[release-4.21] OCPBUGS-88295, OCPBUGS-88297, OCPBUGS-82146, OCPBUGS-78330, OCPBUGS-85550: Remove feature-set annotations from Sail Library RBAC Manifests by gcs278 · Pull Request #1462 · openshift/cluster-ingress-operator

gcs278 · 2026-06-04T17:10:53Z

Summary

Remove the release.openshift.io/feature-set: DevPreviewNoUpgrade,TechPreviewNoUpgrade annotation from the Sail Library ClusterRole and ClusterRoleBinding manifests. This annotation restricts CVO from deploying these RBAC resources on clusters running the Default feature set. Removing it is required before promoting the GatewayAPIWithoutOLM feature gate to GA.

Depends on #1442. Blocks openshift/api#2865 (FG promotion to Default/GA).

Why this annotation needs to be removed in 4.21

On 4.22, #1393 switched the Sail Library RBAC manifests from the release.openshift.io/feature-set annotation to the release.openshift.io/feature-gate annotation, which allows CVO to gate manifest deployment on individual feature gates rather than entire feature sets. However, CVO on 4.21 does not support the release.openshift.io/feature-gate annotation openshift/cluster-version-operator#1273 was not backported.

As a result, the 4.21 backport #1442 uses the release.openshift.io/feature-set annotation instead, which gates the RBAC manifests behind TechPreviewNoUpgrade. This PR removes that annotation so the RBAC is deployed on Default clusters, which is required before promoting the feature gate to GA.

openshift-ci · 2026-06-04T17:10:58Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

coderabbitai · 2026-06-04T17:11:02Z

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 83677e53-0fa1-47e5-99ab-5a341d6f04be

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-06-04T17:40:16Z

@gcs278: This PR was included in a payload test run from openshift/origin#31232
trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-main-ci-4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-rt-upgrade

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/6689b0c0-603c-11f1-940d-a9e7c33d49a1-0

openshift-ci · 2026-06-04T17:41:09Z

@gcs278: This PR was included in a payload test run from openshift/origin#31232
trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-main-ci-4.21-e2e-aws-ovn-upgrade-out-of-change

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/8f447a90-603c-11f1-97f7-e6703f146ba4-0

openshift-ci · 2026-06-04T19:37:41Z

@gcs278: This PR was included in a payload test run from openshift/origin#31232
trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-main-ci-4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-rt-upgrade

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/d6b82790-604c-11f1-8cfa-10e8e0b0bde5-0

openshift-ci · 2026-06-04T23:03:40Z

@gcs278: This PR was included in a payload test run from openshift/origin#31232
trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-main-ci-4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-upgrade

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/9d4f79a0-6069-11f1-8253-78c971bcc8c1-0

openshift-ci · 2026-06-04T23:04:52Z

@gcs278: This PR was included in a payload test run from openshift/origin#31232
trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-main-ci-4.21-upgrade-from-stable-4.20-e2e-aws-ovn-upgrade

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/c9301480-6069-11f1-94ef-707e0daebf2d-0

openshift-ci-robot · 2026-06-11T01:12:51Z

@gcs278: This pull request references Jira Issue OCPBUGS-88295, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-86778 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-86778 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

Requesting review from QA contact:
/cc @melvinjoseph86

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-88297, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-79467 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-79467 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-82146, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-76609 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-76609 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-78330, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-88300 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-88300 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-85550, which is invalid:

expected the bug to target the "4.21.z" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

Remove the release.openshift.io/feature-set: DevPreviewNoUpgrade,TechPreviewNoUpgrade annotation from the Sail Library ClusterRole and ClusterRoleBinding manifests. This annotation restricts CVO from deploying these RBAC resources on clusters running the Default feature set. Removing it is required before promoting the GatewayAPIWithoutOLM feature gate to GA.

Depends on #1442. Blocks openshift/api#2865 (FG promotion to Default/GA).

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

gcs278 · 2026-06-11T01:15:43Z

/jira refresh

openshift-ci-robot · 2026-06-11T01:15:56Z

@gcs278: This pull request references Jira Issue OCPBUGS-88295, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-86778 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-86778 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

Requesting review from QA contact:
/cc @melvinjoseph86

This pull request references Jira Issue OCPBUGS-88297, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-79467 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-79467 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

This pull request references Jira Issue OCPBUGS-82146, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-76609 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-76609 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

This pull request references Jira Issue OCPBUGS-78330, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-88300 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-88300 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

This pull request references Jira Issue OCPBUGS-85550, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-88302 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-88302 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

Requesting review from QA contact:
/cc @melvinjoseph86

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Remove the release.openshift.io/feature-set annotation from the Sail Library ClusterRole and ClusterRoleBinding so they are included in all feature sets, not just DevPreview and TechPreview. This is needed to test the noOLM path in Default/GA mode via payload jobs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

rikatz · 2026-06-22T18:49:26Z

/lgtm
/approve

openshift-ci · 2026-06-22T18:49:46Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rikatz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [rikatz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

gcs278 · 2026-06-22T18:57:33Z

/testwith openshift/cluster-ingress-operator/release-4.21/e2e-aws-operator openshift/api#2865

gcs278 · 2026-06-22T18:58:07Z

/testwith openshift/cluster-ingress-operator/release-4.21/e2e-aws-ovn openshift/api#2865

gcs278 · 2026-06-22T19:00:06Z

The two testwith jobs will test that the removal of the annotations is working by testing with the feature gate promoted as default.

gcs278 · 2026-06-22T21:22:37Z

Unrelated failures
/test hypershift-e2e-aks

rhamini3 · 2026-06-22T22:05:10Z

confirmed that the featureset annotation is removed on a 4.21 cluster

 % oc get clusterrolebinding openshift-ingress-operator-sail-library -o yaml | grep feature-set
iamin@iamin-mac openshift-tests-private % oc get clusterrole openshift-ingress-operator-sail-library -o yaml | grep feature-set     
iamin@iamin-mac openshift-tests-private %

/verified by @rhamini3

openshift-ci-robot · 2026-06-22T22:05:23Z

@rhamini3: This PR has been marked as verified by @rhamini3.

Details

In response to this:

confirmed that the featureset annotation is removed on a 4.21 cluster

% oc get clusterrolebinding openshift-ingress-operator-sail-library -o yaml | grep feature-set
iamin@iamin-mac openshift-tests-private % oc get clusterrole openshift-ingress-operator-sail-library -o yaml | grep feature-set     
iamin@iamin-mac openshift-tests-private %

/verified by @rhamini3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2026-06-22T23:13:31Z

@gcs278: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-pre-release-ossm	`f40fbdd`	link	false	`/test e2e-aws-pre-release-ossm`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot · 2026-06-23T01:04:41Z

@gcs278: This pull request references Jira Issue OCPBUGS-88295, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-86778 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-86778 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

Requesting review from QA contact:
/cc @melvinjoseph86

This pull request references Jira Issue OCPBUGS-88297, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-79467 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-79467 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

This pull request references Jira Issue OCPBUGS-82146, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-76609 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-76609 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

This pull request references Jira Issue OCPBUGS-78330, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-88300 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-88300 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (iamin@redhat.com), skipping review request.

This pull request references Jira Issue OCPBUGS-85550, which is valid.

7 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.21.z) matches configured target version for branch (4.21.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
release note text is set and does not match the template
dependent bug Jira Issue OCPBUGS-88302 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
dependent Jira Issue OCPBUGS-88302 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
bug has dependents

Requesting review from QA contact:
/cc @melvinjoseph86

Details

In response to this:

Summary

Remove the release.openshift.io/feature-set: DevPreviewNoUpgrade,TechPreviewNoUpgrade annotation from the Sail Library ClusterRole and ClusterRoleBinding manifests. This annotation restricts CVO from deploying these RBAC resources on clusters running the Default feature set. Removing it is required before promoting the GatewayAPIWithoutOLM feature gate to GA.

Depends on #1442. Blocks openshift/api#2865 (FG promotion to Default/GA).

Why this annotation exists

On 4.22 (master), #1393 (OCPBUGS-79667) switched the Sail Library RBAC manifests from the release.openshift.io/feature-set annotation to the release.openshift.io/feature-gate annotation, which allows CVO to gate manifest deployment on individual feature gates rather than entire feature sets. However, CVO on 4.21 does not support the release.openshift.io/feature-gate annotation (openshift/cluster-version-operator#1273 was not backported). As a result, the 4.21 backport (#1442) uses the release.openshift.io/feature-set annotation instead, which gates the RBAC manifests behind TechPreviewNoUpgrade. This PR removes that annotation so the RBAC is deployed on Default clusters, which is required before promoting the feature gate to GA.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

candita · 2026-06-23T02:03:26Z

This is a prerequisite for promoting the noOLM backport to GA. It broadens the CIO's RBAC permissions, but has no functional impact until openshift/api#2865 merges and activates the Sail Library code path.

/label backport-risk-assessed

openshift-ci-robot · 2026-06-23T02:08:52Z

@gcs278: Jira Issue OCPBUGS-88295: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

openshift/api#2865 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-88295 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Jira Issue OCPBUGS-88297: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

openshift/api#2865 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-88297 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Jira Issue OCPBUGS-82146: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

openshift/api#2865 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-82146 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Jira Issue OCPBUGS-78330: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

openshift/api#2865 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-78330 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Jira Issue OCPBUGS-85550: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

openshift/api#2865 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-85550 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Details

In response to this:

Summary

Remove the release.openshift.io/feature-set: DevPreviewNoUpgrade,TechPreviewNoUpgrade annotation from the Sail Library ClusterRole and ClusterRoleBinding manifests. This annotation restricts CVO from deploying these RBAC resources on clusters running the Default feature set. Removing it is required before promoting the GatewayAPIWithoutOLM feature gate to GA.

Depends on #1442. Blocks openshift/api#2865 (FG promotion to Default/GA).

Why this annotation needs to be removed in 4.21

On 4.22, #1393 switched the Sail Library RBAC manifests from the release.openshift.io/feature-set annotation to the release.openshift.io/feature-gate annotation, which allows CVO to gate manifest deployment on individual feature gates rather than entire feature sets. However, CVO on 4.21 does not support the release.openshift.io/feature-gate annotation openshift/cluster-version-operator#1273 was not backported.

As a result, the 4.21 backport #1442 uses the release.openshift.io/feature-set annotation instead, which gates the RBAC manifests behind TechPreviewNoUpgrade. This PR removes that annotation so the RBAC is deployed on Default clusters, which is required before promoting the feature gate to GA.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 4, 2026

gcs278 changed the title ~~DO NOT MERGE: noOLM GA payload test - remove feature-set annotations~~ WIP: Remove feature-set annotation from Sail Library RBAC for GA promotion Jun 4, 2026

gcs278 mentioned this pull request Jun 4, 2026

[release-4.21] OCPBUGS-88295, OCPBUGS-88297, OCPBUGS-82146, OCPBUGS-78330, OCPBUGS-85550: Replace OLM-based Istio install with Sail Library #1442

Merged

3 tasks

gcs278 changed the title ~~WIP: Remove feature-set annotation from Sail Library RBAC for GA promotion~~ [release-4.21] WIP: Remove feature-set annotations from Sail Library RBAC Manifests Jun 4, 2026

gcs278 mentioned this pull request Jun 4, 2026

[release-4.21] OCPBUGS-88295, OCPBUGS-88297, OCPBUGS-82146, OCPBUGS-78330, OCPBUGS-85550, OCPBUGS-88324, OCPBUGS-88322, OCPBUGS-88320: Backport noOLM Gateway API test coverage and upgrade tests openshift/origin#31232

Merged

gcs278 changed the title ~~[release-4.21] WIP: Remove feature-set annotations from Sail Library RBAC Manifests~~ [release-4.21] OCPBUGS-88295, OCPBUGS-88297, OCPBUGS-82146, OCPBUGS-78330, OCPBUGS-85550: Remove feature-set annotations from Sail Library RBAC Manifests Jun 11, 2026

openshift-ci Bot requested a review from melvinjoseph86 June 11, 2026 01:12

openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Jun 11, 2026

openshift-ci-robot removed the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Jun 11, 2026

gcs278 mentioned this pull request Jun 16, 2026

[release-4.21] OCPBUGS-88295, OCPBUGS-88297, OCPBUGS-82146, OCPBUGS-78330, OCPBUGS-85550: Promote GatewayAPIWithoutOLM feature gate to TechPreview openshift/api#2873

Merged

gcs278 marked this pull request as ready for review June 22, 2026 15:07

openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 22, 2026

gcs278 mentioned this pull request Jun 22, 2026

[release-4.21] OCPBUGS-88295, OCPBUGS-88297, OCPBUGS-82146, OCPBUGS-78330, OCPBUGS-85550: NE-2480: Promote GatewayAPIWithoutOLM feature gate to Default openshift/api#2865

Open

openshift-ci Bot requested review from candita and knobunc June 22, 2026 15:09

gcs278 force-pushed the backport-noOLM-4.21-ga-test branch from 721b05d to a49b57b Compare June 22, 2026 18:08

openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 22, 2026

gcs278 force-pushed the backport-noOLM-4.21-ga-test branch from a49b57b to f40fbdd Compare June 22, 2026 18:12

openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 22, 2026

openshift-ci Bot assigned rikatz Jun 22, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 22, 2026

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 22, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jun 22, 2026

openshift-ci Bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Jun 23, 2026

openshift-ci Bot assigned melvinjoseph86 and rhamini3 Jun 23, 2026

openshift-merge-bot Bot merged commit cadbee7 into openshift:release-4.21 Jun 23, 2026
20 of 21 checks passed

Conversation

gcs278 commented Jun 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Why this annotation needs to be removed in 4.21

Uh oh!

openshift-ci Bot commented Jun 4, 2026

Uh oh!

coderabbitai Bot commented Jun 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

openshift-ci Bot commented Jun 4, 2026

Uh oh!

openshift-ci Bot commented Jun 4, 2026

Uh oh!

openshift-ci Bot commented Jun 4, 2026

Uh oh!

openshift-ci Bot commented Jun 4, 2026

Uh oh!

openshift-ci Bot commented Jun 4, 2026

Uh oh!

openshift-ci-robot commented Jun 11, 2026

Summary

Uh oh!

gcs278 commented Jun 11, 2026

Uh oh!

openshift-ci-robot commented Jun 11, 2026

Uh oh!

rikatz commented Jun 22, 2026

Uh oh!

openshift-ci Bot commented Jun 22, 2026

Uh oh!

gcs278 commented Jun 22, 2026

Uh oh!

gcs278 commented Jun 22, 2026

Uh oh!

gcs278 commented Jun 22, 2026

Uh oh!

gcs278 commented Jun 22, 2026

Uh oh!

rhamini3 commented Jun 22, 2026

Uh oh!

openshift-ci-robot commented Jun 22, 2026

Uh oh!

openshift-ci Bot commented Jun 22, 2026

Uh oh!

openshift-ci-robot commented Jun 23, 2026

Summary

Why this annotation exists

Uh oh!

candita commented Jun 23, 2026

Uh oh!

Uh oh!

openshift-ci-robot commented Jun 23, 2026

Summary

Why this annotation needs to be removed in 4.21

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

gcs278 commented Jun 4, 2026 •

edited

Loading

coderabbitai Bot commented Jun 4, 2026 •

edited

Loading