kube-vip: project onboarding

[mkowalski]

Summary by CodeRabbit

This PR onboards the openshift/kube-vip repository into OpenShift’s CI and Prow/Tide workflows so PRs receive automated CI coverage and follow consistent merge/labeling rules.

• CI Operator setup: Adds a new CI Operator manifest for kube-vip (ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml). The configuration specifies the build root image stream/tag, sets default container CPU/memory requests and limits, defines the test command (go test -race ./...), and configures two CI phases that run in the src container context:
  • unit-tests: make unit-tests
  • integration-tests: make integration-tests
• Prow plugin behavior: Adds a Prow plugin config (core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml) that enables standard approve handling while treating reviews with review_acts_as_lgtm: true as LGTM.
• Tide merge automation rules: Adds Tide configuration (core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml) defining branch-specific label requirements and missing-label expectations for PRs targeting openshift-4.22/release-4.22 vs main/master, along with a set of excluded branches that apply a narrower approval/label policy.
• Review/access control: Updates core-services/prow/02_config/openshift/kube-vip/OWNERS with explicit reviewers and approvers for the repo.

In practical terms, kube-vip PRs will now run OpenShift-managed unit and integration tests in CI and will be governed by repo-specific Prow/Tide approval and labeling rules.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 77ee1087-ece3-43b6-9e8d-7632ef162e03

📥 Commits

Reviewing files that changed from the base of the PR and between 1cacbd4 and 40abb81.

⛔ Files ignored due to path filters (2)

• ci-operator/jobs/openshift/kube-vip/OWNERS is excluded by !ci-operator/jobs/**
• ci-operator/jobs/openshift/kube-vip/openshift-kube-vip-main-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (4)

• ci-operator/config/openshift/kube-vip/OWNERS
• ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml
• core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml
• core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml

✅ Files skipped from review due to trivial changes (1)

• ci-operator/config/openshift/kube-vip/OWNERS

🚧 Files skipped from review as they are similar to previous changes (3)

• core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml
• ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml
• core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml

---

Walkthrough

This PR adds initial CI operator, Prow plugin, Tide, and OWNERS configuration for openshift/kube-vip.

Changes

Kube-VIP onboarding

Layer / File(s)	Summary
CI operator job ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml	Defines the main CI operator manifest with build root image settings, default resource requests and limits, race-enabled Go test execution, unit and integration test phases, and generated metadata.
Prow governance core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml, core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml, ci-operator/config/openshift/kube-vip/OWNERS	Adds approve/LGTM plugin settings, branch-specific Tide query and excluded-branch rules, and repository reviewer/approver lists.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• openshift/release#80506: Both PRs modify build_root configuration in OpenShift CI operator YAML files.
• openshift/release#80913: Both PRs change CI operator build root sourcing in repository-specific job configuration.

Suggested labels

lgtm, rehearsals-ack

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title matches the main change: onboarding kube-vip into the release CI and Prow configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PASS: The PR only adds CI/prow config and OWNERS files; no Ginkgo test titles (It/Describe/Context/When) were added or modified.
Test Structure And Quality	✅ Passed	Changed files are CI/prow configs and OWNERS only; no Ginkgo/Gomega test code or Go test files were added or modified.
Microshift Test Compatibility	✅ Passed	The PR only adds CI/prow config and OWNERS files; no new Ginkgo e2e tests or MicroShift-sensitive APIs were introduced.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The PR only adds CI/prow config and OWNERS; no new Ginkgo e2e tests or SNO-sensitive test code were introduced.
Topology-Aware Scheduling Compatibility	✅ Passed	The PR only adds CI/prow config and OWNERS files; no deployment manifests, operator code, or scheduling constraints were introduced.
Ote Binary Stdout Contract	✅ Passed	PASS: The PR only adds YAML/OWNERS config; no Go binaries or process-level stdout writes (main/init/TestMain/etc.) were added or modified.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only adds CI/Prow config and presubmit jobs; no new Ginkgo e2e test code or IPv4/public-internet assumptions were introduced.
No-Weak-Crypto	✅ Passed	PR only adds CI/Prow YAML and OWNERS; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret-comparison code appears in touched files.
Container-Privileges	✅ Passed	Reviewed the new kube-vip manifests and Prow configs; none set privileged, hostPID/Network/IPC, SYS_ADMIN, allowPrivilegeEscalation, or run as root.
No-Sensitive-Data-In-Logs	✅ Passed	Only CI/prow config and OWNERS files were added; no log statements or sensitive values appear in the changed content.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mkowalski

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml`:
- Around line 9-12: The plugins section for openshift/kube-vip in the
_pluginconfig.yaml file currently only includes the `approve` plugin, but the
Tide configuration requires the `lgtm` plugin to be enabled as well. Add `lgtm`
to the plugins list under the openshift/kube-vip configuration alongside the
existing `approve` plugin to enable the normal `/lgtm` labeling workflow.

In `@core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml`:
- Around line 99-104: The excludedBranches list does not include community-4.6
and community-4.7, which creates an overlap since these branches are already
included in a stricter query elsewhere. Add community-4.6 and community-4.7 to
the excludedBranches list in the catch-all query to prevent merges from going
through the weaker label set. Apply the same fix to both occurrences of this
pattern in the file (at lines 99-104 and also at lines 150-154).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 4e5f44e3-cb1e-458d-b861-185fd1fe1796

📥 Commits

Reviewing files that changed from the base of the PR and between 06cb91c and 6002ebf.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/openshift/kube-vip/openshift-kube-vip-main-presubmits.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (3)

• ci-operator/config/openshift/kube-vip/openshift-kube-vip-main.yaml
• core-services/prow/02_config/openshift/kube-vip/_pluginconfig.yaml
• core-services/prow/02_config/openshift/kube-vip/_prowconfig.yaml

[openshift-merge-bot]

@mkowalski: pj-rehearse could not automatically process this event because the request waited in queue for longer than 5 minutes. Use /pj-rehearse to trigger rehearsals manually.

[mkowalski]

/pj-rehearse pull-ci-openshift-kube-vip-main-unit-tests

[openshift-merge-bot]

@mkowalski: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[mkowalski]

/pj-rehearse pull-ci-openshift-kube-vip-main-unit-tests

[openshift-merge-bot]

@mkowalski: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[mkowalski]

/pj-rehearse pull-ci-openshift-kube-vip-main-unit-tests

[mkowalski]

/pj-rehearse help

[openshift-merge-bot]

@mkowalski: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

@mkowalski: job(s): help either don't exist or were not found to be affected, and cannot be rehearsed

[mkowalski]

/pj-rehearse ?

[openshift-merge-bot]

@mkowalski: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-merge-bot]

@mkowalski: job(s): ? either don't exist or were not found to be affected, and cannot be rehearsed

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@mkowalski: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-kube-vip-main-integration-tests	openshift/kube-vip	presubmit	Presubmit changed
pull-ci-openshift-kube-vip-main-unit-tests	openshift/kube-vip	presubmit	Presubmit changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[mkowalski]

/retest

[mkowalski]

/pj-rehearse pull-ci-openshift-kube-vip-main-unit-tests

[openshift-merge-bot]

@mkowalski: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@mkowalski: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/openshift/kube-vip/main/unit-tests	40abb81	link	unknown	/pj-rehearse pull-ci-openshift-kube-vip-main-unit-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.