diff --git a/pkg/test/ginkgo/retries.go b/pkg/test/ginkgo/retries.go index ed682eccec59..bb9470404f40 100644 --- a/pkg/test/ginkgo/retries.go +++ b/pkg/test/ginkgo/retries.go @@ -1,18 +1,41 @@ package ginkgo import ( - "context" + _ "embed" "fmt" "os" "path/filepath" "strconv" - "strings" "time" "github.com/openshift/origin/pkg/dataloader" "github.com/sirupsen/logrus" + "sigs.k8s.io/yaml" ) +//go:embed retry_allowed_tests.yaml +var retryAllowedTestsYAML []byte + +// retryAllowedTestsConfig represents the YAML structure for the retry allowlist. +type retryAllowedTestsConfig struct { + Tests []string `json:"tests"` +} + +// loadRetryAllowedTests parses the embedded YAML and returns the set of test names +// that are permitted to retry on failure. +func loadRetryAllowedTests() map[string]bool { + var config retryAllowedTestsConfig + if err := yaml.Unmarshal(retryAllowedTestsYAML, &config); err != nil { + logrus.WithError(err).Error("Failed to parse retry_allowed_tests.yaml, no tests will be allowed to retry") + return map[string]bool{} + } + allowed := make(map[string]bool, len(config.Tests)) + for _, test := range config.Tests { + allowed[test] = true + } + return allowed +} + const ( defaultRetryStrategy = "once" @@ -60,12 +83,12 @@ type RetryStrategy interface { } type RetryOnceStrategy struct { - PermittedRetryImageTags []string + AllowedRetryTests map[string]bool } func NewRetryOnceStrategy() *RetryOnceStrategy { return &RetryOnceStrategy{ - PermittedRetryImageTags: []string{"tests"}, // tests = openshift-tests image + AllowedRetryTests: loadRetryAllowedTests(), } } @@ -112,51 +135,11 @@ func (s *RetryOnceStrategy) DecideOutcome(attempts []*testCase) RetryOutcome { } func (s *RetryOnceStrategy) shouldRetryTest(test *testCase) bool { - // Internal tests (no binary) are eligible for retry, we shouldn't really have any of these - // now that origin is also an extension. - if test.binary == nil { + if s.AllowedRetryTests[test.name] { + logrus.WithField("test", test.name).Debug("Test is in the retry allowlist, permitting retry") return true } - - tlog := logrus.WithField("test", test.name) - - // Test retries were disabled for some suites when they moved to OTE. This exposed small numbers of tests that - // were actually flaky and nobody knew. We attempted to fix these, a few did not make it in time. Restore - // retries for specific test names so the overall suite can continue to not retry. - retryTestNames := []string{ - "[sig-instrumentation] Metrics should grab all metrics from kubelet /metrics/resource endpoint [Suite:openshift/conformance/parallel] [Suite:k8s]", // https://issues.redhat.com/browse/OCPBUGS-57477 - "[sig-network] Services should be rejected for evicted pods (no endpoints exist) [Suite:openshift/conformance/parallel] [Suite:k8s]", // https://issues.redhat.com/browse/OCPBUGS-57665 - "[sig-node] Pods Extended Pod Container lifecycle evicted pods should be terminal [Suite:openshift/conformance/parallel] [Suite:k8s]", // https://issues.redhat.com/browse/OCPBUGS-57658 - "[sig-cli] Kubectl logs all pod logs the Deployment has 2 replicas and each pod has 2 containers should get logs from each pod and each container in Deployment [Suite:openshift/conformance/parallel] [Suite:k8s]", // https://issues.redhat.com/browse/OCPBUGS-61287 - "[sig-cli] Kubectl Port forwarding Shutdown client connection while the remote stream is writing data to the port-forward connection port-forward should keep working after detect broken connection [Suite:openshift/conformance/parallel] [Suite:k8s]", // https://issues.redhat.com/browse/OCPBUGS-61734 - "[sig-storage] OCP CSI Volumes [Driver: csi-hostpath-groupsnapshot] [OCPFeatureGate:VolumeGroupSnapshot] [Testpattern: (delete policy)] volumegroupsnapshottable [Feature:volumegroupsnapshot] VolumeGroupSnapshottable should create snapshots for multiple volumes in a pod", // https://issues.redhat.com/browse/OCPBUGS-66967 - } - for _, rtn := range retryTestNames { - if test.name == rtn { - tlog.Debug("test has an exception allowing retry") - return true - } - } - - // Get extension info to check if it's from a permitted image - info, err := test.binary.Info(context.Background()) - if err != nil { - tlog.WithError(err). - Debug("Failed to get binary info, skipping retry") - return false - } - - // Check if the test's source image is in the permitted retry list - for _, permittedTag := range s.PermittedRetryImageTags { - if strings.Contains(info.Source.SourceImage, permittedTag) { - tlog.WithField("image", info.Source.SourceImage). - Debug("Permitting retry") - return true - } - } - - tlog.WithField("image", info.Source.SourceImage). - Debug("Test not eligible for retry based on image tag") + logrus.WithField("test", test.name).Debug("Test is not in the retry allowlist, retry not permitted") return false } diff --git a/pkg/test/ginkgo/retries_test.go b/pkg/test/ginkgo/retries_test.go index 76a00056649c..183884df2769 100644 --- a/pkg/test/ginkgo/retries_test.go +++ b/pkg/test/ginkgo/retries_test.go @@ -5,6 +5,58 @@ import ( "time" ) +func TestRetryOnceStrategy_ShouldRetryTest_Allowlist(t *testing.T) { + tests := []struct { + name string + allowedTests map[string]bool + testName string + wantRetry bool + }{ + { + name: "test_on_allowlist_gets_retry", + allowedTests: map[string]bool{"[sig-network] some flaky test": true}, + testName: "[sig-network] some flaky test", + wantRetry: true, + }, + { + name: "test_not_on_allowlist_gets_no_retry", + allowedTests: map[string]bool{"[sig-network] some flaky test": true}, + testName: "[sig-node] some other test", + wantRetry: false, + }, + { + name: "empty_allowlist_blocks_all", + allowedTests: map[string]bool{}, + testName: "[sig-network] some flaky test", + wantRetry: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + strategy := &RetryOnceStrategy{AllowedRetryTests: tt.allowedTests} + tc := &testCase{name: tt.testName, failed: true} + + if got := strategy.GetMaxRetries(tc); (got == 1) != tt.wantRetry { + t.Errorf("GetMaxRetries() = %d, wantRetry = %v", got, tt.wantRetry) + } + + attempts := []*testCase{tc} + if got := strategy.ShouldContinue(tc, attempts, 2); got != tt.wantRetry { + t.Errorf("ShouldContinue() = %v, wantRetry = %v", got, tt.wantRetry) + } + }) + } +} + +func TestLoadRetryAllowedTests(t *testing.T) { + // Verify the embedded YAML file can be parsed without error. + tests := loadRetryAllowedTests() + if tests == nil { + t.Error("loadRetryAllowedTests returned nil, expected an initialized map") + } +} + // createAttempts creates a slice of test attempts with the specified number of successes and failures func createAttempts(successes, failures int) []*testCase { var attempts []*testCase diff --git a/pkg/test/ginkgo/retry_allowed_tests.yaml b/pkg/test/ginkgo/retry_allowed_tests.yaml new file mode 100644 index 000000000000..be5d21970a6a --- /dev/null +++ b/pkg/test/ginkgo/retry_allowed_tests.yaml @@ -0,0 +1,244 @@ +# Tests that are allowed to retry once on failure. +# Any test NOT in this list must pass on the first attempt. +# +# This list is the single source of truth for retry eligibility. +# It should be reduced over time as flaky tests are fixed. +# The goal is to eventually reach an empty list (no retries for anyone). +# +# Generated with the following query (release 4.22, last 30 days, >= 5 flakes): +# +# SELECT +# rs.TestName, +# COUNT(*) AS flake_count +# FROM `openshift-ci-data-analysis.ci_data_autodl.retry_statistics` rs +# INNER JOIN `openshift-gce-devel.ci_analysis_us.job_variants` jv +# ON rs.JobName = jv.job_name +# AND jv.variant_name = 'Release' +# AND jv.variant_value = '4.22' +# WHERE rs.FinalOutcome = 'flaky' +# AND rs.TestName IS NOT NULL AND rs.TestName != '' +# AND rs._PARTITIONTIME >= TIMESTAMP_SUB(CURRENT_TIMESTAMP(), INTERVAL 30 DAY) +# GROUP BY rs.TestName +# HAVING COUNT(*) >= 5 +# ORDER BY flake_count DESC +tests: + # ------------------------------------------------------------------ + # Migrated from the previously hardcoded retryTestNames in retries.go. + # These are not from the BigQuery query above but were individually + # granted retry exceptions via JIRA bugs. + # ------------------------------------------------------------------ + - "[sig-cli] Kubectl Port forwarding Shutdown client connection while the remote stream is writing data to the port-forward connection port-forward should keep working after detect broken connection [Suite:openshift/conformance/parallel] [Suite:k8s]" # https://issues.redhat.com/browse/OCPBUGS-61734 + - "[sig-cli] Kubectl logs all pod logs the Deployment has 2 replicas and each pod has 2 containers should get logs from each pod and each container in Deployment [Suite:openshift/conformance/parallel] [Suite:k8s]" # https://issues.redhat.com/browse/OCPBUGS-61287 + - "[sig-instrumentation] Metrics should grab all metrics from kubelet /metrics/resource endpoint [Suite:openshift/conformance/parallel] [Suite:k8s]" # https://issues.redhat.com/browse/OCPBUGS-57477 + - "[sig-network] Services should be rejected for evicted pods (no endpoints exist) [Suite:openshift/conformance/parallel] [Suite:k8s]" # https://issues.redhat.com/browse/OCPBUGS-57665 + - "[sig-node] Pods Extended Pod Container lifecycle evicted pods should be terminal [Suite:openshift/conformance/parallel] [Suite:k8s]" # https://issues.redhat.com/browse/OCPBUGS-57658 + - "[sig-storage] OCP CSI Volumes [Driver: csi-hostpath-groupsnapshot] [OCPFeatureGate:VolumeGroupSnapshot] [Testpattern: (delete policy)] volumegroupsnapshottable [Feature:volumegroupsnapshot] VolumeGroupSnapshottable should create snapshots for multiple volumes in a pod" # https://issues.redhat.com/browse/OCPBUGS-66967 + # ------------------------------------------------------------------ + # Generated from BigQuery (see query above). + # ------------------------------------------------------------------ + - "[sig-api-machinery] APIServer CR fields validation additionalCORSAllowedOrigins [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-api-machinery][Feature:APIServer] TestTLSDefaults [Suite:openshift/conformance/parallel]" + - "[sig-api-machinery][Feature:ClusterResourceQuota] Cluster resource quota should control resource limits across namespaces [apigroup:quota.openshift.io][apigroup:image.openshift.io][apigroup:monitoring.coreos.com][apigroup:template.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-api-machinery][Feature:ResourceQuota] Object count check the quota after import-image with --all option [Skipped:Disconnected] [Suite:openshift/conformance/parallel]" + - "[sig-api-machinery][Feature:ResourceQuota] Object count should properly count the number of imagestreams resources [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-api-machinery][Feature:ResourceQuota] Object count when exceed openshift.io/image-tags will ban to create new image references in the project [Skipped:Disconnected] [Suite:openshift/conformance/parallel]" + - "[sig-api-machinery][Feature:ServerSideApply] Server-Side Apply should work for oauth.openshift.io/v1, Resource=oauthclientauthorizations [apigroup:oauth.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apimachinery] server-side-apply should function properly should clear fields when they are no longer being applied in FeatureGates [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs adoption will orphan all RCs and adopt them back when recreated [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs generation should deploy based on a status version bump [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs ignores deployer and lets the config with a NewReplicationControllerCreated reason should let the deployment config with a NewReplicationControllerCreated reason [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs initially should not deploy if pods never transition to ready [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs should adhere to Three Laws of Controllers [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs should respect image stream tag reference policy resolve the image pull spec [apigroup:apps.openshift.io][apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs viewing rollout history should print the rollout history [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs when changing image change trigger should successfully trigger from an updated image [apigroup:apps.openshift.io][apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs when run iteratively should immediately start a new deployment [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs when run iteratively should only deploy the last deployment [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs with failing hook should get all logs from retried hooks [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs with multiple image change triggers should run a successful deployment with a trigger used by different containers [apigroup:apps.openshift.io][apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs with multiple image change triggers should run a successful deployment with multiple triggers [apigroup:apps.openshift.io][apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs with revision history limits should never persist more old deployments than acceptable after being observed by the controller [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs with test deployments should run a deployment to completion and then scale to zero [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:DeploymentConfig] deploymentconfigs won't deploy RC with unresolved images when patched with empty image [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:OpenShiftControllerManager] TestDeployScale [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:OpenShiftControllerManager] TestTriggers_configChange [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-apps][Feature:OpenShiftControllerManager] TestTriggers_imageChange_nonAutomatic [apigroup:image.openshift.io][apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-arch] ClusterOperators [apigroup:config.openshift.io] should define at least one related object that is not a namespace [Suite:openshift/conformance/parallel]" + - "[sig-arch] Managed cluster should ensure control plane pods do not run in best-effort QoS [Suite:openshift/conformance/parallel]" + - "[sig-arch] [Conformance] sysctl whitelists net.ipv4.ip_local_port_range [Suite:openshift/conformance/parallel/minimal]" + - "[sig-arch] [Conformance] sysctl whitelists net.ipv4.ip_unprivileged_port_start [Suite:openshift/conformance/parallel/minimal]" + - "[sig-arch][Late][Jira:\"kube-apiserver\"] all registered tls artifacts must have no metadata violation regressions [Suite:openshift/conformance/parallel]" + - "[sig-arch][Late][Jira:\"kube-apiserver\"] all tls artifacts must be registered [Suite:openshift/conformance/parallel]" + - "[sig-arch][Late][Jira:\"kube-apiserver\"] collect certificate data [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:HTPasswdAuth] HTPasswd IDP should successfully configure htpasswd and be responsive [apigroup:user.openshift.io][apigroup:route.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:LDAP] LDAP IDP should authenticate against an ldap server [apigroup:user.openshift.io][apigroup:route.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:LDAP] LDAP should start an OpenLDAP test server [apigroup:user.openshift.io][apigroup:security.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] OAuth Authenticator accepts sha256 access tokens [apigroup:user.openshift.io][apigroup:oauth.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the authorize URL [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the root URL [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the token URL [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Headers][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:oauth.openshift.io] expected headers returned from the token request URL [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that do not expire works as expected when using a code authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that do not expire works as expected when using a token authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that expire shortly works as expected when using a code authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OAuthServer] [Token Expiration] Using a OAuth client with a non-default token max age [apigroup:oauth.openshift.io] to generate tokens that expire shortly works as expected when using a token authorization flow [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OpenShiftAuthorization] The default cluster RBAC policy should have correct RBAC rules [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OpenShiftAuthorization] authorization TestBrowserSafeAuthorizer should succeed [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OpenShiftAuthorization] scopes TestScopeEscalations should succeed [apigroup:user.openshift.io][apigroup:authorization.openshift.io][apigroup:build.openshift.io][apigroup:oauth.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:OpenShiftAuthorization] scopes TestUnknownScopes should succeed [apigroup:user.openshift.io][apigroup:authorization.openshift.io][apigroup:project.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:ProjectAPI] TestInvalidRoleRefs should succeed [apigroup:authorization.openshift.io][apigroup:user.openshift.io][apigroup:project.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:ProjectAPI] TestProjectWatch should succeed [apigroup:project.openshift.io][apigroup:authorization.openshift.io][apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:ProjectAPI] TestProjectWatchWithSelectionPredicate should succeed [apigroup:project.openshift.io][apigroup:authorization.openshift.io][apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:ProjectAPI] TestScopedProjectAccess should succeed [apigroup:user.openshift.io][apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:RoleBindingRestrictions] RoleBindingRestrictions should be functional Create a RBAC rolebinding when subject is not already bound and is not permitted by any RBR should fail [apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:RoleBindingRestrictions] RoleBindingRestrictions should be functional Create a rolebinding when subject is already bound should succeed [apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:RoleBindingRestrictions] RoleBindingRestrictions should be functional Create a rolebinding when subject is permitted by RBR should succeed [apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:SecurityContextConstraints] TestAllowedSCCViaRBAC with service account [apigroup:security.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:SecurityContextConstraints] TestPodDefaultCapabilities [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:SecurityContextConstraints] TestPodUpdateSCCEnforcement [apigroup:user.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-auth][Feature:SecurityContextConstraints] TestPodUpdateSCCEnforcement with service account [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] build without output image building from templates should create an image from a S2i template without an output image reference defined [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] custom build with buildah being created from new-build should complete build with custom builder image [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] imagechangetriggers imagechangetriggers should trigger builds of all types [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] oc new-app should fail with a --name longer than 58 characters [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] oc new-app should succeed with a --name of 58 characters [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] oc new-app should succeed with an imagestream [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] prune builds based on settings in the buildconfig should prune completed builds based on the successfulBuildsHistoryLimit setting [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] prune builds based on settings in the buildconfig should prune errored builds based on the failedBuildsHistoryLimit setting [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] prune builds based on settings in the buildconfig should prune failed builds based on the failedBuildsHistoryLimit setting [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] s2i build with a root user image should create a root build and pass with a privileged SCC [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] verify /run filesystem contents are writeable using a simple Docker Strategy Build [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds][timing] capture build stages and durations should record build stages and durations for s2i [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds][volumes] build volumes should mount given secrets and configmaps into the build pod for docker strategy builds [apigroup:image.openshift.io][apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-builds][Feature:Builds][volumes] build volumes should mount given secrets and configmaps into the build pod for source strategy builds [apigroup:image.openshift.io][apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc --request-timeout works as expected [apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc --request-timeout works as expected for deployment [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm build-chain [apigroup:build.openshift.io][apigroup:image.openshift.io][apigroup:project.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm groups [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather Fetch audit logs of login attempts via oc commands timeout [apigroup:config.openshift.io][Timeout:20m] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather Verify logs generated are included in the must-gather directory when running the oc adm must-gather command timeout [apigroup:config.openshift.io][Timeout:30m] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather Verify version of oc binary is included into the must-gather directory when running oc adm must-gather command [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather must-gather support since and since-time flags timeout [apigroup:config.openshift.io][Timeout:20m] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather oc adm inspect should support since and sincetime [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather run the must-gather command with own name space [apigroup:config.openshift.io][Timeout:20m] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather runs successfully [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather runs successfully for audit logs [apigroup:config.openshift.io][apigroup:oauth.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather runs successfully with options [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm must-gather when looking at the audit logs [apigroup:config.openshift.io] [sig-node] kubelet runs apiserver processes strictly sequentially in order to not risk audit log corruption [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm policy [apigroup:authorization.openshift.io][apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm release extract image-references [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm storage-admin [apigroup:authorization.openshift.io][apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc adm user-creation [apigroup:user.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc api-resources can output expected information about api-resources [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc api-resources can output expected information about build.openshift.io api-resources [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc builds complex build start-build [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc builds complex build webhooks CRUD [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc builds get buildconfig [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc builds new-build [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc builds patch buildconfig [apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc can get list of nodes [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc debug deployment from a build [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc debug ensure debug does not depend on a container actually existing for the selected resource for deployment [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc debug ensure it works with image streams [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc explain list uncovered GroupVersionResources [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc expose can ensure the expose command is functioning as expected [apigroup:route.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc idle Deployments [apigroup:route.openshift.io][apigroup:project.openshift.io][apigroup:image.openshift.io] by name [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc idle [apigroup:apps.openshift.io][apigroup:route.openshift.io][apigroup:project.openshift.io][apigroup:image.openshift.io] by all [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc idle [apigroup:apps.openshift.io][apigroup:route.openshift.io][apigroup:project.openshift.io][apigroup:image.openshift.io] by checking previous scale [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc idle [apigroup:apps.openshift.io][apigroup:route.openshift.io][apigroup:project.openshift.io][apigroup:image.openshift.io] by label [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc idle [apigroup:apps.openshift.io][apigroup:route.openshift.io][apigroup:project.openshift.io][apigroup:image.openshift.io] by name [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc run can use --image flag correctly for deployment [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc set image can set images for pods and deployments [apigroup:image.openshift.io][Skipped:Disconnected] [Suite:openshift/conformance/parallel]" + - "[sig-cli] oc set image can set images for pods and deployments [apigroup:image.openshift.io][apigroup:apps.openshift.io][Skipped:Disconnected] [Suite:openshift/conformance/parallel]" + - "[sig-cli] templates process [apigroup:template.openshift.io][Skipped:Disconnected] [Suite:openshift/conformance/parallel]" + - "[sig-cluster-lifecycle] CSRs from machines that are not recognized by the cloud provider are not approved [Suite:openshift/conformance/parallel]" + - "[sig-cluster-lifecycle] TestAdminAck should succeed [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-devex] check registry.redhat.io is available and samples operator can import sample imagestreams run sample related validations [apigroup:config.openshift.io][apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-devex][Feature:Templates] templateinstance impersonation tests [apigroup:user.openshift.io][apigroup:authorization.openshift.io] should pass impersonation creation tests [apigroup:template.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-devex][Feature:Templates] templateinstance impersonation tests [apigroup:user.openshift.io][apigroup:authorization.openshift.io] should pass impersonation deletion tests [apigroup:template.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-devex][Feature:Templates] templateinstance impersonation tests [apigroup:user.openshift.io][apigroup:authorization.openshift.io] should pass impersonation update tests [apigroup:template.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-devex][Feature:Templates] templateinstance readiness test should report ready soon after all annotated objects are ready [apigroup:template.openshift.io][apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-devex][Feature:Templates] templateinstance security tests [apigroup:authorization.openshift.io][apigroup:template.openshift.io] should pass security tests [apigroup:route.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry] Image registry [apigroup:route.openshift.io] should redirect on blob pull [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageInfo] Image info should display information about images [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageLayers] Image layer subresource should return layers from tagged images [apigroup:image.openshift.io][apigroup:build.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageLookup] Image policy should perform lookup when the Deployment gets the resolve-names annotation later [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageLookup] Image policy should perform lookup when the object has the resolve-names annotation [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageLookup] Image policy should update OpenShift object image fields when local names are on [apigroup:image.openshift.io][apigroup:apps.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageLookup] Image policy should update standard Kube object image fields when local names are on [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:Image] oc tag should change image reference for internal images [apigroup:build.openshift.io][apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:Image] oc tag should preserve image reference for external images [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available [apigroup:image.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-instrumentation] Prometheus [apigroup:image.openshift.io] when installed on the cluster should have important platform topology metrics [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-instrumentation] Prometheus [apigroup:image.openshift.io] when installed on the cluster should start and expose a secured proxy and unsecured metrics [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-mco][OCPFeatureGate:MachineConfigNodes] Should have MCN properties matching associated node properties for nodes in default MCPs [apigroup:machineconfiguration.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-network-edge] DNS should answer queries using the local DNS endpoint [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [Suite:openshift/conformance/parallel/minimal]" + - "[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io] The HAProxy router should pass the h2spec conformance tests [apigroup:authorization.openshift.io][apigroup:user.openshift.io][apigroup:security.openshift.io][apigroup:operator.openshift.io] [Suite:openshift/conformance/parallel/minimal]" + - "[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router should pass the http2 tests [apigroup:image.openshift.io][apigroup:operator.openshift.io] [Suite:openshift/conformance/parallel/minimal]" + - "[sig-network-edge][Feature:Idling] Unidling [apigroup:apps.openshift.io][apigroup:route.openshift.io] should work with TCP (when fully idled) [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][Feature:Idling] Unidling with Deployments [apigroup:route.openshift.io] should work with TCP (when fully idled) [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][Feature:Idling] Unidling with Deployments [apigroup:route.openshift.io] should work with UDP [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][Feature:Router][apigroup:route.openshift.io][OCPFeatureGate:IngressControllerDynamicConfigurationManager] The HAProxy router with Dynamic Config Manager should handle scale-in operations [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][Feature:Router][apigroup:route.openshift.io][OCPFeatureGate:IngressControllerDynamicConfigurationManager] The HAProxy router with Dynamic Config Manager should maintain proper balancing after scale-out and scale-in operations [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][Feature:Router][apigroup:route.openshift.io][OCPFeatureGate:IngressControllerDynamicConfigurationManager] The HAProxy router with Dynamic Config Manager should maintain steady PID usage after scale-out and scale-in operations [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][Feature:Router][apigroup:route.openshift.io][OCPFeatureGate:IngressControllerDynamicConfigurationManager] The HAProxy router with Dynamic Config Manager should report accurate metrics after scale-out and scale-in operations [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][OCPFeatureGate:GatewayAPIController][Feature:Router][apigroup:gateway.networking.k8s.io] Ensure HTTPRoute object is created [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][OCPFeatureGate:GatewayAPIController][Feature:Router][apigroup:gateway.networking.k8s.io] Ensure LB, service, and dnsRecord are created for a Gateway object [Suite:openshift/conformance/parallel]" + - "[sig-network-edge][OCPFeatureGate:GatewayAPIController][Feature:Router][apigroup:gateway.networking.k8s.io] [OCPFeatureGate:GatewayAPIWithoutOLM] Ensure GatewayClass contains CIO management conditions after creation [Suite:openshift/conformance/parallel]" + - "[sig-network] Internal connectivity for TCP and UDP on ports 9000-9999 is allowed [Serial:Self] [Suite:openshift/conformance/parallel]" + - "[sig-network] external gateway address when using openshift ovn-kubernetes should match the address family of the pod [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:EgressFirewall] egressFirewall should have no impact outside its namespace [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:EgressFirewall] when using openshift ovn-kubernetes should ensure egressfirewall is created [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:EgressRouterCNI] should ensure ipv4 egressrouter cni resources are created [apigroup:operator.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:EgressRouterCNI] when using openshift ovn-kubernetes should ensure ipv6 egressrouter cni resources are created [apigroup:operator.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router] The HAProxy router should expose prometheus metrics for a route [apigroup:route.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:operator.openshift.io] The HAProxy router should set Forwarded headers appropriately [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router converges when multiple routers are writing conflicting status [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router converges when multiple routers are writing conflicting upgrade validation status [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should add replicas beyond the number of empty slots per backend [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should add routes beyond the number of blueprint backends [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should run even if it has no access to update status [apigroup:image.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should serve the correct routes when running with the haproxy config manager [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should serve the correct routes when scoped to a single namespace and label set [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:operator.openshift.io] The HAProxy router should support reencrypt to services backed by a serving certificate automatically [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:tap] should create a pod with a tap interface [apigroup:k8s.cni.cncf.io] [Suite:openshift/conformance/parallel]" + - "[sig-network][Feature:tuning] sysctl allowlist update should start a pod with custom sysctl only when the sysctl is added to whitelist [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:DNSNameResolver][Feature:EgressFirewall] when using openshift ovn-kubernetes should ensure egressfirewall with wildcard dns rules is created [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] EndpointSlices mirroring when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions mirrors EndpointSlices managed by the default controller for namespaces with user defined primary networks L3 primary UDN, cluster-networked pods [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] EndpointSlices mirroring when using openshift ovn-kubernetes created using UserDefinedNetwork does not mirror EndpointSlices in namespaces not using user defined primary networks L2 dualstack primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] Network Policies when using openshift ovn-kubernetes allow ingress traffic to one pod from a particular namespace in L2 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] Network Policies when using openshift ovn-kubernetes allow ingress traffic to one pod from a particular namespace in L3 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller pod connected to ClusterUserDefinedNetwork CR & managed NADs cannot be deleted when being used [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UDN Pod should react to k8s.ovn.org/open-default-ports annotations changes [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork is isolated from the default network with L2 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork is isolated from the default network with L3 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions can perform east/west traffic between nodes for two pods connected over a L2 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions is isolated from the default network with L2 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions is isolated from the default network with L3 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions isolates overlapping CIDRs with L2 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions isolates overlapping CIDRs with L3 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using UserDefinedNetwork is isolated from the default network with L2 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using UserDefinedNetwork is isolated from the default network with L3 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using UserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:RouteExternalCertificate][Feature:Router][apigroup:route.openshift.io] with valid setup the router should support external certificate and the route is updated to remove the external certificate and again re-add the same external certificate then also the route is reachable [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:RouteExternalCertificate][Feature:Router][apigroup:route.openshift.io] with valid setup the router should support external certificate and the route is updated to use new external certificate then also the route is reachable [Suite:openshift/conformance/parallel]" + - "[sig-network][OCPFeatureGate:RouteExternalCertificate][Feature:Router][apigroup:route.openshift.io] with valid setup the router should support external certificate and the route is updated to use same external certificate, but RBAC permissions are dropped route update is rejected [Suite:openshift/conformance/parallel]" + - "[sig-network][endpoints] admission [apigroup:config.openshift.io] blocks manual creation of EndpointSlices pointing to the cluster or service network [Suite:openshift/conformance/parallel]" + - "[sig-network][endpoints] admission [apigroup:config.openshift.io] blocks manual creation of Endpoints pointing to the cluster or service network [Suite:openshift/conformance/parallel]" + - "[sig-node] [FeatureGate:ImageVolume] ImageVolume should fail when image does not exist [Suite:openshift/conformance/parallel]" + - "[sig-node] [Jira:Node/Kubelet] Kubelet, CRI-O, CPU manager [OTP] Allow dev fuse by default in CRI-O [OCP-70987] [Suite:openshift/conformance/parallel]" + - "[sig-node] [Jira:Node/Kubelet] Kubelet, CRI-O, CPU manager [OTP] validate KUBELET_LOG_LEVEL [Suite:openshift/conformance/parallel]" + - "[sig-node] should override timeoutGracePeriodSeconds when annotation is set [Suite:openshift/conformance/parallel]" + - "[sig-node] zstd:chunked Image should successfully run date command [Suite:openshift/conformance/parallel]" + - "[sig-node][apigroup:config.openshift.io] CPU Partitioning cluster platform workloads should be annotated correctly for Deployments [Suite:openshift/conformance/parallel]" + - "[sig-node][apigroup:config.openshift.io] CPU Partitioning node validation should have correct cpuset and cpushare set in crio containers [Suite:openshift/conformance/parallel]" + - "[sig-operator] an end user can use OLM can subscribe to the operator [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel]" + - "[sig-storage][OCPFeature:StorageNetworkPolicy] Storage Network Policy should ensure required NetworkPolicies exist with correct labels [Suite:openshift/conformance/parallel]"