OCPBUGS-74970: Fix kubelet certificate wait loop in criometricsproxy.yaml

[aksjadha]

• Related bug: Fix kubelet certificate wait loop and mount path in criometricsproxy.yaml

• The previous condition [ -n "$(test -e ...)" ] always evaluated to false because test -e produces no stdout output — it communicates via exit code only. So -n always evaluated to false, causing the loop to exit immediately instead of waiting for the kubelet certificate to appear.

• The init container mounts the host's /var/lib/kubelet at /var. So inside the init container, the host's /var/lib/kubelet/pki/kubelet-server-current.pem appears at /var/pki/kubelet-server-current.pem — but the script checks /var/lib/kubelet/pki/kubelet-server-current.pem, which doesn't exist at that path inside the init container.

- What I did

• Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists
• Updated init container mount path to /var/lib/kubelet from /var to match main container so the script's path /var/lib/kubelet/pki/kubelet-server-current.pem resolves correctly.

- How to verify it

• Check kube-rbac-proxy-crio-ip pod logs in namespace openshift-machine-config-operator to verify the CRI-O metrics proxy init container correctly waits for the kubelet certificate before proceeding

- Description for the changelog

• Fixes the kubelet certificate wait loop condition in criometricsproxy.yaml across all node roles (arbiter, master, worker)
• The old condition [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] was incorrect. Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

Summary by CodeRabbit

• Bug Fixes
  • Ensures arbiter, master, and worker nodes now reliably wait for the kubelet server certificate/key to appear before starting dependent pods, improving startup stability and preventing race conditions during node initialization.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@aksjadha: This pull request references Jira Issue OCPBUGS-74970, which is invalid:

• expected the bug to target the "5.0.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

• Related bug: Fix kubelet certificate wait loop in criometricsproxy.yaml

• The previous condition [ -n "$(test -e ...)" ] always evaluated to false because test -e produces no stdout output — it communicates via exit code only. So -n always evaluated to false, causing the loop to exit immediately instead of waiting for the kubelet certificate to appear.

- What I did

• Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

- How to verify it

• Check kube-rbac-proxy-crio-ip pod logs in namespace openshift-machine-config-operator to verify the CRI-O metrics proxy init container correctly waits for the kubelet certificate before proceeding

- Description for the changelog

• Fixes the kubelet certificate wait loop condition in criometricsproxy.yaml across all node roles (arbiter, master, worker)
• The old condition [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] was incorrect. Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b3267d52-2aff-4a1a-9dcb-095132542a6a

📥 Commits

Reviewing files that changed from the base of the PR and between ee0dcdd and 78749ce.

📒 Files selected for processing (3)

• templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml
• templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
• templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml
• templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml
• templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml

---

Walkthrough

The PR inverts the kubelet server certificate wait condition across three node configuration templates and updates an arbiter volumeMount path. InitContainers now wait until /var/lib/kubelet/pki/kubelet-server-current.pem exists before proceeding.

Changes

Kubelet Certificate Readiness Wait

Layer / File(s)	Summary
Kubelet certificate readiness condition across node types templates/arbiter/01-arbiter-kubelet/_base/files/criometricsproxy.yaml, templates/master/01-master-kubelet/_base/files/criometricsproxy.yaml, templates/worker/01-worker-kubelet/_base/files/criometricsproxy.yaml	The initContainer wait loop condition is inverted from while [ -e /var/lib/kubelet/pki/kubelet-server-current.pem ] to while [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], causing the initContainer to wait until the kubelet server certificate file appears. The arbiter template also changes the var-lib-kubelet volumeMount target path to /var/lib/kubelet.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels: verified

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: fixing a kubelet certificate wait loop condition in criometricsproxy.yaml files across three node templates (arbiter, master, worker).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only YAML configuration files (criometricsproxy.yaml), not Ginkgo test files. No test names are present in the changes, so the check is not applicable.
Test Structure And Quality	✅ Passed	PR modifies Kubernetes Pod manifests (YAML files) for kubelet certificate wait logic, not Ginkgo test code. Custom check for test quality is not applicable.
Microshift Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It only modifies YAML configuration templates for kubelet and criometricsproxy manifests. The custom check does not apply.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR fixes kubelet certificate wait loop in criometricsproxy.yaml (configuration change), not adding new Ginkgo e2e tests. The check applies only to new Ginkgo tests.
Topology-Aware Scheduling Compatibility	✅ Passed	The PR modifies static Pod manifests with no scheduling constraints (no affinity, topology spread, nodeSelectors, etc.). Changes fix kubelet certificate wait logic needed on all supported topologies.
Ote Binary Stdout Contract	✅ Passed	PR modifies only YAML Kubernetes manifest templates, not any OTE binary code or process-level Go code. The custom check does not apply to declarative configuration files.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR modifies only YAML configuration files (criometricsproxy.yaml manifests) for arbiter/master/worker kubelet templates, not Ginkgo e2e tests. Check is not applicable.
No-Weak-Crypto	✅ Passed	PR modifies only shell script logic for certificate file checks and volume mount paths. No weak cryptographic algorithms, custom crypto implementations, or secret comparisons detected.
Container-Privileges	✅ Passed	PR does not introduce privilege escalation. All privileged: true and hostNetwork settings existed before the PR; only fixes shell condition bug and adds readOnly: true.
No-Sensitive-Data-In-Logs	✅ Passed	Logging in modified files only outputs static messages and progress indicators; no secrets, credentials, PII, tokens, or sensitive data are exposed.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[aksjadha]

/jira refresh

[openshift-ci-robot]

@aksjadha: This pull request references Jira Issue OCPBUGS-74970, which is invalid:

• expected the bug to target either version "5.0." or "openshift-5.0.", but it targets "4.23" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[aksjadha]

/jira refresh

[openshift-ci-robot]

@aksjadha: This pull request references Jira Issue OCPBUGS-74970, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sergiordlr

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@aksjadha: This pull request references Jira Issue OCPBUGS-74970, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sergiordlr

Details

In response to this:

• Related bug: Fix kubelet certificate wait loop in criometricsproxy.yaml

• The previous condition [ -n "$(test -e ...)" ] always evaluated to false because test -e produces no stdout output — it communicates via exit code only. So -n always evaluated to false, causing the loop to exit immediately instead of waiting for the kubelet certificate to appear.

- What I did

• Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

- How to verify it

• Check kube-rbac-proxy-crio-ip pod logs in namespace openshift-machine-config-operator to verify the CRI-O metrics proxy init container correctly waits for the kubelet certificate before proceeding

- Description for the changelog

• Fixes the kubelet certificate wait loop condition in criometricsproxy.yaml across all node roles (arbiter, master, worker)
• The old condition [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] was incorrect. Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

Summary by CodeRabbit

• Bug Fixes
• Fixed kubelet initialization so nodes now wait for the kubelet server certificate to become available before starting dependent pods, ensuring reliable startup across arbiter, master, and worker nodes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[aksjadha]

Fix is working as expected.

Before fix, there were multiple restarts of pods as init container was not waiting for file to exist.

$ oc describe pod kube-rbac-proxy-crio-ip -n openshift-machine-config-operator
  containerStatuses:
    lastState:
      terminated:
        message: "W0601 01:32:19.053758       1 deprecated.go:66] \n==== Removed Flag
          Warning ======================\n\nlogtostderr is removed in the k8s upstream
          and has no effect any more.\n\n===============================================\n\t\t\nI0601
          01:32:19.053832       1 kube-rbac-proxy.go:532] Reading config file: /etc/kubernetes/crio-metrics-proxy.cfg\nE0601
          01:32:19.055157       1 run.go:72] \"command failed\" err=\"failed to load
          kubeconfig: unable to build rest config based on provided path to kubeconfig
          file: invalid configuration: [unable to read client-cert /var/lib/kubelet/pki/kubelet-client-current.pem
          for default-auth due to open /var/lib/kubelet/pki/kubelet-client-current.pem:
          no such file or directory, unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem
          for default-auth due to open /var/lib/kubelet/pki/kubelet-client-current.pem:
          no such file or directory]\"\n"
        reason: Error
    name: kube-rbac-proxy-crio

$ oc logs kube-rbac-proxy-crio-ip -n openshift-machine-config-operator
I0603 08:59:37.507013       1 kube-rbac-proxy.go:532] Reading config file: /etc/kubernetes/crio-metrics-proxy.cfg
I0603 08:59:37.508125       1 kube-rbac-proxy.go:235] Valid token audiences: 
I0603 08:59:37.508369       1 dynamic_cafile_content.go:161] "Starting controller" name="client-ca::/etc/kubernetes/kubelet-ca.crt"
I0603 08:59:37.510016       1 kube-rbac-proxy.go:349] Reading certificate files
E0603 08:59:37.510065       1 run.go:72] "command failed" err="failed to initialize certificate reloader: error loading certificates: error loading certificate: open /var/lib/kubelet/pki/kubelet-server-current.pem: no such file or directory"

With fix, init container checking if file exists and checking correct mount path i,e /var/lib/kubelet/, there are no multiple restart.

NAME                                                             READY   STATUS    RESTARTS   AGE
kube-rbac-proxy-crio-ip-11.us-west-2.compute.internal   1/1     Running   0          67m
kube-rbac-proxy-crio-ip-12.us-west-2.compute.internal    1/1     Running   0          130m
kube-rbac-proxy-crio-ip-13.us-west-2.compute.internal   1/1     Running   0          130m
kube-rbac-proxy-crio-ip-14.us-west-2.compute.internal     1/1     Running   0          130m

[ngopalak-redhat]

The change looks good to me.

[rphillips]

/approve

[ngopalak-redhat]

/lgtm

[openshift-merge-bot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-upgrade
/test e2e-gcp-op-ocl-part1
/test e2e-gcp-op-ocl-part2
/test e2e-gcp-op-part1
/test e2e-gcp-op-part2
/test e2e-gcp-op-single-node
/test e2e-hypershift

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aksjadha, ngopalak-redhat, rphillips

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• templates/arbiter/01-arbiter-kubelet/OWNERS [rphillips]
• templates/master/01-master-kubelet/OWNERS [rphillips]
• templates/worker/01-worker-kubelet/OWNERS [rphillips]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[aksjadha]

/verified by @aksjadha

Verified the changes through manual testing and have added the test results above.

[openshift-ci-robot]

@aksjadha: This PR has been marked as verified by @aksjadha.

Details

In response to this:

/verified by @aksjadha

Verified the changes through manual testing and have added the test results above.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@aksjadha: This pull request references Jira Issue OCPBUGS-74970. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

Details

In response to this:

• Related bug: Fix kubelet certificate wait loop and mount path in criometricsproxy.yaml

• The previous condition [ -n "$(test -e ...)" ] always evaluated to false because test -e produces no stdout output — it communicates via exit code only. So -n always evaluated to false, causing the loop to exit immediately instead of waiting for the kubelet certificate to appear.

• The init container mounts the host's /var/lib/kubelet at /var. So inside the init container, the host's /var/lib/kubelet/pki/kubelet-server-current.pem appears at /var/pki/kubelet-server-current.pem — but the script checks /var/lib/kubelet/pki/kubelet-server-current.pem, which doesn't exist at that path inside the init container.

- What I did

• Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists
• Updated init container mount path to /var/lib/kubelet from /var to match main container so the script's path /var/lib/kubelet/pki/kubelet-server-current.pem resolves correctly.

- How to verify it

• Check kube-rbac-proxy-crio-ip pod logs in namespace openshift-machine-config-operator to verify the CRI-O metrics proxy init container correctly waits for the kubelet certificate before proceeding

- Description for the changelog

• Fixes the kubelet certificate wait loop condition in criometricsproxy.yaml across all node roles (arbiter, master, worker)
• The old condition [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] was incorrect. Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

Summary by CodeRabbit

• Bug Fixes
• Ensures arbiter, master, and worker nodes now reliably wait for the kubelet server certificate/key to appear before starting dependent pods, improving startup stability and preventing race conditions during node initialization.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@aksjadha: This pull request references Jira Issue OCPBUGS-74970, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (5.0.0) matches configured target version for branch (5.0.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sergiordlr

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

• Related bug: Fix kubelet certificate wait loop and mount path in criometricsproxy.yaml

• The previous condition [ -n "$(test -e ...)" ] always evaluated to false because test -e produces no stdout output — it communicates via exit code only. So -n always evaluated to false, causing the loop to exit immediately instead of waiting for the kubelet certificate to appear.

• The init container mounts the host's /var/lib/kubelet at /var. So inside the init container, the host's /var/lib/kubelet/pki/kubelet-server-current.pem appears at /var/pki/kubelet-server-current.pem — but the script checks /var/lib/kubelet/pki/kubelet-server-current.pem, which doesn't exist at that path inside the init container.

- What I did

• Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists
• Updated init container mount path to /var/lib/kubelet from /var to match main container so the script's path /var/lib/kubelet/pki/kubelet-server-current.pem resolves correctly.

- How to verify it

• Check kube-rbac-proxy-crio-ip pod logs in namespace openshift-machine-config-operator to verify the CRI-O metrics proxy init container correctly waits for the kubelet certificate before proceeding

- Description for the changelog

• Fixes the kubelet certificate wait loop condition in criometricsproxy.yaml across all node roles (arbiter, master, worker)
• The old condition [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] was incorrect. Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

Summary by CodeRabbit

• Bug Fixes
• Ensures arbiter, master, and worker nodes now reliably wait for the kubelet server certificate/key to appear before starting dependent pods, improving startup stability and preventing race conditions during node initialization.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[aksjadha]

/retest-required

[aksjadha]

/pipeline required

[openshift-merge-bot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-upgrade
/test e2e-gcp-op-ocl-part1
/test e2e-gcp-op-ocl-part2
/test e2e-gcp-op-part1
/test e2e-gcp-op-part2
/test e2e-gcp-op-single-node
/test e2e-hypershift

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 555d04b and 2 for PR HEAD 78749ce in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 70b83d6 and 1 for PR HEAD 78749ce in total

[openshift-ci]

@aksjadha: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@aksjadha: Jira Issue Verification Checks: Jira Issue OCPBUGS-74970
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-74970 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

• Related bug: Fix kubelet certificate wait loop and mount path in criometricsproxy.yaml

• The previous condition [ -n "$(test -e ...)" ] always evaluated to false because test -e produces no stdout output — it communicates via exit code only. So -n always evaluated to false, causing the loop to exit immediately instead of waiting for the kubelet certificate to appear.

• The init container mounts the host's /var/lib/kubelet at /var. So inside the init container, the host's /var/lib/kubelet/pki/kubelet-server-current.pem appears at /var/pki/kubelet-server-current.pem — but the script checks /var/lib/kubelet/pki/kubelet-server-current.pem, which doesn't exist at that path inside the init container.

- What I did

• Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists
• Updated init container mount path to /var/lib/kubelet from /var to match main container so the script's path /var/lib/kubelet/pki/kubelet-server-current.pem resolves correctly.

- How to verify it

• Check kube-rbac-proxy-crio-ip pod logs in namespace openshift-machine-config-operator to verify the CRI-O metrics proxy init container correctly waits for the kubelet certificate before proceeding

- Description for the changelog

• Fixes the kubelet certificate wait loop condition in criometricsproxy.yaml across all node roles (arbiter, master, worker)
• The old condition [ -n "$(test -e /var/lib/kubelet/pki/kubelet-server-current.pem)" ] was incorrect. Replaced with the correct condition [ ! -e /var/lib/kubelet/pki/kubelet-server-current.pem ], which properly loops until the kubelet certificate file exists

Summary by CodeRabbit

• Bug Fixes
• Ensures arbiter, master, and worker nodes now reliably wait for the kubelet server certificate/key to appear before starting dependent pods, improving startup stability and preventing race conditions during node initialization.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-robot]

Fix included in release 5.0.0-0.nightly-2026-06-12-141614

[aksjadha]

/cherrypick release-4.23 release-4.22 release-4.21 release-4.20

[openshift-cherrypick-robot]

@aksjadha: new pull request could not be created: failed to create pull request against openshift/machine-config-operator#release-4.23 from head openshift-cherrypick-robot:cherry-pick-6125-to-release-4.23: status code 422 not one of [201], body: {"message":"Validation Failed","errors":[{"resource":"PullRequest","code":"custom","message":"No commits between openshift:release-4.23 and openshift-cherrypick-robot:cherry-pick-6125-to-release-4.23"}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#create-a-pull-request","status":"422"}

Details

In response to this:

/cherrypick release-4.23 release-4.22 release-4.21 release-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[aksjadha]

/cherrypick release-4.22 release-4.21 release-4.20

[openshift-cherrypick-robot]

@aksjadha: new pull request created: #6200

Details

In response to this:

/cherrypick release-4.22 release-4.21 release-4.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.