Summary:
New webhook test flakes in CI — ensure tolerance to openshift-service-ca certificate rotation before re-adding to Sippy.
Details:
OTE: Tests
[sig-olmv1][OCPFeatureGate:NewOLMWebhookProviderOpenshiftServiceCA][Skipped:Disconnected][Serial] OLMv1 operator with webhooks should be tolerant to tls secret deletion
- Passes locally.
"name": "[sig-olmv1][OCPFeatureGate:NewOLMWebhookProviderOpenshiftServiceCA][Skipped:Disconnected][Serial] OLMv1 operator with webhooks should be tolerant to tls secret deletion", "lifecycle": "blocking", "duration": 195228, "startTime": "2025-08-15 15:57:38.127373 UTC", "endTime": "2025-08-15 16:00:53.356339 UTC", "result": "passed", "output": " STEP: initializing Kubernetes client @ 08/15/25 17:00:26.536\n STEP: requiring OLMv1 capability on OpenShift @ 08/15/25 17:00:26.536\n STEP: ensuring no ClusterExtension and CRD from a previous run @ 08/15/25 17:00:26.665\n STEP: checking if the webhook-operator-catalog exists @ 08/15/25 17:00:26.92\n STEP: webhook-operator catalog webhook-operator-catalog already exists, skipping creation @ 08/15/25 17:00:27.045\n STEP: installing the webhook operator in namespace webhook-operator-4rh52 @ 08/15/25 17:00:27.045\n STEP: creating a ClusterRoleBinding to cluster-admin for the webhook operator @ 08/15/25 17:00:27.437\n STEP: waiting for the webhook operator to be installed @ 08/15/25 17:00:27.822\n STEP: waiting for the webhook operator's service to be ready @ 08/15/25 17:00:31.327\n STEP: waiting for the webhook operator's service certificate secret to exist and be populated @ 08/15/25 17:00:31.456\n STEP: ensuring secret exists before deletion attempt @ 08/15/25 17:00:31.588\n STEP: checking webhook is responsive through secret recreation after manual deletion @ 08/15/25 17:00:31.721\n STEP: waiting for the webhook operator's service certificate secret to be recreated and populated @ 08/15/25 17:00:31.862\n STEP: performing webhook operator cleanup @ 08/15/25 17:00:42.429\n STEP: cleanup: deleting ClusterExtension webhook-operator-4rh52 @ 08/15/25 17:00:42.43\n STEP: cleanup: deleting ClusterRoleBinding webhook-operator-4rh52-operator-crb @ 08/15/25 17:00:42.566\n STEP: cleanup: deleting ServiceAccount webhook-operator-4rh52-installer in namespace webhook-operator-4rh52 @ 08/15/25 17:00:42.721\n STEP: cleanup: deleting namespace webhook-operator-4rh52 @ 08/15/25 17:00:42.854\n STEP: waiting for namespace webhook-operator-4rh52 to be fully deleted @ 08/15/25 17:00:42.989\n"
And in the pre-merge:
- presubmit job https://github.com/openshift/release/blob/master/ci-operator/config/openshift/oper[…]ller/openshift-operator-framework-operator-controller-main.yaml which run olmv1/all
- it includes the serial cases. for example, https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshi[…]view-olmv1-ext/openshift-e2e-test/build-log.txt
- But failed in the Sippy and seems to be a flake:
- Likely timing issue during TLS secret recreation or webhook readiness check. the Error faced is:
` tls: failed to verify certificate: x509: certificate signed by unknown authority`
- relates to
-
OCPBUGS-60574 Component Readiness: [OLM] [OCPFeatureGate:NewOLM] Newly added test failing
-
- ASSIGNED
-
- links to
