Add e2e cert-manager tests from upstream Kueue

[MaysaMacedo]

Assisted-by: Cursor AI

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MaysaMacedo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [MaysaMacedo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fcad4e39-1dc7-4c35-9f56-8b1b4fa2b58d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a Makefile target to run upstream cert-manager e2e tests; updates e2e patch to create namespaces via k8sClient.Create, ensure kueue.openshift.io/managed: "true" label, adjust related tests and logs; and makes patch application tolerant to whitespace by adding --ignore-space-change to git apply commands.

Changes

Cohort / File(s)	Summary
Makefile target Makefile	Adds e2e-upstream-test target to run upstream cert-manager e2e tests via ginkgo with JUnit/JSON output, --output-dir, --keep-going, --flake-attempts, --no-color, and KUEUE_NAMESPACE=openshift-kueue-operator.
E2E test patches / namespace handling upstream/kueue/patch/e2e.patch	Replaces namespace helper's MustCreate with k8sClient.Create, ensures Namespace.ObjectMeta.Labels exists and sets kueue.openshift.io/managed: "true", updates logging, sets GenerateName and labels in certmanager tests, renames a metrics secret constant, and comments out some readiness waits in the singlecluster suite.
Patch application script upstream/kueue/utils.sh	Adds --ignore-space-change to git apply --check and git apply calls to tolerate whitespace differences when applying patches.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Patch reveals test quality deficiencies: missing AfterEach blocks for resource cleanup, assertions without failure messages, and no explicit timeout handling on cluster operations.	Add AfterEach blocks for namespace cleanup, include meaningful failure messages in Expect assertions, and ensure explicit timeout specifications via Eventually().WithTimeout() patterns.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Stable And Deterministic Test Names	✅ Passed	The pull request does not introduce any test names with dynamic information that changes between runs. Test titles use static strings, and dynamic namespace names are properly isolated to setup code.
Title check	✅ Passed	The title accurately summarizes the main change: adding e2e cert-manager tests from upstream Kueue, which is the primary focus of the PR based on the changes to Makefile, patch files, and utilities.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[MaysaMacedo]

/hold
attempting to bring cert-manager tests related to metrics to the CI

[coderabbitai]

🧹 Nitpick comments (1)

Makefile (1)

247-256: oc create is not idempotent — use oc apply for CI resilience.

Both oc create -f hack/manifests/jobset-operator.yaml and oc create -f hack/manifests/jobset-operand.yaml will exit non-zero with an "already exists" error on any retry (e.g., a failed-and-retried CI job or a partial re-run). Replacing with oc apply makes the target safe to re-execute, consistent with how deploy-ocp (line 88) handles its manifests.

Note: install-lws-operator has the same pattern and would benefit from the same change.

♻️ Proposed fix

-	oc create -f hack/manifests/jobset-operator.yaml
+	oc apply -f hack/manifests/jobset-operator.yaml
 	`@echo` "Waiting for Jobset Operator to be installed"
 	`@timeout` 300s bash -c 'until oc get deployment jobset-operator -n openshift-jobset-operator -o jsonpath="{.status.conditions[?(@.type==\"Available\")].status}" | grep -q "True"; do sleep 10; echo "Still waiting..."; done'
 	`@echo` "Jobset Operator installed"
 	`@echo` "Creating Jobset Instance"
-	oc create -f hack/manifests/jobset-operand.yaml
+	oc apply -f hack/manifests/jobset-operand.yaml

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 247 - 256, Replace non-idempotent "oc create -f
hack/manifests/jobset-operator.yaml" and "oc create -f
hack/manifests/jobset-operand.yaml" in the Makefile with "oc apply -f ..." so
the install steps for the Jobset Operator and Jobset Instance can be retried
safely; also update the similar pattern in the install-lws-operator target
(where it uses oc create) to use oc apply for CI resilience. Ensure the rest of
the waiting logic (timeout/until checks for deployments jobset-operator and
jobset-controller-manager) remains unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Makefile`:
- Around line 247-256: Replace non-idempotent "oc create -f
hack/manifests/jobset-operator.yaml" and "oc create -f
hack/manifests/jobset-operand.yaml" in the Makefile with "oc apply -f ..." so
the install steps for the Jobset Operator and Jobset Instance can be retried
safely; also update the similar pattern in the install-lws-operator target
(where it uses oc create) to use oc apply for CI resilience. Ensure the rest of
the waiting logic (timeout/until checks for deployments jobset-operator and
jobset-controller-manager) remains unchanged.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

upstream/kueue/patch/e2e.patch (2)

15-20: ⚠️ Potential issue | 🟠 Major

Commented-out availability waits will cause flaky tests for JobSet/LeaderWorkerSet features.

WaitForJobSetAvailability and WaitForLeaderWorkerSetAvailability are removed with no replacement guards. Any test that carries feature:jobset, feature:tas, feature:trainjob, or feature:leaderworkerset labels will now proceed without confirming operator readiness, making those tests race-prone and non-deterministic. The PR objective is adding certmanager tests — the rationale for dropping these guards is unclear. If the CI target environment genuinely doesn't deploy those operators, the safer fix is to gate on environment variables or CI capabilities rather than silently removing readiness checks.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` around lines 15 - 20, Restore the readiness
waits for JobSet/LeaderWorkerSet instead of leaving them commented out: locate
the ginkgo.Label(...).MatchesLabelFilter(labelFilter) checks and the calls to
util.WaitForJobSetAvailability and util.WaitForLeaderWorkerSetAvailability and
re-enable them, but guard them by environment/CI capability (e.g., skip when a
SKIP_OPERATOR_CHECK or CI capability flag is set) so tests that carry
feature:jobset, feature:tas, feature:trainjob, or feature:leaderworkerset labels
wait for operator readiness unless explicitly skipped; ensure the logic uses the
existing labelFilter and util.WaitFor... functions and document the new env flag
in the test startup gating.

---

33-42: ⚠️ Potential issue | 🟠 Major

Pre-creation log is misleading and logs a stale, unlabeled namespace object; duplicate log on line 42 mixes logging styles.

Three problems in the rewrite of CreateNamespaceFromObjectWithLog:

1. Wrong position & message (line 35): ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns) fires before labels are set and before k8sClient.Create is called. At that point ns.Name is "" (only GenerateName is populated) and the label map hasn't been mutated yet, so the log captures incorrect state with a post-creation message.

2. Duplicate log entries: Lines 35 and 42 both log a "Created namespace" event for the same operation. The post-creation log on line 42 is the only one that carries accurate state.

3. Mixed logging style (line 42): ginkgo.GinkgoLogr.Info(fmt.Sprintf("Created namespace: %s", ns.Name)) passes a pre-formatted string where the logr convention is structured key-value pairs, inconsistent with line 35.

🐛 Proposed fix

 func CreateNamespaceFromObjectWithLog(ctx context.Context, k8sClient client.Client, ns *corev1.Namespace) *corev1.Namespace {
-	ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns)
-	// Add label to the namespace to mark it as managed by Kueue.
 	if ns.Labels == nil {
 		ns.Labels = make(map[string]string)
 	}
 	ns.Labels["kueue.openshift.io/managed"] = "true"
 	gomega.Expect(k8sClient.Create(ctx, ns)).To(gomega.Succeed())
-	ginkgo.GinkgoLogr.Info(fmt.Sprintf("Created namespace: %s", ns.Name))
+	ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns.Name)
 	return ns
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` around lines 33 - 42, The pre-creation Info
call is logging stale state and duplicates the later log; remove the early
ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns), ensure you
populate ns.Labels (make map if nil) and set
ns.Labels["kueue.openshift.io/managed"]="true" before calling
k8sClient.Create(ctx, ns), keep the gomega.Expect(k8sClient.Create(ctx,
ns)).To(gomega.Succeed()), and replace the trailing fmt.Sprintf log with a
single structured log using ginkgo.GinkgoLogr.Info("Created namespace",
"namespace", ns.Name) immediately after the successful create so only one
accurate, structured message is emitted.

🧹 Nitpick comments (1)

upstream/kueue/patch/e2e.patch (1)

53-60: Label injection is correct but inconsistent with the centralised path in CreateNamespaceFromObjectWithLog.

The explicit "kueue.openshift.io/managed": "true" label in BeforeEach is necessary here because the test uses util.MustCreate directly rather than util.CreateNamespaceFromObjectWithLog, which now injects this label automatically. The change is functionally correct as-is.

Optionally, switching to util.CreateNamespaceFromObjectWithLog would centralise label injection and remove the need to duplicate it here:

♻️ Optional: replace MustCreate with the labelling utility

-               ns = &corev1.Namespace{
-                       ObjectMeta: metav1.ObjectMeta{
-                               GenerateName: "e2e-cert-manager-",
-                               Labels:       map[string]string{"kueue.openshift.io/managed": "true"},
-                       },
-               }
-               util.MustCreate(ctx, k8sClient, ns)
+               ns = util.CreateNamespaceFromObjectWithLog(ctx, k8sClient, &corev1.Namespace{
+                       ObjectMeta: metav1.ObjectMeta{GenerateName: "e2e-cert-manager-"},
+               })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` around lines 53 - 60, The namespace creation
in the BeforeEach currently adds the label "kueue.openshift.io/managed": "true"
inline when constructing ns and calls util.MustCreate, causing duplication with
the centralized labelling behavior in util.CreateNamespaceFromObjectWithLog; fix
by replacing the util.MustCreate(ctx, k8sClient, ns) call with
util.CreateNamespaceFromObjectWithLog (or the equivalent util helper) so the
label injection is centralized, and remove the explicit Labels map from the ns
ObjectMeta (or keep only if util helper isn't used) — target symbols: ns,
util.MustCreate, util.CreateNamespaceFromObjectWithLog, and the label key
"kueue.openshift.io/managed".

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@upstream/kueue/patch/e2e.patch`:
- Around line 15-20: Restore the readiness waits for JobSet/LeaderWorkerSet
instead of leaving them commented out: locate the
ginkgo.Label(...).MatchesLabelFilter(labelFilter) checks and the calls to
util.WaitForJobSetAvailability and util.WaitForLeaderWorkerSetAvailability and
re-enable them, but guard them by environment/CI capability (e.g., skip when a
SKIP_OPERATOR_CHECK or CI capability flag is set) so tests that carry
feature:jobset, feature:tas, feature:trainjob, or feature:leaderworkerset labels
wait for operator readiness unless explicitly skipped; ensure the logic uses the
existing labelFilter and util.WaitFor... functions and document the new env flag
in the test startup gating.
- Around line 33-42: The pre-creation Info call is logging stale state and
duplicates the later log; remove the early ginkgo.GinkgoLogr.Info("Created
namespace", "namespace", ns), ensure you populate ns.Labels (make map if nil)
and set ns.Labels["kueue.openshift.io/managed"]="true" before calling
k8sClient.Create(ctx, ns), keep the gomega.Expect(k8sClient.Create(ctx,
ns)).To(gomega.Succeed()), and replace the trailing fmt.Sprintf log with a
single structured log using ginkgo.GinkgoLogr.Info("Created namespace",
"namespace", ns.Name) immediately after the successful create so only one
accurate, structured message is emitted.

---

Nitpick comments:
In `@upstream/kueue/patch/e2e.patch`:
- Around line 53-60: The namespace creation in the BeforeEach currently adds the
label "kueue.openshift.io/managed": "true" inline when constructing ns and calls
util.MustCreate, causing duplication with the centralized labelling behavior in
util.CreateNamespaceFromObjectWithLog; fix by replacing the util.MustCreate(ctx,
k8sClient, ns) call with util.CreateNamespaceFromObjectWithLog (or the
equivalent util helper) so the label injection is centralized, and remove the
explicit Labels map from the ns ObjectMeta (or keep only if util helper isn't
used) — target symbols: ns, util.MustCreate,
util.CreateNamespaceFromObjectWithLog, and the label key
"kueue.openshift.io/managed".

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

upstream/kueue/patch/e2e.patch (1)

32-44: ⚠️ Potential issue | 🟡 Minor

Two log issues in CreateNamespaceFromObjectWithLog: misleading pre-creation message and unstructured post-creation call.

1. Line 35 logs "Created namespace" before the namespace is created (before line 41's k8sClient.Create). The message is factually incorrect at that point. Additionally, it passes the entire ns struct as the value rather than a field, which serialises the full Kubernetes object into the log.

2. Line 42 uses fmt.Sprintf inside a structured logr-based logger, discarding the key-value contract of the logger and producing an unstructured message — inconsistent with the original code and the logr API.

The cleanest fix is to remove the premature log and restore the original structured form after creation:

🔧 Proposed fix

 func CreateNamespaceFromObjectWithLog(ctx context.Context, k8sClient client.Client, ns *corev1.Namespace) *corev1.Namespace {
-	ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns)
-	// Add label to the namespace to mark it as managed by Kueue.
+	// Add label to the namespace to mark it as managed by Kueue.
 	if ns.Labels == nil {
 		ns.Labels = make(map[string]string)
 	}
 	ns.Labels["kueue.openshift.io/managed"] = "true"
 	gomega.Expect(k8sClient.Create(ctx, ns)).To(gomega.Succeed())
-	ginkgo.GinkgoLogr.Info(fmt.Sprintf("Created namespace: %s", ns.Name))
+	ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns.Name)
 	return ns
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` around lines 32 - 44, In
CreateNamespaceFromObjectWithLog, remove the premature ginkgo.GinkgoLogr.Info
call that logs "Created namespace" before k8sClient.Create executes and avoid
passing the whole ns object; instead keep the label-addition and the
Expect(k8sClient.Create(ctx, ns)).To(gomega.Succeed()) call, then log the
creation using the structured logr API (ginkgo.GinkgoLogr.Info) with a key
"namespace" and value ns.Name (not fmt.Sprintf and not the entire ns struct) so
the message is factual and respects the logger's key/value contract.

🧹 Nitpick comments (1)

upstream/kueue/patch/e2e.patch (1)

9-20: Consider removing the commented-out availability checks rather than retaining them.

Leaving commented-out code in a patch-file creates maintenance confusion — it's unclear whether this is intentional, temporary, or accidentally left in. If JobSet/LeaderWorkerSet availability waits are not needed for OpenShift, delete the blocks outright.

🧹 Proposed cleanup

 	waitForAvailableStart := time.Now()
 	util.WaitForKueueAvailability(ctx, k8sClient)
 	labelFilter := ginkgo.GinkgoLabelFilter()
-	// if ginkgo.Label("feature:jobset", "feature:tas", "feature:trainjob").MatchesLabelFilter(labelFilter) {
-	// 	util.WaitForJobSetAvailability(ctx, k8sClient)
-	// }
-	// if ginkgo.Label("feature:leaderworkerset").MatchesLabelFilter(labelFilter) {
-	// 	util.WaitForLeaderWorkerSetAvailability(ctx, k8sClient)
-	// }
 	if ginkgo.Label("feature:appwrapper").MatchesLabelFilter(labelFilter) {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` around lines 9 - 20, The patch leaves two
commented-out blocks that call ginkgo.Label(...).MatchesLabelFilter(labelFilter)
and then util.WaitForJobSetAvailability(ctx, k8sClient) /
util.WaitForLeaderWorkerSetAvailability(ctx, k8sClient); remove these commented
lines entirely (delete both commented ginkgo.Label checks and the commented
util.WaitFor... calls) so the patch does not retain dead/commented code and the
intent is clear.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@upstream/kueue/patch/e2e.patch`:
- Around line 32-44: In CreateNamespaceFromObjectWithLog, remove the premature
ginkgo.GinkgoLogr.Info call that logs "Created namespace" before
k8sClient.Create executes and avoid passing the whole ns object; instead keep
the label-addition and the Expect(k8sClient.Create(ctx,
ns)).To(gomega.Succeed()) call, then log the creation using the structured logr
API (ginkgo.GinkgoLogr.Info) with a key "namespace" and value ns.Name (not
fmt.Sprintf and not the entire ns struct) so the message is factual and respects
the logger's key/value contract.

---

Nitpick comments:
In `@upstream/kueue/patch/e2e.patch`:
- Around line 9-20: The patch leaves two commented-out blocks that call
ginkgo.Label(...).MatchesLabelFilter(labelFilter) and then
util.WaitForJobSetAvailability(ctx, k8sClient) /
util.WaitForLeaderWorkerSetAvailability(ctx, k8sClient); remove these commented
lines entirely (delete both commented ginkgo.Label checks and the commented
util.WaitFor... calls) so the patch does not retain dead/commented code and the
intent is clear.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

upstream/kueue/patch/e2e.patch (1)

35-35: ⚠️ Potential issue | 🟡 Minor

Pre-creation log fires before the namespace exists and before GenerateName is resolved.

The log message "Created namespace" on line 35 is emitted before k8sClient.Create on line 41. When the caller passes a GenerateName-based namespace (as in certmanager_test.go), ns.Name is empty at this point — the server only populates it after the API call. If the Create later fails, a misleading "Created namespace" entry still appears in the test log. This pre-creation line should either be removed or changed to "Creating namespace" to accurately describe the intent.

🛠️ Proposed fix

 func CreateNamespaceFromObjectWithLog(ctx context.Context, k8sClient client.Client, ns *corev1.Namespace) *corev1.Namespace {
-	ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns)
-	// Add label to the namespace to mark it as managed by Kueue.
+	// Add label to the namespace to mark it as managed by Kueue.
 	if ns.Labels == nil {
 		ns.Labels = make(map[string]string)
 	}
 	ns.Labels["kueue.openshift.io/managed"] = "true"
 	gomega.Expect(k8sClient.Create(ctx, ns)).To(gomega.Succeed())
-	ginkgo.GinkgoLogr.Info(fmt.Sprintf("Created namespace: %s", ns.Name))
+	ginkgo.GinkgoLogr.Info("Created namespace", "name", ns.Name)
 	return ns
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` at line 35, The log currently uses
ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns) before the call to
k8sClient.Create which can be misleading for GenerateName namespaces; change
that pre-create log to ginkgo.GinkgoLogr.Info("Creating namespace", "namespace",
ns) so it accurately reflects intent, and after k8sClient.Create succeeds emit a
separate ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns.Name) (or
include ns.Name) to record the actual created name; update the logging around
k8sClient.Create to reflect this two-step approach.

🧹 Nitpick comments (2)

upstream/kueue/patch/e2e.patch (2)

15-20: Consider removing commented-out blocks rather than leaving them in-place.

Commenting out the WaitForJobSetAvailability / WaitForLeaderWorkerSetAvailability calls leaves dead code in the patch that will accumulate over time. If these waits genuinely cannot run in the OpenShift CI environment, removing the lines (or guarding them with an env-var/build tag) communicates intent more clearly than comments.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` around lines 15 - 20, Remove the dead
commented-out wait blocks: delete the commented ginkgo.Label(...) branches that
call util.WaitForJobSetAvailability and util.WaitForLeaderWorkerSetAvailability
(or, if the waits must be conditionally disabled in CI, replace the comments
with an explicit guard using an environment variable or build tag around the
actual calls such as checking an env var like RUN_JOBSET_WAITS before calling
util.WaitForJobSetAvailability/WaitForLeaderWorkerSetAvailability). This keeps
intent explicit and avoids accumulating commented-out code.

---

42-42: Use structured key-value args instead of fmt.Sprintf with GinkgoLogr.Info.

logr.Logger.Info accepts a message string plus variadic key-value pairs; wrapping the entire message in fmt.Sprintf discards the structured-logging benefit and is non-idiomatic.

♻️ Proposed fix

-	ginkgo.GinkgoLogr.Info(fmt.Sprintf("Created namespace: %s", ns.Name))
+	ginkgo.GinkgoLogr.Info("Created namespace", "name", ns.Name)

If this is the only remaining fmt usage after the fix, the fmt import can be removed as well.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` at line 42, Replace the fmt.Sprintf usage
when logging namespace creation with structured key/value args: call
ginkgo.GinkgoLogr.Info with a short message like "Created namespace" and pass
"namespace" and ns.Name as the key/value pair (i.e.,
ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns.Name)); then remove
the fmt import if it becomes unused. This change targets the
ginkgo.GinkgoLogr.Info call that currently wraps fmt.Sprintf and preserves
structured logging semantics.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@upstream/kueue/patch/e2e.patch`:
- Line 35: The log currently uses ginkgo.GinkgoLogr.Info("Created namespace",
"namespace", ns) before the call to k8sClient.Create which can be misleading for
GenerateName namespaces; change that pre-create log to
ginkgo.GinkgoLogr.Info("Creating namespace", "namespace", ns) so it accurately
reflects intent, and after k8sClient.Create succeeds emit a separate
ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns.Name) (or include
ns.Name) to record the actual created name; update the logging around
k8sClient.Create to reflect this two-step approach.

---

Nitpick comments:
In `@upstream/kueue/patch/e2e.patch`:
- Around line 15-20: Remove the dead commented-out wait blocks: delete the
commented ginkgo.Label(...) branches that call util.WaitForJobSetAvailability
and util.WaitForLeaderWorkerSetAvailability (or, if the waits must be
conditionally disabled in CI, replace the comments with an explicit guard using
an environment variable or build tag around the actual calls such as checking an
env var like RUN_JOBSET_WAITS before calling
util.WaitForJobSetAvailability/WaitForLeaderWorkerSetAvailability). This keeps
intent explicit and avoids accumulating commented-out code.
- Line 42: Replace the fmt.Sprintf usage when logging namespace creation with
structured key/value args: call ginkgo.GinkgoLogr.Info with a short message like
"Created namespace" and pass "namespace" and ns.Name as the key/value pair
(i.e., ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns.Name)); then
remove the fmt import if it becomes unused. This change targets the
ginkgo.GinkgoLogr.Info call that currently wraps fmt.Sprintf and preserves
structured logging semantics.

[kannon92]

/retest

[MaysaMacedo]

@anahas-redhat Hey, this PR helps with running the certmanager suite, we can see that this test scenario is passing:
Metrics when workload is admitted should continue to expose metrics after the secret is re-created
The one related to the re-load of the certificate when it's renewed.
I think the .patch file might be adding extra space than necessary, that is yet to be investigated.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

upstream/kueue/patch/e2e.patch (1)

32-44: ⚠️ Potential issue | 🟡 Minor

Misleading pre-creation log and non-idiomatic fmt.Sprintf in logr context.

Three interrelated issues in CreateNamespaceFromObjectWithLog:

1. Log before create: ginkgo.GinkgoLogr.Info("Created namespace", …) (past tense) fires before the labels are mutated and before k8sClient.Create is called. The logged ns object therefore lacks the kueue.openshift.io/managed label, giving a misleading picture in test logs.

2. Verbose structured value: Passing the full *corev1.Namespace pointer as the logr value produces the entire object dump. The original ns.Name was more appropriate.

3. Non-idiomatic fmt.Sprintf in logr: ginkgo.GinkgoLogr.Info(fmt.Sprintf("Created namespace: %s", ns.Name)) wraps a string message with fmt.Sprintf instead of using structured key-value pairs, mixing printf-style and structured logging.

♻️ Proposed fix

 func CreateNamespaceFromObjectWithLog(ctx context.Context, k8sClient client.Client, ns *corev1.Namespace) *corev1.Namespace {
-	ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns)
-	// Add label to the namespace to mark it as managed by Kueue.
+	// Add label to the namespace to mark it as managed by Kueue.
 	if ns.Labels == nil {
 		ns.Labels = make(map[string]string)
 	}
 	ns.Labels["kueue.openshift.io/managed"] = "true"
 	gomega.Expect(k8sClient.Create(ctx, ns)).To(gomega.Succeed())
-	ginkgo.GinkgoLogr.Info(fmt.Sprintf("Created namespace: %s", ns.Name))
+	ginkgo.GinkgoLogr.Info("Created namespace", "namespace", ns.Name)
 	return ns
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@upstream/kueue/patch/e2e.patch` around lines 32 - 44,
CreateNamespaceFromObjectWithLog currently logs "Created namespace" before
mutating labels and creating the Namespace, logs the entire Namespace pointer,
and uses fmt.Sprintf instead of structured logr args; fix by first ensuring
ns.Labels is initialized and adding
ns.Labels["kueue.openshift.io/managed"]="true", then call k8sClient.Create(ctx,
ns) and assert success (e.g., gomega.Expect(...).To(gomega.Succeed())), and only
after successful creation call ginkgo.GinkgoLogr.Info("Created namespace",
"namespace", ns.Name) using the structured key "namespace" (remove fmt.Sprintf
and avoid passing the full *corev1.Namespace).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Makefile`:
- Around line 234-243: The e2e pipeline currently stops if
./upstream/kueue/e2e-test-ocp.sh exits non-zero so the certmanager block (the
KUEUE_NAMESPACE=... $(GINKGO) $(GINKGO_ARGS) ...
./upstream/kueue/src/test/e2e/certmanager/...) never runs; change the Make
recipe to tolerate the first script failing by capturing its exit code and
continuing (e.g., run ./upstream/kueue/e2e-test-ocp.sh and save $? into a
variable or append a tolerant operator so execution proceeds), then
unconditionally run the certmanager Ginkgo invocation, and finally, if desired,
exit the recipe with the original saved exit code to preserve overall failure
status.

---

Outside diff comments:
In `@upstream/kueue/patch/e2e.patch`:
- Around line 32-44: CreateNamespaceFromObjectWithLog currently logs "Created
namespace" before mutating labels and creating the Namespace, logs the entire
Namespace pointer, and uses fmt.Sprintf instead of structured logr args; fix by
first ensuring ns.Labels is initialized and adding
ns.Labels["kueue.openshift.io/managed"]="true", then call k8sClient.Create(ctx,
ns) and assert success (e.g., gomega.Expect(...).To(gomega.Succeed())), and only
after successful creation call ginkgo.GinkgoLogr.Info("Created namespace",
"namespace", ns.Name) using the structured key "namespace" (remove fmt.Sprintf
and avoid passing the full *corev1.Namespace).

[anahas-redhat]

@anahas-redhat Hey, this PR helps with running the certmanager suite, we can see that this test scenario is passing: Metrics when workload is admitted should continue to expose metrics after the secret is re-created The one related to the re-load of the certificate when it's renewed. I think the .patch file might be adding extra space than necessary, that is yet to be investigated.

@MaysaMacedo thanks for executing the tests. I'm closing the related jira bug. If this works, we may be able to add other tests (outside singlecluster folder) to Kueue CI.

[openshift-ci]

@MaysaMacedo: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[MaysaMacedo]

/hold cancel

[rphillips]

/lgtm