WIP: OCPBUGS-80958: NodeUID in status to detect replaced node with same name

[bhperry]

No description provided.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@bhperry: This pull request references Jira Issue OCPBUGS-80958, which is invalid:

• expected the bug to target the "5.0.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

This change introduces a new nodeUID field to the NodeStatus data structure. The Go struct definition in operator/v1/types.go adds an optional nodeUID field of type types.UID. Correspondingly, the CRD manifest files for Etcd, KubeAPIServer, KubeControllerManager, and KubeScheduler are updated to include the nodeUID string field in their nodeStatuses schema definitions. The new field is documented as a mechanism for tracking node identity and detecting when nodes are deleted and recreated with the same name.

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, so this check cannot assess relevance or quality of description content.	Consider adding a description explaining the purpose, motivation, and implementation details of the NodeUID field addition.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the main change: adding NodeUID to status for detecting replaced nodes with the same name, and references the bug ID OCPBUGS-80958.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies type definitions and CRD YAML files only, containing no Ginkgo test files or dynamic test names.
Test Structure And Quality	✅ Passed	PR modifies only Go struct fields and CRD YAML manifests without adding or modifying any Ginkgo test code.
Microshift Test Compatibility	✅ Passed	This pull request does not add any new Ginkgo e2e tests. The changes consist entirely of adding a nodeUID field to the NodeStatus struct and updating corresponding nodeUID field definitions in CRD YAML manifest files. Since the custom check applies only to newly added Ginkgo e2e tests, the check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. Changes consist of a Go struct field addition and CRD YAML schema updates. No Ginkgo test constructs are introduced, so the custom check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR introduces only a passive nodeUID data field for node identity tracking with no scheduling constraints or topology requirements.
Ote Binary Stdout Contract	✅ Passed	Pull request only adds struct field definitions and static YAML configuration without executable code that could write to stdout in process-level contexts.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This pull request does not add any new Ginkgo e2e tests. The changes consist solely of API type definitions and CRD manifest YAML files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.11.4)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

Hello @bhperry! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign everettraven for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bhperry]

/jira refresh

[openshift-ci-robot]

@bhperry: This pull request references Jira Issue OCPBUGS-80958, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bhperry]

/retest

[openshift-ci]

@bhperry: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

operator/v1/types.go (1)

262-264: ⚠️ Potential issue | 🟠 Major

Validators on currentRevision block the reset behavior documented for nodeUID changes

Lines 262 and 278 enforce that currentRevision cannot be unset once set and must only increase. However, the nodeUID field added in lines 270–274 explicitly documents that status should reset when the UID changes (indicating node replacement). These validators prevent that reset, blocking the intended functionality.

The validators must be conditioned to allow reset when nodeUID changes:

Suggested fix

Modify line 262 to allow unsetting when nodeUID changes:

-// +kubebuilder:validation:XValidation:rule="has(self.currentRevision) || !has(oldSelf.currentRevision)",message="cannot be unset once set",fieldPath=".currentRevision"
+// +kubebuilder:validation:XValidation:rule="has(self.currentRevision) || !has(oldSelf.currentRevision) || (has(self.nodeUID) && has(oldSelf.nodeUID) && self.nodeUID != oldSelf.nodeUID)",message="cannot be unset once set unless nodeUID changes",fieldPath=".currentRevision"

Modify line 278 to allow decrease when nodeUID changes:

-// +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="must only increase"
+// +kubebuilder:validation:XValidation:rule="!has(self.currentRevision) || !has(oldSelf.currentRevision) || self.currentRevision >= oldSelf.currentRevision || (has(self.nodeUID) && has(oldSelf.nodeUID) && self.nodeUID != oldSelf.nodeUID)",message="must only increase unless nodeUID changes",optionalOldSelf=true,fieldPath=".currentRevision"

Also applies to: lines 270–275, 278–280

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@operator/v1/types.go` around lines 262 - 264, The XValidation rules on the
status fields currentRevision and targetRevision currently forbid
unsetting/decreasing but must allow that when the node was replaced (nodeUID
changed); update the XValidation expressions on the currentRevision and
targetRevision tags to include an OR that permits the change if self.nodeUID !=
oldSelf.nodeUID (or if oldSelf.nodeUID is missing) so the rule reads roughly
"has(self.currentRevision) || !has(oldSelf.currentRevision) || self.nodeUID !=
oldSelf.nodeUID" (and similarly allow decrease for targetRevision by adding "||
self.nodeUID != oldSelf.nodeUID"); ensure optionalOldSelf=true is present where
needed and adjust the two validation annotations referencing
currentRevision/targetRevision to include this nodeUID-change exception.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@payload-manifests/crds/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml`:
- Around line 264-269: Summary: The schema claims status should reset when
nodeUID changes, but nodeStatuses is keyed only by nodeName and
revision/validation rules enforce monotonic behavior, blocking resets on node
replacement; update the CRD so UID changes can represent a fresh status. Fix:
modify the manifest so either (A) nodeStatuses map key includes nodeUID (e.g.,
composite key or change to a map keyed by "nodeName+nodeUID") or (B) keep
nodeName key but add nodeUID as a required field inside each nodeStatuses value
and change the revision/validation rules (the fields enforcing
monotonic/non-unset revisions such as the condition revision constraints) to
only apply when the stored nodeUID equals the incoming nodeUID; ensure the
condition revision validations reference nodeUID equality (not just nodeName) or
are scoped to the value object so a UID change bypasses monotonic checks.
Reference symbols: nodeUID, nodeStatuses, and the condition/revision validation
rules that enforce monotonic/non-unset behavior.

---

Outside diff comments:
In `@operator/v1/types.go`:
- Around line 262-264: The XValidation rules on the status fields
currentRevision and targetRevision currently forbid unsetting/decreasing but
must allow that when the node was replaced (nodeUID changed); update the
XValidation expressions on the currentRevision and targetRevision tags to
include an OR that permits the change if self.nodeUID != oldSelf.nodeUID (or if
oldSelf.nodeUID is missing) so the rule reads roughly "has(self.currentRevision)
|| !has(oldSelf.currentRevision) || self.nodeUID != oldSelf.nodeUID" (and
similarly allow decrease for targetRevision by adding "|| self.nodeUID !=
oldSelf.nodeUID"); ensure optionalOldSelf=true is present where needed and
adjust the two validation annotations referencing currentRevision/targetRevision
to include this nodeUID-change exception.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d56018d4-5aa4-4450-9d29-87334e0bb187

📥 Commits

Reviewing files that changed from the base of the PR and between 589eff0 and 07f1fbe.

⛔ Files ignored due to path filters (17)

• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*
• openapi/openapi.json is excluded by !openapi/**
• operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-OKD.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• operator/v1/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/EtcdBackendQuota.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/EventTTL.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.featuregated-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.featuregated-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*

📒 Files selected for processing (9)

• operator/v1/types.go
• payload-manifests/crds/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml
• payload-manifests/crds/0000_12_etcd_01_etcds-Default.crd.yaml
• payload-manifests/crds/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml
• payload-manifests/crds/0000_12_etcd_01_etcds-OKD.crd.yaml
• payload-manifests/crds/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml
• payload-manifests/crds/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml
• payload-manifests/crds/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml
• payload-manifests/crds/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml