Bug 1879445: Add a route annotation for Samesite

[miheer]

1. Add a route annotation for Samesite
   https://issues.redhat.com/browse/RFE-600
   Bug 1879445 - SameSite hardening breaks sticky load balancing

2. Adding notes that the upstream PR breaks product builds and we now have an "official" way to get the latest haproxy RPM
   we reverted their PR because it breaks Red Hat product builds

@jupierce @frobware

[openshift-ci-robot]

@miheer: This pull request references Bugzilla bug 1879445, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (3.11.z) matches configured target release for branch (3.11.z)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1879445: Add a route annotation for Samesite

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[miheer]

/test end_to_end
/test unit
/test extended_conformance_install
/test e2e-gcp

[miheer]

/test unit

[openshift-ci-robot]

@miheer: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/unit	183b0b3	link	/test unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[pweil-]

/assign @frobware

[frobware]

As it has been 15 days since the last CI run:

/test unit

[frobware]

Testing again in CI but also adding a hold as we have necessary changes in this PR to the Dockerfile that should not be commited. Those changes involve pulling in a temporary build of haproxy-1.8.26 which this change depends on.

/hold

[frobware]

Differences between failures in this CI which uses the new haproxy-1.8.26 RPM and a no-change PR to assert that this PR does not introduce new or different failures are (zero) :

    diff -w180 -y /tmp/flakes /tmp/bz  > ~/x.diff

2020/10/20 09:16:34 ci-operator version v20201015-b9bdbe6     |	2020/10/05 03:27:25 ci-operator version v20201002-9e95fb1
2020/10/20 09:16:34 Loading configuration from https://config |	2020/10/05 03:27:25 Loading configuration from https://config
2020/10/20 09:16:34 Resolved source https://github.com/opensh |	2020/10/05 03:27:25 Resolved source https://github.com/opensh
2020/10/20 09:16:34 Resolved openshift/release:golang-1.10 to |	2020/10/05 03:27:25 Resolved openshift/release:golang-1.10 to
2020/10/20 09:16:34 Resolved openshift/centos:7 to sha256:fe2 |	2020/10/05 03:27:25 Resolved openshift/centos:7 to sha256:fe2
2020/10/20 09:16:34 Using namespace https://console.build01.c |	2020/10/05 03:27:25 Using namespace https://console-openshift
2020/10/20 09:16:34 Running [input:root], src, unit	      |	2020/10/05 03:27:25 Running [input:root], src, unit
2020/10/20 09:16:35 Creating namespace ci-op-nl6pmbkq	      |	2020/10/05 03:27:25 Creating namespace ci-op-rh6hzqn9
2020/10/20 09:16:35 Creating rolebinding for user miheer in n |	2020/10/05 03:27:25 Creating rolebinding for user miheer in n
2020/10/20 09:16:35 Setting up pipeline imagestream for the t |	2020/10/05 03:27:25 Setting up pipeline imagestream for the t
2020/10/20 09:16:35 Created PDB for pods with openshift.io/bu |	2020/10/05 03:27:25 Created PDB for pods with openshift.io/bu
2020/10/20 09:16:35 Created PDB for pods with created-by-ci l |	2020/10/05 03:27:25 Created PDB for pods with created-by-ci l
2020/10/20 09:16:35 Tagging openshift/release:golang-1.10 int |	2020/10/05 03:27:25 Tagging openshift/release:golang-1.10 int
2020/10/20 09:16:35 Building src			      |	2020/10/05 03:27:25 Building src
2020/10/20 09:31:36 Build src succeeded after 16m38s	      |	2020/10/05 03:32:15 Build src succeeded after 4m50s
2020/10/20 09:31:36 Executing test unit			      |	2020/10/05 03:32:15 Executing test unit
2020/10/20 09:31:36 Executing pod "unit"		      <
[INFO] [CLEANUP] Cleaning up temporary directories		[INFO] [CLEANUP] Cleaning up temporary directories
[INFO] Running `go test`...					[INFO] Running `go test`...
[INFO] No compiled `gotest2junit` binary was found. Attemptin	[INFO] No compiled `gotest2junit` binary was found. Attemptin
[INFO]   $ hack/build-go.sh tools/gotest2junit			[INFO]   $ hack/build-go.sh tools/gotest2junit
++ Building go targets for linux/amd64: tools/gotest2junit	++ Building go targets for linux/amd64: tools/gotest2junit
[INFO] hack/build-go.sh exited with code 0 after 00h 00m 05s	[INFO] hack/build-go.sh exited with code 0 after 00h 00m 05s
FAIL: github.com/openshift/origin/pkg/build/builder TestDocke	FAIL: github.com/openshift/origin/pkg/build/builder TestDocke
FAIL: github.com/openshift/origin/pkg/build/builder TestDocke	FAIL: github.com/openshift/origin/pkg/build/builder TestDocke
FAIL: github.com/openshift/origin/pkg/build/builder TestDocke	FAIL: github.com/openshift/origin/pkg/build/builder TestDocke
FAIL: github.com/openshift/origin/pkg/build/builder TestPushE	FAIL: github.com/openshift/origin/pkg/build/builder TestPushE
FAIL: github.com/openshift/origin/pkg/build/builder TestGetSt	FAIL: github.com/openshift/origin/pkg/build/builder TestGetSt
SKIP: github.com/openshift/origin/pkg/oc/cli/admin/prune/imag	SKIP: github.com/openshift/origin/pkg/oc/cli/admin/prune/imag
SKIP: github.com/openshift/origin/pkg/templateservicebroker/s	SKIP: github.com/openshift/origin/pkg/templateservicebroker/s
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
[ERROR] hack/test-go.sh exited with code 1 after 01h 10m 27s  |	[ERROR] hack/test-go.sh exited with code 1 after 01h 11m 55s
2020/10/20 10:42:57 Container test in pod unit failed, exit c |	2020/10/05 04:45:06 Container test in pod unit failed, exit c
2020/10/20 10:42:57 Copied 2.46MB of artifacts from unit to / |	2020/10/05 04:45:06 Copied 2.44MB of artifacts from unit to /
2020/10/20 10:42:57 No custom metadata found and prow metadat |	2020/10/05 04:45:06 No custom metadata found and prow metadat
2020/10/20 10:42:58 Ran for 1h26m23s			      |	2020/10/05 04:45:06 Ran for 1h17m41s
error: some steps failed:					error: some steps failed:
  * could not run steps: step unit failed: test "unit" failed |	  * could not run steps: step unit failed: test "unit" failed

Container test exited with code 1, reason Error			Container test exited with code 1, reason Error
---								---
uilder TestDockerBuildError 0s					uilder TestDockerBuildError 0s
FAIL: github.com/openshift/origin/pkg/build/builder TestPushE	FAIL: github.com/openshift/origin/pkg/build/builder TestPushE
FAIL: github.com/openshift/origin/pkg/build/builder TestGetSt	FAIL: github.com/openshift/origin/pkg/build/builder TestGetSt
SKIP: github.com/openshift/origin/pkg/oc/cli/admin/prune/imag	SKIP: github.com/openshift/origin/pkg/oc/cli/admin/prune/imag
SKIP: github.com/openshift/origin/pkg/templateservicebroker/s	SKIP: github.com/openshift/origin/pkg/templateservicebroker/s
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk	SKIP: github.com/openshift/origin/vendor/k8s.io/kubernetes/pk
[ERROR] hack/test-go.sh exited with code 1 after 01h 10m 27s  |	[ERROR] hack/test-go.sh exited with code 1 after 01h 11m 55s
---								---
time="2020-10-20T10:42:58Z" level=info msg="Reporting job sta |	time="2020-10-05T04:45:06Z" level=info msg="Reporting job sta

[frobware]

This is a backport of openshift/router#189

[frobware]

The build failures here look to be similar to #24874 (comment)

[frobware]

/lgtm

[frobware]

Expecting CI failures until the new haproxy-1.8.26 is available in http://download.eng.bos.redhat.com/rcm-guest/puddles/RHAOS/AtomicOpenShift/3.11/latest/x86_64/os/Packages

