CCXDEV-1560 - Optimize the CPU usage of insights-runtime-extractor

[jmesnil]

Add the PRD that describe the required changes in the Insights Operator.

The changes to the insights-runtime-extractor are handled in openshift/insights-runtime-extractor#60.

JIRA: https://issues.redhat.com/browse/CCXDEV-15960

• Bugfix

Changelog

Integration of the insights-runtime-extractor and its API have been changed to collect only runtime data
from the subset of containers that are gathered by the Insights Operator

Breaking Changes

No

References

https://issues.redhat.com/browse/CCXDEV-15960

Summary by CodeRabbit

• New Features

  • Runtime data collection now requests info only for identified container IDs, reducing compute and latency during gathers.

• Updates

  • Runtime extractor now uses POST requests with container ID payloads; access rule for the extractor endpoint simplified.

• Documentation

  • Added product requirements describing the new container-ID filtering flow and rollout considerations.

• Tests

  • Added unit tests covering container-ID aggregation and runtime-info merging behavior.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[opokornyy]

Would batching those requests, instead of sending all 8000 IDs in a single POST, add here any benefits?

[jmesnil]

POSTing at most 8000 ids would send a request of maximum 600KB.
I'm not sure that it is worth splitting that into several requests though... But if you want to make that a requirement from the Insights Operator, it's doable

[jmesnil]

/retest

[jmesnil]

/retest

[jmesnil]

/retest

[BaiyangZhou]

/retest

[BaiyangZhou]

/test e2e-gcp-ovn-techpreview

[BaiyangZhou]

/retest

[coderabbitai]

Warning

Review limit reached

@jmesnil, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 20 minutes and 16 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 272a8d12-4da3-4b10-b38c-d6255f8346f1

📥 Commits

Reviewing files that changed from the base of the PR and between b826de8 and 43b23e1.

📒 Files selected for processing (6)

• manifests/10-insights-runtime-extractor-proxy-configmap.yaml
• pkg/gatherers/workloads/gather_workloads_info.go
• pkg/gatherers/workloads/gather_workloads_info_test.go
• pkg/gatherers/workloads/gather_workloads_runtime_infos.go
• pkg/gatherers/workloads/gather_workloads_runtime_infos_test.go
• pkg/gatherers/workloads/types.go

📝 Walkthrough

Walkthrough

Build workload shapes first while collecting container IDs grouped by node, POST those container IDs to the runtime extractor per node, then merge the returned runtime info into the pre-built shapes using an internal runtimeKey.

Changes

Container IDs filtering and deferred runtime merge

Layer / File(s)	Summary
PRD and proxy config docs/prd/prd-0001-container-ids-filtering.md, manifests/10-insights-runtime-extractor-proxy-configmap.yaml	Adds PRD describing containerIDsByNode and POST contract; removes explicit verb entry for /gather_runtime_info in kube-rbac-proxy static auth.
Shape building & ID collection pkg/gatherers/workloads/gather_workloads_info.go	Collect container IDs per node during pod processing, decouple calculateWorkloadContainerShapes from runtime lookups, return containersByNode from workloadInfo, and add mergeRuntimeInfoIntoShapes to attach runtime data.
Workload info unit tests pkg/gatherers/workloads/gather_workloads_info_test.go	Adds tests for containerIDsByNode.addPodContainers, multi-pod/multi-node accumulation, mergeRuntimeInfoIntoShapes, and updates calculatePodShape test signature.
Runtime info collection pkg/gatherers/workloads/gather_workloads_runtime_infos.go	Scope gatherWorkloadRuntimeInfos by containersByNode, skip empty nodes, change getNodeWorkloadRuntimeInfos to accept containerIDs and POST a JSON body with ContainerIDs.
Runtime collection tests pkg/gatherers/workloads/gather_workloads_runtime_infos_test.go	Update tests to expect POST + Content-Type: application/json, validate JSON request body contains ContainerIDs, and adapt gatherWorkloadRuntimeInfos calls to new signature.
Internal types pkg/gatherers/workloads/types.go	Add unexported runtimeKey containerInfo to workloadContainerShape with json:\"-\" for runtime-info lookup during merge.

Sequence Diagram(s)

sequenceDiagram
  participant Gatherer as Workload Gatherer
  participant PodProc as Pod Processor
  participant Shapes as Shape Builder
  participant IDs as containerIDsByNode
  participant Extractor as insights-runtime-extractor
  participant Merger as mergeRuntimeInfoIntoShapes

  Gatherer->>PodProc: iterate and process pods
  PodProc->>Shapes: calculate container shapes (store runtimeKey, no runtime info)
  PodProc->>IDs: addPodContainers (collect container IDs per node)
  IDs-->>Gatherer: containerIDsByNode per node

  Gatherer->>Extractor: per-node POST /gather_runtime_info {containerIds: [...]}
  Extractor-->>Gatherer: workloadRuntimes (filtered)
  Gatherer->>Merger: mergeRuntimeInfoIntoShapes(shapes, workloadRuntimes)
  Merger-->>Gatherer: shapes populated with RuntimeInfo

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

🚥 Pre-merge checks | ✅ 12 | ❌ 3

❌ Failed checks (1 warning, 2 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.53% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	The description addresses the main objective but lacks several required template sections: missing 'Sample Archive' with specific paths, incomplete 'Documentation' section (path format), missing 'Unit Tests' list, and 'Privacy' section is absent despite new data collection.	Complete all required template sections: provide specific sample archive paths, document which files reflect changes, list all unit test files, and address privacy considerations for newly collected container ID information.
Test Structure And Quality	❓ Inconclusive	Custom check refers to "Ginkgo test code" but repository uses standard Go testing, making the check requirements (BeforeEach/AfterEach, Describe/It blocks) inapplicable.	Clarify if check applies to standard Go tests (not Ginkgo). If yes, new tests lack assertion messages (e.g., assert.Equal(t, expected, actual, "meaningful failure message")). If no, check is not applicable.

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main optimization objective of the PR (CPU usage optimization of insights-runtime-extractor), matching the documented goal of filtering containers to reduce CPU/latency.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The custom check for Ginkgo test naming stability does not apply—this project uses standard Go testing, not Ginkgo. All new test functions and test case names are static with no dynamic data.
Microshift Test Compatibility	✅ Passed	PR adds only standard Go unit tests (testing package), not Ginkgo e2e tests. MicroShift compatibility check applies only to Ginkgo e2e tests; therefore not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds only standard Go unit tests (not Ginkgo e2e tests). The four new test functions use the testing package without Ginkgo patterns and test internal package logic, not cluster behavior.
Topology-Aware Scheduling Compatibility	✅ Passed	No deployment manifests, pod affinity, topology constraints, or scheduling rules added. Changes limited to workload gathering logic and RBAC config.
Ote Binary Stdout Contract	✅ Passed	No OTE Binary Stdout Contract violations detected. All changes are in library code (workload gatherers) with no process-level stdout writes; all logging uses klog within regular functions.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR contains no Ginkgo e2e tests; only standard Go unit tests (testing.T) in pkg/gatherers/workloads. Check not applicable.
No-Weak-Crypto	✅ Passed	No weak crypto (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom implementations, or non-constant-time secret comparisons detected. Only SHA256 used for legitimate hashing.
Container-Privileges	✅ Passed	No privileged container configurations found. PR changes API protocol and workload gathering without introducing container security issues.
No-Sensitive-Data-In-Logs	✅ Passed	All logging statements are safe. Tokens never logged; errors contain only standard filesystem messages. Container IDs logged as count only. No sensitive data exposed in logs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pkg/gatherers/workloads/gather_workloads_runtime_infos.go (2)

80-90: ⚠️ Potential issue | 🟠 Major

Propagate node setup failures instead of only logging.

When HTTP client creation or token read fails, the goroutine returns without sending an error result. That makes runtime collection failures invisible to the caller and can mask partial data loss.

Suggested patch

 			httpCli, err := createHTTPClient()
 			if err != nil {
-				klog.Errorf("Failed to initialize the HTTP client: %v", err)
+				nodeWorkloadCh <- workloadRuntimesResult{
+					Error: fmt.Errorf("failed to initialize HTTP client for node %s: %w", podInfo.nodeName, err),
+				}
 				return
 			}
 			tokenData, err := readToken()
 			if err != nil {
-				klog.Errorf("Failed to read the serviceaccount token: %v", err)
+				nodeWorkloadCh <- workloadRuntimesResult{
+					Error: fmt.Errorf("failed to read serviceaccount token for node %s: %w", podInfo.nodeName, err),
+				}
 				return
 			}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/gatherers/workloads/gather_workloads_runtime_infos.go` around lines 80 -
90, The goroutine currently swallows failures from createHTTPClient() and
readToken() by logging and returning, so callers never learn about errors;
change the goroutine to propagate errors over nodeWorkloadCh instead of
returning silently: when createHTTPClient() or readToken() returns an error,
send a failure result (e.g., a NodeWorkloadRuntimeInfo value that includes an
error field or a separate error wrapper) on nodeWorkloadCh referencing
createHTTPClient and readToken, then return; ensure existing consumer of
nodeWorkloadCh (which expects values from getNodeWorkloadRuntimeInfos) is
updated/compatible to handle the error-carrying message.

---

210-224: ⚠️ Potential issue | 🔴 Critical

Close resp.Body before checking status code.

In Go, HTTP non-2xx responses are not errors—client.Do() returns a valid response even for 4xx/5xx status codes. On non-200 responses (lines 216–223), the function returns before defer resp.Body.Close() is registered at line 224, leaking the response body and preventing connection reuse.

Suggested patch

 	resp, err := httpCli.Do(request)
 	if err != nil {
 		return workloadRuntimesResult{
 			Error: err,
 		}
 	}
+	defer resp.Body.Close()
 	if resp.StatusCode != 200 {
 		return workloadRuntimesResult{
 			Error: insightsclient.HttpError{
 				StatusCode: resp.StatusCode,
 				Err:        fmt.Errorf("received unexpected status code %s from %s", resp.Status, url),
 			},
 		}
 	}
-	defer resp.Body.Close()

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/gatherers/workloads/gather_workloads_runtime_infos.go` around lines 210 -
224, The response body is not closed on non-200 HTTP responses in the routine
that calls httpCli.Do(request), leaking connections; move or add
resp.Body.Close() so the body is always closed before any early return: after
successfully obtaining resp (i.e., after the err == nil check where resp is
valid) call defer resp.Body.Close() (or explicitly call resp.Body.Close() before
returning the workloadRuntimesResult on non-200 status) to ensure the body is
closed when returning an error; update the code paths around
httpCli.Do(request), the resp.StatusCode check, and the workloadRuntimesResult
returns to use this pattern.

🧹 Nitpick comments (1)

pkg/gatherers/workloads/gather_workloads_info.go (1)

299-307: Consider removing init-container runtimeKey population if init runtime is intentionally out of scope.

runtimeKey is set for init containers, but runtime merge currently applies only to shape.Containers. Either merge init runtime too, or avoid storing init keys to reduce ambiguity and minor overhead.

Also applies to: 573-582

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/gatherers/workloads/gather_workloads_info.go` around lines 299 - 307, The
init-container shapes are being assigned runtimeKey even though runtime merge
only applies to shape.Containers; change calculateWorkloadContainerShapes to
accept a flag (e.g., disableRuntimeKey or isInit bool) and use it to skip
populating runtimeKey when called for init containers, then update the calls
that build podShape.InitContainers (where calculateWorkloadContainerShapes is
invoked for InitContainers) to pass that flag; leave the regular container call
(podShape.Containers) unchanged. Also apply the same change to the other call
site mentioned (lines 573-582) so init-container keys are not stored when
runtime merge is intentionally out of scope.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/prd/prd-0001-container-ids-filtering.md`:
- Around line 152-169: The example mixes variable names and an incompatible
return shape; standardize on a single request variable (use req or request
consistently), use the same http client variable (client or httpCli) when
calling client.Do, and ensure error returns match the function’s return type
(e.g., return workloadRuntimesResult{Error: fmt.Errorf(...)} rather than nil,
fmt.Errorf). Specifically update the block that constructs
gatherRuntimeInfoRequest/reqBody to marshal, create the HTTP request into the
same req variable you set headers on, call the same client variable for Do, and
replace the mismatched return statement with a workloadRuntimesResult value
containing the error.
- Around line 28-92: Add explicit language identifiers to each fenced code block
in the document to satisfy markdownlint MD040 and improve readability: label the
ASCII sequence diagrams as "text" (e.g., the blocks showing the
insights-operator ↔ insights-runtime-extractor flows), label the HTTP
request/response examples as "http" (the GET and POST request blocks and their
bodies), and label the JSON payload/response examples as "json" (the
{"containerIds": [...]} body and any JSON response snippets); apply these
changes to every triple-backtick block in the file including the "Current flow"
and "New flow" code fences.

In `@manifests/10-insights-runtime-extractor-proxy-configmap.yaml`:
- Around line 19-22: The kube-rbac-proxy rule for the path
"/gather_runtime_info" currently omits an explicit HTTP verb, which is treated
as a wildcard; update the config for that rule (the block containing path:
/gather_runtime_info, resourceRequest: false, user.name:
system:serviceaccount:openshift-insights:operator) to include verb: post so only
POST requests are allowed and least-privilege authorization is enforced.

In `@pkg/gatherers/workloads/gather_workloads_info_test.go`:
- Around line 901-949: The test case name "merges runtime info into init
containers" contradicts the assertions (initContainer.RuntimeInfo is expected to
be nil while appContainer.RuntimeInfo is populated); either rename the case to
reflect the actual behavior (e.g., "does not merge runtime info into init
containers") or change the assertions to expect initContainer.RuntimeInfo to be
populated; locate the table entry containing the name string and the checkResult
that references initContainer, appContainer and RuntimeInfo and update the name
or assertions consistently so intent is unambiguous.

---

Outside diff comments:
In `@pkg/gatherers/workloads/gather_workloads_runtime_infos.go`:
- Around line 80-90: The goroutine currently swallows failures from
createHTTPClient() and readToken() by logging and returning, so callers never
learn about errors; change the goroutine to propagate errors over nodeWorkloadCh
instead of returning silently: when createHTTPClient() or readToken() returns an
error, send a failure result (e.g., a NodeWorkloadRuntimeInfo value that
includes an error field or a separate error wrapper) on nodeWorkloadCh
referencing createHTTPClient and readToken, then return; ensure existing
consumer of nodeWorkloadCh (which expects values from
getNodeWorkloadRuntimeInfos) is updated/compatible to handle the error-carrying
message.
- Around line 210-224: The response body is not closed on non-200 HTTP responses
in the routine that calls httpCli.Do(request), leaking connections; move or add
resp.Body.Close() so the body is always closed before any early return: after
successfully obtaining resp (i.e., after the err == nil check where resp is
valid) call defer resp.Body.Close() (or explicitly call resp.Body.Close() before
returning the workloadRuntimesResult on non-200 status) to ensure the body is
closed when returning an error; update the code paths around
httpCli.Do(request), the resp.StatusCode check, and the workloadRuntimesResult
returns to use this pattern.

---

Nitpick comments:
In `@pkg/gatherers/workloads/gather_workloads_info.go`:
- Around line 299-307: The init-container shapes are being assigned runtimeKey
even though runtime merge only applies to shape.Containers; change
calculateWorkloadContainerShapes to accept a flag (e.g., disableRuntimeKey or
isInit bool) and use it to skip populating runtimeKey when called for init
containers, then update the calls that build podShape.InitContainers (where
calculateWorkloadContainerShapes is invoked for InitContainers) to pass that
flag; leave the regular container call (podShape.Containers) unchanged. Also
apply the same change to the other call site mentioned (lines 573-582) so
init-container keys are not stored when runtime merge is intentionally out of
scope.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1b9b547c-36a5-4439-9295-a586e65055bb

📥 Commits

Reviewing files that changed from the base of the PR and between 456de92 and 8c98c99.

📒 Files selected for processing (7)

• docs/prd/prd-0001-container-ids-filtering.md
• manifests/10-insights-runtime-extractor-proxy-configmap.yaml
• pkg/gatherers/workloads/gather_workloads_info.go
• pkg/gatherers/workloads/gather_workloads_info_test.go
• pkg/gatherers/workloads/gather_workloads_runtime_infos.go
• pkg/gatherers/workloads/gather_workloads_runtime_infos_test.go
• pkg/gatherers/workloads/types.go

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jmesnil
Once this PR has been reviewed and has the lgtm label, please assign opokornyy for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

pkg/gatherers/workloads/gather_workloads_info.go (1)

283-299: ⚡ Quick win

Document why init containers are excluded from runtime info merging.

The function only iterates over regular containers (shape.Containers), not init containers. This design is consistent with addPodContainers (line 64) which only processes ContainerStatuses, but the rationale isn't documented. Init containers are typically terminated by gathering time, so excluding them is sensible, but a brief comment would clarify the design for future maintainers.

📝 Suggested comment addition

 // mergeRuntimeInfoIntoShapes updates the shapes in workloadPods with runtime info.
 // This is called after shapes are built and runtime info is gathered.
+// Note: Only regular containers receive runtime info. Init containers are excluded because
+// they are typically terminated by gathering time and not included in containerIDsByNode.
 func mergeRuntimeInfoIntoShapes(info *workloadPods, runtimeInfos workloadRuntimes) {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/gatherers/workloads/gather_workloads_info.go` around lines 283 - 299, The
mergeRuntimeInfoIntoShapes function only merges runtime info for regular
containers (iterating shape.Containers) and skips init containers; add a concise
comment above mergeRuntimeInfoIntoShapes explaining this design: init containers
are excluded because addPodContainers only builds runtime keys from
ContainerStatuses (regular containers) and init containers are usually
terminated by collection time so their runtime info isn’t available or
relevant—refer to addPodContainers and ContainerStatuses in the comment so
maintainers understand the rationale.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/gatherers/workloads/gather_workloads_info.go`:
- Line 132: Run gofmt on the source to fix the formatting issue in the workloads
package: format pkg/gatherers/workloads/gather_workloads_info.go (the
gatherWorkloadsInfo-related code) with gofmt (or gofmt -w) and commit the change
so the file conforms to gofmt rules and static analysis passes.

---

Nitpick comments:
In `@pkg/gatherers/workloads/gather_workloads_info.go`:
- Around line 283-299: The mergeRuntimeInfoIntoShapes function only merges
runtime info for regular containers (iterating shape.Containers) and skips init
containers; add a concise comment above mergeRuntimeInfoIntoShapes explaining
this design: init containers are excluded because addPodContainers only builds
runtime keys from ContainerStatuses (regular containers) and init containers are
usually terminated by collection time so their runtime info isn’t available or
relevant—refer to addPodContainers and ContainerStatuses in the comment so
maintainers understand the rationale.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2f88b308-11c6-4827-bb5f-715ef94a87a4

📥 Commits

Reviewing files that changed from the base of the PR and between 8c98c99 and b826de8.

📒 Files selected for processing (7)

• docs/prd/prd-0001-container-ids-filtering.md
• manifests/10-insights-runtime-extractor-proxy-configmap.yaml
• pkg/gatherers/workloads/gather_workloads_info.go
• pkg/gatherers/workloads/gather_workloads_info_test.go
• pkg/gatherers/workloads/gather_workloads_runtime_infos.go
• pkg/gatherers/workloads/gather_workloads_runtime_infos_test.go
• pkg/gatherers/workloads/types.go

🚧 Files skipped from review as they are similar to previous changes (3)

• manifests/10-insights-runtime-extractor-proxy-configmap.yaml
• pkg/gatherers/workloads/gather_workloads_runtime_infos.go
• pkg/gatherers/workloads/types.go

[opokornyy]

/retest

[opokornyy]

/retest

[openshift-ci]

@jmesnil: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-ovn-techpreview	8c98c99	link	true	/test e2e-gcp-ovn-techpreview
ci/prow/insights-operator-conditions-gcp-ovn-techpreview	8c98c99	link	true	/test insights-operator-conditions-gcp-ovn-techpreview
ci/prow/insights-operator-e2e-tests	43b23e1	link	true	/test insights-operator-e2e-tests
ci/prow/insights-runtime-extractor-tests	43b23e1	link	true	/test insights-runtime-extractor-tests
ci/prow/insights-operator-serial-tests	43b23e1	link	true	/test insights-operator-serial-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jmesnil]

The errors in ci/prow/insights-runtime-extractor-tests are genuine:

E       [key:root['errors'][0], expected pattern:Get "https://10.129.2.6:8443/gather_runtime_info": context deadline exceeded, actual value:Post "https://10.129.2.6:8443/gather_runtime_info": context deadline exceeded] - regex pattern does not match

Indeed, the PR has changed the HTTP API that is now doing a POST instead of a GET.
@opokornyy Where is this test fixture?

[opokornyy]

The errors in ci/prow/insights-runtime-extractor-tests are genuine:

E       [key:root['errors'][0], expected pattern:Get "https://10.129.2.6:8443/gather_runtime_info": context deadline exceeded, actual value:Post "https://10.129.2.6:8443/gather_runtime_info": context deadline exceeded] - regex pattern does not match

Indeed, the PR has changed the HTTP API that is now doing a POST instead of a GET. @opokornyy Where is this test fixture?

I will update our test suite and then retest it