OCPBUGS-83863: Drop rhel8 builds, strip debug info

[sdodson]

Remove the rhel8 build stage and strip debug symbols from binaries.

The rhel9/rhel10 version-specific subdirectories are no longer needed
since openshift/cluster-network-operator#2967 removed the OS detection
logic and now copies binaries directly from the base directory.

Summary by CodeRabbit

• Chores
  • Removed RHEL 8 build support from container artifacts.
  • Consolidated image layout to a single shared set of RHEL-compatible binaries, simplifying packaging and updates.
  • Stripped debug symbols from compiled binaries to reduce image size and runtime footprint.
  • Cleaned up final image layout for greater consistency and maintainability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: cf2e1ad0-ba2b-4e05-89d3-9cc612fdae25

📥 Commits

Reviewing files that changed from the base of the PR and between 26eb379 and 42aaab5.

📒 Files selected for processing (1)

• Dockerfile.openshift

---

Walkthrough

Build artifacts only in the rhel9 builder using stripped Go binaries, then copy all three binaries into a shared /usr/src/whereabouts/bin in the base-rhel9 image; LABEL formatting adjusted.

Changes

Docker Build Configuration

Layer / File(s)	Summary
rhel9 builder: add strip flags and output to bin/ Dockerfile.openshift	go build invocations for whereabouts, ip-control-loop, and node-slice-controller now include -ldflags '-s -w' and write outputs under bin/. (range_08450113a55e)
final base-rhel9: shared bin copy & LABEL formatting Dockerfile.openshift	Final stage creates /usr/src/whereabouts/bin and /usr/src/whereabouts/images and copies all binaries from the rhel9 builder into that shared directory; LABEL block line-wrapping/formatting changed. (range_4af500730946, range_247b7f5cb672)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Topology-Aware Scheduling Compatibility	⚠️ Warning	PR adds daemonset with broad toleration (operator: Exists, effect: NoSchedule) that inadvertently schedules pods to resource-constrained arbiter nodes on Two-Node Arbiter topologies.	Change default toleration to exclude arbiter taint, or add nodeAffinity to prevent scheduling to arbiter-labeled nodes (node-role.kubernetes.io/arbiter).
Ipv6 And Disconnected Network Test Compatibility	⚠️ Warning	New Ginkgo e2e tests added contain hardcoded IPv4 CIDRs (10.10.0.0/16, 11.11.0.0/16) without IPv6-only or cluster IP family detection mechanisms, failing in IPv6-only disconnected environments.	Add cluster IP family detection using GetIPAddressFamily() or wrap IPv4-only tests with InIPv4ClusterContext(), or use correctCIDRFamily() to adapt CIDR ranges based on detected cluster IP family.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: removing rhel8 builds and adding debug symbol stripping via -ldflags flags.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only Dockerfile.openshift. All Ginkgo test names are static, descriptive, with no dynamic identifiers, variable interpolation, or generated suffixes found.
Test Structure And Quality	✅ Passed	Check is not applicable: PR modifies only Docker configuration files (Dockerfile.openshift) to remove RHEL8 builds and add debug symbol stripping. No Ginkgo test code was modified.
Microshift Test Compatibility	✅ Passed	This PR only modifies Dockerfile.openshift (Docker build config). No new Ginkgo e2e tests are added, so the MicroShift compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR only modifies Dockerfile.openshift with build configuration changes; no new Ginkgo e2e tests are added, so SNO compatibility check does not apply.
Ote Binary Stdout Contract	✅ Passed	PR modifies only Dockerfile.openshift with build flag changes (-ldflags '-s -w') that don't affect stdout. These binaries are not OTE test harnesses, so the check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch drop-rhel8-add-rhel10

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sdodson
Once this PR has been reviewed and has the lgtm label, please assign dougbtv for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@sdodson: This pull request references Jira Issue OCPBUGS-83863, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

• Remove rhel8 build stage: RHEL 8 builds are no longer necessary from 4.20 onwards. The rhel8 builder stage and all COPY --from=rhel8 references have been removed.
• Hardlink rhel9 binaries: Instead of duplicating binaries via separate COPY instructions, the rhel9/bin directory now uses hardlinks to the base bin directory, eliminating binary duplication in the final image.
• Add rhel10 support: Adds an rhel10/bin directory via hardlinks to the rhel9-built binaries, which are assumed to be compatible with rhel10.

Test plan

• Verify CI image build succeeds
• Verify the built image contains binaries at /usr/src/whereabouts/bin/, /usr/src/whereabouts/rhel9/bin/, and /usr/src/whereabouts/rhel10/bin/
• Verify hardlinks are correct (all three paths point to the same inodes)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
• Simplified Docker build configuration by removing RHEL 8 support and optimizing binary deployment in the container image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Dockerfile.openshift`:
- Around line 22-26: The Dockerfile removed the rhel8 bin path but entrypoint.sh
still may set rhelmajor=8 and try to run
/usr/src/whereabouts/rhel8/bin/ip-control-loop, causing a runtime "No such file"
error; fix by either (A) adding a compatibility hardlink directory
/usr/src/whereabouts/rhel8/bin with the same links as rhel10 (create symlinks to
whereabouts, ip-control-loop, node-slice-controller) so entrypoint.sh can find
binaries, or (B) update entrypoint.sh logic that sets rhelmajor to stop
selecting 8 (change the branch that computes rhelmajor or the path resolution)
so it never references rhel8; adjust whichever file you choose (Dockerfile for
adding links, or entrypoint.sh for changing rhelmajor resolution) and ensure
tests/containers exercise the Fedora CoreOS path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 32bc904a-6a13-4d0d-a6c1-6230d8100f04

📥 Commits

Reviewing files that changed from the base of the PR and between d691040 and c61cecd.

📒 Files selected for processing (1)

• Dockerfile.openshift

[coderabbitai]

♻️ Duplicate comments (1)

Dockerfile.openshift (1)

22-26: ⚠️ Potential issue | 🟠 Major

Runtime path mismatch for Fedora CoreOS is still possible

entrypoint.sh (Line 12-35 in entrypoint.sh) can still resolve rhelmajor=8 and execute /usr/src/whereabouts/rhel8/bin/ip-control-loop. With only rhel9/bin and rhel10/bin created here, that path can fail at runtime.

Minimal compatibility patch in this Dockerfile

 RUN mkdir -p /usr/src/whereabouts/rhel10/bin && \
     ln /usr/src/whereabouts/bin/whereabouts     /usr/src/whereabouts/rhel10/bin/whereabouts && \
     ln /usr/src/whereabouts/bin/ip-control-loop /usr/src/whereabouts/rhel10/bin/ip-control-loop && \
     ln /usr/src/whereabouts/bin/node-slice-controller /usr/src/whereabouts/rhel10/bin/node-slice-controller
+RUN mkdir -p /usr/src/whereabouts/rhel8/bin && \
+    ln /usr/src/whereabouts/bin/whereabouts     /usr/src/whereabouts/rhel8/bin/whereabouts && \
+    ln /usr/src/whereabouts/bin/ip-control-loop /usr/src/whereabouts/rhel8/bin/ip-control-loop && \
+    ln /usr/src/whereabouts/bin/node-slice-controller /usr/src/whereabouts/rhel8/bin/node-slice-controller

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile.openshift` around lines 22 - 26, The Dockerfile creates rhel9 and
rhel10 runtime bin paths but not rhel8, so entrypoint.sh resolving rhelmajor=8
can fail when it tries to run /usr/src/whereabouts/rhel8/bin/ip-control-loop;
update the RUN block that creates /usr/src/whereabouts/rhel*/bin to also create
/usr/src/whereabouts/rhel8/bin and symlink the same binaries (whereabouts,
ip-control-loop, node-slice-controller) into it (or create a rhel8 ->
rhel9/rhel10 redirect) so entrypoint.sh’s resolution of
/usr/src/whereabouts/rhel8/bin/ip-control-loop always finds the executable.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@Dockerfile.openshift`:
- Around line 22-26: The Dockerfile creates rhel9 and rhel10 runtime bin paths
but not rhel8, so entrypoint.sh resolving rhelmajor=8 can fail when it tries to
run /usr/src/whereabouts/rhel8/bin/ip-control-loop; update the RUN block that
creates /usr/src/whereabouts/rhel*/bin to also create
/usr/src/whereabouts/rhel8/bin and symlink the same binaries (whereabouts,
ip-control-loop, node-slice-controller) into it (or create a rhel8 ->
rhel9/rhel10 redirect) so entrypoint.sh’s resolution of
/usr/src/whereabouts/rhel8/bin/ip-control-loop always finds the executable.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9a6a5f5f-2b5f-43b6-b007-51c28cfe563f

📥 Commits

Reviewing files that changed from the base of the PR and between c61cecd and 5156041.

📒 Files selected for processing (1)

• Dockerfile.openshift

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile.openshift`:
- Around line 12-17: The Dockerfile currently creates /usr/src/whereabouts/bin
but fails to create the rhel-specific hardlink directories that entrypoint.sh
expects (it resolves binaries at /usr/src/whereabouts/rhel${rhelmajor}/bin/*);
update the Dockerfile to mkdir -p for /usr/src/whereabouts/rhel9/bin and
/usr/src/whereabouts/rhel10/bin (and rhel8 or fedora equivalents if required)
and create hardlinks (or copy) from /usr/src/whereabouts/bin/<binary> into those
rhelN/bin directories so that entrypoint.sh can find ip-control-loop,
whereabouts, node-slice-controller, etc.; ensure the same set of files copied
from the rhel9 stage (entrypoint.sh, whereabouts, ip-control-loop,
node-slice-controller) are hardlinked into each rhelN/bin directory referenced
by entrypoint.sh.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 90c297fb-3c3a-4bbd-8887-ae26fd0b0852

📥 Commits

Reviewing files that changed from the base of the PR and between 5156041 and 26eb379.

📒 Files selected for processing (1)

• Dockerfile.openshift

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Missing rhel9/bin and rhel10/bin hardlink directories causes runtime failure.

The entrypoint.sh resolves the binary path as /usr/src/whereabouts/rhel${rhelmajor}/bin/ip-control-loop, but this Dockerfile only creates /usr/src/whereabouts/bin/. The container will fail at runtime with "No such file or directory" for all RHEL versions (9, 10, and 8 for Fedora CoreOS).

The PR objectives and test plan mention creating hardlinks for rhel9/bin and rhel10/bin, but this is not implemented.

🐛 Proposed fix to add hardlink directories

 RUN mkdir -p /usr/src/whereabouts/images && \
        mkdir -p /usr/src/whereabouts/bin
 COPY --from=rhel9 /go/src/github.com/openshift/whereabouts/entrypoint.sh       /usr/src/whereabouts/bin
 COPY --from=rhel9 /go/src/github.com/openshift/whereabouts/bin/whereabouts     /usr/src/whereabouts/bin
 COPY --from=rhel9 /go/src/github.com/openshift/whereabouts/bin/ip-control-loop /usr/src/whereabouts/bin
 COPY --from=rhel9 /go/src/github.com/openshift/whereabouts/bin/node-slice-controller /usr/src/whereabouts/bin
+RUN mkdir -p /usr/src/whereabouts/rhel9/bin && \
+    ln /usr/src/whereabouts/bin/whereabouts     /usr/src/whereabouts/rhel9/bin/whereabouts && \
+    ln /usr/src/whereabouts/bin/ip-control-loop /usr/src/whereabouts/rhel9/bin/ip-control-loop && \
+    ln /usr/src/whereabouts/bin/node-slice-controller /usr/src/whereabouts/rhel9/bin/node-slice-controller
+RUN mkdir -p /usr/src/whereabouts/rhel10/bin && \
+    ln /usr/src/whereabouts/bin/whereabouts     /usr/src/whereabouts/rhel10/bin/whereabouts && \
+    ln /usr/src/whereabouts/bin/ip-control-loop /usr/src/whereabouts/rhel10/bin/ip-control-loop && \
+    ln /usr/src/whereabouts/bin/node-slice-controller /usr/src/whereabouts/rhel10/bin/node-slice-controller

For rhel8/Fedora CoreOS compatibility (as flagged in a previous review), also add:

+RUN mkdir -p /usr/src/whereabouts/rhel8/bin && \
+    ln /usr/src/whereabouts/bin/whereabouts     /usr/src/whereabouts/rhel8/bin/whereabouts && \
+    ln /usr/src/whereabouts/bin/ip-control-loop /usr/src/whereabouts/rhel8/bin/ip-control-loop && \
+    ln /usr/src/whereabouts/bin/node-slice-controller /usr/src/whereabouts/rhel8/bin/node-slice-controller

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile.openshift` around lines 12 - 17, The Dockerfile currently creates
/usr/src/whereabouts/bin but fails to create the rhel-specific hardlink
directories that entrypoint.sh expects (it resolves binaries at
/usr/src/whereabouts/rhel${rhelmajor}/bin/*); update the Dockerfile to mkdir -p
for /usr/src/whereabouts/rhel9/bin and /usr/src/whereabouts/rhel10/bin (and
rhel8 or fedora equivalents if required) and create hardlinks (or copy) from
/usr/src/whereabouts/bin/<binary> into those rhelN/bin directories so that
entrypoint.sh can find ip-control-loop, whereabouts, node-slice-controller,
etc.; ensure the same set of files copied from the rhel9 stage (entrypoint.sh,
whereabouts, ip-control-loop, node-slice-controller) are hardlinked into each
rhelN/bin directory referenced by entrypoint.sh.

[sdodson]

/retest-required

[sdodson]

/hold cancel
/retest-required

[sdodson]

/test e2e-aws e2e-aws-upgrade iamges verify-deps okd-scos-images

[sdodson]

/retest-required

[openshift-ci]

@sdodson: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.