1. Proposed title of this feature request

3rd-Party CNI Conformance Tests for HCP Guest Clusters

2. What is the nature and description of the request?

Most OpenShift components should "just work" with HCP, but this is not true with 3rd-party CNI plugins that we jointly support with vendors. The two CNIs in particular we want to initially target are Cisco/Isovalent's Cilium Enterprise CNI and Tigera's Calico Enterprise CNI.

To mitigate issues, vendors are asked to follow the Red Hat Container Network Interface certification process, which includes a final step that runs one or more conformance tests.

The results of what was tested is captured on the Red Hat Certified OpenShift CNI Plug-ins page. In its certification page tables, there is a column titled "tests" that can have possible values of:

• net (mandatory upstream k8s networking conformance tests)
• virt (optional OCP Virt-created conformance tests)
• mesh (optional OSSM-created tests)

Once certified (typically a one-time effort), the vendor can re-run the validation tests - typically a 30-60min process including cluster installation - at any OpenShift+3rd-party-CNI version intersection they want as additional assurance for their customers. The test(s) do not test the CNI and its specific features, whatsoever. The tests simply provide some fundamental validation that, for example, the vendor's latest version of their CNI did not break expected k8s networking (e.g. pod-to-pod communication, service reachability, etc.), or did not break fundamental connectivity of OSSM or OCP Virtualization layered products.

The mechanics: the vendor stands up an OpenShift cluster, installs their CNI, runs the conformance tests, and sends the results to the Red Hat certification team for validation. Upon passing the tests, we would add the text "hcp" to that "tests" column of the CNI's table on the certification page.

Both the OCP Virt team the OSSM team created theirs, and both conformance tests are optional. (Running the CNI tests")

Our request: The HCP team creates an optional set of tests, as well. This would not be for the control cluster, this would be a test of the 3rd-party CNI installed on the guest cluster(s), only.

3. Why does the customer need this? (List the business requirements here)

We (vendors and Red Hat) have joint HCP customers that have found deployment problems that would have been found very early by these tests.

4. List any affected packages or components.

• OpenShift CNI plugin