Skip to content

CNF-19617, CNF-21768, CNF-21832, CNF-22018: Sync from upstream (02-Apr-2026) #688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jzding wants to merge 23 commits into
base: main
Choose a base branch
from
Open

CNF-19617, CNF-21768, CNF-21832, CNF-22018: Sync from upstream (02-Apr-2026) #688

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
9b1e577
Set tls-profiles feature annotation to true in CSV
jzding Mar 11, 2026
099076a
Configure AWS timeout to 2 hours for long jobs
sshnaidm Mar 12, 2026
179c8f8
Merge pull request #195 from sshnaidm/fixjobtimeoutaws
edcdavid Mar 12, 2026
a13bcee
Merge pull request #194 from jzding/tls-profile
josephdrichard Mar 13, 2026
da824bf
Add T-BC clock class recovery test for upstream link outage
yaronh12 Mar 4, 2026
71b624a
Update Dockerfile.krp to use Go version 1.25.7 for the builder stage
edcdavid Mar 17, 2026
a5cfda4
Merge pull request #198 from edcdavid/fix-krp
nocturnalastro Mar 17, 2026
06fec1f
Added must-gather collection to CI
yaronh12 Mar 10, 2026
963e7f0
Expose system-level and base board hardware details in NodePtpDeviceS…
gtannous-spec Mar 18, 2026
5130c3d
Update Dockerfile builder image
nocturnalastro Mar 18, 2026
4ec2565
Merge pull request #200 from nocturnalastro/update_go_base_image
jzding Mar 18, 2026
0096e6b
Add test coverage for clockClass verification when locking PTP source…
aabughosh Mar 16, 2026
0a19e33
Upgrade to Go 1.25 and update dependencies
jzding Mar 19, 2026
6427ac2
Merge pull request #202 from jzding/tls-adherence
nocturnalastro Mar 23, 2026
93d102f
Merge pull request #185 from yaronh12/test-tbc-cc-upgrade-to-locked-a…
edcdavid Mar 23, 2026
da35c41
Merge pull request #192 from yaronh12/add-mustgather-to-ci
edcdavid Mar 23, 2026
9d5a3f2
update OWNERS
jzding Mar 21, 2026
7ae692d
Merge pull request #197 from aabughosh/addlocktest
jzding Mar 26, 2026
158f56c
Merge pull request #201 from gtannous-spec/baseboard-info
gtannous-spec Mar 31, 2026
b50744e
Add TLS adherence support
jzding Mar 26, 2026
47793bf
refactor: use nil TLSProfileSpec pointer to signal legacy TLS mode
jzding Mar 31, 2026
08dd224
Merge pull request #203 from jzding/update-owners
nocturnalastro Apr 1, 2026
ef75480
Merge pull request #206 from jzding/tls-adherence
jzding Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions .github/workflows/aws-ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ jobs:
role-to-assume: arn:aws:iam::058264082309:role/github-oidc-setup-david-Role-Kk44xkca6vIm
role-session-name: ${{ github.run_id }}
aws-region: us-east-1
role-duration-seconds: 7200

- name: Launch EC2 instance
id: launch
Expand Down
4 changes: 3 additions & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
FROM golang:1.24.7 AS builder
FROM registry.access.redhat.com/ubi9/go-toolset:1.25 AS builder
# Set as root to permission issues as its only for the builder
USER root
WORKDIR /go/src/github.com/k8snetworkplumbingwg/ptp-operator
COPY . .
ENV CGO_ENABLED=0
Expand Down
10 changes: 2 additions & 8 deletions OWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,10 @@
reviewers:
- aneeshkp
- josephdrichard
- jzding
- lack
- nocturnalastro
- vitus133
approvers:
- aneeshkp
- edcdavid
- josephdrichard
- jzding
- lack
- nocturnalastro
- sebsoto
- vitus133

component: "Networking"
Expand Down
56 changes: 56 additions & 0 deletions api/v1/nodeptpdevice_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,52 @@ type HwConfig struct {
Config *apiextensions.JSON `json:"config,omitempty"`
}

// SystemInfo contains system-level DMI/SMBIOS information (Type 1 - System Information)
type SystemInfo struct {
// Manufacturer is the system manufacturer from SMBIOS
// +optional
Manufacturer string `json:"manufacturer,omitempty"`

// ProductName is the system product name from SMBIOS
// +optional
ProductName string `json:"productName,omitempty"`

// Version is the system version from SMBIOS
// +optional
Version string `json:"version,omitempty"`

// SerialNumber is the system serial number from SMBIOS
// +optional
SerialNumber string `json:"serialNumber,omitempty"`

// SKUNumber is the system SKU number from SMBIOS
// +optional
SKUNumber string `json:"skuNumber,omitempty"`

// Family is the system family from SMBIOS
// +optional
Family string `json:"family,omitempty"`
}

// BaseBoardInfo contains base board DMI/SMBIOS information (Type 2 - Baseboard Information)
type BaseBoardInfo struct {
// Manufacturer is the base board manufacturer from SMBIOS
// +optional
Manufacturer string `json:"manufacturer,omitempty"`

// ProductName is the base board product name from SMBIOS
// +optional
ProductName string `json:"productName,omitempty"`

// Version is the base board version from SMBIOS
// +optional
Version string `json:"version,omitempty"`

// SerialNumber is the base board serial number from SMBIOS
// +optional
SerialNumber string `json:"serialNumber,omitempty"`
}

// NodePtpDeviceStatus defines the observed state of NodePtpDevice
type NodePtpDeviceStatus struct {

Expand All @@ -171,6 +217,16 @@ type NodePtpDeviceStatus struct {
// as well as its specific configuration settings.
// +optional
Hwconfig []HwConfig `json:"hwconfig,omitempty"`

// SystemInfo contains the system-level DMI/SMBIOS information for the node.
// This includes the system manufacturer, product name, version, serial number, SKU, and family.
// +optional
SystemInfo *SystemInfo `json:"systemInfo,omitempty"`

// BaseBoardInfo contains the base board DMI/SMBIOS information for the node.
// This includes the base board manufacturer, product name, version, and serial number.
// +optional
BaseBoardInfo *BaseBoardInfo `json:"baseBoardInfo,omitempty"`
}

//+kubebuilder:object:root=true
Expand Down
5 changes: 2 additions & 3 deletions api/v1/ptpconfig_webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,8 @@ var webhookClient client.Client
func (r *PtpConfig) SetupWebhookWithManager(mgr ctrl.Manager) error {
// Store the client for use in validation
webhookClient = mgr.GetClient()
return ctrl.NewWebhookManagedBy(mgr).
For(r).
WithValidator(&ptpConfigValidator{}).
return ctrl.NewWebhookManagedBy(mgr, r).
WithCustomValidator(&ptpConfigValidator{}).
Complete()
}

Expand Down
5 changes: 2 additions & 3 deletions api/v1/ptpoperatorconfig_webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,8 @@ var k8sclient client.Client

func (r *PtpOperatorConfig) SetupWebhookWithManager(mgr ctrl.Manager, client client.Client) error {
k8sclient = client
return ctrl.NewWebhookManagedBy(mgr).
For(r).
WithValidator(&ptpOperatorConfigValidator{}).
return ctrl.NewWebhookManagedBy(mgr, r).
WithCustomValidator(&ptpOperatorConfigValidator{}).
Complete()
}
Comment on lines 37 to 42
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify controller-runtime version supports this API pattern
echo "=== Checking controller-runtime version ==="
grep -E 'sigs.k8s.io/controller-runtime' go.mod | head -5

echo ""
echo "=== Verify CustomValidator interface usage in codebase ==="
rg -n 'WithCustomValidator' --type go -C2

Repository: openshift/ptp-operator

Length of output: 3193

Replace deprecated WithCustomValidator with WithValidator.

The code uses WithCustomValidator(), which is deprecated in controller-runtime v0.23.3 (line 84 of vendor/sigs.k8s.io/controller-runtime/pkg/builder/webhook.go marks it as deprecated with recommendation to use WithValidator instead). Update the webhook registration to use the non-deprecated WithValidator() method. The same issue exists in api/v1/ptpconfig_webhook.go line 60.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@api/v1/ptpoperatorconfig_webhook.go` around lines 37 - 42, Update the webhook
registration to stop using the deprecated WithCustomValidator and switch to
WithValidator: in the SetupWebhookWithManager function of PtpOperatorConfig
replace the call to WithCustomValidator(&ptpOperatorConfigValidator{}) with
WithValidator(&ptpOperatorConfigValidator{}), and make the analogous change in
api/v1/ptpconfig_webhook.go (the SetupWebhookWithManager there) replacing
WithCustomValidator usage for its validator with WithValidator to match
controller-runtime v0.23.3.


Expand Down
40 changes: 40 additions & 0 deletions api/v1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions bindata/linuxptp/ptp-daemon.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,12 @@ spec:
args:
- --logtostderr
- --secure-listen-address=:8443
{{- if .TLSCipherSuites}}
- --tls-cipher-suites={{.TLSCipherSuites}}
{{- end}}
{{- if .TLSMinVersion}}
- --tls-min-version={{.TLSMinVersion}}
{{- end}}
- --upstream=http://127.0.0.1:9091/
- --tls-private-key-file=/etc/metrics/tls.key
- --tls-cert-file=/etc/metrics/tls.crt
Expand Down Expand Up @@ -168,6 +172,8 @@ spec:
tlsConfig:
caFile: "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt"
serverName: "ptp-monitor-service.{{.Namespace}}.svc"
certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
jobLabel: app
namespaceSelector:
matchNames:
Expand Down
4 changes: 2 additions & 2 deletions bundle/manifests/ptp-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ metadata:
categories: Networking
certified: "false"
containerImage: quay.io/openshift/origin-ptp-operator:4.22
createdAt: "2026-03-05T21:22:01Z"
createdAt: "2026-03-18T15:32:00Z"
description: This software enables configuration of Precision Time Protocol(PTP)
on Kubernetes. It detects hardware capable PTP devices on each node, and configures
linuxptp processes such as ptp4l, phc2sys and timemaster.
Expand All @@ -71,7 +71,7 @@ metadata:
features.operators.openshift.io/disconnected: "true"
features.operators.openshift.io/fips-compliant: "true"
features.operators.openshift.io/proxy-aware: "false"
features.operators.openshift.io/tls-profiles: "false"
features.operators.openshift.io/tls-profiles: "true"
features.operators.openshift.io/token-auth-aws: "false"
features.operators.openshift.io/token-auth-azure: "false"
features.operators.openshift.io/token-auth-gcp: "false"
Expand Down
44 changes: 44 additions & 0 deletions bundle/manifests/ptp.openshift.io_nodeptpdevices.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,26 @@ spec:
status:
description: NodePtpDeviceStatus defines the observed state of NodePtpDevice
properties:
baseBoardInfo:
description: |-
BaseBoardInfo contains the base board DMI/SMBIOS information for the node.
This includes the base board manufacturer, product name, version, and serial number.
properties:
manufacturer:
description: Manufacturer is the base board manufacturer from
SMBIOS
type: string
productName:
description: ProductName is the base board product name from SMBIOS
type: string
serialNumber:
description: SerialNumber is the base board serial number from
SMBIOS
type: string
version:
description: Version is the base board version from SMBIOS
type: string
type: object
devices:
description: |-
PtpDevice represents a PTP device available in the cluster node.
Expand Down Expand Up @@ -165,6 +185,30 @@ spec:
type: string
type: object
type: array
systemInfo:
description: |-
SystemInfo contains the system-level DMI/SMBIOS information for the node.
This includes the system manufacturer, product name, version, serial number, SKU, and family.
properties:
family:
description: Family is the system family from SMBIOS
type: string
manufacturer:
description: Manufacturer is the system manufacturer from SMBIOS
type: string
productName:
description: ProductName is the system product name from SMBIOS
type: string
serialNumber:
description: SerialNumber is the system serial number from SMBIOS
type: string
skuNumber:
description: SKUNumber is the system SKU number from SMBIOS
type: string
version:
description: Version is the system version from SMBIOS
type: string
type: object
type: object
type: object
served: true
Expand Down
44 changes: 44 additions & 0 deletions config/crd/bases/ptp.openshift.io_nodeptpdevices.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,26 @@ spec:
status:
description: NodePtpDeviceStatus defines the observed state of NodePtpDevice
properties:
baseBoardInfo:
description: |-
BaseBoardInfo contains the base board DMI/SMBIOS information for the node.
This includes the base board manufacturer, product name, version, and serial number.
properties:
manufacturer:
description: Manufacturer is the base board manufacturer from
SMBIOS
type: string
productName:
description: ProductName is the base board product name from SMBIOS
type: string
serialNumber:
description: SerialNumber is the base board serial number from
SMBIOS
type: string
version:
description: Version is the base board version from SMBIOS
type: string
type: object
devices:
description: |-
PtpDevice represents a PTP device available in the cluster node.
Expand Down Expand Up @@ -165,6 +185,30 @@ spec:
type: string
type: object
type: array
systemInfo:
description: |-
SystemInfo contains the system-level DMI/SMBIOS information for the node.
This includes the system manufacturer, product name, version, serial number, SKU, and family.
properties:
family:
description: Family is the system family from SMBIOS
type: string
manufacturer:
description: Manufacturer is the system manufacturer from SMBIOS
type: string
productName:
description: ProductName is the system product name from SMBIOS
type: string
serialNumber:
description: SerialNumber is the system serial number from SMBIOS
type: string
skuNumber:
description: SKUNumber is the system SKU number from SMBIOS
type: string
version:
description: Version is the system version from SMBIOS
type: string
type: object
type: object
type: object
served: true
Expand Down
2 changes: 1 addition & 1 deletion config/manifests/bases/ptp-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ metadata:
features.operators.openshift.io/disconnected: "true"
features.operators.openshift.io/fips-compliant: "true"
features.operators.openshift.io/proxy-aware: "false"
features.operators.openshift.io/tls-profiles: "false"
features.operators.openshift.io/tls-profiles: "true"
features.operators.openshift.io/token-auth-aws: "false"
features.operators.openshift.io/token-auth-azure: "false"
features.operators.openshift.io/token-auth-gcp: "false"
Expand Down
2 changes: 2 additions & 0 deletions config/prometheus/monitor.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ spec:
tlsConfig:
caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
serverName: ptp-operator-metrics-service.openshift-ptp.svc
certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
selector:
matchLabels:
control-plane: controller-manager
Loading