Skip to content

CCO-834: Upgrade to Kubernetes 1.36#1066

Open
ericahinkleRH wants to merge 4 commits into
openshift:masterfrom
ericahinkleRH:CCO-834
Open

CCO-834: Upgrade to Kubernetes 1.36#1066
ericahinkleRH wants to merge 4 commits into
openshift:masterfrom
ericahinkleRH:CCO-834

Conversation

@ericahinkleRH

@ericahinkleRH ericahinkleRH commented Jul 10, 2026

Copy link
Copy Markdown

Summary

  • Upgrade Kubernetes dependencies from v0.35.2 to v0.36.0
  • Upgrade controller-runtime from v0.23.3 to v0.24.0 (required pairing for Kubernetes 1.36)
  • Bump github.com/openshift/api to a version compatible with APIs removed in Kubernetes 1.36
  • Regenerate codegen (hack/update-codegen.sh); remove empty zz_generated.defaults.go (no longer emitted by k8s 1.36 code-generator)

Dependency changes

Module Before After
k8s.io/* v0.35.2 v0.36.0
sigs.k8s.io/controller-runtime v0.23.3 v0.24.0
github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb v0.0.0-20260709102940-580f1c1ba691

No application logic changes.

Test plan

  • make build
  • make test
  • make vet
  • verify-vendored-crds
  • hack/verify-codegen.sh
  • CI make verify
  • CI e2e (if run on branch)

Update Kubernetes dependencies to v0.36.0 and controller-runtime to
v0.24.0. Bump openshift/api for compatibility with APIs removed in
Kubernetes 1.36. Regenerate codegen and apply a temporary library-go
vendor patch for HasSyncedChecker until openshift/library-go#2171 merges.

Assisted-by: Claude
@openshift-ci-robot

openshift-ci-robot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

@ericahinkleRH: This pull request references CCO-834 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

  • Upgrade Kubernetes dependencies from v0.35.2 to v0.36.0
  • Upgrade controller-runtime from v0.23.3 to v0.24.0 (required pairing for Kubernetes 1.36)
  • Bump github.com/openshift/api to a version compatible with APIs removed in Kubernetes 1.36
  • Regenerate codegen (hack/update-codegen.sh); remove empty zz_generated.defaults.go (no longer emitted by k8s 1.36 code-generator)
  • Apply temporary vendor patch to library-go test helpers for HasSyncedChecker() until openshift/library-go#2171 merges

Dependency changes

Module Before After
k8s.io/* v0.35.2 v0.36.0
sigs.k8s.io/controller-runtime v0.23.3 v0.24.0
github.com/openshift/api v0.0.0-20260317165824-54a3998d81eb v0.0.0-20260709102940-580f1c1ba691

No application logic changes.

library-go vendor patch

Kubernetes 1.36 added HasSyncedChecker() to the SharedIndexInformer interface. Upstream library-go does not implement this yet (#2171). The vendor patch in vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go matches the upstream proposed fix and only affects test helper fakes. It can be removed on the next library-go bump after #2171 merges.

Test plan

  • make build
  • make test
  • make vet
  • verify-vendored-crds
  • hack/verify-codegen.sh
  • CI make verify
  • CI e2e (if run on branch)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 10, 2026
@openshift-ci openshift-ci Bot requested review from dlom and jstuever July 10, 2026 17:59
@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown

Walkthrough

The pull request refreshes Go dependencies, removes generated no-op defaulting code, and updates fake shared informers to expose synchronization through a closed channel and Done() checker.

Changes

Dependency and informer updates

Layer / File(s) Summary
Go module dependency refresh
go.mod
OpenShift API, Kubernetes, controller-runtime, backoff, observability, protobuf, Go, and related indirect dependencies are updated.
Fake informer synchronization
deps.diff
Fake informers now use a closed synchronization channel, implement state-aware HasSynced and Done(), and are returned by both fake operator clients.
Generated default removal
pkg/apis/cloudcredential/v1/zz_generated.defaults.go
The no-op generated RegisterDefaults function is removed.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Suggested reviewers: dlom, jstuever

