CORS-4308: Enable Network Observability during installation

[OlivierCazade]

networking: Add day-0 installation support for Network Observability

⚠️ Temporary Dependency: This PR currently points to a temporary branch of github.com/openshift/api to include the installNetworkObservability field in the Network CR spec. This dependency must be updated to point to the official release before merging.

Summary

This PR implements day-0 installation support for Network Observability as described in the enhancement proposal.

Users can now enable Network Observability during cluster installation by setting the installNetworkObservability field in the install-config.yaml networking section. When enabled (or omitted, as it defaults to "Enable"), the installer will configure the cluster to deploy Network Observability on day-0.

Summary by CodeRabbit

Release Notes

• New Features

  • Added optional network observability configuration to cluster networking. The new setting supports "Enable" and "Disable" values, defaulting to "Enable" when not specified.

• Tests

  • Added test coverage for the network observability configuration option and its default behavior.

[openshift-ci-robot]

@OlivierCazade: This pull request references CORS-4308 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

networking: Add day-0 installation support for Network Observability

⚠️ Temporary Dependency: This PR currently points to a temporary branch of github.com/openshift/api to include the installNetworkObservability field in the Network CR spec. This dependency must be updated to point to the official release before merging.

Summary

This PR implements day-0 installation support for Network Observability as described in the enhancement proposal.

Users can now enable Network Observability during cluster installation by setting the installNetworkObservability field in the install-config.yaml networking section. When enabled (or omitted, as it defaults to "Enable"), the installer will configure the cluster to deploy Network Observability on day-0.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

These changes introduce a new optional installNetworkObservability field to OpenShift cluster network configuration. The field is added to type definitions, API schema, default initialization logic, and accompanied by test cases. It supports three values: empty string, "Enable", and "Disable", with a default of "Enable".

Changes

Cohort / File(s)	Summary
Type Definitions and Schema pkg/types/installconfig.go, data/data/install.openshift.io_installconfigs.yaml	Added optional installNetworkObservability field to the Networking struct with pointer-to-string type and kubebuilder validation enum constraints. Updated CRD OpenAPI schema to reflect the new field with allowed values and description.
Default Initialization pkg/types/defaults/installconfig.go	Added defaulting logic to initialize InstallNetworkObservability with "Enable" when nil during SetInstallConfigDefaults execution.
Manifest Generation pkg/asset/manifests/network.go	Refactored networkSpec construction into shared variable and added conditional assignment of InstallNetworkObservability from install config to networkSpec.
Tests pkg/types/defaults/installconfig_test.go	Extended test coverage with two new test cases: one validating nil handling and another testing "Disable" value assignment.
Dependencies go.mod	Updated module replacement for github.com/openshift/api to version 0.0.0-20260310172058-df85794acda8.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'CORS-4308: Enable Network Observability during installation' clearly and specifically describes the main change - adding support for enabling network observability during cluster installation. It is concise, specific, and directly related to the core functionality implemented across all modified files.
Stable And Deterministic Test Names	✅ Passed	The pull request contains stable and deterministic test names without runtime-generated values.
Test Structure And Quality	✅ Passed	The test code meets all quality requirements with table-driven tests following repository conventions, proper setup, meaningful assertions, and no async operations requiring cleanup.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
The command is terminated due to an error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign pawanpinjarkar for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@OlivierCazade: This pull request references CORS-4308 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

networking: Add day-0 installation support for Network Observability

⚠️ Temporary Dependency: This PR currently points to a temporary branch of github.com/openshift/api to include the installNetworkObservability field in the Network CR spec. This dependency must be updated to point to the official release before merging.

Summary

This PR implements day-0 installation support for Network Observability as described in the enhancement proposal.

Users can now enable Network Observability during cluster installation by setting the installNetworkObservability field in the install-config.yaml networking section. When enabled (or omitted, as it defaults to "Enable"), the installer will configure the cluster to deploy Network Observability on day-0.

Summary by CodeRabbit

Release Notes

• New Features

• Added optional network observability configuration to cluster networking. The new setting supports "Enable" and "Disable" values, defaulting to "Enable" when not specified.

• Tests

• Added test coverage for the network observability configuration option and its default behavior.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

pkg/types/defaults/installconfig_test.go (1)

290-315: Add the explicit empty-string case too.

"" is part of the allowed enum, but the new table only exercises nil and "Disable". A case with InstallNetworkObservability: ptr("") would lock down whether defaults should preserve the empty string or normalize it to "Enable".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/types/defaults/installconfig_test.go` around lines 290 - 315, Add a third
table-driven test case exercising the explicit empty-string enum for
Networking.InstallNetworkObservability: create a new entry in the test slice
with name like "InstallNetworkObservability empty string", set config:
&types.InstallConfig{Networking: &types.Networking{InstallNetworkObservability:
func() *string { s := ""; return &s }()}}, and set expected to the result you
expect (either keep empty string or normalize to "Enable") by cloning
defaultInstallConfig() and adjusting c.Networking.InstallNetworkObservability
accordingly; this ensures the behavior of InstallNetworkObservability for "" is
locked down in the tests.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@data/data/install.openshift.io_installconfigs.yaml`:
- Around line 4799-4802: The enum currently allows an empty-string value ("")
alongside "Enable" and "Disable" but the schema description only documents
omitted, "Enable" and "Disable"; update the enum to remove the blank entry or
explicitly document the blank as equivalent to the intended behavior (e.g.,
treat "" as omitted or as "Enable") so there's no ambiguity—modify the enum list
(remove the line with - "") or add a sentence to the field description
clarifying how "" is interpreted.
- Around line 4794-4803: Add an explicit default for the
installNetworkObservability property in the CRD schema so schema-driven tooling
matches runtime behavior: update the installNetworkObservability property (the
block with description, enum, and type) to include a default: "Enable" entry
(ensuring the string value matches the enum entries), e.g., add default: Enable
under the same indentation as enum/type; keep the existing enum and type
unchanged.

In `@go.mod`:
- Line 393: Remove the temporary replace directive that points openshift/api to
the personal fork: delete the line "replace github.com/openshift/api
v0.0.0-20260228183123-9b2ee997d297 => github.com/OlivierCazade/api
v0.0.0-20260310172058-df85794acda8" from go.mod and, if needed, run `go get` or
`go mod tidy` to restore a proper official github.com/openshift/api revision so
all imports of github.com/openshift/api (e.g., config/v1, machine/v1,
machine/v1beta1, machineconfiguration/v1, operator/v1) resolve to the upstream
module rather than the fork.

In `@pkg/types/installconfig.go`:
- Around line 429-435: In validateNetworking(), add an explicit validation for
the InstallNetworkObservability field to reject any value other than the allowed
set ("", "Enable", "Disable"); locate the InstallNetworkObservability pointer on
the InstallConfig type and if non-nil check its value and append a field error
(using the same error accumulation approach used in validateNetworking) for the
json field "installNetworkObservability" when it is not one of the three allowed
strings so invalid values are rejected before manifest generation.

---

Nitpick comments:
In `@pkg/types/defaults/installconfig_test.go`:
- Around line 290-315: Add a third table-driven test case exercising the
explicit empty-string enum for Networking.InstallNetworkObservability: create a
new entry in the test slice with name like "InstallNetworkObservability empty
string", set config: &types.InstallConfig{Networking:
&types.Networking{InstallNetworkObservability: func() *string { s := ""; return
&s }()}}, and set expected to the result you expect (either keep empty string or
normalize to "Enable") by cloning defaultInstallConfig() and adjusting
c.Networking.InstallNetworkObservability accordingly; this ensures the behavior
of InstallNetworkObservability for "" is locked down in the tests.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 87623f3e-7184-4fb6-99f7-4eb911b3e0bb

📥 Commits

Reviewing files that changed from the base of the PR and between dea68b7 and 79ef0ab.

⛔ Files ignored due to path filters (6)

• go.sum is excluded by !**/*.sum
• pkg/types/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (6)

• data/data/install.openshift.io_installconfigs.yaml
• go.mod
• pkg/asset/manifests/network.go
• pkg/types/defaults/installconfig.go
• pkg/types/defaults/installconfig_test.go
• pkg/types/installconfig.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Declare the default in the schema.

The PR defaults this field to "Enable" when it is omitted, but the CRD schema does not advertise that with a default: entry. That leaves schema-driven tooling and CRD defaulting out of sync with the documented behavior.

Suggested fix

               installNetworkObservability:
                 description: |-
                   InstallNetworkObservability is an optional field that enables network observability
                   when omitted or set to "Enable". If the field is set to "Disable", it does nothing.
                   Valid values are "", "Enable", "Disable".
+                default: Enable
                 enum:
                 - ""
                 - Enable
                 - Disable
                 type: string

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	installNetworkObservability:
	description: |-
	InstallNetworkObservability is an optional field that enables network observability
	when omitted or set to "Enable". If the field is set to "Disable", it does nothing.
	Valid values are "", "Enable", "Disable".
	enum:
	- ""
	- Enable
	- Disable
	type: string
	installNetworkObservability:
	description: |-
	InstallNetworkObservability is an optional field that enables network observability
	when omitted or set to "Enable". If the field is set to "Disable", it does nothing.
	Valid values are "", "Enable", "Disable".
	default: Enable
	enum:
	- ""
	- Enable
	- Disable
	type: string

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data/data/install.openshift.io_installconfigs.yaml` around lines 4794 - 4803,
Add an explicit default for the installNetworkObservability property in the CRD
schema so schema-driven tooling matches runtime behavior: update the
installNetworkObservability property (the block with description, enum, and
type) to include a default: "Enable" entry (ensuring the string value matches
the enum entries), e.g., add default: Enable under the same indentation as
enum/type; keep the existing enum and type unchanged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid an undocumented empty-string mode.

The enum accepts "", but the description only defines behavior for omitted, "Enable", and "Disable". Please either document "" as equivalent to omitted/"Enable" or remove it from the allowed values so users do not get an ambiguous configuration state.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data/data/install.openshift.io_installconfigs.yaml` around lines 4799 - 4802,
The enum currently allows an empty-string value ("") alongside "Enable" and
"Disable" but the schema description only documents omitted, "Enable" and
"Disable"; update the enum to remove the blank entry or explicitly document the
blank as equivalent to the intended behavior (e.g., treat "" as omitted or as
"Enable") so there's no ambiguity—modify the enum list (remove the line with -
"") or add a sentence to the field description clarifying how "" is interpreted.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== replace directive =="
sed -n '390,394p' go.mod

echo
echo "== repo imports that still resolve through github.com/openshift/api =="
rg -n -C1 '"github\.com/openshift/api/' --type=go -g '!vendor/**'

Repository: openshift/installer

Length of output: 50375

---

Do not merge with the personal-fork openshift/api replace still in place.

This makes the branch depend on github.com/OlivierCazade/api instead of an official github.com/openshift/api revision. The codebase imports from github.com/openshift/api across numerous packages (config/v1, machine/v1, machine/v1beta1, machineconfiguration/v1, features, operator/v1, and more), all of which would be satisfied by the temporary fork if merged. This introduces a supply-chain and reproducibility risk to main and must be reverted before merge.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 393, Remove the temporary replace directive that points
openshift/api to the personal fork: delete the line "replace
github.com/openshift/api v0.0.0-20260228183123-9b2ee997d297 =>
github.com/OlivierCazade/api v0.0.0-20260310172058-df85794acda8" from go.mod
and, if needed, run `go get` or `go mod tidy` to restore a proper official
github.com/openshift/api revision so all imports of github.com/openshift/api
(e.g., config/v1, machine/v1, machine/v1beta1, machineconfiguration/v1,
operator/v1) resolve to the upstream module rather than the fork.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== validate install-config entry points =="
fd 'installconfig\.go$' pkg/types/validation -x sed -n '120,220p' {}

echo
echo "== references to the new field in validation code =="
rg -n -C3 'InstallNetworkObservability|validateNetworking\s*\(' pkg/types/validation

Repository: openshift/installer

Length of output: 6902

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Get the validateNetworking function starting from line 505
echo "=== validateNetworking function (full implementation) ==="
sed -n '505,700p' pkg/types/validation/installconfig.go

# Also check if InstallNetworkObservability is mentioned anywhere in the validation files
echo ""
echo "=== Search for InstallNetworkObservability in validation ==="
rg -n 'InstallNetworkObservability' pkg/types/validation/

Repository: openshift/installer

Length of output: 9479

---

Add enum validation for InstallNetworkObservability in the validation logic.

The validateNetworking() function in pkg/types/validation/installconfig.go does not validate the InstallNetworkObservability field. The kubebuilder tag documents the enum but does not enforce it at the installer level. Add an explicit check to reject values outside "", "Enable", and "Disable" to prevent invalid values from reaching manifest generation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/types/installconfig.go` around lines 429 - 435, In validateNetworking(),
add an explicit validation for the InstallNetworkObservability field to reject
any value other than the allowed set ("", "Enable", "Disable"); locate the
InstallNetworkObservability pointer on the InstallConfig type and if non-nil
check its value and append a field error (using the same error accumulation
approach used in validateNetworking) for the json field
"installNetworkObservability" when it is not one of the three allowed strings so
invalid values are rejected before manifest generation.

[openshift-ci]

@OlivierCazade: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	79ef0ab	link	true	/test images
ci/prow/okd-scos-images	79ef0ab	link	true	/test okd-scos-images
ci/prow/unit	79ef0ab	link	true	/test unit
ci/prow/e2e-aws-ovn	79ef0ab	link	true	/test e2e-aws-ovn
ci/prow/verify-vendor	79ef0ab	link	true	/test verify-vendor
ci/prow/verify-deps	79ef0ab	link	true	/test verify-deps

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.