TLS curves configuration feature gate

[richardsonnick]

Adds feature gate for TLS curves configuration in API config.

Enhancement PR: openshift/enhancements#1894
Implementation PR: #2583

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new public feature gate FeatureGateTLSCurvesConfiguration to the feature gate declarations and updates documentation and multiple FeatureGate payload manifests to include the new gate. The gate is declared with name "TLSCurvesConfiguration", enabledIn configv1.DevPreviewNoUpgrade, and is registered via mustRegister(). Payload manifests mark it enabled in DevPreviewNoUpgrade variants and list it in disabled arrays for Default and TechPreviewNoUpgrade variants. features.md gains a corresponding row. No changes to control flow or error handling.

Changes

Cohort / File(s)	Summary
Feature gate declaration & docs features/features.go, features.md	Adds public FeatureGateTLSCurvesConfiguration to allFeatureGates with name "TLSCurvesConfiguration", Jira component "Networking", contact "davidesalerno", product scope ocpSpecific, enhancement PR "https://github.com/openshift/enhancements/pull/1894", enableIn(configv1.DevPreviewNoUpgrade), and mustRegister(). Adds a corresponding row in features.md.
Payload manifests — Hypershift variants payload-manifests/featuregates/featureGate-Hypershift-Default.yaml, payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml, payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml	Inserts TLSCurvesConfiguration into Hypershift FeatureGate YAMLs: present in the enabled list for DevPreviewNoUpgrade; present in the disabled lists for Default and TechPreviewNoUpgrade.
Payload manifests — SelfManagedHA variants payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml, payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml, payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml	Inserts TLSCurvesConfiguration into SelfManagedHA FeatureGate YAMLs: present in the enabled list for DevPreviewNoUpgrade; present in the disabled lists for Default and TechPreviewNoUpgrade.

Estimated code review effort

Medium — verify metadata and placement across manifests and docs.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a feature gate for TLS curves configuration, which matches the primary focus across all modified files.
Description check	✅ Passed	The description relates to the changeset by explaining the purpose (adding a feature gate for TLS curves configuration) and providing relevant context through enhancement and implementation PR references.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between b1e173a and e39035c.

📒 Files selected for processing (10)

• features.md
• features/features.go
• payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
• payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml
• payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
• payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml
• payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml

🚧 Files skipped from review as they are similar to previous changes (5)

• features.md
• payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
• payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
• payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml

🧰 Additional context used

🧬 Code graph analysis (1)

features/features.go (1)

config/v1/types_feature.go (1)

• DevPreviewNoUpgrade (49-49)

🔇 Additional comments (5)

features/features.go (1)

941-947: LGTM! Feature gate declaration follows established patterns.

The new FeatureGateTLSCurvesConfiguration feature gate is correctly configured with all required metadata (Jira component, contact person, product scope, enhancement PR) and appropriately enabled only in DevPreviewNoUpgrade, which is the right initial rollout stage for a new feature.

payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml (1)

215-217: LGTM! Correctly added to disabled list.

TLSCurvesConfiguration is appropriately placed in the disabled list for the OKD feature set, with correct alphabetical ordering between SignatureStores and VSphereConfigurableMaxAllowedBlockVolumesPerNode.

payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml (1)

213-215: LGTM! Correctly added to disabled list.

TLSCurvesConfiguration is appropriately placed in the disabled list for the Default feature set, maintaining proper alphabetical ordering.

payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml (1)

218-220: LGTM! Correctly added to disabled list.

TLSCurvesConfiguration is appropriately placed in the disabled list for the Hypershift OKD feature set, with correct alphabetical ordering.

payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml (1)

74-75: LGTM! Correctly added to disabled list.

TLSCurvesConfiguration is appropriately placed in the disabled list for the TechPreviewNoUpgrade feature set, maintaining correct alphabetical ordering after ShortCertRotation.

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hello @richardsonnick! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci-robot]

Pipeline controller notification
This repository is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[everettraven]

Why should problems be reported to this component?

[everettraven]

To clarify, I'm asking because I don't see any stakeholders from the team responsible for this component represented in the enhancement proposal as reviewers or having signed off on being on the hook for bugs and issues related to this feature.

[richardsonnick]

Hey @everettraven,
Sorry for the confusion, I'm working with @davidesalerno to add supporting docs for the new feature introduced here: #2583

We decided Networking was the best component.

[everettraven]

@richardsonnick Looks like this may need a rebase and it looks like you are missing the generated file updates here.

Running PROTO_OPTIONAL=true make update should re-generate everything you need.

[richardsonnick]

@richardsonnick Looks like this may need a rebase and it looks like you are missing the generated file updates here.

Running PROTO_OPTIONAL=true make update should re-generate everything you need.

Rebased and updated generated files. Thanks for the review

[everettraven]

/lgtm

[openshift-ci-robot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: everettraven

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [everettraven]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[davidesalerno]

As discussed with @richardsonnick I need to verify if Jira component and contact person values are the right ones.

Should we also add some tests (see here)?

/hold

[JoelSpeed]

Tests are not required for new fates, only new fields. When you add the API tests will be important

[openshift-ci]

New changes are detected. LGTM label has been removed.

[richardsonnick]

Rebased + codegen

[openshift-ci]

@richardsonnick: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-serial-techpreview-1of2	b1e173a	link	true	/test e2e-aws-serial-techpreview-1of2
ci/prow/e2e-aws-serial-1of2	b1e173a	link	true	/test e2e-aws-serial-1of2
ci/prow/e2e-aws-ovn-hypershift	b1e173a	link	true	/test e2e-aws-ovn-hypershift
ci/prow/okd-scos-images	e39035c	link	true	/test okd-scos-images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.