CNTRLPLANE-1750: Add FeatureGate: ConfigurablePKI

[sanchezl]

Add ConfigurablePKI feature gate.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

Hello @sanchezl! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@sanchezl: This pull request references CNTRLPLANE-1750 which is a valid jira issue.

In response to this:

Add ConfigurablePKI feature gate.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[JoelSpeed]

Is this the correct link? EP PR is closed?

[sanchezl]

The correct EP PR is openshift/enhancements#1882

[coderabbitai]

Walkthrough

Adds a new exported feature gate FeatureGateConfigurablePKI in features/features.go with metadata (Jira component, contact person, product scope, enhancement PR) and enabled in DevPreviewNoUpgrade and TechPreviewNoUpgrade modes.

Changes

Cohort / File(s)

Summary

New feature gate addition features/features.go

Adds exported FeatureGateConfigurablePKI feature gate initialized via newFeatureGate("ConfigurablePKI") with chained metadata calls: reportProblemsToJiraComponent("kube-apiserver"), contactPerson("sanchezl"), productScope(ocpSpecific), enhancementPR("https://github.com/openshift/enhancements/pull/1882"), enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade), and mustRegister(). No changes to existing gates' semantics.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Inspect features/features.go to verify metadata strings and PR URL.
• Confirm consistency of initialization pattern with neighboring feature gates and registration.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 2bc8376 and 8e9a684.

📒 Files selected for processing (1)

• features/features.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• features/features.go

🔇 Additional comments (1)

features/features.go (1)

935-941: LGTM! The feature gate implementation is correct.

The new FeatureGateConfigurablePKI follows the established pattern perfectly, with all required metadata fields properly configured. The enhancement PR link correctly references PR #1882, which addresses the concern raised in the previous review.

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sanchezl]

/cc @sjenning
/cc @patrickdillon
/cc @sadasu
/cc @sjenning
/cc @hasbro17
/cc @dusk125
/cc @p0lyn0mial

Looking for a statement as a "soft approval" for openshift/enhancements#1882 so I can proceed with merging this new FeatureGate. The enhancement still needs some polishing. I am looking for including the feature in 4.22.

[openshift-ci]

@sanchezl: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	8e9a684	link	true	/test verify

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.