OTA-1836: Honor the centralized TLS configuration by DavidHurta · Pull Request #1338 · openshift/cluster-version-operator

DavidHurta · 2026-03-07T22:46:00Z

Honor the centralized TLS configuration.

A follow-up PR openshift/hypershift#8013 after this one merges.

openshift-ci · 2026-03-07T22:46:04Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

DavidHurta · 2026-03-07T22:46:10Z

/test ?

coderabbitai · 2026-03-07T22:46:18Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 82330fae-d9c4-419a-80d3-2a8205b63bc5

📥 Commits

Reviewing files that changed from the base of the PR and between f9d748d and 203183d.

⛔ Files ignored due to path filters (290)

go.sum is excluded by !**/*.sum
vendor/github.com/evanphx/json-patch/v5/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/errors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/decode.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fold.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fuzz.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/indent.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/scanner.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tables.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tags.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/merge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/patch.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/AUTHORS is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/CONTRIBUTORS is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/Makefile is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/clone.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/custom_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/decode.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/deprecated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/discard.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/duration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/duration_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/encode.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/encode_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/equal.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/extensions.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/extensions_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/lib.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/lib_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/message_set.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_reflect.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/properties.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/properties_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/skip_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/table_marshal.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/table_merge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/table_unmarshal.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/text.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/text_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/text_parser.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/timestamp.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/wrappers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/README.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/btree.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/merge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/profile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/proto.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/prune.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/format/format.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/assertion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/async_assertion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/duration_bundle.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/gomega.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/polling_signal_error.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/vetoptdesc.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/and.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/assignable_to_type_of_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_directory.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_regular_file.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_an_existing_file.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_closed_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_element_of_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_empty_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_equivalent_to_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_false_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_identical_to.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_key_of_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_nil_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_numerically_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_sent_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_temporally_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_true_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_zero_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/consist_of.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/contain_element_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/contain_elements_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/contain_substring_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/equal_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_cap_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_each_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_exact_elements.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_existing_field_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_field.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_header_with_value_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_len_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_prefix_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_suffix_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_value.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_json_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_regexp_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_xml_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/not.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/or.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/panic_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/receive_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/satisfy_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/semi_structured_data_support.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/succeed_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraph.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/node/node.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/type_support.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/with_transform.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/types/types.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_ingresses.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_openshift-controller-manager_01_builds.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_backup.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/features/features.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/features/util.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversionoperators-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversionoperators-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversionoperators.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_10_etcd_01_etcdbackups-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_10_etcd_01_etcdbackups-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_10_etcd_01_etcdbackups.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (5)

cmd/cluster-version-operator/start.go
go.mod
pkg/cvo/cvo.go
pkg/cvo/metrics.go
pkg/start/start.go

🚧 Files skipped from review as they are similar to previous changes (1)

pkg/start/start.go

Walkthrough

Adds APIServer informer/lister plumbing to the CVO, implements central APIServer TLS profile retrieval/caching and flag-based TLS overrides for the metrics server, updates manifest.Include call arity (adds trailing parameter) and updates call sites/tests, and bumps numerous Go module dependencies in go.mod.

Changes

Cohort / File(s)	Summary
Dependency updates `go.mod`	Bumped Go toolchain and many direct/indirect modules (k8s.io/* v0.35.1, OpenShift modules, Prometheus, cobra, otel, golang.org/x/*, etc.); added/removed several indirect requirements and controller-runtime-common.
APIServerLister plumbing `pkg/cvo/cvo.go`, `pkg/start/start.go`, `cmd/cluster-version-operator/start.go`	Added `apiServerLister` field and `APIServerLister()` on Operator; `New(...)` now accepts an APIServerInformer; startup wiring updated to pass APIServers informer/lister into CVO and RunMetrics.
Metrics TLS profile & TLS option handling `pkg/cvo/metrics.go`	Introduced central TLS profile applier caching (by APIServer.Generation), helpers to fetch/fallback, added `TLSMinVersionOverride` and `TLSCipherSuitesOverride` to `MetricsOptions`, plus `ValidateTLSOptions()` and `ApplyTLSOptions()`; `RunMetrics` signature updated to accept `apiServerLister` and apply central profile then flag overrides.
manifest.Include signature and callsite updates `lib/manifest/manifest.go`, `pkg/cvo/sync_worker.go`, `pkg/payload/payload.go`, `pkg/payload/render.go`, `pkg/payload/...`	Extended manifest.Include API with an additional trailing parameter; updated multiple call sites to pass an extra `nil`.
Test updates for Include arity `pkg/cvo/featuregate_integration_test.go`	Updated test call sites of `manifest.Include` to pass the new trailing `nil` parameter across multiple test cases.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 72.73% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'WIP: Central tls profile' is directly related to the main changes in the PR, which implement central TLS profile handling for the metrics server and APIServer integration.
Stable And Deterministic Test Names	✅ Passed	The pull request does not modify Ginkgo test names or introduce dynamic information into test titles. Test files remain unchanged with stable, deterministic test names.
Test Structure And Quality	✅ Passed	Tests use standard Go testing package with testing.T, not Ginkgo BDD-style testing as specified in the custom check requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

📝 Coding Plan

Generate coding plan for human review comments

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-03-07T22:46:23Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DavidHurta

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [DavidHurta]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

DavidHurta · 2026-03-07T22:47:29Z

/test e2e-agnostic-operator
/test e2e-agnostic-ovn
/test e2e-hypershift
/test gofmt
/test images
/test lint
/test unit
/test verify-update
/test verify-yaml

coderabbitai

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

pkg/start/start.go (1)

358-363: ⚠️ Potential issue | 🟠 Major

Wait for the APIServer informer before starting metrics.

RunMetrics now reads the TLS profile through controllerCtx.CVO.APIServerLister(), but this path still only blocks on ClusterVersionInformerFactory.WaitForCacheSync above. The APIServer informer is created later in NewControllerContext, so on a fresh leader transition its cache can still be cold here and the first handshakes will race an empty/NotFound profile. Please gate metrics startup on the APIServer informer, or the full ConfigInformerFactory, being synced when RespectCentralTLSProfile is enabled.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@pkg/start/start.go` around lines 358 - 363, The metrics server is started
without ensuring the APIServer informer (or the full ConfigInformerFactory) has
synced, causing races when RunMetrics reads TLS profiles via
controllerCtx.CVO.APIServerLister(); update the metrics startup to, when
RespectCentralTLSProfile is enabled, wait for the APIServer informer (or
controllerCtx.ConfigInformerFactory) to be synced before spawning the goroutine
that calls cvo.RunMetrics (check o.MetricsOptions.ListenAddress and
o.RespectCentralTLSProfile, then call the appropriate WaitForCacheSync on the
APIServer informer or ConfigInformerFactory from controllerCtx and only start
the metrics goroutine after that returns true).

pkg/cvo/metrics.go (2)

353-360: ⚠️ Potential issue | 🟠 Major

Reject missing apiServerLister at startup.

If RespectCentralTLSProfile is true and apiServerLister is nil, the process won't fail until Line 485, where the first handshake dereferences it. Please turn that into an early configuration error.

Suggested fix

 func RunMetrics(runContext context.Context, shutdownContext context.Context, restConfig *rest.Config, apiServerLister configlistersv1.APIServerLister, options MetricsOptions) error {
 	if options.ListenAddress == "" {
 		return errors.New("listen address is required to serve metrics")
 	}
 
 	if options.DisableAuthentication && !options.DisableAuthorization {
 		return errors.New("invalid configuration: cannot enable authorization without authentication")
 	}
+	if options.RespectCentralTLSProfile && apiServerLister == nil {
+		return errors.New("apiServerLister is required when RespectCentralTLSProfile is enabled")
+	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cvo/metrics.go` around lines 353 - 360, Add an early validation in
RunMetrics to reject a nil apiServerLister when options.RespectCentralTLSProfile
is true: after the existing ListenAddress and auth checks, check if
options.RespectCentralTLSProfile && apiServerLister == nil and return a clear
configuration error (e.g. "apiServerLister is required when
RespectCentralTLSProfile is true"). This prevents the later nil dereference in
TLS handshake code that relies on apiServerLister.

467-490: ⚠️ Potential issue | 🔴 Critical

Synchronize lastValidProfile in the TLS callback.

lastValidProfile is captured by GetConfigForClient and then read and overwritten on each handshake without synchronization. That is a data race, and concurrent handshakes can also write back an older snapshot after a profile change.

Suggested fix

 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"slices"
+	"sync"
 	"time"
@@
-	var lastValidProfile *cachedTLSProfile
+	var (
+		lastValidProfile   *cachedTLSProfile
+		lastValidProfileMu sync.Mutex
+	)
@@
 			if options.RespectCentralTLSProfile {
+				lastValidProfileMu.Lock()
 				profile, err := getAPIServerTLSProfile(apiServerLister, lastValidProfile)
+				if err == nil {
+					lastValidProfile = profile
+				}
+				lastValidProfileMu.Unlock()
 				if err != nil {
 					return nil, fmt.Errorf("failed to get TLS profile for metrics server: %w", err)
 				}
-				lastValidProfile = profile
 				profile.apply(config)
 			}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cvo/metrics.go` around lines 467 - 490, The TLS callback captures and
mutates lastValidProfile unsafely; add synchronization (e.g., a package-local
sync.RWMutex like lastValidProfileMu) and use RLock when reading and Lock when
updating to prevent data races and stale overwrites in GetConfigForClient; wrap
the call to getAPIServerTLSProfile and the assignment lastValidProfile = profile
(and the subsequent profile.apply(config) if it relies on the stored state)
inside the mutex so readers/writers are serialized and the cachedTLSProfile is
updated atomically.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/cvo/metrics.go`:
- Around line 176-180: The log at the klog.Infof call prints profile.Ciphers
using %s which causes invalid formatting; update the klog.Infof in the TLS
profile change block (after tlsprofile.NewTLSConfigFromProfile and the
unsupportedCiphers check) to format the cipher list correctly by using a verbs
that match the type (e.g., %v) or join the slice into a string (e.g.,
strings.Join(profile.Ciphers, ",")). Ensure you import strings if you choose
Join and keep the rest of the message unchanged.

---

Outside diff comments:
In `@pkg/cvo/metrics.go`:
- Around line 353-360: Add an early validation in RunMetrics to reject a nil
apiServerLister when options.RespectCentralTLSProfile is true: after the
existing ListenAddress and auth checks, check if
options.RespectCentralTLSProfile && apiServerLister == nil and return a clear
configuration error (e.g. "apiServerLister is required when
RespectCentralTLSProfile is true"). This prevents the later nil dereference in
TLS handshake code that relies on apiServerLister.
- Around line 467-490: The TLS callback captures and mutates lastValidProfile
unsafely; add synchronization (e.g., a package-local sync.RWMutex like
lastValidProfileMu) and use RLock when reading and Lock when updating to prevent
data races and stale overwrites in GetConfigForClient; wrap the call to
getAPIServerTLSProfile and the assignment lastValidProfile = profile (and the
subsequent profile.apply(config) if it relies on the stored state) inside the
mutex so readers/writers are serialized and the cachedTLSProfile is updated
atomically.

In `@pkg/start/start.go`:
- Around line 358-363: The metrics server is started without ensuring the
APIServer informer (or the full ConfigInformerFactory) has synced, causing races
when RunMetrics reads TLS profiles via controllerCtx.CVO.APIServerLister();
update the metrics startup to, when RespectCentralTLSProfile is enabled, wait
for the APIServer informer (or controllerCtx.ConfigInformerFactory) to be synced
before spawning the goroutine that calls cvo.RunMetrics (check
o.MetricsOptions.ListenAddress and o.RespectCentralTLSProfile, then call the
appropriate WaitForCacheSync on the APIServer informer or ConfigInformerFactory
from controllerCtx and only start the metrics goroutine after that returns
true).

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4b2ebb59-479e-4c67-b71f-fec6dbcfc90e

📥 Commits

Reviewing files that changed from the base of the PR and between 7092376 and 3f595e0.

⛔ Files ignored due to path filters (291)

go.sum is excluded by !**/*.sum
vendor/github.com/evanphx/json-patch/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fold.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fuzz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/indent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/scanner.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tables.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tags.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/evanphx/json-patch/v5/patch.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-logr/logr/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-logr/logr/funcr/funcr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/btree.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/assertion.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/async_assertion.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/duration_bundle.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/gomega.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/polling_signal_error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/internal/vetoptdesc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/and.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/assignable_to_type_of_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_directory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_regular_file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_an_existing_file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_closed_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_element_of_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_empty_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_equivalent_to_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_false_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_identical_to.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_key_of_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_nil_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_numerically_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_sent_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_temporally_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_true_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/be_zero_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/consist_of.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/contain_element_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/contain_elements_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/contain_substring_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/equal_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_cap_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_each_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_exact_elements.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_existing_field_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_field.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_header_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_len_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_prefix_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_suffix_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/have_value.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/internal/miter/type_support_iter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/internal/miter/type_support_noiter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_json_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_regexp_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_xml_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/not.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/or.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/panic_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/receive_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/satisfy_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/semi_structured_data_support.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/succeed_matcher.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraph.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/node/node.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/type_support.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/matchers/with_transform.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_backup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/manifest/manifest.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/api/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/desc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/labels.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/metric.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/process_collector_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_nocgo_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/process_collector_procfsenabled.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/vec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/client_golang/prometheus/wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/config/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/config/headers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/config/http_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/expfmt.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/fuzz.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/text_create.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/text_parse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/alert.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/labels.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/labelset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/value.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/value_histogram.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/value_type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/Makefile.common is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/arp.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/fs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/fs_statfs_notype.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/fscache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/internal/fs/fs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/internal/util/parse.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/mountstats.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_dev_snmp6.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_ip_socket.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_protocols.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_tcp.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/net_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_cgroup.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_io.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_netstat.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_smaps.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_snmp.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_snmp6.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_status.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/proc_sys.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/procfs/softirqs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/bool_func.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/count.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/flag.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/func.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/golangflag.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/ipnet_slice.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/string_to_string.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/text.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/spf13/pflag/time.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/oauth2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/internal/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/oauth2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/pkce.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/PATENTS is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/term/terminal.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !**/vendor/**, !vendor/**
vendor/gomodules.xyz/jsonpatch/v2/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/gomodules.xyz/jsonpatch/v2/jsonpatch.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/encoding/protowire/wire.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/filedesc/editions.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/filedesc/presence.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/genid/api_gen.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/impl/message_opaque.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/impl/presence.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/proto/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/gopkg.in/evanphx/json-patch.v4/README.md is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/evanphx/json-patch.v4/patch.go is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/LICENSE.libyaml is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/apic.go is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/gopkg.in/yaml.v2/emitterc.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

go.mod
lib/manifest/manifest.go
pkg/cvo/cvo.go
pkg/cvo/featuregate_integration_test.go
pkg/cvo/metrics.go
pkg/cvo/sync_worker.go
pkg/payload/payload.go
pkg/payload/render.go
pkg/start/start.go

pkg/cvo/metrics.go

Update all manifest.Include() call sites to match the new function signature from the openshift/library-go dependency bump.

openshift-ci-robot · 2026-03-17T00:24:08Z

@DavidHurta: This pull request references OTA-1764 which is a valid jira issue.

Details

In response to this:

Summary by CodeRabbit

New Features

Added support for dynamic TLS profile handling in the metrics server, enabling centralized TLS configuration management from the cluster's APIServer.

Introduced a new configuration option to control TLS profile synchronization behavior.

Chores

Updated multiple Go module dependencies to newer versions, including logging, testing, Kubernetes, Prometheus, and related utilities.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

DavidHurta · 2026-03-17T01:28:18Z

/test all

DavidHurta · 2026-03-17T01:28:40Z

@coderabbitai review

coderabbitai · 2026-03-17T01:28:46Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (1)

pkg/cvo/metrics.go (1)
164-170: Remove or clarify the dead code block.

The if false block with the TODO comment is unreachable and will never execute. If this is a placeholder for future API changes, consider using a build tag or feature flag instead, or remove it entirely until the API changes are ready.
♻️ Suggested approach

Either remove the dead code block entirely:
-	if false { // TODO: Add TLS adherence logic when API changes merge
-		return &cachedTLSProfile{
-			spec:       nil,
-			apply:      func(config *tls.Config) {}, // do nothing
-			generation: apiServer.Generation,
-		}, nil
-	}
-
Or if keeping it as a placeholder, add a clearer skip mechanism:
+	// TODO(OTA-XXXX): Add TLS adherence logic when API changes merge
+	// When implemented, check apiServer.Spec.TLSSecurityProfile adherence field here
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@pkg/cvo/metrics.go` around lines 164 - 170, The unreachable "if false" block
should be removed or replaced with a proper toggle; delete the dead branch that
returns a cachedTLSProfile with spec nil/apply noop (references:
cachedTLSProfile, apiServer.Generation, tls.Config) or, if you need a
placeholder, replace it with a clear feature flag/build-tag guard (not "if
false") and document the intent; ensure any retained placeholder still compiles
and preserves the intended return shape for the surrounding function.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Around line 29-36: The go.mod shows a mismatch: most k8s modules are v0.35.1
while k8s.io/kube-aggregator remains v0.34.1; verify compatibility and align
versions by either upgrading k8s.io/kube-aggregator to a v0.35.x release if
available, or downgrade the other k8s modules to the kube-aggregator compatible
version (e.g., v0.34.x), or add a go.mod replace to force a tested compatible
commit; update the k8s module entries (k8s.io/kube-aggregator and the other
k8s.io/* lines) so all Kubernetes component modules use a mutually compatible
version set and run go mod tidy and go test to ensure no API/type mismatches.
- Line 3: The go.mod contains an invalid Go version "go 1.25.0"; update the
module's go directive to a valid released version (e.g., "go 1.25.8" or "go
1.26.1") by replacing the current go directive value so the go directive in
go.mod reflects an actual Go release.

---

Nitpick comments:
In `@pkg/cvo/metrics.go`:
- Around line 164-170: The unreachable "if false" block should be removed or
replaced with a proper toggle; delete the dead branch that returns a
cachedTLSProfile with spec nil/apply noop (references: cachedTLSProfile,
apiServer.Generation, tls.Config) or, if you need a placeholder, replace it with
a clear feature flag/build-tag guard (not "if false") and document the intent;
ensure any retained placeholder still compiles and preserves the intended return
shape for the surrounding function.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b19eb2ef-b766-4f59-b7e5-9d3710e2fd62

📥 Commits

Reviewing files that changed from the base of the PR and between 3f595e0 and f9d748d.

⛔ Files ignored due to path filters (113)

go.sum is excluded by !**/*.sum
vendor/github.com/evanphx/json-patch/v5/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/errors.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/decode.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fold.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/fuzz.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/indent.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/scanner.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tables.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/internal/json/tags.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/merge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/evanphx/json-patch/v5/patch.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/LICENSE is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/README.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/btree.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/merge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/profile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/proto.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/google/pprof/profile/prune.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/format/format.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/assertion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/async_assertion.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/duration_bundle.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/gomega.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/polling_signal_error.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/internal/vetoptdesc.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/and.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/assignable_to_type_of_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_directory.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_a_regular_file.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_an_existing_file.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_closed_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_element_of_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_empty_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_equivalent_to_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_false_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_identical_to.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_key_of_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_nil_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_numerically_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_sent_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_temporally_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_true_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/be_zero_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/consist_of.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/contain_element_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/contain_elements_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/contain_substring_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/equal_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_cap_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_each_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_exact_elements.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_existing_field_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_field.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_body_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_header_with_value_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_http_status_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_len_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_occurred_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_prefix_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_suffix_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/have_value.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_json_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_regexp_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_xml_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/not.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/or.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/panic_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/receive_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/satisfy_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/semi_structured_data_support.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/succeed_matcher.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/bipartitegraph/bipartitegraph.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/support/goraph/node/node.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/type_support.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/matchers/with_transform.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/onsi/gomega/types/types.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (9)

go.mod
lib/manifest/manifest.go
pkg/cvo/cvo.go
pkg/cvo/featuregate_integration_test.go
pkg/cvo/metrics.go
pkg/cvo/sync_worker.go
pkg/payload/payload.go
pkg/payload/render.go
pkg/start/start.go

🚧 Files skipped from review as they are similar to previous changes (3)

pkg/cvo/featuregate_integration_test.go
lib/manifest/manifest.go
pkg/payload/render.go

coderabbitai · 2026-03-17T01:33:06Z

go.mod

 module github.com/openshift/cluster-version-operator

-go 1.24.0
+go 1.25.0


⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Description: Check the latest stable Go releases from golang.org # Fetch the list of available Go versions curl -s 'https://go.dev/dl/?mode=json' | jq -r '.[].version' | head -10 # Check if go1.25.0 exists in the official releases curl -s 'https://go.dev/dl/?mode=json' | jq -r '.[].version' | grep -q 'go1.25.0' && echo "go1.25.0 exists" || echo "go1.25.0 does NOT exist"

Repository: openshift/cluster-version-operator

Length of output: 119

Update Go version to a valid release.

Go 1.25.0 does not exist as an official release. Valid alternatives include go1.24.x, go1.25.8, or go1.26.1. Update go 1.25.0 to a valid version:

-go 1.25.0 +go 1.25.8

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

go 1.25.0

go 1.25.8

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@go.mod` at line 3, The go.mod contains an invalid Go version "go 1.25.0"; update the module's go directive to a valid released version (e.g., "go 1.25.8" or "go 1.26.1") by replacing the current go directive value so the go directive in go.mod reflects an actual Go release.

go.mod

DavidHurta · 2026-03-17T13:12:23Z

/test ?

DavidHurta · 2026-03-17T13:17:30Z

/test tls-scanner
/test all

DavidHurta · 2026-03-18T00:29:23Z

/test tls-scanner
/test all

DavidHurta · 2026-03-18T12:59:59Z

/test tls-scanner

DavidHurta · 2026-03-19T02:32:07Z

/test tls-scanner
/test all

Honor the central TLS profile [1]. At the moment, do not introduce sophisticated caching. Utilize the generation and keep the code simple. We can iterate in the future in case the optimization in this area is worth the effort. The tls adherence is in TP at the moment. No need to check explicitly the feature gate [2]: > Component Interaction with the Feature Gate: The feature gate controls > whether the tlsAdherence field is accepted by the API server — > components themselves do not need to check the feature gate. > Because the field is optional (+optional, omitempty), components only > need to handle the field's value when unmarshaling the APIServer config > ... > This means components do not need to set up feature gate watching or > add feature-gate-specific code paths. The ShouldHonorClusterTLSProfile > helper in library-go encapsulates all of this logic. [1]: https://github.com/openshift/enhancements/blob/master/enhancements/security/centralized-tls-config.md [2]: https://github.com/openshift/enhancements/blob/master/enhancements/security/centralized-tls-config.md#feature-gate

…perShift Introducing new flags based on a recommendation from the centralized TLS config enhancement [1] to support HyperShift > When these flags are set by the CPO, they take precedence over any > value the component would read from > apiservers.config.openshift.io/cluster. When they are not set, the > component falls back to its normal behavior of watching the cluster config. [1]: https://github.com/openshift/enhancements/blob/master/enhancements/security/centralized-tls-config.md

DavidHurta · 2026-03-19T13:59:16Z

/hold

Waiting for other PRs in the repository to merge due to dependency bumps and linting warnings.

However, the core of the PR, the last two commits, are ready for feedback.

openshift-ci-robot · 2026-03-19T14:01:58Z

@DavidHurta: This pull request references OTA-1764 which is a valid jira issue.

Details

In response to this:

Honor the centralized TLS configuration.

Summary by CodeRabbit

New Features

Added support for dynamic TLS profile handling in the metrics server, enabling centralized TLS configuration management from the cluster's APIServer.

Introduced a new configuration option to control TLS profile synchronization behavior.

Chores

Updated multiple Go module dependencies to newer versions, including logging, testing, Kubernetes, Prometheus, and related utilities.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

DavidHurta · 2026-03-19T14:02:29Z

@coderabbitai review

coderabbitai · 2026-03-19T14:02:35Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

openshift-ci-robot · 2026-03-19T14:03:40Z

@DavidHurta: This pull request references OTA-1836 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Honor the centralized TLS configuration.

Summary by CodeRabbit

New Features

Added support for dynamic TLS profile handling in the metrics server, enabling centralized TLS configuration management from the cluster's APIServer.

Introduced a new configuration option to control TLS profile synchronization behavior.

Chores

Updated multiple Go module dependencies to newer versions, including logging, testing, Kubernetes, Prometheus, and related utilities.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-03-19T14:05:08Z

@DavidHurta: This pull request references OTA-1836 which is a valid jira issue.

Details

In response to this:

Honor the centralized TLS configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-03-19T15:35:28Z

@DavidHurta: This pull request references OTA-1836 which is a valid jira issue.

Details

In response to this:

Honor the centralized TLS configuration.

A follow-up PR in openshift/hypershift#8013 after this one merges.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-03-19T15:35:43Z

@DavidHurta: This pull request references OTA-1836 which is a valid jira issue.

Details

In response to this:

Honor the centralized TLS configuration.

A follow-up PR openshift/hypershift#8013 after this one merges.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2026-03-19T17:20:40Z

@DavidHurta: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-agnostic-ovn	`203183d`	link	true	`/test e2e-agnostic-ovn`
ci/prow/e2e-agnostic-ovn-techpreview-serial-3of3	`203183d`	link	true	`/test e2e-agnostic-ovn-techpreview-serial-3of3`
ci/prow/e2e-agnostic-ovn-techpreview-serial-2of3	`203183d`	link	true	`/test e2e-agnostic-ovn-techpreview-serial-2of3`
ci/prow/e2e-agnostic-ovn-upgrade-into-change	`203183d`	link	true	`/test e2e-agnostic-ovn-upgrade-into-change`
ci/prow/e2e-hypershift-conformance	`203183d`	link	true	`/test e2e-hypershift-conformance`
ci/prow/e2e-agnostic-ovn-upgrade-out-of-change	`203183d`	link	true	`/test e2e-agnostic-ovn-upgrade-out-of-change`
ci/prow/e2e-agnostic-ovn-techpreview-serial-1of3	`203183d`	link	true	`/test e2e-agnostic-ovn-techpreview-serial-1of3`
ci/prow/lint	`203183d`	link	true	`/test lint`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 7, 2026

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 7, 2026

coderabbitai bot reviewed Mar 7, 2026

View reviewed changes

pkg/cvo/metrics.go Outdated Show resolved Hide resolved

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 11, 2026

Add nil parameter to Include() calls

e72fa8a

Update all manifest.Include() call sites to match the new function signature from the openshift/library-go dependency bump.

DavidHurta force-pushed the central-tls-profile branch from 3f595e0 to 1362d3f Compare March 17, 2026 00:23

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 17, 2026

DavidHurta changed the title ~~WIP: Central tls profile~~ OTA-1764: Respect Central TLS Profile in Standalone Mar 17, 2026

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Mar 17, 2026

DavidHurta force-pushed the central-tls-profile branch 2 times, most recently from 9990e0a to f9d748d Compare March 17, 2026 01:27

coderabbitai bot reviewed Mar 17, 2026

View reviewed changes

DavidHurta mentioned this pull request Mar 17, 2026

OTA-1764: CVO: Add an Optional TLS Scanner Presubmit Job openshift/release#76044

Merged

DavidHurta force-pushed the central-tls-profile branch from f9d748d to 8553636 Compare March 17, 2026 13:12

DavidHurta force-pushed the central-tls-profile branch from 8553636 to 7b9c98f Compare March 18, 2026 00:29

Do Not Merge: deps: Random bumps go!

571b5da

DavidHurta changed the title ~~OTA-1764: Respect Central TLS Profile in Standalone~~ OTA-1764: Support centralized TLS configuration Mar 19, 2026

DavidHurta force-pushed the central-tls-profile branch from 70099c9 to 29e1401 Compare March 19, 2026 02:30

DavidHurta mentioned this pull request Mar 19, 2026

OTA-1764: feat(cvo): add TLS cipher suites and minimum version flags openshift/hypershift#8013

Draft

4 tasks

DavidHurta force-pushed the central-tls-profile branch from 29e1401 to e7776e4 Compare March 19, 2026 13:55

DavidHurta added 2 commits March 19, 2026 14:57

DavidHurta force-pushed the central-tls-profile branch from e7776e4 to 203183d Compare March 19, 2026 13:57

DavidHurta marked this pull request as ready for review March 19, 2026 13:59

openshift-ci bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. and removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Mar 19, 2026

DavidHurta changed the title ~~OTA-1764: Support centralized TLS configuration~~ OTA-1836: Honor the centralized TLS configuration Mar 19, 2026

Conversation

DavidHurta commented Mar 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci bot commented Mar 7, 2026

Uh oh!

DavidHurta commented Mar 7, 2026

Uh oh!

coderabbitai bot commented Mar 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

openshift-ci bot commented Mar 7, 2026

Uh oh!

DavidHurta commented Mar 7, 2026

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

openshift-ci-robot commented Mar 17, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

DavidHurta commented Mar 17, 2026

Uh oh!

DavidHurta commented Mar 17, 2026

Uh oh!

coderabbitai bot commented Mar 17, 2026

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 17, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

DavidHurta commented Mar 17, 2026

Uh oh!

DavidHurta commented Mar 17, 2026

Uh oh!

DavidHurta commented Mar 18, 2026

Uh oh!

DavidHurta commented Mar 18, 2026

Uh oh!

DavidHurta commented Mar 19, 2026

Uh oh!

DavidHurta commented Mar 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Mar 19, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

DavidHurta commented Mar 19, 2026

Uh oh!

coderabbitai bot commented Mar 19, 2026

Uh oh!

openshift-ci-robot commented Mar 19, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

openshift-ci-robot commented Mar 19, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Mar 19, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Mar 19, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci bot commented Mar 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

DavidHurta commented Mar 7, 2026 •

edited

Loading

coderabbitai bot commented Mar 7, 2026 •

edited

Loading

openshift-ci-robot commented Mar 17, 2026 •

edited by openshift-ci bot

Loading

DavidHurta commented Mar 19, 2026 •

edited

Loading

openshift-ci-robot commented Mar 19, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Mar 19, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Mar 19, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Mar 19, 2026 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Mar 19, 2026 •

edited by openshift-ci bot

Loading