OCPBUGS-84303: fix(api): add IPv6 OVN join subnet config to prevent dual-stack routing collision by orenc1 · Pull Request #8421 · openshift/hypershift

orenc1 · 2026-05-05T12:19:16Z

When a KubeVirt hosted cluster and its management cluster both use OVN-Kubernetes with dual-stack networking, they each default to fd98::/64 for the IPv6 join switch subnet. External IPv6 LoadBalancer traffic targeting VM pods is SNAT'd to the management cluster's join IP (e.g. fd98::2). Inside the VM, the guest cluster's OVN intercepts the response because it also owns fd98::/64, black-holing the packet.

This commit fixes the issue in two ways:

Automatic KubeVirt default: for KubeVirt hosted clusters with OVNKubernetes, the reconciler now sets IPv6.InternalJoinSubnet to fd99::/64 by default, avoiding the collision with the management cluster's fd98::/64. This mirrors the existing V4InternalSubnet override (100.66.0.0/16) already in place for IPv4.
User-facing API: adds OVNIPv6Config type to OVNKubernetesConfig, allowing explicit configuration of IPv6 internalJoinSubnet and internalTransitSwitchSubnet for any platform. This maps to the upstream operatorv1.IPv6OVNKubernetesConfig and includes IPv6 CIDR format validation via CEL rules.

Also extends CIDR overlap validation in the HostedCluster webhook to cover IPv6 OVN subnets, and adds envtest CRD validation cases.

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-84303

Special notes for your reviewer:

Checklist:

Subject and description added to both, commit and PR.
Relevant issues have been referenced.
This change includes docs.
This change includes unit tests.

Summary by CodeRabbit

New Features
- OVN-Kubernetes now exposes IPv6 internal transit and join subnet settings and will default a KubeVirt join subnet when the cluster has IPv6 network(s); operator-provided IPv6 values can override the default.
Bug Fixes / Validation
- Validation added to prevent identical IPv6 join/transit subnets, enforce IPv6 CIDR/prefix format and allowed prefix range, and include OVN IPv6 (and KubeVirt defaults) in overlap checks.
Tests
- Expanded coverage for IPv6-only and mixed IPv4+IPv6 scenarios, defaulting, overrides, and overlap failures.

openshift-merge-bot · 2026-05-05T12:19:19Z

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

openshift-ci-robot · 2026-05-05T12:19:24Z

@orenc1: This pull request references Jira Issue OCPBUGS-84303, which is invalid:

expected the bug to target the "5.0.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

When a KubeVirt hosted cluster and its management cluster both use OVN-Kubernetes with dual-stack networking, they each default to fd98::/64 for the IPv6 join switch subnet. External IPv6 LoadBalancer traffic targeting VM pods is SNAT'd to the management cluster's join IP (e.g. fd98::2). Inside the VM, the guest cluster's OVN intercepts the response because it also owns fd98::/64, black-holing the packet.

This commit fixes the issue in two ways:

Automatic KubeVirt default: for KubeVirt hosted clusters with OVNKubernetes, the reconciler now sets IPv6.InternalJoinSubnet to fd99::/64 by default, avoiding the collision with the management cluster's fd98::/64. This mirrors the existing V4InternalSubnet override (100.66.0.0/16) already in place for IPv4.

User-facing API: adds OVNIPv6Config type to OVNKubernetesConfig, allowing explicit configuration of IPv6 internalJoinSubnet and internalTransitSwitchSubnet for any platform. This maps to the upstream operatorv1.IPv6OVNKubernetesConfig and includes IPv6 CIDR format validation via CEL rules.

Also extends CIDR overlap validation in the HostedCluster webhook to cover IPv6 OVN subnets, and adds envtest CRD validation cases.

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-84303

Special notes for your reviewer:

Checklist:

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-05-05T12:19:34Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds IPv6 support for OVN-Kubernetes: a new constant KubevirtDefaultV6InternalJoinSubnet, an exported OVNIPv6Config type with IPv6 CIDR and prefix validations plus an XValidation preventing equal IPv6 subnets, and an ipv6 field on OVNKubernetesConfig. Reconciler APIs gain a hasIPv6Network input; the network reconciler defaults and propagates OVN IPv6 subnets (including KubeVirt defaulting) into the operator network spec. validateSliceNetworkCIDRs now includes OVN IPv6 internal subnets for overlap checks. Tests updated to cover defaulting, propagation, and IPv6 overlap scenarios.

Sequence Diagram(s)

sequenceDiagram
    participant HCP as HostedControlPlane
    participant Detector as hasIPv6Network
    participant Reconciler as ReconcileNetworkOperator
    participant OVNConfig as OVN Config
    participant DefaultNet as DefaultNetwork.OVNKubernetesConfig
    participant Validator as validateSliceNetworkCIDRs

    HCP->>Detector: provide HCP.Spec.Networking
    Detector-->>Reconciler: hasIPv6Network (true/false)
    HCP->>Reconciler: submit HostedCluster + platform + ovnConfig
    Reconciler->>Reconciler: check platform == KubeVirt && network == OVNKubernetes
    alt hasIPv6Network = true and IPv6 not set
        Reconciler->>DefaultNet: set IPv6.InternalJoinSubnet = KubevirtDefaultV6InternalJoinSubnet
    end
    OVNConfig->>Reconciler: provide ovnConfig.IPv6.* (if present)
    Reconciler->>DefaultNet: copy OVN IPv4/IPv6 fields into operator spec
    DefaultNet->>Validator: include OVN IPv6 internal subnets in overlap checks
    Validator-->>DefaultNet: validation result
    DefaultNet-->>Reconciler: apply or reject network configuration

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	⚠️ Warning	Assertions lack meaningful failure messages. reconcile_test.go line 610 uses `g.Expect(tc.inputNetwork).To(BeEquivalentTo(tc.expectedNetwork))` without diagnostic message.	Add message parameter to Gomega assertion: `g.Expect(tc.inputNetwork).To(BeEquivalentTo(tc.expectedNetwork), "reconcile network operator failed for: %s", tc.name)` to help diagnose failures.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding IPv6 OVN join subnet configuration to prevent dual-stack routing collisions, which is the primary objective of this changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in the PR are stable and deterministic. 38 total test cases across 2 test files use static, descriptive strings with no dynamic content, variables, or format strings.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. The changes consist of API type definitions and standard Go unit tests, which are outside the scope of this MicroShift compatibility check.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests were added in this PR. The test changes consist only of standard Go unit tests using testing.T and Gomega assertions. The check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	Changes add IPv6 OVN network configuration and CIDR validation. No scheduling constraints, affinity rules, control-plane nodeSelectors, or topology-dependent scheduling introduced.
Ote Binary Stdout Contract	✅ Passed	PR modifies only types, constants, helper functions, and tests with no stdout writes at process level. All changes maintain OTE Binary Stdout Contract compliance.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests added in this PR. Only standard Go unit tests were added with comprehensive dual-stack IPv4/IPv6 coverage and no external connectivity requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci-robot · 2026-05-05T12:21:37Z

@orenc1: This pull request references Jira Issue OCPBUGS-84303, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

When a KubeVirt hosted cluster and its management cluster both use OVN-Kubernetes with dual-stack networking, they each default to fd98::/64 for the IPv6 join switch subnet. External IPv6 LoadBalancer traffic targeting VM pods is SNAT'd to the management cluster's join IP (e.g. fd98::2). Inside the VM, the guest cluster's OVN intercepts the response because it also owns fd98::/64, black-holing the packet.

This commit fixes the issue in two ways:

Automatic KubeVirt default: for KubeVirt hosted clusters with OVNKubernetes, the reconciler now sets IPv6.InternalJoinSubnet to fd99::/64 by default, avoiding the collision with the management cluster's fd98::/64. This mirrors the existing V4InternalSubnet override (100.66.0.0/16) already in place for IPv4.

User-facing API: adds OVNIPv6Config type to OVNKubernetesConfig, allowing explicit configuration of IPv6 internalJoinSubnet and internalTransitSwitchSubnet for any platform. This maps to the upstream operatorv1.IPv6OVNKubernetesConfig and includes IPv6 CIDR format validation via CEL rules.

Also extends CIDR overlap validation in the HostedCluster webhook to cover IPv6 OVN subnets, and adds envtest CRD validation cases.

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-84303

Special notes for your reviewer:

Checklist:

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Summary by CodeRabbit

Release Notes

New Features

OVN-Kubernetes now supports IPv6 configuration, enabling users to specify IPv6 internal subnets for transit switches and join networks.

Automatic IPv6 subnet defaults applied for KubeVirt-hosted clusters using OVN.

Enhanced network validation includes IPv6 subnet overlap detection.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go`:
- Around line 4338-4357: The code only appends user-provided OVNKubernetes IPv6
CIDRs to cidrEntries; change it to also include the effective KubeVirt default
join subnet (fd99::/64) when the OVNKubernetesConfig IPv6 is nil or when
IPv6.InternalJoinSubnet is empty: inside the block that checks
hc.Spec.Networking.NetworkType == hyperv1.OVNKubernetes (and related
OperatorConfiguration presence), detect when ovnIPv6Config is nil or
ovnIPv6Config.InternalJoinSubnet == "" and create a cidrEntry for fd99::/64
(using the same cidrEntry type and field.NewPath pointing at
"spec","operatorConfiguration","clusterNetworkOperator","ovnKubernetesConfig","ipv6","internalJoinSubnet")
and append it to cidrEntries so validateNetworks sees the effective default;
keep existing user-specified parsing logic for non-empty InternalJoinSubnet and
InternalTransitSwitchSubnet as-is.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 5b9e4b77-5cab-4687-becb-c627b18e3dad

📥 Commits

Reviewing files that changed from the base of the PR and between 6b39d47 and 43beb31.

⛔ Files ignored due to path filters (40)

api/hypershift/v1beta1/zz_generated.deepcopy.go is excluded by !**/zz_generated*.go, !**/zz_generated*
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
client/applyconfiguration/hypershift/v1beta1/ovnipv6config.go is excluded by !client/**
client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go is excluded by !client/**
client/applyconfiguration/utils.go is excluded by !client/**
cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml is excluded by !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
docs/content/reference/api.md is excluded by !docs/content/reference/api.md
vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*.go, !**/zz_generated*

📒 Files selected for processing (5)

api/hypershift/v1beta1/operator.go
control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go
control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go
hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go

openshift-ci-robot · 2026-05-05T12:27:57Z

@orenc1: This pull request references Jira Issue OCPBUGS-84303, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

When a KubeVirt hosted cluster and its management cluster both use OVN-Kubernetes with dual-stack networking, they each default to fd98::/64 for the IPv6 join switch subnet. External IPv6 LoadBalancer traffic targeting VM pods is SNAT'd to the management cluster's join IP (e.g. fd98::2). Inside the VM, the guest cluster's OVN intercepts the response because it also owns fd98::/64, black-holing the packet.

This commit fixes the issue in two ways:

Automatic KubeVirt default: for KubeVirt hosted clusters with OVNKubernetes, the reconciler now sets IPv6.InternalJoinSubnet to fd99::/64 by default, avoiding the collision with the management cluster's fd98::/64. This mirrors the existing V4InternalSubnet override (100.66.0.0/16) already in place for IPv4.

User-facing API: adds OVNIPv6Config type to OVNKubernetesConfig, allowing explicit configuration of IPv6 internalJoinSubnet and internalTransitSwitchSubnet for any platform. This maps to the upstream operatorv1.IPv6OVNKubernetesConfig and includes IPv6 CIDR format validation via CEL rules.

Also extends CIDR overlap validation in the HostedCluster webhook to cover IPv6 OVN subnets, and adds envtest CRD validation cases.

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-84303

Special notes for your reviewer:

Checklist:

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Summary by CodeRabbit

New Features

OVN-Kubernetes now supports IPv6 configuration for internal transit and join subnets.

Automatic IPv6 subnet defaults applied for KubeVirt-hosted clusters using OVN.

Bug Fixes / Validation

Network validation now detects IPv6 subnet overlaps and validates IPv6 OVN subnets.

Tests

Expanded test coverage for IPv6 OVN scenarios and mixed IPv4+IPv6 configurations.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

codecov · 2026-05-05T12:33:30Z

Codecov Report

❌ Patch coverage is 76.56250% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 40.12%. Comparing base (fa30196) to head (5c1ee1f).
⚠️ Report is 28 commits behind head on main.

⚠️ Current head 5c1ee1f differs from pull request most recent head 9e8bcfc

Please upload reports for the commit 9e8bcfc to get more accurate results.

Files with missing lines	Patch %	Lines
...rconfigoperator/controllers/resources/resources.go	20.00%	9 Missing and 3 partials ⚠️
...perator/controllers/resources/network/reconcile.go	83.33%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8421      +/-   ##
==========================================
- Coverage   40.53%   40.12%   -0.41%     
==========================================
  Files         755      753       -2     
  Lines       93235    93050     -185     
==========================================
- Hits        37794    37338     -456     
- Misses      52740    53012     +272     
+ Partials     2701     2700       -1

Files with missing lines	Coverage Δ
...trollers/hostedcluster/hostedcluster_controller.go	`44.16% <100.00%> (+0.47%)`	⬆️
...perator/controllers/resources/network/reconcile.go	`59.32% <83.33%> (+3.87%)`	⬆️
...rconfigoperator/controllers/resources/resources.go	`55.17% <20.00%> (-0.89%)`	⬇️

... and 16 files with indirect coverage changes

Flag	Coverage Δ
cmd-support	`34.28% <ø> (-0.17%)`	⬇️
cpo-hostedcontrolplane	`40.57% <ø> (-1.19%)`	⬇️
cpo-other	`40.17% <54.54%> (-1.07%)`	⬇️
hypershift-operator	`50.68% <100.00%> (-0.05%)`	⬇️
other	`31.54% <ø> (-0.05%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

coderabbitai

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go (1)
93-122: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Reconcile deleted IPv6 overrides, not just additions.

This path only copies non-empty source fields. If a user later removes ipv6.internalJoinSubnet, ipv6.internalTransitSwitchSubnet, or the whole ovnKubernetesConfig, the previous values stay on the operatorv1.Network object, so the cluster cannot roll back to the KubeVirt default or to the platform default behavior.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go`
around lines 93 - 122, When reconciling OVNKubernetes config you must also
remove overrides when the source is deleted: update the block handling
networkType == hyperv1.OVNKubernetes so that if ovnConfig is nil you clear
network.Spec.DefaultNetwork.OVNKubernetesConfig (set to nil); if ovnConfig !=
nil but ovnConfig.IPv6 is nil then set ovnCfg.IPv6 = nil; and if ovnConfig.IPv6
exists then copy IPv6.InternalJoinSubnet and IPv6.InternalTransitSwitchSubnet
when non-empty but explicitly clear those ovnCfg.IPv6 fields (or set ovnCfg.IPv6
= nil if both are empty) when the source strings are empty—this ensures previous
values are removed; use the existing symbols ovnConfig, ovnCfg,
network.Spec.DefaultNetwork.OVNKubernetesConfig, and the IPv6.InternalJoinSubnet
/ IPv6.InternalTransitSwitchSubnet fields to locate and implement the changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go`:
- Around line 93-122: When reconciling OVNKubernetes config you must also remove
overrides when the source is deleted: update the block handling networkType ==
hyperv1.OVNKubernetes so that if ovnConfig is nil you clear
network.Spec.DefaultNetwork.OVNKubernetesConfig (set to nil); if ovnConfig !=
nil but ovnConfig.IPv6 is nil then set ovnCfg.IPv6 = nil; and if ovnConfig.IPv6
exists then copy IPv6.InternalJoinSubnet and IPv6.InternalTransitSwitchSubnet
when non-empty but explicitly clear those ovnCfg.IPv6 fields (or set ovnCfg.IPv6
= nil if both are empty) when the source strings are empty—this ensures previous
values are removed; use the existing symbols ovnConfig, ovnCfg,
network.Spec.DefaultNetwork.OVNKubernetesConfig, and the IPv6.InternalJoinSubnet
/ IPv6.InternalTransitSwitchSubnet fields to locate and implement the changes.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: a71e1352-933e-4833-aab8-03e61a0455f6

📥 Commits

Reviewing files that changed from the base of the PR and between b261379 and 8d5be28.

⛔ Files ignored due to path filters (41)

api/hypershift/v1beta1/zz_generated.deepcopy.go is excluded by !**/zz_generated*.go, !**/zz_generated*
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
client/applyconfiguration/hypershift/v1beta1/ovnipv6config.go is excluded by !client/**
client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go is excluded by !client/**
client/applyconfiguration/utils.go is excluded by !client/**
cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml is excluded by !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
docs/content/reference/aggregated-docs.md is excluded by !docs/content/reference/aggregated-docs.md
docs/content/reference/api.md is excluded by !docs/content/reference/api.md
vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go is excluded by !vendor/**, !**/vendor/**
vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*.go, !**/zz_generated*

📒 Files selected for processing (5)

api/hypershift/v1beta1/operator.go
control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go
control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go
hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go

✅ Files skipped from review due to trivial changes (1)

control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go

orenc1 · 2026-05-05T14:34:54Z

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)

🤖 Prompt for all review comments with AI agents

ℹ️ Review info

This is a pre-existing pattern — the IPv4 block uses the exact same additive-only approach (only copies non-empty values, never clears). The MTU field follows the same convention as well. Changing this behavior would alter semantics for all OVN config fields (IPv4, IPv6, MTU), which is out of scope for this bug fix.

Additionally, OVN internal join/transit subnets are effectively immutable after cluster creation — changing them at runtime would break OVN networking. The additive-only reconciliation pattern is appropriate here.

…ual-stack routing collision Cherry-pick of openshift#8421 to release-4.21. On KubeVirt dual-stack hosted clusters, the guest OVN-Kubernetes cluster shares the same default IPv6 join subnet (fd98::/64) as the management cluster. When external IPv6 LoadBalancer traffic is SNAT'd to a join switch IP, the guest cluster intercepts the response because both clusters own the same fd98::/64 range, causing a routing black hole. This fix: - Defaults the guest cluster's IPv6 OVN join subnet to fd99::/64 for KubeVirt hosted clusters, avoiding the collision automatically - Adds OVNIPv6Config API type allowing users to explicitly configure IPv6 internalJoinSubnet and internalTransitSwitchSubnet - Extends CIDR overlap validation to cover IPv6 OVN subnets including the implicit KubeVirt default (fd99::/64) - Adds unit tests for all new IPv6 validation and reconciliation logic Signed-off-by: Oren Cohen <ocohen@redhat.com> Assisted-by: Claude Opus 4 (via Cursor) Co-authored-by: Cursor <cursoragent@cursor.com>

orenc1 · 2026-05-11T06:36:08Z

The fix is verified. with a different, non-conflicting OVN join IPv6 subnet for the hosted cluster, LB service is accessible:

Verification: IPv6 LoadBalancer Fix (OVN Join Subnet Collision)

Environment

Management cluster: 3-node bare metal (cnvqe-064/065/066), dual-stack
Hosted cluster: dualstack-fix, 3 KubeVirt worker nodes, dual-stack (OCP built from PR payload)
OVN IPv6 join subnet (guest): fd99::/64 ✅ (previously collided at fd98::/64)

Setup

Created a hello-openshift deployment in the hosted cluster (lb-test namespace)
Exposed it as a dual-stack LoadBalancer service (RequireDualStack)
KubeVirt cloud provider created a proxy service on the management cluster
MetalLB assigned:
- IPv4 VIP: 10.46.255.14
- IPv6 VIP: fc00:f853:ccd:e799::4

Results

Source	Target	Result
Management cluster pod → IPv4 LB (`10.46.255.14:8080`)	Hosted cluster service	✅ PASS — `Hello OpenShift!`
Management cluster pod → IPv6 LB (`[fc00:f853:ccd:e799::4]:8080`)	Hosted cluster service	✅ PASS — `Hello OpenShift!` (3/3 runs)
Management cluster node → IPv6 LB	Hosted cluster service	✅ PASS — `Hello OpenShift!`

Key Confirmation

The guest cluster's OVN network operator config shows the fix is active:

{
  "ipv6": {
    "internalJoinSubnet": "fd99::/64"
  }
}

/verified by @orenc1

openshift-ci-robot · 2026-05-11T06:36:21Z

@orenc1: This PR has been marked as verified by @orenc1.

Details

In response to this:

The fix is verified. with a different, non-conflicting OVN join IPv6 subnet for the hosted cluster, LB service is accessible:

Verification: IPv6 LoadBalancer Fix (OVN Join Subnet Collision)

Environment

Management cluster: 3-node bare metal (cnvqe-064/065/066), dual-stack

Hosted cluster: dualstack-fix, 3 KubeVirt worker nodes, dual-stack (OCP built from PR payload)

OVN IPv6 join subnet (guest): fd99::/64 ✅ (previously collided at fd98::/64)

Setup

Created a hello-openshift deployment in the hosted cluster (lb-test namespace)

Exposed it as a dual-stack LoadBalancer service (RequireDualStack)

KubeVirt cloud provider created a proxy service on the management cluster

MetalLB assigned:

IPv4 VIP: 10.46.255.14

IPv6 VIP: fc00:f853:ccd:e799::4

Results

Source Target Result

Management cluster pod → IPv4 LB (10.46.255.14:8080) Hosted cluster service ✅ PASS — Hello OpenShift!

Management cluster pod → IPv6 LB ([fc00:f853:ccd:e799::4]:8080) Hosted cluster service ✅ PASS — Hello OpenShift! (3/3 runs)

Management cluster node → IPv6 LB Hosted cluster service ✅ PASS — Hello OpenShift!

Key Confirmation

The guest cluster's OVN network operator config shows the fix is active:
{
 "ipv6": {
   "internalJoinSubnet": "fd99::/64"
 }
}
/verified by @orenc1 

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

jparrill · 2026-05-26T10:53:49Z

/lgtm

openshift-merge-bot · 2026-05-26T10:54:04Z

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aks-4-22
/test e2e-aws-4-22
/test e2e-aks
/test e2e-aws
/test e2e-aws-upgrade-hypershift-operator
/test e2e-azure-self-managed
/test e2e-kubevirt-aws-ovn-reduced
/test e2e-v2-aws
/test e2e-v2-gke

orenc1 · 2026-05-26T13:27:02Z

/test e2e-aws

jparrill · 2026-05-26T15:47:38Z

/retest-required

orenc1 · 2026-05-26T18:22:12Z

/retest-required

orenc1 · 2026-05-27T06:18:50Z

/retest-required

orenc1 · 2026-05-27T09:31:32Z

/retest-required

orenc1 · 2026-05-27T11:17:34Z

/retest-required

hypershift-jira-solve-ci · 2026-05-27T13:19:54Z

AI Test Failure Analysis

Job: pull-ci-openshift-hypershift-main-e2e-aws | Build: 2059594877733179392 | Cost: $4.1054745 | Failed step: hypershift-azure-run-e2e

View full analysis report

_{Generated by hypershift-analyze-e2e-failure post-step using Claude claude-opus-4-6}

hypershift-jira-solve-ci · 2026-05-27T16:33:32Z

AI Test Failure Analysis

Job: pull-ci-openshift-hypershift-main-e2e-aws | Build: 2059629553357164544 | Cost: $2.4462052499999998 | Failed step: hypershift-aws-run-e2e-nested

View full analysis report

_{Generated by hypershift-analyze-e2e-failure post-step using Claude claude-opus-4-6}

orenc1 · 2026-05-27T19:37:47Z

/retest-required

orenc1 · 2026-05-28T08:45:38Z

/verified by @orenc1

openshift-ci-robot · 2026-05-28T08:45:53Z

@orenc1: This PR has been marked as verified by @orenc1.

Details

In response to this:

/verified by @orenc1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

orenc1 · 2026-05-28T08:51:06Z

/jira backport release-4.22,release-4.21

openshift-ci-robot · 2026-05-28T08:51:10Z

@orenc1: Failed to create backported issues: An error was encountered cloning bug for cherrypick for bug OCPBUGS-84303 on the Jira server at https://redhat.atlassian.net. No known errors were detected, please see the full error message for details.

Full error message.


request failed. Please analyze the request body for more details. Status code: 400: {"errorMessages":[],"errors":{"comment":"Field does not support update 'comment'","issuelinks":"Field does not support update 'issuelinks'","worklog":"Field does not support update 'worklog'","customfield_10980":"Field does not support update 'customfield_10980'","customfield_10978":"Field does not support update 'customfield_10978'","customfield_10979":"Field does not support update 'customfield_10979'"}}

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

Details

In response to this:

/jira backport release-4.22,release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-merge-bot · 2026-05-28T09:59:20Z

/retest-required

Remaining retests: 0 against base HEAD 0aa20fc and 2 for PR HEAD 9e8bcfc in total

openshift-merge-bot · 2026-05-28T10:57:47Z

/retest-required

Remaining retests: 0 against base HEAD f5b1140 and 1 for PR HEAD 9e8bcfc in total

hypershift-jira-solve-ci · 2026-05-28T11:04:50Z

Now I have all the evidence needed for the report. Here's the full analysis:

Test Failure Analysis Complete

Job Information

Prow Job: pull-ci-openshift-hypershift-main-images
Build ID: 2059941762419396608
Target: [images]
Job Type: presubmit (PR OCPBUGS-84303: fix(api): add IPv6 OVN join subnet config to prevent dual-stack routing collision #8421)
State: failure
Cluster: build01
Duration: ~25 minutes (09:59:48 – 10:25:28 UTC)
Prow URL: https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_hypershift/8421/pull-ci-openshift-hypershift-main-images/2059941762419396608

Test Failure Analysis

Error

Error:
 Problem: cannot install the best candidate for the job
  - nothing provides python3.12 needed by azure-cli-2.86.0-1.el9.x86_64 from packages-microsoft-com-prod
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Summary

The hypershift-tests Docker image build (Dockerfile.e2e) failed during the final dnf install -y azure-cli step — not during Go compilation, which completed successfully. The Go code changes in PR #8421 (adding OVNIPv6Config type and IPv6 OVN join subnet configuration) compiled without errors. The failure occurred because the latest azure-cli package (2.86.0) in the Microsoft RPM repository requires python3.12, which is not available in the RHEL 9 base image repos that were accessible during this build. Additionally, several ART RPM repositories (rhel-9-appstream, rhel-9-highavailability, rhel-9-codeready-builder-rpms) returned HTTP 404 errors for their repodata metadata files, further limiting package availability. This is an infrastructure/dependency issue unrelated to the PR's code changes.

Root Cause

The root cause is a dependency resolution failure for azure-cli in the Dockerfile.e2e build, compounded by transient RPM repository unavailability:

Primary cause — azure-cli dependency mismatch: The Dockerfile.e2e installs azure-cli via dnf install -y azure-cli from the packages-microsoft-com-prod repository. The latest version available (azure-cli-2.86.0-1.el9.x86_64) requires python3.12, which is not provided by any of the accessible RHEL 9 repositories. The RHEL 9 base image ships with Python 3.9, and python3.12 is typically available in the rhel-9-appstream repository — but that repo was unavailable during this build.
Contributing cause — ART RPM repo metadata 404s: Multiple Red Hat ART-mirrored repositories returned HTTP 404 errors when DNF attempted to download their repodata metadata:
- rhel-9-appstream — 404 on filelists.xml.gz, comps.xml, modules.yaml.gz, updateinfo.xml.gz from art-srv-enterprise.s3.amazonaws.com
- rhel-9-highavailability — 404 on primary.xml.gz from base-4-23-rhel9.ocp.svc
- rhel-9-codeready-builder-rpms — 404 on filelists.xml.gz, modules.yaml.gz, primary.xml.gz, updateinfo.xml.gz from art-srv-enterprise.s3.amazonaws.com
These 404s suggest the ART repo mirror was being updated/resynced at the time of the build, causing a race condition where the repodata index referenced files that had already been replaced.
The PR's Go code changes are not involved: The three other image builds from the same job (hypershift, hypershift-cli, hypershift-operator) all compiled successfully. The hypershift-tests image also completed its Go compilation (the make e2e hypershift ... step), but failed in the subsequent dnf install -y azure-cli step of Dockerfile.e2e.
This failure is transient: The job has already been re-triggered (build ID 2059952383835770880) and is expected to pass once the RPM repositories are back in a consistent state.

Recommendations

Retry the job — This is a transient infrastructure issue. The job has already been re-triggered (ci/prow/images is pending with a new base SHA). A /retest should resolve the failure.
Pin azure-cli version (long-term hardening) — Consider pinning azure-cli to a known-good version in Dockerfile.e2e to avoid future dependency breakage when Microsoft publishes new versions:
```
dnf install -y azure-cli-2.85.0
```
Add --nobest fallback — Alternatively, use --nobest to allow DNF to fall back to an older version if the latest has unsatisfied dependencies:
```
dnf install -y azure-cli || dnf install -y --nobest azure-cli
```
No code changes needed in PR OCPBUGS-84303: fix(api): add IPv6 OVN join subnet config to prevent dual-stack routing collision #8421 — The PR's IPv6 OVN join subnet configuration changes compiled successfully. The failure is entirely in the dnf install step and unrelated to the code changes.

Evidence

Evidence	Detail
Failed image	`hypershift-tests-amd64` (DockerBuildFailed after 6m58s)
Dockerfile	`Dockerfile.e2e` — final `RUN dnf install -y azure-cli` step
DNF error	`nothing provides python3.12 needed by azure-cli-2.86.0-1.el9.x86_64`
Repo failures	`rhel-9-appstream`, `rhel-9-highavailability`, `rhel-9-codeready-builder-rpms` — 404 on repodata metadata
Repo source	`art-srv-enterprise.s3.amazonaws.com/enterprise/reposync/4.23/` and `base-4-23-rhel9.ocp.svc`
Successful builds	`hypershift` (248s), `hypershift-cli` (81s), `hypershift-operator` (304s) — all passed
Go compilation	Completed successfully (verified locally and by other image builds)
PR code changes	`api/hypershift/v1beta1/operator.go`, reconcile.go, hostedcluster_controller.go — all compile cleanly
JUnit XML	Only `hypershift-tests` testcase has `<failure>` element; all others pass
Re-trigger	Job re-triggered as build `2059952383835770880` on new base SHA `f5b11405`

openshift-ci · 2026-05-28T12:02:11Z

@orenc1: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot · 2026-05-28T12:07:11Z

@orenc1: Jira Issue OCPBUGS-84303: Some pull requests linked via external trackers have merged:

openshift/hypershift#8421

The following pull request, linked via external tracker, has not merged:

openshift/hypershift#8456 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-84303 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Details

In response to this:

When a KubeVirt hosted cluster and its management cluster both use OVN-Kubernetes with dual-stack networking, they each default to fd98::/64 for the IPv6 join switch subnet. External IPv6 LoadBalancer traffic targeting VM pods is SNAT'd to the management cluster's join IP (e.g. fd98::2). Inside the VM, the guest cluster's OVN intercepts the response because it also owns fd98::/64, black-holing the packet.

This commit fixes the issue in two ways:

Automatic KubeVirt default: for KubeVirt hosted clusters with OVNKubernetes, the reconciler now sets IPv6.InternalJoinSubnet to fd99::/64 by default, avoiding the collision with the management cluster's fd98::/64. This mirrors the existing V4InternalSubnet override (100.66.0.0/16) already in place for IPv4.

User-facing API: adds OVNIPv6Config type to OVNKubernetesConfig, allowing explicit configuration of IPv6 internalJoinSubnet and internalTransitSwitchSubnet for any platform. This maps to the upstream operatorv1.IPv6OVNKubernetesConfig and includes IPv6 CIDR format validation via CEL rules.

Also extends CIDR overlap validation in the HostedCluster webhook to cover IPv6 OVN subnets, and adds envtest CRD validation cases.

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-84303

Special notes for your reviewer:

Checklist:

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Summary by CodeRabbit

New Features

OVN-Kubernetes now exposes IPv6 internal transit and join subnet settings and will default a KubeVirt join subnet when the cluster has IPv6 network(s); operator-provided IPv6 values can override the default.

Bug Fixes / Validation

Validation added to prevent identical IPv6 join/transit subnets, enforce IPv6 CIDR/prefix format and allowed prefix range, and include OVN IPv6 (and KubeVirt defaults) in overlap checks.

Tests

Expanded coverage for IPv6-only and mixed IPv4+IPv6 scenarios, defaulting, overrides, and overlap failures.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

orenc1 · 2026-05-28T12:46:27Z

/jira backport release-4.22,release-4.21

openshift-ci-robot · 2026-05-28T12:46:32Z

@orenc1: Failed to create backported issues: An error was encountered cloning bug for cherrypick for bug OCPBUGS-84303 on the Jira server at https://redhat.atlassian.net. No known errors were detected, please see the full error message for details.

