origin CNTRLPLANE-1586 E2E cases for userns with uid,gid

Hi Team,

This is just a PR format for testing 3 cases on Epic: https://issues.redhat.com/browse/CNTRLPLANE-1544 hold till dev update status to complete. Then will update PR accordingly.

/hold /assign @tchap

Oct 17 '25 14:10 ropatil010

Execution results: ` { "name": "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]", "lifecycle": "blocking", "duration": 36369, "startTime": "2025-10-17 14:36:32.024193 UTC", "endTime": "2025-10-17 14:37:08.394103 UTC", "result": "passed", "output": " STEP:

{ "name": "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]", "lifecycle": "blocking", "duration": 25098, "startTime": "2025-10-17 14:46:46.397018 UTC", "endTime": "2025-10-17 14:47:11.495155 UTC", "result": "passed", "output": " STEP:

{ "name": "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]", "lifecycle": "blocking", "duration": 30532, "startTime": "2025-10-17 14:47:51.743911 UTC", "endTime": "2025-10-17 14:48:22.276053 UTC", "result": "passed", "output": " STEP: `

Oct 17 '25 14:10 ropatil010

Risk analysis has seen new tests most likely introduced by this PR. Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 15070eeebc1880b3367576e67fd438e5d65367cf

Job Name	New Test Risk
pull-ci-openshift-origin-main-e2e-aws-ovn-microshift	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-aws-ovn-microshift	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-aws-ovn-microshift	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-1of2	Medium - "[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] server supports sending resources in Table format [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-1of2	Medium - "[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should NOT be requested by metadata client's List method when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-1of2	Medium - "[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Guaranteed QoS pod with container resources [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-1of2	High - "[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Guaranteed QoS pod, 1 container with resources [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, was only seen in one job, and failed 1 time(s) against the current commit.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	Medium - "[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] reflector doesn't support receiving resources as Tables [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	Medium - "[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should NOT be requested by client-go's List method when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	Medium - "[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should NOT be requested by dynamic client's List method when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	Medium - "[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should be requested by informers when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	Medium - "[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should be requested by metadatainformer when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	High - "[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Burstable QoS pod with container resources [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, was only seen in one job, and failed 1 time(s) against the current commit.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	High - "[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Burstable QoS pod, 1 container with resources [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, was only seen in one job, and failed 1 time(s) against the current commit.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	High - "[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Burstable QoS pod, no container resources [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, was only seen in one job, and failed 1 time(s) against the current commit.
pull-ci-openshift-origin-main-e2e-aws-ovn-serial-2of2	High - "[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Guaranteed QoS pod, no container resources [Suite:openshift/conformance/serial] [Suite:k8s]" is a new test, was only seen in one job, and failed 1 time(s) against the current commit.
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit

New tests seen in this PR at sha: 15070eeebc1880b3367576e67fd438e5d65367cf

"[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] reflector doesn't support receiving resources as Tables [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] server supports sending resources in Table format [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should NOT be requested by client-go's List method when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should NOT be requested by dynamic client's List method when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should NOT be requested by metadata client's List method when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should be requested by informers when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-api-machinery] API Streaming (aka. WatchList) [FeatureGate:WatchList] [Beta] [Serial] should be requested by metadatainformer when WatchListClient is enabled [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" [Total: 7, Pass: 6, Fail: 1, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" [Total: 7, Pass: 4, Fail: 3, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" [Total: 7, Pass: 4, Fail: 3, Flake: 0]
"[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Burstable QoS pod with container resources [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 0, Fail: 1, Flake: 0]
"[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Burstable QoS pod, 1 container with resources [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 0, Fail: 1, Flake: 0]
"[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Burstable QoS pod, no container resources [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 0, Fail: 1, Flake: 0]
"[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Guaranteed QoS pod with container resources [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
"[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Guaranteed QoS pod, 1 container with resources [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 0, Fail: 1, Flake: 0]
"[sig-node] Pod Level Resources [Serial] [Feature:PodLevelResources] [FeatureGate:PodLevelResources] [Beta] Guaranteed QoS pod, no container resources [Suite:openshift/conformance/serial] [Suite:k8s]" [Total: 1, Pass: 0, Fail: 1, Flake: 0]

Oct 17 '25 20:10 openshift-trt[bot]

Failure tests in profile e2e-aws-ovn-microshift, e2e-aws-ovn-microshift-serial, e2e-aws-ovn-serial, okd-scos-e2e-aws-ovn are not wrt newly added case. Need to debug: e2e-metal-ipi-ovn-ipv6, e2e-vsphere-ovn, e2e-vsphere-ovn-upi

Oct 22 '25 12:10 ropatil010

/assign @tchap

Oct 22 '25 12:10 ropatil010

/retest

Oct 22 '25 12:10 ropatil010

@coderabbitai review

Oct 23 '25 05:10 ropatil010

On profile: e2e-vsphere-ovn tried to create deployment with ubuntu image and it worked. But i'm unable to connect to cluster from my system as it may need proxy. So i guess the testcase got failed as it is unable to connect

oc get po -n openshift-kube-controller-manager-operator NAME READY STATUS RESTARTS AGE epic1735-67bc587db-m4lf9 1/1 Running 0 71s kube-controller-manager-operator-6cb9b789fb-5q79k 1/1 Running 2 (80m ago) 89m

sh-5.1$ oc get nodes NAME STATUS ROLES AGE VERSION ci-op-n5hf9mkl-37dcd-qtgt6-master-0 Ready control-plane,master 90m v1.34.1 ci-op-n5hf9mkl-37dcd-qtgt6-master-1 Ready control-plane,master 89m v1.34.1 ci-op-n5hf9mkl-37dcd-qtgt6-master-2 Ready control-plane,master 89m v1.34.1 ci-op-n5hf9mkl-37dcd-qtgt6-worker-0-6xdsl Ready worker 68m v1.34.1 ci-op-n5hf9mkl-37dcd-qtgt6-worker-0-gxf7x Ready worker 68m v1.34.1 ci-op-n5hf9mkl-37dcd-qtgt6-worker-0-m5dn6 Ready worker 68m v1.34.1

Oct 23 '25 10:10 ropatil010

Job Failure Risk Analysis for sha: 166dd7ef045215de8c8ad1957f9192bf0cd29d93

Job Name	Failure Risk
pull-ci-openshift-origin-main-okd-scos-e2e-aws-ovn	IncompleteTests Tests for this run (16) are below the historical average (3057): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

Risk analysis has seen new tests most likely introduced by this PR. Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 166dd7ef045215de8c8ad1957f9192bf0cd29d93

Job Name	New Test Risk
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit.
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit, and also failed 1 time(s).
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit, and also failed 1 time(s).
pull-ci-openshift-origin-main-e2e-vsphere-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" is a new test that failed 2 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" is a new test that failed 2 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" is a new test that failed 2 time(s) against the current commit

New tests seen in this PR at sha: 166dd7ef045215de8c8ad1957f9192bf0cd29d93

"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" [Total: 8, Pass: 8, Fail: 0, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" [Total: 8, Pass: 3, Fail: 5, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed [Suite:openshift/conformance/parallel]" [Total: 8, Pass: 4, Fail: 4, Flake: 1]

Nov 04 '25 20:11 openshift-trt[bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ropatil010 Once this PR has been reviewed and has the lgtm label, please assign smg247 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

Nov 05 '25 10:11 openshift-ci[bot]

Risk analysis has seen new tests most likely introduced by this PR. Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 05f3cf025cfcf4b73d9c893f4cd2bd4318f475fc

Job Name	New Test Risk
pull-ci-openshift-origin-main-e2e-aws-ovn-fips	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-aws-ovn-fips	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-gcp-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-gcp-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit

New tests seen in this PR at sha: 05f3cf025cfcf4b73d9c893f4cd2bd4318f475fc

"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Check the pods with uid, gid, hostUsers, annotations parameters are correctly set [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 0, Fail: 5, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test the deployment is up and running with parameters set uid,gid,restricted-v3 annotations in new namespace [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 5, Fail: 0, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 0, Fail: 5, Flake: 0]

Nov 05 '25 15:11 openshift-trt[bot]

/unhold

Nov 07 '25 11:11 ropatil010

@ropatil010: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	166dd7ef045215de8c8ad1957f9192bf0cd29d93	link	false	`/test okd-scos-e2e-aws-ovn`
ci/prow/e2e-gcp-csi	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-gcp-csi`
ci/prow/e2e-aws-ovn-microshift	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-aws-ovn-microshift`
ci/prow/e2e-vsphere-ovn	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-vsphere-ovn`
ci/prow/e2e-aws-ovn-fips	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-aws-ovn-fips`
ci/prow/e2e-gcp-ovn	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-gcp-ovn`
ci/prow/e2e-gcp-ovn-upgrade	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-gcp-ovn-upgrade`
ci/prow/e2e-vsphere-ovn-upi	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-vsphere-ovn-upi`
ci/prow/e2e-metal-ipi-ovn-ipv6	22488034f8aee8ed95549a18e78f8b7f650881d6	link	true	`/test e2e-metal-ipi-ovn-ipv6`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Nov 18 '25 12:11 openshift-ci[bot]

Risk analysis has seen new tests most likely introduced by this PR. Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 22488034f8aee8ed95549a18e78f8b7f650881d6

Job Name	New Test Risk
pull-ci-openshift-origin-main-e2e-aws-ovn-fips	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Verify control plane deployments have valid user namespace security context [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-aws-ovn-fips	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Verify control plane deployments have valid user namespace security context [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit, and also failed 1 time(s).
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test deployment with hostUsers: false and restricted-v3 annotations is up and running in user namespace [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit.
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit, and also failed 1 time(s).
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85927 Test deployment with hostUsers: true and restricted-v3 annotation fails with expected error in user namespace [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit.
pull-ci-openshift-origin-main-e2e-metal-ipi-ovn-ipv6	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85928 Test container-level security context overrides pod-level values correctly [Suite:openshift/conformance/parallel]" is a new test that was not present in all runs against the current commit.
pull-ci-openshift-origin-main-e2e-vsphere-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Verify control plane deployments have valid user namespace security context [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Verify control plane deployments have valid user namespace security context [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit
pull-ci-openshift-origin-main-e2e-vsphere-ovn-upi	High - "[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" is a new test that failed 1 time(s) against the current commit

New tests seen in this PR at sha: 22488034f8aee8ed95549a18e78f8b7f650881d6

"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85221 Verify control plane deployments have valid user namespace security context [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 1, Fail: 4, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85242 Test deployment with hostUsers: false and restricted-v3 annotations is up and running in user namespace [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 5, Fail: 0, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85303 Test the deployment with invalid security context values are not allowed in user namespaces [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 1, Fail: 4, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85927 Test deployment with hostUsers: true and restricted-v3 annotation fails with expected error in user namespace [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 5, Fail: 0, Flake: 0]
"[sig-auth][Feature:SecurityContextConstraints] [CNTRLPLANE-1544] OCP-85928 Test container-level security context overrides pod-level values correctly [Suite:openshift/conformance/parallel]" [Total: 5, Pass: 5, Fail: 0, Flake: 0]

Nov 18 '25 13:11 openshift-trt[bot]