feat: add Multus CNI integration with socket-based readiness #4966
GitHub Actions / e2e test report
failed
Oct 30, 2025 in 0s
42 tests run, 30 passed, 8 skipped, 4 failed.
Annotations
Check failure on line 1 in caren-e2e
github-actions / e2e test report
caren-e2e.[It] Quick start Nutanix Cilium ClusterResourceSet topology-with-failuredomains-cilium-crs Should create a workload cluster [provider:Nutanix, cni:Cilium, addonStrategy:ClusterResourceSet]
Timed out after 600.001s.
No Control Plane machines came into existence.
Expected
<bool>: false
to be trueRaw output
[FAILED] Timed out after 600.001s.
No Control Plane machines came into existence.
Expected
<bool>: false
to be true
In [It] at: /home/runner/go/pkg/mod/sigs.k8s.io/cluster-api/[email protected]/framework/controlplane_helpers.go:153 @ 10/30/25 22:44:18.05
Check failure on line 1 in caren-e2e
github-actions / e2e test report
caren-e2e.[It] Quick start Nutanix Cilium ClusterResourceSet topology-cilium-crs Should create a workload cluster [provider:Nutanix, cni:Cilium, addonStrategy:ClusterResourceSet]
Timed out after 600.000s.
No Control Plane machines came into existence.
Expected
<bool>: false
to be trueRaw output
[FAILED] Timed out after 600.000s.
No Control Plane machines came into existence.
Expected
<bool>: false
to be true
In [It] at: /home/runner/go/pkg/mod/sigs.k8s.io/cluster-api/[email protected]/framework/controlplane_helpers.go:153 @ 10/30/25 22:44:09.111
Check failure on line 1 in caren-e2e
github-actions / e2e test report
caren-e2e.[It] Quick start Nutanix Cilium HelmAddon topology-with-failuredomains-cilium-helm-addon Should create a workload cluster [provider:Nutanix, cni:Cilium, addonStrategy:HelmAddon]
Timed out after 600.000s.
No Control Plane machines came into existence.
Expected
<bool>: false
to be trueRaw output
[FAILED] Timed out after 600.000s.
No Control Plane machines came into existence.
Expected
<bool>: false
to be true
In [It] at: /home/runner/go/pkg/mod/sigs.k8s.io/cluster-api/[email protected]/framework/controlplane_helpers.go:153 @ 10/30/25 22:44:09.562
Check failure on line 1 in caren-e2e
github-actions / e2e test report
caren-e2e.[It] Quick start Nutanix Cilium HelmAddon topology-cilium-helm-addon Should create a workload cluster [provider:Nutanix, cni:Cilium, addonStrategy:HelmAddon]
Timed out after 300.001s.
HelmReleaseProxy quick-start-xp1n6x/cilium-quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrkvg49s failed to become ready and have up to date revision: ready condition = &{Type:Ready Status:False Severity:Error LastTransitionTime:2025-10-30 22:38:41 +0000 UTC Reason:HelmInstallOrUpgradeFailed Message:unable to build kubernetes objects from release manifest: error validating "": error validating data: failed to download openapi: Get "https://10.23.132.70:6443/openapi/v2?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")}, revision = 0, full object is:
&{TypeMeta:{Kind:HelmReleaseProxy APIVersion:addons.cluster.x-k8s.io/v1alpha1} ObjectMeta:{Name:cilium-quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrkvg49s GenerateName:cilium-quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrk97r7hvk5pptb- Namespace:quick-start-xp1n6x SelfLink: UID:12312ed6-86b8-4dd7-a278-0423cae288de ResourceVersion:4393 Generation:1 CreationTimestamp:2025-10-30 22:38:39 +0000 UTC DeletionTimestamp:<nil> DeletionGracePeriodSeconds:<nil> Labels:map[cluster.x-k8s.io/cluster-name:quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrk97r7hvk5pptb helmreleaseproxy.addons.cluster.x-k8s.io/helmchartproxy-name:cilium-019a3741-7286-71f5-a2f7-1e5321bae78e] Annotations:map[] OwnerReferences:[{APIVersion:addons.cluster.x-k8s.io/v1alpha1 Kind:HelmChartProxy Name:cilium-019a3741-7286-71f5-a2f7-1e5321bae78e UID:c231f273-c559-4f96-a27e-806273df6916 Controller:0xc000c98dd7 BlockOwnerDeletion:0xc000c98dd6}] Finalizers:[helmreleaseproxy.addons.cluster.x-k8s.io] ManagedFields:[{Manager:manager Operation:Update APIVersion:addons.cluster.x-k8s.io/v1alpha1 Time:2025-10-30 22:38:39 +0000 UTC FieldsType:FieldsV1 FieldsV1:{"f:metadata":{"f:finalizers":{".":{},"v:\"helmreleaseproxy.addons.cluster.x-k8s.io\"":{}},"f:generateName":{},"f:labels":{".":{},"f:cluster.x-k8s.io/cluster-name":{},"f:helmreleaseproxy.addons.cluster.x-k8s.io/helmchartproxy-name":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"c231f273-c559-4f96-a27e-806273df6916\"}":{}}},"f:spec":{".":{},"f:chartName":{},"f:clusterRef":{},"f:namespace":{},"f:options":{".":{},"f:enableClientCache":{},"f:install":{".":{},"f:createNamespace":{}},"f:timeout":{},"f:upgrade":{".":{},"f:maxHistory":{}}},"f:releaseName":{},"f:repoURL":{},"f:tlsConfig":{".":{},"f:caSecret":{}},"f:values":{},"f:version":{}}} Subresource:} {Manager:manager Operation:Update APIVersion:addons.cluster.x-k8s.io/v1alpha1 Time:2025-10-30 22:38:41 +0000 UTC FieldsType:FieldsV1 FieldsV1:{"f:status":{".":{},"f:conditions":{},"f:observedGeneration":{}}} Subresource:status}]} Spec:{ClusterRef:{Kind:Cluster Namespace:quick-start-xp1n6x Name:quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrk97r7hvk5pptb UID: APIVersion:cluster.x-k8s.io/v1beta1 ResourceVersion: FieldPath:} ChartName:cilium RepoURL:oci://helm-repository.caren-system.svc/charts ReleaseName:cilium ReleaseNamespace:kube-system Version:1.18.2 Values:cni:
exclusive: false
hubble:
enabled: true
tls:
auto:
enabled: true # enable automatic TLS certificate generation
method: cronJob # auto generate certificates using cronJob method
certValidityDuration: 60 # certificates validity duration in days (default 2 months)
schedule: "0 0 1 * *" # schedule on the 1st day regeneration of each month
relay:
enabled: true
tls:
server:
enabled: true
mtls: true
image:
useDigest: false
priorityClassName: system-cluster-critical
ipam:
mode: kubernetes
image:
useDigest: false
operator:
image:
useDigest: false
certgen:
image:
useDigest: false
socketLB:
hostNamespaceOnly: true
envoy:
image:
useDigest: false
k8sServiceHost: "10.23.132.70"
k8sServicePort: "6443"
kubeProxyReplacement: true
tunnelProtocol: geneve
loadBalancer:
mode: dsr
dsrDispatch: geneve ReconcileStrategy: Options:{DisableHooks:false Wait:false WaitForJobs:false DependencyUpdate:false Timeout:&Duration{Duration:10m0s,} SkipCRDs:false SubNotes:false DisableOpenAPIValidation:false Atomic:false Install:{CreateNamespace:true IncludeCRDs:false} Upgrade:{Force:false ResetValues:false ReuseValues:false ResetThenReuseValues:false Recreate:false MaxHistory:10 CleanupOnFail:false} Uninstall:<nil> EnableClientCache:false} Credentials:<nil> TLSConfig:0xc0007ac1d0} Status:{Conditions:[{Type:Ready Status:False Severity:Error LastTransitionTime:2025-10-30 22:38:41 +0000 UTC Reason:HelmInstallOrUpgradeFailed Message:unable to build kubernetes objects from release manifest: error validating "": error validating data: failed to download openapi: Get "https://10.23.132.70:6443/openapi/v2?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")} {Type:ClusterAvailable Status:True Severity: LastTransitionTime:2025-10-30 22:38:39 +0000 UTC Reason: Message:} {Type:HelmReleaseReady Status:False Severity:Error LastTransitionTime:2025-10-30 22:38:41 +0000 UTC Reason:HelmInstallOrUpgradeFailed Message:unable to build kubernetes objects from release manifest: error validating "": error validating data: failed to download openapi: Get "https://10.23.132.70:6443/openapi/v2?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")}] Status: Revision:0 ObservedGeneration:1}}
`
Expected
<bool>: false
to be trueRaw output
[FAILED] Timed out after 300.001s.
HelmReleaseProxy quick-start-xp1n6x/cilium-quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrkvg49s failed to become ready and have up to date revision: ready condition = &{Type:Ready Status:False Severity:Error LastTransitionTime:2025-10-30 22:38:41 +0000 UTC Reason:HelmInstallOrUpgradeFailed Message:unable to build kubernetes objects from release manifest: error validating "": error validating data: failed to download openapi: Get "https://10.23.132.70:6443/openapi/v2?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")}, revision = 0, full object is:
&{TypeMeta:{Kind:HelmReleaseProxy APIVersion:addons.cluster.x-k8s.io/v1alpha1} ObjectMeta:{Name:cilium-quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrkvg49s GenerateName:cilium-quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrk97r7hvk5pptb- Namespace:quick-start-xp1n6x SelfLink: UID:12312ed6-86b8-4dd7-a278-0423cae288de ResourceVersion:4393 Generation:1 CreationTimestamp:2025-10-30 22:38:39 +0000 UTC DeletionTimestamp:<nil> DeletionGracePeriodSeconds:<nil> Labels:map[cluster.x-k8s.io/cluster-name:quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrk97r7hvk5pptb helmreleaseproxy.addons.cluster.x-k8s.io/helmchartproxy-name:cilium-019a3741-7286-71f5-a2f7-1e5321bae78e] Annotations:map[] OwnerReferences:[{APIVersion:addons.cluster.x-k8s.io/v1alpha1 Kind:HelmChartProxy Name:cilium-019a3741-7286-71f5-a2f7-1e5321bae78e UID:c231f273-c559-4f96-a27e-806273df6916 Controller:0xc000c98dd7 BlockOwnerDeletion:0xc000c98dd6}] Finalizers:[helmreleaseproxy.addons.cluster.x-k8s.io] ManagedFields:[{Manager:manager Operation:Update APIVersion:addons.cluster.x-k8s.io/v1alpha1 Time:2025-10-30 22:38:39 +0000 UTC FieldsType:FieldsV1 FieldsV1:{"f:metadata":{"f:finalizers":{".":{},"v:\"helmreleaseproxy.addons.cluster.x-k8s.io\"":{}},"f:generateName":{},"f:labels":{".":{},"f:cluster.x-k8s.io/cluster-name":{},"f:helmreleaseproxy.addons.cluster.x-k8s.io/helmchartproxy-name":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"c231f273-c559-4f96-a27e-806273df6916\"}":{}}},"f:spec":{".":{},"f:chartName":{},"f:clusterRef":{},"f:namespace":{},"f:options":{".":{},"f:enableClientCache":{},"f:install":{".":{},"f:createNamespace":{}},"f:timeout":{},"f:upgrade":{".":{},"f:maxHistory":{}}},"f:releaseName":{},"f:repoURL":{},"f:tlsConfig":{".":{},"f:caSecret":{}},"f:values":{},"f:version":{}}} Subresource:} {Manager:manager Operation:Update APIVersion:addons.cluster.x-k8s.io/v1alpha1 Time:2025-10-30 22:38:41 +0000 UTC FieldsType:FieldsV1 FieldsV1:{"f:status":{".":{},"f:conditions":{},"f:observedGeneration":{}}} Subresource:status}]} Spec:{ClusterRef:{Kind:Cluster Namespace:quick-start-xp1n6x Name:quick-start-f3625wj475js9y925nzrp7b675ulae4mh7dotrk97r7hvk5pptb UID: APIVersion:cluster.x-k8s.io/v1beta1 ResourceVersion: FieldPath:} ChartName:cilium RepoURL:oci://helm-repository.caren-system.svc/charts ReleaseName:cilium ReleaseNamespace:kube-system Version:1.18.2 Values:cni:
exclusive: false
hubble:
enabled: true
tls:
auto:
enabled: true # enable automatic TLS certificate generation
method: cronJob # auto generate certificates using cronJob method
certValidityDuration: 60 # certificates validity duration in days (default 2 months)
schedule: "0 0 1 * *" # schedule on the 1st day regeneration of each month
relay:
enabled: true
tls:
server:
enabled: true
mtls: true
image:
useDigest: false
priorityClassName: system-cluster-critical
ipam:
mode: kubernetes
image:
useDigest: false
operator:
image:
useDigest: false
certgen:
image:
useDigest: false
socketLB:
hostNamespaceOnly: true
envoy:
image:
useDigest: false
k8sServiceHost: "10.23.132.70"
k8sServicePort: "6443"
kubeProxyReplacement: true
tunnelProtocol: geneve
loadBalancer:
mode: dsr
dsrDispatch: geneve ReconcileStrategy: Options:{DisableHooks:false Wait:false WaitForJobs:false DependencyUpdate:false Timeout:&Duration{Duration:10m0s,} SkipCRDs:false SubNotes:false DisableOpenAPIValidation:false Atomic:false Install:{CreateNamespace:true IncludeCRDs:false} Upgrade:{Force:false ResetValues:false ReuseValues:false ResetThenReuseValues:false Recreate:false MaxHistory:10 CleanupOnFail:false} Uninstall:<nil> EnableClientCache:false} Credentials:<nil> TLSConfig:0xc0007ac1d0} Status:{Conditions:[{Type:Ready Status:False Severity:Error LastTransitionTime:2025-10-30 22:38:41 +0000 UTC Reason:HelmInstallOrUpgradeFailed Message:unable to build kubernetes objects from release manifest: error validating "": error validating data: failed to download openapi: Get "https://10.23.132.70:6443/openapi/v2?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")} {Type:ClusterAvailable Status:True Severity: LastTransitionTime:2025-10-30 22:38:39 +0000 UTC Reason: Message:} {Type:HelmReleaseReady Status:False Severity:Error LastTransitionTime:2025-10-30 22:38:41 +0000 UTC Reason:HelmInstallOrUpgradeFailed Message:unable to build kubernetes objects from release manifest: error validating "": error validating data: failed to download openapi: Get "https://10.23.132.70:6443/openapi/v2?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")}] Status: Revision:0 ObservedGeneration:1}}
`
Expected
<bool>: false
to be true
In [It] at: /home/runner/_work/cluster-api-runtime-extensions-nutanix/cluster-api-runtime-extensions-nutanix/test/e2e/helmreleaseproxy_helpers.go:60 @ 10/30/25 22:48:02.955
Loading