Skip to content

CORS-4029: Promote AWSClusterHostedDNSInstall to Default #2589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sadasu wants to merge 1 commit into
base: master
Choose a base branch
from
Open

CORS-4029: Promote AWSClusterHostedDNSInstall to Default #2589

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion config/v1/tests/infrastructures.config.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if w
name: "Infrastructure"
crdName: infrastructures.config.openshift.io
featureGates:
- -AWSClusterHostedDNSInstall
- -AzureClusterHostedDNSInstall
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
Expand Down Expand Up @@ -1692,6 +1692,8 @@ tests:
platform: AWS
platformStatus:
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
region: us-east-1
resourceTags:
- key: key with space
Expand All @@ -1711,6 +1713,8 @@ tests:
platform: AWS
platformStatus:
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
region: us-east-1
resourceTags:
- key: key with space
Expand All @@ -1730,6 +1734,8 @@ tests:
platform: AWS
platformStatus:
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
region: us-east-1
resourceTags:
- key: key with space
Expand Down Expand Up @@ -1757,6 +1763,8 @@ tests:
platform: AWS
platformStatus:
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
region: us-east-1
resourceTags:
- key: key:_./=+-@
Expand All @@ -1776,6 +1784,8 @@ tests:
platform: AWS
platformStatus:
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
region: us-east-1
resourceTags:
- key: key:_./=+-@
Expand Down
11 changes: 9 additions & 2 deletions config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNS.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ name: "Infrastructure"
crdName: infrastructures.config.openshift.io
featureGates:
- AWSClusterHostedDNSInstall
- AWSDualStackInstall
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
Expand All @@ -28,7 +29,10 @@ tests:
infrastructureTopology: HighlyAvailable
platform: AWS
platformStatus:
aws: {}
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
ipFamily: IPv4
type: AWS
updated: |
apiVersion: config.openshift.io/v1
Expand All @@ -42,7 +46,10 @@ tests:
infrastructureTopology: HighlyAvailable
platform: AWS
platformStatus:
aws: {}
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
ipFamily: IPv4
type: AWS
expected: |
apiVersion: config.openshift.io/v1
Expand Down
11 changes: 9 additions & 2 deletions config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNSInstall.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ name: "Infrastructure"
crdName: infrastructures.config.openshift.io
featureGates:
- AWSClusterHostedDNSInstall
- AWSDualStackInstall
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
Expand All @@ -28,7 +29,10 @@ tests:
infrastructureTopology: HighlyAvailable
platform: AWS
platformStatus:
aws: {}
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
ipFamily: IPv4
type: AWS
Comment on lines +32 to 36
Copy link

@coderabbitai coderabbitai bot Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

find . -type f -name "*infrastructures*crd*.yaml" | head -20

Repository: openshift/api

Length of output: 170

🌐 Web query:

OpenShift Infrastructure CRD status platformStatus aws ipFamily schema

💡 Result:

Short answer: The Infrastructure.config.openshift.io status.platformStatus.aws schema does not include an ipFamily field. platformStatus.aws contains AWS-specific status like region, resourceTags and serviceEndpoints; ipFamily is an AWS/EKS cluster networking setting (not part of the OpenShift Infrastructure CRD). [1][2][3]

Sources

  • OpenShift Infrastructure API reference — .status.platformStatus.aws (shows aws properties: region, resourceTags, serviceEndpoints). [1][2]
  • AWS EKS KubernetesNetworkConfig / ipFamily documentation (ipFamily is an EKS cluster/network setting: "ipv4" or "ipv6"). [3]

References
[1] OpenShift Container Platform — Infrastructure .status.platformStatus (aws properties). (docs.redhat.com)
[2] OKD / OpenShift API reference — .status.platformStatus.aws (region, resourceTags, serviceEndpoints). (docs.okd.io)
[3] AWS EKS KubernetesNetworkConfig / KubernetesNetworkConfigRequest (ipFamily description). (docs.aws.amazon.com)

If you want, I can paste the exact Infrastructure CRD aws JSON/YAML snippet or show how to record IP-family-related info (e.g., where EKS exposes it).

Citations:

Remove ipFamily from status.platformStatus.aws—field not supported by Infrastructure CRD schema.

The Infrastructure CRD schema for status.platformStatus.aws only supports region, resourceTags, and serviceEndpoints. The ipFamily field does not exist at that path and will cause validation failures. This appears in lines 32-36 and 49-53 of the test file.

🤖 Prompt for AI Agents 
In
config/v1/tests/infrastructures.config.openshift.io/AWSClusterHostedDNSInstall.yaml
around lines 32-36 (and similarly lines 49-53), the status.platformStatus.aws
object includes an unsupported ipFamily field; remove the ipFamily entries from
status.platformStatus.aws so the YAML conforms to the Infrastructure CRD schema
(which only accepts region, resourceTags, and serviceEndpoints at that path),
leaving the aws block with only supported fields.

updated: |
apiVersion: config.openshift.io/v1
Expand All @@ -42,7 +46,10 @@ tests:
infrastructureTopology: HighlyAvailable
platform: AWS
platformStatus:
aws: {}
aws:
cloudLoadBalancerConfig:
dnsType: PlatformDefault
ipFamily: IPv4
type: AWS
expected: |
apiVersion: config.openshift.io/v1
Expand Down
104 changes: 104 additions & 0 deletions ...v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1171,6 +1171,110 @@ spec:
description: aws contains settings specific to the Amazon Web
Services infrastructure provider.
properties:
cloudLoadBalancerConfig:
default:
dnsType: PlatformDefault
description: |-
cloudLoadBalancerConfig holds configuration related to DNS and cloud
load balancers. It allows configuration of in-cluster DNS as an alternative
to the platform default DNS implementation.
When using the ClusterHosted DNS type, Load Balancer IP addresses
must be provided for the API and internal API load balancers as well as the
ingress load balancer.
nullable: true
properties:
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Balancers on Cloud Platforms. The DNS solution hosted within the cluster
use these IP addresses to provide resolution for API, API-Int and Ingress
services.
properties:
apiIntLoadBalancerIPs:
description: |-
apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
Entries in the apiIntLoadBalancerIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
apiLoadBalancerIPs:
description: |-
apiLoadBalancerIPs holds Load Balancer IPs for the API service.
These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
Could be empty for private clusters.
Entries in the apiLoadBalancerIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
ingressLoadBalancerIPs:
description: |-
ingressLoadBalancerIPs holds IPs for Ingress Load Balancers.
These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
Entries in the ingressLoadBalancerIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
type: object
dnsType:
default: PlatformDefault
description: |-
dnsType indicates the type of DNS solution in use within the cluster. Its default value of
`PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform.
It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode,
the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed.
The cluster's use of the cloud's Load Balancers is unaffected by this setting.
The value is immutable after it has been set at install time.
Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS.
Enabling this functionality allows the user to start their own DNS solution outside the cluster after
installation is complete. The customer would be responsible for configuring this custom DNS solution,
and it can be run in addition to the in-cluster DNS solution.
enum:
- ClusterHosted
- PlatformDefault
type: string
x-kubernetes-validations:
- message: dnsType is immutable
rule: oldSelf == '' || self == oldSelf
type: object
x-kubernetes-validations:
- message: clusterHosted is permitted only when dnsType is
ClusterHosted
rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted''
? !has(self.clusterHosted) : true'
Comment on lines +1174 to +1277
Copy link

@coderabbitai coderabbitai bot Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

Verify format: ip placement for schema validation compatibility.

The format: ip field is placed at the array level (lines 1199, 1219, 1238 for AWS; lines 1625, 1645, 1664 for GCP) rather than on individual items. In OpenAPI and Kubernetes validation schemas, the format keyword typically applies to the string type of items, not the array container. This placement may not enforce IP validation as intended.

If the format should be on items, apply this diff for the AWS section (and mirror for GCP):

              apiIntLoadBalancerIPs:
                description: |-
                  apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
                  These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
                  Entries in the apiIntLoadBalancerIPs must be unique.
                  A maximum of 16 IP addresses are permitted.
-               format: ip
                items:
                  description: IP is an IP address (for example, "10.0.0.0"
                    or "fd00::").
+                 format: ip
                  maxLength: 39

Also applies to: 1600-1703

🌐 Web query:

Does Kubernetes CRD validation support `format: ip` on array fields in OpenAPI v3 schemas, or should it be on the items?

💡 Result:

Use items. The OpenAPI/CRD schema "format" applies to string types only, so for an array you must put format (e.g. "ip", "ipv4", "ipv6") on the items schema (items.type: string + items.format: ...). Kubernetes docs note format can only be set when type is string, and examples/CEL examples validate items rather than the array itself. [1][2]

Sources:

  1. Kubernetes API docs: openAPIV3Schema field — "format is an OpenAPI v3 format string... NOTE: Can only be set if type is string." [turn1search2].
  2. Kubernetes CRD examples / CEL validation showing array items use (put format/constraints under items). [turn1search0].

Move format: ip from array level to items schema for proper IP validation.

The OpenAPI v3 format keyword applies only to string types, so for arrays you must place format (e.g., "ip", "ipv4", "ipv6") on the items schema, not the array container. Currently, format: ip is placed at the array level (lines 1199, 1219, 1238 for AWS; lines 1625, 1645, 1664 for GCP), which will not enforce IP validation as intended.

Apply this fix to all three IP list fields in both AWS and GCP sections:

              apiIntLoadBalancerIPs:
                description: |-
                  apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service.
                  These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses.
                  Entries in the apiIntLoadBalancerIPs must be unique.
                  A maximum of 16 IP addresses are permitted.
-               format: ip
                items:
                  description: IP is an IP address (for example, "10.0.0.0"
                    or "fd00::").
+                 format: ip
                  maxLength: 39

Apply the same pattern to apiLoadBalancerIPs and ingressLoadBalancerIPs in both AWS (lines 1199, 1219, 1238) and GCP (lines 1625, 1645, 1664) sections.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In
config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
around lines 1174-1277 (and similarly apply to the GCP blocks referenced at
~1625-1664), the array-level "format: ip" is incorrectly placed on the array
node for apiIntLoadBalancerIPs, apiLoadBalancerIPs and ingressLoadBalancerIPs;
move the "format: ip" key out of the array object and into each field's "items"
schema (next to type: string and its validations), and remove the array-level
format so the OpenAPI string items actually enforce IP format validation for all
three IP list fields in both AWS and GCP sections.

region:
description: region holds the default AWS region for new AWS
resources created by the cluster.
Expand Down
2 changes: 1 addition & 1 deletion features.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
| NewOLM| | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> |
| NewOLMWebhookProviderOpenshiftServiceCA| | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> | | <span style="background-color: #519450">Enabled</span> |
| AWSClusterHostedDNS| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AWSClusterHostedDNSInstall| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AWSDedicatedHosts| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AWSDualStackInstall| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AWSServiceLBNetworkSecurityGroup| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
Expand Down Expand Up @@ -74,6 +73,7 @@
| VSphereHostVMGroupZonal| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| VSphereMixedNodeEnv| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| VolumeGroupSnapshot| | | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AWSClusterHostedDNSInstall| <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AdditionalRoutingCapabilities| <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AdminNetworkPolicy| <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
| AlibabaPlatform| <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> | <span style="background-color: #519450">Enabled</span> |
Expand Down
2 changes: 1 addition & 1 deletion features/features.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -827,7 +827,7 @@ var (
contactPerson("barbacbd").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1468").
enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
mustRegister()

FeatureGateGCPCustomAPIEndpointsInstall = newFeatureGate("GCPCustomAPIEndpointsInstall").
Expand Down
Loading