WIP: CORENET-7046: Bump Kubernetes to 1.36.1 and OCP to 5.0 by miheer · Pull Request #3017 · openshift/cluster-network-operator

miheer · 2026-05-31T06:14:22Z

Update the operator dependency baseline to Kubernetes 1.36.1 and align the build/runtime images with the OCP 5.0 toolchain. This keeps cluster-network-operator on the target platform versions expected by the next release while preserving the established dependency bump flow from earlier Kubernetes/OCP updates.

Refresh Go modules and vendor content for the Kubernetes 1.36.1 stack, controller-runtime/controller-tools updates, OpenShift API/client/library dependencies, and generated manifests. The OpenShift modules are updated without a release-5.0 suffix because the referenced previous bump pattern did not require it for these dependencies, and build-machinery-go did not provide that branch.

Keep controller-gen built through the vendored tools path, add the Kubernetes 1.36 SharedIndexInformer HasSyncedChecker compatibility method to the vendored library-go test helper, and update local Darwin arm64 tool bootstrap logic for yq/yaml-patch so make verify can get past the tool-install phase while Linux CI continues to use the release binaries.

Add inline comments in the touched build/tooling compatibility areas explaining what changed and why. Add docs/kubernetes-ocp-5.0-bump.md to document the version targets, previous-commit references, implementation behavior, local verification results, and expected make verify behavior.

Verification: make build, make test, hack/update-codegen.sh, and a vendored controller-gen build passed. make verify passed the prior yq/yaml-patch failure points locally and only stopped at the final git diff check before commit because the intended generated/vendor changes were present.

Summary by CodeRabbit

Chores
- Bumped Go toolchain to 1.26, refreshed dependencies and vendor for Kubernetes 1.36 compatibility, and rebased builder/runtime images to OpenShift 5.0 (updated container build/runtime bases).
Documentation
- Added upgrade notes detailing dependency bumps, vendor regeneration, controller-gen annotation update, compatibility workaround, and validation/verify outcomes.

coderabbitai · 2026-05-31T06:14:49Z

Walkthrough

Upgrades cluster-network-operator to Kubernetes 1.36.1 and OpenShift 5.0 with Go 1.26: CI operator and Dockerfile images updated, go.mod toolchain and dependencies bumped (with a temporary library-go replace), generated CRD controller-gen annotation advanced to v0.21.0, and documentation added for compatibility and vendor workarounds.

Changes

Kubernetes 1.36 and OpenShift 5.0 upgrade

Layer / File(s)	Summary
Go toolchain and direct requires `go.mod`	`go` directive set to 1.26.0; direct `require` versions bumped and a `replace` added to pin `openshift/library-go` to a fork/PR state for vendor reproducibility.
Indirect dependency bumps — openapi/protobuf/logging `go.mod`	Indirect upgrades for fsnotify, go-logr, go-openapi/swag, protobuf/cmp/uuid, and telemetry-related libs.
Indirect dependency bumps — golang.org/x, gRPC, kube-openapi `go.mod`	Broad indirect refresh across go.uber.org/zap, golang.org/x/*, gRPC/protobuf, kube-openapi, and sigs.k8s.io modules used by codegen and tooling.
OpenShift/Kubernetes tooling requires `go.mod`	Refresh direct OpenShift/Kubernetes tooling deps: `openshift/api`, `openshift/client-go`, `openshift/library-go`, `k8s.io/apiextensions-apiserver`, `k8s.io/client-go`, `sigs.k8s.io/controller-tools`.
CI and Docker image updates `.ci-operator.yaml`, `Dockerfile`	CI `build_root_image` tag updated to `rhel-9-release-golang-1.26-openshift-5.0`; Dockerfile builder and runtime base images switched to OCP 5.0 / Go 1.26 (comments updated).
Documentation for rebase and compatibility/workarounds `docs/kubernetes-ocp-5.0-bump.md`	Documents Kubernetes 1.36.1/OCP 5.0 rebase, Go 1.26 requirement, v0.36.1 module bumps, vendor regeneration, controller-gen v0.21.0, and the temporary `library-go` replace-based compatibility patch.
Generated CRD annotation `manifests/0000_70_cluster-network-operator_01_pki_crd.yaml`	Updated controller-gen annotation from `v0.20.1` to `v0.21.0` in the generated PKI CRD; no other CRD changes.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
No-Weak-Crypto	❌ Error	PR introduces MD5 hashing in new file pkg/util/k8s/unstructured.go: imports crypto/md5 and uses md5.Sum() for computing object hashes via public CalculateHash() function.	Replace MD5 with a secure hash function (SHA-256) for the CalculateHash() function, or remove if hashing is not required for security-sensitive operations.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR does not contain Ginkgo tests. Repository uses standard Go testing.T with Gomega; Ginkgo is only an indirect dependency. No test files are modified in this PR.
Test Structure And Quality	✅ Passed	This PR contains no Ginkgo tests. The repository uses standard Go testing package with Gomega assertions. The custom check is not applicable.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. Changes are infrastructure/dependency updates only.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR does not add any Ginkgo e2e tests. This is a dependency/build update PR that modifies .ci-operator.yaml, Dockerfile, go.mod, and generated manifests only.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds auto-generated manifests during K8s 1.36.1 upgrade; operator code checks ControlPlaneTopology and manifests use zone topology/feature labels, not topology-breaking hostname anti-affinity.
Ote Binary Stdout Contract	✅ Passed	This PR is for the cluster-network-operator Kubernetes/OCP baseline upgrade and does not include OpenShift Tests Extension (OTE) binaries. The check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests added in this PR. Codebase contains 0 imports of github.com/onsi/ginkgo and uses only standard Go testing. Check not applicable.
Container-Privileges	✅ Passed	PR deployment manifests use hostNetwork: true (required for network operator) with mitigations: runAsNonRoot, runAsUser 65534, no privileged containers, no SYS_ADMIN, no privilege escalation.
No-Sensitive-Data-In-Logs	✅ Passed	PR contains no new logging statements or code that exposes passwords, tokens, API keys, PII, or other sensitive data; changes are limited to version updates, build configuration, and documentation.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: bumping Kubernetes to 1.36.1 and OCP to 5.0. The 'WIP' prefix indicates work-in-progress status, which is a standard convention. The title matches the primary objectives documented in the PR.

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-05-31T06:15:11Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: miheer
Once this PR has been reviewed and has the lgtm label, please assign abhat for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

8-16: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Set an explicit non-root runtime user.

The runtime stage still has no USER, so the container defaults to root. Please set a non-root UID/GID before CMD.

Suggested patch

 FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
 COPY --from=builder  /go/src/github.com/openshift/cluster-network-operator/cluster-network-operator /usr/bin/
 COPY --from=builder  /go/src/github.com/openshift/cluster-network-operator/cluster-network-check-endpoints /usr/bin/
 COPY --from=builder  /go/src/github.com/openshift/cluster-network-operator/cluster-network-check-target /usr/bin/
@@
 ENV OPERATOR_NAME=cluster-network-operator
+USER 65532:65532
 CMD ["/usr/bin/cluster-network-operator"]

As per coding guidelines: "**/{Dockerfile,Containerfile}*: USER non-root; never run as root".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 8 - 16, The Dockerfile currently leaves the
container running as root (CMD ["/usr/bin/cluster-network-operator"])—add a
non-root runtime user/group and switch to it before CMD: create or specify a
numeric non-root UID/GID (e.g. 1000:1000) in the Dockerfile, ensure the copied
binaries (/usr/bin/cluster-network-operator, cluster-network-check-*) and
directories (manifests, bindata) are owned/readable by that UID/GID (adjust
ownership/permissions during the build stage where COPY occurs), and add a USER
instruction referencing that non-root UID/GID immediately before the CMD so
OPERATOR_NAME runs as non-root.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@Dockerfile`:
- Around line 8-16: The Dockerfile currently leaves the container running as
root (CMD ["/usr/bin/cluster-network-operator"])—add a non-root runtime
user/group and switch to it before CMD: create or specify a numeric non-root
UID/GID (e.g. 1000:1000) in the Dockerfile, ensure the copied binaries
(/usr/bin/cluster-network-operator, cluster-network-check-*) and directories
(manifests, bindata) are owned/readable by that UID/GID (adjust
ownership/permissions during the build stage where COPY occurs), and add a USER
instruction referencing that non-root UID/GID immediately before the CMD so
OPERATOR_NAME runs as non-root.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f9a30c23-4a4b-4f7b-9f28-04df924addd5

📥 Commits

Reviewing files that changed from the base of the PR and between 7d4c17a and 9266d45.

⛔ Files ignored due to path filters (295)

go.sum is excluded by !**/*.sum
vendor/github.com/Masterminds/semver/v3/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/constraints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/decode_map_utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/diagnose.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/valid.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/client_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/client_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/constants.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/server_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/server_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/COPYRIGHT is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/callmeta.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/metric_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/grpcstatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/native_unwrap1.12-.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/native_unwrap1.13+.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/util.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-isatty/isatty_others.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-isatty/isatty_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machineconfiguration/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/build-machinery-go/OWNERS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/OWNERS_ALIASES is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yq.mk is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultauthentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultsecretreference.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/containerresource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metricsserverconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/monitoringpluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorbuddyinfoconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorcpufreqconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorethtoolconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorksmdconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectormountstatsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetclasscollectconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetclassconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetdevconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorprocessesconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsoftirqsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsystemdcollectconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsystemdconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectortcpstatconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatoradmissionwebhookconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/telemeterclientconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awscsidriverconfigspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentsource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevisionmanifestsubstitution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/config/serving/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/cert_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/keygen.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/management/management_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/profile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/resolve.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
vendor/go.uber.org/zap/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/go.uber.org/zap/zapcore/entry.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/crypto/hkdf/hkdf.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/client_conn_pool.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/clientconn.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/config.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server_wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport_wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_random.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/go118.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/idna.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/idna9.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/pre_go118.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/punycode.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables10.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables11.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables12.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables13.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables15.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables17.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables9.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/trie12.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/trie13.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_loong64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_other_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/zcpu_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/plan9/syscall_plan9.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (5)

.ci-operator.yaml
Dockerfile
docs/kubernetes-ocp-5.0-bump.md
go.mod
manifests/0000_70_cluster-network-operator_01_pki_crd.yaml

coderabbitai

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

8-18: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Run the runtime image as a non-root user.

This image still defaults to root because there is no USER directive. Please set a non-root UID/GID in the final stage.

Suggested hardening patch

 FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
 COPY --from=builder  /go/src/github.com/openshift/cluster-network-operator/cluster-network-operator /usr/bin/
 COPY --from=builder  /go/src/github.com/openshift/cluster-network-operator/cluster-network-check-endpoints /usr/bin/
 COPY --from=builder  /go/src/github.com/openshift/cluster-network-operator/cluster-network-check-target /usr/bin/
@@
 ENV OPERATOR_NAME=cluster-network-operator
+USER 1001
 CMD ["/usr/bin/cluster-network-operator"]

As per coding guidelines: "USER non-root; never run as root".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 8 - 18, The final image is still running as root
because there is no USER directive; update the final Docker stage to run as a
non-root user by adding a USER directive with a non-root UID:GID (e.g., create
or use an existing unprivileged uid/gid and set USER 1000:1000) after copying
artifacts and before CMD; ensure ownership/permissions for
/usr/bin/cluster-network-operator, /usr/bin/cluster-network-check-endpoints,
/usr/bin/cluster-network-check-target, /manifests and /bindata are set so the
non-root user can execute/read them (adjust with chown/chmod earlier in the
Dockerfile if needed) and keep OPERATOR_NAME and CMD intact.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 8: Update the vulnerable dependency github.com/containernetworking/cni
from v0.8.0 to v0.8.1 (or newer) in go.mod, then regenerate module metadata and
vendor artifacts by running go mod tidy and updating vendor/go.sum (e.g., go mod
vendor) so go.sum and the vendor directory reflect the new version; ensure any
references to github.com/containernetworking/cni in go.mod and go.sum are
updated and commit the resulting changes.

---

Outside diff comments:
In `@Dockerfile`:
- Around line 8-18: The final image is still running as root because there is no
USER directive; update the final Docker stage to run as a non-root user by
adding a USER directive with a non-root UID:GID (e.g., create or use an existing
unprivileged uid/gid and set USER 1000:1000) after copying artifacts and before
CMD; ensure ownership/permissions for /usr/bin/cluster-network-operator,
/usr/bin/cluster-network-check-endpoints, /usr/bin/cluster-network-check-target,
/manifests and /bindata are set so the non-root user can execute/read them
(adjust with chown/chmod earlier in the Dockerfile if needed) and keep
OPERATOR_NAME and CMD intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8d711572-d4fb-4d5d-aebd-106991eedbf7

📥 Commits

Reviewing files that changed from the base of the PR and between 9266d45 and bce3ff3.

⛔ Files ignored due to path filters (295)

go.sum is excluded by !**/*.sum
vendor/github.com/Masterminds/semver/v3/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/constraints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/decode_map_utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/diagnose.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/valid.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/client_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/client_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/constants.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/server_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/server_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/COPYRIGHT is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/callmeta.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/metric_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/grpcstatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/native_unwrap1.12-.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/native_unwrap1.13+.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/util.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-isatty/isatty_others.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-isatty/isatty_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machineconfiguration/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/build-machinery-go/OWNERS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/OWNERS_ALIASES is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultauthentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultsecretreference.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/containerresource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metricsserverconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/monitoringpluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorbuddyinfoconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorcpufreqconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorethtoolconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorksmdconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectormountstatsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetclasscollectconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetclassconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetdevconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorprocessesconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsoftirqsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsystemdcollectconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsystemdconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectortcpstatconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatoradmissionwebhookconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/telemeterclientconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awscsidriverconfigspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentsource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevisionmanifestsubstitution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/config/serving/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/cert_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/keygen.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/management/management_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/profile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/resolve.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
vendor/go.uber.org/zap/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/go.uber.org/zap/zapcore/entry.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/crypto/hkdf/hkdf.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/client_conn_pool.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/clientconn.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/config.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server_wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport_wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_random.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/go118.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/idna.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/idna9.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/pre_go118.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/punycode.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables10.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables11.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables12.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables13.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables15.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables17.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables9.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/trie12.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/trie13.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_loong64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_other_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/zcpu_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/plan9/syscall_plan9.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/mkall.sh is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (5)

.ci-operator.yaml
Dockerfile
docs/kubernetes-ocp-5.0-bump.md
go.mod
manifests/0000_70_cluster-network-operator_01_pki_crd.yaml

✅ Files skipped from review due to trivial changes (1)

manifests/0000_70_cluster-network-operator_01_pki_crd.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

.ci-operator.yaml

coderabbitai · 2026-05-31T07:02:15Z

GHSA-xjqr-g762-pxwp

 require (
 	github.com/Masterminds/semver v1.5.0
 	github.com/Masterminds/sprig/v3 v3.2.3
 	github.com/containernetworking/cni v0.8.0


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail # Verify vulnerability status from OSV for the exact module+version in go.mod curl -s https://api.osv.dev/v1/query \ -H 'Content-Type: application/json' \ -d '{ "package": {"name":"github.com/containernetworking/cni","ecosystem":"Go"}, "version":"0.8.0" }' | jq '{vulns: [.vulns[]?.id], summary: [.vulns[]?.summary]}'

Repository: openshift/cluster-network-operator

Length of output: 306

🏁 Script executed:

#!/bin/bash set -euo pipefail curl -s https://api.osv.dev/v1/query \ -H 'Content-Type: application/json' \ -d '{ "package": {"name":"github.com/containernetworking/cni","ecosystem":"Go"}, "version":"0.8.0" }' \ | jq '{ vulns: [.vulns[]?.id], details: [.vulns[]? | {id, summary, fixed: .fixed?, references: (.references // [])}], affected: [.vulns[]? | .affected?] }'

Repository: openshift/cluster-network-operator

Length of output: 3252

Flag vulnerable Go dependency: bump github.com/containernetworking/cni v0.8.0
In go.mod, the dependency github.com/containernetworking/cni v0.8.0 is affected by OSV advisories GHSA-xjqr-g762-pxwp and GO-2022-0230; OSV indicates the fix is v0.8.1.

github.com/containernetworking/cni v0.8.0

Please bump to github.com/containernetworking/cni v0.8.1 (or newer) and regenerate vendor/update go.sum (e.g., via go mod tidy + go mod vendor).

🧰 Tools

🪛 OSV Scanner (2.3.8)

[HIGH] 8-8: github.com/containernetworking/cni 0.8.0: Improper limitation of path name in github.com/containernetworking/cni

(GO-2022-0230)

[HIGH] 8-8: github.com/containernetworking/cni 0.8.0: containernetworking/cni improper limitation of path name

(GHSA-xjqr-g762-pxwp)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@go.mod` at line 8, Update the vulnerable dependency github.com/containernetworking/cni from v0.8.0 to v0.8.1 (or newer) in go.mod, then regenerate module metadata and vendor artifacts by running go mod tidy and updating vendor/go.sum (e.g., go mod vendor) so go.sum and the vendor directory reflect the new version; ensure any references to github.com/containernetworking/cni in go.mod and go.sum are updated and commit the resulting changes.

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (1)

Dockerfile (1)
8-17: ⚖️ Poor tradeoff

Dockerfile final stage lacks USER, but deployment manifests force non-root

No USER is declared in the final stage of Dockerfile (lines 8-17), but the operator pod securityContext sets runAsNonRoot: true and runAsUser: 65534 in manifests/0000_70_cluster-network-operator_03_deployment*.yaml, so it won’t run as root when deployed via these manifests.

Add USER 65534 in the image for defense-in-depth/alignment with the guideline (“never run as root”), and ensure filesystem permissions still work.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 8 - 17, The final Dockerfile stage lacks a USER
declaration which conflicts with the deployment manifests that set
runAsNonRoot/runAsUser 65534; update the Dockerfile final stage to set USER
65534 (so the container image matches manifests) and then verify and fix
filesystem ownership/permissions for installed files and directories (e.g.,
/usr/bin, /manifests, /bindata) so the non-root UID 65534 can read/execute them;
check the CMD ["/usr/bin/cluster-network-operator"] still works under this user
and adjust chown/chmod in the builder/final stages if necessary.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 32-34: The go.mod replace points github.com/openshift/library-go
to a personal fork (github.com/jubittajohn/library-go) for PR `#2171` which is a
supply-chain risk; update the repository to remove the temporary replace once
upstream PR `#2171` is merged and revert to the official openshift/library-go
pseudo-version, and in the meantime add an explicit justification and provenance
note (including the PR number and the specific fixes: HasSyncedChecker and Go
1.26 vet) to the repo tracking docs or a TODO comment near the replace so the
change is auditable; also open or link a tracking issue to revert the replace
when openshift/library-go#2171 lands.

---

Nitpick comments:
In `@Dockerfile`:
- Around line 8-17: The final Dockerfile stage lacks a USER declaration which
conflicts with the deployment manifests that set runAsNonRoot/runAsUser 65534;
update the Dockerfile final stage to set USER 65534 (so the container image
matches manifests) and then verify and fix filesystem ownership/permissions for
installed files and directories (e.g., /usr/bin, /manifests, /bindata) so the
non-root UID 65534 can read/execute them; check the CMD
["/usr/bin/cluster-network-operator"] still works under this user and adjust
chown/chmod in the builder/final stages if necessary.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c9b94bfb-f17e-424b-8057-f74fb4e21448

📥 Commits

Reviewing files that changed from the base of the PR and between bce3ff3 and 9dc51b9.

⛔ Files ignored due to path filters (295)

go.sum is excluded by !**/*.sum
vendor/github.com/Masterminds/semver/v3/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/constraints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/Masterminds/semver/v3/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/decode_map_utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/diagnose.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fxamacker/cbor/v2/valid.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/btree/btree_generic.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/client_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/client_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/constants.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/server_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus/server_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/COPYRIGHT is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/callmeta.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/metric_options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/grpcstatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/native_unwrap1.12-.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/packages/grpcstatus/native_unwrap1.13+.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_reporter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/go-grpc-prometheus/util.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-isatty/isatty_others.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-isatty/isatty_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/register.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machineconfiguration/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
vendor/github.com/openshift/build-machinery-go/OWNERS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/OWNERS_ALIASES is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultauthentication.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultsecretreference.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/containerresource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metricsserverconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/monitoringpluginconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorbuddyinfoconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorcpufreqconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorethtoolconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorksmdconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectormountstatsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetclasscollectconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetclassconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectornetdevconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorprocessesconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsoftirqsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsystemdcollectconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectorsystemdconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexportercollectortcpstatconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatoradmissionwebhookconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/telemeterclientconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awscsidriverconfigspec.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentsource.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevisionmanifestsubstitution.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/config/serving/server.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/cert_config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/keygen.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/management/management_state.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/profile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/resolve.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/openshift/library-go/pkg/pki/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
vendor/go.uber.org/zap/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/go.uber.org/zap/zapcore/entry.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/crypto/hkdf/hkdf.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/html/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/client_conn_pool.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/clientconn.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/config.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/server_wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/transport_wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_common.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_random.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/go118.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/idna.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/idna9.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/pre_go118.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/punycode.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables10.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables11.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables12.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables13.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables15.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables17.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/tables9.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/trie12.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/idna/trie13.0.0.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_loong64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_other_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_riscv64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/cpu/zcpu_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/plan9/syscall_plan9.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/mkall.sh is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (5)

.ci-operator.yaml
Dockerfile
docs/kubernetes-ocp-5.0-bump.md
go.mod
manifests/0000_70_cluster-network-operator_01_pki_crd.yaml

✅ Files skipped from review due to trivial changes (2)

manifests/0000_70_cluster-network-operator_01_pki_crd.yaml
docs/kubernetes-ocp-5.0-bump.md

coderabbitai · 2026-05-31T07:10:24Z

+// Use openshift/library-go PR #2171 until it merges, because it carries the
+// Kubernetes 1.36 HasSyncedChecker fake informer fix and Go 1.26 vet fixes.
+replace github.com/openshift/library-go => github.com/jubittajohn/library-go v0.0.0-20260529005742-3c9df83aa03b


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Supply-chain risk: replace points to a personal fork.

github.com/openshift/library-go is redirected to github.com/jubittajohn/library-go, an individual contributor's fork pinned to an unmerged PR (#2171). A personal fork outside the org's control is a supply-chain risk for a release branch: it can be force-pushed, deleted, or made private, and is not subject to the upstream review/signing process. The inline comment correctly flags this as temporary—please track merge of upstream PR #2171 and revert to an openshift/library-go pseudo-version before this ships in OCP 5.0.

As per coding guidelines (supply chain security: "New deps: justify need, check license compatibility"), confirm the fork's provenance and that it carries only the intended HasSyncedChecker/Go 1.26 vet fixes.

Want me to open a tracking issue to revert this replace once openshift/library-go#2171 merges?

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@go.mod` around lines 32 - 34, The go.mod replace points github.com/openshift/library-go to a personal fork (github.com/jubittajohn/library-go) for PR `#2171` which is a supply-chain risk; update the repository to remove the temporary replace once upstream PR `#2171` is merged and revert to the official openshift/library-go pseudo-version, and in the meantime add an explicit justification and provenance note (including the PR number and the specific fixes: HasSyncedChecker and Go 1.26 vet) to the repo tracking docs or a TODO comment near the replace so the change is auditable; also open or link a tracking issue to revert the replace when openshift/library-go#2171 lands.

Update the operator dependency baseline to Kubernetes 1.36.1 and align the build/runtime images with the OCP 5.0 toolchain. This keeps cluster-network-operator on the target platform versions expected by the next release while preserving the established dependency bump flow from earlier Kubernetes/OCP updates. Refresh Go modules and vendor content for the Kubernetes 1.36.1 stack, controller-runtime/controller-tools updates, OpenShift API/client/build-machinery dependencies, and generated manifests. The normal OpenShift module refresh avoids a release-5.0 suffix where previous bumps did not require one. Use openshift/library-go PR openshift#2171 through a temporary replace to github.com/jubittajohn/library-go because that PR carries the Kubernetes 1.36 SharedIndexInformer HasSyncedChecker fake informer fix and Go 1.26 vet fixes. This keeps vendor generated by go mod vendor instead of carrying direct hand edits under vendor, which verify-deps rejects. Keep controller-gen built through the vendored tools path. Keep .ci-operator.yaml on the in-repository build_root_image shape expected by CNO's CI loader, and keep the openshift/release build-root stream while moving it to the Go 1.26/OCP 5.0 tag used by the osac-project/fulfillment-service pattern. Add inline comments in the touched build/dependency configuration explaining the version and PR choices. Add docs/kubernetes-ocp-5.0-bump.md to document the version targets, previous-commit references, library-go PR usage, implementation behavior, local verification results, and expected verify-deps behavior. Verification: make build, make test, go vet -mod=vendor ./..., hack/update-codegen.sh, and a vendored controller-gen build passed. Re-running go mod tidy and go mod vendor produced no additional dependency diff beyond this patch.

miheer · 2026-06-01T04:07:56Z

/retest

openshift-ci-robot · 2026-06-01T08:02:10Z

@miheer: An error was encountered searching for bug CORENET-7046 on the Jira server at https://redhat.atlassian.net. No known errors were detected, please see the full error message for details.

Full error message.


No response returned: Get "https://redhat.atlassian.net/rest/api/2/issue/CORENET-7046": GET https://redhat.atlassian.net/rest/api/2/issue/CORENET-7046 giving up after 5 attempt(s)

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

Details

In response to this:

Update the operator dependency baseline to Kubernetes 1.36.1 and align the build/runtime images with the OCP 5.0 toolchain. This keeps cluster-network-operator on the target platform versions expected by the next release while preserving the established dependency bump flow from earlier Kubernetes/OCP updates.

Refresh Go modules and vendor content for the Kubernetes 1.36.1 stack, controller-runtime/controller-tools updates, OpenShift API/client/library dependencies, and generated manifests. The OpenShift modules are updated without a release-5.0 suffix because the referenced previous bump pattern did not require it for these dependencies, and build-machinery-go did not provide that branch.

Keep controller-gen built through the vendored tools path, add the Kubernetes 1.36 SharedIndexInformer HasSyncedChecker compatibility method to the vendored library-go test helper, and update local Darwin arm64 tool bootstrap logic for yq/yaml-patch so make verify can get past the tool-install phase while Linux CI continues to use the release binaries.

Add inline comments in the touched build/tooling compatibility areas explaining what changed and why. Add docs/kubernetes-ocp-5.0-bump.md to document the version targets, previous-commit references, implementation behavior, local verification results, and expected make verify behavior.

Verification: make build, make test, hack/update-codegen.sh, and a vendored controller-gen build passed. make verify passed the prior yq/yaml-patch failure points locally and only stopped at the final git diff check before commit because the intended generated/vendor changes were present.

Summary by CodeRabbit

Chores

Bumped Go toolchain to 1.26, refreshed dependencies and vendor for Kubernetes 1.36 compatibility, and rebased builder/runtime images to OpenShift 5.0 (updated container build/runtime bases).

Documentation

Added upgrade notes detailing dependency bumps, vendor regeneration, controller-gen annotation update, compatibility workaround, and validation/verify outcomes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

miheer · 2026-06-01T09:27:01Z

/retest

miheer · 2026-06-01T09:27:21Z

Failure due to image pulls from quay.io returning 502 Bad Gateway, causing ErrImagePull / ImagePullBackOff

miheer · 2026-06-02T08:24:14Z

/retest-failed

miheer · 2026-06-02T08:26:31Z

/retest

miheer · 2026-06-02T17:48:58Z

/retest-failed

miheer · 2026-06-03T18:15:34Z

/retest-failed

miheer · 2026-06-03T18:15:58Z

/retest

miheer · 2026-06-04T07:51:49Z

/retest

miheer · 2026-06-04T15:32:06Z

/retest

miheer · 2026-06-06T07:10:29Z

/retest

openshift-ci · 2026-06-06T12:29:15Z

@miheer: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/4.22-upgrade-from-stable-4.21-e2e-aws-ovn-upgrade	`771a825`	link	false	`/test 4.22-upgrade-from-stable-4.21-e2e-aws-ovn-upgrade`
ci/prow/4.22-upgrade-from-stable-4.21-e2e-azure-ovn-upgrade	`771a825`	link	false	`/test 4.22-upgrade-from-stable-4.21-e2e-azure-ovn-upgrade`
ci/prow/4.22-upgrade-from-stable-4.21-e2e-gcp-ovn-upgrade	`771a825`	link	false	`/test 4.22-upgrade-from-stable-4.21-e2e-gcp-ovn-upgrade`
ci/prow/security	`771a825`	link	false	`/test security`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci Bot requested review from danwinship and martinkennelly May 31, 2026 06:15

coderabbitai Bot reviewed May 31, 2026

View reviewed changes

miheer force-pushed the CORENET-7046 branch 2 times, most recently from bce3ff3 to 9dc51b9 Compare May 31, 2026 07:00

coderabbitai Bot reviewed May 31, 2026

View reviewed changes

miheer force-pushed the CORENET-7046 branch from 9dc51b9 to 771a825 Compare May 31, 2026 08:54

miheer changed the title ~~Bump Kubernetes to 1.36.1 and OCP to 5.0~~ CORENET-7046: Bump Kubernetes to 1.36.1 and OCP to 5.0 Jun 1, 2026

miheer changed the title ~~CORENET-7046: Bump Kubernetes to 1.36.1 and OCP to 5.0~~ WIP: CORENET-7046: Bump Kubernetes to 1.36.1 and OCP to 5.0 Jun 1, 2026

openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 1, 2026

Conversation

miheer commented May 31, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented May 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Pre-merge checks failed

❌ Failed checks (1 error)

Uh oh!

openshift-ci Bot commented May 31, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 31, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 31, 2026

Choose a reason for hiding this comment

Uh oh!

miheer commented Jun 1, 2026

Uh oh!

openshift-ci-robot commented Jun 1, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

miheer commented Jun 1, 2026

Uh oh!

miheer commented Jun 1, 2026

Uh oh!

miheer commented Jun 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

miheer commented Jun 2, 2026

Uh oh!

miheer commented Jun 2, 2026

Uh oh!

miheer commented Jun 3, 2026

Uh oh!

miheer commented Jun 3, 2026

Uh oh!

miheer commented Jun 4, 2026

Uh oh!

miheer commented Jun 4, 2026

Uh oh!

miheer commented Jun 6, 2026

Uh oh!

openshift-ci Bot commented Jun 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

miheer commented May 31, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 31, 2026 •

edited

Loading

openshift-ci-robot commented Jun 1, 2026 •

edited by openshift-ci Bot

Loading

miheer commented Jun 2, 2026 •

edited

Loading