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PASS: The only modified test-related file is test_helpers.go, which has no Ginkgo titles; the only _test.go change is a deletion.
Test Structure And Quality ✅ Passed No Ginkgo specs changed; the only touched file is a vendor test helper, with no It/BeforeEach/Eventually assertions to review.
Microshift Test Compatibility ✅ Passed PR only adds deps.diff vendor-patch changes; no new Ginkgo e2e tests or MicroShift-unsupported APIs were introduced.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the only changed file is a vendor test-helper patch, which doesn’t add cluster-topology assumptions.
Topology-Aware Scheduling Compatibility ✅ Passed PASS: The only code change is a vendor test-helper informer patch; no manifests, controllers, or scheduling constraints were added.
Ote Binary Stdout Contract ✅ Passed Only a vendor test helper changed; no main/init/TestMain/setup stdout writes or stdout logging were added.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only deps.diff changed a unit-test helper; no new Ginkgo e2e tests or IPv4/external-network assumptions were added.
No-Weak-Crypto ✅ Passed No new weak-crypto code or secret comparisons were added; 3DES/MD5 mentions in vendored docs were preexisting in the base version.
Container-Privileges ✅ Passed PASS: The PR diff only updates deps/vendor test helpers; full-diff scans found no privileged, host namespace, allowPrivilegeEscalation, or SYS_ADMIN settings.
No-Sensitive-Data-In-Logs ✅ Passed The only diff updates a fake informer test helper and adds no logging or data prints; no sensitive data exposure is present.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: upgrading the project to Kubernetes 1.36.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 47.30%. Comparing base (87085f7) to head (b1cdd7c).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1066      +/-   ##
==========================================
+ Coverage   47.03%   47.30%   +0.26%     
==========================================
  Files          97       97              
  Lines       12583    12614      +31     
==========================================
+ Hits         5919     5967      +48     
+ Misses       6008     5987      -21     
- Partials      656      660       +4     

see 5 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ericahinkleRH ericahinkleRH marked this pull request as draft July 10, 2026 18:12
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 10, 2026
Track the temporary vendor patch for HasSyncedChecker() in deps.diff
as required by the verify-deps check.
@dlom

dlom commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

/approve

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 13, 2026
@ericahinkleRH ericahinkleRH marked this pull request as ready for review July 13, 2026 17:08
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 13, 2026
@ericahinkleRH

Copy link
Copy Markdown
Author

/retest-required

@ericahinkleRH

Copy link
Copy Markdown
Author

/lgtm

@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

@ericahinkleRH: you cannot LGTM your own PR.

Details

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ericahinkleRH

Copy link
Copy Markdown
Author

The verify-deps test is still failing even with deps.diff added. The error shows the vendor patch isn't being recognized correctly. Any suggestions on how to fix the deps.diff format?

@nader-ziada

Copy link
Copy Markdown

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 13, 2026
@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dlom, ericahinkleRH, nader-ziada

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dlom

dlom commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

I think we can get rid of deps.diff entirely and go with the clean version of the library-go test helpers in the vendor folder

Per review feedback from dlom, the library-go vendor patch is not needed.
Using the clean version from go mod vendor instead.
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 13, 2026
@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

New changes are detected. LGTM label has been removed.

@ericahinkleRH

Copy link
Copy Markdown
Author

Thanks @dlom! Removed the deps.diff and vendor patch. Using the clean version from go mod vendor now.

@dlom

dlom commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

/override ci/prow/security

@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

@dlom: Overrode contexts on behalf of dlom: ci/prow/security

Details

In response to this:

/override ci/prow/security

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ericahinkleRH

Copy link
Copy Markdown
Author

@dlom The verify-deps test is still failing after removing deps.diff. It's showing differences in the library-go test_helpers.go file, but running go mod vendor locally produces the same file that's already there. The library-go version in go.mod (v0.0.0-20260318142011-72bf34f474bc) already includes HasSyncedChecker(). Should I override this test as well, or is there something else I'm missing?

@dlom

dlom commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

please rerun go mod vendor as well

@dlom

dlom commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

/override ci/prow/security

@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

@dlom: Overrode contexts on behalf of dlom: ci/prow/security

Details

In response to this:

/override ci/prow/security

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@dlom

dlom commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

I see... let's wait for openshift/library-go#2171 to merge first before moving forwards with this PR

@dlom

dlom commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

top level PR we're waiting on is openshift/api#2813

@openshift-ci

openshift-ci Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

@ericahinkleRH: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/images efe6a77 link true /test images
ci/prow/e2e-upgrade efe6a77 link true /test e2e-upgrade
ci/prow/okd-scos-images efe6a77 link true /test okd-scos-images
ci/prow/coverage efe6a77 link true /test coverage
ci/prow/verify efe6a77 link true /test verify
ci/prow/e2e-aws-cco-parallel efe6a77 link false /test e2e-aws-cco-parallel
ci/prow/e2e-aws-ovn efe6a77 link true /test e2e-aws-ovn
ci/prow/unit efe6a77 link true /test unit
ci/prow/e2e-hypershift efe6a77 link true /test e2e-hypershift

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ericahinkleRH

Copy link
Copy Markdown
Author

sounds good!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants