MCO-1931: Promote ManagedBootImagesCPMS feature gate to the Default featureset

[djoshy]

User description

This promotes the CPMS boot image update feature to default. Note that this feature is only supported on the AWS, GCP and Azure platforms, so no test history is expected on the other platforms.

---

PR Type

Enhancement

---

Description

• Promote ManagedBootImagesCPMS feature gate to Default featureset

• Add controlplanemachinesets enum value to CRD resource field

• Add validation rule restricting ControlPlaneMachineSet selection modes

• Update feature gate documentation and manifest files accordingly

---

Diagram Walkthrough

flowchart LR
  A["ManagedBootImagesCPMS<br/>Feature Gate"] -->|"Enable in Default<br/>and OKD"| B["Feature Gate<br/>Configuration"]
  B -->|"Update CRD<br/>Enums"| C["Add controlplanemachinesets<br/>Resource Type"]
  C -->|"Add Validation<br/>Rules"| D["Restrict CPMS<br/>Selection Modes"]
  B -->|"Update Manifests"| E["Feature Gate<br/>Documentation"]

Loading

File Walkthrough

	Relevant files
Enhancement	1 files features.go Enable ManagedBootImagesCPMS in Default and OKD                    +1/-1
Documentation	1 files features.md Move ManagedBootImagesCPMS to Default featureset table      +1/-1
Configuration changes	8 files 0000_80_machine-config_01_machineconfigurations-Default.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    0000_80_machine-config_01_machineconfigurations-Default.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    featureGate-Hypershift-Default.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3      featureGate-Hypershift-OKD.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3      featureGate-SelfManagedHA-Default.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3      featureGate-SelfManagedHA-OKD.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3

---

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@djoshy: This pull request references MCO-1931 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This promotes the CPMS boot image update feature to default. Note that this feature is only supported on the AWS, GCP and Azure platforms, so no test history is expected on the other platforms.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request extends the ManagedBootImagesCPMS feature to include additional configurations and resource types. The feature gate visibility was expanded in the features file to include Default and OKD platforms. Feature gate configurations were updated across Hypershift and SelfManagedHA environments to move ManagedBootImagesCPMS from disabled to enabled lists. CRD definitions for both Default and OKD variants were modified to support controlplanemachinesets as a valid resource type alongside existing machinesets, with accompanying validation rules requiring All or None selection modes for controlplanemachinesets.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main objective of the changeset: promoting the ManagedBootImagesCPMS feature gate to the Default featureset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description clearly describes the changeset, including promoting the ManagedBootImagesCPMS feature gate to Default, adding controlplanemachinesets enum values, and adding validation rules to CRDs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hello @djoshy! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci-robot]

@djoshy: This pull request references MCO-1931 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

User description

This promotes the CPMS boot image update feature to default. Note that this feature is only supported on the AWS, GCP and Azure platforms, so no test history is expected on the other platforms.

---

PR Type

Enhancement

---

Description

• Promote ManagedBootImagesCPMS feature gate to Default featureset

• Add controlplanemachinesets enum value to CRD resource field

• Add validation rule restricting ControlPlaneMachineSet selection modes

• Update feature gate documentation and manifest files accordingly

---

Diagram Walkthrough

flowchart LR
 A["ManagedBootImagesCPMS<br/>Feature Gate"] -->|"Enable in Default<br/>and OKD"| B["Feature Gate<br/>Configuration"]
 B -->|"Update CRD<br/>Enums"| C["Add controlplanemachinesets<br/>Resource Type"]
 C -->|"Add Validation<br/>Rules"| D["Restrict CPMS<br/>Selection Modes"]
 B -->|"Update Manifests"| E["Feature Gate<br/>Documentation"]

Loading

File Walkthrough

	Relevant files
Enhancement	1 files features.go Enable ManagedBootImagesCPMS in Default and OKD                    +1/-1
Documentation	1 files features.md Move ManagedBootImagesCPMS to Default featureset table      +1/-1
Configuration changes	8 files 0000_80_machine-config_01_machineconfigurations-Default.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    0000_80_machine-config_01_machineconfigurations-Default.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml Add controlplanemachinesets enum and validation rules        +12/-0    featureGate-Hypershift-Default.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3      featureGate-Hypershift-OKD.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3      featureGate-SelfManagedHA-Default.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3      featureGate-SelfManagedHA-OKD.yaml Move ManagedBootImagesCPMS to Default features list            +3/-3

---

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[djoshy]

The feature promo test seemed to be giving me timeouts(was working fine yesterday), so opening a PR to see if it does better:

$ make verify-feature-promotion 
hack/verify-promoted-features-pass-tests.sh
comparing against master
writing master:featureGate-Hypershift-Default.yaml to temp
writing master:featureGate-Hypershift-DevPreviewNoUpgrade.yaml to temp
writing master:featureGate-Hypershift-OKD.yaml to temp
writing master:featureGate-Hypershift-TechPreviewNoUpgrade.yaml to temp
writing master:featureGate-SelfManagedHA-Default.yaml to temp
writing master:featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml to temp
writing master:featureGate-SelfManagedHA-OKD.yaml to temp
writing master:featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml to temp
make[1]: Entering directory '/home/djoshy/go/src/github.com/openshift/api/tools'
make[1]: Leaving directory '/home/djoshy/go/src/github.com/openshift/api/tools'
Query sippy for all test run results for feature gate "ManagedBootImagesCPMS" on clusterProfile ["Hypershift" "SelfManagedHA"]
Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"aws", Architecture:"amd64", Topology:"ha", NetworkStack:""}
Querying sippy release 4.22 for test run results
Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"azure", Architecture:"amd64", Topology:"ha", NetworkStack:""}
Querying sippy release 4.22 for test run results
Insufficient results in last 7 days, increasing lookback to 2 weeks...Insufficient results in last 7 days, increasing lookback to 2 weeks...Insufficient results in last 7 days, increasing lookback to 2 weeks...Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"gcp", Architecture:"amd64", Topology:"ha", NetworkStack:""}
Querying sippy release 4.22 for test run results
Insufficient results in last 7 days, increasing lookback to 2 weeks...Insufficient results in last 7 days, increasing lookback to 2 weeks...Insufficient results in last 7 days, increasing lookback to 2 weeks...Insufficient results in last 7 days, increasing lookback to 2 weeks...Insufficient results in last 7 days, increasing lookback to 2 weeks...Insufficient results in last 7 days, increasing lookback to 2 weeks...Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"vsphere", Architecture:"amd64", Topology:"ha", NetworkStack:""}
Querying sippy release 4.22 for test run results
Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"metal", Architecture:"amd64", Topology:"ha", NetworkStack:"ipv4"}
Querying sippy release 4.22 for test run results
Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"metal", Architecture:"amd64", Topology:"ha", NetworkStack:"ipv6"}
Querying sippy release 4.22 for test run results
Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"metal", Architecture:"amd64", Topology:"ha", NetworkStack:"dual"}
Querying sippy release 4.22 for test run results
Query sippy for all test run results for pattern "FeatureGate:ManagedBootImagesCPMS]" on variant main.JobVariant{Cloud:"aws", Architecture:"amd64", Topology:"single", NetworkStack:""}
Querying sippy release 4.22 for test run results
F0129 10:31:45.274984 2821840 root.go:64] Error running codegen: Get "https://sippy.dptools.openshift.org/api/tests?filter=%7B%22items%22%3A%5B%7B%22columnField%22%3A%22variants%22%2C%22not%22%3Afalse%2C%22operatorValue%22%3A%22contains%22%2C%22value%22%3A%22Platform%3Aaws%22%7D%2C%7B%22columnField%22%3A%22variants%22%2C%22not%22%3Afalse%2C%22operatorValue%22%3A%22contains%22%2C%22value%22%3A%22Architecture%3Aamd64%22%7D%2C%7B%22columnField%22%3A%22variants%22%2C%22not%22%3Afalse%2C%22operatorValue%22%3A%22contains%22%2C%22value%22%3A%22Topology%3Asingle%22%7D%2C%7B%22columnField%22%3A%22name%22%2C%22not%22%3Afalse%2C%22operatorValue%22%3A%22contains%22%2C%22value%22%3A%22FeatureGate%3AManagedBootImagesCPMS%5D%22%7D%5D%2C%22linkOperator%22%3A%22and%22%7D&period=default&release=4.22": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Quote CEL expression Fix the CEL expression in the CRD validation rule by enclosing it in double quotes and using escaped double quotes for string literals. operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml [201-205] x-kubernetes-validations: -- message: Only All or None selection mode is permitted for - ControlPlaneMachineSets - rule: self.resource != 'controlplanemachinesets' || self.selection.mode - == 'All' || self.selection.mode == 'None' +- message: Only All or None selection mode is permitted for ControlPlaneMachineSets + rule: "self.resource != \"controlplanemachinesets\" || self.selection.mode == \"All\" || self.selection.mode == \"None\"" Apply / Chat Suggestion importance[1-10]: 8 __ Why: This suggestion corrects a critical syntax error in the CEL validation rule, which would otherwise fail to parse and prevent the CRD from being applied correctly.	Medium
General	Alphabetize feature list Alphabetize the feature gate list to ensure consistency and prevent manual placement errors. payload-manifests/featuregates/featureGate-Hypershift-Default.yaml [302-313] +{ + "name": "ManagedBootImagesAWS" +}, +{ + "name": "ManagedBootImagesAzure" +}, +{ + "name": "ManagedBootImagesCPMS" +}, +{ + "name": "ManagedBootImagesvSphere" +}, - [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 2 __ Why: The suggestion proposes alphabetizing the feature list for consistency, which is a valid style improvement but has no functional impact.	Low
More

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@features.md`:
- Line 100: The table row for feature ManagedBootImagesCPMS violates MD060
spacing around pipes; edit the row so there is a single space between the
feature name and the following pipe (i.e., change "ManagedBootImagesCPMS|" to
"ManagedBootImagesCPMS |") and ensure spacing around all pipes in that row
matches the table's configured style (one space on each side).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix MD060 table pipe spacing on this row.

Line 100 violates the configured table column style. Please normalize the spacing around the pipe after the feature name to match the table’s configured style.

🧹 Suggested spacing fix

-| ManagedBootImagesCPMS| <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span>  |
+| ManagedBootImagesCPMS | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span>  |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

| ManagedBootImagesCPMS| <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |

| ManagedBootImagesCPMS | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> | <span style="background-color: `#519450`">Enabled</span> |

🧰 Tools

🪛 markdownlint-cli2 (0.20.0)

100-100: Table column style
Table pipe is missing space to the left for style "compact"

(MD060, table-column-style)

---

100-100: Table column style
Table pipe has extra space to the left for style "compact"

(MD060, table-column-style)

🤖 Prompt for AI Agents

In `@features.md` at line 100, The table row for feature ManagedBootImagesCPMS
violates MD060 spacing around pipes; edit the row so there is a single space
between the feature name and the following pipe (i.e., change
"ManagedBootImagesCPMS|" to "ManagedBootImagesCPMS |") and ensure spacing around
all pipes in that row matches the table's configured style (one space on each
side).

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign everettraven for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[djoshy]

/test verify-feature-promotion

[qodo-code-review]

PR-Agent: could not fine a component named verify-feature-promotion in a supported language in this PR.

[djoshy]

/test verify-feature-promotion

[qodo-code-review]

PR-Agent: could not fine a component named verify-feature-promotion in a supported language in this PR.

[openshift-ci]

@djoshy: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/minor-e2e-upgrade-minor	1d80080	link	true	/test minor-e2e-upgrade-minor
ci/prow/verify-feature-promotion	1d80080	link	true	/test verify-feature-promotion

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.