Skip to content

ci-operator/kubernetes: use stream9 base-machine for both RHCOS overlays#81278

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
jubittajohn:fix-rhcos-overlay-stream10
Jun 30, 2026
Merged

ci-operator/kubernetes: use stream9 base-machine for both RHCOS overlays#81278
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
jubittajohn:fix-rhcos-overlay-stream10

Conversation

@jubittajohn

@jubittajohn jubittajohn commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

The rpm download stage only needs dnf to fetch RPMs from the built repo — the base OS is irrelevant. Using a single stream9 base-machine for both overlays eliminates the flaky centos:stream10 import (digest disappearing mid-job) while keeping both RHCOS overlays functional:

  • rhel-coreos-10: overlaid RHCOS 10 with k8s 1.36 RPMs (fixes MC mismatch)
  • rhel-coreos: overlaid RHCOS 9 with k8s 1.36 RPMs (fixes HyperShift conformance)

Summary by CodeRabbit

This updates the OpenShift Kubernetes CI configuration to run both RHCOS overlay paths from a single stream9 base machine image instead of mixing in stream10/RHEL9-specific variants.

Practically, this removes the flaky CentOS Stream 10 image dependency while keeping the Kubernetes RPM injection flow working for both:

  • rhel-coreos-10 overlays, and
  • rhel-coreos overlays

The RPM build/injection steps now consistently source from the stream9 base image, which should make the Kubernetes CI jobs more stable without changing the intended downstream overlay behavior.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 6d8da441-f0df-44dd-b004-0c3493e41a2f

📥 Commits

Reviewing files that changed from the base of the PR and between b64d134 and 3fa23ea.

📒 Files selected for processing (1)
  • ci-operator/config/openshift/kubernetes/openshift-kubernetes-master.yaml

Walkthrough

Updates the CI config for openshift/kubernetes master to use CentOS Stream 9 instead of Stream 10. Removes the separate base-machine-rhel9 base image and its associated rpm_image_injection_step, and renames the base-machine-rhel9-with-rpms input to base-machine-with-rpms throughout.

Changes

CentOS Stream 9 consolidation

Layer / File(s) Summary
Base image, Dockerfile, and RPM injection rewiring
ci-operator/config/openshift/kubernetes/openshift-kubernetes-master.yaml
base-machine tag changed from stream10 to stream9; base-machine-rhel9 base image definition removed; embedded Dockerfile FROM updated to stream9; inputs mapping and images wiring renamed from base-machine-rhel9-with-rpms to base-machine-with-rpms; rhel9 rpm_image_injection_step removed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Possibly related PRs

  • openshift/release#81240: Directly modifies the same file and adds the base-machine-rhel9 injection that this PR removes, making them directly inverse changes.

Suggested labels

lgtm

Suggested reviewers

  • benluddy
  • p0lyn0mial
🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: switching the Kubernetes CI base-machine to stream9 for both RHCOS overlays.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only changes ci-operator YAML; no Ginkgo test titles were added or edited, and the touched file contains no It/Describe/Context/When calls.
Test Structure And Quality ✅ Passed PR only updates ci-operator YAML; no Ginkgo/test code changed, so the test-structure checklist is not applicable.
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the PR only changes ci-operator YAML, so MicroShift test compatibility is not implicated.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PASS: The PR only updates a ci-operator YAML config; no new Ginkgo e2e tests or SNO-sensitive test logic were added.
Topology-Aware Scheduling Compatibility ✅ Passed Change only updates CI image inputs/base-machine tags in a ci-operator config; no deployment manifests, controllers, or scheduling constraints were added.
Ote Binary Stdout Contract ✅ Passed PR only updates ci-operator YAML image wiring; no OTE binary/main-test code or stdout-writing process-level paths are touched.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only CI config image inputs changed; no new Ginkgo/e2e test code or network logic was added, so this compatibility check is not applicable.
No-Weak-Crypto ✅ Passed Touched YAML only updates base images and RPM injection; scans found no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB or secret-comparison code.
Container-Privileges ✅ Passed The modified ci-operator config only changes base image/RPM wiring; no privileged, hostNetwork, hostPID, hostIPC, SYS_ADMIN, or allowPrivilegeEscalation settings appear.
No-Sensitive-Data-In-Logs ✅ Passed PASS: The modified CI config only changes image/base refs and build steps; no new log statements or sensitive literals (passwords/tokens/PII) were added.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from benluddy and jacobsee June 30, 2026 15:55
@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 30, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

[REHEARSALNOTIFIER]
@jubittajohn: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name Repo Type Reason
pull-ci-openshift-kubernetes-master-artifacts openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-configmap-scale openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-agnostic-ovn-cmd openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-csi openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-disruptive openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-hpa openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-jenkins openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-cgroupsv2 openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-crun openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-downgrade openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-fips openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-hypershift openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-serial-1of2 openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-serial-2of2 openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-techpreview openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-techpreview-serial-1of2 openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-techpreview-serial-2of2 openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-ovn-upgrade openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-aws-single-node openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-azure openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-azure-ovn-upgrade openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-external-aws-ccm openshift/kubernetes presubmit Ci-operator config changed
pull-ci-openshift-kubernetes-master-e2e-gcp openshift/kubernetes presubmit Ci-operator config changed

A total of 48 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here
Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

@jubittajohn

Copy link
Copy Markdown
Contributor Author

/pj-rehearse pull-ci-openshift-kubernetes-master-e2e-aws-ovn-hypershift

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@jubittajohn: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@jubittajohn

Copy link
Copy Markdown
Contributor Author

/pj-rehearse periodic-ci-openshift-hypershift-release-5.0-periodics-e2e-aws-ovn-conformance

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@jubittajohn: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

1 similar comment
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@jubittajohn: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@jubittajohn: job(s): periodic-ci-openshift-hypershift-release-5.0-periodics-e2e-aws-ovn-conformance either don't exist or were not found to be affected, and cannot be rehearsed

1 similar comment
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@jubittajohn: job(s): periodic-ci-openshift-hypershift-release-5.0-periodics-e2e-aws-ovn-conformance either don't exist or were not found to be affected, and cannot be rehearsed

@jacobsee

Copy link
Copy Markdown
Member

/pj-rehearse ack

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

@jacobsee: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

@openshift-merge-bot openshift-merge-bot Bot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Jun 30, 2026
@jacobsee

Copy link
Copy Markdown
Member

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2026
@openshift-ci

openshift-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jacobsee, jubittajohn

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@jubittajohn: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot Bot merged commit 29dc99a into openshift:main Jun 30, 2026
15 checks passed
krisnababu pushed a commit to oharan2/release that referenced this pull request Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. rehearsals-ack Signifies that rehearsal jobs have been acknowledged

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants