluster-dns-operator embedded-component 65d60f9c12297a91ee89359e90f591fd44e661b0 to 8395f9054f235aec2cd5185019d201146c9827ed + - dc48f78 2026-06-06T22:36:10Z Updating ose-cluster-dns-operator-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-cluster-dns-operator.yml + - d4284dc 2026-05-18T14:30:22-04:00 NE-2391: Add Force management state to docs + - 2fa1fac 2026-04-24T09:33:58-04:00 Address CodeRabbit review feedback + - 75d5e62 2026-04-23T17:50:34-04:00 NE-2391: Add progressive disclosure AI agent context -- machine-config-operator embedded-component 62b06d28399b348cb7238d32ad74b9a978c4292f to 62dbab4477ce608b73bb8d4b190b0f522d2a5bb5 - - cfb74c3e 2026-06-05T13:08:35-04:00 Fix error wrapping and error message casing - - a96a9248 2026-06-05T08:57:59Z MCO-2321: adapt osimagestream tests to clusters with rhel-10 default stream - - b547d0ae 2026-06-04T07:50:22-04:00 avoid running IRI deletion tests for standard e2e IRI tests - - 55be329d 2026-06-03T14:48:40+05:30 Reorder functions to match source file sequence - - 02d7d918 2026-06-02T20:20:43+05:30 Add bootstrap infrastructure and migrate test 53960 - - 80b16676 2026-06-02T20:20:43+05:30 Migrate registry tests from openshift-tests-private - - dbea5e53 2026-05-28T15:23:08-04:00 bootimage: use version for vsphere hotloop check +- cluster-ingress-operator embedded-component 140e0bf13b3d01c369672c766c44b4be0b4ec78c to 6c84b7c7250e7412502382dca7d1f065f94fed5b + - b2875a0b 2026-06-09T17:43:53-04:00 Add aswinsuryan (asuryana@redhat.com) to OWNERS + - 5fcf1a07 2026-06-09T14:58:48+01:00 Replace iptables with nftables in TestConnectTimeout e2e test + - 77b06b59 2026-06-08T18:06:45-03:00 OCPBUGS-87205: Add configuration override for X-SSL strip + - 02ace843 2026-06-07T07:43:53Z Updating ose-cluster-ingress-operator-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-cluster-ingress-operator.yml -- operator-framework-olm embedded-component a1de734673fb56da500b6ea212a70d50bd5740ab to c0b1b223882bd7657853441ccf18099527a8841b - - 230f72bf 2026-06-05T10:25:33-04:00 [CARRY] fix unit test failure - - 2d13397d 2026-06-05T06:43:47-04:00 UPSTREAM: : Update to golang 1.26.3 and openshift-4.23 builders +- cluster-kube-apiserver-operator embedded-component a61282875d032c4b8cc7ea5567830942583ec378 to 86563261c7e7e4bbbbbf10791fc5065514e4d4de + - 1a0b65a 2026-06-16T13:18:27+03:00 Register health monitoring as new command + - c7f72a7 2026-06-12T16:12:24-04:00 bump(openshift/library-go): to get KMS plugin security context + - 4a28fda 2026-06-12T10:54:29-04:00 bump(openshift/library-go): to get KMS plugin CA bundle wiring + - 3cda3c4 2026-06-11T10:11:56+02:00 NO-JIRA: Automatic agentic rebase: Update library-go to 7fd5f33 -- oc image-amd64 d1f312bb855e741cadb8b3ac419d2cb3f3fd7ba5 to 4007283544cbc3609f90375b7a8efd395561612f - - c57c61a1 2026-06-08T04:25:30Z Updating openshift-enterprise-deployer-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/openshift-enterprise-deployer.yml +- cluster-network-operator embedded-component 6dc18040e7c214f6a1db25b6f5ef4642c6c6a186 to c376140ed1842c6a5f78cb74c55b4b49ba212041 + - 1aac2a7 2026-06-09T14:07:27-07:00 Replace weak hash algorithms with SHA256 + - 71543af 2026-06-09T14:07:27-07:00 Exclude vendor directory from Snyk security scans -- csi-external-snapshotter image-arm64 77d02e52a442c1a98457797bf8eb5777489aabae to 6411c3232ca015c2a02ece1d5a675045d17031cd +- csi-external-snapshotter embedded-component 77d02e52a442c1a98457797bf8eb5777489aabae to e695e2bd0b548afd0fce049d86d4af29dd34e574 + - 56ba1dc 2026-06-11T13:36:34Z UPSTREAM: revert: : Rebase external-snapshotter to v8.6.0 + - 151ed79 2026-06-10T12:38:21+02:00 UPSTREAM: : Updating ose-csi-snapshot-controller-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-csi-snapshot-controller.yml + - c611294 2026-06-09T14:07:00+02:00 UPSTREAM: : Add OpenShift files - 872813a 2026-06-07T12:35:43Z UPSTREAM: : Updating ose-csi-snapshot-controller-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-csi-snapshot-controller.yml + - af6ba61 2026-06-05T21:55:26Z UPSTREAM: : Updating ose-csi-external-snapshotter-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-csi-external-snapshotter.yml + - d920dc6 2026-05-27T22:18:07-04:00 Add changelog for v8.6.0 + - 41cb4da 2026-05-27T05:36:33Z Bump the k8s-dependencies group across 1 directory with 2 updates + - e3d7c8b 2026-05-26T17:51:49Z Squashed 'release-tools/' changes from e019f2a72..31186bf0a + - c57619a 2026-05-25T17:14:54Z Bump the github-dependencies group across 1 directory with 34 updates + - fce55ed 2026-05-22T19:31:15Z Add timeouts to webhook server. + - ac46e7f 2026-05-20T10:01:48+02:00 Bump k8s dependencies to v1.36.1 + - e38b2f6 2026-05-19T16:31:31+02:00 Squashed 'release-tools/' changes from 909252797..e019f2a72 + - 4907b0a 2026-05-14T10:35:25+05:30 Add newClaimPendingRestoreFromVolumeSnapshot and a TestDeleteSync case that asserts syncSnapshot returns an error and emits SnapshotDeletePending while a Pending PVC's dataSource references the snapshot, matching the requeue behavior for issue #1366. + - 9c09524 2026-04-29T09:56:41+05:30 Address review: clarify snapshot-in-use errors and group snapshot requeue comment + - 21c0111 2026-04-29T09:34:52+05:30 Fix requeue on VolumeSnapshot deletion when used for PVC restore When a VolumeSnapshot is deleted while a PVC is still being created from it, the controller blocked deletion but returned nil, so the workqueue never retried. Return an error so the snapshot is requeued and deletion is retried once the PVC is no longer in use. Same fix applied for VolumeGroupSnapshot in the group snapshot helper. + - f3f8db4 2026-04-22T11:23:08Z Bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 + - e8f6849 2026-04-20T13:28:17+02:00 Fix VolumeSnapshotContent deletion + - 9773a35 2026-04-17T03:00:21Z Squashed 'release-tools/' changes from de06a09a7..909252797 + - 1aececd 2026-04-16T12:44:28-04:00 Update unit tests + - f298d12 2026-04-16T11:26:01-04:00 Update go version to 1.25.8 + - c28b251 2026-04-16T11:26:01-04:00 Set v1beta2 as stored version + - 027ff6f 2026-04-16T11:25:54-04:00 Update controllers to use v1 VolumeGroupSnapshot APIs + - 7810fa8 2026-04-16T11:23:47-04:00 Move VolumeGroupSnapshot API to V1 + - 86c1a6c 2026-04-15T19:55:40-04:00 Add unit tests for group snapshots + - 13bf493 2026-04-15T18:26:54Z Run Trivy scan on schedule instead of pull requests + - fad717c 2026-04-15T12:32:14-04:00 Update go.opentelemetry.io/otel libs + - 72ee717 2026-04-15T10:57:54-04:00 Squashed 'release-tools/' changes from 119a53c3c..de06a09a7 + - c34d0df 2026-04-08T14:17:37-04:00 Fix data race in metrics test + - 4a8f5b5 2026-03-31T13:27:30+02:00 fix: pin github action to exact SHA + - 93ef9f3 2026-03-23T11:35:40Z Bump the github-dependencies group across 1 directory with 39 updates + - c18f4ec 2026-03-22T19:22:58+01:00 security: Update trivy-action to v0.35.0 + - 77c491f 2026-03-15T22:27:40-04:00 Squashed 'release-tools/' changes from 1e81e752e..119a53c3c + - 8c992f2 2026-03-03T13:37:39-05:00 Add more unit tests + - 97f3abc 2026-03-03T13:03:59+05:30 deploy: update sidecar image versions + - dec67ea 2026-02-27T12:54:09-05:00 Add unit tests for volume group snapshot controller in sidecar + - ee18dbc 2026-02-17T16:28:28-05:00 Add unit tests for group snapshots in snapshot-controller + - bb34c93 2026-02-16T12:29:17Z Bump the github-dependencies group with 11 updates + - 658c1ac 2025-10-19T14:06:14+03:00 [snapshot-controller] Do not modify error when retrying PVC finalizer removal -- router image-arm64 a86164c8ebaed55a2a28451fa913a04f10cc9a72 to 808b0001233b4c084694244f25cd53c3808c4e81 +- kubernetes embedded-component 872bd3722d0954b31459f715fbd4fb7612aaf338 to d8d517e6bbe7cf7359026cac26bb96ea45e18806 + - 59c831f7c 2026-06-06T16:54:59-04:00 UPSTREAM: : add kubernetes/conformance umbrella suite + +- machine-config-operator embedded-component 62dbab4477ce608b73bb8d4b190b0f522d2a5bb5 to 49eaf75d2e8cf026da563bd708f6f5512facf41a + - 4be5fa97 2026-06-12T12:40:02+02:00 MCO-2344: Revert MCO-2343 + - b0d6754e 2026-06-11T14:19:57-04:00 tests: update custom containerfile OCB test to work in disconnected environments + - 2c81fec6 2026-06-11T18:42:55+05:30 Add fix for TC 59424 + - f88d97c6 2026-06-11T08:10:11-04:00 controller & test: process rebuild annotation on machine-os-builder restart & increase test timeout + - 2f47b964 2026-06-10T02:54:33-04:00 move helpers in iri e2e main test + - 34a93a4e 2026-06-10T11:57:49+05:30 MCO-2209 MCO-2213 MCO-2233: Migrate security, daemon, and kernel TCs from otp3 mco.go + - 4016370d 2026-06-10T11:57:13+05:30 Update OWNERS: update current MCO team members + - 8959e528 2026-06-08T20:02:57+02:00 MCO-2343: Temporary make MCO default to rhel-9 + - ea093553 2026-06-08T09:21:56+02:00 OCPBUGS-87635: Fix MCP.status.osImageStream + - 73caf416 2026-06-06T22:07:29Z Updating ose-machine-config-operator-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-machine-config-operator.yml + - 23696fbf 2026-06-05T14:44:41-04:00 Added check for missingAnnotation + - ce58f78d 2026-06-05T13:50:04-04:00 Added a if-statement to compare images + - 4dc05f6f 2026-06-05T13:55:40+05:30 OCPBUGS-78524: Create mco_extensions.go suite with USBGuard, install all extensions, and invalid extensions tests + - 65934067 2026-06-05T12:58:31+05:30 OCP-88729: Only wait on last MachineConfig deletion to avoid double-waiting + - 2f91e47a 2026-06-05T12:58:31+05:30 OCP-88729: Use mc.DeleteWithWait() for cleanup instead of raw oc delete + - 7222f9d1 2026-06-05T12:58:31+05:30 OCP-88729: Optimize cleanup by deleting both MachineConfigs in one shot + - 0a2ade7a 2026-06-05T12:58:30+05:30 Move OCP-88729 USBGuard test to mco_kernel.go and add extension RPM verification + - 78749cea 2026-06-04T15:56:52+05:30 Fix kubelet certificate wait loop in criometricsproxy.yaml and update init container's volumeMount to /var/lib/kubelet + - 36c7cead 2026-06-02T12:13:48+05:30 OCPNODE-4487: replace --system-reserved flags with config drop-in Remove EnvironmentFile=/etc/node-sizing.env and the --system-reserved command-line flag from kubelet.service. The auto-sizing script now writes a KubeletConfiguration drop-in file to /etc/openshift/kubelet.conf.d/20-auto-sizing.conf, which kubelet reads via --config-dir. Add --config-dir to master and arbiter kubelet.service for consistency with workers. + +- operator-framework-olm embedded-component c0b1b223882bd7657853441ccf18099527a8841b to a78cfd39c259a22c104831c6ddf2572801b0f19d + - 0e8033fe 2026-06-10T08:01:50Z Updating operator-registry-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/da480a0c5a26a42e950fbcaf77b64918e1d76442/images/operator-registry.yml + - 8e42c8ea 2026-06-10T07:42:34Z Updating operator-lifecycle-manager-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/da480a0c5a26a42e950fbcaf77b64918e1d76442/images/operator-lifecycle-manager.yml + - b812d0c0 2026-06-10T07:26:00Z Updating ose-operator-framework-tools-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/da480a0c5a26a42e950fbcaf77b64918e1d76442/images/ose-operator-framework-tools.yml + +- route-controller-manager embedded-component 1916ceb059f500f06e8552f88bf38cd09f9522fd to e454c01fbe561cce9973f54b1ddbcdd35a9d18ff + - d4a98a4 2026-06-02T15:09:50-03:00 OCPBUGS-86886: (vendor) Use the copied ipallocator utils + - f51ec5e 2026-06-02T15:04:33-03:00 OCPBUGS-86886: Use the copied ipallocator utils + - b547252 2026-06-02T15:04:07-03:00 OCPBUGS-86886: Copy ipallocator code to route-controller-manager + - 31a2af8 2026-06-02T13:48:36-03:00 OCPBUGS-86886: (vendor) modernize dependency of k8s imports + - 5a43a7e 2026-06-02T13:48:36-03:00 OCPBUGS-86886: modernize dependency of k8s imports + +- service-ca-operator embedded-component e7ccfa308e69ce4ad1f2afcd1d7c8ff25144374b to 35cf51895f4dc77dca8a709e7635980753f87e17 + - 97a337e 2026-06-10T16:02:10+02:00 Watch CA bundle files for changes and reload dynamically + - 792dd4a 2026-06-10T16:00:29+02:00 deps: Update library-go and add k8s.io/kubernetes + +- oc image-amd64 4007283544cbc3609f90375b7a8efd395561612f to c639a3143e8d86763c185a5afc6c9b38d24c00a7 + - 6af74868 2026-06-12T11:00:03+02:00 fixup: Address test review feedback + - 4c50d0b4 2026-06-11T14:13:12-04:00 spec: Recommend bash-completion instead of requiring it + - 1477468e 2026-06-11T12:03:33+02:00 oc adm release new: Include base image's image-references in pruning + +- coredns image-amd64 3c21b066c9bd86caa06f790dcd1c046667875d46 to 97f7cc327ab5df7d6da38137b7be338efa9a3551 + - fdb17cd 2026-06-09T17:34:52-04:00 Add aswinsuryan (asuryana@redhat.com) to OWNERS + +- csi-external-snapshotter image-amd64 77d02e52a442c1a98457797bf8eb5777489aabae to e695e2bd0b548afd0fce049d86d4af29dd34e574 + - 56ba1dc 2026-06-11T13:36:34Z UPSTREAM: revert: : Rebase external-snapshotter to v8.6.0 + - 151ed79 2026-06-10T12:38:21+02:00 UPSTREAM: : Updating ose-csi-snapshot-controller-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-csi-snapshot-controller.yml + - c611294 2026-06-09T14:07:00+02:00 UPSTREAM: : Add OpenShift files + - 872813a 2026-06-07T12:35:43Z UPSTREAM: : Updating ose-csi-snapshot-controller-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-csi-snapshot-controller.yml + - af6ba61 2026-06-05T21:55:26Z UPSTREAM: : Updating ose-csi-external-snapshotter-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-csi-external-snapshotter.yml + - d920dc6 2026-05-27T22:18:07-04:00 Add changelog for v8.6.0 + - 41cb4da 2026-05-27T05:36:33Z Bump the k8s-dependencies group across 1 directory with 2 updates + - e3d7c8b 2026-05-26T17:51:49Z Squashed 'release-tools/' changes from e019f2a72..31186bf0a + - c57619a 2026-05-25T17:14:54Z Bump the github-dependencies group across 1 directory with 34 updates + - fce55ed 2026-05-22T19:31:15Z Add timeouts to webhook server. + - ac46e7f 2026-05-20T10:01:48+02:00 Bump k8s dependencies to v1.36.1 + - e38b2f6 2026-05-19T16:31:31+02:00 Squashed 'release-tools/' changes from 909252797..e019f2a72 + - 4907b0a 2026-05-14T10:35:25+05:30 Add newClaimPendingRestoreFromVolumeSnapshot and a TestDeleteSync case that asserts syncSnapshot returns an error and emits SnapshotDeletePending while a Pending PVC's dataSource references the snapshot, matching the requeue behavior for issue #1366. + - 9c09524 2026-04-29T09:56:41+05:30 Address review: clarify snapshot-in-use errors and group snapshot requeue comment + - 21c0111 2026-04-29T09:34:52+05:30 Fix requeue on VolumeSnapshot deletion when used for PVC restore When a VolumeSnapshot is deleted while a PVC is still being created from it, the controller blocked deletion but returned nil, so the workqueue never retried. Return an error so the snapshot is requeued and deletion is retried once the PVC is no longer in use. Same fix applied for VolumeGroupSnapshot in the group snapshot helper. + - f3f8db4 2026-04-22T11:23:08Z Bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 + - e8f6849 2026-04-20T13:28:17+02:00 Fix VolumeSnapshotContent deletion + - 9773a35 2026-04-17T03:00:21Z Squashed 'release-tools/' changes from de06a09a7..909252797 + - 1aececd 2026-04-16T12:44:28-04:00 Update unit tests + - f298d12 2026-04-16T11:26:01-04:00 Update go version to 1.25.8 + - c28b251 2026-04-16T11:26:01-04:00 Set v1beta2 as stored version + - 027ff6f 2026-04-16T11:25:54-04:00 Update controllers to use v1 VolumeGroupSnapshot APIs + - 7810fa8 2026-04-16T11:23:47-04:00 Move VolumeGroupSnapshot API to V1 + - 86c1a6c 2026-04-15T19:55:40-04:00 Add unit tests for group snapshots + - 13bf493 2026-04-15T18:26:54Z Run Trivy scan on schedule instead of pull requests + - fad717c 2026-04-15T12:32:14-04:00 Update go.opentelemetry.io/otel libs + - 72ee717 2026-04-15T10:57:54-04:00 Squashed 'release-tools/' changes from 119a53c3c..de06a09a7 + - c34d0df 2026-04-08T14:17:37-04:00 Fix data race in metrics test + - 4a8f5b5 2026-03-31T13:27:30+02:00 fix: pin github action to exact SHA + - 93ef9f3 2026-03-23T11:35:40Z Bump the github-dependencies group across 1 directory with 39 updates + - c18f4ec 2026-03-22T19:22:58+01:00 security: Update trivy-action to v0.35.0 + - 77c491f 2026-03-15T22:27:40-04:00 Squashed 'release-tools/' changes from 1e81e752e..119a53c3c + - 8c992f2 2026-03-03T13:37:39-05:00 Add more unit tests + - 97f3abc 2026-03-03T13:03:59+05:30 deploy: update sidecar image versions + - dec67ea 2026-02-27T12:54:09-05:00 Add unit tests for volume group snapshot controller in sidecar + - ee18dbc 2026-02-17T16:28:28-05:00 Add unit tests for group snapshots in snapshot-controller + - bb34c93 2026-02-16T12:29:17Z Bump the github-dependencies group with 11 updates + - 658c1ac 2025-10-19T14:06:14+03:00 [snapshot-controller] Do not modify error when retrying PVC finalizer removal + +- router image-amd64 a86164c8ebaed55a2a28451fa913a04f10cc9a72 to ce3479af6677053650d617a8165ce80c1178597c - d180c82 2026-06-08T18:21:01-03:00 OCPBUGS-87205: fix comments on template - 861e7c2 2026-06-08T11:47:45-03:00 Update images/router/haproxy/conf/haproxy-config.template - fca5221 2026-06-08T11:47:45-03:00 Expand list of stripped X-SSL-Client-* headers - ef98dff 2026-06-08T11:47:45-03:00 Rename env var to ROUTER_MUTUAL_TLS_HEADER_FILTER - 2e0ec41 2026-06-08T11:47:45-03:00 OCPBUGS-86718: Strip X-SSL-Client-* headers for plain HTTP + - befe5dd 2026-06-07T22:20:03Z Updating ose-haproxy-router-base-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-haproxy-router-base.yml + +- ovn-kubernetes image-amd64 e9295c0d0d7caa1eda7cc9f2f3900c64096c943c to 62baca4832f3aeb3fc7032d38619835c04208c95 + - 4ed7d1ec 2026-06-11T15:36:43+05:30 sync test annotations with upstream changes + - b4194487 2026-06-11T15:35:36+05:30 e2e: fix UDN subnet overlap with downstream service CIDR + - 4439fbd8 2026-06-04T11:09:04-04:00 fix: fail license generation on module download errors + - 73c7c88d 2026-06-04T11:09:00-04:00 fix: Use default GOTOOLCHAIN=auto when generating license files + - 69abaab2 2026-06-03T12:48:16+02:00 Make BGP server host port configurable + - 5e373a9c 2026-06-03T12:48:16+02:00 e2e: split same-UDN NodePort backend paths + - 19e34082 2026-06-03T12:48:16+02:00 e2e: add NodePort-node backend for UDN service + - bef1aa03 2026-06-03T12:48:16+02:00 e2e: select CUDN pod IP by family + - b3475348 2026-06-03T12:48:16+02:00 e2e: expect ETP=Local NodePort tests to succeed + - ae449ce3 2026-06-03T12:48:16+02:00 iprulemanager: include address family in rule equality + - 5fb1ded4 2026-06-03T12:48:16+02:00 e2e: wait for VRF-lite node readiness + - 9b514ecb 2026-06-02T14:48:48+02:00 e2e: expect VRF egress interface IP for LGW no-overlay SNAT + - 3710b5ab 2026-06-02T14:48:11+02:00 e2e: unskip no-overlay cross-node NodePort cases + - b435536a 2026-06-02T14:48:11+02:00 Test cases for CUDN with transport NoOverlay routing unmanaged outboundSNAT enabled and disabled in SGW and LGW mode + - 21bce8d9 2026-06-02T14:48:11+02:00 LGW: set ct-commit-all on L2 UDN cluster routers + - e95849c9 2026-06-02T14:48:11+02:00 LGW: set ct-commit-all on UDN cluster router + - 0ddbc064 2026-06-02T14:48:07+02:00 LGW: route no-overlay UDN ingress via OVN + - 9f42f945 2026-06-02T14:36:34+02:00 UDN service OpenFlow: handle SNAT to masq ip + - 88c03903 2026-06-02T14:36:34+02:00 SGW: Add conntrack flows for no-overlay UDN cross-node traffic + - 122ab5c2 2026-06-02T14:36:34+02:00 SGW: use allowed_ext_ips for advertised UDN SNAT + - 1ba24787 2026-06-01T11:05:14+02:00 Implement OutboundSNAT for CUDN in shared gateway mode + - 50386fa3 2026-06-01T11:05:12+02:00 Add OutboundSNAT field to NetInfo interface + - 2fbcc1f8 2026-06-01T11:05:10+02:00 Implement OutboundSNAT for CUDN in local gateway mode + - 91683a3d 2026-06-01T11:05:08+02:00 Render OutboundSNAT config from CUDN CRD to NAD + - 497c201a 2026-05-27T18:02:30-04:00 unit test: fix EVPN UDN expected node IP address set + - ad54c5a5 2026-05-27T17:25:34+02:00 node: skip updateOVNEncapIPAndReconnect tests without root privileges + - e2e701ee 2026-05-27T15:36:52+02:00 util: assume pod network advertisement for certain transports + - d2d101d6 2026-05-27T09:52:45+02:00 Optimize addressManager sync and linkmanager syncLink + - a069246c 2026-05-27T08:48:19+02:00 Fix deadlock in webhook if Serve fails before cancellation + - b9ed3293 2026-05-27T08:48:19+02:00 Add comprehensive unit tests for ovnkube-identity webhook.Run() + - 9d4334cd 2026-05-27T08:48:19+02:00 Refactor ovnkubeidentity webhook server into separate package + - cbb5c4d0 2026-05-26T17:04:54-04:00 Ensure node IP address set for advertised SNAT + - 757f3099 2026-05-26T20:44:22+02:00 e2e: replace random allocations with ConfigMap-backed allocators + - 1ff56ce8 2026-05-25T09:45:12+02:00 Fix kubevirt live migration test flake by avoiding fake client race + - 5ec0be6b 2026-05-25T07:40:38+02:00 fix(evpn): re-program neighbors after kubevirt live migration + - 5aa65afe 2026-05-25T07:40:38+02:00 fix(evpn): use NeighSet instead of NeighAdd for PERMANENT neighbors + - 3fbc9381 2026-05-22T14:20:05-07:00 chore: skip cicd tests for doc changes + - 8bc78918 2026-05-22T08:36:40-07:00 Deprecate OVN_METRICS_MASTER_PORT in favor of OVN_METRICS_CONTROLLER_PORT + - 811879b7 2026-05-22T08:36:40-07:00 docs: drop obsolete central-mode SSL install guides + - f7ceb813 2026-05-22T08:36:40-07:00 ovn: drop --no-leader-only from OVN client invocations + - 3cf80961 2026-05-22T08:36:40-07:00 helm: fix Prometheus alert description template variable + - 8ef7ca88 2026-05-22T08:36:40-07:00 config: drop OvnAuthConfig central-mode fields, keep Egress IP healthcheck plumbing + - f4c700df 2026-05-22T08:36:40-07:00 helm: drop OVN_SSL_ENABLE and OVN_NORTH/OVN_SOUTH plumbing + - e2dddda6 2026-05-22T08:36:40-07:00 ovnkube.sh: drop network NB/SB containers and SSL plumbing + - 4dd7f126 2026-05-22T08:36:40-07:00 Remove central mode leftover code + - d4d225a8 2026-05-22T10:43:26-04:00 e2e: remove temporary multihoming NAD sync sleeps + - 33a96ff8 2026-05-21T20:31:59+02:00 e2e: always resolve agnhost image via DeploymentConfig + - 9eb9b572 2026-05-21T13:34:23-04:00 Create UDN VRFs in DPU mode + - 83507aff 2026-05-21T18:28:38+02:00 Adds ignore paths for performance tests + - 6bc965b5 2026-05-20T07:49:47+02:00 e2e(virt): Replace fake virt-launcher pod with proper VMI in UDPN test + - 84513297 2026-05-20T07:49:47+02:00 e2e(virt): Add test with three VMs same hostname + - 89a8c5a1 2026-05-20T07:49:47+02:00 kubevirt: Support handling vm hostname field + - afadc29a 2026-05-19T14:30:18-04:00 Configure advertised UDN nftables on node init + - ccdf1bcd 2026-05-19T13:28:43-04:00 Pass route advertisement flag to DPU nodes + - 513717d3 2026-05-19T08:58:46-04:00 Resolve simulated DPU representors by alias + - 8a4852e7 2026-05-18T10:24:51-07:00 e2e: extend primary L3 UDN test cases with multiple subnets + - 49cb7ca2 2026-05-18T10:24:51-07:00 egressip: reconcile routes when P-UDN subnets change + - adaece03 2026-05-18T10:24:51-07:00 UDN: reconcile BGP isolation on primary UDN subnet changes + - 14d98051 2026-05-18T10:24:51-07:00 BGP: cover primary UDN multi-subnet route filtering for route importing + - 18eb5671 2026-05-18T10:24:51-07:00 docs: clarify RouteAdvertisement handling for Layer3 multi-subnet UDN + - 0cf8456b 2026-05-18T10:24:51-07:00 egressfirewall: update ACL when P-UDN adds overlapping subnet + - 7d8e841b 2026-05-18T10:24:51-07:00 networkconnect: handle P-UDN multi-subnet CNC router policies + - 8308e803 2026-05-18T10:24:51-07:00 Add e2e test case for layer P-UDN multi-subnet support + - 3456af40 2026-05-18T10:24:51-07:00 P-UDN: Support multiple cluster-subnets per IP family in Layer3 topology + - 3a242db4 2026-05-18T10:18:24-07:00 Update CRD validation rules and add corresponding e2e test cases + - a689686a 2026-05-18T12:40:31-04:00 Fix performance report + - 26b5c617 2026-05-18T12:17:43+02:00 Remove dead raft variable definitions from ovnkube.sh -- kubernetes image-arm64 872bd3722d0954b31459f715fbd4fb7612aaf338 to d8d517e6bbe7cf7359026cac26bb96ea45e18806 +- kubernetes image-amd64 872bd3722d0954b31459f715fbd4fb7612aaf338 to d8d517e6bbe7cf7359026cac26bb96ea45e18806 - 59c831f7c 2026-06-06T16:54:59-04:00 UPSTREAM: : add kubernetes/conformance umbrella suite +- service-ca-operator image-amd64 e7ccfa308e69ce4ad1f2afcd1d7c8ff25144374b to 35cf51895f4dc77dca8a709e7635980753f87e17 + - 97a337e 2026-06-10T16:02:10+02:00 Watch CA bundle files for changes and reload dynamically + - 792dd4a 2026-06-10T16:00:29+02:00 deps: Update library-go and add k8s.io/kubernetes + +- oc image-arm64 4007283544cbc3609f90375b7a8efd395561612f to c639a3143e8d86763c185a5afc6c9b38d24c00a7 + - 6af74868 2026-06-12T11:00:03+02:00 fixup: Address test review feedback + - 4c50d0b4 2026-06-11T14:13:12-04:00 spec: Recommend bash-completion instead of requiring it + - 1477468e 2026-06-11T12:03:33+02:00 oc adm release new: Include base image's image-references in pruning + +- coredns image-arm64 3c21b066c9bd86caa06f790dcd1c046667875d46 to 97f7cc327ab5df7d6da38137b7be338efa9a3551 + - fdb17cd 2026-06-09T17:34:52-04:00 Add aswinsuryan (asuryana@redhat.com) to OWNERS + +- csi-external-snapshotter image-arm64 6411c3232ca015c2a02ece1d5a675045d17031cd to e695e2bd0b548afd0fce049d86d4af29dd34e574 + - 56ba1dc 2026-06-11T13:36:34Z UPSTREAM: revert: : Rebase external-snapshotter to v8.6.0 + - 151ed79 2026-06-10T12:38:21+02:00 UPSTREAM: : Updating ose-csi-snapshot-controller-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-csi-snapshot-controller.yml + - c611294 2026-06-09T14:07:00+02:00 UPSTREAM: : Add OpenShift files + - af6ba61 2026-06-05T21:55:26Z UPSTREAM: : Updating ose-csi-external-snapshotter-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/7691ed4dc0b6585b358f9e73fb736ace9a48a286/images/ose-csi-external-snapshotter.yml + - d920dc6 2026-05-27T22:18:07-04:00 Add changelog for v8.6.0 + - 41cb4da 2026-05-27T05:36:33Z Bump the k8s-dependencies group across 1 directory with 2 updates + - e3d7c8b 2026-05-26T17:51:49Z Squashed 'release-tools/' changes from e019f2a72..31186bf0a + - c57619a 2026-05-25T17:14:54Z Bump the github-dependencies group across 1 directory with 34 updates + - fce55ed 2026-05-22T19:31:15Z Add timeouts to webhook server. + - ac46e7f 2026-05-20T10:01:48+02:00 Bump k8s dependencies to v1.36.1 + - e38b2f6 2026-05-19T16:31:31+02:00 Squashed 'release-tools/' changes from 909252797..e019f2a72 + - 4907b0a 2026-05-14T10:35:25+05:30 Add newClaimPendingRestoreFromVolumeSnapshot and a TestDeleteSync case that asserts syncSnapshot returns an error and emits SnapshotDeletePending while a Pending PVC's dataSource references the snapshot, matching the requeue behavior for issue #1366. + - 9c09524 2026-04-29T09:56:41+05:30 Address review: clarify snapshot-in-use errors and group snapshot requeue comment + - 21c0111 2026-04-29T09:34:52+05:30 Fix requeue on VolumeSnapshot deletion when used for PVC restore When a VolumeSnapshot is deleted while a PVC is still being created from it, the controller blocked deletion but returned nil, so the workqueue never retried. Return an error so the snapshot is requeued and deletion is retried once the PVC is no longer in use. Same fix applied for VolumeGroupSnapshot in the group snapshot helper. + - f3f8db4 2026-04-22T11:23:08Z Bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 + - e8f6849 2026-04-20T13:28:17+02:00 Fix VolumeSnapshotContent deletion + - 9773a35 2026-04-17T03:00:21Z Squashed 'release-tools/' changes from de06a09a7..909252797 + - 1aececd 2026-04-16T12:44:28-04:00 Update unit tests + - f298d12 2026-04-16T11:26:01-04:00 Update go version to 1.25.8 + - c28b251 2026-04-16T11:26:01-04:00 Set v1beta2 as stored version + - 027ff6f 2026-04-16T11:25:54-04:00 Update controllers to use v1 VolumeGroupSnapshot APIs + - 7810fa8 2026-04-16T11:23:47-04:00 Move VolumeGroupSnapshot API to V1 + - 86c1a6c 2026-04-15T19:55:40-04:00 Add unit tests for group snapshots + - 13bf493 2026-04-15T18:26:54Z Run Trivy scan on schedule instead of pull requests + - fad717c 2026-04-15T12:32:14-04:00 Update go.opentelemetry.io/otel libs + - 72ee717 2026-04-15T10:57:54-04:00 Squashed 'release-tools/' changes from 119a53c3c..de06a09a7 + - c34d0df 2026-04-08T14:17:37-04:00 Fix data race in metrics test + - 4a8f5b5 2026-03-31T13:27:30+02:00 fix: pin github action to exact SHA + - 93ef9f3 2026-03-23T11:35:40Z Bump the github-dependencies group across 1 directory with 39 updates + - c18f4ec 2026-03-22T19:22:58+01:00 security: Update trivy-action to v0.35.0 + - 77c491f 2026-03-15T22:27:40-04:00 Squashed 'release-tools/' changes from 1e81e752e..119a53c3c + - 8c992f2 2026-03-03T13:37:39-05:00 Add more unit tests + - 97f3abc 2026-03-03T13:03:59+05:30 deploy: update sidecar image versions + - dec67ea 2026-02-27T12:54:09-05:00 Add unit tests for volume group snapshot controller in sidecar + - ee18dbc 2026-02-17T16:28:28-05:00 Add unit tests for group snapshots in snapshot-controller + - bb34c93 2026-02-16T12:29:17Z Bump the github-dependencies group with 11 updates + - 658c1ac 2025-10-19T14:06:14+03:00 [snapshot-controller] Do not modify error when retrying PVC finalizer removal + +- router image-arm64 808b0001233b4c084694244f25cd53c3808c4e81 to 3553702970b094986d91f218e3191487de46e476 + - 7103676 2026-06-12T14:49:31-03:00 add option to separate router and haproxy containers + - befe5dd 2026-06-07T22:20:03Z Updating ose-haproxy-router-base-container image to be consistent with ART for 5.0 Reconciling with https://github.com/openshift-eng/ocp-build-data/tree/af322abdd1a4d7d0161a69a16369a0ab1748515a/images/ose-haproxy-router-base.yml + +- ovn-kubernetes image-arm64 e9295c0d0d7caa1eda7cc9f2f3900c64096c943c to 62baca4832f3aeb3fc7032d38619835c04208c95 + - 4ed7d1ec 2026-06-11T15:36:43+05:30 sync test annotations with upstream changes + - b4194487 2026-06-11T15:35:36+05:30 e2e: fix UDN subnet overlap with downstream service CIDR + - 4439fbd8 2026-06-04T11:09:04-04:00 fix: fail license generation on module download errors + - 73c7c88d 2026-06-04T11:09:00-04:00 fix: Use default GOTOOLCHAIN=auto when generating license files + - 69abaab2 2026-06-03T12:48:16+02:00 Make BGP server host port configurable + - 5e373a9c 2026-06-03T12:48:16+02:00 e2e: split same-UDN NodePort backend paths + - 19e34082 2026-06-03T12:48:16+02:00 e2e: add NodePort-node backend for UDN service + - bef1aa03 2026-06-03T12:48:16+02:00 e2e: select CUDN pod IP by family + - b3475348 2026-06-03T12:48:16+02:00 e2e: expect ETP=Local NodePort tests to succeed + - ae449ce3 2026-06-03T12:48:16+02:00 iprulemanager: include address family in rule equality + - 5fb1ded4 2026-06-03T12:48:16+02:00 e2e: wait for VRF-lite node readiness + - 9b514ecb 2026-06-02T14:48:48+02:00 e2e: expect VRF egress interface IP for LGW no-overlay SNAT + - 3710b5ab 2026-06-02T14:48:11+02:00 e2e: unskip no-overlay cross-node NodePort cases + - b435536a 2026-06-02T14:48:11+02:00 Test cases for CUDN with transport NoOverlay routing unmanaged outboundSNAT enabled and disabled in SGW and LGW mode + - 21bce8d9 2026-06-02T14:48:11+02:00 LGW: set ct-commit-all on L2 UDN cluster routers + - e95849c9 2026-06-02T14:48:11+02:00 LGW: set ct-commit-all on UDN cluster router + - 0ddbc064 2026-06-02T14:48:07+02:00 LGW: route no-overlay UDN ingress via OVN + - 9f42f945 2026-06-02T14:36:34+02:00 UDN service OpenFlow: handle SNAT to masq ip + - 88c03903 2026-06-02T14:36:34+02:00 SGW: Add conntrack flows for no-overlay UDN cross-node traffic + - 122ab5c2 2026-06-02T14:36:34+02:00 SGW: use allowed_ext_ips for advertised UDN SNAT + - 1ba24787 2026-06-01T11:05:14+02:00 Implement OutboundSNAT for CUDN in shared gateway mode + - 50386fa3 2026-06-01T11:05:12+02:00 Add OutboundSNAT field to NetInfo interface + - 2fbcc1f8 2026-06-01T11:05:10+02:00 Implement OutboundSNAT for CUDN in local gateway mode + - 91683a3d 2026-06-01T11:05:08+02:00 Render OutboundSNAT config from CUDN CRD to NAD + - 497c201a 2026-05-27T18:02:30-04:00 unit test: fix EVPN UDN expected node IP address set + - ad54c5a5 2026-05-27T17:25:34+02:00 node: skip updateOVNEncapIPAndReconnect tests without root privileges + - e2e701ee 2026-05-27T15:36:52+02:00 util: assume pod network advertisement for certain transports + - d2d101d6 2026-05-27T09:52:45+02:00 Optimize addressManager sync and linkmanager syncLink + - a069246c 2026-05-27T08:48:19+02:00 Fix deadlock in webhook if Serve fails before cancellation + - b9ed3293 2026-05-27T08:48:19+02:00 Add comprehensive unit tests for ovnkube-identity webhook.Run() + - 9d4334cd 2026-05-27T08:48:19+02:00 Refactor ovnkubeidentity webhook server into separate package + - cbb5c4d0 2026-05-26T17:04:54-04:00 Ensure node IP address set for advertised SNAT + - 757f3099 2026-05-26T20:44:22+02:00 e2e: replace random allocations with ConfigMap-backed allocators + - 1ff56ce8 2026-05-25T09:45:12+02:00 Fix kubevirt live migration test flake by avoiding fake client race + - 5ec0be6b 2026-05-25T07:40:38+02:00 fix(evpn): re-program neighbors after kubevirt live migration + - 5aa65afe 2026-05-25T07:40:38+02:00 fix(evpn): use NeighSet instead of NeighAdd for PERMANENT neighbors + - 3fbc9381 2026-05-22T14:20:05-07:00 chore: skip cicd tests for doc changes + - 8bc78918 2026-05-22T08:36:40-07:00 Deprecate OVN_METRICS_MASTER_PORT in favor of OVN_METRICS_CONTROLLER_PORT + - 811879b7 2026-05-22T08:36:40-07:00 docs: drop obsolete central-mode SSL install guides + - f7ceb813 2026-05-22T08:36:40-07:00 ovn: drop --no-leader-only from OVN client invocations + - 3cf80961 2026-05-22T08:36:40-07:00 helm: fix Prometheus alert description template variable + - 8ef7ca88 2026-05-22T08:36:40-07:00 config: drop OvnAuthConfig central-mode fields, keep Egress IP healthcheck plumbing + - f4c700df 2026-05-22T08:36:40-07:00 helm: drop OVN_SSL_ENABLE and OVN_NORTH/OVN_SOUTH plumbing + - e2dddda6 2026-05-22T08:36:40-07:00 ovnkube.sh: drop network NB/SB containers and SSL plumbing + - 4dd7f126 2026-05-22T08:36:40-07:00 Remove central mode leftover code + - d4d225a8 2026-05-22T10:43:26-04:00 e2e: remove temporary multihoming NAD sync sleeps + - 33a96ff8 2026-05-21T20:31:59+02:00 e2e: always resolve agnhost image via DeploymentConfig + - 9eb9b572 2026-05-21T13:34:23-04:00 Create UDN VRFs in DPU mode + - 83507aff 2026-05-21T18:28:38+02:00 Adds ignore paths for performance tests + - 6bc965b5 2026-05-20T07:49:47+02:00 e2e(virt): Replace fake virt-launcher pod with proper VMI in UDPN test + - 84513297 2026-05-20T07:49:47+02:00 e2e(virt): Add test with three VMs same hostname + - 89a8c5a1 2026-05-20T07:49:47+02:00 kubevirt: Support handling vm hostname field + - afadc29a 2026-05-19T14:30:18-04:00 Configure advertised UDN nftables on node init + - ccdf1bcd 2026-05-19T13:28:43-04:00 Pass route advertisement flag to DPU nodes + - 513717d3 2026-05-19T08:58:46-04:00 Resolve simulated DPU representors by alias + - 8a4852e7 2026-05-18T10:24:51-07:00 e2e: extend primary L3 UDN test cases with multiple subnets + - 49cb7ca2 2026-05-18T10:24:51-07:00 egressip: reconcile routes when P-UDN subnets change + - adaece03 2026-05-18T10:24:51-07:00 UDN: reconcile BGP isolation on primary UDN subnet changes + - 14d98051 2026-05-18T10:24:51-07:00 BGP: cover primary UDN multi-subnet route filtering for route importing + - 18eb5671 2026-05-18T10:24:51-07:00 docs: clarify RouteAdvertisement handling for Layer3 multi-subnet UDN + - 0cf8456b 2026-05-18T10:24:51-07:00 egressfirewall: update ACL when P-UDN adds overlapping subnet + - 7d8e841b 2026-05-18T10:24:51-07:00 networkconnect: handle P-UDN multi-subnet CNC router policies + - 8308e803 2026-05-18T10:24:51-07:00 Add e2e test case for layer P-UDN multi-subnet support + - 3456af40 2026-05-18T10:24:51-07:00 P-UDN: Support multiple cluster-subnets per IP family in Layer3 topology + - 3a242db4 2026-05-18T10:18:24-07:00 Update CRD validation rules and add corresponding e2e test cases + - a689686a 2026-05-18T12:40:31-04:00 Fix performance report + - 26b5c617 2026-05-18T12:17:43+02:00 Remove dead raft variable definitions from ovnkube.sh + +- service-ca-operator image-arm64 e7ccfa308e69ce4ad1f2afcd1d7c8ff25144374b to 35cf51895f4dc77dca8a709e7635980753f87e17 + - 97a337e 2026-06-10T16:02:10+02:00 Watch CA bundle files for changes and reload dynamically + - 792dd4a 2026-06-10T16:00:29+02:00 deps: Update library-go and add k8s.io/kubernetes + diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index da804158be..4eacf45d24 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,35 +1,35 @@ -https://github.com/openshift/api embedded-component 1194f4c62539275cd6dec231cc2bf7e0a010bd94 -https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component 108f37f0e378accc322cbeb68136ec500ec35b94 -https://github.com/openshift/cluster-dns-operator embedded-component 65d60f9c12297a91ee89359e90f591fd44e661b0 -https://github.com/openshift/cluster-ingress-operator embedded-component 140e0bf13b3d01c369672c766c44b4be0b4ec78c -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component a61282875d032c4b8cc7ea5567830942583ec378 +https://github.com/openshift/api embedded-component 05673ba6e6503fa49f049fb7a85903cb1f7a34ed +https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component d6dbe6dd6aaed30d36409d8e54adb0c5b60b6744 +https://github.com/openshift/cluster-dns-operator embedded-component 8395f9054f235aec2cd5185019d201146c9827ed +https://github.com/openshift/cluster-ingress-operator embedded-component 6c84b7c7250e7412502382dca7d1f065f94fed5b +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 86563261c7e7e4bbbbbf10791fc5065514e4d4de https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component c35307f04313369c9ba4dcab3308506a3987065e https://github.com/openshift/cluster-kube-scheduler-operator embedded-component d43423b583269eea8236040424609c3f108ac9c4 -https://github.com/openshift/cluster-network-operator embedded-component 6dc18040e7c214f6a1db25b6f5ef4642c6c6a186 +https://github.com/openshift/cluster-network-operator embedded-component c376140ed1842c6a5f78cb74c55b4b49ba212041 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 34f95b07f4afbc47558e54e4fa2710fd692e615e https://github.com/openshift/cluster-policy-controller embedded-component bb429f5b2a7d77791110b06d8ec5c017183e3ab9 -https://github.com/openshift/csi-external-snapshotter embedded-component 77d02e52a442c1a98457797bf8eb5777489aabae +https://github.com/openshift/csi-external-snapshotter embedded-component e695e2bd0b548afd0fce049d86d4af29dd34e574 https://github.com/openshift/etcd embedded-component bf6c0094589afdf6c814a28c24f8f1bb5a577816 -https://github.com/openshift/kubernetes embedded-component 872bd3722d0954b31459f715fbd4fb7612aaf338 +https://github.com/openshift/kubernetes embedded-component d8d517e6bbe7cf7359026cac26bb96ea45e18806 https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component 72835e43c7754356645e41031f3a99926b4d42e6 -https://github.com/openshift/machine-config-operator embedded-component 62dbab4477ce608b73bb8d4b190b0f522d2a5bb5 +https://github.com/openshift/machine-config-operator embedded-component 49eaf75d2e8cf026da563bd708f6f5512facf41a https://github.com/openshift/openshift-controller-manager embedded-component 5631cf493b006cbc72a8600a7435813272d71940 -https://github.com/openshift/operator-framework-olm embedded-component c0b1b223882bd7657853441ccf18099527a8841b -https://github.com/openshift/route-controller-manager embedded-component 1916ceb059f500f06e8552f88bf38cd09f9522fd -https://github.com/openshift/service-ca-operator embedded-component e7ccfa308e69ce4ad1f2afcd1d7c8ff25144374b -https://github.com/openshift/oc image-amd64 4007283544cbc3609f90375b7a8efd395561612f -https://github.com/openshift/coredns image-amd64 3c21b066c9bd86caa06f790dcd1c046667875d46 -https://github.com/openshift/csi-external-snapshotter image-amd64 77d02e52a442c1a98457797bf8eb5777489aabae -https://github.com/openshift/router image-amd64 a86164c8ebaed55a2a28451fa913a04f10cc9a72 +https://github.com/openshift/operator-framework-olm embedded-component a78cfd39c259a22c104831c6ddf2572801b0f19d +https://github.com/openshift/route-controller-manager embedded-component e454c01fbe561cce9973f54b1ddbcdd35a9d18ff +https://github.com/openshift/service-ca-operator embedded-component 35cf51895f4dc77dca8a709e7635980753f87e17 +https://github.com/openshift/oc image-amd64 c639a3143e8d86763c185a5afc6c9b38d24c00a7 +https://github.com/openshift/coredns image-amd64 97f7cc327ab5df7d6da38137b7be338efa9a3551 +https://github.com/openshift/csi-external-snapshotter image-amd64 e695e2bd0b548afd0fce049d86d4af29dd34e574 +https://github.com/openshift/router image-amd64 ce3479af6677053650d617a8165ce80c1178597c https://github.com/openshift/kube-rbac-proxy image-amd64 d12e274605248f6c59373240a7eae7a7a357dcb3 -https://github.com/openshift/ovn-kubernetes image-amd64 e9295c0d0d7caa1eda7cc9f2f3900c64096c943c -https://github.com/openshift/kubernetes image-amd64 872bd3722d0954b31459f715fbd4fb7612aaf338 -https://github.com/openshift/service-ca-operator image-amd64 e7ccfa308e69ce4ad1f2afcd1d7c8ff25144374b -https://github.com/openshift/oc image-arm64 4007283544cbc3609f90375b7a8efd395561612f -https://github.com/openshift/coredns image-arm64 3c21b066c9bd86caa06f790dcd1c046667875d46 -https://github.com/openshift/csi-external-snapshotter image-arm64 6411c3232ca015c2a02ece1d5a675045d17031cd -https://github.com/openshift/router image-arm64 808b0001233b4c084694244f25cd53c3808c4e81 +https://github.com/openshift/ovn-kubernetes image-amd64 62baca4832f3aeb3fc7032d38619835c04208c95 +https://github.com/openshift/kubernetes image-amd64 d8d517e6bbe7cf7359026cac26bb96ea45e18806 +https://github.com/openshift/service-ca-operator image-amd64 35cf51895f4dc77dca8a709e7635980753f87e17 +https://github.com/openshift/oc image-arm64 c639a3143e8d86763c185a5afc6c9b38d24c00a7 +https://github.com/openshift/coredns image-arm64 97f7cc327ab5df7d6da38137b7be338efa9a3551 +https://github.com/openshift/csi-external-snapshotter image-arm64 e695e2bd0b548afd0fce049d86d4af29dd34e574 +https://github.com/openshift/router image-arm64 3553702970b094986d91f218e3191487de46e476 https://github.com/openshift/kube-rbac-proxy image-arm64 d12e274605248f6c59373240a7eae7a7a357dcb3 -https://github.com/openshift/ovn-kubernetes image-arm64 e9295c0d0d7caa1eda7cc9f2f3900c64096c943c +https://github.com/openshift/ovn-kubernetes image-arm64 62baca4832f3aeb3fc7032d38619835c04208c95 https://github.com/openshift/kubernetes image-arm64 d8d517e6bbe7cf7359026cac26bb96ea45e18806 -https://github.com/openshift/service-ca-operator image-arm64 e7ccfa308e69ce4ad1f2afcd1d7c8ff25144374b +https://github.com/openshift/service-ca-operator image-arm64 35cf51895f4dc77dca8a709e7635980753f87e17 diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 0f507bbbc8..9c0418ee13 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release-5:5.0.0-0.nightly-2026-06-09-112600" "registry.ci.openshift.org/ocp-arm64/release-5-arm64:5.0.0-0.nightly-arm64-2026-06-10-025037" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release-5:5.0.0-0.nightly-2026-06-18-000016" "registry.ci.openshift.org/ocp-arm64/release-5-arm64:5.0.0-0.nightly-arm64-2026-06-19-034904" diff --git a/vendor/github.com/openshift/route-controller-manager/pkg/route/ingress/ingress.go b/vendor/github.com/openshift/route-controller-manager/pkg/route/ingress/ingress.go index 82e02ff93d..4177fd1166 100644 --- a/vendor/github.com/openshift/route-controller-manager/pkg/route/ingress/ingress.go +++ b/vendor/github.com/openshift/route-controller-manager/pkg/route/ingress/ingress.go @@ -27,6 +27,7 @@ import ( "k8s.io/apimachinery/pkg/util/wait" coreinformers "k8s.io/client-go/informers/core/v1" networkingv1informers "k8s.io/client-go/informers/networking/v1" + "k8s.io/client-go/kubernetes/scheme" kv1core "k8s.io/client-go/kubernetes/typed/core/v1" kv1networking "k8s.io/client-go/kubernetes/typed/networking/v1" corelisters "k8s.io/client-go/listers/core/v1" @@ -35,7 +36,6 @@ import ( "k8s.io/client-go/tools/record" "k8s.io/client-go/util/workqueue" "k8s.io/component-base/metrics/legacyregistry" - "k8s.io/kubernetes/pkg/api/legacyscheme" routev1 "github.com/openshift/api/route/v1" routeclient "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1" @@ -177,7 +177,7 @@ func NewController(eventsClient kv1core.EventsGetter, routeClient routeclient.Ro broadcaster.StartLogging(klog.Infof) // TODO: remove the wrapper when every clients have moved to use the clientset. broadcaster.StartRecordingToSink(&kv1core.EventSinkImpl{Interface: eventsClient.Events("")}) - recorder := broadcaster.NewRecorder(legacyscheme.Scheme, corev1.EventSource{Component: "ingress-to-route-controller"}) + recorder := broadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "ingress-to-route-controller"}) c := &Controller{ eventRecorder: recorder, diff --git a/vendor/github.com/openshift/route-controller-manager/pkg/route/ingressip/service_ingressip_controller.go b/vendor/github.com/openshift/route-controller-manager/pkg/route/ingressip/service_ingressip_controller.go index 5f20dcae53..fbbff11eb2 100644 --- a/vendor/github.com/openshift/route-controller-manager/pkg/route/ingressip/service_ingressip_controller.go +++ b/vendor/github.com/openshift/route-controller-manager/pkg/route/ingressip/service_ingressip_controller.go @@ -18,15 +18,14 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" kclientset "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/scheme" kcoreclient "k8s.io/client-go/kubernetes/typed/core/v1" kv1core "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/record" "k8s.io/client-go/util/workqueue" - "k8s.io/kubernetes/pkg/api/legacyscheme" - "k8s.io/kubernetes/pkg/controller" - "k8s.io/kubernetes/pkg/registry/core/service/allocator" - "k8s.io/kubernetes/pkg/registry/core/service/ipallocator" + + "github.com/openshift/route-controller-manager/pkg/utils/ipallocator" ) const ( @@ -85,7 +84,7 @@ type serviceChange struct { func NewIngressIPController(services cache.SharedIndexInformer, kc kclientset.Interface, ipNet *net.IPNet, resyncInterval time.Duration) *IngressIPController { eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartRecordingToSink(&kv1core.EventSinkImpl{Interface: kc.CoreV1().Events("")}) - recorder := eventBroadcaster.NewRecorder(legacyscheme.Scheme, v1.EventSource{Component: "ingressip-controller"}) + recorder := eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: "ingressip-controller"}) ic := &IngressIPController{ client: kc.CoreV1(), @@ -115,9 +114,7 @@ func NewIngressIPController(services cache.SharedIndexInformer, kc kclientset.In ic.changeHandler = ic.processChange ic.persistenceHandler = persistService - ic.ipAllocator, _ = ipallocator.New(ipNet, func(max int, rangeSpec string, offset int) (allocator.Interface, error) { - return allocator.NewAllocationMap(max, rangeSpec), nil - }) + ic.ipAllocator, _ = ipallocator.NewInMemory(ipNet) ic.allocationMap = make(map[string]string) ic.requeuedAllocations = sets.NewString() @@ -138,7 +135,7 @@ func (ic *IngressIPController) enqueueChange(new interface{}, old interface{}) { if new != nil { // Queue the key needed to retrieve the lastest state from the // cache when the change is processed. - key, err := controller.KeyFunc(new) + key, err := cache.DeletionHandlingMetaNamespaceKeyFunc(new) if err != nil { utilruntime.HandleError(fmt.Errorf("Couldn't get key for object %+v: %v", new, err)) return @@ -274,7 +271,7 @@ func (ic *IngressIPController) processInitialSync() bool { // Add pending service additions back to the queue in consistent order. sort.Sort(serviceAge(pendingServices)) for _, service := range pendingServices { - if key, err := controller.KeyFunc(service); err == nil { + if key, err := cache.DeletionHandlingMetaNamespaceKeyFunc(service); err == nil { klog.V(5).Infof("Adding service back to queue: %v ", key) change := &serviceChange{key: key} ic.queue.Add(change) @@ -443,7 +440,7 @@ func (ic *IngressIPController) clearOldAllocation(new, old *v1.Service) bool { // New allocation differs from old due to update or deletion // Get the key from the old service since the new service may be nil - if key, err := controller.KeyFunc(old); err == nil { + if key, err := cache.DeletionHandlingMetaNamespaceKeyFunc(old); err == nil { ic.clearLocalAllocation(key, oldIP) return true } else { diff --git a/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/README.md b/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/README.md new file mode 100644 index 0000000000..f5e0b550fb --- /dev/null +++ b/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/README.md @@ -0,0 +1,23 @@ +# ipallocator + +Minimal in-memory IP range allocator for assigning IPs from a CIDR block. + +## Provenance + +This code is copied from two packages in **k8s.io/kubernetes v1.35.0**: + +- `k8s.io/kubernetes/pkg/registry/core/service/allocator` — bitmap allocator +- `k8s.io/kubernetes/pkg/registry/core/service/ipallocator` — IP range wrapper + +Only the code paths used by the IngressIP controller (`pkg/route/ingressip/`) are +included. The following features from the original were removed: + +- Metrics recording (`metricsRecorderInterface`, Prometheus counters) +- Dry-run support (`DryRun()`, `dryRunRange`) +- Snapshot/restore (`Snapshot()`, `Restore()`, `NewFromSnapshot`) +- IPFamily tracking (`IPFamily()`, `api.IPFamily` dependency) +- Factory pattern (`New()` with `AllocatorWithOffsetFactory`) +- Unused methods: `ForEach()`, `Destroy()`, `CIDR()`, `Used()`, `EnableMetrics()` + +This eliminates the dependency on `k8s.io/kubernetes` (the monorepo). +IP math uses `k8s.io/utils/net` which is a standalone module. diff --git a/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/allocator.go b/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/allocator.go new file mode 100644 index 0000000000..fd07023dee --- /dev/null +++ b/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/allocator.go @@ -0,0 +1,176 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ipallocator + +import ( + "fmt" + "math/big" + "math/rand" + "sync" + "time" +) + +// allocatorInterface manages the allocation of items out of a range. +type allocatorInterface interface { + Allocate(int) (bool, error) + AllocateNext() (int, bool, error) + Release(int) error + Has(int) bool + Free() int +} + +// allocationBitmap is a contiguous block of resources that can be allocated atomically. +// +// Each resource has an offset. The internal structure is a bitmap, with a bit for each offset. +// +// If a resource is taken, the bit at that offset is set to one. +// r.count is always equal to the number of set bits and can be recalculated at any time +// by counting the set bits in r.allocated. +type allocationBitmap struct { + strategy bitAllocator + max int + rangeSpec string + + lock sync.Mutex + count int + allocated *big.Int +} + +var _ allocatorInterface = &allocationBitmap{} + +// bitAllocator represents a search strategy in the allocation map for a valid item. +type bitAllocator interface { + AllocateBit(allocated *big.Int, max, count int) (int, bool) +} + +// newAllocationMapWithOffset creates an allocation bitmap using a random scan strategy that +// allows to pass an offset that divides the allocation bitmap in two blocks. +// The first block of values will not be used for random value assigned by the AllocateNext() +// method until the second block of values has been exhausted. +func newAllocationMapWithOffset(max int, rangeSpec string, offset int) *allocationBitmap { + return &allocationBitmap{ + strategy: randomScanStrategyWithOffset{ + rand: rand.New(rand.NewSource(time.Now().UnixNano())), + offset: offset, + }, + allocated: big.NewInt(0), + count: 0, + max: max, + rangeSpec: rangeSpec, + } +} + +// Allocate attempts to reserve the provided item. +// Returns true if it was allocated, false if it was already in use. +func (r *allocationBitmap) Allocate(offset int) (bool, error) { + r.lock.Lock() + defer r.lock.Unlock() + + if offset < 0 || offset >= r.max { + return false, fmt.Errorf("offset %d out of range [0,%d]", offset, r.max) + } + if r.allocated.Bit(offset) == 1 { + return false, nil + } + r.allocated = r.allocated.SetBit(r.allocated, offset, 1) + r.count++ + return true, nil +} + +// AllocateNext reserves one of the items from the pool. +// (0, false, nil) may be returned if there are no items left. +func (r *allocationBitmap) AllocateNext() (int, bool, error) { + r.lock.Lock() + defer r.lock.Unlock() + + next, ok := r.strategy.AllocateBit(r.allocated, r.max, r.count) + if !ok { + return 0, false, nil + } + r.count++ + r.allocated = r.allocated.SetBit(r.allocated, next, 1) + return next, true, nil +} + +// Release releases the item back to the pool. Releasing an +// unallocated item or an item out of the range is a no-op and +// returns no error. +func (r *allocationBitmap) Release(offset int) error { + r.lock.Lock() + defer r.lock.Unlock() + + if r.allocated.Bit(offset) == 0 { + return nil + } + + r.allocated = r.allocated.SetBit(r.allocated, offset, 0) + r.count-- + return nil +} + +// Has returns true if the provided item is already allocated and a call +// to Allocate(offset) would fail. +func (r *allocationBitmap) Has(offset int) bool { + r.lock.Lock() + defer r.lock.Unlock() + + return r.allocated.Bit(offset) == 1 +} + +// Free returns the count of items left in the range. +func (r *allocationBitmap) Free() int { + r.lock.Lock() + defer r.lock.Unlock() + return r.max - r.count +} + +// randomScanStrategyWithOffset chooses a random address from the provided big.Int and then scans +// forward looking for the next available address. The big.Int range is subdivided so it will try +// to allocate first from the reserved upper range of addresses (it will wrap the upper subrange if necessary). +// If there is no free address it will try to allocate one from the lower range too. +type randomScanStrategyWithOffset struct { + rand *rand.Rand + offset int +} + +func (rss randomScanStrategyWithOffset) AllocateBit(allocated *big.Int, max, count int) (int, bool) { + if count >= max { + return 0, false + } + subrangeMax := max - rss.offset + start := rss.rand.Intn(subrangeMax) + for i := 0; i < subrangeMax; i++ { + at := rss.offset + ((start + i) % subrangeMax) + if allocated.Bit(at) == 0 { + return at, true + } + } + + // Guard against rand.Intn(0) panic when offset is 0. + if rss.offset > 0 { + start = rss.rand.Intn(rss.offset) + for i := 0; i < rss.offset; i++ { + at := (start + i) % rss.offset + if allocated.Bit(at) == 0 { + return at, true + } + } + } + return 0, false +} + +var _ bitAllocator = randomScanStrategyWithOffset{} diff --git a/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/ipallocator.go b/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/ipallocator.go new file mode 100644 index 0000000000..77450783ff --- /dev/null +++ b/vendor/github.com/openshift/route-controller-manager/pkg/utils/ipallocator/ipallocator.go @@ -0,0 +1,210 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ipallocator + +import ( + "errors" + "fmt" + "math/big" + "net" + + netutils "k8s.io/utils/net" +) + +var ( + ErrFull = errors.New("range is full") + ErrAllocated = errors.New("provided IP is already allocated") +) + +type ErrNotInRange struct { + IP net.IP + ValidRange string +} + +func (e *ErrNotInRange) Error() string { + return fmt.Sprintf("the provided IP (%v) is not in the valid range. The range of valid IPs is %s", e.IP, e.ValidRange) +} + +// Range is a contiguous block of IPs that can be allocated atomically. +// +// The internal structure of the range is: +// +// For CIDR 10.0.0.0/24 +// 254 addresses usable out of 256 total (minus base and broadcast IPs) +// The number of usable addresses is r.max +// +// CIDR base IP CIDR broadcast IP +// 10.0.0.0 10.0.0.255 +// | | +// 0 1 2 3 4 5 ... ... 253 254 255 +// | | +// r.base r.base + r.max +// | | +// offset #0 of r.allocated last offset of r.allocated +type Range struct { + net *net.IPNet + base *big.Int + max int + + alloc allocatorInterface +} + +// NewInMemory creates an in-memory IP allocator over a net.IPNet. +func NewInMemory(cidr *net.IPNet) (*Range, error) { + max := netutils.RangeSize(cidr) + base := netutils.BigForIP(cidr.IP) + rangeSpec := cidr.String() + + if netutils.IsIPv6CIDR(cidr) { + if max > 65536 { + max = 65536 + } + } else { + // Don't use the IPv4 network's broadcast address. + max-- + } + + // Don't use the network's ".0" address. + base.Add(base, big.NewInt(1)) + max-- + + if max < 0 { + max = 0 + } + + r := Range{ + net: cidr, + base: base, + max: maximum(0, int(max)), + } + + offset := calculateRangeOffset(cidr) + r.alloc = newAllocationMapWithOffset(r.max, rangeSpec, offset) + return &r, nil +} + +func maximum(a, b int) int { + if a > b { + return a + } + return b +} + +// Free returns the count of IP addresses left in the range. +func (r *Range) Free() int { + return r.alloc.Free() +} + +// Allocate attempts to reserve the provided IP. ErrNotInRange or +// ErrAllocated will be returned if the IP is not valid for this range +// or has already been reserved. ErrFull will be returned if there +// are no addresses left. +func (r *Range) Allocate(ip net.IP) error { + ok, offset := r.contains(ip) + if !ok { + return &ErrNotInRange{ip, r.net.String()} + } + + allocated, err := r.alloc.Allocate(offset) + if err != nil { + return err + } + if !allocated { + return ErrAllocated + } + return nil +} + +// AllocateNext reserves one of the IPs from the pool. ErrFull may +// be returned if there are no addresses left. +func (r *Range) AllocateNext() (net.IP, error) { + offset, ok, err := r.alloc.AllocateNext() + if err != nil { + return nil, err + } + if !ok { + return nil, ErrFull + } + return netutils.AddIPOffset(r.base, offset), nil +} + +// Release releases the IP back to the pool. Releasing an +// unallocated IP or an IP out of the range is a no-op and +// returns no error. +func (r *Range) Release(ip net.IP) error { + ok, offset := r.contains(ip) + if !ok { + return nil + } + return r.alloc.Release(offset) +} + +// Has returns true if the provided IP is already allocated and a call +// to Allocate(ip) would fail with ErrAllocated. +func (r *Range) Has(ip net.IP) bool { + ok, offset := r.contains(ip) + if !ok { + return false + } + return r.alloc.Has(offset) +} + +// contains returns true and the offset if the ip is in the range, and false +// and 0 otherwise. The first and last addresses of the CIDR are omitted. +func (r *Range) contains(ip net.IP) (bool, int) { + if !r.net.Contains(ip) { + return false, 0 + } + + offset := calculateIPOffset(r.base, ip) + if offset < 0 || offset >= r.max { + return false, 0 + } + return true, offset +} + +// calculateIPOffset calculates the integer offset of ip from base such that +// base + offset = ip. It requires ip >= base. +func calculateIPOffset(base *big.Int, ip net.IP) int { + return int(big.NewInt(0).Sub(netutils.BigForIP(ip), base).Int64()) +} + +// calculateRangeOffset estimates the offset used on the range for static allocation based on +// the following formula `min(max($min, cidrSize/$step), $max)`, described as ~never less than +// $min or more than $max, with a graduated step function between them~. The function returns 0 +// if any of the parameters is invalid. +func calculateRangeOffset(cidr *net.IPNet) int { + const ( + min = 16 + max = 256 + step = 16 + ) + + cidrSize := netutils.RangeSize(cidr) + if cidrSize <= min { + return 0 + } + + offset := cidrSize / step + if offset < min { + return min + } + if offset > max { + return max + } + return int(offset) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index d48af84e56..6a562993c1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -798,13 +798,14 @@ github.com/openshift/library-go/pkg/route/validation github.com/openshift/library-go/pkg/security/ldaputil github.com/openshift/library-go/pkg/security/uid github.com/openshift/library-go/pkg/serviceability -# github.com/openshift/route-controller-manager v0.0.0-20260526224403-1916ceb059f5 +# github.com/openshift/route-controller-manager v0.0.0-20260611182032-e454c01fbe56 ## explicit; go 1.25.0 github.com/openshift/route-controller-manager/pkg/cmd/controller github.com/openshift/route-controller-manager/pkg/cmd/route-controller-manager github.com/openshift/route-controller-manager/pkg/route/ingress github.com/openshift/route-controller-manager/pkg/route/ingressip github.com/openshift/route-controller-manager/pkg/routecontroller +github.com/openshift/route-controller-manager/pkg/utils/ipallocator github.com/openshift/route-controller-manager/pkg/version # github.com/ovn-kubernetes/libovsdb v0.8.2-0.20260302130604-c07ce22366ac ## explicit; go 1.24.0