-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.14.z, 4.15.z
Description of problem:
e2e tests executed in clusters installed with Platform External are reporting permanent failures in the openshift/conformance suite. Collecting the data from the provider AWS with cluster installed using UPI-method (infra onboarding guide: https://docs.providers.openshift.org/platform-external/installing/). PR WIP https://github.com/openshift/release/pull/45921
Version-Release number of selected component (if applicable):
4.14+
How reproducible:
Always
Steps to Reproduce:
1. Install OCP using platform type External on any cloud (tested on AWS)
2. (can create CCM or not, the failures are mostly consistent)
3. run openshift conformance suite: 'openshift-tests run openshift/conformance' --junit-dir ./results
4. Check the results/junits
Actual results:
$ cat ci-result_e2e_external-aws-ccm_*.failures.txt | sort | uniq -c | sort -rn | grep -E '^\s+2' 2 [sig-network][Feature:Router] The HAProxy router should expose a health check on the metrics port [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2 [sig-ci] [Early] prow job name should match network type [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] well-known endpoint should be reachable [apigroup:route.openshift.io] [apigroup:oauth.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that expire shortly works as expected when using a token authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that expire shortly works as expected when using a code authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that do not expire works as expected when using a token authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that do not expire works as expected when using a code authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the token URL [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the token request URL [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the root URL [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the logout URL [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the login URL for when there is only one IDP [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the login URL for the bootstrap IDP [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the login URL for the allow all IDP [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the grant URL [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the authorize URL [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:LDAP] LDAP IDP should authenticate against an ldap server [apigroup:user.openshift.io][apigroup:route.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-auth][Feature:HTPasswdAuth] HTPasswd IDP should successfully configure htpasswd and be responsive [apigroup:user.openshift.io][apigroup:route.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-arch][Late] clients should not use APIs that are removed in upcoming releases [apigroup:apiserver.openshift.io] [Suite:openshift/conformance/parallel] 2 [sig-arch][Late] all tls artifacts must be registered [Suite:openshift/conformance/parallel] 2 [sig-arch][Late] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel] 2 [sig-arch] External binary usage
Expected results:
Minimal failures. Check if we'll need to fix e2e for platform type external.
Additional info:
- https://issues.redhat.com/browse/SPLAT-1458 - Comment: https://issues.redhat.com/browse/SPLAT-1458?focusedId=24193377&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-24193377