[frobware]

haproxy-1.8.26 brew build: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1360532

[miheer]

/test

[openshift-ci-robot]

@miheer: The /test command needs one or more targets.
The following commands are available to trigger jobs:

• /test artifacts
• /test e2e-conformance-k8s
• /test e2e-gcp
• /test e2e-gcp-crio
• /test images
• /test integration
• /test unit
• /test verify
• /test cmd
• /test end_to_end
• /test extended_builds
• /test extended_clusterup
• /test extended_conformance_install
• /test extended_gssapi
• /test extended_image_ecosystem
• /test extended_image_registry
• /test extended_ldap_groups
• /test extended_networking
• /test service-catalog

Use /test all to run the following jobs:

• pull-ci-openshift-origin-release-3.11-e2e-gcp
• pull-ci-openshift-origin-release-3.11-images
• pull-ci-openshift-origin-release-3.11-integration
• pull-ci-openshift-origin-release-3.11-unit
• pull-ci-openshift-origin-release-3.11-verify
• test_pull_request_origin_cmd
• test_pull_request_origin_end_to_end_311
• test_pull_request_origin_extended_clusterup-release-3.11
• test_pull_request_origin_extended_conformance_install-release-3.11

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[miheer]

/retest

[miheer]

#25626 @Miciah @frobware @knobunc can we have this fix merged ASAP ? The CI is failing due to wrong file path added.

[frobware]

/test end_to_end

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[frobware]

/hold

Waiting for #25647

It will continue to fail in CI until that merges.

[frobware]

Also blocked on https://bugzilla.redhat.com/show_bug.cgi?id=1893657

[frobware]

Copying @jkroepke as a matter of courtesy as this PR will revert #24958.

[frobware]

/hold cancel

#25647 merged and https://bugzilla.redhat.com/show_bug.cgi?id=1893657 was fixed by #25647.

[frobware]

/retest

[frobware]

Extended: [Area:Networking] services basic functionality should allow connections to another pod on the same node via a service IP [Suite:openshift/conformance/parallel] expand_less | 1m7s
-- | --
/tmp/openshift/build-rpms/rpm/BUILD/origin-3.11.0/_output/local/go/src/github.com/openshift/origin/test/extended/networking/services.go:14 Expected success, but got an error:     <exec.CodeExitError>: {         Err: {             s: "error running &{/usr/bin/kubectl [kubectl --server=https://internal-api.ci-op-n8mzi2lp-7a04a.origin-ci-int-gce.dev.rhcloud.com:8443 --kubeconfig=/tmp/admin.kubeconfig exec --namespace=e2e-tests-net-services1-j66cg execpod-sourceip-ci-op-n8mzi2lp-7a04a-ig-n-95c9ppxtf -- /bin/sh -c wget -T 30 -qO- 172.30.172.195:8080] []  <nil>  wget: can't connect to remote host (172.30.172.195): No route to host\ncommand terminated with exit code 1\n [] <nil> 0xc422997f80 exit status 1 <nil> <nil> true [0xc420cf0a70 0xc420cf0a88 0xc420cf0aa0] [0xc420cf0a70 0xc420cf0a88 0xc420cf0aa0] [0xc420cf0a80 0xc420cf0a98] [0x921b60 0x921b60] 0xc422a5f140 <nil>}:\nCommand stdout:\n\nstderr:\nwget: can't connect to remote host (172.30.172.195): No route to host\ncommand terminated with exit code 1\n\nerror:\nexit status 1\n",

/retest

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@miheer: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

• openshift/origin#25513 is open

These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state.

Bugzilla bug 1879445 has not been moved to the MODIFIED state.

In response to this:

Bug 1879445: Add a route annotation for Samesite

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[stevekuznetsov]

/bugzilla refresh

[openshift-ci-robot]

@stevekuznetsov: All pull requests linked via external trackers have merged:

• openshift/origin#25542

Bugzilla bug 1879445 has been moved to the MODIFIED state.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.