fix(hypershift/gcp): correct DNS zone name and surface cleanup errors#76993
Conversation
openshift-ci
Bot
added
the
approved
|
/pj-rehearse pull-ci-openshift-hypershift-main-e2e-gke |
|
Note: The Root cause: Why it fails now: hypershift#7887 added a Fix: hypershift#7824 (GCP-431: Add CNCC support for GCP WIF) adds the missing secret for GCP but is not yet merged. The e2e-gke job will fail until that lands. What this rehearsal validates: The DNS zone name correction — the deprovision step should now successfully list and delete DNS records from zone |
|
@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/retest rehearse-76993-pull-ci-openshift-hypershift-main-e2e-gke |
|
@cristianoveiga: The The following commands are available to trigger optional jobs: Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test rehearse-76993-pull-ci-openshift-hypershift-main-e2e-gke |
|
@cristianoveiga: The specified target(s) for The following commands are available to trigger optional jobs: Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/pj-rehearse pull-ci-openshift-hypershift-main-e2e-gke |
|
@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
cristianoveiga
force-pushed
the
fix/dns-zone-name
branch
from
3cd6c92 to
a9f1355
Compare
cristianoveiga
changed the title
|
/pj-rehearse pull-ci-openshift-hypershift-main-e2e-gke |
|
/retest |
|
/pj-rehearse pull-ci-openshift-hypershift-main-e2e-gke |
|
@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
The e2e-gke workflow had HYPERSHIFT_GCP_CI_DNS_ZONE set to "hypershift-ci-zone" but the actual zone is "hypershift-ci-gcp-hcp-openshiftapps-com". This caused the deprovision step's DNS cleanup to silently fail. Additionally, the gcloud dns list command had 2>/dev/null || true which swallowed permission errors (403 Forbidden), making it appear that no DNS records existed. Replace with explicit error handling that logs failures instead of hiding them. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cristianoveiga
force-pushed
the
fix/dns-zone-name
branch
from
a9f1355 to
85703c0
Compare
|
/pj-rehearse pull-ci-openshift-hypershift-main-e2e-gke |
|
@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse pull-ci-openshift-hypershift-main-e2e-gke |
|
@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
@cristianoveiga: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
DNS cleanup failures were logged as warnings but the step still exited 0, making orphaned DNS records invisible. Since the step has best_effort: true, failing it won't block the job but will surface the issue in the Prow UI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
[REHEARSALNOTIFIER]
Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cristianoveiga, jimdaga The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/pj-rehearse ack |
|
@cristianoveiga: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
openshift-ci-robot
added
the
rehearsals-ack
…openshift#76993) * fix(hypershift/gcp): correct DNS zone name and surface cleanup errors The e2e-gke workflow had HYPERSHIFT_GCP_CI_DNS_ZONE set to "hypershift-ci-zone" but the actual zone is "hypershift-ci-gcp-hcp-openshiftapps-com". This caused the deprovision step's DNS cleanup to silently fail. Additionally, the gcloud dns list command had 2>/dev/null || true which swallowed permission errors (403 Forbidden), making it appear that no DNS records existed. Replace with explicit error handling that logs failures instead of hiding them. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(hypershift/gcp): fail deprovision step on DNS cleanup errors DNS cleanup failures were logged as warnings but the step still exited 0, making orphaned DNS records invisible. Since the step has best_effort: true, failing it won't block the job but will surface the issue in the Prow UI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
3 participants
Summary
e2e-gkeworkflow hadHYPERSHIFT_GCP_CI_DNS_ZONEset tohypershift-ci-zonebut the actual zone ingcp-hcp-hypershift-ciishypershift-ci-gcp-hcp-openshiftapps-com. This caused the deprovision step's DNS cleanup to silently fail, leaving orphaned DNS records.gcloud dns record-sets listcommand had2>/dev/null || truewhich swallowed permission errors (403 Forbidden), making it appear that no DNS records existed. Replaced with explicit error handling that logs failures.roles/dns.adminfor thehypershift-ciservice account — see openshift-online/gcp-hcp-infra#429.Test plan
gcloud dns record-sets list --zone=hypershift-ci-gcp-hcp-openshiftapps-com --project=gcp-hcp-hypershift-ciworks with the corrected zone name🤖 Generated with Claude Code