OCPBUGS-70012: Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.22 by openshift-bot · Pull Request #1989 · openshift/cluster-kube-apiserver-operator

openshift-bot · 2025-12-20T00:31:52Z

Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.22
TLDR:
Product builds by ART can be configured for different base and builder images than corresponding CI
builds. This automated PR requests a change to CI configuration to align with ART's configuration;
please take steps to merge it quickly or contact ART to coordinate changes.

The configuration in the following ART component metadata is driving this alignment request:
ose-cluster-kube-apiserver-operator.yml.

Detail:

This repository is out of sync with the downstream product builds for this component. The CI
configuration for at least one image differs from ART's expected product configuration. This should
be addressed to ensure that the component's CI testing accurate reflects what customers will
experience.

Most of these PRs are opened as an ART-driven proposal to migrate base image or builder(s) to a
different version, usually prior to GA. The intent is to effect changes in both configurations
simultaneously without breaking either CI or ART builds, so usually ART builds are configured to
consider CI as canonical and attempt to match CI config until the PR merges to align both. ART may
also configure changes in GA releases with CI remaining canonical for a brief grace period to enable
CI to succeed and the alignment PR to merge. In either case, ART configuration will be made
canonical at some point (typically at branch-cut before GA or release dev-cut after GA), so it is
important to align CI configuration as soon as possible.

PRs are also triggered when CI configuration changes without ART coordination, for instance to
change the number of builder images or to use a different golang version. These changes should be
coordinated with ART; whether ART configuration is canonical or not, preferably it would be updated
first to enable the changes to occur simultaneously in both CI and ART at the same time. This also
gives ART a chance to validate the intended changes first. For instance, ART compiles most
components with the Golang version being used by the control plane for a given OpenShift release.
Exceptions to this convention (i.e. you believe your component must be compiled with a Golang
version independent from the control plane) must be granted by the OpenShift staff engineers and
communicated to the ART team.

Roles & Responsibilities:

Component owners are responsible for ensuring these alignment PRs merge with passing
tests OR that necessary metadata changes are reported to the ART team: @release-artists
in #forum-ocp-art on Slack. If necessary, the changes required by this pull request can be
introduced with a separate PR opened by the component team. Once the repository is aligned,
this PR will be closed automatically.
In particular, it could be that a job like verify-deps is complaining. In that case, please open
a new PR with the dependency issues addressed (and base images bumped). ART-9595 for reference.
Patch-manager or those with sufficient privileges within this repository may add
any required labels to ensure the PR merges once tests are passing. In cases where ART config is
canonical, downstream builds are already being built with these changes, and merging this PR
only improves the fidelity of our CI. In cases where ART config is not canonical, this provides
a grace period for the component team to align their CI with ART's configuration before it becomes
canonical in product builds.

ART has been configured to reconcile your CI build root image (see https://docs.ci.openshift.org/docs/architecture/ci-operator/#build-root-image).
In order for your upstream .ci-operator.yaml configuration to be honored, you must set the following in your openshift/release ci-operator configuration file:

build_root:
  from_repository: true

Change behavior of future PRs:

In case you just want to follow the base images that ART suggests, you can configure additional labels to be
set up automatically. This means that such a PR would merge without human intervention (and awareness!) in the future.
To do so, open a PR to set the auto_label attribute in the image configuration. Example
You can set a commit prefix, like UPSTREAM: <carry>: . An example.

If you have any questions about this pull request, please reach out to @release-artists in the #forum-ocp-art coreos slack channel.

openshift-bot · 2025-12-20T00:31:53Z

Created by ART pipeline job run https://art-jenkins.apps.prod-stable-spoke1-dc-iad2.itup.redhat.com/job/scheduled-builds/job/sync-ci-images/48106

coderabbitai · 2025-12-20T00:32:02Z

Walkthrough

Build and image configuration updated to reference OpenShift 4.22 and Go 1.25; Dockerfile builder and base image tags updated accordingly. Image copy steps for bootkube manifests, operator binary, and test archive remain; an ENTRYPOINT line is commented out.

Changes

Cohort / File(s)	Summary
CI/CD configuration `.ci-operator.yaml`	Updated `build_root_image.tag` to use Go 1.25 and OpenShift 4.22 (`rhel-9-release-golang-1.25-openshift-4.22`).
Docker build and image content `Dockerfile.rhel7`	Updated builder image tag to `...:rhel-9-golang-1.25-openshift-4.22` and final base image to `.../ocp/4.22:base-rhel9`. COPY steps for bootkube manifests, scc-manifests, kube-apiserver CRD, operator binary, and operator test archive preserved; ENTRYPOINT commented out.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: updating container images to be consistent with ART for OpenShift 4.22, which directly aligns with the file modifications shown in the raw summary.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	PR modifies only configuration files (.ci-operator.yaml, Dockerfile.rhel7) without altering any test files or test definitions.
Test Structure And Quality	✅ Passed	PR contains only build configuration changes to .ci-operator.yaml and Dockerfile.rhel7; no test code modifications are present.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci-robot · 2025-12-20T00:32:09Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2025-12-21T00:25:58Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

p0lyn0mial · 2025-12-23T14:21:06Z

/lgtm

openshift-ci-robot · 2025-12-23T14:28:54Z

/retest-required

Remaining retests: 0 against base HEAD 3fb92ce and 2 for PR HEAD b835527 in total

openshift-ci-robot · 2025-12-24T11:32:17Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

wangke19 · 2025-12-29T05:06:08Z

okd-scos-images is fixed by PR openshift/release#72981

openshift-bot · 2026-01-01T00:01:30Z

/jira refresh

The requirements for Jira bugs have changed (Jira issues linked to PRs on main branch need to target different OCP), recalculating validity.

openshift-ci-robot · 2026-01-01T00:02:10Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

wangke19 · 2026-01-06T05:51:31Z

/test okd-scos-images

openshift-ci-robot · 2026-01-07T00:32:37Z

/retest-required

Remaining retests: 0 against base HEAD f7f14dd and 1 for PR HEAD b835527 in total

openshift-ci-robot · 2026-01-07T20:32:53Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-01-08T07:32:43Z

/retest-required

Remaining retests: 0 against base HEAD b4fa94c and 0 for PR HEAD b835527 in total

openshift-ci-robot · 2026-01-08T13:08:17Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-01-08T14:32:33Z

/hold

Revision b835527 was retested 3 times: holding

openshift-ci-robot · 2026-01-08T22:15:49Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-01-14T19:01:12Z

/retest-required

Remaining retests: 0 against base HEAD 29ee73d and 2 for PR HEAD b835527 in total

openshift-ci-robot · 2026-01-15T09:01:17Z

/retest-required

Remaining retests: 0 against base HEAD acccbfe and 1 for PR HEAD b835527 in total

openshift-ci-robot · 2026-01-15T15:08:05Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

p0lyn0mial · 2026-01-16T07:32:35Z

/lgtm

p0lyn0mial · 2026-01-16T07:33:40Z

/verified by CI

openshift-ci-robot · 2026-01-16T07:33:52Z

@p0lyn0mial: This PR has been marked as verified by CI.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-01-16T08:01:07Z

/retest-required

Remaining retests: 0 against base HEAD acccbfe and 2 for PR HEAD 730ec1b in total

p0lyn0mial · 2026-01-16T09:02:20Z

/lgtm cancel

openshift-ci · 2026-01-16T09:02:40Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: openshift-bot
Once this PR has been reviewed and has the lgtm label, please ask for approval from benluddy. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci-robot · 2026-01-17T15:29:14Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

…nsistent with ART for 4.22 Reconciling with https://github.com/openshift/ocp-build-data/tree/56cb39ad358cdec1db7c84ea1919fe8849c2550b/images/ose-cluster-kube-apiserver-operator.yml

openshift-ci-robot · 2026-03-04T01:04:25Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Dockerfile.rhel7`:
- Line 1: The Dockerfile's stages (FROM
registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 AS
builder and the final image stage) do not set an explicit non-root user required
by DS-0002; inspect or choose a non-root username/UID available in the base
images and add an explicit USER directive in the final stage (and any
intermediate runtime stage if present) to switch from root to that non-root
account so the container does not run as UID 0.

ℹ️ Review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 730ec1b and f7ec834.

📒 Files selected for processing (2)

.ci-operator.yaml
Dockerfile.rhel7

coderabbitai · 2026-03-04T01:10:52Z

@@ -1,11 +1,11 @@
-FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.21 AS builder
+FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 AS builder


⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -name "Dockerfile.rhel7" -type f

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 103

🏁 Script executed:

head -20 ./Dockerfile.rhel7

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 1769

🏁 Script executed:

cat -n ./Dockerfile.rhel7 | tail -20

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 1879

🏁 Script executed:

rg "^USER " ./Dockerfile.rhel7

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 67

🏁 Script executed:

wc -l ./Dockerfile.rhel7

Repository: openshift/cluster-kube-apiserver-operator

Length of output: 106

🌐 Web query:

openshift 4.22 base-rhel9 image default user configuration

💡 Result:

For the OpenShift base-rhel9-style base images (UBI/RHEL 9 based), the “default user” behavior is:

Inside the image (Dockerfile USER): if the image does not set USER, containers default to root (UID 0) per OCI/Docker semantics. [2]

At runtime on OpenShift (SCC/PodSecurity): OpenShift typically runs pods as an arbitrary, non-root UID (not necessarily the Dockerfile USER), and that UID is commonly in GID 0 (root group). [1][3]

UBI “runtime language” images (for example UBI OpenJDK, etc.) often already switch to a non-root user (commonly a default user / non-root UID such as 1001) in the base image, but OpenShift can still override with an arbitrary UID at runtime. [1]

What to do (recommended)

Build images to be arbitrary-UID friendly: make writable paths group-owned by 0 and group-writable (the common pattern is chown -R 0:<dir> && chmod -R g=u <dir>), because OpenShift assigns an arbitrary UID that is typically in the root group. [1][3]

If you truly need a fixed UID, you must set securityContext.runAsUser and ensure your cluster policy allows it (often requires SCC changes) — otherwise assume arbitrary UID. [1]

How to verify the image’s configured default user

podman inspect --format '{{.Config.User}}' <image> (empty means “root” by default) [2]

🌐 Web query:

registry.ci.openshift.org ocp 4.22 base-rhel9 USER default root

💡 Result:

USER default is an S2I builder-image convention (i.e., the image provides a Linux user literally named default, and you switch to it in the Dockerfile after installs). (stackoverflow.com)

registry.ci.openshift.org/ocp/4.22:base-rhel9 is not an S2I builder image, so you should not assume a default username exists there. If an image doesn’t set an OCI/Docker USER, the effective default is root (UID 0).

Also note: on OpenShift, pods commonly run with an arbitrary UID at runtime (regardless of what the image “defaults” to), so images should be compatible with arbitrary UIDs via permissions/group 0 patterns. (gist.github.com)

To confirm what the image declares, inspect the remote config:

skopeo inspect --config docker://registry.ci.openshift.org/ocp/4.22:base-rhel9 | jq -r '.config.User' # empty output => root

If you need a named non-root user, you must create it in your derived Dockerfile and then USER <name-or-uid>.

Citations:

1: https://stackoverflow.com/questions/48386832/how-to-run-base-centos-image-in-minishift?utm_source=openai

2: https://gist.github.com/shinomineko/3bb6ed593b1d5aecc8752e2dfc6f0083?utm_source=openai

🌐 Web query:

openshift UBI 9 base image default user non-root

💡 Result:

UBI 9 “base OS” images (e.g., ubi9/ubi, ubi9/ubi-minimal) do not inherently guarantee a non-root default user. In general, if an image doesn’t set USER, the container runs as root (UID 0) by default, so you should explicitly set a non-root USER in your Dockerfile/Containerfile if you need a deterministic non-root user. [1][2]

Many Red Hat UBI runtime images (language/runtime stacks) already switch to a non-root user named default. If you build FROM one of those, you’ll often inherit a non-root default user. [1]

On OpenShift (with the default/restricted SCC behavior), the platform typically overrides the image’s requested user and runs the container with an arbitrary non-root UID. So even if the UBI base image would run as root elsewhere, OpenShift usually forces non-root unless you use an SCC like anyuid/special permissions. [3]

Sources:
[1] Red Hat Developer – Best practices (run as non-root; mentions UBI runtime images set non-root default) (developers.redhat.com)
[2] Example guidance noting default root when no USER is set (production-gitops.dev)
[3] OpenShift Cookbook – OpenShift overrides image UID; recommends arbitrary UID compatibility (cookbook.openshift.org)

Citations:

1: https://developers.redhat.com/articles/2021/11/11/best-practices-building-images-pass-red-hat-container-certification?utm_source=openai

2: https://production-gitops.dev/guides/cp4i/mq/security/information/image/?utm_source=openai

3: https://cookbook.openshift.org/users-and-role-based-access-control/how-can-i-enable-an-image-to-run-as-a-set-user-id.html?utm_source=openai

Explicitly set a non-root user in both stages to satisfy DS-0002.

The Dockerfile has no USER directive, so the container inherits the default user from the base images. Since registry.ci.openshift.org/ocp/4.22:base-rhel9 is a base OS image (not a runtime image) and does not guarantee a non-root default user, the image will default to root (UID 0) unless the base image is verified to have a non-root USER already configured.

Add an explicit USER directive to the final stage (line 8 onward) pointing to a non-root user/UID, or confirm via image inspection that the base image provides a non-root default.

🧰 Tools

🪛 Trivy (0.69.1)

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@Dockerfile.rhel7` at line 1, The Dockerfile's stages (FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 AS builder and the final image stage) do not set an explicit non-root user required by DS-0002; inspect or choose a non-root username/UID available in the base images and add an explicit USER directive in the final stage (and any intermediate runtime stage if present) to switch from root to that non-root account so the container does not run as UID 0.

openshift-ci · 2026-03-04T04:31:43Z

@openshift-bot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	`f7ec834`	link	true	`/test verify`
ci/prow/e2e-gcp-operator	`f7ec834`	link	true	`/test e2e-gcp-operator`
ci/prow/e2e-aws-ovn	`f7ec834`	link	true	`/test e2e-aws-ovn`
ci/prow/k8s-e2e-gcp	`f7ec834`	link	true	`/test k8s-e2e-gcp`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot · 2026-03-16T00:31:29Z

@openshift-bot: An error was encountered searching for bug OCPBUGS-70012 on the Jira server at https://issues.redhat.com. No known errors were detected, please see the full error message for details.

Full error message.


No response returned: Get "https://issues.redhat.com/rest/api/2/issue/OCPBUGS-70012": GET https://issues.redhat.com/rest/api/2/issue/OCPBUGS-70012 giving up after 5 attempt(s)

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-03-16T15:13:51Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.22.0) matches configured target version for branch (4.22.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

wangke19 · 2026-03-16T19:36:39Z

/close
Fixed in #2003

openshift-ci · 2026-03-16T19:37:04Z

@wangke19: Closed this PR.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci-robot · 2026-03-16T19:37:08Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-70012. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-bot force-pushed the art-consistency-openshift-4.22-ose-cluster-kube-apiserver-operator branch from 07e93d8 to b835527 Compare December 20, 2025 00:31

openshift-bot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. verified Signifies that the PR passed pre-merge verification criteria labels Dec 20, 2025

openshift-bot changed the title ~~Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.22~~ OCPBUGS-70012: Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.22 Dec 20, 2025

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 20, 2025

openshift-ci Bot requested review from benluddy, tkashem and wangke19 December 20, 2025 00:32

openshift-bot assigned benluddy Dec 21, 2025

openshift-ci Bot assigned p0lyn0mial Dec 23, 2025

openshift-ci Bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 23, 2025

openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 8, 2026

openshift-bot force-pushed the art-consistency-openshift-4.22-ose-cluster-kube-apiserver-operator branch from b835527 to 730ec1b Compare January 16, 2026 07:30

openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label Jan 16, 2026

openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jan 16, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jan 16, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jan 16, 2026

openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jan 16, 2026

openshift-ci Bot removed the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 16, 2026

Updating ose-cluster-kube-apiserver-operator-container image to be co…

f7ec834

…nsistent with ART for 4.22 Reconciling with https://github.com/openshift/ocp-build-data/tree/56cb39ad358cdec1db7c84ea1919fe8849c2550b/images/ose-cluster-kube-apiserver-operator.yml

openshift-bot force-pushed the art-consistency-openshift-4.22-ose-cluster-kube-apiserver-operator branch from 730ec1b to f7ec834 Compare March 4, 2026 01:04

openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label Mar 4, 2026

coderabbitai Bot reviewed Mar 4, 2026

View reviewed changes

openshift-bot added the verified Signifies that the PR passed pre-merge verification criteria label Mar 4, 2026

openshift-ci Bot closed this Mar 16, 2026

		@@ -1,11 +1,11 @@
		FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.21 AS builder
		FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 AS builder

Conversation

openshift-bot commented Dec 20, 2025 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-bot commented Dec 20, 2025

Uh oh!

coderabbitai Bot commented Dec 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Uh oh!

openshift-ci-robot commented Dec 20, 2025

Uh oh!

openshift-ci-robot commented Dec 21, 2025 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

p0lyn0mial commented Dec 23, 2025

Uh oh!

openshift-ci-robot commented Dec 23, 2025

Uh oh!

openshift-ci-robot commented Dec 24, 2025 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

wangke19 commented Dec 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-bot commented Jan 1, 2026

Uh oh!

openshift-ci-robot commented Jan 1, 2026

Uh oh!

wangke19 commented Jan 6, 2026

Uh oh!

openshift-ci-robot commented Jan 7, 2026

Uh oh!

openshift-ci-robot commented Jan 7, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Jan 8, 2026

Uh oh!

openshift-ci-robot commented Jan 8, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Jan 8, 2026

Uh oh!

openshift-ci-robot commented Jan 8, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Jan 14, 2026

Uh oh!

openshift-ci-robot commented Jan 15, 2026

Uh oh!

openshift-ci-robot commented Jan 15, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

p0lyn0mial commented Jan 16, 2026

Uh oh!

p0lyn0mial commented Jan 16, 2026

Uh oh!

openshift-ci-robot commented Jan 16, 2026

Uh oh!

openshift-ci-robot commented Jan 16, 2026

Uh oh!

p0lyn0mial commented Jan 16, 2026

Uh oh!

openshift-ci Bot commented Jan 16, 2026

Uh oh!

openshift-ci-robot commented Jan 17, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci-robot commented Mar 4, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Mar 4, 2026

Choose a reason for hiding this comment

What to do (recommended)

How to verify the image’s configured default user

openshift-bot commented Dec 20, 2025 •

edited by openshift-ci Bot

Loading

coderabbitai Bot commented Dec 20, 2025 •

edited

Loading

openshift-ci-robot commented Dec 21, 2025 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Dec 24, 2025 •

edited by openshift-ci Bot

Loading

wangke19 commented Dec 29, 2025 •

edited

Loading

openshift-ci-robot commented Jan 7, 2026 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Jan 8, 2026 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Jan 8, 2026 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Jan 15, 2026 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Jan 17, 2026 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Mar 4, 2026 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Mar 16, 2026 •

edited by openshift-ci Bot

Loading