CI: Conformance EKS (ci-eks) : Run IPsec key rotation tests: error: You must be logged in to the server (Unauthorized) #37592
Description
CI failure
Failure: https://github.com/cilium/cilium/actions/runs/13272801396/job/37056012842#step:26:125
Hit on unrelated PR: #37027
Workflow: Conformance EKS (ci-eks) / Installation and Connectivity Test (1.30, ca-central-1, true, true, true)
Updating IPsec secret with {"stringData":{"keys":"1+ rfc4106(gcm(aes)) 3aabb01cfd1c7f8f4a746a18c01dedec4ed7bcd1 128"}}
I0211 22:24:35.055755 15690 envvar.go:172] "Feature gate default state" feature="ClientsAllowCBOR" enabled=false
I0211 22:24:35.055788 15690 envvar.go:172] "Feature gate default state" feature="ClientsPreferCBOR" enabled=false
I0211 22:24:35.055792 15690 envvar.go:172] "Feature gate default state" feature="InformerResourceVersion" enabled=false
I0211 22:24:35.055796 15690 envvar.go:172] "Feature gate default state" feature="WatchListClient" enabled=false
secret/cilium-ipsec-keys patched
Waiting until key rotation starts (seeing 6 keys, expected 12)
error: You must be logged in to the server (Unauthorized)
It looks like EKS was unilaterally logged out part way through the test. A similar error occurred on the next step, which triggered the overall test failure:
error: You must be logged in to the server (Unauthorized)
+ CILIUM_CLI_IMAGE_REPO=quay.io/cilium/cilium-cli-ci
+ CILIUM_CLI_IMAGE_TAG=latest
++ pwd
+ docker run --network host -v /home/runner/.kube/config:/root/.kube/config -v /home/runner/work/cilium/cilium:/root/app -v /home/runner/.aws:/root/.aws -v /home/runner/.azure:/root/.azure -v /home/runner/.config/gcloud:/root/.config/gcloud quay.io/cilium/cilium-cli-ci:4eed8076c3d4114ff73b54750addc30c81e51973 cilium status
status check failed: [Unauthorized, Unauthorized, Unauthorized, Unauthorized, Unauthorized, Unauthorized, Unauthorized, Unauthorized, Unauthorized, unable to retrieve ConfigMap "cilium-config": Unauthorized]
/¯¯\
/¯¯\__/¯¯\ Cilium: 1 errors
\__/¯¯\__/ Operator: 1 errors
/¯¯\__/¯¯\ Envoy DaemonSet: 1 errors
\__/¯¯\__/ Hubble Relay: 1 warnings
\__/ ClusterMesh: 1 warnings
Cluster Pods: 0/0 managed by Cilium
Helm chart version:
Errors: cilium cilium Unauthorized
cilium-envoy cilium-envoy Unauthorized
cilium-operator cilium-operator Unauthorized
Warnings: clustermesh-apiserver clustermesh-apiserver clustermesh is not deployed
hubble-relay hubble-relay hubble relay is not deployed
hubble-ui hubble-ui hubble ui is not deployed
+ CILIUM_CLI_IMAGE_REPO=quay.io/cilium/cilium-cli-ci
+ CILIUM_CLI_IMAGE_TAG=latest
++ pwd
+ docker run --network host -v /home/runner/.kube/config:/root/.kube/config -v /home/runner/work/cilium/cilium:/root/app -v /home/runner/.aws:/root/.aws -v /home/runner/.azure:/root/.azure -v /home/runner/.config/gcloud:/root/.config/gcloud quay.io/cilium/cilium-cli-ci:4eed8076c3d[41](https://github.com/cilium/cilium/actions/runs/13272801396/job/37056012842#step:28:42)14ff73b54750addc30c81e51973 cilium sysdump --output-filename cilium-sysdump-final-1.30-ca-central-1-true-true-true
🔍 Collecting sysdump with cilium-cli version: 4eed8076, args: [sysdump --output-filename cilium-sysdump-final-1.30-ca-central-1-true-true-true]
⚠️ Failed to detect Cilium installation
⚠️ Failed to detect Cilium operator
ℹ️ Using default Cilium Helm release name: "cilium"
ℹ️ Using default Tetragon Helm release name: "tetragon"
🔍 Collecting Kubernetes nodes
failed to create sysdump collector: failed to collect Kubernetes nodes: Unauthorized
Error: Process completed with exit code 1.