CNTRLPLANE-2777: add TypeMeta to GenericControllerConfig

[ricardomaraschini]

The CVO now supports automatic injection of TLS security profile settings into operator ConfigMaps annotated with config.openshift.io/inject-tls (openshift/cluster-version-operator#1322). The CVO identifies eligible configuration types by checking the apiVersion and kind fields in YAML entries within the ConfigMap.

The CVO currently supports two configuration types:

1. operator.openshift.io/v1alpha1.GenericOperatorConfig
2. config.openshift.io/v1.GenericControllerConfig

The GenericControllerConfig type currently lacks apiVersion and kind fields (provided by TypeMeta), preventing the CVO from identifying it for automatic TLS profile injection. This change adds the missing TypeMeta field to enable proper type identification.

When a matching type is identified, the CVO injects minTLSVersion and cipherSuites values from the cluster's APIServer tlsSecurityProfile into the configuration's .servingInfo section.

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci]

Hello @ricardomaraschini! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[ricardomaraschini]

On hold for now.

/hold

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 984efe15-740c-4fd2-add4-a1ab1fb0f68c

📥 Commits

Reviewing files that changed from the base of the PR and between 6a49569 and 6e17e9e.

⛔ Files ignored due to path filters (1)

• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**

📒 Files selected for processing (3)

• config/v1/types.go
• config/v1/zz_generated.deepcopy.go
• config/v1/zz_generated.swagger_doc_generated.go

✅ Files skipped from review due to trivial changes (1)

• config/v1/zz_generated.swagger_doc_generated.go

🚧 Files skipped from review as they are similar to previous changes (1)

• config/v1/types.go

---

📝 Walkthrough

Walkthrough

GenericControllerConfig now embeds metav1.TypeMeta with json:",inline" and its doc comment includes an OpenShift // +openshift:compatibility-gen:level=1 directive. The generated DeepCopyInto for GenericControllerConfig explicitly assigns TypeMeta on the destination. The generated Swagger docs for GenericControllerConfig were expanded to include a “Compatibility level 1” stability clause.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.11.4)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@ricardomaraschini: This pull request references CNTRLPLANE-2777 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.22.0" version, but no target version was set.

Details

In response to this:

The CVO now supports automatic injection of TLS security profile settings into operator ConfigMaps annotated with config.openshift.io/inject-tls (openshift/cluster-version-operator#1322). The CVO identifies eligible configuration types by checking the apiVersion and kind fields in YAML entries within the ConfigMap.

The CVO currently supports two configuration types:

1. operator.openshift.io/v1alpha1.GenericOperatorConfig
2. config.openshift.io/v1.GenericControllerConfig

The GenericControllerConfig type currently lacks apiVersion and kind fields (provided by TypeMeta), preventing the CVO from identifying it for automatic TLS profile injection. This change adds the missing TypeMeta field to enable proper type identification.

When a matching type is identified, the CVO injects minTLSVersion and cipherSuites values from the cluster's APIServer tlsSecurityProfile into the configuration's .servingInfo section.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ricardomaraschini]

Asked for review.

/unhold

[JoelSpeed]

What is the story for upgrades? Existing clusters won't have this type meta in place presently, will operators populate this type meta moving forward? If so, which operators are affected by this change?

[ricardomaraschini]

What is the story for upgrades? Existing clusters won't have this type meta in place presently, will operators populate this type meta moving forward? If so, which operators are affected by this change?

Great question. The type was introduced in 2018 (#125), there isn't a lot of context about it, more: I could not find any reference to it in the whole GitHub openshift org (the only ones I found were the ones we have introduced as part of the PQC work (search).

[JoelSpeed]

Thanks for the response, agree, can't see any prior usage of this, odd 🤔

Seems to make sense to be able to handle versioning of this struct so, +1

/lgtm

[openshift-ci-robot]

Pipeline controller notification

No second-stage tests were triggered for this PR.

This can happen when:

• The changed files don't match any pipeline_run_if_changed patterns
• All files match pipeline_skip_if_only_changed patterns
• No pipeline-controlled jobs are defined for the master branch

Use /test ? to see all available tests.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [JoelSpeed]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[everettraven]

It looks like maybe this is a type that backs a configuration file instead of an actual CRD? Will CVO actually do anything with this change?

EDIT: Should have looked at the linked PR first :).

Agree with adding the ability to version this config.

[ingvagabund]

/verified bypass

[openshift-ci-robot]

@ingvagabund: The verified label has been added.

Details

In response to this:

/verified bypass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@ricardomaraschini: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.