IR-390: Make a configmap for MCO to consume CAs

[cdoern]

Took Flavian's work on the current PR, and fixed the configmap already exists bug. This should be good to go in tandem with: openshift/machine-config-operator#3770

[openshift-ci-robot]

@cdoern: This pull request references IR-390 which is a valid jira issue.

In response to this:

Took Flavian's work on the current PR, and fixed the configmap already exists bug. This should be good to go in tandem with: openshift/machine-config-operator#3770

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cdoern]

it seems like the generator thinks the configmap both exists and doesn't exist....

[cdoern]

hope this works! 🤞

[cdoern]

/retest-required

[cdoern]

/retest e2e-aws-ovn-image-registry

[openshift-ci]

@cdoern: The /retest command does not accept any targets.
The following commands are available to trigger required jobs:

• /test e2e-aws-operator
• /test e2e-aws-ovn
• /test e2e-aws-ovn-image-registry
• /test e2e-aws-ovn-upgrade
• /test e2e-hypershift
• /test e2e-vsphere-operator
• /test images
• /test unit
• /test verify

The following commands are available to trigger optional jobs:

• /test e2e-azure-operator
• /test e2e-azure-ovn
• /test e2e-gcp-operator
• /test e2e-gcp-ovn
• /test e2e-openstack
• /test e2e-ovirt-sdn
• /test e2e-vsphere

Use /test all to run the following jobs that were automatically triggered:

• pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws-operator
• pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws-ovn
• pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws-ovn-image-registry
• pull-ci-openshift-cluster-image-registry-operator-master-e2e-aws-ovn-upgrade
• pull-ci-openshift-cluster-image-registry-operator-master-e2e-hypershift
• pull-ci-openshift-cluster-image-registry-operator-master-e2e-ovirt-sdn
• pull-ci-openshift-cluster-image-registry-operator-master-images
• pull-ci-openshift-cluster-image-registry-operator-master-unit
• pull-ci-openshift-cluster-image-registry-operator-master-verify

In response to this:

/retest e2e-aws-ovn-image-registry

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cdoern]

/test e2e-aws-ovn-image-registry

[dmage]

/retest

[dmage]

/retest

[dmage]

/lgtm

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD ea479d1 and 2 for PR HEAD bc624ce in total

[cdoern]

/retest-required

[cdoern]

/assign @sferich888 @xiuwang @stevsmit

[sferich888]

/lgtm for 4.15 provided we align the paperwork in Jira

[cdoern]

/lgtm for 4.15 provided we align the paperwork in Jira

@sferich888 this is a high priority for 4.14, is that possible?

[cdoern]

/retest-required

[xiuwang]

image-registry-ca cm in openshift-config-managed keeps same content with image-registry-certificates cm of openshift-image-registry namespace.
Will check hypershift situation, and update here

[cdoern]

/test e2e-aws-operator

[xiuwang]

Hypershift hosted cluster install failed with such error, will try more times

07-20 16:49:17.842  + aws s3api delete-public-access-block --bucket aos-hypershift-ci-oidc-5811
07-20 16:49:18.399  /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
07-20 16:49:18.399    from cryptography.hazmat.bindings.openssl.binding import Binding
07-20 16:49:18.399  
07-20 16:49:18.399  An error occurred (NoSuchBucket) when calling the DeletePublicAccessBlock operation: The specified bucket does not exist
07-20 16:49:18.399  + export hypershift_bucket_name=aos-hypershift-ci-oidc-5811
07-20 16:49:18.399  + hypershift_bucket_name=aos-hypershift-ci-oidc-5811
07-20 16:49:18.399  + echo '{
07-20 16:49:18.399              "Version": "2012-10-17",
07-20 16:49:18.399              "Statement": [
07-20 16:49:18.399                  {
07-20 16:49:18.399                  "Effect": "Allow",
07-20 16:49:18.399                  "Principal": "*",
07-20 16:49:18.399                  "Action": "s3:GetObject",
07-20 16:49:18.399                  "Resource": "arn:aws:s3:::${hypershift_bucket_name}/*"
07-20 16:49:18.399                  }
07-20 16:49:18.399              ]
07-20 16:49:18.399          }'
07-20 16:49:18.399  + envsubst
07-20 16:49:18.399  + cat policy.json
07-20 16:49:18.399  {
07-20 16:49:18.399              "Version": "2012-10-17",
07-20 16:49:18.399              "Statement": [
07-20 16:49:18.399                  {
07-20 16:49:18.399                  "Effect": "Allow",
07-20 16:49:18.399                  "Principal": "*",
07-20 16:49:18.399                  "Action": "s3:GetObject",
07-20 16:49:18.399                  "Resource": "arn:aws:s3:::aos-hypershift-ci-oidc-5811/*"
07-20 16:49:18.399                  }
07-20 16:49:18.399              ]
07-20 16:49:18.399          }
07-20 16:49:18.399  + aws s3api put-bucket-policy --bucket aos-hypershift-ci-oidc-5811 --policy file://policy.json/
07-20 16:49:18.958  /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
07-20 16:49:18.958    from cryptography.hazmat.bindings.openssl.binding import Binding
07-20 16:49:18.958  
07-20 16:49:18.958  An error occurred (NoSuchBucket) when calling the PutBucketPolicy operation: The specified bucket does not exist
07-20 16:49:18.958  + return 255
07-20 16:49:18.958  + '[' 255 -eq 0 ']'
07-20 16:49:18.958  + echo 'try 1 time to create s3 bucket aos-hypershift-ci-oidc-5811'
07-20 16:49:18.958  try 1 time to create s3 bucket aos-hypershift-ci-oidc-5811
07-20 16:49:18.958  + n=2
07-20 16:49:18.958  + sleep 5
07-20 16:49:24.185  + '[' 2 -ge 3 ']'
07-20 16:49:24.185  + hypershift_create_s3_bucket aos-hypershift-ci-oidc-5811 us-east-1
07-20 16:49:24.185  + local bucket_name=aos-hypershift-ci-oidc-5811
07-20 16:49:24.185  + local bucket_region=us-east-1
07-20 16:49:24.185  + aws s3api head-bucket --bucket aos-hypershift-ci-oidc-5811
07-20 16:49:24.743  /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
07-20 16:49:24.743    from cryptography.hazmat.bindings.openssl.binding import Binding
07-20 16:49:24.743  
07-20 16:49:24.743  An error occurred (404) when calling the HeadBucket operation: Not Found
07-20 16:49:24.743  + '[' 255 -ne 0 ']'
07-20 16:49:24.743  + aws s3api create-bucket --create-bucket-configuration LocationConstraint=us-east-1 --region us-east-1 --bucket aos-hypershift-ci-oidc-5811
07-20 16:49:25.301  /usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
07-20 16:49:25.301    from cryptography.hazmat.bindings.openssl.binding import Binding
07-20 16:49:25.301  
07-20 16:49:25.301  An error occurred (InvalidLocationConstraint) when calling the CreateBucket operation: The specified location-constraint is not valid

[cdoern]

@xiuwang I don't think that should relate to my work, might have been a general failure / flake

[xiuwang]

@cdoern You are right, I can launch the hypershift hosted cluster.
image-registry-ca cm in openshift-config-managed keeps same content with image-registry-certificates cm in openshift-image-registry except the additionalTrustedCA

[xiuwang]

/label qe-approved

[xiuwang]

/retest

[openshift-ci]

@cdoern: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ovirt-sdn	9404a02	link	false	/test e2e-ovirt-sdn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[dmage]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cdoern, dmage, sferich888

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dmage]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment