origin icon indicating copy to clipboard operation
origin copied to clipboard

Published 20 hours ago verified publisher icon openshift

API-1789: update-tls-artifacts: ondisk metadata updates, techpreview data and required tests

Open vrutkovs opened this issue 1 year ago • 16 comments
trafficstars

  • include ondisk-only certs in metadata checks
  • include them in markdown generation
  • update rules for proxy CA details to include ondisk-only certs
  • add data from techpreview jobs
  • ~~make TLS artifacts tests required~~ moving this to new PR so that it would be easier to revert/reapply

TODO:

  • [x] Who owns /etc/kubernetes/ca.crt?

vrutkovs avatar Jun 10 '24 18:06 vrutkovs

/payload-job periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn periodic-ci-openshift-release-master-ci-4.17-e2e-gcp-ovn periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-bm periodic-ci-openshift-release-master-nightly-4.17-e2e-vsphere-ovn-serial periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node

vrutkovs avatar Jun 10 '24 18:06 vrutkovs

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

openshift-ci[bot] avatar Jun 10 '24 18:06 openshift-ci[bot]

@vrutkovs: trigger 6 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn
  • periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn
  • periodic-ci-openshift-release-master-ci-4.17-e2e-gcp-ovn
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-bm
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-vsphere-ovn-serial
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4af16a50-275a-11ef-81fb-0bb21a10eda8-0

openshift-ci[bot] avatar Jun 10 '24 18:06 openshift-ci[bot]

/payload-job periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn periodic-ci-openshift-release-master-ci-4.17-e2e-gcp-ovn periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-bm periodic-ci-openshift-release-master-nightly-4.17-e2e-vsphere-ovn-serial periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node

vrutkovs avatar Jun 11 '24 06:06 vrutkovs

@vrutkovs: trigger 6 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn
  • periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn
  • periodic-ci-openshift-release-master-ci-4.17-e2e-gcp-ovn
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-bm
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-vsphere-ovn-serial
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/ff288a00-27b7-11ef-992a-c878d15d4ad3-0

openshift-ci[bot] avatar Jun 11 '24 06:06 openshift-ci[bot]

@vrutkovs: This pull request explicitly references no jira issue.

In response to this:

  • include ondisk-only certs in metadata checks
  • include them in markdown generation
  • update rules for proxy CA details to include ondisk-only certs
  • add data from techpreview jobs
  • make TLS artifacts tests required

TODO:

  • [x] Who owns /etc/kubernetes/ca.crt?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot avatar Jun 24 '24 06:06 openshift-ci-robot

Job Failure Risk Analysis for sha: bebb4674d241e43df4cfad834ea7708ee98be038

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-openstack-ovn Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 13 runs on release 4.17 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:openstack SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 13 runs on release 4.17 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:openstack SecurityMode:default Topology:ha Upgrade:none] in the last week.

openshift-trt-bot avatar Jun 24 '24 11:06 openshift-trt-bot

Job Failure Risk Analysis for sha: 936d5f6e5226c7d013dbc8e2df33efb1c09d413b

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-ipv6 Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 53 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-ipv6' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-ipv6'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 53 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-ipv6' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-ipv6'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 52 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 52 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 88 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:single Upgrade:micro] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 88 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:single Upgrade:micro] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-serial Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 68 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node-serial' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node-serial'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 68 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node-serial' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node-serial'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 59 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 59 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-serial Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 62 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn-serial'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 62 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn-serial'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-fips Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 54 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-fips' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-fips'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 54 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-fips' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-fips'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-cgroupsv2 Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 56 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-cgroupsv2' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-cgroupsv2'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 56 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-cgroupsv2' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-cgroupsv2'] in the last 14 days.

openshift-trt-bot avatar Aug 08 '24 13:08 openshift-trt-bot

Job Failure Risk Analysis for sha: 0db71c2472cfcb235724e625873490c6bec39224

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-ipsec-serial Medium
[bz-openshift-apiserver] clusteroperator/openshift-apiserver should not change condition/Available
This test has passed 86.57% of 4803 runs on release 4.18 [Overall] in the last week.
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-ipv6 Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 33 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-ipv6'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 33 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-ipv6'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 128 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 128 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 184 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:single Upgrade:micro] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 184 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:single Upgrade:micro] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-fips Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 19 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-fips'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 19 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-fips'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-cgroupsv2 Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 20 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-cgroupsv2'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 20 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-cgroupsv2'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 37 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:azure SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 37 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:azure SecurityMode:default Topology:ha Upgrade:none] in the last week.

openshift-trt-bot avatar Aug 13 '24 15:08 openshift-trt-bot

Job Failure Risk Analysis for sha: 4f1b3c540e9ba1c0e16fdebaf2f21e1c65c4ecee

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-kube-apiserver-rollout Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 121 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 121 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-ipv6 Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 39 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-ipv6'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 39 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-ipv6'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 121 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 121 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-master-e2e-gcp-ovn Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 19 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-gcp-ovn'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 19 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-gcp-ovn'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 23 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 23 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-serial Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 33 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 33 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-kube-apiserver-rollout Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 90 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 90 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-fips Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 20 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-fips'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 20 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-fips'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-edge-zones Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 3 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-edge-zones' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-edge-zones'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 3 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-edge-zones' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-edge-zones'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-cgroupsv2 Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 21 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-cgroupsv2'] in the last 14 days.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 21 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-cgroupsv2'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd Low
[sig-arch][Late][Jira:"kube-apiserver"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 33 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:azure SecurityMode:default Topology:ha Upgrade:none] in the last week.
---
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 33 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:azure SecurityMode:default Topology:ha Upgrade:none] in the last week.

openshift-trt-bot avatar Aug 14 '24 11:08 openshift-trt-bot

Job Failure Risk Analysis for sha: 9391486ebfebf6744aaed4884c329e262068d48f

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-kube-apiserver-rollout Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 17 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-kube-apiserver-rollout' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-kube-apiserver-rollout'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 71 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:metal SecurityMode:default Topology:ha Upgrade:none] in the last week.
pull-ci-openshift-origin-master-e2e-gcp-ovn Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 32 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-gcp-ovn'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-serial Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 46 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node-serial'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-serial Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 49 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-kube-apiserver-rollout Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 19 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-kube-apiserver-rollout' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-kube-apiserver-rollout'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-fips Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 34 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-fips'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-edge-zones Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 4 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-edge-zones' 'periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-edge-zones'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-cgroupsv2 Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 37 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-cgroupsv2'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd Low
[sig-arch][Late][Jira:"kube-apiserver"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]
This test has passed 0.00% of 42 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:azure SecurityMode:default Topology:ha Upgrade:none] in the last week.

openshift-trt-bot avatar Aug 19 '24 21:08 openshift-trt-bot

Job Failure Risk Analysis for sha: abdb681f1de3daf885451ddce9ca6883320d0d06

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-serial Medium
[sig-node] node-lifecycle detects unexpected not ready node
This test has passed 97.99% of 1991 runs on release 4.18 [Overall] in the last week.
---
[sig-node] node-lifecycle detects unreachable state on node
This test has passed 97.99% of 1991 runs on release 4.18 [Overall] in the last week.

openshift-trt-bot avatar Aug 20 '24 12:08 openshift-trt-bot

Job Failure Risk Analysis for sha: af1abdc7afbabb1e1d870e60a584ef6abd70987e

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-upgrade High
[sig-apps] job-upgrade
This test has passed 100.00% of 338 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-upgrade'] in the last 14 days.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade High
[sig-arch] events should not repeat pathologically for ns/openshift-kube-apiserver-operator
This test has passed 100.00% of 152 runs on release 4.18 [Architecture:amd64 FeatureSet:default Installer:ipi Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:single Upgrade:micro] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-serial Medium
[bz-openshift-apiserver] clusteroperator/openshift-apiserver should not change condition/Available
This test has passed 92.69% of 4572 runs on release 4.18 [Overall] in the last week.

openshift-trt-bot avatar Aug 20 '24 16:08 openshift-trt-bot

@vrutkovs: This pull request references API-1789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

  • include ondisk-only certs in metadata checks
  • include them in markdown generation
  • update rules for proxy CA details to include ondisk-only certs
  • add data from techpreview jobs
  • ~~make TLS artifacts tests required~~ moving this to new PR so that it would be easier to revert/reapply

TODO:

  • [x] Who owns /etc/kubernetes/ca.crt?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot avatar Aug 22 '24 12:08 openshift-ci-robot

Looking at https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/28868/pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd/1828381245009039360, do we already know why "all tls artifacts must be registered" and "all registered tls artifacts must have no metadata violation regressions" flaked? Presumably something broke during the BeforeAll node.

benluddy avatar Sep 05 '24 16:09 benluddy

Looking at https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/28868/pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd/1828381245009039360, do we already know why "all tls artifacts must be registered" and "all registered tls artifacts must have no metadata violation regressions" flaked? Presumably something broke during the BeforeAll node.

OK, seems like this is just what the test report looks like when we make a Ginkgo spec flake directly, and the spec isn't actually being run twice.

benluddy avatar Sep 05 '24 20:09 benluddy

/payload-job periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn periodic-ci-openshift-release-master-ci-4.18-e2e-azure-ovn periodic-ci-openshift-release-master-ci-4.18-e2e-gcp-ovn periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-bm periodic-ci-openshift-release-master-nightly-4.18-e2e-vsphere-ovn-serial periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node

vrutkovs avatar Sep 06 '24 07:09 vrutkovs

@vrutkovs: trigger 6 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn
  • periodic-ci-openshift-release-master-ci-4.18-e2e-azure-ovn
  • periodic-ci-openshift-release-master-ci-4.18-e2e-gcp-ovn
  • periodic-ci-openshift-release-master-nightly-4.18-e2e-metal-ipi-ovn-bm
  • periodic-ci-openshift-release-master-nightly-4.18-e2e-vsphere-ovn-serial
  • periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-single-node

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/cf1cdab0-6c21-11ef-9a89-4e71ace628f2-0

openshift-ci[bot] avatar Sep 06 '24 07:09 openshift-ci[bot]

/retest

vrutkovs avatar Sep 06 '24 14:09 vrutkovs

@vrutkovs: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-agnostic-ovn-cmd 3824ed20185b7ec55b461bf86663507f020bf2dd link false /test e2e-agnostic-ovn-cmd
ci/prow/e2e-aws-ovn-ipsec-serial 3824ed20185b7ec55b461bf86663507f020bf2dd link false /test e2e-aws-ovn-ipsec-serial
ci/prow/e2e-aws-ovn-single-node-upgrade 3824ed20185b7ec55b461bf86663507f020bf2dd link false /test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-aws-ovn-upgrade 3824ed20185b7ec55b461bf86663507f020bf2dd link false /test e2e-aws-ovn-upgrade
ci/prow/e2e-aws-ovn-kube-apiserver-rollout 3824ed20185b7ec55b461bf86663507f020bf2dd link false /test e2e-aws-ovn-kube-apiserver-rollout
ci/prow/e2e-metal-ipi-ovn 3824ed20185b7ec55b461bf86663507f020bf2dd link false /test e2e-metal-ipi-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Sep 06 '24 17:09 openshift-ci[bot]

/lgtm

benluddy avatar Sep 06 '24 17:09 benluddy

Job Failure Risk Analysis for sha: 3824ed20185b7ec55b461bf86663507f020bf2dd

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn IncompleteTests
Tests for this run (23) are below the historical average (1924): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

openshift-trt-bot avatar Sep 06 '24 18:09 openshift-trt-bot

I'll approve the progress over perfection, but I think many certificates for the kube-apiserver static pods are missing.

/approve

deads2k avatar Sep 06 '24 18:09 deads2k

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: benluddy, deads2k, vrutkovs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Sep 06 '24 18:09 openshift-ci[bot]

[ART PR BUILD NOTIFIER]

Distgit: openshift-enterprise-tests This PR has been included in build openshift-enterprise-tests-container-v4.18.0-202409062211.p0.g9f2fef1.assembly.stream.el9. All builds following this will include this PR.

openshift-bot avatar Sep 06 '24 23:09 openshift-bot