Skip to content

Commit 0c25ebd

Browse files
committed
UPSTREAM: <carry>: Update release/helm and e2e-helm to use UBI10/RHEL10
- release/helm/Dockerfile: replace OCP CI RHEL9 builder and base-rhel9 runtime with registry.redhat.io/ubi10/go-toolset:10.1 (builder) and registry.redhat.io/ubi10:10.1 (runtime) - ci/tests/e2e-helm.sh: update metrics curl pod image from ubi9/ubi-minimal:latest to ubi10/ubi-minimal:latest Made-with: Cursor
1 parent b84792c commit 0c25ebd

3 files changed

Lines changed: 27 additions & 4 deletions

File tree

.work/compliance/rhcos10/PR2-ubi10-migration.md

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,17 +44,40 @@ registry.access.redhat.com → registry.redhat.io
4444
| `ci/dockerfiles/go-e2e.Dockerfile` | `registry.access.redhat.com/ubi9/ubi-minimal:latest` | `registry.redhat.io/ubi10/ubi-minimal:latest` |
4545
| `ci/dockerfiles/scorecard-proxy.Dockerfile` | `registry.access.redhat.com/ubi9/ubi-minimal:latest` | `registry.redhat.io/ubi10/ubi-minimal:latest` |
4646

47+
### OCP product image (release/helm/Dockerfile)
48+
49+
Previously used OCP CI registry images pinned to RHEL9. Replaced with publicly available Red Hat registry images:
50+
51+
| Stage | Before | After |
52+
|---|---|---|
53+
| Builder | `registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.22` | `registry.redhat.io/ubi10/go-toolset:10.1` |
54+
| Runtime | `registry.ci.openshift.org/ocp/4.22:base-rhel9` | `registry.redhat.io/ubi10:10.1` |
55+
56+
### E2E test curl pod (ci/tests/e2e-helm.sh)
57+
58+
The metrics verification step spins up a temporary `kubectl run` pod using a UBI image to curl the metrics endpoint. Updated from UBI9 to UBI10:
59+
60+
```
61+
registry.access.redhat.com/ubi9/ubi-minimal:latest
62+
63+
registry.redhat.io/ubi10/ubi-minimal:latest
64+
```
65+
4766
## Files NOT Changed
4867

49-
| Dockerfile | Reason |
68+
| File | Reason |
5069
|---|---|
5170
| `release/helm/upstream.Dockerfile` | Uses `ubi8/ubi-minimal` — separate RHEL8 lineage, unrelated to this migration |
71+
| `ci/dockerfiles/builder.Dockerfile` | Uses `openshift/origin-release:golang-1.13` — legacy, not RHEL9-specific |
72+
| `.ci-operator.yaml` | Build root (`rhel-9-release-golang-1.24-openshift-4.22`) is managed by OCP CI team in `openshift/release` |
5273

5374
## Test Plan
5475

5576
- [ ] All images build successfully against `ubi10` base
77+
- [ ] `release/helm/Dockerfile` builds successfully with `go-toolset:10.1` as builder
5678
- [ ] CI jobs pass on RHCOS10 cluster nodes with UBI10 base images
5779
- [ ] `microdnf` commands in `images/operator-sdk/Dockerfile` work under UBI10
80+
- [ ] E2e metrics check passes with UBI10 curl pod (`ci/tests/e2e-helm.sh`)
5881
- [ ] No regressions observed compared to UBI9 baseline (PR1)
5982

6083
## References

ci/tests/e2e-helm.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ EOF
7171
token=$(kubectl get secret service-account-secret -o jsonpath={.data.token} | base64 -d)
7272

7373
# verify that the metrics endpoint exists
74-
if ! timeout 1m bash -c -- "until kubectl run --attach --rm --restart=Never test-metrics --image=registry.access.redhat.com/ubi9/ubi-minimal:latest -n memcached-operator-system --overrides='{\"spec\":{\"securityContext\":{\"runAsNonRoot\": true, \"capabilities\": {\"drop\": [\"ALL\"]}, \"allowPrivelegeEscalation\": false, \"seccompProfile\": {\"type\": \"RuntimeDefault\"}}}}' -- curl -sfkH \"Authorization: Bearer ${token}\" https://memcached-operator-controller-manager-metrics-service:8443/metrics; do sleep 1; done";
74+
if ! timeout 1m bash -c -- "until kubectl run --attach --rm --restart=Never test-metrics --image=registry.redhat.io/ubi10/ubi-minimal:latest -n memcached-operator-system --overrides='{\"spec\":{\"securityContext\":{\"runAsNonRoot\": true, \"capabilities\": {\"drop\": [\"ALL\"]}, \"allowPrivelegeEscalation\": false, \"seccompProfile\": {\"type\": \"RuntimeDefault\"}}}}' -- curl -sfkH \"Authorization: Bearer ${token}\" https://memcached-operator-controller-manager-metrics-service:8443/metrics; do sleep 1; done";
7575
then
7676
echo "Failed to verify that metrics endpoint exists"
7777
kubectl describe pods

release/helm/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.22 AS builder
1+
FROM registry.redhat.io/ubi10/go-toolset:10.1 AS builder
22

33
ENV GO111MODULE=on \
44
GOFLAGS=-mod=vendor
@@ -8,7 +8,7 @@ COPY . /go/src/github.com/operator-framework/operator-sdk
88
RUN cd /go/src/github.com/operator-framework/operator-sdk \
99
&& make -f ci/prow.Makefile patch build
1010

11-
FROM registry.ci.openshift.org/ocp/4.22:base-rhel9
11+
FROM registry.redhat.io/ubi10:10.1
1212

1313
ENV HOME=/opt/helm \
1414
USER_NAME=helm \

0 commit comments

Comments
 (0)