From 8612dd8408d6bc9a241a5f8644ba543117263a58 Mon Sep 17 00:00:00 2001 From: nirichar Date: Thu, 20 Nov 2025 11:10:23 -0500 Subject: [PATCH 1/4] Add featuregate for TLS curve API config enhancement --- features.md | 1 + features/features.go | 8 ++++++++ .../featuregates/featureGate-Hypershift-Default.yaml | 3 +++ .../featureGate-Hypershift-DevPreviewNoUpgrade.yaml | 3 +++ .../featureGate-Hypershift-TechPreviewNoUpgrade.yaml | 3 +++ .../featuregates/featureGate-SelfManagedHA-Default.yaml | 3 +++ .../featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml | 3 +++ .../featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml | 3 +++ 8 files changed, 27 insertions(+) diff --git a/features.md b/features.md index 1e3041ee9b2..ceafc75050c 100644 --- a/features.md +++ b/features.md @@ -16,6 +16,7 @@ | NewOLMPreflightPermissionChecks| | | | Enabled | | Enabled | | NoRegistryClusterInstall| | | | Enabled | | Enabled | | ProvisioningRequestAvailable| | | Enabled | Enabled | | | +| TLSCurvesConfiguration| | | Enabled | Enabled | | | | HyperShiftOnlyDynamicResourceAllocation| Enabled | | Enabled | | Enabled | | | NewOLM| | Enabled | | Enabled | | Enabled | | NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | diff --git a/features/features.go b/features/features.go index f18b67efe7c..ce3aa2a87d6 100644 --- a/features/features.go +++ b/features/features.go @@ -945,4 +945,12 @@ var ( enhancementPR("https://github.com/kubernetes/enhancements/issues/4381"). enableForClusterProfile(Hypershift, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). mustRegister() + + FeatureGateTLSCurvesConfiguration = newFeatureGate("TLSCurvesConfiguration"). + reportProblemsToJiraComponent("Networking"). + contactPerson("davidesalerno"). + productScope(kubernetes). + enhancementPR("https://github.com/openshift/enhancements/pull/1894"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() ) diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml index 5fdb6fd0155..d4a9f8c310e 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml @@ -219,6 +219,9 @@ { "name": "SigstoreImageVerificationPKI" }, + { + "name": "TLSCurvesConfiguration" + }, { "name": "TranslateStreamCloseWebsocketRequests" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml index 124104057f3..77ba8b76b12 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml @@ -325,6 +325,9 @@ { "name": "StoragePerformantSecurityPolicy" }, + { + "name": "TLSCurvesConfiguration" + }, { "name": "TranslateStreamCloseWebsocketRequests" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml index 383a8662523..c258bacdd03 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml @@ -67,6 +67,9 @@ }, { "name": "ShortCertRotation" + }, + { + "name": "TLSCurvesConfiguration" } ], "enabled": [ diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml index b619bdb03bb..916b1bc1897 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml @@ -216,6 +216,9 @@ { "name": "SigstoreImageVerificationPKI" }, + { + "name": "TLSCurvesConfiguration" + }, { "name": "TranslateStreamCloseWebsocketRequests" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml index 892b47a2545..23d768ff29c 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -325,6 +325,9 @@ { "name": "StoragePerformantSecurityPolicy" }, + { + "name": "TLSCurvesConfiguration" + }, { "name": "TranslateStreamCloseWebsocketRequests" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml index 4eb34308f09..4baf523ca8c 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -52,6 +52,9 @@ }, { "name": "ShortCertRotation" + }, + { + "name": "TLSCurvesConfiguration" } ], "enabled": [ From 2065bc2653c6d6974ccc95ace3955697f7cf64fd Mon Sep 17 00:00:00 2001 From: nirichar Date: Thu, 20 Nov 2025 11:14:37 -0500 Subject: [PATCH 2/4] Update featuregate name --- features/features.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/features/features.go b/features/features.go index ce3aa2a87d6..e25535000ba 100644 --- a/features/features.go +++ b/features/features.go @@ -947,9 +947,9 @@ var ( mustRegister() FeatureGateTLSCurvesConfiguration = newFeatureGate("TLSCurvesConfiguration"). - reportProblemsToJiraComponent("Networking"). - contactPerson("davidesalerno"). - productScope(kubernetes). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("richardsonnick"). + productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1894"). enableIn(configv1.DevPreviewNoUpgrade). mustRegister() From 6a5ffa91c73e795b64f8a48a6dd0e9b234860758 Mon Sep 17 00:00:00 2001 From: nirichar Date: Fri, 21 Nov 2025 10:37:16 -0500 Subject: [PATCH 3/4] Update Jira Component --- features/features.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/features.go b/features/features.go index e25535000ba..e9765ab1c65 100644 --- a/features/features.go +++ b/features/features.go @@ -947,7 +947,7 @@ var ( mustRegister() FeatureGateTLSCurvesConfiguration = newFeatureGate("TLSCurvesConfiguration"). - reportProblemsToJiraComponent("kube-apiserver"). + reportProblemsToJiraComponent("Networking"). contactPerson("richardsonnick"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1894"). From b1e173ab8362153572fd5a5a2f3494cec9353413 Mon Sep 17 00:00:00 2001 From: nirichar Date: Fri, 21 Nov 2025 10:39:02 -0500 Subject: [PATCH 4/4] Change contact person --- features/features.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/features.go b/features/features.go index e9765ab1c65..30cede7d87d 100644 --- a/features/features.go +++ b/features/features.go @@ -948,7 +948,7 @@ var ( FeatureGateTLSCurvesConfiguration = newFeatureGate("TLSCurvesConfiguration"). reportProblemsToJiraComponent("Networking"). - contactPerson("richardsonnick"). + contactPerson("davidesalerno"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1894"). enableIn(configv1.DevPreviewNoUpgrade).