NO-JIRA: Pass the port to internal LB deployment in monitoring tests #29711
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The .status.apiServerInternalURI of Infrastructure might contain a port (for example https://api.d560406ce00e8ae40e77.hypershift.local:443) In this case the port must be passed to the deployment as the default port 6443 will not work.
mgencur
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@mgencur: This pull request explicitly references no jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest |
|
/assign @vrutkovs |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mgencur, vrutkovs The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required |
mgencur
added a commit
to mgencur/release
that referenced
this pull request
May 7, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
mgencur
added a commit
to mgencur/release
that referenced
this pull request
May 7, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
mgencur
added a commit
to mgencur/release
that referenced
this pull request
May 7, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
|
@mgencur: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Job Failure Risk Analysis for sha: 1f75cda
|
mgencur
added a commit
to mgencur/release
that referenced
this pull request
Jun 4, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
mgencur
added a commit
to mgencur/release
that referenced
this pull request
Jun 4, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
mgencur
added a commit
to mgencur/release
that referenced
this pull request
Jun 5, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
mgencur
added a commit
to mgencur/release
that referenced
this pull request
Jun 5, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
mgencur
added a commit
to mgencur/release
that referenced
this pull request
Jun 10, 2025
Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0
openshift-merge-bot bot
pushed a commit
to openshift/release
that referenced
this pull request
Jun 10, 2025
…WS (#63982) * CNTRLPLANE-706 Build CI to cover Calico CNI test for private HCP on AWS Exclude the following tests: * Test name: The default cluster RBAC policy should have correct RBAC rules Reason: The test fails as it finds unexpected RBACs from Calico. * Test name: Cluster scoped load balancer healthcheck port and path should be 10256/healthz Reason: Reported https://issues.redhat.com/browse/CNTRLPLANE-788. It's a valid bug in HCP * Test name: Prometheus [apigroup:image.openshift.io] when installed on the cluster should provide named network metrics Reason: Reported projectcalico/calico#10351 against Calico (seem to be breaking the spec) * Test name: Unidling* Reason: Feature not implemented in Calico. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.IFNAME.arp_filter Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: pod should not start for sysctls not on whitelist [apigroup:k8s.cni.cncf.io] net.ipv4.conf.all.send_redirects Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Test name: sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist sysctl is added to whitelist Reason: Calico doesn’t validate sysctl conf against the "allowlist.conf". It has its own way. * Disable monitoring test apiserver-incluster-availability Reason: The test reads the KAS URL from .status.apiServerInternalURI of Infrastructure resource named "cluster" but that is in the form of https://api.d560406ce00e8ae40e77.hypershift.local:443 in the hosted cluster and is not reachable. See openshift/origin#29711 More details in https://docs.google.com/document/d/19lYcivp3eRcQQjhDssZnY89nKM_RG84TyVGCeIk5keA/edit?tab=t.0 * Move Calico folder under hypershift/private/guest
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The .status.apiServerInternalURI of Infrastructure might contain a port (for example https://api.d560406ce00e8ae40e77.hypershift.local:443) In this case the port must be passed to the deployment as the default port 6443 will not work.
We ran into this issue when testing Hypershift with
--endpoint-access=privateand external DNS. In this case the port is 443. The test[Jira: "kube-apiserver"] can collect apiserver.openshift.io/disruption-actor=poller poller pod logsfailed in this run, the error was: