Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP OCPBUGS-35231: cert-inspection: parse secret/configmap keys as kubeconfigs #28864

Closed
wants to merge 3 commits into from
Closed

WIP OCPBUGS-35231: cert-inspection: parse secret/configmap keys as kubeconfigs #28864

wants to merge 3 commits into from

Conversation

vrutkovs
Copy link
Member

@vrutkovs vrutkovs commented Jun 10, 2024
edited
Loading

Extract CA and certs used in kubeconfigs as TLS artifacts too.

Test for openshift/library-go#1746

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 10, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jun 10, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@vrutkovs
Copy link
Member Author

/test e2e-agnostic-ovn-cmd

@openshift-ci openshift-ci bot added the vendor-update Touching vendor dir or related files label Jun 10, 2024
@vrutkovs
Copy link
Member Author

/test e2e-agnostic-ovn-cmd

@vrutkovs
Copy link
Member Author

/test e2e-agnostic-ovn-cmd

@vrutkovs vrutkovs changed the title cert-inspection: parse secret/configmap keys as kubeconfigs WIP cert-inspection: parse secret/configmap keys as kubeconfigs Jun 10, 2024
@vrutkovs vrutkovs marked this pull request as ready for review June 10, 2024 14:40
@vrutkovs
Copy link
Member Author

/payload-job periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn periodic-ci-openshift-release-master-ci-4.17-e2e-gcp-ovn periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-bm periodic-ci-openshift-release-master-nightly-4.17-e2e-vsphere-ovn-serial periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jun 10, 2024

@vrutkovs: trigger 6 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn
  • periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn
  • periodic-ci-openshift-release-master-ci-4.17-e2e-gcp-ovn
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-bm
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-vsphere-ovn-serial
  • periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-single-node

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/e05758c0-2737-11ef-868f-4c0f750867c0-0

@openshift-ci openshift-ci bot requested review from sjenning and stlaz June 10, 2024 14:57
@vrutkovs vrutkovs mentioned this pull request Jun 10, 2024
Merged
@vrutkovs vrutkovs changed the title WIP cert-inspection: parse secret/configmap keys as kubeconfigs WIP OCPBUGS-35231: cert-inspection: parse secret/configmap keys as kubeconfigs Jun 10, 2024
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Jun 10, 2024
@openshift-ci-robot
Copy link

@vrutkovs: This pull request references Jira Issue OCPBUGS-35231, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.17.0) matches configured target version for branch (4.17.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Extract CA and certs used in kubeconfigs as TLS artifacts too.

Test for openshift/library-go#1746

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@vrutkovs vrutkovs force-pushed the tls-registry-kubeconfigs branch 2 times, most recently from 41b7fa9 to f8d26f1 Compare June 11, 2024 10:42
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 12, 2024
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 21, 2024
@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: 3183663

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-upgrade High
[sig-apps] job-upgrade
This test has passed 100.00% of 313 runs on jobs ['periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn-upgrade'] in the last 14 days.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Aug 13, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vrutkovs
Once this PR has been reviewed and has the lgtm label, please assign sosiouxme for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: 9239d9e

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade High
[sig-node][invariant] alert/TargetDown should not be at or above info in ns/kube-system
This test has passed 99.98% of 4831 runs on release 4.18 [Overall] in the last week.

Open Bugs
Kubelet metrics endpoints experiencing prolonged outages
pull-ci-openshift-origin-master-e2e-aws-ovn-serial High
[sig-storage] CSI Mock selinux on mount metrics SELinuxMount metrics [LinuxOnly] [Feature:SELinux] [Serial] error is bumped on two Pods with a different context on RWOP volume [FeatureGate:SELinuxMountReadWriteOncePod] [Beta] [Suite:openshift/conformance/serial] [Suite:k8s]
This test has passed 100.00% of 30 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial'] in the last 14 days.
---
[sig-storage] CSI Mock selinux on mount metrics SELinuxMount metrics [LinuxOnly] [Feature:SELinux] [Serial] warning is bumped on two Pods with a different context on RWO volume [FeatureGate:SELinuxMountReadWriteOncePod] [Beta] [Feature:SELinuxMountReadWriteOncePodOnly] [Suite:openshift/conformance/serial] [Suite:k8s]
This test has passed 100.00% of 30 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial'] in the last 14 days.

@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: daaf7cc

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-ipsec-serial IncompleteTests
Tests for this run (18) are below the historical average (606): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)
pull-ci-openshift-origin-master-e2e-aws-csi IncompleteTests
Tests for this run (16) are below the historical average (763): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

@vrutkovs
Bump library-go
eb294a2
@vrutkovs
update-tls-artifacts: fix typo
63d2ec7 
requirment -> requirement
@vrutkovs
update-tls-artifacts: update error message
eecb0d3 
Don't assume ownership is being checked, requirement name is specified in the prefix
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 5, 2024

@vrutkovs: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ovn-upgrade eecb0d3 link false /test e2e-aws-ovn-upgrade
ci/prow/e2e-aws-ovn-ipsec-serial eecb0d3 link false /test e2e-aws-ovn-ipsec-serial
ci/prow/e2e-metal-ipi-ovn eecb0d3 link false /test e2e-metal-ipi-ovn
ci/prow/e2e-aws-ovn-serial eecb0d3 link true /test e2e-aws-ovn-serial
ci/prow/e2e-gcp-csi eecb0d3 link false /test e2e-gcp-csi

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: eecb0d3

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-serial High
[sig-node] static pods should start after being created
This test has passed 100.00% of 44 runs on jobs ['periodic-ci-openshift-release-master-ci-4.18-e2e-aws-ovn-serial' 'periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-serial'] in the last 14 days.

Open Bugs
Static pod controller pods sometimes fail to start
pull-ci-openshift-origin-master-e2e-gcp-csi IncompleteTests
Tests for this run (14) are below the historical average (786): IncompleteTests (not enough tests ran to make a reasonable risk analysis; this could be due to infra, installation, or upgrade problems)

@vrutkovs vrutkovs closed this Sep 6, 2024
@openshift-ci-robot
Copy link

@vrutkovs: This pull request references Jira Issue OCPBUGS-35231. The bug has been updated to no longer refer to the pull request using the external bug tracker.

In response to this:

Extract CA and certs used in kubeconfigs as TLS artifacts too.

Test for openshift/library-go#1746

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjenning sjenning Awaiting requested review from sjenning

@stlaz stlaz Awaiting requested review from stlaz

Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. vendor-update Touching vendor dir or related files
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vrutkovs @openshift-ci-robot @openshift-trt-bot @openshift-merge-robot