origin
origin copied to clipboard
openshift
SDN-5636: Udn hostnet isolation
Partial copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/5b62be5dd6a61762b3d2b8a001c6ca039a4b4eba#diff-2be1e01ba9cf5c059a4f4f0cd2b974861043381664e7102e3783f48842891d43. Non-kubelet host process checks are removed, as there is no way to directly access OCP nodes (without privileged host-network pods) anyway, and host-network checks exist separately. Second commit is a copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/a822445f4b4af06173981887639376dc5d84c8fb
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: npinaeva Once this PR has been reviewed and has the lgtm label, please assign bparees for approval. For more information see the Code Review Process.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
@npinaeva: This pull request references SDN-5636 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.
In response to this:
Partial copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/5b62be5dd6a61762b3d2b8a001c6ca039a4b4eba#diff-2be1e01ba9cf5c059a4f4f0cd2b974861043381664e7102e3783f48842891d43. Non-kubelet host process checks are removed, as there is no way to directly access OCP nodes (without privileged host-network pods) anyway, and host-network checks exist separately. Second commit is a copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/a822445f4b4af06173981887639376dc5d84c8fb
This will only work after https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4999 reached d/s together with host isolation enablement
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@npinaeva: This pull request references SDN-5636 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.
In response to this:
Partial copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/5b62be5dd6a61762b3d2b8a001c6ca039a4b4eba#diff-2be1e01ba9cf5c059a4f4f0cd2b974861043381664e7102e3783f48842891d43. Non-kubelet host process checks are removed, as there is no way to directly access OCP nodes (without privileged host-network pods) anyway, and host-network checks exist separately. Second commit is a copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/a822445f4b4af06173981887639376dc5d84c8fb
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
/payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-vsphere-ovn-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-azure-ovn-runc-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview
@npinaeva: trigger 4 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
- periodic-ci-openshift-release-master-nightly-4.19-e2e-vsphere-ovn-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-azure-ovn-runc-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/2eac58a0-e53c-11ef-851a-1ff1f101943b-0
/payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-vsphere-ovn-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-azure-ovn-runc-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview
@npinaeva: trigger 4 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
- periodic-ci-openshift-release-master-nightly-4.19-e2e-vsphere-ovn-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-azure-ovn-runc-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/78fd8a40-e795-11ef-9338-8092573db7d9-0
Job Failure Risk Analysis for sha: 28590e87eada48000bab6571f13714ac679bf5f3
| Job Name | Failure Risk |
|---|---|
| pull-ci-openshift-origin-master-okd-scos-e2e-aws-ovn | High [sig-arch] Only known images used by tests This test has passed 100.00% of 25 runs on jobs [periodic-ci-openshift-release-master-ci-4.19-e2e-aws-ovn] in the last 14 days. |
![openshift-trt[bot] avatar](https://avatars.githubusercontent.com/u/111778100?v=4 "Published by a pub.dev verified publisher"){kind=small}
Job Failure Risk Analysis for sha: ea24d99236a811035ea4ad6dd6da06c6c291734b
| Job Name | Failure Risk |
|---|---|
| pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade | High |
| pull-ci-openshift-origin-master-e2e-vsphere-ovn-upi | Medium [sig-sippy] infrastructure should work This test has passed 84.85% of 33 runs on release 4.19 [Architecture:amd64 FeatureSet:default Installer:upi Network:ovn NetworkStack:ipv4 Platform:vsphere SecurityMode:default Topology:ha Upgrade:none] in the last week. |
| pull-ci-openshift-origin-master-e2e-openstack-ovn | Medium [bz-Routing] clusteroperator/ingress should not change condition/Available This test has passed 96.82% of 4911 runs on release 4.19 [Overall] in the last week. |
| pull-ci-openshift-origin-master-e2e-hypershift-conformance | Medium [bz-Management Console] clusteroperator/console should not change condition/Available This test has passed 96.97% of 165 runs on release 4.19 [Architecture:amd64 FeatureSet:default Installer:hypershift Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:external Upgrade:none] in the last week. --- [sig-sippy] infrastructure should work This test has passed 80.76% of 291 runs on release 4.19 [Architecture:amd64 FeatureSet:default Installer:hypershift Network:ovn NetworkStack:ipv4 Platform:aws SecurityMode:default Topology:external Upgrade:none] in the last week. --- [bz-Routing] clusteroperator/ingress should not change condition/Available This test has passed 96.67% of 4984 runs on release 4.19 [Overall] in the last week. |
/payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-vsphere-ovn-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-azure-ovn-runc-techpreview /payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview
@npinaeva: trigger 4 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
- periodic-ci-openshift-release-master-nightly-4.19-e2e-vsphere-ovn-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-ipv6-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-azure-ovn-runc-techpreview
- periodic-ci-openshift-release-master-nightly-4.19-e2e-metal-ipi-ovn-dualstack-techpreview
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/af1c7250-ea13-11ef-9552-5f09545f6589-0
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten /remove-lifecycle stale
@npinaeva: This pull request references CORENET-5672 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.
In response to this:
Partial copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/5b62be5dd6a61762b3d2b8a001c6ca039a4b4eba#diff-2be1e01ba9cf5c059a4f4f0cd2b974861043381664e7102e3783f48842891d43. Non-kubelet host process checks are removed, as there is no way to directly access OCP nodes (without privileged host-network pods) anyway, and host-network checks exist separately. Second commit is a copy of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/4799/commits/a822445f4b4af06173981887639376dc5d84c8fb
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@npinaeva: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| ci/prow/e2e-aws-ovn-single-node-serial | ea24d99236a811035ea4ad6dd6da06c6c291734b | link | false | /test e2e-aws-ovn-single-node-serial |
| ci/prow/4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test 4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback |
| ci/prow/okd-e2e-gcp | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test okd-e2e-gcp |
| ci/prow/e2e-gcp-fips-serial | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-gcp-fips-serial |
| ci/prow/e2e-aws | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-aws |
| ci/prow/e2e-aws-ovn-serial | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | true | /test e2e-aws-ovn-serial |
| ci/prow/e2e-aws-ovn-serial-publicnet | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | true | /test e2e-aws-ovn-serial-publicnet |
| ci/prow/e2e-gcp-ovn-techpreview | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-gcp-ovn-techpreview |
| ci/prow/e2e-aws-ovn-single-node-upgrade | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-aws-ovn-single-node-upgrade |
| ci/prow/e2e-aws-ovn-etcd-scaling | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-aws-ovn-etcd-scaling |
| ci/prow/e2e-vsphere-ovn-etcd-scaling | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-vsphere-ovn-etcd-scaling |
| ci/prow/e2e-aws-ovn-serial-1of2 | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | true | /test e2e-aws-ovn-serial-1of2 |
| ci/prow/e2e-metal-ipi-ovn | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-metal-ipi-ovn |
| ci/prow/e2e-metal-ipi-serial-ovn-ipv6-2of2 | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-metal-ipi-serial-ovn-ipv6-2of2 |
| ci/prow/e2e-gcp-ovn | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | true | /test e2e-gcp-ovn |
| ci/prow/e2e-azure-ovn-upgrade | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-azure-ovn-upgrade |
| ci/prow/e2e-vsphere-ovn-dualstack-primaryv6 | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-vsphere-ovn-dualstack-primaryv6 |
| ci/prow/e2e-metal-ipi-ovn-dualstack | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-metal-ipi-ovn-dualstack |
| ci/prow/e2e-aws-ovn-kube-apiserver-rollout | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-aws-ovn-kube-apiserver-rollout |
| ci/prow/e2e-hypershift-conformance | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-hypershift-conformance |
| ci/prow/e2e-gcp-disruptive | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-gcp-disruptive |
| ci/prow/e2e-aws-ovn-fips | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | true | /test e2e-aws-ovn-fips |
| ci/prow/e2e-aws-ovn-cgroupsv2 | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-aws-ovn-cgroupsv2 |
| ci/prow/e2e-gcp-ovn-etcd-scaling | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-gcp-ovn-etcd-scaling |
| ci/prow/e2e-aws-disruptive | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-aws-disruptive |
| ci/prow/e2e-metal-ipi-ovn-dualstack-local-gateway | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-metal-ipi-ovn-dualstack-local-gateway |
| ci/prow/e2e-openstack-serial | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-openstack-serial |
| ci/prow/e2e-vsphere-ovn | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | true | /test e2e-vsphere-ovn |
| ci/prow/e2e-aws-ovn-single-node | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-aws-ovn-single-node |
| ci/prow/e2e-azure-ovn-etcd-scaling | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-azure-ovn-etcd-scaling |
| ci/prow/e2e-azure | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-azure |
| ci/prow/e2e-openstack-ovn | 2b124e02fd30452c87bdae854f39be6acc5beee0 | link | false | /test e2e-openstack-ovn |
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
Job Failure Risk Analysis for sha: 2b124e02fd30452c87bdae854f39be6acc5beee0
| Job Name | Failure Risk |
|---|---|
| pull-ci-openshift-origin-main-e2e-aws-ovn-cgroupsv2 | IncompleteTests Tests for this run (25) are below the historical average (2399): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems) |
| pull-ci-openshift-origin-main-e2e-aws-ovn-serial-1of2 | IncompleteTests Tests for this run (24) are below the historical average (1582): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems) |
| pull-ci-openshift-origin-main-e2e-azure-ovn-etcd-scaling | Medium install should succeed: infrastructure This test has passed 96.02% of 3897 runs on release 4.21 [Overall] in the last week. --- install should succeed: overall This test has passed 89.40% of 4009 runs on release 4.21 [Overall] in the last week. --- [sig-sippy] infrastructure should work This test has passed 85.44% of 5173 runs on release 4.21 [Overall] in the last week. |
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.
/close
@openshift-bot: Closed this PR.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting
/reopen. Mark the issue as fresh by commenting/remove-lifecycle rotten. Exclude this issue from closing again by commenting/lifecycle frozen./close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.