Skip to content

OCPNODE-4604: add quay-proxy.ci.openshift.org as alllowed to reboot requried test#31356

Open
QiWang19 wants to merge 1 commit into
openshift:mainfrom
QiWang19:add-allowed-list
Open

OCPNODE-4604: add quay-proxy.ci.openshift.org as alllowed to reboot requried test#31356
QiWang19 wants to merge 1 commit into
openshift:mainfrom
QiWang19:add-allowed-list

Conversation

@QiWang19

@QiWang19 QiWang19 commented Jun 30, 2026

Copy link
Copy Markdown
Member

fix test wait for node drain/reboot timeout error, in the presubmit test job: https://prow.ci.openshift.org/view/gs/test-platform-results/logs/openshift-origin-31324-openshift-api-2900-openshift-machine-config-operator-6220-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-1of2/2071833054464184320

[Suite:openshift/disruptive-longrunning][sig-node][Disruptive] Image registry config [OTP] change container registry config [OCP-44820] [Serial]


fail [github.com/openshift/origin/test/extended/imagepolicy/imagepolicy.go:710]: Timed out after 1200.001s.
Expected
    <bool>: false
to be true

Summary by CodeRabbit

  • Tests
    • Updated registry configuration checks to account for an additional allowed container registry, aligning node validation with the latest expected registry settings.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 30, 2026
@openshift-ci openshift-ci Bot requested review from cpmeadors and sairameshv June 30, 2026 17:39
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Walkthrough

In the e2e test for image registry configuration, quay-proxy.ci.openshift.org is added to the AllowedRegistries list written to image.config.openshift.io/cluster, alongside the existing image-registry.openshift-image-registry.svc:5000 entry.

Changes

Image Registry Config Test

Layer / File(s) Summary
Add quay-proxy to AllowedRegistries
test/extended/node/node_e2e/image_registry_config.go
quay-proxy.ci.openshift.org is added to the AllowedRegistries slice in the test's cluster image config setup.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 13 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Test Structure And Quality ⚠️ Warning Allowed list adds quay-proxy at lines 80-83, but post-rollout checks only searchRegistry in policy.json at 122-123, so the new behavior isn’t verified. Assert quay-proxy.ci.openshift.org is present in policy.json after rollout, matching the updated allowlist.
Single Node Openshift (Sno) Test Compatibility ⚠️ Warning The test still requires a non-empty list of pure worker nodes and has no SNO skip, so it can fail on Single Node OpenShift. Add a [Skipped:SingleReplicaTopology] label or runtime single-node skip before selecting worker nodes.
✅ Passed checks (13 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The only Ginkgo title is a static string; the change only touches test body values, not test names.
Microshift Test Compatibility ✅ Passed The test uses image.config.openshift.io, but a BeforeEach checks exutil.IsMicroShiftCluster() and g.Skip()s on MicroShift.
Topology-Aware Scheduling Compatibility ✅ Passed The PR only updates a node e2e test’s allowed-registry list; it introduces no deployment/controller scheduling constraints.
Ote Binary Stdout Contract ✅ Passed The only change is an allowlist string in a Ginkgo It block; no main/init/TestMain/suite-setup stdout writes were added.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed The test only updates and verifies cluster image registry config/node files; it doesn’t connect to external hosts or use IPv4-only IP logic.
No-Weak-Crypto ✅ Passed The changed file only updates image registry test data and contains no weak crypto, custom crypto, or secret/token comparisons.
Container-Privileges ✅ Passed The PR only changes a Go e2e test; no K8s/container manifests or privilege settings (privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation) were added.
No-Sensitive-Data-In-Logs ✅ Passed The PR only adds a registry allowlist entry; it doesn’t add or alter logging, and the new string isn’t sensitive.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: adding quay-proxy.ci.openshift.org to the allowed list for the reboot-required test.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@QiWang19

Copy link
Copy Markdown
Member Author

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-1of2
/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-2of2

@openshift-ci

openshift-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@QiWang19: trigger 2 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-1of2
  • periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-2of2

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/0ae908f0-74ab-11f1-8242-86c6e5a7b82e-0

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/extended/node/node_e2e/image_registry_config.go`:
- Around line 80-83: The rollout check in image_registry_config.go only verifies
searchRegistry in policy.json, so it can miss the new
quay-proxy.ci.openshift.org allowlist entry being dropped. Update the
post-rollout assertion around the
imageConfig.Spec.RegistrySources.AllowedRegistries setup and the policy.json
validation to explicitly check that quay-proxy.ci.openshift.org is present in
the rendered allowlist after rollout, alongside the existing registry entries.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 1ce62645-2531-4cd8-8b18-96bf3e429d9e

📥 Commits

Reviewing files that changed from the base of the PR and between 6bf37da and 252482a.

📒 Files selected for processing (1)
  • test/extended/node/node_e2e/image_registry_config.go

Comment thread test/extended/node/node_e2e/image_registry_config.go
@QiWang19

Copy link
Copy Markdown
Member Author

/test all

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@QiWang19 QiWang19 changed the title WIP: add quay-proxy.ci.openshift.org as alllowed to reboot requried test … add quay-proxy.ci.openshift.org as alllowed to reboot requried test … Jun 30, 2026
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 30, 2026
@openshift-ci openshift-ci Bot added the ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review label Jun 30, 2026
@QiWang19

Copy link
Copy Markdown
Member Author

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-1of2
/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-2of2

@openshift-ci

openshift-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@QiWang19: trigger 2 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-1of2
  • periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-2of2

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/f58c3e90-74ce-11f1-824a-fd7f802d4877-0

@QiWang19

Copy link
Copy Markdown
Member Author

/payload-job periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning

@openshift-ci

openshift-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@QiWang19: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-disruptive-longrunning

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/5bd0f830-74cf-11f1-91db-29d06be84cd4-0

@QiWang19

QiWang19 commented Jul 1, 2026

Copy link
Copy Markdown
Member Author

Image registry config [OTP] change container registry config [OCP-44820] [Serial]
@ngopalak-redhat PTAL, I think this can fix the above test timeout failure.

@ngopalak-redhat

Copy link
Copy Markdown
Contributor

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 1, 2026
@QiWang19

QiWang19 commented Jul 1, 2026

Copy link
Copy Markdown
Member Author

/verified by payload-jobs

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jul 1, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@QiWang19: This PR has been marked as verified by payload-jobs.

Details

In response to this:

/verified by payload-jobs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@QiWang19 QiWang19 changed the title add quay-proxy.ci.openshift.org as alllowed to reboot requried test … OCPNODE-4604: add quay-proxy.ci.openshift.org as alllowed to reboot requried test Jul 1, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 1, 2026
@openshift-ci-robot

openshift-ci-robot commented Jul 1, 2026

Copy link
Copy Markdown

@QiWang19: This pull request references OCPNODE-4604 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

fix test wait for node drain/reboot timeout error, in the presubmit test job: https://prow.ci.openshift.org/view/gs/test-platform-results/logs/openshift-origin-31324-openshift-api-2900-openshift-machine-config-operator-6220-nightly-5.0-e2e-aws-disruptive-longrunning-techpreview-1of2/2071833054464184320

[Suite:openshift/disruptive-longrunning][sig-node][Disruptive] Image registry config [OTP] change container registry config [OCP-44820] [Serial]


fail [github.com/openshift/origin/test/extended/imagepolicy/imagepolicy.go:710]: Timed out after 1200.001s.
Expected
   <bool>: false
to be true

Summary by CodeRabbit

  • Tests
  • Updated registry configuration checks to account for an additional allowed container registry, aligning node validation with the latest expected registry settings.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@QiWang19

QiWang19 commented Jul 1, 2026

Copy link
Copy Markdown
Member Author

@sairameshv @cpmeadors PTAL

imageConfig.Spec.RegistrySources.AllowedRegistries = []string{
"registry.access.redhat.com", "docker.io", "quay.io", searchRegistry,
"image-registry.openshift-image-registry.svc:5000",
"image-registry.openshift-image-registry.svc:5000", "quay-proxy.ci.openshift.org",

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ngopalak-redhat, QiWang19, sairameshv

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 2, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

/retest-required

Remaining retests: 0 against base HEAD 6bf37da and 2 for PR HEAD 252482a in total

@QiWang19

QiWang19 commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

/retest-required

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

/retest-required

Remaining retests: 0 against base HEAD f2c72ee and 1 for PR HEAD 252482a in total

@QiWang19

QiWang19 commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

/retest-required

1 similar comment
@QiWang19

QiWang19 commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

/retest-required

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@QiWang19: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-csi 252482a link true /test e2e-aws-csi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants