OCPBUGS-83863: Simplify Dockerfile to rhel9-only build

[sdodson]

Remove the rhel8 and rhel10 build stages, strip debug symbols from binaries.

The rhel9/rhel10 version-specific subdirectories are no longer needed
since openshift/cluster-network-operator#2967 removed the OS detection
logic and now copies binaries directly from the base directory.

Summary by CodeRabbit

• Chores
  • Simplified OpenShift image build: consolidated per-release binaries into a single RHEL 9-based output, removed per-version packaging, and now deploys a unified binary layout for runtime.
  • Adjusted Go build to produce stripped binaries (debug symbols removed) to reduce artifact size while retaining version and build metadata.

[openshift-ci-robot]

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is invalid:

• expected the bug to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

• Removes the rhel8 builder stage and versioned subdirectory structure (rhel8/bin, rhel9/bin) from Dockerfile.openshift
• Builds only rhel9 binaries directly into /usr/src/multus-cni/bin/
• Adds a comment documenting how to re-introduce multi-version support (e.g., for rhel10) if needed in the future

Test plan

• Verify the OpenShift image builds successfully with only the rhel9 stage
• Verify binaries are present in /usr/src/multus-cni/bin/ in the built image
• Verify entrypoint.sh functions correctly with the simplified directory layout

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Removed rhel8/rhel10 builder stages; final image now uses only rhel9 builder outputs copied into /usr/src/multus-cni/bin and no longer performs OS-release-based binary selection. Added Go linker flags -s -w in hack/build-go.sh to strip symbols.

Changes

OpenShift Dockerfile & Build

Layer / File(s)	Summary
Dockerfile: remove rhel8/rhel10 builders & simplify base-rhel9 Dockerfile.openshift	Removed rhel10 and rhel8 builder stages. base-rhel9 now creates only /usr/src/multus-cni/images and /usr/src/multus-cni/bin and copies built binaries from the rhel9 builder; removed per-OS-version bin directories and os-release selection/caching logic.
Build script: strip debug symbols hack/build-go.sh	Appended -s -w to LDFLAGS (keeps existing -X assignments); whitespace/formatting adjusted.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	540+ bare Expect().NotTo(HaveOccurred()) assertions lack messages; multiple files omit BeforeEach/AfterEach cleanup patterns for temporary resources created in tests.	Add meaningful messages to assertions and implement BeforeEach/AfterEach blocks for resource setup/cleanup across all test files for consistency.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly describes the main change: simplifying the Dockerfile.openshift by consolidating to a single rhel9-only build, which is the primary objective reflected in both file changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only Dockerfile.openshift and hack/build-go.sh (Docker and build config), neither containing Ginkgo tests or test code. Check is not applicable.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR—only Dockerfile.openshift and hack/build-go.sh build configuration changes are made. The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The PR modifies only Dockerfile.openshift and hack/build-go.sh (build/infrastructure files), neither of which contains Ginkgo e2e tests. The check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only build files (Dockerfile.openshift, hack/build-go.sh), not deployment manifests, operator code, or controllers, so topology-aware scheduling check does not apply.
Ote Binary Stdout Contract	✅ Passed	PR only modifies Dockerfile and build script; no changes to main(), init(), or logging code that could affect OTE binary stdout contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests are present in the PR. Changes are to Dockerfile.openshift and hack/build-go.sh—infrastructure/build configuration files, not test code.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sdodson
Once this PR has been reviewed and has the lgtm label, please assign s1061123 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

Summary

• Removes the rhel8 builder stage and versioned subdirectory structure (rhel8/bin, rhel9/bin) from Dockerfile.openshift
• Builds only rhel9 binaries directly into /usr/src/multus-cni/bin/
• Adds a comment documenting how to re-introduce multi-version support (e.g., for rhel10) if needed in the future

Test plan

• Verify the OpenShift image builds successfully with only the rhel9 stage
• Verify binaries are present in /usr/src/multus-cni/bin/ in the built image
• Verify entrypoint.sh functions correctly with the simplified directory layout

🤖 Generated with Claude Code

Summary by CodeRabbit

• Refactor
• Simplified the container build process by consolidating binary packaging and removing OS-version-specific binary management. The build now directly prepares a single binary directory instead of maintaining separate versioned subdirectories.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

Summary

• Removes the rhel8 builder stage from Dockerfile.openshift
• Keeps rhel10 and rhel9 build stages with OS-detection to select the correct binaries at build time

Context

Support for rhel8 workers was removed in 4.20, so no cluster upgrading from 4.20 to 4.21 should ever have rhel8 workers. Clusters upgrading from 4.18 to 4.20 through 4.19 may have rhel8 workers, although this is unlikely. Therefore rhel8 binaries are only necessary through 4.20 and can be dropped going forward.

Test plan

• Verify the OpenShift image builds successfully without the rhel8 stage
• Verify binaries are present in /usr/src/multus-cni/bin/ in the built image
• Verify entrypoint.sh functions correctly with the simplified directory layout

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details

{}

[sdodson]

/hold
Need to test all of these together

[openshift-ci-robot]

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

• Removes the rhel8 builder stage from Dockerfile.openshift (rhel8 workers no longer supported as of 4.20)
• Strips binaries with -s -w ldflags to reduce image size
• Removes the rhel10 builder stage (rhel10 golang builder doesn't exist yet — it was just a duplicate of rhel9)
• Simplifies runtime to copy rhel9 binaries as default, with OS detection that prefers a version-specific binary directory when one exists
• Adds comments documenting how to add future RHEL versions

Context

Support for rhel8 workers was removed in 4.20, so rhel8 binaries can be dropped. The rhel10 stage was using the rhel9 golang builder anyway, producing identical binaries. This PR consolidates to a single rhel9 build stage with a flexible runtime layout that can easily accommodate rhel10 when its builder becomes available.

Test plan

• Verify the OpenShift image builds successfully with only the rhel9 stage
• Verify binaries are present and stripped in /usr/src/multus-cni/bin/ in the built image
• Verify entrypoint.sh functions correctly with the simplified directory layout
• Verify file command shows binaries are stripped (no debug info)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
• Simplified OpenShift image build to consolidate binaries into a single RHEL 9 output and streamline OS-version selection.
• Adjusted the Go build to produce stripped binaries (debug/symbols removed) for smaller releases.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[sdodson]

/retest-required

[openshift-ci]

@sdodson: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/security	3bcae0b	link	false	/test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[sdodson]

/retest-required

[sdodson]

/hold cancel

[sdodson]

/test e2e-aws e2e-aws-upgrade iamges verify-deps okd-scos-images

[sdodson]

/test e2e-aws e2e-aws-upgrade iamges verify-deps okd-scos-images