openshift · openshift-merge-bot · Apr 14, 2025 · Mar 27, 2025
diff --git a/install/0000_00_cluster-version-operator_00_namespace.yaml b/install/0000_00_cluster-version-operator_00_namespace.yaml
@@ -9,7 +9,7 @@ metadata:
     workload.openshift.io/allowed: "management"
   labels:
     name: openshift-cluster-version
-    openshift.io/run-level: "" # specify no run-level turns it off on install and upgrades
+    openshift.io/run-level: ""  # specify no run-level turns it off on install and upgrades
     openshift.io/cluster-monitoring: "true"
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged

diff --git a/install/0000_00_cluster-version-operator_03_deployment.yaml b/install/0000_00_cluster-version-operator_03_deployment.yaml
@@ -28,49 +28,49 @@ spec:
         image: {{.ReleaseImage}}
         imagePullPolicy: IfNotPresent
         args:
-          - "start"
-          - "--release-image={{.ReleaseImage}}"
-          - "--enable-auto-update=false"
-          - "--listen=0.0.0.0:9099"
-          - "--serving-cert-file=/etc/tls/serving-cert/tls.crt"
-          - "--serving-key-file=/etc/tls/serving-cert/tls.key"
-          - "--v=2"
-          - "--always-enable-capabilities=Ingress"
+        - "start"
+        - "--release-image={{.ReleaseImage}}"
+        - "--enable-auto-update=false"
+        - "--listen=0.0.0.0:9099"
+        - "--serving-cert-file=/etc/tls/serving-cert/tls.crt"
+        - "--serving-key-file=/etc/tls/serving-cert/tls.key"
+        - "--v=2"
+        - "--always-enable-capabilities=Ingress"
         resources:
           requests:
             cpu: 20m
             memory: 50Mi
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
-          - mountPath: /etc/ssl/certs
-            name: etc-ssl-certs
-            readOnly: true
-          - mountPath: /etc/cvo/updatepayloads
-            name: etc-cvo-updatepayloads
-            readOnly: true
-          - mountPath: /etc/tls/serving-cert
-            name: serving-cert
-            readOnly: true
-          - mountPath: /etc/tls/service-ca
-            name: service-ca
-            readOnly: true
-          - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-            name: kube-api-access
-            readOnly: true
+        - mountPath: /etc/ssl/certs
+          name: etc-ssl-certs
+          readOnly: true
+        - mountPath: /etc/cvo/updatepayloads
+          name: etc-cvo-updatepayloads
+          readOnly: true
+        - mountPath: /etc/tls/serving-cert
+          name: serving-cert
+          readOnly: true
+        - mountPath: /etc/tls/service-ca
+          name: service-ca
+          readOnly: true
+        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+          name: kube-api-access
+          readOnly: true
         env:
-          # Unfortunately the placeholder is not replaced, reported as OCPBUGS-30080
-          - name: OPERATOR_IMAGE_VERSION
-            value: "0.0.1-snapshot"
-          - name: KUBERNETES_SERVICE_PORT # allows CVO to communicate with apiserver directly on same host.  Is substituted with port from infrastructures.status.apiServerInternalURL if available.
-            value: "6443"
-          - name: KUBERNETES_SERVICE_HOST # allows CVO to communicate with apiserver directly on same host.  Is substituted with hostname from infrastructures.status.apiServerInternalURL if available.
-            value: "127.0.0.1"
-          - name: NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
-          - name: CLUSTER_PROFILE
-            value: {{ .ClusterProfile }}
+        # Unfortunately the placeholder is not replaced, reported as OCPBUGS-30080
+        - name: OPERATOR_IMAGE_VERSION
+          value: "0.0.1-snapshot"
+        - name: KUBERNETES_SERVICE_PORT  # allows CVO to communicate with apiserver directly on same host.  Is substituted with port from infrastructures.status.apiServerInternalURL if available.
+          value: "6443"
+        - name: KUBERNETES_SERVICE_HOST  # allows CVO to communicate with apiserver directly on same host.  Is substituted with hostname from infrastructures.status.apiServerInternalURL if available.
+          value: "127.0.0.1"
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: CLUSTER_PROFILE
+          value: {{ .ClusterProfile }}
       # this pod is hostNetwork and uses the internal LB DNS name when possible, which the kubelet also uses.
       # this dnsPolicy allows us to use the same dnsConfig as the kubelet, without access to read it ourselves.
       dnsPolicy: Default
@@ -88,43 +88,43 @@ spec:
         effect: "NoSchedule"
       - key: "node.kubernetes.io/not-ready"
         operator: "Exists"
-        effect: "NoSchedule" 
+        effect: "NoSchedule"
       - key: "node.kubernetes.io/unreachable"
         operator: "Exists"
         effect: "NoExecute"
-        tolerationSeconds: 120 
+        tolerationSeconds: 120
       - key: "node.kubernetes.io/not-ready"
         operator: "Exists"
         effect: "NoExecute"
-        tolerationSeconds: 120 
+        tolerationSeconds: 120
       volumes:
-        - name: etc-ssl-certs
-          hostPath:
-            path: /etc/ssl/certs
-        - name: etc-cvo-updatepayloads
-          hostPath:
-            path: /etc/cvo/updatepayloads
-        - name: serving-cert
-          secret:
-            secretName: cluster-version-operator-serving-cert
-        - name: service-ca
-          configMap:
-            name: openshift-service-ca.crt
-        - name: kube-api-access
-          projected:
-            defaultMode: 420
-            sources:
-            - serviceAccountToken:
-                expirationSeconds: 3600
-                path: token
-            - configMap:
-                items:
-                - key: ca.crt
-                  path: ca.crt
-                name: kube-root-ca.crt
-            - downwardAPI:
-                items:
-                - fieldRef:
-                    apiVersion: v1
-                    fieldPath: metadata.namespace
-                  path: namespace
+      - name: etc-ssl-certs
+        hostPath:
+          path: /etc/ssl/certs
+      - name: etc-cvo-updatepayloads
+        hostPath:
+          path: /etc/cvo/updatepayloads
+      - name: serving-cert
+        secret:
+          secretName: cluster-version-operator-serving-cert
+      - name: service-ca
+        configMap:
+          name: openshift-service-ca.crt
+      - name: kube-api-access
+        projected:
+          defaultMode: 420
+          sources:
+          - serviceAccountToken:
+              expirationSeconds: 3600
+              path: token
+          - configMap:
+              items:
+              - key: ca.crt
+                path: ca.crt
+              name: kube-root-ca.crt
+          - downwardAPI:
+              items:
+              - fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+                path: namespace
diff --git a/install/0000_00_cluster-version-operator_04_service.yaml b/install/0000_00_cluster-version-operator_04_service.yaml
@@ -16,4 +16,4 @@ spec:
     k8s-app: cluster-version-operator
   ports:
   - name: metrics
-    port: 9099 # chosen to be in the internal open range
+    port: 9099  # chosen to be in the internal open range
diff --git a/install/0000_00_update-status-controller_00_namespace-DevPreviewNoUpgrade.yaml b/install/0000_00_update-status-controller_00_namespace-DevPreviewNoUpgrade.yaml
@@ -10,5 +10,5 @@ metadata:
     release.openshift.io/feature-set: DevPreviewNoUpgrade
   labels:
     name: openshift-update-status-controller
-    openshift.io/run-level: "" # specify no run-level turns it off on install and upgrades
+    openshift.io/run-level: ""  # specify no run-level turns it off on install and upgrades
     openshift.io/cluster-monitoring: "true"
diff --git a/install/0000_00_update-status-controller_03_deployment-DevPreviewNoUpgrade.yaml b/install/0000_00_update-status-controller_03_deployment-DevPreviewNoUpgrade.yaml
@@ -30,7 +30,7 @@ spec:
         imagePullPolicy: IfNotPresent
         args:
         - "update-status-controller"
-        - -v=5 # High while in DevPreview, lower for GA
+        - -v=5  # High while in DevPreview, lower for GA
         securityContext:
           capabilities:
             drop:

diff --git a/install/0000_90_cluster-version-operator_02_servicemonitor.yaml b/install/0000_90_cluster-version-operator_02_servicemonitor.yaml
@@ -59,8 +59,8 @@ spec:
         (
           (
             time()-cluster_version_operator_update_retrieval_timestamp_seconds
-          ) >= 3600 
-          and ignoring(condition, name, reason) 
+          ) >= 3600
+          and ignoring(condition, name, reason)
           (cluster_operator_conditions{name="version", condition="RetrievedUpdates", endpoint="metrics", reason!="NoChannel"})
         )
       labels:

diff --git a/pkg/payload/testdata/TestRenderManifest_expected_cvo_deployment.yaml b/pkg/payload/testdata/TestRenderManifest_expected_cvo_deployment.yaml
@@ -28,49 +28,49 @@ spec:
         image: quay.io/cvo/release:latest
         imagePullPolicy: IfNotPresent
         args:
-          - "start"
-          - "--release-image=quay.io/cvo/release:latest"
-          - "--enable-auto-update=false"
-          - "--listen=0.0.0.0:9099"
-          - "--serving-cert-file=/etc/tls/serving-cert/tls.crt"
-          - "--serving-key-file=/etc/tls/serving-cert/tls.key"
-          - "--v=2"
-          - "--always-enable-capabilities=Ingress"
+        - "start"
+        - "--release-image=quay.io/cvo/release:latest"
+        - "--enable-auto-update=false"
+        - "--listen=0.0.0.0:9099"
+        - "--serving-cert-file=/etc/tls/serving-cert/tls.crt"
+        - "--serving-key-file=/etc/tls/serving-cert/tls.key"
+        - "--v=2"
+        - "--always-enable-capabilities=Ingress"
         resources:
           requests:
             cpu: 20m
             memory: 50Mi
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
-          - mountPath: /etc/ssl/certs
-            name: etc-ssl-certs
-            readOnly: true
-          - mountPath: /etc/cvo/updatepayloads
-            name: etc-cvo-updatepayloads
-            readOnly: true
-          - mountPath: /etc/tls/serving-cert
-            name: serving-cert
-            readOnly: true
-          - mountPath: /etc/tls/service-ca
-            name: service-ca
-            readOnly: true
-          - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-            name: kube-api-access
-            readOnly: true
+        - mountPath: /etc/ssl/certs
+          name: etc-ssl-certs
+          readOnly: true
+        - mountPath: /etc/cvo/updatepayloads
+          name: etc-cvo-updatepayloads
+          readOnly: true
+        - mountPath: /etc/tls/serving-cert
+          name: serving-cert
+          readOnly: true
+        - mountPath: /etc/tls/service-ca
+          name: service-ca
+          readOnly: true
+        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+          name: kube-api-access
+          readOnly: true
         env:
-          # Unfortunately the placeholder is not replaced, reported as OCPBUGS-30080
-          - name: OPERATOR_IMAGE_VERSION
-            value: "0.0.1-snapshot"
-          - name: KUBERNETES_SERVICE_PORT # allows CVO to communicate with apiserver directly on same host.  Is substituted with port from infrastructures.status.apiServerInternalURL if available.
-            value: "6443"
-          - name: KUBERNETES_SERVICE_HOST # allows CVO to communicate with apiserver directly on same host.  Is substituted with hostname from infrastructures.status.apiServerInternalURL if available.
-            value: "127.0.0.1"
-          - name: NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
-          - name: CLUSTER_PROFILE
-            value: some-profile
+        # Unfortunately the placeholder is not replaced, reported as OCPBUGS-30080
+        - name: OPERATOR_IMAGE_VERSION
+          value: "0.0.1-snapshot"
+        - name: KUBERNETES_SERVICE_PORT  # allows CVO to communicate with apiserver directly on same host.  Is substituted with port from infrastructures.status.apiServerInternalURL if available.
+          value: "6443"
+        - name: KUBERNETES_SERVICE_HOST  # allows CVO to communicate with apiserver directly on same host.  Is substituted with hostname from infrastructures.status.apiServerInternalURL if available.
+          value: "127.0.0.1"
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: CLUSTER_PROFILE
+          value: some-profile
       # this pod is hostNetwork and uses the internal LB DNS name when possible, which the kubelet also uses.
       # this dnsPolicy allows us to use the same dnsConfig as the kubelet, without access to read it ourselves.
       dnsPolicy: Default
@@ -88,43 +88,43 @@ spec:
         effect: "NoSchedule"
       - key: "node.kubernetes.io/not-ready"
         operator: "Exists"
-        effect: "NoSchedule" 
+        effect: "NoSchedule"
       - key: "node.kubernetes.io/unreachable"
         operator: "Exists"
         effect: "NoExecute"
-        tolerationSeconds: 120 
+        tolerationSeconds: 120
       - key: "node.kubernetes.io/not-ready"
         operator: "Exists"
         effect: "NoExecute"
-        tolerationSeconds: 120 
+        tolerationSeconds: 120
       volumes:
-        - name: etc-ssl-certs
-          hostPath:
-            path: /etc/ssl/certs
-        - name: etc-cvo-updatepayloads
-          hostPath:
-            path: /etc/cvo/updatepayloads
-        - name: serving-cert
-          secret:
-            secretName: cluster-version-operator-serving-cert
-        - name: service-ca
-          configMap:
-            name: openshift-service-ca.crt
-        - name: kube-api-access
-          projected:
-            defaultMode: 420
-            sources:
-            - serviceAccountToken:
-                expirationSeconds: 3600
-                path: token
-            - configMap:
-                items:
-                - key: ca.crt
-                  path: ca.crt
-                name: kube-root-ca.crt
-            - downwardAPI:
-                items:
-                - fieldRef:
-                    apiVersion: v1
-                    fieldPath: metadata.namespace
-                  path: namespace
+      - name: etc-ssl-certs
+        hostPath:
+          path: /etc/ssl/certs
+      - name: etc-cvo-updatepayloads
+        hostPath:
+          path: /etc/cvo/updatepayloads
+      - name: serving-cert
+        secret:
+          secretName: cluster-version-operator-serving-cert
+      - name: service-ca
+        configMap:
+          name: openshift-service-ca.crt
+      - name: kube-api-access
+        projected:
+          defaultMode: 420
+          sources:
+          - serviceAccountToken:
+              expirationSeconds: 3600
+              path: token
+          - configMap:
+              items:
+              - key: ca.crt
+                path: ca.crt
+              name: kube-root-ca.crt
+          - downwardAPI:
+              items:
+              - fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+                path: namespace