[WIP] OCPCLOUD-2558: Support external cloud authentication providers #28774

sunzhaohua2 · 2024-05-07T06:28:24Z

Local test result:
AWS

$ ./openshift-tests run-test "[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ECR"
INFO[0000] Decoding provider                             clusterState="<nil>" discover=false dryRun=false func=DecodeProvider providerType=
  May  7 14:20:19.722: INFO: microshift-version configmap not found
  Running Suite: OpenShift e2e suite - /Users/sunzhaohua/go/src/github.com/openshift/origin
  =========================================================================================
  Random Seed: 1715062817 - will randomize all specs

  Will run 1 of 1 specs
  ------------------------------
  [sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ECR
  github.com/openshift/origin/test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go:17
    STEP: Creating a kubernetes client @ 05/07/24 14:20:20.62
  May  7 14:20:23.590: INFO: configPath is now "/var/folders/0m/7xwxpmks77n3dm5rr8x8g92r0000gn/T/configfile247212266"
  May  7 14:20:23.590: INFO: The user is now "e2e-test-kubelet-authentication-providers-t28tx-user"
  May  7 14:20:23.590: INFO: Creating project "e2e-test-kubelet-authentication-providers-t28tx"
  May  7 14:20:23.901: INFO: Waiting on permissions in project "e2e-test-kubelet-authentication-providers-t28tx" ...
  May  7 14:20:24.533: INFO: Waiting for ServiceAccount "default" to be provisioned...
  May  7 14:20:24.849: INFO: Waiting for ServiceAccount "deployer" to be provisioned...
  May  7 14:20:25.160: INFO: Waiting for ServiceAccount "builder" to be provisioned...
  May  7 14:20:25.469: INFO: Waiting for RoleBinding "system:image-pullers" to be provisioned...
  May  7 14:20:25.884: INFO: Waiting for RoleBinding "system:image-builders" to be provisioned...
  May  7 14:20:26.298: INFO: Waiting for RoleBinding "system:deployers" to be provisioned...
  May  7 14:20:27.177: INFO: Project "e2e-test-kubelet-authentication-providers-t28tx" has been fully provisioned.
  May  7 14:20:27.177: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.type}'
  May  7 14:20:27.948: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.aws.region}'
    STEP: Add the AmazonEC2ContainerRegistryReadOnly policy to the worker nodes @ 05/07/24 14:20:28.719
  May  7 14:20:28.720: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.infrastructureName}'
  May  7 14:20:29.482: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get secret/aws-creds -n kube-system -o json'
  May  7 14:20:30.239: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.aws.region}'
    STEP: Create a new app using the image on ECR @ 05/07/24 14:20:32.184
  May  7 14:20:32.184: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig new-app --name=hello-ecr --image=301721915996.dkr.ecr.us-east-2.amazonaws.com/hello-ecr:latest --allow-missing-images -n e2e-test-kubelet-authentication-providers-t28tx'
  W0507 14:20:33.123096   62275 newapp.go:523] Could not find an image stream match for "301721915996.dkr.ecr.us-east-2.amazonaws.com/hello-ecr:latest". Make sure that a container image with that tag is available on the node for the deployment to succeed.
  --> Found container image 7af3297 (6 years old) from 301721915996.dkr.ecr.us-east-2.amazonaws.com for "301721915996.dkr.ecr.us-east-2.amazonaws.com/hello-ecr:latest"


  --> Creating resources ...
      deployment.apps "hello-ecr" created
      service "hello-ecr" created
  --> Success
      Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
       'oc expose service/hello-ecr' 
      Run 'oc status' to view your app.
    STEP: Wait the pod to be running @ 05/07/24 14:20:33.575
  May  7 14:20:48.282: INFO: Deleted {user.openshift.io/v1, Resource=users  e2e-test-kubelet-authentication-providers-t28tx-user}, err: <nil>
  May  7 14:20:48.495: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-kubelet-authentication-providers-t28tx}, err: <nil>
  May  7 14:20:48.707: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~YD4cCjytD1tSyKCjlOcCEjUjTURQsbFa6xubRN4Frvg}, err: <nil>
    STEP: Destroying namespace "e2e-test-kubelet-authentication-providers-t28tx" for this suite. @ 05/07/24 14:20:48.708
  • [28.306 seconds]
  ------------------------------

  Ran 1 of 1 Specs in 28.306 seconds

GCP

$ ./openshift-tests run-test "[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from GCR"
INFO[0000] Decoding provider                             clusterState="<nil>" discover=false dryRun=false func=DecodeProvider providerType=
  May  7 14:18:15.334: INFO: Fetching cloud provider for "gce"
  I0507 14:18:15.338631   62120 gce.go:937] Using DefaultTokenSource &google.errWrappingTokenSource{src:(*oauth2.reuseTokenSource)(0xc001946ab0)}
  W0507 14:18:15.710738   62120 gce.go:491] No network name or URL specified.
  I0507 14:18:15.710827   62120 gce.go:512] managing multiple zones: [us-central1-a us-central1-b us-central1-c]
  May  7 14:18:15.930: INFO: microshift-version configmap not found
  Running Suite: OpenShift e2e suite - /Users/sunzhaohua/go/src/github.com/openshift/origin
  =========================================================================================
  Random Seed: 1715062684 - will randomize all specs

  Will run 1 of 1 specs
  ------------------------------
  [sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from GCR
  github.com/openshift/origin/test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go:49
    STEP: Creating a kubernetes client @ 05/07/24 14:18:16.801
  May  7 14:18:31.986: INFO: configPath is now "/var/folders/0m/7xwxpmks77n3dm5rr8x8g92r0000gn/T/configfile2520542568"
  May  7 14:18:31.986: INFO: The user is now "e2e-test-kubelet-authentication-providers-vnrqj-user"
  May  7 14:18:31.986: INFO: Creating project "e2e-test-kubelet-authentication-providers-vnrqj"
  May  7 14:18:32.288: INFO: Waiting on permissions in project "e2e-test-kubelet-authentication-providers-vnrqj" ...
  May  7 14:18:33.042: INFO: Waiting for ServiceAccount "default" to be provisioned...
  May  7 14:18:33.358: INFO: Waiting for ServiceAccount "deployer" to be provisioned...
  May  7 14:18:33.678: INFO: Waiting for ServiceAccount "builder" to be provisioned...
  May  7 14:18:33.996: INFO: Waiting for RoleBinding "system:image-pullers" to be provisioned...
  May  7 14:18:34.681: INFO: Waiting for RoleBinding "system:image-builders" to be provisioned...
  May  7 14:18:35.111: INFO: Waiting for RoleBinding "system:deployers" to be provisioned...
  May  7 14:18:36.257: INFO: Project "e2e-test-kubelet-authentication-providers-vnrqj" has been fully provisioned.
  May  7 14:18:36.262: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/gcp/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.type}'
    STEP: Create a new app using the image on GCR @ 05/07/24 14:18:37.17
  May  7 14:18:37.170: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/gcp/kubeconfig new-app --name=hello-gcr --image=gcr.io/openshift-qe/hello-gcr:latest --allow-missing-images -n e2e-test-kubelet-authentication-providers-vnrqj'
  W0507 14:18:38.294544   62139 newapp.go:523] Could not find an image stream match for "gcr.io/openshift-qe/hello-gcr:latest". Make sure that a container image with that tag is available on the node for the deployment to succeed.
  --> Found container image 7af3297 (6 years old) from gcr.io for "gcr.io/openshift-qe/hello-gcr:latest"


  --> Creating resources ...
      deployment.apps "hello-gcr" created
      service "hello-gcr" created
  --> Success
      Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
       'oc expose service/hello-gcr' 
      Run 'oc status' to view your app.
    STEP: Wait the pod to be running @ 05/07/24 14:18:38.88
  May  7 14:18:41.333: INFO: Deleted {user.openshift.io/v1, Resource=users  e2e-test-kubelet-authentication-providers-vnrqj-user}, err: <nil>
  May  7 14:18:41.555: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-kubelet-authentication-providers-vnrqj}, err: <nil>
  May  7 14:18:42.770: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~8j4UO-61tJBnoRFZaQV4AhmpXPhjN0qbxx3vP5YRGL8}, err: <nil>
    STEP: Destroying namespace "e2e-test-kubelet-authentication-providers-vnrqj" for this suite. @ 05/07/24 14:18:42.771
  • [26.408 seconds]
  ------------------------------

  Ran 1 of 1 Specs in 26.409 seconds
  SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped

Azure

$ ./openshift-tests run-test "[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ACR"
INFO[0000] Decoding provider                             clusterState="<nil>" discover=false dryRun=false func=DecodeProvider providerType=
  May  7 14:14:50.515: INFO: microshift-version configmap not found
  Running Suite: OpenShift e2e suite - /Users/sunzhaohua/go/src/github.com/openshift/origin
  =========================================================================================
  Random Seed: 1715062487 - will randomize all specs

  Will run 1 of 1 specs
  ------------------------------
  [sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ACR
  github.com/openshift/origin/test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go:64
    STEP: Creating a kubernetes client @ 05/07/24 14:14:51.418
  May  7 14:14:55.477: INFO: configPath is now "/var/folders/0m/7xwxpmks77n3dm5rr8x8g92r0000gn/T/configfile2343691754"
  May  7 14:14:55.477: INFO: The user is now "e2e-test-kubelet-authentication-providers-mpvxd-user"
  May  7 14:14:55.477: INFO: Creating project "e2e-test-kubelet-authentication-providers-mpvxd"
  May  7 14:14:55.872: INFO: Waiting on permissions in project "e2e-test-kubelet-authentication-providers-mpvxd" ...
  May  7 14:14:56.778: INFO: Waiting for ServiceAccount "default" to be provisioned...
  May  7 14:14:57.164: INFO: Waiting for ServiceAccount "deployer" to be provisioned...
  May  7 14:14:57.553: INFO: Waiting for ServiceAccount "builder" to be provisioned...
  May  7 14:14:57.940: INFO: Waiting for RoleBinding "system:image-pullers" to be provisioned...
  May  7 14:14:58.506: INFO: Waiting for RoleBinding "system:image-builders" to be provisioned...
  May  7 14:14:59.090: INFO: Waiting for RoleBinding "system:deployers" to be provisioned...
  May  7 14:15:00.284: INFO: Project "e2e-test-kubelet-authentication-providers-mpvxd" has been fully provisioned.
  May  7 14:15:00.289: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.type}'
  May  7 14:15:01.786: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.azure.cloudName}'
    STEP: Create RoleAssignments for resourcegroup @ 05/07/24 14:15:02.868
  May  7 14:15:02.868: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get infrastructure cluster -o=jsonpath={.status.infrastructureName}'
  May  7 14:15:04.245: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get secret/azure-credentials -n kube-system -o=jsonpath={.data}'
  May  7 14:15:05.233: INFO: Azure credentials successfully loaded.
  May  7 14:15:13.478: INFO: Role assignment created: 53b8f551-140d-438c-ba67-43fe172d538d
    STEP: Create a new app using the image on ACR @ 05/07/24 14:15:13.478
  May  7 14:15:13.478: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig new-app --name=hello-acr --image=zhsunregistry.azurecr.io/hello-acr:latest --allow-missing-images -n e2e-test-kubelet-authentication-providers-mpvxd'
  W0507 14:15:14.838662   61979 newapp.go:523] Could not find an image stream match for "zhsunregistry.azurecr.io/hello-acr:latest". Make sure that a container image with that tag is available on the node for the deployment to succeed.
  --> Found container image 7af3297 (6 years old) from zhsunregistry.azurecr.io for "zhsunregistry.azurecr.io/hello-acr:latest"


  --> Creating resources ...
      deployment.apps "hello-acr" created
      service "hello-acr" created
  --> Success
      Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
       'oc expose service/hello-acr' 
      Run 'oc status' to view your app.
    STEP: Wait the pod to be running @ 05/07/24 14:15:15.513
  May  7 14:15:17.205: INFO: Deleted {user.openshift.io/v1, Resource=users  e2e-test-kubelet-authentication-providers-mpvxd-user}, err: <nil>
  May  7 14:15:17.472: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-kubelet-authentication-providers-mpvxd}, err: <nil>
  May  7 14:15:17.742: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~gjXih-PLLeHKO3vfK2jiSXQUMXm4Eh4zEtIfbNv0iMM}, err: <nil>
    STEP: Destroying namespace "e2e-test-kubelet-authentication-providers-mpvxd" for this suite. @ 05/07/24 14:15:17.743
  • [26.603 seconds]
  ------------------------------

  Ran 1 of 1 Specs in 26.603 seconds
  SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped

openshift-ci-robot · 2024-05-07T06:28:28Z

@sunzhaohua2: This pull request references OCPCLOUD-2558 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set.

In response to this:

Local test result:
AWS

$ ./openshift-tests run-test "[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ECR"
INFO[0000] Decoding provider                             clusterState="<nil>" discover=false dryRun=false func=DecodeProvider providerType=
 May  7 14:20:19.722: INFO: microshift-version configmap not found
 Running Suite: OpenShift e2e suite - /Users/sunzhaohua/go/src/github.com/openshift/origin
 =========================================================================================
 Random Seed: 1715062817 - will randomize all specs

 Will run 1 of 1 specs
 ------------------------------
 [sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ECR
 github.com/openshift/origin/test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go:17
   STEP: Creating a kubernetes client @ 05/07/24 14:20:20.62
 May  7 14:20:23.590: INFO: configPath is now "/var/folders/0m/7xwxpmks77n3dm5rr8x8g92r0000gn/T/configfile247212266"
 May  7 14:20:23.590: INFO: The user is now "e2e-test-kubelet-authentication-providers-t28tx-user"
 May  7 14:20:23.590: INFO: Creating project "e2e-test-kubelet-authentication-providers-t28tx"
 May  7 14:20:23.901: INFO: Waiting on permissions in project "e2e-test-kubelet-authentication-providers-t28tx" ...
 May  7 14:20:24.533: INFO: Waiting for ServiceAccount "default" to be provisioned...
 May  7 14:20:24.849: INFO: Waiting for ServiceAccount "deployer" to be provisioned...
 May  7 14:20:25.160: INFO: Waiting for ServiceAccount "builder" to be provisioned...
 May  7 14:20:25.469: INFO: Waiting for RoleBinding "system:image-pullers" to be provisioned...
 May  7 14:20:25.884: INFO: Waiting for RoleBinding "system:image-builders" to be provisioned...
 May  7 14:20:26.298: INFO: Waiting for RoleBinding "system:deployers" to be provisioned...
 May  7 14:20:27.177: INFO: Project "e2e-test-kubelet-authentication-providers-t28tx" has been fully provisioned.
 May  7 14:20:27.177: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.type}'
 May  7 14:20:27.948: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.aws.region}'
   STEP: Add the AmazonEC2ContainerRegistryReadOnly policy to the worker nodes @ 05/07/24 14:20:28.719
 May  7 14:20:28.720: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.infrastructureName}'
 May  7 14:20:29.482: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get secret/aws-creds -n kube-system -o json'
 May  7 14:20:30.239: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.aws.region}'
   STEP: Create a new app using the image on ECR @ 05/07/24 14:20:32.184
 May  7 14:20:32.184: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/aws/kubeconfig new-app --name=hello-ecr --image=301721915996.dkr.ecr.us-east-2.amazonaws.com/hello-ecr:latest --allow-missing-images -n e2e-test-kubelet-authentication-providers-t28tx'
 W0507 14:20:33.123096   62275 newapp.go:523] Could not find an image stream match for "301721915996.dkr.ecr.us-east-2.amazonaws.com/hello-ecr:latest". Make sure that a container image with that tag is available on the node for the deployment to succeed.
 --> Found container image 7af3297 (6 years old) from 301721915996.dkr.ecr.us-east-2.amazonaws.com for "301721915996.dkr.ecr.us-east-2.amazonaws.com/hello-ecr:latest"


 --> Creating resources ...
     deployment.apps "hello-ecr" created
     service "hello-ecr" created
 --> Success
     Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
      'oc expose service/hello-ecr' 
     Run 'oc status' to view your app.
   STEP: Wait the pod to be running @ 05/07/24 14:20:33.575
 May  7 14:20:48.282: INFO: Deleted {user.openshift.io/v1, Resource=users  e2e-test-kubelet-authentication-providers-t28tx-user}, err: <nil>
 May  7 14:20:48.495: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-kubelet-authentication-providers-t28tx}, err: <nil>
 May  7 14:20:48.707: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~YD4cCjytD1tSyKCjlOcCEjUjTURQsbFa6xubRN4Frvg}, err: <nil>
   STEP: Destroying namespace "e2e-test-kubelet-authentication-providers-t28tx" for this suite. @ 05/07/24 14:20:48.708
 • [28.306 seconds]
 ------------------------------

