Use OCP 4.11 instead of 4.10 for knative serving release-next

[nak3]

As per title, this patch changes to use OCP 4.11 instead of 4.10 for knative serving release-next.

[nak3]

/test pj-rehearse

[nak3]

/retest

[nak3]

/retest

[nak3]

/cc @skonto @mgencur

[mgencur]

@nak3 Overall, it looks good to me. There are a lot of failures in the run "411-tls-e2e-aws-ocp-411 but it's probably not related to the changes in this PR.
Also, I don't see any difference between the config files for 411-e2e-aws-ocp-411 and 411-tls-e2e-aws-ocp-411:
https://github.com/openshift/release/blob/9621c34f5ccdb7db738835f703b169d2129d0abc/ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-next__411-tls.yaml
https://github.com/openshift/release/blob/9621c34f5ccdb7db738835f703b169d2129d0abc/ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-next__411.yaml
Am I missing something?

[nak3]

Yeah, TestAutoscaleSustaining/aggregation-weighted-exponential sometimes started failing suddenly and it happened on the daily CI openshift/knative-serving#1222 .

For 411-tls, sorry for the confusion. It enables internal-tls on openshift/knative-serving repo when job name contains tls as:
https://github.com/openshift/knative-serving/blob/a42405d1c360f55d6ed95fb1a5e0ab40444cf58d/openshift/e2e-common.sh#L232-L238

I thought that we can drop the TLS job soon as we should run CI with internal-tls by default in a few release later but probably I should add a new target in Makefile and use it to solve the confusion. I will change it soon.

[nak3]

Added a target to call make test-e2e-tls. This PR will fail until openshift/knative-serving#1224 was merged.

[mgencur]

Thanks!
/lgtm
/hold
Hold for the tests. Feel free to unhold.

[mgencur]

I still see make: *** No rule to make target test-e2e-tls'. Stop` but I think the release-next branch needs to be re-created to get the new make target.

[nak3]

/retest

[nak3]

/retest

[nak3]

/retest

Hmm... tls test may have some issue 🤔

[skonto]

/retest

[openshift-ci]

@nak3: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/openshift/knative-serving/release-next/411-tls-e2e-aws-ocp-411	d357e2a	link	unknown	/test pj-rehearse

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[nak3]

Hmm.... TLS on 4.10 works so 4.11 didn't work 🤔 I will debug it on serving repo instead of this repo as 4.11 will be available once this was merged.
@skonto @mgencur Could you please take a look?

[skonto]

@nak3 noticed that:

{"severity":"ERROR","timestamp":"2022-09-01T07:08:19.44918672Z","logger":"activator","caller":"websocket/connection.go:192","message":"Failed to send ping message to ws://autoscaler.knative-serving.svc.cluster.local:8080","commit":"2e2e098","knative.dev/controller":"activator","knative.dev/pod":"activator-7869d69698-69fmt","error":"connection has not yet been established","stacktrace":"knative.dev/pkg/websocket.NewDurableConnection.func3\n\t/go/src/knative.dev/serving/vendor/knative.dev/pkg/websocket/connection.go:192"}

Btw I dont see any tls secret mounted here.

[nak3]

I think you are referring to the log in 411-tls-e2e-aws-ocp-411 but I'm not sure why happened and difficult to debug in this repo so I changed the tls cluster to 4.10 for now. All test passed so I will debug it on serving repo as I commented #31756 (comment)

Btw I dont see any tls secret mounted here.

Sorry what tls secret missed to mount. The system pod does not mount any secret with internal-tls. (Only queue-proxy will mount the secret.)

[skonto]

Sorry what tls secret missed to mount

Yes I was referring to that fail. I thought activator will mount a secret for connections that go through it (scale from zero) no (it has been a while since the tls review so I might remember wrongly)?

All test passed so I will debug it on serving repo as I commented #31756 (comment)

Ok approving then, should we create a jira for 4.11 as a blocker?

/lgtm

[nak3]

Yes I was referring to that fail. I thought activator will mount a secret for connections that go through it (scale from zero) no (it has been a while since the tls review so I might remember wrongly)?

Ah, I see. Yes, I guess that you remembered that the intial implementation. We changed the secret to get the secret via secret lister and so we just can toggle the configuration via internal-encryption: true/false in the configmap.

Ok approving then, should we create a jira for 4.11 as a blocker?

Sure, I will.

[nak3]

/hold cancel

[nak3]

@skonto could you add the label?

[nak3]

@skonto ping

[nak3]

@skonto ping

[nak3]

@mgencur ping

[mgencur]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mgencur, nak3, skonto

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/knative-serving/OWNERS [mgencur,nak3,skonto]
• ci-operator/jobs/openshift/knative-serving/OWNERS [mgencur,nak3,skonto]
• core-services/image-mirroring/knative/OWNERS [mgencur,nak3,skonto]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@nak3: Updated the following 3 configmaps:

• ci-operator-misc-configs configmap in namespace ci at cluster app.ci using the following files:
  • key openshift-knative-serving-release-next__410-tls.yaml using file ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-next__410-tls.yaml
  • key openshift-knative-serving-release-next__4.10.yaml using file ``
  • key openshift-knative-serving-release-next__411.yaml using file ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-next__411.yaml
  • key openshift-knative-serving-release-next__4.6.yaml using file ``
  • key openshift-knative-serving-release-next__46.yaml using file ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-next__46.yaml
  • key openshift-knative-serving-release-next__4.7.yaml using file ``
  • key openshift-knative-serving-release-next__47.yaml using file ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-next__47.yaml
• job-config-misc configmap in namespace ci at cluster app.ci using the following files:
  • key openshift-knative-serving-release-next-postsubmits.yaml using file ci-operator/jobs/openshift/knative-serving/openshift-knative-serving-release-next-postsubmits.yaml
  • key openshift-knative-serving-release-next-presubmits.yaml using file ci-operator/jobs/openshift/knative-serving/openshift-knative-serving-release-next-presubmits.yaml
• image-mirror-mappings configmap in namespace ci at cluster app.ci using the following files:
  • key mapping_knative_nightly_quay using file core-services/image-mirroring/knative/mapping_knative_nightly_quay

Details

In response to this:

As per title, this patch changes to use OCP 4.11 instead of 4.10 for knative serving release-next.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.