From 88bfabc66fee25d570e384277d59945308b32f26 Mon Sep 17 00:00:00 2001 From: Bryce Palmer Date: Tue, 2 Sep 2025 16:14:27 -0400 Subject: [PATCH 1/2] cao: add 4.21 periodics for BYO OIDC feature Signed-off-by: Bryce Palmer --- ...tion-operator-release-4.21__periodics.yaml | 337 ++++ ...ation-operator-release-4.21-periodics.yaml | 1582 +++++++++++++++++ ...ion-operator-release-4.21-postsubmits.yaml | 61 + ...tion-operator-release-4.21-presubmits.yaml | 56 + 4 files changed, 2036 insertions(+) create mode 100644 ci-operator/config/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21__periodics.yaml create mode 100644 ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-periodics.yaml diff --git a/ci-operator/config/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21__periodics.yaml b/ci-operator/config/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21__periodics.yaml new file mode 100644 index 0000000000000..4c13575b3a3d3 --- /dev/null +++ b/ci-operator/config/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21__periodics.yaml @@ -0,0 +1,337 @@ +base_images: + dev-scripts: + name: test + namespace: ocp-kni + tag: dev-scripts + ocp_4.21_base-rhel9: + name: "4.21" + namespace: ocp + tag: base-rhel9 + ocp_builder_rhel-9-golang-1.24-openshift-4.21: + name: builder + namespace: ocp + tag: rhel-9-golang-1.24-openshift-4.21 + upi-installer: + name: "4.21" + namespace: ocp + tag: upi-installer +binary_build_commands: make build --warn-undefined-variables +build_root: + from_repository: true +images: +- dockerfile_path: Dockerfile.rhel7 + inputs: + ocp_4.21_base-rhel9: + as: + - registry.ci.openshift.org/ocp/4.21:base-rhel9 + ocp_builder_rhel-9-golang-1.24-openshift-4.21: + as: + - registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.21 + to: cluster-authentication-operator +promotion: + to: + - disabled: true + name: "4.21" + namespace: ocp +releases: + initial: + integration: + name: "4.21" + namespace: ocp + latest: + candidate: + product: ocp + stream: ci + version: "4.21" +resources: + '*': + requests: + cpu: 100m + memory: 200Mi +tests: +- as: e2e-aws-external-oidc-configure-techpreview + interval: 24h + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + reverting to IntegratedOAuth + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-aws + timeout: 5h0m0s +- as: e2e-azure-external-oidc-configure-techpreview + interval: 24h + steps: + cluster_profile: azure4 + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + reverting to IntegratedOAuth + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-azure + timeout: 5h0m0s +- as: e2e-gcp-external-oidc-configure-techpreview + interval: 24h + steps: + cluster_profile: gcp + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + reverting to IntegratedOAuth + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-gcp + timeout: 5h0m0s +- as: e2e-vsphere-external-oidc-configure-techpreview + interval: 24h + steps: + cluster_profile: vsphere-elastic + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + reverting to IntegratedOAuth + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-vsphere + timeout: 5h0m0s +- as: e2e-metal-ovn-ipv4-external-oidc-configure-techpreview + cluster: build05 + interval: 24h + steps: + cluster_profile: equinix-ocp-metal + env: + DEVSCRIPTS_CONFIG: | + IP_STACK=v4 + NETWORK_TYPE=OVNKubernetes + FEATURE_SET=TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + reverting to IntegratedOAuth + TEST_SUITE: openshift/auth/external-oidc + workflow: baremetalds-e2e + timeout: 5h0m0s +- as: e2e-metal-ovn-dualstack-external-oidc-configure-techpreview + cluster: build05 + interval: 24h + steps: + cluster_profile: equinix-ocp-metal + env: + DEVSCRIPTS_CONFIG: | + IP_STACK=v4v6 + NETWORK_TYPE=OVNKubernetes + FEATURE_SET=TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + reverting to IntegratedOAuth + TEST_SUITE: openshift/auth/external-oidc + workflow: baremetalds-e2e + timeout: 5h0m0s +- as: e2e-aws-sno-external-oidc-configure-techpreview + interval: 24h + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants,legacy-node-invariants,legacy-kube-apiserver-invariants,audit-log-analyzer + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + reverting to IntegratedOAuth + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-aws-single-node + timeout: 5h0m0s +- as: e2e-aws-external-oidc-rollback-techpreview + interval: 24h + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + external IdP is configured + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-aws + timeout: 5h0m0s +- as: e2e-azure-external-oidc-rollback-techpreview + interval: 24h + steps: + cluster_profile: azure4 + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + external IdP is configured + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-azure + timeout: 5h0m0s +- as: e2e-gcp-external-oidc-rollback-techpreview + interval: 24h + steps: + cluster_profile: gcp + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + external IdP is configured + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-gcp + timeout: 5h0m0s +- as: e2e-vsphere-external-oidc-rollback-techpreview + interval: 24h + steps: + cluster_profile: vsphere-elastic + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + external IdP is configured + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-vsphere + timeout: 5h0m0s +- as: e2e-metal-ovn-ipv4-external-oidc-rollback-techpreview + cluster: build05 + interval: 24h + steps: + cluster_profile: equinix-ocp-metal + env: + DEVSCRIPTS_CONFIG: | + IP_STACK=v4 + NETWORK_TYPE=OVNKubernetes + FEATURE_SET=TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + external IdP is configured + TEST_SUITE: openshift/auth/external-oidc + workflow: baremetalds-e2e + timeout: 5h0m0s +- as: e2e-metal-ovn-dualstack-external-oidc-rollback-techpreview + cluster: build05 + interval: 24h + steps: + cluster_profile: equinix-ocp-metal + env: + DEVSCRIPTS_CONFIG: | + IP_STACK=v4v6 + NETWORK_TYPE=OVNKubernetes + FEATURE_SET=TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + external IdP is configured + TEST_SUITE: openshift/auth/external-oidc + workflow: baremetalds-e2e + timeout: 5h0m0s +- as: e2e-aws-external-oidc-uid-extra-techpreview + interval: 24h + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDC\] + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-aws + timeout: 5h0m0s +- as: e2e-aws-sno-external-oidc-rollback-techpreview + interval: 24h + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants,legacy-node-invariants,legacy-kube-apiserver-invariants,audit-log-analyzer + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDCWithUIDAndExtraClaimMappings\]\|\[OCPFeatureGate:ExternalOIDC\] + external IdP is configured + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-aws-single-node + timeout: 5h0m0s +- as: e2e-azure-external-oidc-uid-extra-techpreview + interval: 24h + steps: + cluster_profile: azure4 + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDC\] + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-azure + timeout: 5h0m0s +- as: e2e-gcp-external-oidc-uid-extra-techpreview + interval: 24h + steps: + cluster_profile: gcp + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDC\] + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-gcp + timeout: 5h0m0s +- as: e2e-vsphere-external-oidc-uid-extra-techpreview + interval: 24h + steps: + cluster_profile: vsphere-elastic + env: + FEATURE_SET: TechPreviewNoUpgrade + OPENSHIFT_SKIP_EXTERNAL_TESTS: "True" + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDC\] + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-vsphere + timeout: 5h0m0s +- as: e2e-metal-ovn-ipv4-external-oidc-uid-extra-techpreview + cluster: build05 + interval: 24h + steps: + cluster_profile: equinix-ocp-metal + env: + DEVSCRIPTS_CONFIG: | + IP_STACK=v4 + NETWORK_TYPE=OVNKubernetes + FEATURE_SET=TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDC\] + TEST_SUITE: openshift/auth/external-oidc + workflow: baremetalds-e2e + timeout: 5h0m0s +- as: e2e-metal-ovn-dualstack-external-oidc-uid-extra-techpreview + cluster: build05 + interval: 24h + steps: + cluster_profile: equinix-ocp-metal + env: + DEVSCRIPTS_CONFIG: | + IP_STACK=v4v6 + NETWORK_TYPE=OVNKubernetes + FEATURE_SET=TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDC\] + TEST_SUITE: openshift/auth/external-oidc + workflow: baremetalds-e2e + timeout: 5h0m0s +- as: e2e-aws-sno-external-oidc-uid-extra-techpreview + interval: 24h + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + TEST_ARGS: --disable-monitor=legacy-cvo-invariants,legacy-test-framework-invariants,legacy-node-invariants,legacy-kube-apiserver-invariants,audit-log-analyzer + TEST_SKIPS: \[OCPFeatureGate:ExternalOIDC\] + TEST_SUITE: openshift/auth/external-oidc + workflow: openshift-e2e-aws-single-node + timeout: 5h0m0s +zz_generated_metadata: + branch: release-4.21 + org: openshift + repo: cluster-authentication-operator + variant: periodics diff --git a/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-periodics.yaml b/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-periodics.yaml new file mode 100644 index 0000000000000..cf7d05b0d0760 --- /dev/null +++ b/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-periodics.yaml @@ -0,0 +1,1582 @@ +periodics: +- agent: kubernetes + cluster: build09 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-aws-external-oidc-configure-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-external-oidc-configure-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build09 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-aws-external-oidc-rollback-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-external-oidc-rollback-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build09 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-aws-external-oidc-uid-extra-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-external-oidc-uid-extra-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build09 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-aws-sno-external-oidc-configure-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-sno-external-oidc-configure-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build09 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-aws-sno-external-oidc-rollback-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-sno-external-oidc-rollback-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build09 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-aws-sno-external-oidc-uid-extra-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-sno-external-oidc-uid-extra-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: azure4 + ci-operator.openshift.io/cloud-cluster-profile: azure4 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-azure-external-oidc-configure-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-azure-external-oidc-configure-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: azure4 + ci-operator.openshift.io/cloud-cluster-profile: azure4 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-azure-external-oidc-rollback-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-azure-external-oidc-rollback-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: azure4 + ci-operator.openshift.io/cloud-cluster-profile: azure4 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-azure-external-oidc-uid-extra-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-azure-external-oidc-uid-extra-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build04 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-gcp-external-oidc-configure-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-gcp-external-oidc-configure-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build04 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-gcp-external-oidc-rollback-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-gcp-external-oidc-rollback-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build04 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-gcp-external-oidc-uid-extra-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-gcp-external-oidc-uid-extra-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: equinix-ocp-metal + ci-operator.openshift.io/cloud-cluster-profile: equinix-ocp-metal + ci-operator.openshift.io/cluster: build05 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-metal-ovn-dualstack-external-oidc-configure-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-metal-ovn-dualstack-external-oidc-configure-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: equinix-ocp-metal + ci-operator.openshift.io/cloud-cluster-profile: equinix-ocp-metal + ci-operator.openshift.io/cluster: build05 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-metal-ovn-dualstack-external-oidc-rollback-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-metal-ovn-dualstack-external-oidc-rollback-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: equinix-ocp-metal + ci-operator.openshift.io/cloud-cluster-profile: equinix-ocp-metal + ci-operator.openshift.io/cluster: build05 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-metal-ovn-dualstack-external-oidc-uid-extra-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-metal-ovn-dualstack-external-oidc-uid-extra-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: equinix-ocp-metal + ci-operator.openshift.io/cloud-cluster-profile: equinix-ocp-metal + ci-operator.openshift.io/cluster: build05 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-metal-ovn-ipv4-external-oidc-configure-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-metal-ovn-ipv4-external-oidc-configure-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: equinix-ocp-metal + ci-operator.openshift.io/cloud-cluster-profile: equinix-ocp-metal + ci-operator.openshift.io/cluster: build05 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-metal-ovn-ipv4-external-oidc-rollback-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-metal-ovn-ipv4-external-oidc-rollback-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: equinix-ocp-metal + ci-operator.openshift.io/cloud-cluster-profile: equinix-ocp-metal + ci-operator.openshift.io/cluster: build05 + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-metal-ovn-ipv4-external-oidc-uid-extra-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-metal-ovn-ipv4-external-oidc-uid-extra-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: vsphere02 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-elastic + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-vsphere-external-oidc-configure-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-vsphere-external-oidc-configure-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: vsphere02 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-elastic + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-vsphere-external-oidc-rollback-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-vsphere-external-oidc-rollback-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: vsphere02 + decorate: true + decoration_config: + timeout: 5h0m0s + extra_refs: + - base_ref: release-4.21 + org: openshift + repo: cluster-authentication-operator + interval: 24h + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-elastic + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cluster-authentication-operator-release-4.21-periodics-e2e-vsphere-external-oidc-uid-extra-techpreview + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-vsphere-external-oidc-uid-extra-techpreview + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-postsubmits.yaml b/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-postsubmits.yaml index c728d256dd598..818f5b84ee729 100644 --- a/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-postsubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-postsubmits.yaml @@ -58,3 +58,64 @@ postsubmits: - name: result-aggregator secret: secretName: result-aggregator + - agent: kubernetes + always_run: true + branches: + - ^release-4\.21$ + cluster: build11 + decorate: true + labels: + ci-operator.openshift.io/is-promotion: "true" + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + max_concurrency: 1 + name: branch-ci-openshift-cluster-authentication-operator-release-4.21-periodics-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson + - --promote + - --report-credentials-file=/etc/report/credentials + - --target=[images] + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/push-secret + name: push-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: push-secret + secret: + secretName: registry-push-credentials-ci-central + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-presubmits.yaml b/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-presubmits.yaml index 96a1aac228042..9a277de4a3354 100644 --- a/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-authentication-operator/openshift-cluster-authentication-operator-release-4.21-presubmits.yaml @@ -855,6 +855,62 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.21$ + - ^release-4\.21- + cluster: build05 + context: ci/prow/periodics-images + decorate: true + labels: + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cluster-authentication-operator-release-4.21-periodics-images + rerun_command: /test periodics-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + - --variant=periodics + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )periodics-images,?($|\s.*) - agent: kubernetes always_run: true branches: From 15eaa60a4d9d4ee37c7efb6bfaba76d633549b2a Mon Sep 17 00:00:00 2001 From: Bryce Palmer Date: Wed, 3 Sep 2025 09:19:37 -0400 Subject: [PATCH 2/2] baremetalds/e2e: allow openshift/auth/external-oidc suite to specify test skips Signed-off-by: Bryce Palmer --- .../baremetalds/e2e/test/baremetalds-e2e-test-commands.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-operator/step-registry/baremetalds/e2e/test/baremetalds-e2e-test-commands.sh b/ci-operator/step-registry/baremetalds/e2e/test/baremetalds-e2e-test-commands.sh index fbfa46ebc974d..096d24a15ac4c 100644 --- a/ci-operator/step-registry/baremetalds/e2e/test/baremetalds-e2e-test-commands.sh +++ b/ci-operator/step-registry/baremetalds/e2e/test/baremetalds-e2e-test-commands.sh @@ -261,7 +261,7 @@ function upgrade() { } function suite() { - if [[ -n "${TEST_SKIPS}" && "${TEST_SUITE}" == "openshift/conformance/parallel" ]]; then + if [[ -n "${TEST_SKIPS}" && ("${TEST_SUITE}" == "openshift/conformance/parallel" || "${TEST_SUITE}" == "openshift/auth/external-oidc") ]]; then TESTS="$(openshift-tests run --dry-run --provider "${TEST_PROVIDER}" "${TEST_SUITE}")" && echo "${TESTS}" | grep -v "${TEST_SKIPS}" >/tmp/tests && echo "Skipping tests:" &&