NE-2523: Implement configurationManagement API by Miciah · Pull Request #1385 · openshift/cluster-ingress-operator

Miciah · 2026-03-13T15:37:02Z

Bump openshift/api for configurationManagement API

Bump to github.com/Miciah/api@6a8c07c9cf163d3b5e7964ffb5c7d70f6bdeff5e to get the spec.tuningOptions.configurationManagement API field to allow enabling or disabling the Dynamic Configuration Manager.

Implement configurationManagement API

Check the spec.tuningOptions.configurationManagement API field, and only enable the Dynamic Configuration Manager if the field is set to "Dynamic".

For now, the default behavior (when the field is omitted) is not to enable DCM. Once we are more confident that the feature is safe to enable, we will change the default behavior.

This PR depends on openshift/api#2757.

openshift-ci-robot · 2026-03-13T15:37:06Z

@Miciah: This pull request references NE-2523 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Bump openshift/api for configurationManagement API

Bump to github.com/Miciah/api@6a8c07c9cf163d3b5e7964ffb5c7d70f6bdeff5e to get the spec.tuningOptions.configurationManagement API field to allow enabling or disabling the Dynamic Configuration Manager.

Implement configurationManagement API

Check the spec.tuningOptions.configurationManagement API field, and only enable the Dynamic Configuration Manager if the field is set to "Dynamic".

For now, the default behavior (when the field is omitted) is not to enable DCM. Once we are more confident that the feature is safe to enable, we will change the default behavior.

This PR depends on openshift/api#2757.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-03-13T15:37:23Z

📝 Walkthrough

Walkthrough

Adds a replace in go.mod redirecting github.com/openshift/api to github.com/Miciah/api at a specific pseudo-version. Updates two CRD manifests to add release.openshift.io/feature-set annotations (OKD and Default) and expand the toleration operator documentation to allow Exists, Equal, Lt, and Gt (noting Lt/Gt require the TaintTolerationComparisonOperators feature gate). Changes router deployment logic to enable DCM only when Spec.TuningOptions.ConfigurationManagement is Dynamic (unless overridden by unsupportedConfigOverrides.DynamicConfigManager). Expands tests to cover omitted, ForkAndReload, and Dynamic configuration-management modes and related overrides.

🚥 Pre-merge checks | ✅ 8

✅ Passed checks (8 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and directly describes the main implementation focus of the PR: adding support for the configurationManagement API field.
Description check	✅ Passed	The description is directly related to the changeset, explaining both the API bump and the implementation of the configurationManagement API feature.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Stable And Deterministic Test Names	✅ Passed	The test file uses standard Go testing package with table-driven tests, not Ginkgo framework. No Ginkgo test macros are present, and all test names are static descriptive strings without dynamic values.
Test Structure And Quality	✅ Passed	The PR modifies standard Go testing code using testing.T, not Ginkgo tests. The codebase does not use Ginkgo framework, so the Ginkgo-specific check is outside the scope of this PR.
Microshift Test Compatibility	✅ Passed	PR modifies unit tests in deployment_test.go using Go's standard testing.T framework, not Ginkgo e2e tests. No Ginkgo patterns like It(), Describe(), Context(), or When() are present.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR modifies only standard Go unit tests, not Ginkgo e2e tests. Check targeting new Ginkgo e2e tests is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds only standard Go unit tests in testing package, not Ginkgo e2e tests; no IPv4 assumptions or external connectivity requirements detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pkg/operator/controller/ingress/deployment.go (1)

587-591: ⚠️ Potential issue | 🟠 Major

Unsupported override can still force-enable DCM outside Dynamic mode

Line 590 assigns enableDCM = v, so dynamicConfigManager: "true" can re-enable DCM even when spec.tuningOptions.configurationManagement is not Dynamic. That bypasses the new gate.

Proposed fix

 dynamicConfigOverride := unsupportedConfigOverrides.DynamicConfigManager
-if v, err := strconv.ParseBool(dynamicConfigOverride); err == nil {
-	// Config override can still be used to opt out from DCM.
-	enableDCM = v
+if v, err := strconv.ParseBool(dynamicConfigOverride); err == nil && !v {
+	// Config override can still be used to opt out from DCM.
+	enableDCM = false
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/operator/controller/ingress/deployment.go` around lines 587 - 591, The
code currently sets enableDCM = v from
unsupportedConfigOverrides.DynamicConfigManager, which lets a "true" override
enable DCM even when spec.tuningOptions.configurationManagement is not
"Dynamic"; change the logic so the parsed override only allows opting out: parse
unsupportedConfigOverrides.DynamicConfigManager (as done in
dynamicConfigOverride) and if parse succeeds and v == false then set enableDCM =
false, but do not set enableDCM = true when v == true; keep all other logic
intact (look for dynamicConfigOverride,
unsupportedConfigOverrides.DynamicConfigManager and enableDCM to update this
conditional).

manifests/00-custom-resource-definition-OKD.yaml (1)

2120-2398: ⚠️ Potential issue | 🔴 Critical

Regenerate this CRD with spec.tuningOptions.configurationManagement.

spec.tuningOptions still does not define configurationManagement anywhere in the schema. On a structural CRD, that means OKD will prune the new field from user objects, so spec.tuningOptions.configurationManagement: Dynamic never reaches the operator.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@manifests/00-custom-resource-definition-OKD.yaml` around lines 2120 - 2398,
The CRD schema for tuningOptions is missing the specification for
spec.tuningOptions.configurationManagement so OKD will prune that field; add a
new property named configurationManagement under the existing
tuningOptions.properties (next to clientTimeout, maxConnections, etc.) with the
proper type/enum (e.g., type: string and enum: ["Dynamic","Manual"] or the exact
allowed values your operator expects), include any necessary
validation/defaults, then regenerate the CRD so
spec.tuningOptions.configurationManagement is persisted and reaches the
operator.

🧹 Nitpick comments (2)

go.mod (1)
160-160: Add a follow-up comment next to the openshift/api fork replace to ensure removal once upstream support is available

The temporary fork replace at line 160 lacks any tracking comment. Add a // TODO: or similar note indicating that this replace should be removed once upstream API changes are merged, so it doesn't get accidentally left in production.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 160, Add a short tracking comment next to the replace
statement for the openshift API fork in go.mod (the line containing "replace
github.com/openshift/api => github.com/Miciah/api
v0.0.0-20260312135711-6a8c07c9cf16") — e.g., a "// TODO: remove replace when
upstream openshift/api includes required changes (track PR/issue #...)" — so the
temporary fork is clearly marked for removal once upstream support is available.
pkg/operator/controller/ingress/deployment_test.go (1)
1208-1228: Add the dynamicConfigManager:true + non-Dynamic cases to this matrix.

The new table exercises dynamicConfigManager:false, but not the inverse when configurationManagement is omitted or ForkAndReload. Those are the combinations that actually pin the new gating behavior and would catch regressions where the legacy override still enables DCM without Dynamic.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@pkg/operator/controller/ingress/deployment_test.go` around lines 1208 - 1228,
Add three mirror test cases to the existing table that use
unsupportedConfigOverrides
`{"dynamicConfigManager":"true","maxDynamicServers":"7"}` for the combinations
where configurationManagement is omitted and where it is ForkAndReload (i.e.,
duplicate the blocks named
"featuregate-enabled-configurationManagement-omitted-dcm-override" and
"featuregate-enabled-configurationManagement-ForkAndReload-dcm-override" but
with dynamicConfigManager set to true), setting dcmEnabled and expectedEnv to
the values that assert DCM is enabled (the opposite of notSet). Ensure you
update the entries that reference unsupportedConfigOverrides, dcmEnabled,
configurationManagement, and expectedEnv so the table exercises the inverse/true
path of the dynamicConfigManager flag.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@manifests/00-custom-resource-definition-OKD.yaml`:
- Around line 2010-2017: The CRD text wrongly states "TLS 1.3 cipher suites ...
are not configurable" which contradicts ingress behavior that renders and uses
ROUTER_CIPHERSUITES from a custom profile; update the prose under the "ciphers:"
example to accurately reflect behavior: explain that TLS 1.2 suites are
configurable, TLS 1.3 suites are negotiated differently but values provided in
the custom profile are rendered into ROUTER_CIPHERSUITES and will be respected
by the ingress controller where supported, or clearly state if TLS 1.3 suites
are ignored at runtime; adjust the sentence mentioning "not configurable" and
add a note referencing ROUTER_CIPHERSUITES and the custom profile to remove the
contradiction.

---

Outside diff comments:
In `@manifests/00-custom-resource-definition-OKD.yaml`:
- Around line 2120-2398: The CRD schema for tuningOptions is missing the
specification for spec.tuningOptions.configurationManagement so OKD will prune
that field; add a new property named configurationManagement under the existing
tuningOptions.properties (next to clientTimeout, maxConnections, etc.) with the
proper type/enum (e.g., type: string and enum: ["Dynamic","Manual"] or the exact
allowed values your operator expects), include any necessary
validation/defaults, then regenerate the CRD so
spec.tuningOptions.configurationManagement is persisted and reaches the
operator.

In `@pkg/operator/controller/ingress/deployment.go`:
- Around line 587-591: The code currently sets enableDCM = v from
unsupportedConfigOverrides.DynamicConfigManager, which lets a "true" override
enable DCM even when spec.tuningOptions.configurationManagement is not
"Dynamic"; change the logic so the parsed override only allows opting out: parse
unsupportedConfigOverrides.DynamicConfigManager (as done in
dynamicConfigOverride) and if parse succeeds and v == false then set enableDCM =
false, but do not set enableDCM = true when v == true; keep all other logic
intact (look for dynamicConfigOverride,
unsupportedConfigOverrides.DynamicConfigManager and enableDCM to update this
conditional).

---

Nitpick comments:
In `@go.mod`:
- Line 160: Add a short tracking comment next to the replace statement for the
openshift API fork in go.mod (the line containing "replace
github.com/openshift/api => github.com/Miciah/api
v0.0.0-20260312135711-6a8c07c9cf16") — e.g., a "// TODO: remove replace when
upstream openshift/api includes required changes (track PR/issue #...)" — so the
temporary fork is clearly marked for removal once upstream support is available.

In `@pkg/operator/controller/ingress/deployment_test.go`:
- Around line 1208-1228: Add three mirror test cases to the existing table that
use unsupportedConfigOverrides
`{"dynamicConfigManager":"true","maxDynamicServers":"7"}` for the combinations
where configurationManagement is omitted and where it is ForkAndReload (i.e.,
duplicate the blocks named
"featuregate-enabled-configurationManagement-omitted-dcm-override" and
"featuregate-enabled-configurationManagement-ForkAndReload-dcm-override" but
with dynamicConfigManager set to true), setting dcmEnabled and expectedEnv to
the values that assert DCM is enabled (the opposite of notSet). Ensure you
update the entries that reference unsupportedConfigOverrides, dcmEnabled,
configurationManagement, and expectedEnv so the table exercises the inverse/true
path of the dynamicConfigManager flag.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro

Run ID: cb9d4f60-f735-4342-a0c7-7455a5de6900

📥 Commits

Reviewing files that changed from the base of the PR and between 88b7301 and f625550.

⛔ Files ignored due to path filters (170)

go.sum is excluded by !**/*.sum
vendor/github.com/gogo/protobuf/AUTHORS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/clone.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/custom_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/deprecated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/discard.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/duration.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/duration_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/encode_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/equal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/extensions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/extensions_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/lib.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/lib_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/message_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_reflect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/properties.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/properties_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/skip_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/table_marshal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/table_merge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/table_unmarshal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/text.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/text_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/text_parser.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/timestamp.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/wrappers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/.golangci.go-validated.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/AGENTS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apiextensions/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apps/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_backup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/console/v1/types_console_sample.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/util.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/types_machine.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_console.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operatoringress/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operatoringress/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operatoringress/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (8)

go.mod
manifests/00-custom-resource-definition-CustomNoUpgrade.yaml
manifests/00-custom-resource-definition-DevPreviewNoUpgrade.yaml
manifests/00-custom-resource-definition-OKD.yaml
manifests/00-custom-resource-definition-TechPreviewNoUpgrade.yaml
manifests/00-custom-resource-definition.yaml
pkg/operator/controller/ingress/deployment.go
pkg/operator/controller/ingress/deployment_test.go

manifests/00-custom-resource-definition-OKD.yaml

gcs278 · 2026-03-18T15:07:14Z

/assign @candita
/assign @jcmoraisjr

jcmoraisjr · 2026-03-18T19:32:13Z

pkg/operator/controller/ingress/deployment_test.go

 				{"ROUTER_HAPROXY_CONFIG_MANAGER", true, "true"},
 				{"ROUTER_MAX_DYNAMIC_SERVERS", true, "100"},
 				{"ROUTER_BLUEPRINT_ROUTE_POOL_SIZE", true, "0"},
 			},


Same Rabbit comment but on another place: is it expected DCM being enabled even without feature gate allowing it?

Yes, unsupportedConfigOverride overrides the featuregate and API field.

jcmoraisjr · 2026-03-18T19:33:03Z

pkg/operator/controller/ingress/deployment_test.go

 				{"ROUTER_BLUEPRINT_ROUTE_POOL_SIZE", true, "0"},
 			},
 		},
 	}


Missed a test (trying to) adding configurationManagement and dcmEnabled as false.

I will add the test cases. However, the API field is featuregated, so it does not exist (and therefore cannot be set) if the featuregate is not enabled.

Done in https://github.com/openshift/cluster-ingress-operator/compare/048f2c85c55bd79de13c9595535727188c8812b0..d12af9099279bcdf071d559a8176335eb70bbfc2.

jcmoraisjr · 2026-03-18T19:36:49Z

pkg/operator/controller/ingress/deployment.go

 	if v, err := strconv.ParseBool(dynamicConfigOverride); err == nil {
 		// Config override can still be used to opt out from DCM.
 		enableDCM = v
 	}


Similar to Rabbit's comment, and related with another one I added in the tests. Although this is not part of the change, but shouldn't this override be under the feature gate, just like the API?

I believe we enabled this as an unsupported option before we had the supported feature gate option. So we will still honor the unsupported override values even if the feature gate is disabled.

As Candace said, the unsupported config override predates the featuregate. Besides that, unsupported config overrides generally do and should take precedence over any other configuration; that is implied by the word "override".

Bump to github.com/Miciah/api@6a8c07c9cf163d3b5e7964ffb5c7d70f6bdeff5e to get the spec.tuningOptions.configurationManagement API field to allow enabling or disabling the Dynamic Configuration Manager. go mod edit -replace github.com/openshift/api=github.com/Miciah/api@6a8c07c9cf163d3b5e7964ffb5c7d70f6bdeff5e go mod tidy go mod vendor make update * go.mod: Update. * go.sum: * manifests/00-custom-resource-definition.yaml: * vendor/*: Regenerate.

Miciah · 2026-03-24T20:38:07Z

Rebased in https://github.com/openshift/cluster-ingress-operator/compare/f625550d05bd312bd0464468acc63d810d3ab4f1..048f2c85c55bd79de13c9595535727188c8812b0.

Miciah · 2026-03-24T20:38:33Z

https://github.com/openshift/cluster-ingress-operator/compare/048f2c85c55bd79de13c9595535727188c8812b0..60a6a81103e460aad99324da313859deeb74d579 adds some test cases in TestDesiredRouterDeploymentDynamicConfigManager.

Miciah · 2026-03-24T20:39:42Z

...and https://github.com/openshift/cluster-ingress-operator/compare/60a6a81103e460aad99324da313859deeb74d579..43139b2c71b282878d605ce45172adab585d009e fixes the names of those new test cases (whoops!).

openshift-ci · 2026-03-24T20:40:04Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from candita. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (1)

pkg/operator/controller/ingress/deployment_test.go (1)

1209-1246: Add one featuregate-enabled + override=true precedence case.

You already assert override precedence in several paths; adding a dynamicConfigManager:"true" case when featuregate is enabled and configurationManagement is omitted (or ForkAndReload) would close the remaining high-value gap.

Suggested test-case addition

 		{
 			name:                       "featuregate-enabled-configurationManagement-ForkAndReload-dcm-override",
 			unsupportedConfigOverrides: `{"dynamicConfigManager":"false","maxDynamicServers":"7"}`,
 			dcmEnabled:                 true,
 			configurationManagement:    operatorv1.IngressControllerConfigurationManagementForkAndReload,
 			expectedEnv:                notSet,
 		},
+		{
+			name:                       "featuregate-enabled-configurationManagement-omitted-dcm-override-true",
+			unsupportedConfigOverrides: `{"dynamicConfigManager":"true","maxDynamicServers":"7"}`,
+			dcmEnabled:                 true,
+			/* configurationManagement omitted. */
+			expectedEnv: []envData{
+				{"ROUTER_HAPROXY_CONFIG_MANAGER", true, "true"},
+				{"ROUTER_MAX_DYNAMIC_SERVERS", true, "7"},
+				{"ROUTER_BLUEPRINT_ROUTE_POOL_SIZE", true, "0"},
+			},
+		},

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/operator/controller/ingress/deployment_test.go` around lines 1209 - 1246,
Add a test-case to the existing table that verifies override=true precedence
when the feature gate is enabled: insert a case similar to the other
dcmEnabled:true entries with unsupportedConfigOverrides set to
`{"dynamicConfigManager":"true"}`, dcmEnabled: true, leave
configurationManagement omitted (or add a separate case with
configurationManagement:
operatorv1.IngressControllerConfigurationManagementForkAndReload), and set
expectedEnv to the value that asserts the dynamicConfigManager override is
honored (i.e., the env var indicating DCM is enabled). Target the test table
entries using the fields unsupportedConfigOverrides, dcmEnabled,
configurationManagement, and expectedEnv so the new case follows the existing
"featuregate-enabled-..." group.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 235: Remove the ad-hoc replace directive that points
github.com/openshift/api to a personal fork/commit (the replace line referencing
github.com/Miciah/api v0.0.0-20260312135711-6a8c07c9cf16); either revert the
replace to use the official upstream module/version or, if the forked commit is
temporarily required, replace it with a documented justification and a link to
the upstream PR plus an explicit removal condition (and a TODO) so the
dependency is not shipped indefinitely.

---

Nitpick comments:
In `@pkg/operator/controller/ingress/deployment_test.go`:
- Around line 1209-1246: Add a test-case to the existing table that verifies
override=true precedence when the feature gate is enabled: insert a case similar
to the other dcmEnabled:true entries with unsupportedConfigOverrides set to
`{"dynamicConfigManager":"true"}`, dcmEnabled: true, leave
configurationManagement omitted (or add a separate case with
configurationManagement:
operatorv1.IngressControllerConfigurationManagementForkAndReload), and set
expectedEnv to the value that asserts the dynamicConfigManager override is
honored (i.e., the env var indicating DCM is enabled). Target the test table
entries using the fields unsupportedConfigOverrides, dcmEnabled,
configurationManagement, and expectedEnv so the new case follows the existing
"featuregate-enabled-..." group.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 23b4b050-64b3-43c9-ba22-90956429be68

📥 Commits

Reviewing files that changed from the base of the PR and between f625550 and 43139b2.

⛔ Files ignored due to path filters (1)

go.sum is excluded by !**/*.sum

📒 Files selected for processing (8)

go.mod
manifests/00-custom-resource-definition-CustomNoUpgrade.yaml
manifests/00-custom-resource-definition-DevPreviewNoUpgrade.yaml
manifests/00-custom-resource-definition-OKD.yaml
manifests/00-custom-resource-definition-TechPreviewNoUpgrade.yaml
manifests/00-custom-resource-definition.yaml
pkg/operator/controller/ingress/deployment.go
pkg/operator/controller/ingress/deployment_test.go

🚧 Files skipped from review as they are similar to previous changes (2)

manifests/00-custom-resource-definition-OKD.yaml
manifests/00-custom-resource-definition.yaml

coderabbitai · 2026-03-24T20:44:19Z

go.mod

 // Remove this when sail-operator switches to an OSSM release branch.
 replace sigs.k8s.io/gateway-api => sigs.k8s.io/gateway-api v1.4.1
+
+replace github.com/openshift/api => github.com/Miciah/api v0.0.0-20260312135711-6a8c07c9cf16


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail # 1) Confirm the replace directive currently points to a personal fork. rg -n '^\s*replace\s+github\.com/openshift/api\s*=>\s*github\.com/Miciah/api\s+v[0-9].*' go.mod # 2) Extract the commit suffix from the pseudo-version. COMMIT="$(rg -n '^\s*replace\s+github\.com/openshift/api\s*=>\s*github\.com/Miciah/api\s+v0\.0\.0-[0-9]+-([0-9a-f]{12})\s*$' -or '$1' go.mod)" echo "commit suffix in go.mod: ${COMMIT}" # 3) Verify whether this commit is reachable in upstream openshift/api. # Expected: ideally found upstream before release; empty result means still fork-only. git ls-remote https://github.com/openshift/api "${COMMIT}*"

Repository: openshift/cluster-ingress-operator

Length of output: 216

Avoid shipping a replace directive that depends on a personal fork for github.com/openshift/api.

The commit 6a8c07c9cf16 in this replace does not exist in the upstream github.com/openshift/api repository, creating a supply-chain risk and potential for silent drift. This directive must be reverted before release or explicitly tied to a documented upstream PR with a clear removal condition.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@go.mod` at line 235, Remove the ad-hoc replace directive that points github.com/openshift/api to a personal fork/commit (the replace line referencing github.com/Miciah/api v0.0.0-20260312135711-6a8c07c9cf16); either revert the replace to use the official upstream module/version or, if the forked commit is temporarily required, replace it with a documented justification and a link to the upstream PR plus an explicit removal condition (and a TODO) so the dependency is not shipped indefinitely.

Miciah · 2026-03-24T20:52:05Z

Before the rebase, ingress-operator was logging ERROR operator.init.controller-runtime.source.Kind wait/loop.go:87 if kind is a CRD, it should be installed before calling Start {"kind": "DNSRecord.ingress.operator.openshift.io", "error": "failed to get restmapping: no matches for kind \"DNSRecord\" in version \"ingress.operator.openshift.io/v1\""} and eventually terminating before completing its initialization. I notice that 5499634 added release.openshift.io/feature-set: Default to manifests/00-custom-resource-definition-internal.yaml, so I am hoping that rebasing resolves the DNSRecord CRD issue.

Check the spec.tuningOptions.configurationManagement API field, and only enable the Dynamic Configuration Manager if the field is set to "Dynamic". For now, the default behavior (when the field is omitted) is not to enable DCM. Once we are more confident that the feature is safe to enable, we will change the default behavior. This commit implements NE-2523. https://issues.redhat.com/browse/NE-2523 * pkg/operator/controller/ingress/deployment.go (desiredRouterDeployment): Check spec.tuningOptions.configurationManagement to enable DCM. * pkg/operator/controller/ingress/deployment.go (desiredRouterDeployment): Check that spec.tuningOptions.configurationManagement is set to "Dynamic" before enabling the Dynamic Configuration Manager. * pkg/operator/controller/ingress/deployment_test.go (TestDesiredRouterDeploymentDynamicConfigManager): Add the value for spec.tuningOptions.configurationManagement to the test input, and add test cases various different settings for configurationManagement.

Miciah · 2026-03-24T20:52:44Z

https://github.com/openshift/cluster-ingress-operator/compare/43139b2c71b282878d605ce45172adab585d009e..d12af9099279bcdf071d559a8176335eb70bbfc2 fixes a formatting issue that cause the verify job to fail..

coderabbitai

🧹 Nitpick comments (1)

pkg/operator/controller/ingress/deployment_test.go (1)

1165-1207: Add one happy-path maxDynamicServers case for ConfigurationManagement=Dynamic.

The matrix covers default, clamped, and invalid values, but not a valid positive override. A regression that ignores maxDynamicServers on the new API-driven Dynamic path and always falls back to "1" would still pass here.

Suggested test case

 		{
 			name:                       "featuregate-enabled-configurationManagement-ForkAndReload-max-servers",
 			unsupportedConfigOverrides: `{"maxDynamicServers":"7"}`,
 			configurationManagement:    operatorv1.IngressControllerConfigurationManagementForkAndReload,
 			dcmEnabled:                 true,
 			expectedEnv:                notSet,
 		},
+		{
+			name:                       "featuregate-enabled-configurationManagement-Dynamic-max-servers",
+			unsupportedConfigOverrides: `{"maxDynamicServers":"7"}`,
+			dcmEnabled:                 true,
+			configurationManagement:    operatorv1.IngressControllerConfigurationManagementDynamic,
+			expectedEnv: []envData{
+				{"ROUTER_HAPROXY_CONFIG_MANAGER", true, "true"},
+				{"ROUTER_MAX_DYNAMIC_SERVERS", true, "7"},
+				{"ROUTER_BLUEPRINT_ROUTE_POOL_SIZE", true, "0"},
+			},
+		},
 		{
 			name:                       "featuregate-enabled-configurationManagement-Dynamic-max-servers-lower-limit",
 			unsupportedConfigOverrides: `{"maxDynamicServers":"0"}`,
 			dcmEnabled:                 true,
 			configurationManagement:    operatorv1.IngressControllerConfigurationManagementDynamic,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/operator/controller/ingress/deployment_test.go` around lines 1165 - 1207,
Add a happy-path test case to the table in deployment_test.go that verifies a
positive maxDynamicServers override is honored for ConfigurationManagement =
Dynamic: add an entry (e.g. name
"featuregate-enabled-configurationManagement-Dynamic-max-servers-valid-value")
with unsupportedConfigOverrides `{"maxDynamicServers":"5"}`, dcmEnabled: true,
configurationManagement:
operatorv1.IngressControllerConfigurationManagementDynamic, and expectedEnv set
using envData to include {"ROUTER_HAPROXY_CONFIG_MANAGER", true, "true"},
{"ROUTER_MAX_DYNAMIC_SERVERS", true, "5"} (and keep
{"ROUTER_BLUEPRINT_ROUTE_POOL_SIZE", true, "0"} if consistent with other Dynamic
expectations) so the test will fail if the code ignores the provided
maxDynamicServers override.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pkg/operator/controller/ingress/deployment_test.go`:
- Around line 1165-1207: Add a happy-path test case to the table in
deployment_test.go that verifies a positive maxDynamicServers override is
honored for ConfigurationManagement = Dynamic: add an entry (e.g. name
"featuregate-enabled-configurationManagement-Dynamic-max-servers-valid-value")
with unsupportedConfigOverrides `{"maxDynamicServers":"5"}`, dcmEnabled: true,
configurationManagement:
operatorv1.IngressControllerConfigurationManagementDynamic, and expectedEnv set
using envData to include {"ROUTER_HAPROXY_CONFIG_MANAGER", true, "true"},
{"ROUTER_MAX_DYNAMIC_SERVERS", true, "5"} (and keep
{"ROUTER_BLUEPRINT_ROUTE_POOL_SIZE", true, "0"} if consistent with other Dynamic
expectations) so the test will fail if the code ignores the provided
maxDynamicServers override.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 9e1994e6-8485-4c4d-b746-2afac2e13b3a

📥 Commits

Reviewing files that changed from the base of the PR and between 43139b2 and d12af90.

📒 Files selected for processing (2)

pkg/operator/controller/ingress/deployment.go
pkg/operator/controller/ingress/deployment_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

pkg/operator/controller/ingress/deployment.go

openshift-ci · 2026-03-25T00:05:46Z

@Miciah: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-hypershift	`d12af90`	link	true	`/test e2e-hypershift`
ci/prow/e2e-gcp-operator	`d12af90`	link	true	`/test e2e-gcp-operator`
ci/prow/e2e-aws-ovn-hypershift-conformance	`d12af90`	link	true	`/test e2e-aws-ovn-hypershift-conformance`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

lihongan · 2026-03-25T01:43:10Z

cc @ShudiLi

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Mar 13, 2026

openshift-ci bot requested review from alebedev87 and knobunc March 13, 2026 15:37

coderabbitai bot reviewed Mar 13, 2026

View reviewed changes

manifests/00-custom-resource-definition-OKD.yaml Show resolved Hide resolved

openshift-ci bot assigned candita and jcmoraisjr Mar 18, 2026

jcmoraisjr reviewed Mar 18, 2026

View reviewed changes

openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 19, 2026

Miciah force-pushed the NE-2523-implement-configurationManagement-API branch from f625550 to 048f2c8 Compare March 24, 2026 20:38

Miciah force-pushed the NE-2523-implement-configurationManagement-API branch from 048f2c8 to 60a6a81 Compare March 24, 2026 20:38

openshift-ci bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 24, 2026

Miciah force-pushed the NE-2523-implement-configurationManagement-API branch from 60a6a81 to 43139b2 Compare March 24, 2026 20:39

coderabbitai bot reviewed Mar 24, 2026

View reviewed changes

Miciah force-pushed the NE-2523-implement-configurationManagement-API branch from 43139b2 to d12af90 Compare March 24, 2026 20:52

coderabbitai bot reviewed Mar 24, 2026

View reviewed changes

Conversation

Miciah commented Mar 13, 2026

Bump openshift/api for configurationManagement API

Implement configurationManagement API

Uh oh!

openshift-ci-robot commented Mar 13, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Bump openshift/api for configurationManagement API

Implement configurationManagement API

Uh oh!

coderabbitai bot commented Mar 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

gcs278 commented Mar 18, 2026

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Miciah Mar 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Miciah commented Mar 24, 2026

Uh oh!

Miciah commented Mar 24, 2026

Uh oh!

Miciah commented Mar 24, 2026

Uh oh!

openshift-ci bot commented Mar 24, 2026

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 24, 2026

Choose a reason for hiding this comment

Uh oh!

Miciah commented Mar 24, 2026

Uh oh!

Miciah commented Mar 24, 2026

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-ci bot commented Mar 25, 2026

Uh oh!

lihongan commented Mar 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

openshift-ci-robot commented Mar 13, 2026 •

edited by openshift-ci bot

Loading

coderabbitai bot commented Mar 13, 2026 •

edited

Loading

Miciah Mar 24, 2026 •

edited

Loading