From e1fb94e3e5aeb54bca5ee13a3659a393c39b1fb5 Mon Sep 17 00:00:00 2001 From: Dustin Row Date: Tue, 9 Jun 2026 12:34:53 -0700 Subject: [PATCH] Skip endpoint admission tests incompatible with managed clusters The [sig-network][endpoints] admission tests create ServiceAccounts in kube-system, which is blocked by the managed-cluster-validating-webhooks serviceaccount-validation webhook on ROSA clusters. The test user is not a system: prefixed user so the webhook correctly denies it. Skip these tests in both HCP and Classic STS conformance workflows. --- .../hcp/conformance/rosa-aws-hcp-conformance-workflow.yaml | 4 +++- .../sts/conformance/rosa-aws-sts-conformance-workflow.yaml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ci-operator/step-registry/rosa/aws/hcp/conformance/rosa-aws-hcp-conformance-workflow.yaml b/ci-operator/step-registry/rosa/aws/hcp/conformance/rosa-aws-hcp-conformance-workflow.yaml index db24ae027578c..c44de88c02c25 100644 --- a/ci-operator/step-registry/rosa/aws/hcp/conformance/rosa-aws-hcp-conformance-workflow.yaml +++ b/ci-operator/step-registry/rosa/aws/hcp/conformance/rosa-aws-hcp-conformance-workflow.yaml @@ -35,7 +35,9 @@ workflow: cloud-provider-aws-e2e.*loadbalancer NLB should be reachable with target-node-labels\| Monitor:apiserver-incluster-availability.*monitor test apiserver-incluster-availability\| MutableCSINodeAllocatableCount.*Attach Limit Exceeded should transition pod to failed state\| - PersistentVolumes-local.*blockfswithformat.*Two pods mounting a local volume one after the other + PersistentVolumes-local.*blockfswithformat.*Two pods mounting a local volume one after the other\| + admission.*blocks manual creation of EndpointSlices pointing to the cluster or service network\| + admission.*blocks manual creation of Endpoints pointing to the cluster or service network pre: - chain: rosa-aws-sts-hcp-provision - ref: osd-ccs-conf-idp-htpasswd-multi-users diff --git a/ci-operator/step-registry/rosa/aws/sts/conformance/rosa-aws-sts-conformance-workflow.yaml b/ci-operator/step-registry/rosa/aws/sts/conformance/rosa-aws-sts-conformance-workflow.yaml index 89394429c4bb5..907b595a1112a 100644 --- a/ci-operator/step-registry/rosa/aws/sts/conformance/rosa-aws-sts-conformance-workflow.yaml +++ b/ci-operator/step-registry/rosa/aws/sts/conformance/rosa-aws-sts-conformance-workflow.yaml @@ -32,7 +32,9 @@ workflow: sig-imageregistry.*should redirect on blob pull\| CSI Mock volume expansion.*should record target size in allocated resources\| Conntrack proxy implementation should not be vulnerable to the invalid conntrack state bug\| - CSRs from machines that are not recognized by the cloud provider are not approved + CSRs from machines that are not recognized by the cloud provider are not approved\| + admission.*blocks manual creation of EndpointSlices pointing to the cluster or service network\| + admission.*blocks manual creation of Endpoints pointing to the cluster or service network pre: - chain: rosa-aws-sts-provision - ref: osd-ccs-conf-idp-htpasswd-multi-users