Skip to content

CNTRLPLANE-3741: PKI config tests for service-ca and kube-apiserver-operator#31341

Open
kaleemsiddiqu wants to merge 1 commit into
openshift:mainfrom
kaleemsiddiqu:pki-tests-new
Open

CNTRLPLANE-3741: PKI config tests for service-ca and kube-apiserver-operator#31341
kaleemsiddiqu wants to merge 1 commit into
openshift:mainfrom
kaleemsiddiqu:pki-tests-new

Conversation

@kaleemsiddiqu

@kaleemsiddiqu kaleemsiddiqu commented Jun 25, 2026

Copy link
Copy Markdown

Tests for kube-apiserver and service-ca added

Summary by CodeRabbit

  • Tests
    • Added a new external test suite (openshift/pkiconfig) to validate configurable PKI certificate regeneration.
    • Expanded coverage for kube-apiserver PKI regeneration by deleting targeted certificate Secrets and confirming regenerated certificate key properties for uniform and mixed configurations.
    • Expanded coverage for service-ca under the ConfigurablePKI feature gate, including regeneration and validation of signing and serving certificates (RSA and ECDSA key/curve parameters, with mixed overrides).
    • Strengthened secret rotation assertions by verifying Secrets are replaced and certificates match expected algorithms and parameters.
    • Improved reliability with deferred cleanup that restores prior PKI configuration after failures.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Adds extended e2e coverage for configurable PKI profiles, including PKI test registration, shared helpers, and kube-apiserver and service-ca certificate regeneration checks for uniform and mixed key settings.

Changes

Configurable PKI e2e coverage

Layer / File(s) Summary
Registration and suite wiring
test/extended/include.go, pkg/testsuites/standard_suites.go
Registers the PKI extended package and adds the openshift/pkiconfig suite with its execution settings.
Shared PKI helpers
test/extended/pki/helpers.go
Defines PKI test config types and helper functions for applying PKI profiles, parsing certificates, waiting for secret regeneration, deleting secrets, and resetting PKI configuration.
kube-apiserver uniform cases
test/extended/pki/pki_kube_apiserver.go
Sets up the kube-apiserver suite, runs the uniform RSA and ECDSA matrix, and verifies regenerated signer, serving, and client certificates.
kube-apiserver mixed cases
test/extended/pki/pki_kube_apiserver.go
Runs the mixed kube-apiserver matrix and validates regenerated certificates with per-category expectations.
service-ca suite and config matrix
test/extended/pki/pki_service_ca.go
Sets up the service-ca suite, checks readiness, applies the configuration matrix, and waits for reconciliation and deployment readiness.
service-ca certificate regeneration
test/extended/pki/pki_service_ca.go
Deletes signing and service secrets, waits for regeneration, and validates the regenerated CA and service certificates.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Test Structure And Quality ⚠️ Warning FAIL: The new PKI specs bundle multiple behaviors per It, use BeforeAll/context.TODO plus DeferCleanup instead of per-test setup/cleanup, and several waits/assertions hide failures. Split the suite into smaller Its, move resource setup/cleanup to BeforeEach/AfterEach or spec-ctx cleanup, propagate ctx, and add explicit failure messages plus real error handling in poll loops.
✅ Passed checks (14 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All new ginkgo titles are fixed strings; none include generated names, timestamps, UUIDs, namespaces, or other run-varying data.
Microshift Test Compatibility ✅ Passed Both new Ginkgo suites are tagged [apigroup:config.openshift.io] and [Skipped:MicroShift], so MicroShift CI will skip them despite kube-apiserver/service-ca API use.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No multi-node/HA assumptions found; the new PKI tests only modify cert secrets and deployments, with no node-count, scheduling, or topology checks.
Topology-Aware Scheduling Compatibility ✅ Passed Only test code and suite metadata changed; no manifests, controllers, nodeSelectors, or scheduling constraints were added.
Ote Binary Stdout Contract ✅ Passed No process-level stdout writes were added; pki setup uses framework.Logf/GinkgoWriter, and constructors/init paths have no fmt.Print or stdout sinks.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed The new PKI e2e tests use only cluster-internal Secrets/Services; no hardcoded IPv4s, URL construction, or external internet endpoints were found.
No-Weak-Crypto ✅ Passed Checked the added PKI files: they use RSA/ECDSA and x509 parsing only, with no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret/token compares.
Container-Privileges ✅ Passed The PR only adds Go e2e tests and suite registration; no touched file sets privileged/hostNetwork/hostPID/hostIPC, allowPrivilegeEscalation, or securityContext.
No-Sensitive-Data-In-Logs ✅ Passed No logs print credentials or raw secret/certificate contents; messages only include test names, namespaces, secret names, and key sizes.
Title check ✅ Passed The title accurately summarizes the main change: new PKI configuration tests for service-ca and kube-apiserver-operator.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from p0lyn0mial and sjenning June 25, 2026 11:51
Comment thread test/extended/pki/helpers.go Outdated
Comment thread test/extended/pki/helpers.go Outdated
Comment thread test/extended/pki/helpers.go Outdated
Comment thread test/extended/pki/helpers.go Outdated
Comment thread test/extended/pki/helpers.go Outdated
Comment thread test/extended/pki/pki_kube_apiserver.go Outdated
Comment thread test/extended/pki/pki_kube_apiserver.go Outdated
Comment thread test/extended/pki/pki_kube_apiserver.go Outdated
Comment thread test/extended/pki/pki_kube_apiserver.go Outdated
Comment thread test/extended/pki/pki_service_ca.go Outdated
Comment thread pkg/testsuites/standard_suites.go Outdated
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/test e2e-gcp-ovn-techpreview-serial-1of2
/test e2e-gcp-ovn-techpreview-serial-2of2

