NO-JIRA: Fix baremetal misconfiguration for KMS jobs

[ardaguclu]

This PR fixes the misconfigurations of the baremetal jobs of KMS feature.

Summary by CodeRabbit

This PR fixes misconfiguration in the baremetal e2e test jobs for KMS encryption testing in the OpenShift cluster-kube-apiserver-operator CI pipeline.

What Changed:
The periodic test definitions for KMS encryption e2e scenarios on baremetal are being modernized:

• Consolidates the cluster profile from a custom equinix-ocp-metal-qe setup with explicit capability declarations and host sizing to the standard equinix-ocp-metal profile
• Removes redundant explicit configuration fields (capabilities, AUX_HOST, RESERVE_BOOTSTRAP, architecture, masters, workers)
• Introduces DEVSCRIPTS_CONFIG environment variable to drive networking stack configuration, making it easier to manage IPv4, IPv6, and dual-stack test variants
• Updates test and workflow references from the older openshift-e2e-test and baremetal-lab-* patterns to the newer baremetalds-e2e-test and corresponding baremetalds-e2e* workflows

Impact:
This aligns the KMS encryption test infrastructure with modern baremetal testing patterns and improves maintainability by reducing configuration duplication and using a standardized profile approach. The three test variants (standard OVN, IPv6, and dual-stack) now use a consistent configuration structure.

[openshift-ci-robot]

@ardaguclu: This pull request explicitly references no jira issue.

Details

In response to this:

This PR fixes the misconfigurations of the baremetal jobs of KMS feature.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: f09ba4ea-3114-4778-972a-d77bd88bcb52

📥 Commits

Reviewing files that changed from the base of the PR and between 32d1d4f and 2d98e09.

⛔ Files ignored due to path filters (1)

• ci-operator/jobs/openshift/cluster-kube-apiserver-operator/openshift-cluster-kube-apiserver-operator-main-periodics.yaml is excluded by !ci-operator/jobs/**

📒 Files selected for processing (1)

• ci-operator/config/openshift/cluster-kube-apiserver-operator/openshift-cluster-kube-apiserver-operator-main__periodics.yaml

---

Walkthrough

This PR updates three periodic test configurations for metal-based encryption-kms e2e scenarios in the cluster-kube-apiserver-operator test suite. It standardizes the cluster profile from equinix-ocp-metal-qe to equinix-ocp-metal, replaces QE-specific configuration fields with DEVSCRIPTS_CONFIG to manage networking, and updates test refs and workflow definitions across base, IPv6, and dualstack variants.

Changes

Encryption-KMS periodic test configurations

Layer / File(s)

Summary

Encryption-KMS periodic test configurations ci-operator/config/openshift/cluster-kube-apiserver-operator/openshift-cluster-kube-apiserver-operator-main__periodics.yaml

Three periodic test configurations (e2e-metal-encryption-kms, -ipv6, -dual) are updated from equinix-ocp-metal-qe to equinix-ocp-metal cluster profile. QE-specific capabilities, AUX_HOST, RESERVE_BOOTSTRAP, architecture, masters, and workers fields are removed. DEVSCRIPTS_CONFIG is added to configure OVN networking, with optional IP_STACK=v6 for IPv6 and IP_STACK=v4v6 for dualstack variants. Test ref changes from openshift-e2e-test to baremetalds-e2e-test. Workflows update from baremetal-lab-* variants to baremetalds-e2e, baremetalds-e2e-ovn-ipv6, and baremetalds-e2e-ovn-dualstack.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested labels

lgtm, rehearsals-ack

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main change: fixing baremetal misconfiguration for KMS jobs, which directly aligns with the PR's primary objective of addressing misconfigurations in KMS baremetal periodic test definitions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only CI/CD YAML configuration files for periodic test jobs, not Ginkgo test code. Custom check applies to Ginkgo test titles, which are absent here.
Test Structure And Quality	✅ Passed	The PR modifies only CI/CD YAML configuration files, not Ginkgo test code. The custom check is inapplicable as it requires reviewing actual test implementations with Ginkgo patterns.
Microshift Test Compatibility	✅ Passed	PR only modifies CI configuration YAML files to reconfigure existing baremetal encryption-kms tests. No new Ginkgo e2e tests are added, so the check does not apply.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR modifies only CI configuration YAML and adds no Ginkgo test code. SNO compatibility check applies only to new Ginkgo tests, not CI configuration changes.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only CI test configuration (ci-operator/config), not deployment manifests, operator code, or controllers. Custom check applies only to those artifact types.
Ote Binary Stdout Contract	✅ Passed	PR modifies only YAML configuration; no code changes present that could violate OTE Binary Stdout Contract for JSON communication.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only updates CI configuration YAML for existing KMS tests; no new Ginkgo e2e test code is added. The check is not applicable.
No-Weak-Crypto	✅ Passed	PR modifies YAML CI/CD configuration only, with no code introducing weak crypto (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom implementations, or unsafe secret comparisons.
Container-Privileges	✅ Passed	File contains only CI-operator test configuration (no container/K8s manifests). No privileged settings, security contexts, or capabilities definitions found.
No-Sensitive-Data-In-Logs	✅ Passed	PR modifies CI YAML with non-sensitive config only. No passwords, tokens, API keys, PII, or internal data exposed in the file.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@ardaguclu: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
periodic-ci-openshift-cluster-kube-apiserver-operator-main-periodics-e2e-metal-encryption-kms-dual	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-cluster-kube-apiserver-operator-main-periodics-e2e-metal-encryption-kms-ipv6	N/A	periodic	Ci-operator config changed
periodic-ci-openshift-cluster-kube-apiserver-operator-main-periodics-e2e-metal-encryption-kms	N/A	periodic	Ci-operator config changed

Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[ardaguclu]

/cc @gangwgr

[gangwgr]

/pj-rehearse

[openshift-merge-bot]

@gangwgr: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[ardaguclu]

/hold
let's see the CI runs green

[gangwgr]

/lgtm
/approve

[gangwgr]

/hold

[gangwgr]

waiting for ci to passed

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, gangwgr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/cluster-kube-apiserver-operator/OWNERS [ardaguclu,gangwgr]
• ci-operator/jobs/openshift/cluster-kube-apiserver-operator/OWNERS [ardaguclu,gangwgr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@ardaguclu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-openshift-cluster-kube-apiserver-operator-main-periodics-e2e-metal-encryption-kms	2d98e09	link	unknown	/pj-rehearse periodic-ci-openshift-cluster-kube-apiserver-operator-main-periodics-e2e-metal-encryption-kms
ci/rehearse/periodic-ci-openshift-cluster-kube-apiserver-operator-main-periodics-e2e-metal-encryption-kms-ipv6	2d98e09	link	unknown	/pj-rehearse periodic-ci-openshift-cluster-kube-apiserver-operator-main-periodics-e2e-metal-encryption-kms-ipv6

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.