openshift
OCPBUGS-67232: Move DynamicConfigurationManager back to TPNU
Revert "OCPBUGS-62987: Move DynamicConfigurationManager back to DevPreview"
This reverts #2552.
Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.
For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.
This repository is configured in: LGTM mode
Hello @Miciah! Some important instructions when contributing to openshift/api: API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
@Miciah: This pull request references Jira Issue OCPBUGS-67232, which is valid. The bug has been moved to the POST state.
3 validation(s) were run on this bug
- bug is open, matching expected state (open)
- bug target version (4.21.0) matches configured target version for branch (4.21.0)
- bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
Requesting review from QA contact: /cc @lihongan
The bug has been updated to refer to the pull request using the external bug tracker.
In response to this:
Revert "OCPBUGS-62987: Move DynamicConfigurationManager back to DevPreview"
This reverts #2552.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
๐ Walkthrough
Walkthrough
IngressControllerDynamicConfigurationManager is enabled for TechPreviewNoUpgrade in addition to DevPreviewNoUpgrade. The feature declaration, the features list doc, and two TechPreviewNoUpgrade FeatureGate manifests were updated to reflect this change.
Changes
| Cohort / File(s) | Summary |
|---|---|
Feature docfeatures.md |
Reordered row: IngressControllerDynamicConfigurationManager reintroduced to show Enabled for TechPreviewNoUpgrade (Hypershift and SelfManagedHA); DevPreviewNoUpgrade remains Enabled. |
Feature declaration (Go)features/features.go |
FeatureGateIngressControllerDynamicConfigurationManager: enhancementPR set to "https://github.com/openshift/enhancements/pull/1687" and enableIn expanded to include configv1.TechPreviewNoUpgrade alongside configv1.DevPreviewNoUpgrade. |
TechPreviewNoUpgrade FeatureGate manifestspayload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml, payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml |
IngressControllerDynamicConfigurationManager moved from status.disabled to status.enabled. |
Estimated code review effort
๐ฏ 2 (Simple) | โฑ๏ธ ~10 minutes
๐ฅ Pre-merge checks | โ 3
โ Passed checks (3 passed)
| Check name | Status | Explanation |
|---|---|---|
| Title check | โ Passed | The title accurately reflects the main change: moving IngressControllerDynamicConfigurationManager back to TechPreviewNoUpgrade (TPNU), which is the primary objective of reverting the previous PR. |
| Description check | โ Passed | The description clearly explains that this PR reverts an earlier change (#2552) that had moved DynamicConfigurationManager to DevPreview, which aligns with the changeset. |
| Docstring Coverage | โ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check. |
โ๏ธ Tip: You can configure your own custom pre-merge checks in the settings.
โจ Finishing touches
- [ ] ๐ Generate docstrings
๐งช Generate unit tests (beta)
- [ ] Create PR with unit tests
- [ ] Post copyable unit tests in a comment
[!WARNING] There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.
๐ง golangci-lint (2.5.0)
Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
Comment @coderabbitai help to get the list of available commands and usage tips.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}
Cc'ing author and reviewers from the reverted PR: /cc @candita /cc @alebedev87 /cc @JoelSpeed
Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change
BTW, this has no EP linked, is there any EP?
Yes: https://github.com/openshift/enhancements/blob/master/enhancements/ingress/dynamic-config-manager.md
Should I update the PR with a reference?
Well, features/features.go links to PRs; https://github.com/openshift/enhancements/pull/1687 is the PR for the EP.
Can you update l633 to remove the legacy feature gate thing and add the actual Ep link in?
ci/prow/verify failed:
panic: FeatureGate/IngressControllerDynamicConfigurationManager enhancementPR format is incorrect; must be like https://github.com/openshift/enhancements/pull/#### or https://github.com/kubernetes/enhancements/issues/####
https://github.com/openshift/api/compare/053d7dc9eb425a835f21f151558ea7f2eb26b064..845ec5ef5e49ef176ee0567fa3d6c5f3d35ecb38 updates the link to point to the PR instead.
Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change
https://github.com/openshift/api/compare/845ec5ef5e49ef176ee0567fa3d6c5f3d35ecb38..67eebfa88243d2390b5873c33d68e44eec5c2b2c rebases to resolve a conflict from #2451.
Tested it with 4.21.0-0-2025-12-24-011621-test-ci-ln-ftxy4xk-latest
1.
% oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.21.0-0-2025-12-24-011621-test-ci-ln-ftxy4xk-latest True False 64m Cluster version is 4.21.0-0-2025-12-24-011621-test-ci-ln-ftxy4xk-latest
2.
% oc get featuregates cluster -oyaml | yq ".status.featureGates[0].disabled" | grep IngressControllerDynamicConfigurationManager
- name: IngressControllerDynamicConfigurationManager
3. enable the featuregate
% oc patch featuregates cluster -p '{"spec": {"featureSet": "TechPreviewNoUpgrade"}}' --type=merge
featuregate.config.openshift.io/cluster patched
4.
% oc get featuregates cluster -oyaml | yq ".status.featureGates[0].enabled" | grep IngressControllerDynamicConfigurationManager
- name: IngressControllerDynamicConfigurationManager
% oc -n openshift-ingress get deployment router-default -oyaml | grep -i -A1 -E "ROUTER_MAX_DYNAMIC_SERVERS|ROUTER_BLUEPRINT_ROUTE_POOL_SIZE"
- name: ROUTER_BLUEPRINT_ROUTE_POOL_SIZE
value: "0"
--
- name: ROUTER_MAX_DYNAMIC_SERVERS
value: "1"
5.
% oc get route
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
unsec-apach unsec-apach-default.apps.ci-ln-ftxy4xk-72292.gcp-2.ci.openshift.org unsec-apach unsec-apach None
% curl http://unsec-apach-default.apps.ci-ln-ftxy4xk-72292.gcp-2.ci.openshift.org
It is a test!
6.
sh-5.1$ cat haproxy.config | grep -A26 "backend be_http:default:unsec-apach"
backend be_http:default:unsec-apach
mode http
option redispatch
option forwardfor
balance random
timeout check 5000ms
http-request add-header X-Forwarded-Host %[req.hdr(host)]
http-request add-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto http if !{ ssl_fc }
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 }
http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
cookie b94bb237dc742029fe83e6d395082b86 insert indirect nocache httponly dynamic
server pod:appach-server-66b4878747-7cwl4:unsec-apach:unsec-apach:10.128.2.9:8080 10.128.2.9:8080 cookie 599df0d39ab4f2d33ebf5ff4f27652c6 weight 1 check inter 5000ms
server pod:appach-server-66b4878747-xl5xn:unsec-apach:unsec-apach:10.128.2.10:8080 10.128.2.10:8080 cookie 8f24621644852474567e9d01c31849af weight 1 check inter 5000ms
server pod:appach-server-66b4878747-pfswt:unsec-apach:unsec-apach:10.128.2.11:8080 10.128.2.11:8080 cookie 142a0857b6ac5260aac892cda144bfda weight 1 check inter 5000ms
server pod:appach-server-66b4878747-xsfbh:unsec-apach:unsec-apach:10.128.2.12:8080 10.128.2.12:8080 cookie 9e385c2f34ba5bcb2ad11512e4413623 weight 1 check inter 5000ms
server pod:appach-server-66b4878747-hjcnj:unsec-apach:unsec-apach:10.129.2.23:8080 10.129.2.23:8080 cookie 4795f79aa20da8f28cc164af2a702ff6 weight 1 check inter 5000ms
server pod:appach-server-66b4878747-vzczb:unsec-apach:unsec-apach:10.129.2.24:8080 10.129.2.24:8080 cookie b9802b4c1977bdb382366a732be1fc65 weight 1 check inter 5000ms
server pod:appach-server-66b4878747-vpvbr:unsec-apach:unsec-apach:10.129.2.25:8080 10.129.2.25:8080 cookie 33459e7024d45ce2c82d01ad68467cb2 weight 1 check inter 5000ms
server pod:appach-server-66b4878747-57r4p:unsec-apach:unsec-apach:10.131.0.23:8080 10.131.0.23:8080 cookie fbfbf053ce7dde8d30c340926631e5f8 weight 1 check inter 5000ms
server pod:appach-server-66b4878747-5jzw5:unsec-apach:unsec-apach:10.131.0.24:8080 10.131.0.24:8080 cookie 663c2f65d8deb8c910546bf9db9ccbe4 weight 1 check inter 5000ms
server pod:appach-server-66b4878747-8rq66:unsec-apach:unsec-apach:10.131.0.25:8080 10.131.0.25:8080 cookie b5c2648c7a09d408e05aff2f210c5b86 weight 1 check inter 5000ms
dynamic-cookie-key b94bb237dc742029fe83e6d395082b86
server-template _dynamic-pod- 1-1 172.4.0.4:8765 check disabled
@Miciah: This pull request references Jira Issue OCPBUGS-67232, which is valid.
3 validation(s) were run on this bug
- bug is open, matching expected state (open)
- bug target version (4.22.0) matches configured target version for branch (4.22.0)
- bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
Requesting review from QA contact: /cc @ShudiLi
In response to this:
Revert "OCPBUGS-62987: Move DynamicConfigurationManager back to DevPreview"
This reverts #2552.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@ShudiLi: This PR has been marked as verified by @ShudiLi.
In response to this:
/label qe-approved /verified by @ShudiLi
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@JoelSpeed: Overrode contexts on behalf of JoelSpeed: ci/prow/okd-scos-images
In response to this:
/override ci/prow/okd-scos-images
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change
e2e-aws-ovn-techpreview failed because [sig-network] Services should have session affinity timeout work for NodePort service [LinuxOnly] failed:
{ fail [k8s.io/kubernetes/test/e2e/network/service.go:2273]: Interrupted by User}
Enabling the DCM featuregate should not affect services. Let's see whether the job fails again.
/test e2e-aws-ovn-techpreview
e2e-aws-serial-techpreview-1of2 failed because [Monitor:metrics-api-availability][sig-instrumentation] disruption/metrics-api connection/new should be available throughout the test and [Monitor:metrics-api-availability][sig-instrumentation] disruption/metrics-api connection/reused should be available throughout the test failed. Enabling the DCM featuregate should not affect access to the API server. Let's see whether the job fails again.
/test e2e-aws-serial-techpreview-1of2
Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.
Pipeline controller notification
The pipeline-auto label has been added to this PR. Second-stage tests will be triggered automatically when all first-stage tests pass.
Verify appears to have some issues here, looks like we need content regenerated @Miciah , ./hack/update-payload-featuregates.sh I think