CCO-788: Remove kube-rbac-proxy container from metrics

[jstuever]

Previously, a kube-rbac-proxy container was deployed with the operator deployment in order to provide RBAC security to the metrics port. Because it was deployed as part of the operator deployment, the tls configuration for the container could not be managed by the operator itself.

This change removes kube-rbac-proxy from the metrics service and implements rbac via the controller-runtime directly. As a result, the tls configuration on the metrics port can now be managed by the operator while maintaining equal security posture.

Summary by CodeRabbit

• New Features

  • Added OpenTelemetry distributed tracing support.

• Infrastructure

  • Metrics endpoint now secured with TLS authentication on port 8443 (previously port 2112).
  • Removed kube-rbac-proxy sidecar container from deployment.

[openshift-ci-robot]

@jstuever: This pull request references CCO-788 which is a valid jira issue.

Details

In response to this:

Previously, a kube-rbac-proxy container was deployed with the operator deployment in order to provide RBAC security to the metrics port. Because it was deployed as part of the operator deployment, the tls configuration for the container could not be managed by the operator itself.

This change removes kube-rbac-proxy from the metrics service and implements rbac via the controller-runtime directly. As a result, the tls configuration on the metrics port can now be managed by the operator while maintaining equal security posture.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

This pull request removes the kube-rbac-proxy sidecar container from the operator deployment and migrates metrics serving to the cloud-credential-operator with native TLS termination and authentication. The operator's metrics endpoint is reconfigured from port 2112 to 8443 with certificate-based serving, and corresponding image references and dependencies are updated.

Changes

Cohort / File(s)	Summary
Dependency Management go.mod	Adds indirect dependencies for OpenTelemetry (otel exporters, otlp proto), gRPC gateway, backoff retry logic, and konnectivity-client to support metrics and tracing infrastructure.
Kubernetes Manifests manifests/03-deployment.yaml, manifests/image-references	Removes kube-rbac-proxy sidecar container and its image reference. Adds TLS metrics port (8443) and /etc/tls/private volume mount to the cloud-credential-operator container.
Operator Configuration pkg/cmd/operator/cmd.go	Reconfigures metrics server to use secure serving on port 8443 with TLS certificate from /etc/tls/private, requiring authentication and authorization via metrics/filters package.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Test code in test/extend/cloudcredential.go contains assertions without meaningful failure messages, violating custom check requirement #4 for test diagnostics.	Add descriptive failure messages to all Expect statements in test/extend/cloudcredential.go, such as changing o.Expect(err).NotTo(o.HaveOccurred()) to o.Expect(err).NotTo(o.HaveOccurred(), "failed to retrieve SAToken").

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removal of the kube-rbac-proxy container from metrics. This is the primary action across deployment.yaml, image-references, and cmd.go changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	This PR does not modify any Ginkgo test files; all changes are to go.mod, manifests, and operator code.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@jstuever: This pull request references CCO-788 which is a valid jira issue.

Details

In response to this:

Previously, a kube-rbac-proxy container was deployed with the operator deployment in order to provide RBAC security to the metrics port. Because it was deployed as part of the operator deployment, the tls configuration for the container could not be managed by the operator itself.

This change removes kube-rbac-proxy from the metrics service and implements rbac via the controller-runtime directly. As a result, the tls configuration on the metrics port can now be managed by the operator while maintaining equal security posture.

Summary by CodeRabbit

• New Features

• Added OpenTelemetry distributed tracing support.

• Infrastructure

• Metrics endpoint now secured with TLS authentication on port 8443 (previously port 2112).

• Removed kube-rbac-proxy sidecar container from deployment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jstuever

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jstuever]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

🧹 Nitpick comments (1)

manifests/03-deployment.yaml (1)

96-98: Consider adding optional: true to the serving cert secret volume.

The secret is auto-provisioned by OpenShift's service-serving-cert-signer, but there's a potential startup race if the deployment is created before the secret exists. Adding optional: true would allow the pod to start and retry when the secret becomes available, rather than failing outright.

That said, this is a common pattern in OpenShift and the deployment will retry, so this is a minor concern.

♻️ Optional: Add optional flag for graceful startup

       - name: cloud-credential-operator-serving-cert
         secret:
           secretName: cloud-credential-operator-serving-cert
+          optional: true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@manifests/03-deployment.yaml` around lines 96 - 98, The volume definition for
the serving cert (name: cloud-credential-operator-serving-cert,
secret.secretName: cloud-credential-operator-serving-cert) should mark the
secret as optional to avoid pod startup failure if the
service-serving-cert-signer hasn’t created it yet; update the Secret volume spec
for cloud-credential-operator-serving-cert to include secret.optional: true so
the Pod can start and retry when the secret becomes available.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@manifests/03-deployment.yaml`:
- Around line 96-98: The volume definition for the serving cert (name:
cloud-credential-operator-serving-cert, secret.secretName:
cloud-credential-operator-serving-cert) should mark the secret as optional to
avoid pod startup failure if the service-serving-cert-signer hasn’t created it
yet; update the Secret volume spec for cloud-credential-operator-serving-cert to
include secret.optional: true so the Pod can start and retry when the secret
becomes available.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a5edb621-5f5e-4356-9665-b394bc21b930

📥 Commits

Reviewing files that changed from the base of the PR and between e338ba6 and 1378422.

⛔ Files ignored due to path filters (296)

• go.sum is excluded by !**/*.sum
• vendor/github.com/cenkalti/backoff/v4/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/ticker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/timer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/bindings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/comprehensions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/encoders.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/extension_option_factory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/formatting.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/formatting_v2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/guards.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/lists.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/math.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/protos.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/regex.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/sets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/ext/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/interpreter/functions/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/cel-go/interpreter/functions/functions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/compile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshaler_registry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/proto2_convert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/pattern.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/string_array_flag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/clients.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/exporter.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/attribute.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/instrumentation.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/resource.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform/span.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/exporter.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig/envconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/gen.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/envconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/optiontypes.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/partialsuccess.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/event.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/evictedqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/internal/env/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/link.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/sampler_env.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/span.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/span_exporter.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/span_processor.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/event.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/exception.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/http.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/resource.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/schema.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.17.0/trace.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/proto/otlp/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service.pb.gw.go is excluded by !**/*.pb.gw.go, !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/proto/otlp/collector/trace/v1/trace_service_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/proto/otlp/common/v1/common.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/proto/otlp/resource/v1/resource.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/proto/otlp/trace/v1/trace.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/golang.org/x/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/feature/plural/common.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/feature/plural/message.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/feature/plural/plural.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/feature/plural/tables.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/catmsg/catmsg.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/catmsg/codec.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/catmsg/varint.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/format/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/format/parser.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/number/common.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/number/decimal.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/number/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/number/number.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/number/pattern.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/number/roundingmode_string.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/number/tables.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/internal/stringset/set.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/catalog.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/catalog/catalog.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/catalog/dict.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/catalog/go19.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/catalog/gopre19.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/message.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/message/print.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/k8s.io/apimachinery/pkg/api/validation/path/name.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apimachinery/pkg/apis/asn1/oid.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/install/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/types_encryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/defaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/types_encryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.conversion.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1/zz_generated.defaults.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/conversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/defaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.conversion.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1/zz_generated.defaults.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/conversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/defaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.conversion.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.defaults.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation_encryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/apiserver/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/k8s.io/apiserver/pkg/apis/cel/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/OWNERS is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/evaluator.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/scheme.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/audit/union.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/authenticator/audagnostic.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/delegating.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/loopback.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory/requestheader.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/cel/compile.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/cel/interface.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/cel/mapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/anonymous/anonymous.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/bearertoken/bearertoken.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/headerrequest/requestheader_controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/union/union.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/websocket/protocol.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/x509/OWNERS is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/x509/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/x509/verify_options.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/request/x509/x509.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_simple.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/token/cache/cache_striped.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/token/cache/stats.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authentication/token/tokenfile/tokenfile.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/authorizer/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/authorizer/rule.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/builtin.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/delegating.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/cel/compile.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/cel/interface.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/cel/matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/authorization/cel/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/OWNERS is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/cidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/environment/base.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/environment/environment.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/escaping.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/ip.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/authz.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/cidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/cost.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/ip.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/jsonpatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/libraries.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/lists.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/quantity.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/regex.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/semverlib.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/test.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/library/urls.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/limits.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/quantity.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/semver.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/cel/value.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/OWNERS is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/methods.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/received_time.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/requestinfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/server_shutdown_signal.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/endpoints/request/webhook_duration.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/features/OWNERS is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/features/kube_features.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/cert_key.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/client_ca.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/configmap_cafile_content.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_serving_content.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_sni_content.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/named_certificates.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/static_content.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/tlsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/union_content.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/dynamiccertificates/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/egressselector/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/k8s.io/apiserver/pkg/server/egressselector/egress_selector.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (4)

• go.mod
• manifests/03-deployment.yaml
• manifests/image-references
• pkg/cmd/operator/cmd.go

💤 Files with no reviewable changes (1)

• manifests/image-references

[jstuever]

/payload-job 4.22 nightly aws-ovn-serial-1of2

[openshift-ci]

@jstuever: trigger 0 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

[jstuever]

/payload-job periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-serial-1of2

[openshift-ci]

@jstuever: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-nightly-4.22-e2e-aws-ovn-serial-1of2

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/28183100-1be9-11f1-9028-a4696d069f08-0

[jstuever]

/payload-job periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn-techpreview-serial-1of3

[openshift-ci]

@jstuever: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-main-ci-4.22-e2e-aws-ovn-techpreview-serial-1of3

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/306bff30-1be9-11f1-8600-6c37f478c3f5-0

[codecov]

Codecov Report

❌ Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.19%. Comparing base (e338ba6) to head (1378422).
⚠️ Report is 2 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/cmd/operator/cmd.go	0.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #983      +/-   ##
==========================================
- Coverage   46.20%   46.19%   -0.02%     
==========================================
  Files          98       98              
  Lines       12253    12256       +3     
==========================================
  Hits         5662     5662              
- Misses       5941     5944       +3     
  Partials      650      650              

Files with missing lines	Coverage Δ
pkg/cmd/operator/cmd.go	0.00% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jstuever]

/hold
For successful payload jobs

[jstuever]

/assign @dlom

[simonpasquier]

WithAuthenticationAndAuthorization uses token reviews which doesn't meet the OCP guidelines (https://github.com/openshift/enhancements/blob/master/CONVENTIONS.md#metrics and https://github.com/openshift/enhancements/blob/master/enhancements/monitoring/client-cert-scraping.md) which prescribe mutual TLS authentication. See https://rhobs-handbook.netlify.app/products/openshiftmonitoring/collecting_metrics.md/#controller-runtime--v0160 for more details.

I understand that prior to this change, the situation was the same (e.g. kube-rbac-proxy not configured for mTLS) but it'd be good to address the point in a follow-up (sooner than later).

[jstuever]

/hold cancel
Payload jobs completed successfully

[huangmingxia]

/retest

[openshift-ci]

@jstuever: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-qe	1378422	link	false	/test e2e-aws-qe

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.