 Ran 1 of 1 Specs in 28.306 seconds

GCP

$ ./openshift-tests run-test "[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from GCR"
INFO[0000] Decoding provider                             clusterState="<nil>" discover=false dryRun=false func=DecodeProvider providerType=
 May  7 14:18:15.334: INFO: Fetching cloud provider for "gce"
 I0507 14:18:15.338631   62120 gce.go:937] Using DefaultTokenSource &google.errWrappingTokenSource{src:(*oauth2.reuseTokenSource)(0xc001946ab0)}
 W0507 14:18:15.710738   62120 gce.go:491] No network name or URL specified.
 I0507 14:18:15.710827   62120 gce.go:512] managing multiple zones: [us-central1-a us-central1-b us-central1-c]
 May  7 14:18:15.930: INFO: microshift-version configmap not found
 Running Suite: OpenShift e2e suite - /Users/sunzhaohua/go/src/github.com/openshift/origin
 =========================================================================================
 Random Seed: 1715062684 - will randomize all specs

 Will run 1 of 1 specs
 ------------------------------
 [sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from GCR
 github.com/openshift/origin/test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go:49
   STEP: Creating a kubernetes client @ 05/07/24 14:18:16.801
 May  7 14:18:31.986: INFO: configPath is now "/var/folders/0m/7xwxpmks77n3dm5rr8x8g92r0000gn/T/configfile2520542568"
 May  7 14:18:31.986: INFO: The user is now "e2e-test-kubelet-authentication-providers-vnrqj-user"
 May  7 14:18:31.986: INFO: Creating project "e2e-test-kubelet-authentication-providers-vnrqj"
 May  7 14:18:32.288: INFO: Waiting on permissions in project "e2e-test-kubelet-authentication-providers-vnrqj" ...
 May  7 14:18:33.042: INFO: Waiting for ServiceAccount "default" to be provisioned...
 May  7 14:18:33.358: INFO: Waiting for ServiceAccount "deployer" to be provisioned...
 May  7 14:18:33.678: INFO: Waiting for ServiceAccount "builder" to be provisioned...
 May  7 14:18:33.996: INFO: Waiting for RoleBinding "system:image-pullers" to be provisioned...
 May  7 14:18:34.681: INFO: Waiting for RoleBinding "system:image-builders" to be provisioned...
 May  7 14:18:35.111: INFO: Waiting for RoleBinding "system:deployers" to be provisioned...
 May  7 14:18:36.257: INFO: Project "e2e-test-kubelet-authentication-providers-vnrqj" has been fully provisioned.
 May  7 14:18:36.262: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/gcp/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.type}'
   STEP: Create a new app using the image on GCR @ 05/07/24 14:18:37.17
 May  7 14:18:37.170: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/gcp/kubeconfig new-app --name=hello-gcr --image=gcr.io/openshift-qe/hello-gcr:latest --allow-missing-images -n e2e-test-kubelet-authentication-providers-vnrqj'
 W0507 14:18:38.294544   62139 newapp.go:523] Could not find an image stream match for "gcr.io/openshift-qe/hello-gcr:latest". Make sure that a container image with that tag is available on the node for the deployment to succeed.
 --> Found container image 7af3297 (6 years old) from gcr.io for "gcr.io/openshift-qe/hello-gcr:latest"


 --> Creating resources ...
     deployment.apps "hello-gcr" created
     service "hello-gcr" created
 --> Success
     Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
      'oc expose service/hello-gcr' 
     Run 'oc status' to view your app.
   STEP: Wait the pod to be running @ 05/07/24 14:18:38.88
 May  7 14:18:41.333: INFO: Deleted {user.openshift.io/v1, Resource=users  e2e-test-kubelet-authentication-providers-vnrqj-user}, err: <nil>
 May  7 14:18:41.555: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-kubelet-authentication-providers-vnrqj}, err: <nil>
 May  7 14:18:42.770: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~8j4UO-61tJBnoRFZaQV4AhmpXPhjN0qbxx3vP5YRGL8}, err: <nil>
   STEP: Destroying namespace "e2e-test-kubelet-authentication-providers-vnrqj" for this suite. @ 05/07/24 14:18:42.771
 • [26.408 seconds]
 ------------------------------

 Ran 1 of 1 Specs in 26.409 seconds
 SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped

Azure

$ ./openshift-tests run-test "[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ACR"
INFO[0000] Decoding provider                             clusterState="<nil>" discover=false dryRun=false func=DecodeProvider providerType=
 May  7 14:14:50.515: INFO: microshift-version configmap not found
 Running Suite: OpenShift e2e suite - /Users/sunzhaohua/go/src/github.com/openshift/origin
 =========================================================================================
 Random Seed: 1715062487 - will randomize all specs

