[WIP]Promote KMSEncryption Feature Gate to GA

[gangwgr]

Promote KMSEncryption Feature Gate to GA

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 09c6c88b-25a0-4f99-a001-c7f8d2d101ff

📥 Commits

Reviewing files that changed from the base of the PR and between 9b69e5f and 990b07a.

📒 Files selected for processing (6)

• features.md
• features/features.go
• payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml
• payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml
• payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml

---

📝 Walkthrough

Walkthrough

The pull request enables the KMSEncryption feature gate across multiple configurations. The features.go file is updated to expand the enable conditions for FeatureGateKMSEncryption to include inDefault() and inOKD() in addition to existing preview conditions. The features.md documentation is reorganized to reflect this change. Multiple FeatureGate manifest files for Hypershift and SelfManagedHA configurations (both Default and OKD variants) are updated to move KMSEncryption from the disabled list to the enabled list.

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Promote KMSEncryption Feature Gate to GA' directly aligns with the changeset, which promotes KMSEncryption from dev/tech preview to enabled/default across multiple feature gate configurations.
Description check	✅ Passed	The description 'Promote KMSEncryption Feature Gate to GA' is directly related to the changeset, matching the PR's objective of promoting the KMSEncryption feature gate to GA status.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No dynamic test names found. All Ginkgo test names are static, descriptive strings from YAML specs with no timestamps, UUIDs, generated suffixes, or other runtime-varying content.
Test Structure And Quality	✅ Passed	Tests have proper setup/cleanup with BeforeEach/AfterEach, meaningful assertion messages, explicit 5s timeouts, single-responsibility structure, and consistent patterns.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. The changes are limited to feature gate configuration and feature definitions only, making this check not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. It only modifies feature gate definitions and YAML manifests to promote KMSEncryption to GA. The SNO test compatibility check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	Feature gate configuration only. No deployment manifests, workloads, pod affinity, topology spread constraints, or node selectors introduced.
Ote Binary Stdout Contract	✅ Passed	PR modifies feature gate configuration and documentation only. No stdout-writing code at process level. Module-level initialization uses pure data structures with no fmt.Print, klog, or log calls.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. The changes only modify feature gate configurations and documentation files (features.md, features.go, and YAML manifests).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hello @gangwgr! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[gangwgr]

/test verify-feature-promotion

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign everettraven for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@gangwgr: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	990b07a	link	true	/test verify
ci/prow/verify-feature-promotion	990b07a	link	true	/test verify-feature-promotion
ci/prow/integration	990b07a	link	true	/test integration

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[p0lyn0mial]

cc @p0lyn0mial