From c12dd13c22cd5f58cd2f256e66cfd86a805a4fd8 Mon Sep 17 00:00:00 2001 From: Danilo Gemoli Date: Mon, 22 Dec 2025 14:04:06 +0100 Subject: [PATCH 1/4] feat(prowgen): add lease proxy server spec --- pkg/api/constant.go | 2 ++ pkg/prowgen/jobbase.go | 2 ++ pkg/prowgen/podspec.go | 24 +++++++++++++++++++ ...multi_stage_test_with_cluster_profile.yaml | 8 +++++++ 4 files changed, 36 insertions(+) diff --git a/pkg/api/constant.go b/pkg/api/constant.go index 0f2940c0c9..ded5c02d6f 100644 --- a/pkg/api/constant.go +++ b/pkg/api/constant.go @@ -85,6 +85,8 @@ const ( NestedPodmanSCC = "nested-podman" NestedPodmanClusterRole = "nested-podman-creater" + + LeaseProxyServerPort = 8082 ) var ( diff --git a/pkg/prowgen/jobbase.go b/pkg/prowgen/jobbase.go index a0acc6398a..612d9f0ca1 100644 --- a/pkg/prowgen/jobbase.go +++ b/pkg/prowgen/jobbase.go @@ -146,6 +146,7 @@ func NewProwJobBaseBuilderForTest(configSpec *cioperatorapi.ReleaseBuildConfigur case test.MultiStageTestConfigurationLiteral != nil: if clusterProfile := test.MultiStageTestConfigurationLiteral.ClusterProfile; clusterProfile != "" { p.PodSpec.Add(LeaseClient()) + p.PodSpec.Add(LeaseProxyServer()) p.WithLabel(cioperatorapi.CloudClusterProfileLabel, string(clusterProfile)) p.WithLabel(cioperatorapi.CloudLabel, clusterProfile.ClusterType()) } @@ -158,6 +159,7 @@ func NewProwJobBaseBuilderForTest(configSpec *cioperatorapi.ReleaseBuildConfigur case test.MultiStageTestConfiguration != nil: if clusterProfile := test.MultiStageTestConfiguration.ClusterProfile; clusterProfile != "" { p.PodSpec.Add(LeaseClient()) + p.PodSpec.Add(LeaseProxyServer()) p.WithLabel(cioperatorapi.CloudClusterProfileLabel, string(clusterProfile)) p.WithLabel(cioperatorapi.CloudLabel, clusterProfile.ClusterType()) } diff --git a/pkg/prowgen/podspec.go b/pkg/prowgen/podspec.go index 44f67993ba..973e5e6d14 100644 --- a/pkg/prowgen/podspec.go +++ b/pkg/prowgen/podspec.go @@ -181,6 +181,13 @@ func addVolumeMount(container *corev1.Container, wantMount corev1.VolumeMount) e return nil } +func addPort(c *corev1.Container, name string, port int32) { + c.Ports = append(c.Ports, corev1.ContainerPort{ + Name: name, + ContainerPort: port, + }) +} + func makeSecretAddingMutator(secretName string) PodSpecMutator { return func(spec *corev1.PodSpec) error { safeName := strings.ReplaceAll(secretName, ".", "-") @@ -460,6 +467,15 @@ var ( MountPath: "/etc/boskos", ReadOnly: true, } + + leaseProxyServerEnv = corev1.EnvVar{ + Name: "CI_OPERATOR_POD_IP", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "status.podIP", + }, + }, + } ) // LeaseClient configures ci-operator to be able to interact with Boskos (lease @@ -479,6 +495,14 @@ func LeaseClient() PodSpecMutator { } +func LeaseProxyServer() PodSpecMutator { + return func(spec *corev1.PodSpec) error { + container := &spec.Containers[0] + addPort(container, "lease-proxy", cioperatorapi.LeaseProxyServerPort) + return addEnvVar(container, leaseProxyServerEnv) + } +} + var ( hiveSecretVolume = corev1.Volume{ Name: cioperatorapi.HiveControlPlaneKubeconfigSecret, diff --git a/pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_cluster_profile.yaml b/pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_cluster_profile.yaml index 1866776d56..7fa05b9360 100644 --- a/pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_cluster_profile.yaml +++ b/pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_cluster_profile.yaml @@ -16,9 +16,17 @@ spec: - --target=simple command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m From cfe3cb112c1ee6fff9d1d3b69c227e5748b076f3 Mon Sep 17 00:00:00 2001 From: Danilo Gemoli Date: Thu, 8 Jan 2026 15:02:20 +0100 Subject: [PATCH 2/4] fix: fix ephemeral cluster unit tests --- ...wJob_An_EphemeralCluster_request_creates_a_ProwJob.yaml | 7 +++++++ ...eateProwJob_Hive_cluster_request_creates_a_ProwJob.yaml | 7 +++++++ ...re_pj_TestCreateProwJob_Inject_missing_PR_metadata.yaml | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_An_EphemeralCluster_request_creates_a_ProwJob.yaml b/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_An_EphemeralCluster_request_creates_a_ProwJob.yaml index 3c1ac3ede9..db84213586 100644 --- a/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_An_EphemeralCluster_request_creates_a_ProwJob.yaml +++ b/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_An_EphemeralCluster_request_creates_a_ProwJob.yaml @@ -53,6 +53,10 @@ items: command: - ci-operator env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: UNRESOLVED_CONFIG value: | base_images: @@ -123,6 +127,9 @@ items: image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m diff --git a/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Hive_cluster_request_creates_a_ProwJob.yaml b/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Hive_cluster_request_creates_a_ProwJob.yaml index 56b1114987..345548a58f 100644 --- a/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Hive_cluster_request_creates_a_ProwJob.yaml +++ b/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Hive_cluster_request_creates_a_ProwJob.yaml @@ -54,6 +54,10 @@ items: command: - ci-operator env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: UNRESOLVED_CONFIG value: | base_images: @@ -129,6 +133,9 @@ items: image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m diff --git a/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Inject_missing_PR_metadata.yaml b/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Inject_missing_PR_metadata.yaml index c50bdf5c19..58f5038f2f 100644 --- a/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Inject_missing_PR_metadata.yaml +++ b/pkg/controller/ephemeralcluster/testdata/zz_fixture_pj_TestCreateProwJob_Inject_missing_PR_metadata.yaml @@ -53,6 +53,10 @@ items: command: - ci-operator env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: UNRESOLVED_CONFIG value: | base_images: @@ -123,6 +127,9 @@ items: image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m From 2bb9007370e27835a7d14c3d4b5698a74ccbd83e Mon Sep 17 00:00:00 2001 From: Danilo Gemoli Date: Thu, 8 Jan 2026 22:36:33 +0100 Subject: [PATCH 3/4] fix: fix integration tests --- .../duper/super-duper-master-presubmits.yaml | 16 ++++++++++++++++ .../trooper/super-trooper-master-presubmits.yaml | 8 ++++++++ test/integration/pj-rehearse/expected.yaml | 7 +++++++ .../trooper/super-trooper-master-presubmits.yaml | 8 ++++++++ .../jobs/org/repo/org-repo-main-presubmits.yaml | 16 ++++++++++++++++ .../third/org-third-nonstandard-presubmits.yaml | 8 ++++++++ 6 files changed, 63 insertions(+) diff --git a/test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-presubmits.yaml b/test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-presubmits.yaml index c6a12217fd..a55757119d 100644 --- a/test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-presubmits.yaml +++ b/test/integration/ci-operator-prowgen/output/jobs/super/duper/super-duper-master-presubmits.yaml @@ -327,9 +327,17 @@ presubmits: - --target=optional-job command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m @@ -447,9 +455,17 @@ presubmits: - --target=registry-with-profile command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m diff --git a/test/integration/pj-rehearse/candidate/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml b/test/integration/pj-rehearse/candidate/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml index 51d54fa720..e2e923c8b4 100644 --- a/test/integration/pj-rehearse/candidate/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml +++ b/test/integration/pj-rehearse/candidate/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml @@ -291,9 +291,17 @@ presubmits: - --target=multistage3 command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m diff --git a/test/integration/pj-rehearse/expected.yaml b/test/integration/pj-rehearse/expected.yaml index f948704cce..31ed88ba7c 100644 --- a/test/integration/pj-rehearse/expected.yaml +++ b/test/integration/pj-rehearse/expected.yaml @@ -1328,11 +1328,18 @@ command: - ci-operator env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: CONFIG_SPEC value: H4sIAAAAAAAC/8RUTWsbMRC976+YW6CgsHbTy95ycHsKlNT3Zbw7lkX11ZlZF5v++KLdtbHT4FIoyUnSm6c3T09IGxRqXUBL0lQAZVlGgIiBGkjsrItm/3Bfn1HJ2JVSpig7t9WxoGibcXe1GZzvW05Ji9Ao3YoyYWgL6UKcyVPZ8XdhmzxGaxb3i7o6mTWw5RTmpgCaGlASNWO9YpI0cDed6u7D3dTXu+BUpjlAl4cGPtX1kxsBph8DyYvyolQVbSuZOrd1HapLsVBeC+jVU+gkagClgTB4daJo6WNV/Cgx+laU8ty384MocZs5bZ2nBvA4MD2MtZxEJ9Yk5rIzPWVOeycuRRMGUWNRd8SnM6QQMPbSwK8ZAbgiTBm6KIren9Gr9E7QdToXCdV1uAADhcSHBpZf3A2rF/MbVs8hmjkW6EmU0+HN3Geml4nP7QxvsLvhXUiHPJLM8h3CPrmcx38Ked4DxkT6+dmjnbkU9ydHBnra4uB1enWQkTHQdEMjfpaf3sl69W3dfn18fnxarVfPb5ZH8XZ5f7SkP5II+J3ARSXL4+O+MhcO84fyf70dj62lSIxKfRtIsUfF8QNmjN2umCo3UQEktg3IkMcFUy7fHKdU1r8DAAD//6N08j28BQAA image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m diff --git a/test/integration/pj-rehearse/master/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml b/test/integration/pj-rehearse/master/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml index 804f692db9..2e6ab388eb 100644 --- a/test/integration/pj-rehearse/master/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml +++ b/test/integration/pj-rehearse/master/ci-operator/jobs/super/trooper/super-trooper-master-presubmits.yaml @@ -291,9 +291,17 @@ presubmits: - --target=multistage3 command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m diff --git a/test/integration/repo-init/expected/ci-operator/jobs/org/repo/org-repo-main-presubmits.yaml b/test/integration/repo-init/expected/ci-operator/jobs/org/repo/org-repo-main-presubmits.yaml index 9d429801db..143bc5e9bb 100644 --- a/test/integration/repo-init/expected/ci-operator/jobs/org/repo/org-repo-main-presubmits.yaml +++ b/test/integration/repo-init/expected/ci-operator/jobs/org/repo/org-repo-main-presubmits.yaml @@ -83,9 +83,17 @@ presubmits: - --target=e2e command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m @@ -157,9 +165,17 @@ presubmits: - --target=e2e-aws command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m diff --git a/test/integration/repo-init/expected/ci-operator/jobs/org/third/org-third-nonstandard-presubmits.yaml b/test/integration/repo-init/expected/ci-operator/jobs/org/third/org-third-nonstandard-presubmits.yaml index aab10c4d99..44fa638a71 100644 --- a/test/integration/repo-init/expected/ci-operator/jobs/org/third/org-third-nonstandard-presubmits.yaml +++ b/test/integration/repo-init/expected/ci-operator/jobs/org/third/org-third-nonstandard-presubmits.yaml @@ -30,9 +30,17 @@ presubmits: - --target=e2e command: - ci-operator + env: + - name: CI_OPERATOR_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest imagePullPolicy: Always name: "" + ports: + - containerPort: 8082 + name: lease-proxy resources: requests: cpu: 10m From 63e843182aacdd08eb51e2f05b99471d22a7d5b8 Mon Sep 17 00:00:00 2001 From: Danilo Gemoli Date: Fri, 9 Jan 2026 11:05:44 +0100 Subject: [PATCH 4/4] feat(prowgen): skip duplicate container ports --- pkg/prowgen/podspec.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/prowgen/podspec.go b/pkg/prowgen/podspec.go index 973e5e6d14..7a6c850281 100644 --- a/pkg/prowgen/podspec.go +++ b/pkg/prowgen/podspec.go @@ -182,6 +182,12 @@ func addVolumeMount(container *corev1.Container, wantMount corev1.VolumeMount) e } func addPort(c *corev1.Container, name string, port int32) { + for i := range c.Ports { + p := &c.Ports[i] + if p.Name == name || p.ContainerPort == port { + return + } + } c.Ports = append(c.Ports, corev1.ContainerPort{ Name: name, ContainerPort: port,