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🧹 Nitpick comments (1)
test/extended/pki/helpers.go (1)

108-125: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

buildKeyConfig silently returns an incomplete config for unrecognized algorithms.

If algorithm is neither RSA nor ECDSA, only Algorithm is set and both key bodies stay zero-valued, which could produce a confusing apply result downstream. Consider asserting/erroring on the default case so misconfigured test cases fail fast.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/extended/pki/helpers.go` around lines 108 - 125, buildKeyConfig
currently falls through for any algorithm other than KeyAlgorithmRSA or
KeyAlgorithmECDSA, leaving KeyConfig partially populated and hiding
misconfigured test inputs. Update buildKeyConfig to explicitly handle the
supported algorithms and add a default branch that fails fast (for example by
asserting or returning an error) when an unrecognized KeyAlgorithm is passed, so
callers of buildKeyConfig get an immediate signal instead of an incomplete
config.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/extended/pki/helpers.go`:
- Around line 284-293: waitForSecretRegeneration currently treats any existing
secret as success, so it can return the old secret or a newly created secret
before cert data is ready. Update the helper in helpers.go to wait for a
genuinely regenerated secret by comparing against the deleted secret’s
UID/resourceVersion (or by confirming the secret is gone first), and then
require that the new secret contains certKey in Data before returning. Adjust
the call site in pki_kube_apiserver.go to pass the identifier needed to
distinguish the old secret from the recreated one.
- Around line 168-174: The PKI create-or-update flow in the helper currently
treats every Get failure as “missing” and falls back to Create, which can hide
RBAC, timeout, or server errors. Update the logic in the PKI helper path to only
call Create when configClient.ConfigV1alpha1().PKIs().Get returns
apierrors.IsNotFound(err), and otherwise return the original error; apply the
same NotFound-gated pattern in applyMixedPKIConfig as well.

In `@test/extended/pki/pki_kube_apiserver.go`:
- Around line 378-383: The deleteCertificateSecret failure path in
pki_kube_apiserver.go can mask a false pass because the loop only logs a warning
and continues without verifying anything. Update the certificate regeneration
checks around deleteCertificateSecret in the relevant test loop(s) so that a
missing/un-deletable expected secret causes the test to fail, or track whether
at least one certificate was successfully deleted and verified before allowing
the spec to pass. Apply the same fix to the duplicate verification block that
uses the same pattern elsewhere in the file.
- Around line 184-188: The deferred cleanup in `g.DeferCleanup` is using
`context.Background()`, which drops the test/spec context and leaves
`cleanupPKIConfiguration` unbounded; update the cleanup path to derive from the
existing spec context in `pki_kube_apiserver.go` using a detached context (for
example via `context.WithoutCancel`) and wrap it with a timeout before calling
`cleanupPKIConfiguration` so cleanup still has context values but cannot run
indefinitely.
- Around line 25-171: The package-level integrationTestCertificates slice in
pki_kube_apiserver.go is unused by the kube-apiserver test helpers. Remove the
dead variable, or update the relevant test setup functions to reference
integrationTestCertificates directly so the shared certificate list is actually
consumed. Use the integrationTestCertificates symbol and the kube-apiserver PKI
test helpers in this file to locate the change.
- Around line 173-174: The top-level ginkgo recovery hook in the `Describe` body
is unnecessary here. Remove the `defer g.GinkgoRecover()` from the `PKI
Configuration` `Describe` block in `pki_kube_apiserver.go`, and only add
`GinkgoRecover()` inside any spawned goroutine that may call `Fail` or Gomega in
the future.

In `@test/extended/pki/pki_service_ca.go`:
- Around line 331-333: The cleanup in the deferred namespace deletion is
ignoring a returned error, which can hide failed teardown; update the defer in
the pki service CA test to capture the result of
kubeClient.CoreV1().Namespaces().Delete and explicitly assert or log any error
instead of discarding it. Use the existing cleanup block around the testNS
deletion in the deferred func and keep the failure handling consistent with the
test’s other error checks so namespace leaks are surfaced.
- Around line 33-35: The deferred cleanup in the Ginkgo test uses
context.Background(), which disconnects it from the spec context. Update the
DeferCleanup block in pki_service_ca.go to derive a detached context from the
existing test context using context.WithoutCancel(ctx) and wrap it with a
bounded timeout, then pass that context into cleanupPKIConfiguration so cleanup
still runs independently without losing test-scoped values. Use the existing
test context variable from the surrounding spec and keep the cleanup logic
inside g.DeferCleanup.

---

Nitpick comments:
In `@test/extended/pki/helpers.go`:
- Around line 108-125: buildKeyConfig currently falls through for any algorithm
other than KeyAlgorithmRSA or KeyAlgorithmECDSA, leaving KeyConfig partially
populated and hiding misconfigured test inputs. Update buildKeyConfig to
explicitly handle the supported algorithms and add a default branch that fails
fast (for example by asserting or returning an error) when an unrecognized
KeyAlgorithm is passed, so callers of buildKeyConfig get an immediate signal
instead of an incomplete config.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 0bcf1c75-08b8-4f9c-b678-e0aeb6c80603

📥 Commits

Reviewing files that changed from the base of the PR and between 5c8a9b0 and 1820a38.

📒 Files selected for processing (4)
  • test/extended/include.go
  • test/extended/pki/helpers.go
  • test/extended/pki/pki_kube_apiserver.go
  • test/extended/pki/pki_service_ca.go

Comment thread test/extended/pki/helpers.go
Comment thread test/extended/pki/helpers.go Outdated
Comment thread test/extended/pki/pki_kube_apiserver.go Outdated
Comment thread test/extended/pki/pki_kube_apiserver.go Outdated
Comment thread test/extended/pki/pki_kube_apiserver.go
Comment thread test/extended/pki/pki_kube_apiserver.go Outdated
Comment thread test/extended/pki/pki_service_ca.go
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/test e2e-gcp-ovn-techpreview-serial-1of2
/test e2e-gcp-ovn-techpreview-serial-2of2

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
test/extended/pki/pki_kube_apiserver.go (3)

196-384: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚖️ Poor tradeoff

Consider extracting the shared regeneration/verify loop.

testKubeAPIServerCertificates and testMixedKubeAPIServerCertificates differ only in how the expected algorithm/size/curve is sourced; the get-UID → delete → wait → verify body is duplicated. A small helper taking (cert operatorCertificate, expectedAlgorithm, expectedRSASize, expectedECDSACurve) would remove the duplication and keep timeout/verification logic in one place.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/extended/pki/pki_kube_apiserver.go` around lines 196 - 384, The
regeneration/verify flow is duplicated in testKubeAPIServerCertificates and
testMixedKubeAPIServerCertificates; extract the shared get-UID →
deleteCertificateSecret → waitForSecretRegeneration → getCertificateFromSecret
loop into a helper. Make the helper take operatorCertificate plus the expected
algorithm/size/curve inputs so both callers can reuse the same timeout and
verification logic while only differing in how expectations are populated.

232-236: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Redundant if err != nil around the assertion.

o.Expect(err).NotTo(o.HaveOccurred()) already fails (and halts via panic) when err != nil, so the surrounding conditional adds nothing and only obscures intent. The same pattern repeats at Lines 336-339. Assert unconditionally.

♻️ Suggested change
-		oldSecret, err := kubeClient.CoreV1().Secrets(cert.Namespace).Get(ctx, cert.SecretName, metav1.GetOptions{})
-		if err != nil {
-			o.Expect(err).NotTo(o.HaveOccurred(), "certificate %s/%s must exist before deletion", cert.Namespace, cert.SecretName)
-		}
+		oldSecret, err := kubeClient.CoreV1().Secrets(cert.Namespace).Get(ctx, cert.SecretName, metav1.GetOptions{})
+		o.Expect(err).NotTo(o.HaveOccurred(), "certificate %s/%s must exist before deletion", cert.Namespace, cert.SecretName)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/extended/pki/pki_kube_apiserver.go` around lines 232 - 236, Remove the
redundant `if err != nil` guard around the
`o.Expect(err).NotTo(o.HaveOccurred(), ...)` assertion in the certificate secret
lookup, and let the expectation run unconditionally before using
`oldSecret.UID`. Apply the same cleanup to the repeated pattern later in this
test (the `kubeClient.CoreV1().Secrets(...).Get` plus `o.Expect` block), so the
intent is clearer and the assertion alone handles failures.

42-48: 🩺 Stability & Availability | 🔵 Trivial

Accept the Ginkgo context in these It bodies.

These [Slow] specs can wait up to 20 minutes, so context.TODO() bypasses Ginkgo timeout and cancellation handling. Thread the spec context through instead.

♻️ Suggested change
-	g.It("should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Slow][Skipped:MicroShift]", func() {
-		testUniformPKIConfigurations(context.TODO(), kubeClient, configClient)
-	})
+	g.It("should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Slow][Skipped:MicroShift]", func(ctx context.Context) {
+		testUniformPKIConfigurations(ctx, kubeClient, configClient)
+	})
 
-	g.It("should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Slow][Skipped:MicroShift]", func() {
-		testMixedPKIConfigurations(context.TODO(), kubeClient, configClient)
-	})
+	g.It("should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Slow][Skipped:MicroShift]", func(ctx context.Context) {
+		testMixedPKIConfigurations(ctx, kubeClient, configClient)
+	})
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/extended/pki/pki_kube_apiserver.go` around lines 42 - 48, The two Ginkgo
It bodies are using context.TODO(), which bypasses Ginkgo’s timeout and
cancellation handling for these long-running [Slow] specs. Update the uniform
and mixed PKI specs to accept the Ginkgo context from the It body and pass that
spec context through to testUniformPKIConfigurations and
testMixedPKIConfigurations instead of creating a TODO context, so cancellation
and timeout behavior is preserved.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/extended/pki/pki_kube_apiserver.go`:
- Around line 196-384: The regeneration/verify flow is duplicated in
testKubeAPIServerCertificates and testMixedKubeAPIServerCertificates; extract
the shared get-UID → deleteCertificateSecret → waitForSecretRegeneration →
getCertificateFromSecret loop into a helper. Make the helper take
operatorCertificate plus the expected algorithm/size/curve inputs so both
callers can reuse the same timeout and verification logic while only differing
in how expectations are populated.
- Around line 232-236: Remove the redundant `if err != nil` guard around the
`o.Expect(err).NotTo(o.HaveOccurred(), ...)` assertion in the certificate secret
lookup, and let the expectation run unconditionally before using
`oldSecret.UID`. Apply the same cleanup to the repeated pattern later in this
test (the `kubeClient.CoreV1().Secrets(...).Get` plus `o.Expect` block), so the
intent is clearer and the assertion alone handles failures.
- Around line 42-48: The two Ginkgo It bodies are using context.TODO(), which
bypasses Ginkgo’s timeout and cancellation handling for these long-running
[Slow] specs. Update the uniform and mixed PKI specs to accept the Ginkgo
context from the It body and pass that spec context through to
testUniformPKIConfigurations and testMixedPKIConfigurations instead of creating
a TODO context, so cancellation and timeout behavior is preserved.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 57aa33bc-1f72-4c5b-94ea-09a80b5afb76

📥 Commits

Reviewing files that changed from the base of the PR and between 1820a38 and aa956c0.

📒 Files selected for processing (4)
  • test/extended/include.go
  • test/extended/pki/helpers.go
  • test/extended/pki/pki_kube_apiserver.go
  • test/extended/pki/pki_service_ca.go
🚧 Files skipped from review as they are similar to previous changes (3)
  • test/extended/include.go
  • test/extended/pki/helpers.go
  • test/extended/pki/pki_service_ca.go

@openshift-ci openshift-ci Bot added the ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review label Jun 25, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/test e2e-gcp-ovn-techpreview-serial-1of2
/test e2e-gcp-ovn-techpreview-serial-2of2

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/test e2e-gcp-ovn-techpreview-pkiconfig

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/retest

@openshift-trt

openshift-trt Bot commented Jun 29, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig High - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test that was not present in all runs against the current commit.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig High - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test that was not present in all runs against the current commit.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig High - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test that was not present in all runs against the current commit.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

@openshift-trt

openshift-trt Bot commented Jun 29, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/retest

@openshift-trt

openshift-trt Bot commented Jun 30, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

1 similar comment
@openshift-trt

openshift-trt Bot commented Jun 30, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/retest

@openshift-trt

openshift-trt Bot commented Jul 1, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

1 similar comment
@openshift-trt

openshift-trt Bot commented Jul 1, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/retest

@openshift-trt

openshift-trt Bot commented Jul 1, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/retest

@gangwgr

gangwgr commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 2, 2026
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: gangwgr, kaleemsiddiqu
Once this PR has been reviewed and has the lgtm label, please assign stbenjam for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-trt

openshift-trt Bot commented Jul 2, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: f0278a2

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: f0278a2

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 2, Pass: 2, Fail: 0, Flake: 0]

…perator

Tests for kube-apiserver and service-ca for pki config

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
@openshift-ci-robot openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label Jul 3, 2026
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 3, 2026
@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

New changes are detected. LGTM label has been removed.

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/test e2e-gcp-ovn-techpreview-pkiconfig

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@openshift-trt

openshift-trt Bot commented Jul 3, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 04f645f

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: 04f645f

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]

@kaleemsiddiqu

Copy link
Copy Markdown
Author

/retest

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@kaleemsiddiqu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gcp-ovn-techpreview-serial-2of2 ba29d50 link false /test e2e-gcp-ovn-techpreview-serial-2of2
ci/prow/e2e-gcp-ovn-techpreview-serial-1of2 ba29d50 link false /test e2e-gcp-ovn-techpreview-serial-1of2
ci/prow/e2e-aws-ovn-single-node-techpreview-serial ba29d50 link false /test e2e-aws-ovn-single-node-techpreview-serial
ci/prow/e2e-metal-ipi-ovn-ipv6 04f645f link true /test e2e-metal-ipi-ovn-ipv6
ci/prow/e2e-aws-csi 04f645f link true /test e2e-aws-csi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-trt

openshift-trt Bot commented Jul 3, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 04f645f

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: 04f645f

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]

1 similar comment
@openshift-trt

openshift-trt Bot commented Jul 3, 2026

Copy link
Copy Markdown

Risk analysis has seen new tests most likely introduced by this PR.
Please ensure that new tests meet guidelines for naming and stability.

New Test Risks for sha: 04f645f

Job Name New Test Risk
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.
pull-ci-openshift-origin-main-e2e-gcp-ovn-techpreview-pkiconfig Medium - "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" is a new test, and was only seen in one job.

New tests seen in this PR at sha: 04f645f

  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate mixed PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
  • "[sig-kube-apiserver][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate uniform PKI configurations and certificate regeneration [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]
  • "[sig-service-ca][OCPFeatureGate:ConfigurablePKI][Serial][Disruptive][Suite:openshift/pkiconfig] PKI Configuration should validate PKI config and regenerate signing cert [apigroup:config.openshift.io][Skipped:MicroShift]" [Total: 1, Pass: 1, Fail: 0, Flake: 0]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants