CONSOLE-5163: Add labels field to Ingress componentRoutes

[Leo6Leo]

Summary

Add a labels field (map[string]string) to ComponentRouteSpec in the Ingress config API (config/v1). This allows cluster admins to specify labels on component routes that IngressControllers use for route selection and sharding.

Motivation

When running multiple IngressControllers (e.g., for internal vs. external traffic), each controller uses route labels/selectors to determine which routes it manages. Currently, componentRoutes entries have no way to specify labels, so component routes (like the console) always land on the default IngressController. This makes it impossible to route console traffic through a specific shard without manual post-creation patching.

Changes

• Add labels field to ComponentRouteSpec with: - +optional, +mapType=granular for proper strategic merge patch
• maxProperties=8 upper bound
• CEL validation enforcing Kubernetes label key/value format
• Regenerated CRD manifests, OpenAPI, deepcopy, and swagger docs
• Unit tests covering valid labels, empty map, invalid key/value rejection, maxProperties overflow, and update scenarios

Example

spec:
    componentRoutes:
    - name: console-2
      namespace: openshift-console
      hostname: console.internal.corp.example.com
      labels:
        ingress: shard-console2
    - name: console-3
      namespace: openshift-console
      hostname: console.private.corp.example.com
      labels:
        ingress: shard-console3

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@Leo6Leo: This pull request references CONSOLE-5163 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Add a labels field (map[string]string) to ComponentRouteSpec in the Ingress config API (config/v1). This allows cluster admins to specify labels on component routes that IngressControllers use for route selection and sharding.

Motivation

When running multiple IngressControllers (e.g., for internal vs. external traffic), each controller uses route labels/selectors to determine which routes it manages. Currently, componentRoutes entries have no way to specify labels, so component routes (like the console) always land on the default IngressController. This makes it impossible to route console traffic through a specific shard without manual post-creation patching.

Changes

• Add labels field to ComponentRouteSpec with: - +optional, +mapType=granular for proper strategic merge patch
• maxProperties=8 upper bound
• CEL validation enforcing Kubernetes label key/value format
• Regenerated CRD manifests, OpenAPI, deepcopy, and swagger docs
• Unit tests covering valid labels, empty map, invalid key/value rejection, maxProperties overflow, and update scenarios

Example

spec:
   componentRoutes:
   - name: [console-2](https://redhat.atlassian.net/browse/console-2)
     namespace: openshift-console
     hostname: console.internal.corp.example.com
     labels:
       ingress: shard-console2
   - name: [console-3](https://redhat.atlassian.net/browse/console-3)
     namespace: openshift-console
     hostname: console.private.corp.example.com
     labels:
       ingress: shard-console3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Hello @Leo6Leo! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds support for attaching labels to component-managed routes in the OpenShift Ingress CRD. The change introduces a new optional Labels map field to ComponentRouteSpec, constrained to a maximum of 8 labels with Kubernetes-compliant key and value formats. The Go type definition is updated with kubebuilder annotations, the CRD schema is enhanced with corresponding validation rules, and test coverage validates both successful label operations and validation error cases.

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately and concisely describes the main change: adding a labels field to the Ingress componentRoutes specification.
Description check	✅ Passed	The PR description is comprehensive and clearly related to the changeset, detailing the motivation, specific changes, validation rules, and providing concrete usage examples.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in AAA_ungated.yaml are stable and deterministic. The 11 test entries contain no dynamic content and use clear, descriptive static strings that won't change between runs.
Test Structure And Quality	✅ Passed	PR adds YAML CRD validation test cases, not Ginkgo tests. The custom check for Ginkgo quality is not applicable to this PR.
Microshift Test Compatibility	✅ Passed	Not applicable. PR adds CRD validation test YAML, type definitions, and CRD manifests, but no Ginkgo e2e tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. The modified files contain only API type definitions and CRD schema validation test YAML, not Ginkgo e2e test code. The check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR adds labels metadata to the Ingress CRD API schema. It is not a deployment or operator change, and introduces no scheduling constraints or topology assumptions.
Ote Binary Stdout Contract	✅ Passed	PR modifies only YAML test configs, YAML CRD manifests, and Go type definitions. No process-level code or stdout writes. No OTE Binary Stdout Contract violation.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It only adds YAML-based CRD validation test specifications, Go type definitions, and CRD manifests. The custom check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@config/v1/types_ingress.go`:
- Around line 249-260: The comment for the Labels field is missing the behavior
when omitted and doesn't document the MaxProperties=8 kubebuilder constraint;
update the comment for the Labels (the map with +optional, +mapType=granular and
+kubebuilder:validation:MaxProperties=8) to state that the field is optional,
what happens when it is omitted (e.g., no additional labels will be applied to
the created route), and explicitly document the MaxProperties=8 limit (maximum
of 8 user-supplied labels) along with the existing label key/value validation
rules so all kubebuilder markers are reflected in the field documentation.
- Around line 249-261: Add an OpenShift feature-gate annotation above the new
Labels field so the stable API field is gated; specifically, add a
kubebuilder/openShift annotation like
"+openshift:enable:FeatureGate=MyFeatureGate" immediately before the "Labels
map[string]string `json:\"labels,omitempty\"`" declaration in types_ingress.go
(replace MyFeatureGate with the chosen gate name, e.g., IngressLabels) so the
new Labels field is activated only when that feature gate is enabled.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: b6586099-0cdf-4a7c-bbfb-fe467ed6e955

📥 Commits

Reviewing files that changed from the base of the PR and between 73d7ca9 and 1fde3f0.

⛔ Files ignored due to path filters (5)

• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_ingresses.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• config/v1/zz_generated.featuregated-crd-manifests/ingresses.config.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*

📒 Files selected for processing (3)

• config/v1/tests/ingresses.config.openshift.io/AAA_ungated.yaml
• config/v1/types_ingress.go
• payload-manifests/crds/0000_10_config-operator_01_ingresses.crd.yaml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document omitted behavior and map-size constraint in the field comment.

The Labels comment (Lines 249-256) does not state behavior when omitted and does not document the MaxProperties=8 constraint declared on Line 258.

As per coding guidelines, **/types*.go: Documentation for +optional fields must explain the behavior when the field is omitted, and all kubebuilder validation markers must be documented in the field's comment.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/v1/types_ingress.go` around lines 249 - 260, The comment for the
Labels field is missing the behavior when omitted and doesn't document the
MaxProperties=8 kubebuilder constraint; update the comment for the Labels (the
map with +optional, +mapType=granular and
+kubebuilder:validation:MaxProperties=8) to state that the field is optional,
what happens when it is omitted (e.g., no additional labels will be applied to
the created route), and explicitly document the MaxProperties=8 limit (maximum
of 8 user-supplied labels) along with the existing label key/value validation
rules so all kubebuilder markers are reflected in the field documentation.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Gate the new stable v1 API field.

Labels is introduced on Line 261 without a +openshift:enable:FeatureGate=... annotation. Stable API field additions should be feature-gated before merge.

As per coding guidelines, **/types*.go: New fields on stable APIs should be introduced behind a feature gate using +openshift:enable:FeatureGate=MyFeatureGate.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/v1/types_ingress.go` around lines 249 - 261, Add an OpenShift
feature-gate annotation above the new Labels field so the stable API field is
gated; specifically, add a kubebuilder/openShift annotation like
"+openshift:enable:FeatureGate=MyFeatureGate" immediately before the "Labels
map[string]string `json:\"labels,omitempty\"`" declaration in types_ingress.go
(replace MyFeatureGate with the chosen gate name, e.g., IngressLabels) so the
new Labels field is activated only when that feature gate is enabled.

[openshift-ci]

@Leo6Leo: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/lint	1fde3f0	link	true	/test lint
ci/prow/verify-crd-schema	1fde3f0	link	true	/test verify-crd-schema
ci/prow/integration	1fde3f0	link	true	/test integration

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.