OCPBUGS-74525: OCPBUGS-74526: Remove UserNamespacesPodSecurityStandards and UserNamespacesSupport

[bitoku]

UserNamespacesPodSecurityStandards dropped in 1.35 kubernetes/kubernetes@e8bd3f6

UserNamespacesSupport enabled by default in 1.33 kubernetes/kubernetes@96c2b81

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@bitoku: This pull request references Jira Issue OCPBUGS-74525, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lyman9966

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 92c0952c-e59c-4fd0-95a7-214d54e2c35b

📥 Commits

Reviewing files that changed from the base of the PR and between f6ee4c0 and 55d3f7b.

⛔ Files ignored due to path filters (3)

• security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/zz_generated*
• security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• security/v1/zz_generated.featuregated-crd-manifests/securitycontextconstraints.security.openshift.io/UserNamespacesPodSecurityStandards.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**

📒 Files selected for processing (13)

• features.md
• features/features.go
• payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml
• payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml
• payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml
• security/v1/generated.proto
• security/v1/tests/securitycontextconstraints.security.openshift.io/UserNamespacesPodSecurityStandards.yaml
• security/v1/types.go

💤 Files with no reviewable changes (13)

• security/v1/types.go
• features.md
• security/v1/tests/securitycontextconstraints.security.openshift.io/UserNamespacesPodSecurityStandards.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml
• security/v1/generated.proto
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml
• payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml
• features/features.go
• payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml
• payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml

---

📝 Walkthrough

Walkthrough

This pull request removes two feature gates: UserNamespacesSupport and UserNamespacesPodSecurityStandards. The removals span feature gate definition files (features.go), documentation (features.md), configuration manifests across multiple Hypershift and SelfManagedHA profiles, and annotation references in proto and types definitions. Additionally, the test configuration file for UserNamespacesPodSecurityStandards is deleted. The changes eliminate these feature gates from the registry and all associated configuration profiles without modifying any remaining features or control flow.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	No pull request description was provided by the author, making it impossible to verify if the description relates to the changeset.	Add a clear description explaining why these feature gates are being removed and their current status (e.g., enabled by default since 4.21).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and clearly describes the primary change: removing two specific feature gates (UserNamespacesPodSecurityStandards and UserNamespacesSupport) across the codebase.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	PR does not introduce new or modified Ginkgo test code; changes affect feature gates, manifests, and data files only.
Test Structure And Quality	✅ Passed	The PR only removes a YAML test specification file without modifying actual Ginkgo test code. The test infrastructure maintains quality standards with table-driven tests, proper setup/cleanup, timeouts, and meaningful assertions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan for PR comments

• Generate coding plan

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hello @bitoku! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@bitoku: This pull request references Jira Issue OCPBUGS-74525, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lyman9966

Details

In response to this:

UserNamespacesPodSecurityStandards dropped in 1.35 kubernetes/kubernetes@e8bd3f6

UserNamespacesSupport enabled by default in 1.33 kubernetes/kubernetes@96c2b81

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bitoku]

/test all

[qodo-code-review]

PR-Agent: could not fine a component named all in a supported language in this PR.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bitoku]

/payload-job periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn-usernamespace

[openshift-ci]

@bitoku: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn-usernamespace

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/c6667530-1e26-11f1-9894-8d3e157c037f-0

[bitoku]

/retest

[openshift-ci]

@bitoku: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[bitoku]

/payload-job periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn-usernamespace

[openshift-ci]

@bitoku: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-ci-4.22-e2e-gcp-ovn-usernamespace

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4eb8e340-1ef0-11f1-9273-49c828a7ffdd-0