[release-4.21] OCPBUGS-85781: Add AWS ISO domains to konnectivity IsCloudAPI

[openshift-cherrypick-robot]

This is an automated cherry-pick of #8447

/assign csrwng

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9376eea7-4f43-4f98-99f8-bc89cce60b75

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-85779 has been cloned as Jira Issue OCPBUGS-85781. Will retitle bug to link to clone.
/retitle [release-4.21] OCPBUGS-85781: Add AWS ISO domains to konnectivity IsCloudAPI

Details

In response to this:

This is an automated cherry-pick of #8447

/assign csrwng

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-85781, which is invalid:

• expected dependent Jira Issue OCPBUGS-85779 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is MODIFIED instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This is an automated cherry-pick of #8447

/assign csrwng

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[csrwng]

/jira refresh

[openshift-ci-robot]

@csrwng: This pull request references Jira Issue OCPBUGS-85781, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.21.z) matches configured target version for branch (4.21.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• release note text is set and does not match the template
• dependent bug Jira Issue OCPBUGS-85779 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-85779 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
• bug has dependents

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[csrwng]

/approve
/lgtm
/label backport-risk-assessed
/retest-required

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csrwng, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [csrwng]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[csrwng]

/verified by unit test

[openshift-ci-robot]

@csrwng: This PR has been marked as verified by unit test.

Details

In response to this:

/verified by unit test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 8b2e94f and 2 for PR HEAD 858e08a in total

[csrwng]

Analysis of NTO failure:

NTO operator/operand version mismatch delayed PerformanceProfile processing beyond test timeout

The test creates a PerformanceProfile ConfigMap and waits up to 10 minutes for the NTO to produce a corresponding status ConfigMap (labeled hypershift.openshift.io/nto-generated-performance-profile-status: "true"). However, the NTO's PerformanceProfile controller was stuck in a retry loop logging "operator and operand release versions do not match" for approximately 13 minutes (00:32:37 → 00:45:57), refusing to reconcile the PerformanceProfile until versions aligned.

The status ConfigMap was eventually created at 00:46:07, but the test's 10-minute timeout had already expired around ~00:42:40. The test context was exhausted, causing even the client rate limiter to report context deadline exceeded.

Root cause: During initial cluster convergence, the NTO operator image version and the operand (tuned daemon) version did not match. The NTO explicitly gates PerformanceProfile processing on version alignment (performanceprofile_controller.go:413). With 23 parallel sub-tests all operating on the same HostedCluster (including upgrade tests like TestNodePoolReplaceUpgrade, TestRollingUpgrade, and TestNodePoolInPlaceUpgrade), the convergence took over 13 minutes, exceeding the test's 10-minute budget.

This is a flaky test / timing issue, not a code regression. The PerformanceProfile was ultimately processed correctly — the status ConfigMap exists in the artifact dump with valid conditions (Available=True, Degraded=False).

Given that this is not related to the PR, overriding the e2e-aws test
/override ci/prow/e2e-aws

[openshift-ci]

@csrwng: Overrode contexts on behalf of csrwng: ci/prow/e2e-aws

Details

In response to this:

Analysis of NTO failure:

NTO operator/operand version mismatch delayed PerformanceProfile processing beyond test timeout

The test creates a PerformanceProfile ConfigMap and waits up to 10 minutes for the NTO to produce a corresponding status ConfigMap (labeled hypershift.openshift.io/nto-generated-performance-profile-status: "true"). However, the NTO's PerformanceProfile controller was stuck in a retry loop logging "operator and operand release versions do not match" for approximately 13 minutes (00:32:37 → 00:45:57), refusing to reconcile the PerformanceProfile until versions aligned.

The status ConfigMap was eventually created at 00:46:07, but the test's 10-minute timeout had already expired around ~00:42:40. The test context was exhausted, causing even the client rate limiter to report context deadline exceeded.

Root cause: During initial cluster convergence, the NTO operator image version and the operand (tuned daemon) version did not match. The NTO explicitly gates PerformanceProfile processing on version alignment (performanceprofile_controller.go:413). With 23 parallel sub-tests all operating on the same HostedCluster (including upgrade tests like TestNodePoolReplaceUpgrade, TestRollingUpgrade, and TestNodePoolInPlaceUpgrade), the convergence took over 13 minutes, exceeding the test's 10-minute budget.

This is a flaky test / timing issue, not a code regression. The PerformanceProfile was ultimately processed correctly — the status ConfigMap exists in the artifact dump with valid conditions (Available=True, Degraded=False).

Given that this is not related to the PR, overriding the e2e-aws test
/override ci/prow/e2e-aws

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@openshift-cherrypick-robot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws	858e08a	link	true	/test e2e-aws

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue Verification Checks: Jira Issue OCPBUGS-85781
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-85781 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

This is an automated cherry-pick of #8447

/assign csrwng

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.