[dnm-testing]Dockerfile: Remove redundant iproute and iproute-tc from INSTALL_PKGS

[bpickard22]

The base image (ovn-kubernetes-base) already includes iproute as a dependency of the OVS/OVN packages installed from the Fast Datapath repo. Explicitly requesting iproute again in the final image stage causes an intermittent dnf depsolve failure when the FDP version (e.g. 6.11.0) conflicts with the iproute-tc version available in rhel-9-baseos (e.g. 6.2.0).

iproute-tc provides the tc binary, which is not used anywhere in ovn-kubernetes and can be safely dropped.

Assisted by Claude Opus 4.6

📑 Description

Fixes #

Additional Information for reviewers

✅ Checks

• My code requires changes to the documentation
• if so, I have updated the documentation as required
• My code requires tests
• if so, I have added and/or updated the tests as required
• All the tests have passed in the CI

How to verify it

Summary by CodeRabbit

• Chores
  • Updated Docker image dependencies to remove unused packages.

[coderabbitai]

Walkthrough

The Dockerfile's package installation list is modified to remove iproute and iproute-tc packages from the INSTALL_PKGS variable, while retaining other packages such as libpcap and strace. The subsequent installation and cleanup logic remains unchanged.

Changes

Cohort / File(s)	Summary
Docker Configuration Dockerfile	Removed iproute and iproute-tc from the INSTALL_PKGS list; all other packages and subsequent build steps remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Hops along the Docker trail,
Two packages bid farewell—iproute's no avail!
iproute-tc joins the fading light,
Slimmer images, leaner and light,
The image hops on, clean and bright! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title clearly identifies the specific change: removing iproute and iproute-tc from INSTALL_PKGS in the Dockerfile, which is the primary focus of this PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bpickard22
Once this PR has been reviewed and has the lgtm label, please assign knobunc for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

42-52: ⚠️ Potential issue | 🟡 Minor

Add a build-time guard for the ip binary to catch transitive dependency drift.

Removing explicit iproute from INSTALL_PKGS is fine—relying on transitive dependencies from base/FDP layers is reasonable for depsolve stability. However, ip is a hard runtime dependency (used extensively by RunIP() for IP route and rule management). Add a simple check so the build fails early if the base image stops providing iroute:

♻️ Proposed build-time check

 RUN stat /usr/bin/oc
+RUN command -v ip >/dev/null

(Note: Direct tc command usage is absent in the codebase, so iproute-tc removal is safe.)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 42 - 52, Add a build-time guard after the
package-install step in the Dockerfile to fail fast if the `ip` binary is
missing: after the dnf install && dnf clean lines, run a shell check (e.g.,
command -v ip >/dev/null || { echo "missing ip binary required by RunIP()" >&2;
exit 1; }) so any transitive removal of iproute from base layers breaks the
build immediately; reference the runtime dependency used by RunIP() in the error
message to make the failure clear.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@Dockerfile`:
- Around line 42-52: Add a build-time guard after the package-install step in
the Dockerfile to fail fast if the `ip` binary is missing: after the dnf install
&& dnf clean lines, run a shell check (e.g., command -v ip >/dev/null || { echo
"missing ip binary required by RunIP()" >&2; exit 1; }) so any transitive
removal of iproute from base layers breaks the build immediately; reference the
runtime dependency used by RunIP() in the error message to make the failure
clear.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: bfafe02a-00b2-4a3b-954c-a51cca5e46b9

📥 Commits

Reviewing files that changed from the base of the PR and between ab5bb67 and 610465c.

📒 Files selected for processing (1)

• Dockerfile

[bpickard22]

Found build issue from https://github.com/openshift/ovn-kubernetes/pull/3120/changes#diff-1c4c4bf0a476b57b3a279382b7490762be0f69bdafbb15e23c4f8fa4022a05e8

[openshift-ci]

@bpickard22: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-metal-ipi-ovn-dualstack-bgp	610465c	link	true	/test e2e-metal-ipi-ovn-dualstack-bgp
ci/prow/e2e-aws-ovn-edge-zones	610465c	link	true	/test e2e-aws-ovn-edge-zones
ci/prow/security	610465c	link	false	/test security
ci/prow/e2e-azure-ovn-upgrade	610465c	link	true	/test e2e-azure-ovn-upgrade
ci/prow/e2e-metal-ipi-ovn-dualstack	610465c	link	true	/test e2e-metal-ipi-ovn-dualstack
ci/prow/e2e-metal-ipi-ovn-ipv6	610465c	link	true	/test e2e-metal-ipi-ovn-ipv6
ci/prow/e2e-aws-ovn-rhcos10-techpreview	610465c	link	false	/test e2e-aws-ovn-rhcos10-techpreview
ci/prow/e2e-metal-ipi-ovn-dualstack-bgp-local-gw	610465c	link	true	/test e2e-metal-ipi-ovn-dualstack-bgp-local-gw
ci/prow/e2e-aws-ovn-upgrade-local-gateway	610465c	link	true	/test e2e-aws-ovn-upgrade-local-gateway

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.