Full error message.


request failed. Please analyze the request body for more details. Status code: 400: {"errorMessages":[],"errors":{"comment":"Field does not support update 'comment'","issuelinks":"Field does not support update 'issuelinks'","worklog":"Field does not support update 'worklog'","customfield_10980":"Field does not support update 'customfield_10980'","customfield_10978":"Field does not support update 'customfield_10978'","customfield_10979":"Field does not support update 'customfield_10979'"}}

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

Details

In response to this:

/jira backport release-4.22,release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

orenc1 · 2026-05-28T13:11:33Z

/cherry-pick release-4.22 release-4.21

openshift-cherrypick-robot · 2026-05-28T13:12:48Z

@orenc1: #8421 failed to apply on top of branch "release-4.22":

Applying: fix(api): OCPBUGS-84303: add IPv6 OVN join subnet config to prevent dual-stack routing collision
Using index info to reconstruct a base tree...
M	api/hypershift/v1beta1/zz_generated.deepcopy.go
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
A	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
M	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
A	api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml
M	client/applyconfiguration/utils.go
M	cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
M	cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
M	cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
M	cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
M	cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
M	cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
M	control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
M	docs/content/reference/aggregated-docs.md
M	docs/content/reference/api.md
M	hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
M	hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
M	vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go
Falling back to patching base and 3-way merge...
Auto-merging vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go
Auto-merging hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
Auto-merging hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
Auto-merging docs/content/reference/api.md
Auto-merging docs/content/reference/aggregated-docs.md
Auto-merging control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
CONFLICT (content): Merge conflict in control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
Auto-merging cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
Auto-merging cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
Auto-merging cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
Auto-merging cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
Auto-merging cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
Auto-merging cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
Auto-merging client/applyconfiguration/utils.go
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AutoNodeKarpenter.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AutoNodeKarpenter.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
Auto-merging api/hypershift/v1beta1/zz_generated.deepcopy.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 fix(api): OCPBUGS-84303: add IPv6 OVN join subnet config to prevent dual-stack routing collision

Details

In response to this:

/cherry-pick release-4.22 release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-merge-robot · 2026-05-30T07:25:03Z

Fix included in release 5.0.0-0.nightly-2026-05-30-015000

openshift-ci Bot added the do-not-merge/needs-area label May 5, 2026

openshift-ci Bot requested review from bryan-cox and devguyio May 5, 2026 12:21

openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 5, 2026

orenc1 force-pushed the fix_dual_stack__ovn_joinsubnet_collision branch from 43beb31 to b261379 Compare May 5, 2026 12:26

coderabbitai Bot reviewed May 5, 2026

View reviewed changes

Comment thread hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go Outdated

orenc1 force-pushed the fix_dual_stack__ovn_joinsubnet_collision branch from b261379 to 8d5be28 Compare May 5, 2026 14:14

coderabbitai Bot reviewed May 5, 2026

View reviewed changes

orenc1 mentioned this pull request May 7, 2026

fix(api): [release-4.21] OCPBUGS-84303: add IPv6 OVN join subnet config to prevent dual-stack routing collision #8456

Closed

4 tasks

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label May 11, 2026

openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label May 26, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 26, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label May 28, 2026

openshift-merge-bot Bot merged commit 522d041 into openshift:main May 28, 2026
24 checks passed

orenc1 mentioned this pull request May 28, 2026

fix(api): [release-4.22] OCPBUGS-86679: add IPv6 OVN join subnet config to prevent dual-stack routing collision #8625

Open

4 tasks

Conversation

orenc1 commented May 5, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Summary by CodeRabbit

Uh oh!

openshift-merge-bot Bot commented May 5, 2026

Uh oh!

openshift-ci-robot commented May 5, 2026

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Uh oh!

coderabbitai Bot commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews paused

Walkthrough

Sequence Diagram(s)

❌ Failed checks (2 warnings)

Uh oh!

openshift-ci-robot commented May 5, 2026

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Summary by CodeRabbit

Release Notes

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

openshift-ci-robot commented May 5, 2026

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Checklist:

Summary by CodeRabbit

Uh oh!

codecov Bot commented May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

orenc1 commented May 5, 2026

Uh oh!

orenc1 commented May 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Verification: IPv6 LoadBalancer Fix (OVN Join Subnet Collision)

Environment

Setup

Results

Key Confirmation

Uh oh!

openshift-ci-robot commented May 11, 2026

Verification: IPv6 LoadBalancer Fix (OVN Join Subnet Collision)

Environment

Setup

Results

Key Confirmation

Uh oh!

jparrill commented May 26, 2026

Uh oh!

openshift-merge-bot Bot commented May 26, 2026

Uh oh!

orenc1 commented May 26, 2026

Uh oh!

jparrill commented May 26, 2026

Uh oh!

orenc1 commented May 26, 2026

Uh oh!

orenc1 commented May 27, 2026

Uh oh!

orenc1 commented May 27, 2026

orenc1 commented May 5, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 5, 2026 •

edited

Loading

codecov Bot commented May 5, 2026 •

edited

Loading

orenc1 commented May 11, 2026 •

edited

Loading