 Will run 1 of 1 specs
 ------------------------------
 [sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ACR
 github.com/openshift/origin/test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go:64
   STEP: Creating a kubernetes client @ 05/07/24 14:14:51.418
 May  7 14:14:55.477: INFO: configPath is now "/var/folders/0m/7xwxpmks77n3dm5rr8x8g92r0000gn/T/configfile2343691754"
 May  7 14:14:55.477: INFO: The user is now "e2e-test-kubelet-authentication-providers-mpvxd-user"
 May  7 14:14:55.477: INFO: Creating project "e2e-test-kubelet-authentication-providers-mpvxd"
 May  7 14:14:55.872: INFO: Waiting on permissions in project "e2e-test-kubelet-authentication-providers-mpvxd" ...
 May  7 14:14:56.778: INFO: Waiting for ServiceAccount "default" to be provisioned...
 May  7 14:14:57.164: INFO: Waiting for ServiceAccount "deployer" to be provisioned...
 May  7 14:14:57.553: INFO: Waiting for ServiceAccount "builder" to be provisioned...
 May  7 14:14:57.940: INFO: Waiting for RoleBinding "system:image-pullers" to be provisioned...
 May  7 14:14:58.506: INFO: Waiting for RoleBinding "system:image-builders" to be provisioned...
 May  7 14:14:59.090: INFO: Waiting for RoleBinding "system:deployers" to be provisioned...
 May  7 14:15:00.284: INFO: Project "e2e-test-kubelet-authentication-providers-mpvxd" has been fully provisioned.
 May  7 14:15:00.289: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.type}'
 May  7 14:15:01.786: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get infrastructure cluster -o=jsonpath={.status.platformStatus.azure.cloudName}'
   STEP: Create RoleAssignments for resourcegroup @ 05/07/24 14:15:02.868
 May  7 14:15:02.868: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get infrastructure cluster -o=jsonpath={.status.infrastructureName}'
 May  7 14:15:04.245: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig get secret/azure-credentials -n kube-system -o=jsonpath={.data}'
 May  7 14:15:05.233: INFO: Azure credentials successfully loaded.
 May  7 14:15:13.478: INFO: Role assignment created: 53b8f551-140d-438c-ba67-43fe172d538d
   STEP: Create a new app using the image on ACR @ 05/07/24 14:15:13.478
 May  7 14:15:13.478: INFO: Running 'oc --kubeconfig=/Users/sunzhaohua/kubeconfig/azure/kubeconfig new-app --name=hello-acr --image=zhsunregistry.azurecr.io/hello-acr:latest --allow-missing-images -n e2e-test-kubelet-authentication-providers-mpvxd'
 W0507 14:15:14.838662   61979 newapp.go:523] Could not find an image stream match for "zhsunregistry.azurecr.io/hello-acr:latest". Make sure that a container image with that tag is available on the node for the deployment to succeed.
 --> Found container image 7af3297 (6 years old) from zhsunregistry.azurecr.io for "zhsunregistry.azurecr.io/hello-acr:latest"


 --> Creating resources ...
     deployment.apps "hello-acr" created
     service "hello-acr" created
 --> Success
     Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
      'oc expose service/hello-acr' 
     Run 'oc status' to view your app.
   STEP: Wait the pod to be running @ 05/07/24 14:15:15.513
 May  7 14:15:17.205: INFO: Deleted {user.openshift.io/v1, Resource=users  e2e-test-kubelet-authentication-providers-mpvxd-user}, err: <nil>
 May  7 14:15:17.472: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthclients  e2e-client-e2e-test-kubelet-authentication-providers-mpvxd}, err: <nil>
 May  7 14:15:17.742: INFO: Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens  sha256~gjXih-PLLeHKO3vfK2jiSXQUMXm4Eh4zEtIfbNv0iMM}, err: <nil>
   STEP: Destroying namespace "e2e-test-kubelet-authentication-providers-mpvxd" for this suite. @ 05/07/24 14:15:17.743
 • [26.603 seconds]
 ------------------------------

 Ran 1 of 1 Specs in 26.603 seconds
 SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2024-05-07T06:29:22Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sunzhaohua2
Once this PR has been reviewed and has the lgtm label, please assign neisw for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

JoelSpeed · 2024-05-07T09:42:33Z

test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go

+		defer iamClient.DetachRolePolicy(roleName, policyArn)
+
+		g.By("Create a new app using the image on ECR")
+		err = oc.AsAdmin().WithoutNamespace().Run("new-app").Args("--name=hello-ecr", "--image=301721915996.dkr.ecr."+region+".amazonaws.com/hello-ecr:latest", "--allow-missing-images", "-n", oc.Namespace()).Execute()


We need to upload an image to the CI account for this test right?

yes, need to upload an image to the CI account, do you know who we should contact?

I think we should contact #forum-ocp-testplatform and ask if they can help with this

JoelSpeed · 2024-05-07T09:44:22Z

test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go

+		exutil.SkipTestIfSupportedPlatformNotMatched(oc, "gcp")
+
+		g.By("Create a new app using the image on GCR")
+		err := oc.AsAdmin().WithoutNamespace().Run("new-app").Args("--name=hello-gcr", "--image=gcr.io/openshift-qe/hello-gcr:latest", "--allow-missing-images", "-n", oc.Namespace()).Execute()


Can the CI nodes pull this or do we need to upload something to the CI account?

we need to upload an image to container registry, but after March 18, 2025, Container Registry will be shut down, need to use Artifact Registry, will check if code need to change

JoelSpeed · 2024-05-07T09:45:22Z

test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go

+		roleAssignmentName, scope = exutil.GrantRoleToPrincipalIDByResourceGroup(az, principalId, "os4-common", "7f951dda-4ed3-4680-a7ca-43fe172d538d")
+
+		g.By("Create a new app using the image on ACR")
+		err = oc.AsAdmin().WithoutNamespace().Run("new-app").Args("--name=hello-acr", "--image=zhsunregistry.azurecr.io/hello-acr:latest", "--allow-missing-images", "-n", oc.Namespace()).Execute()


As with others, do we need to upload something?

We need a resourcegroup that will not be deleted, then create a container registry and upload an image.

test/extended/util/framework.go

JoelSpeed · 2024-05-07T09:48:15Z

I can't see the new tests in the JUnit output, are they showing for you?

sunzhaohua2 · 2024-05-07T11:30:27Z

I can't see the new tests in the JUnit output, are they showing for you?

Seems need to run make update so that test/extended/util/annotate/generated/zz_generated.annotations.go can be updated, now I can see

$ ./openshift-tests run --dry-run "openshift/conformance/serial" | grep -E KubeletAuthenticationProviders    
INFO[0000] Decoding provider                             clusterState="<nil>" discover=true dryRun=true func=DecodeProvider providerType=
"[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ACR [Suite:openshift/conformance/serial]"
"[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from ECR [Suite:openshift/conformance/serial]"
"[sig-cluster-lifecycle][Feature:KubeletAuthenticationProviders][Serial] KubeletAuthenticationProviders should should be able to pull images from GCR [Suite:openshift/conformance/serial]"

JoelSpeed · 2024-05-07T14:24:31Z

Great, can see now that the test is failing, so lets try to get the images uploaded so we can get this to pass, thanks!

JoelSpeed · 2024-05-07T14:26:43Z

test/extended/kubelet_authentication_providers/kubelet_authentication_providers.go

+		g.By("Wait the pod to be running")
+		ecrPodLabel := exutil.ParseLabelsOrDie("deployment=hello-ecr")
+		_, err = exutil.WaitForPods(oc.KubeClient().CoreV1().Pods(oc.Namespace()), ecrPodLabel, exutil.CheckPodIsRunning, 1, 4*time.Minute)
+		o.Expect(err).NotTo(o.HaveOccurred())


Might be useful to add additional error detail when these errors are checked, something like below might help

Suggested change

o.Expect(err).NotTo(o.HaveOccurred())

o.Expect(err).NotTo(o.HaveOccurred(), "ECR private image pod was not running after 4 minutes")

sunzhaohua2 · 2024-05-08T01:56:54Z

Great, can see now that the test is failing, so lets try to get the images uploaded so we can get this to pass, thanks!

asked here https://redhat-internal.slack.com/archives/CBN38N3MW/p1715133269211149

openshift-trt-bot · 2024-05-20T17:08:07Z

Job Failure Risk Analysis for sha: 52c34a9

Job Name	Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade	High [bz-Node Tuning Operator] clusteroperator/node-tuning should not change condition/Available This test has passed 99.67% of 3360 runs on release 4.17 [Overall] in the last week. --- [sig-arch] events should not repeat pathologically for ns/openshift-kube-apiserver-operator This test has passed 99.67% of 3358 runs on release 4.17 [Overall] in the last week.

openshift-ci · 2024-05-20T23:36:56Z

@sunzhaohua2: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-aws-jenkins
/test e2e-aws-ovn-edge-zones
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-image-registry
/test e2e-aws-ovn-serial
/test e2e-gcp-ovn
/test e2e-gcp-ovn-builds
/test e2e-gcp-ovn-image-ecosystem
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test images
/test lint
/test unit
/test verify
/test verify-deps

The following commands are available to trigger optional jobs:

/test 4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback
/test e2e-agnostic-ovn-cmd
/test e2e-aws
/test e2e-aws-csi
/test e2e-aws-disruptive
/test e2e-aws-etcd-recovery
/test e2e-aws-multitenant
/test e2e-aws-ovn
/test e2e-aws-ovn-cgroupsv2
/test e2e-aws-ovn-etcd-scaling
/test e2e-aws-ovn-kubevirt
/test e2e-aws-ovn-single-node
/test e2e-aws-ovn-single-node-serial
/test e2e-aws-ovn-single-node-upgrade
/test e2e-aws-ovn-upgrade
/test e2e-aws-ovn-upi
/test e2e-aws-proxy
/test e2e-azure
/test e2e-azure-ovn-etcd-scaling
/test e2e-azure-ovn-upgrade
/test e2e-baremetalds-kubevirt
/test e2e-gcp-csi
/test e2e-gcp-disruptive
/test e2e-gcp-fips-serial
/test e2e-gcp-ovn-etcd-scaling
/test e2e-gcp-ovn-rt-upgrade
/test e2e-gcp-ovn-techpreview
/test e2e-gcp-ovn-techpreview-serial
/test e2e-metal-ipi-ovn-dualstack
/test e2e-metal-ipi-ovn-dualstack-local-gateway
/test e2e-metal-ipi-sdn
/test e2e-metal-ipi-serial
/test e2e-metal-ipi-serial-ovn-ipv6
/test e2e-metal-ipi-virtualmedia
/test e2e-openstack-ovn
/test e2e-openstack-serial
/test e2e-vsphere
/test e2e-vsphere-ovn-dualstack-primaryv6
/test e2e-vsphere-ovn-etcd-scaling
/test okd-e2e-gcp
/test okd-scos-images

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd
pull-ci-openshift-origin-master-e2e-aws-csi
pull-ci-openshift-origin-master-e2e-aws-ovn-cgroupsv2
pull-ci-openshift-origin-master-e2e-aws-ovn-edge-zones
pull-ci-openshift-origin-master-e2e-aws-ovn-fips
pull-ci-openshift-origin-master-e2e-aws-ovn-serial
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-serial
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade
pull-ci-openshift-origin-master-e2e-aws-ovn-upgrade
pull-ci-openshift-origin-master-e2e-gcp-csi
pull-ci-openshift-origin-master-e2e-gcp-ovn
pull-ci-openshift-origin-master-e2e-gcp-ovn-builds
pull-ci-openshift-origin-master-e2e-gcp-ovn-rt-upgrade
pull-ci-openshift-origin-master-e2e-gcp-ovn-upgrade
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-ipv6
pull-ci-openshift-origin-master-e2e-metal-ipi-sdn
pull-ci-openshift-origin-master-e2e-openstack-ovn
pull-ci-openshift-origin-master-images
pull-ci-openshift-origin-master-lint
pull-ci-openshift-origin-master-unit
pull-ci-openshift-origin-master-verify
pull-ci-openshift-origin-master-verify-deps

In response to this:

/test e2e-azure-ovn-serial

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

sunzhaohua2 · 2024-05-20T23:38:36Z

/test e2e-gcp-fips-serial

openshift-trt-bot · 2024-05-21T06:06:51Z

Job Failure Risk Analysis for sha: ea95b62

Job Name	Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade	High [bz-Node Tuning Operator] clusteroperator/node-tuning should not change condition/Available This test has passed 99.60% of 3458 runs on release 4.17 [Overall] in the last week. --- [sig-arch] events should not repeat pathologically for ns/openshift-kube-apiserver-operator This test has passed 99.57% of 3454 runs on release 4.17 [Overall] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-serial	IncompleteTests Tests for this run (98) are below the historical average (770): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node	IncompleteTests Tests for this run (98) are below the historical average (1617): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

sunzhaohua2 · 2024-05-21T07:48:45Z

/test e2e-azure-fips-serial

openshift-ci · 2024-05-21T07:48:50Z

@sunzhaohua2: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-aws-jenkins
/test e2e-aws-ovn-edge-zones
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-image-registry
/test e2e-aws-ovn-serial
/test e2e-gcp-ovn
/test e2e-gcp-ovn-builds
/test e2e-gcp-ovn-image-ecosystem
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test images
/test lint
/test unit
/test verify
/test verify-deps

The following commands are available to trigger optional jobs:

/test 4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade-rollback
/test e2e-agnostic-ovn-cmd
/test e2e-aws
/test e2e-aws-csi
/test e2e-aws-disruptive
/test e2e-aws-etcd-recovery
/test e2e-aws-multitenant
/test e2e-aws-ovn
/test e2e-aws-ovn-cgroupsv2
/test e2e-aws-ovn-etcd-scaling
/test e2e-aws-ovn-kubevirt
/test e2e-aws-ovn-single-node
/test e2e-aws-ovn-single-node-serial
/test e2e-aws-ovn-single-node-upgrade
/test e2e-aws-ovn-upgrade
/test e2e-aws-ovn-upi
/test e2e-aws-proxy
/test e2e-azure
/test e2e-azure-ovn-etcd-scaling
/test e2e-azure-ovn-upgrade
/test e2e-baremetalds-kubevirt
/test e2e-gcp-csi
/test e2e-gcp-disruptive
/test e2e-gcp-fips-serial
/test e2e-gcp-ovn-etcd-scaling
/test e2e-gcp-ovn-rt-upgrade
/test e2e-gcp-ovn-techpreview
/test e2e-gcp-ovn-techpreview-serial
/test e2e-metal-ipi-ovn-dualstack
/test e2e-metal-ipi-ovn-dualstack-local-gateway
/test e2e-metal-ipi-sdn
/test e2e-metal-ipi-serial
/test e2e-metal-ipi-serial-ovn-ipv6
/test e2e-metal-ipi-virtualmedia
/test e2e-openstack-ovn
/test e2e-openstack-serial
/test e2e-vsphere
/test e2e-vsphere-ovn-dualstack-primaryv6
/test e2e-vsphere-ovn-etcd-scaling
/test okd-e2e-gcp
/test okd-scos-images

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-origin-master-e2e-agnostic-ovn-cmd
pull-ci-openshift-origin-master-e2e-aws-csi
pull-ci-openshift-origin-master-e2e-aws-ovn-cgroupsv2
pull-ci-openshift-origin-master-e2e-aws-ovn-edge-zones
pull-ci-openshift-origin-master-e2e-aws-ovn-fips
pull-ci-openshift-origin-master-e2e-aws-ovn-serial
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-serial
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade
pull-ci-openshift-origin-master-e2e-aws-ovn-upgrade
pull-ci-openshift-origin-master-e2e-gcp-csi
pull-ci-openshift-origin-master-e2e-gcp-ovn
pull-ci-openshift-origin-master-e2e-gcp-ovn-builds
pull-ci-openshift-origin-master-e2e-gcp-ovn-rt-upgrade
pull-ci-openshift-origin-master-e2e-gcp-ovn-upgrade
pull-ci-openshift-origin-master-e2e-metal-ipi-ovn-ipv6
pull-ci-openshift-origin-master-e2e-metal-ipi-sdn
pull-ci-openshift-origin-master-e2e-openstack-ovn
pull-ci-openshift-origin-master-images
pull-ci-openshift-origin-master-lint
pull-ci-openshift-origin-master-unit
pull-ci-openshift-origin-master-verify
pull-ci-openshift-origin-master-verify-deps

In response to this:

/test e2e-azure-fips-serial

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

JoelSpeed · 2024-05-21T08:13:36Z

/payload-job periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn-serial

openshift-ci · 2024-05-21T08:13:41Z

@JoelSpeed: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn-serial

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/06908cd0-174a-11ef-9adf-a5c46a74c547-0

openshift-trt-bot · 2024-05-21T11:08:21Z

Job Failure Risk Analysis for sha: 8f4fa63

Job Name	Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade	High [bz-Node Tuning Operator] clusteroperator/node-tuning should not change condition/Available This test has passed 99.59% of 3384 runs on release 4.17 [Overall] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node	IncompleteTests Tests for this run (98) are below the historical average (1598): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

sunzhaohua2 · 2024-05-22T02:29:52Z

/payload-job periodic-ci-openshift-release-master-nightly-4.17-e2e-gcp-ovn-serial

openshift-ci · 2024-05-22T02:30:00Z

@sunzhaohua2: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-master-nightly-4.17-e2e-gcp-ovn-serial

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/2b85aa90-17e3-11ef-8a5a-54c02cf856df-0

openshift-trt-bot · 2024-05-22T06:10:07Z

Job Failure Risk Analysis for sha: 7e362f5

Job Name	Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade	High [bz-Node Tuning Operator] clusteroperator/node-tuning should not change condition/Available This test has passed 99.63% of 3780 runs on release 4.17 [Overall] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node	IncompleteTests Tests for this run (98) are below the historical average (1551): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

sunzhaohua2 · 2024-05-22T06:29:17Z

/payload-job periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-serial

openshift-ci · 2024-05-22T06:29:23Z

@sunzhaohua2: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-serial

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/9e14bdf0-1804-11ef-8b77-f885f8f851e4-0

sunzhaohua2 · 2024-05-22T12:35:10Z

/retest

openshift-trt-bot · 2024-05-22T16:08:51Z

Job Failure Risk Analysis for sha: 4c2c273

Job Name	Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade	High [bz-Node Tuning Operator] clusteroperator/node-tuning should not change condition/Available This test has passed 99.62% of 3731 runs on release 4.17 [Overall] in the last week.
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-serial	IncompleteTests Tests for this run (98) are below the historical average (764): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node	IncompleteTests Tests for this run (98) are below the historical average (1493): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

openshift-ci · 2024-05-22T16:12:30Z

@sunzhaohua2: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-single-node-serial	`4c2c273`	link	false	`/test e2e-aws-ovn-single-node-serial`
ci/prow/e2e-aws-ovn-serial	`4c2c273`	link	true	`/test e2e-aws-ovn-serial`
ci/prow/e2e-aws-ovn-single-node	`4c2c273`	link	false	`/test e2e-aws-ovn-single-node`
ci/prow/e2e-aws-ovn-single-node-upgrade	`4c2c273`	link	false	`/test e2e-aws-ovn-single-node-upgrade`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 7, 2024

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 7, 2024

openshift-ci bot requested review from sjenning and soltysh May 7, 2024 06:29

openshift-ci bot added the vendor-update Touching vendor dir or related files label May 7, 2024

JoelSpeed reviewed May 7, 2024

View reviewed changes

sunzhaohua2 force-pushed the private-image branch from 4dd6cea to c0c6cf5 Compare May 7, 2024 11:27

JoelSpeed reviewed May 7, 2024

View reviewed changes

sunzhaohua2 force-pushed the private-image branch 2 times, most recently from cc5b585 to 52c34a9 Compare May 20, 2024 13:23

sunzhaohua2 force-pushed the private-image branch from 52c34a9 to ea95b62 Compare May 21, 2024 01:50

sunzhaohua2 force-pushed the private-image branch from ea95b62 to 8f4fa63 Compare May 21, 2024 07:16

sunzhaohua2 force-pushed the private-image branch from 8f4fa63 to 7e362f5 Compare May 22, 2024 02:28

add e2e test for the private image pulling on AWS GCP and Azure

4c2c273

sunzhaohua2 force-pushed the private-image branch from 7e362f5 to 4c2c273 Compare May 22, 2024 12:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[WIP] OCPCLOUD-2558: Support external cloud authentication providers #28774

[WIP] OCPCLOUD-2558: Support external cloud authentication providers #28774

sunzhaohua2 commented May 7, 2024

openshift-ci-robot commented May 7, 2024 •

edited by openshift-ci bot

openshift-ci bot commented May 7, 2024

JoelSpeed May 7, 2024

sunzhaohua2 May 7, 2024

JoelSpeed May 7, 2024

JoelSpeed May 7, 2024

sunzhaohua2 May 7, 2024

JoelSpeed May 7, 2024

sunzhaohua2 May 7, 2024

JoelSpeed commented May 7, 2024

sunzhaohua2 commented May 7, 2024

JoelSpeed commented May 7, 2024

JoelSpeed May 7, 2024

sunzhaohua2 commented May 8, 2024

openshift-trt-bot commented May 20, 2024

openshift-ci bot commented May 20, 2024

sunzhaohua2 commented May 20, 2024

openshift-trt-bot commented May 21, 2024

sunzhaohua2 commented May 21, 2024

openshift-ci bot commented May 21, 2024

JoelSpeed commented May 21, 2024

openshift-ci bot commented May 21, 2024

openshift-trt-bot commented May 21, 2024

sunzhaohua2 commented May 22, 2024

openshift-ci bot commented May 22, 2024

openshift-trt-bot commented May 22, 2024

sunzhaohua2 commented May 22, 2024

openshift-ci bot commented May 22, 2024

sunzhaohua2 commented May 22, 2024

openshift-trt-bot commented May 22, 2024

openshift-ci bot commented May 22, 2024

	o.Expect(err).NotTo(o.HaveOccurred())
	o.Expect(err).NotTo(o.HaveOccurred(), "ECR private image pod was not running after 4 minutes")

[WIP] OCPCLOUD-2558: Support external cloud authentication providers #28774

Are you sure you want to change the base?

[WIP] OCPCLOUD-2558: Support external cloud authentication providers #28774

Conversation

sunzhaohua2 commented May 7, 2024

openshift-ci-robot commented May 7, 2024 • edited by openshift-ci bot

openshift-ci bot commented May 7, 2024

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

JoelSpeed commented May 7, 2024

sunzhaohua2 commented May 7, 2024

JoelSpeed commented May 7, 2024

Choose a reason for hiding this comment

sunzhaohua2 commented May 8, 2024

openshift-trt-bot commented May 20, 2024

openshift-ci bot commented May 20, 2024

sunzhaohua2 commented May 20, 2024

openshift-trt-bot commented May 21, 2024

sunzhaohua2 commented May 21, 2024

openshift-ci bot commented May 21, 2024

JoelSpeed commented May 21, 2024

openshift-ci bot commented May 21, 2024

openshift-trt-bot commented May 21, 2024

sunzhaohua2 commented May 22, 2024

openshift-ci bot commented May 22, 2024

openshift-trt-bot commented May 22, 2024

sunzhaohua2 commented May 22, 2024

openshift-ci bot commented May 22, 2024

sunzhaohua2 commented May 22, 2024

openshift-trt-bot commented May 22, 2024

openshift-ci bot commented May 22, 2024

openshift-ci-robot commented May 7, 2024 •

edited by openshift-ci bot