Skip to content

🐛 OCPBUGS-85337: set imagePullPolicy IfNotPresent on provider workloads#424

Open
stefanonardo wants to merge 2 commits into
openshift:mainfrom
stefanonardo:OCPBUGS-85337-imagepullpolicy-ifnotpresent
Open

🐛 OCPBUGS-85337: set imagePullPolicy IfNotPresent on provider workloads#424
stefanonardo wants to merge 2 commits into
openshift:mainfrom
stefanonardo:OCPBUGS-85337-imagepullpolicy-ifnotpresent

Conversation

@stefanonardo

@stefanonardo stefanonardo commented Jul 10, 2026

Copy link
Copy Markdown

Summary

Depends on: openshift/cluster-capi-operator#618 (merged)

Port of: openshift/cluster-api-provider-aws#619

Test plan

  • Run upgrade in a techpreview disconnected cluster using only pinned image sets and verify capo-controller-manager pods no longer crash with ImagePullBackOff
  • Verify capo-controller-manager Deployment has imagePullPolicy: IfNotPresent

Summary by CodeRabbit

  • Bug Fixes

    • Improved controller startup behavior by avoiding unnecessary image downloads when the image is already available locally.
  • Chores

    • Updated an internal tooling dependency to a newer version.

…gePullPolicy fix

Vendor manifests-gen from openshift/cluster-capi-operator#618 which
sets imagePullPolicy: IfNotPresent on all containers in all provider
workloads via kustomize, fixing disconnected cluster upgrades using
pinned image sets (OCPBUGS-85337).
Regenerated via `make ocp-manifests` after vendoring the manifests-gen
fix. The capo-controller-manager Deployment container now has
imagePullPolicy: IfNotPresent instead of Always, fixing disconnected
cluster upgrades using pinned image sets (OCPBUGS-85337).
@openshift-ci-robot openshift-ci-robot added jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jul 10, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@stefanonardo: This pull request references Jira Issue OCPBUGS-85337, which is invalid:

  • expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is Verified instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

Depends on: openshift/cluster-capi-operator#618 (merged)

Port of: openshift/cluster-api-provider-aws#619

Test plan

  • Run upgrade in a techpreview disconnected cluster using only pinned image sets and verify capo-controller-manager pods no longer crash with ImagePullBackOff
  • Verify capo-controller-manager Deployment has imagePullPolicy: IfNotPresent

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested review from eshulman2 and mandre July 10, 2026 11:10
@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2b785a04-178f-4357-aecb-9765f16002be

📥 Commits

Reviewing files that changed from the base of the PR and between 76198b2 and b6d3486.

⛔ Files ignored due to path filters (4)
  • openshift/tools/go.sum is excluded by !**/*.sum
  • openshift/tools/vendor/github.com/openshift/cluster-capi-operator/manifests-gen/kustomization.yaml is excluded by !**/vendor/**
  • openshift/tools/vendor/github.com/openshift/cluster-capi-operator/manifests-gen/kustomize-values.yaml is excluded by !**/vendor/**
  • openshift/tools/vendor/modules.txt is excluded by !**/vendor/**
📒 Files selected for processing (2)
  • openshift/capi-operator-manifests/default/manifests.yaml
  • openshift/tools/go.mod

Walkthrough

The controller deployment changes imagePullPolicy from Always to IfNotPresent. The tools module updates the manifests-gen dependency to a newer pseudo-version.

Changes

Controller manifest update

Layer / File(s) Summary
Controller image pull policy
openshift/capi-operator-manifests/default/manifests.yaml
The capo-controller-manager container now pulls its image only when it is not already present on the node.
Manifest generator dependency
openshift/tools/go.mod
The manifests-gen dependency is updated to a newer pseudo-version.

Estimated code review effort: 1 (Trivial) | ~3 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: switching provider workload imagePullPolicy to IfNotPresent.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Only a manifest imagePullPolicy changed; no test files or Ginkgo titles were added or modified in this PR.
Test Structure And Quality ✅ Passed This PR only changes a generated manifest; no Ginkgo test code was added or modified, so the test-quality check is not applicable.
Microshift Test Compatibility ✅ Passed Only a manifest line changed; no test files or new Ginkgo It/Describe/Context/When blocks were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only a manifest imagePullPolicy change was introduced; no new Ginkgo/e2e tests or multi-node assumptions were added, so SNO compatibility is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed Only change is imagePullPolicy on an existing Deployment; no new affinity, selectors, spreads, replicas, or topology assumptions were introduced.
Ote Binary Stdout Contract ✅ Passed PR only changes a Deployment manifest imagePullPolicy; no main/init/suite setup code or stdout writes were added or altered.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only manifests.yaml and go.mod changed; no new Ginkgo/e2e tests or networking code were added, so this check is not applicable.
No-Weak-Crypto ✅ Passed PR only updates vendored manifest generation and an imagePullPolicy; diff contains no weak-crypto APIs, custom crypto, or secret comparisons.
Container-Privileges ✅ Passed Only imagePullPolicy changed; the Deployment uses restricted-v2, runAsNonRoot, privileged:false, allowPrivilegeEscalation:false, and no hostPID/hostNetwork/hostIPC.
No-Sensitive-Data-In-Logs ✅ Passed The PR only changes Deployment imagePullPolicy and a Go module version; no logging code or sensitive data exposure was introduced.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign eshulman2 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown

@stefanonardo: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants