Some tests are setting HostNetwork=true, even if it is not required
for them to pass.
This patch will set the HostNetwork to false for those tests, allowing
them to be run on Windows nodes as well.
We've added the WindowsRunAsUserName feature some time ago, and it was
promoted to Beta for v1.17. We can now remove the [LinuxOnly] tag for
a few tests.
Depends On: #83058
Depends On: #84882
This is the last PR which moves functions from e2e/framework/util.go
- WaitForServiceWithSelector: Moved to e2e/cloud/gcp
- WaitForStatefulSetReplicasReady: Moved to e2e/storage
- WaitForRCToStabilize: Moved to e2e/kubectl
- CheckInvariants: Moved to e2e/common
- ContainerInitInvariant: Moved to e2e/common
- DumpEventsInNamespace: Renamed to local function
- WaitForDaemonSets: Moved to e2e/e2e.go
The redis version has been bumped to version 5.0.5, but the maximum version supported on
Windows is 3.2. This can lead to failing tests, the output and behaviour can be different
(see #80516). In order to prevent such failures, the amount of times the Redis image is
used can be reduced.
This commit uses the previously added agnhost guestbook subcommand as a replacement for the
Guestbook application created by the test "should create and stop a working application".
Adds AgnhostPrivate to test/utils/image/manifest. Some tests are trying to pull
the agnhost image from the private registry, meaning that we would need to
always build and push the agnhost image to both e2e and private registry
whenever we bump its version. Decoupling them would mean that we only need
to push the image to the e2e registry.
Use POST method instead of running local kubectl.
Use ExecCommandInContainerWithFullOutput() instead of RunKubectl().
PodExec() takes additional framework arg, passed down in call chain.
VerifyExecInPodFail uses different error code cast as original
one causes test code Panic if used with new call method.
Since we've added support for RunAsUserName, we can now run some new
tests. However, the [LinuxOnly] tag will have to remain until the
WindowsRunAsUserName feature becomes enabled by default.
Additionally, Containerd supports file mounting on Windows, and some
tests will be able to pass on Windows with Containerd instead of Docker.
Melds the "pull image from gcr.io" and "pull image from docker hub" tests
into a single test that pulls the agnhost image from the configured
e2eRegistry.
This also removes the need to maintain and update the image
"gcr.io/kubernetes-e2e-test-images/windows-nanoserver:v1". It should have been
a manifest list that also includes future Windows releases, like Windows Server 1903.
Additionally, the image has ~300 MB, meaning that with this change, it won't have to
wait as much to spawn a pod.
Removes "should not be able to pull non-existing image from gcr.io", since
the test "should not be able to pull image from invalid registry" test already
exists, and both of them test the same effect: cannot spawn a pod with an
image that does not exist.
Moving pod related functions from e2e/framework/pv_util.go to
e2e/framework/pod in order to allow refactoring of pv_util.go into its
own package.
Signed-off-by: alejandrox1 <alarcj137@gmail.com>
Skips IPv6 tests on Windows.
Skips sysctl tests on Windows.
Skips network policy tests on Windows.
Skips RunAsUser / FSGroup / file permissions related tests, as those are
not supported on Windows.
Skips the test "should preserve source pod IP for traffic thru service cluster IP"
on Windows, as it creates a Pod with HostNetwork=true, which is unsupported.
What works and what doesn't work on Windows has been documented here:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md#windows--linux-considerations
RunDeployment() of the deployment e2e framework was used in
autoscaling_utils only. In addition, the deployment e2e framework
imported the core of e2e framework only for the function.
So this moves the function into autoscaling_utils then we can remove
dependency of core framework from the deployment e2e framework.
In ObserveEventAfterAction(), observedMatchingEvent is set if ok is
true. Now the ok is already checked with framework.ExpectEqual().
So this removes duplicated check for code cleanup.
Quite a few images are only used a few times in a few tests. Thus,
the images are being centralized into the agnhost image, reducing
the number of images that have to be pulled and used.
This PR replaces the usage of the following images with agnhost:
- audit-proxy
- crd-conversion-webhook
- entrypoint-tester
- inclusterclient
- iperf
- porter
- serve-hostname
As https://github.com/kubernetes/kubernetes/pull/78478 we can use
ExpectNoError() instead of Expect(err).ToNot(HaveOccurred()) also.
This makes the test code check strict to cover the above case and
replaces the remaining in test/e2e/common/expansion.go
- Add a package "node" under e2e/framework and alias e2enode;
- Rename some functions whose name have redundant string.
Signed-off-by: Jiatong Wang <wangjiatong@vmware.com>
Quite a few images are only used a few times in a few tests. Thus,
the images are being centralized into the agnhost image, reducing
the number of images that have to be pulled and used.
This PR replaces the usage of the following images with agnhost:
- net
- netexec
- nettest
- webhook
Because Linux images cannot run on Windows and vice-versa, separate
tests were added for both OSes, only separated by a [LinuxOnly] tag
in their names.
Based on the given --node-os-distro, we can select which image to
use when spawning the pod.
Quite a few images are only used a few times in a few tests. Thus,
the images are being centralized into the agnhost image, reducing
the number of images that have to be pulled and used.
This PR replaces the usage of the following images with agnhost:
- fakegitserver
- hostexec
- liveness
- logs-generator
- no-snat-test
- no-snat-test-proxy
- port-forward-tester
This is part of the transition to using framework/log instead
of the Logf inside the framework package. This will help with
import size/cycles when importing the framework or subpackages.
This is the continuation of the refactoring of framework/deployment_utils.go
into framework/deployment.
Signed-off-by: Jorge Alarcon Ochoa <alarcj137@gmail.com>
Basically conformance test checks the target k8s cluster works all
features which are specified in each test and that should not depend
on any condition.
This adds checking that conformance test should not call any Skip
methods. And it detects the existing conformance test
"creating/deleting custom resource definition objects works"
calls framework.SkipUnlessServerVersionGTE(). So this removes the
Skip also.
Previous IPv6 regex was too loose, this patchs adds a better and
more strict regex for IPv6 addresses and makes the IPv4 and IPv6
regex availables as constants inside the framework pkg
The containers are mounted the /tmp folder as a HostPath volume
and they are supposed to create a new file in it.
The /tmp folder has 777 file permissions, so there shouldn't be any
problems creating a file, even if the container is unprivileged.
The container status is not constant, and can change over time in the
following order:
- Running: When kubelet reports the Pod as running. This state is missable if
the container finishes its command faster than kubelet getting to report this
state.
- Terminated: After the Container finished its command, it will enter the Terminated
state, in which will remain for a short period of time, before kubelet will try
to restart it.
- Waiting: When kubelet has to wait for the backoff period to expire before actually
restarting the container.
Treating and handling each of these states when calculating the backoff period between
container restarts will make the tests more reliable.
E2E Test "Secret should fail to create secret in volume
due to empty secret key" tries to create a secret
with empty key and check whether it fails or not.
But the secret creation in this test fails with
double error due to invalid secret name. This will
make this test to pass even if the fuctionality
which needs to be tested is broken.
This commit fix the secret name error(name should not
have capital letters) so that the secret creation fails
only due to desired reason.
Signed-off-by: kanwar saad bin liaqat <kanwar.sbl@gmail.com>
Current e2e tests for the Container Lifecycle Hooks weren't
using brackets for the IPv6 URL addresses per RFC2732, thus those
tests were failing.
This patches add brackets to the target URL if it's an IPv6 address.
Reference: https://github.com/kubernetes/kubernetes/issues/70248
The test [k8s.io] Probing container [It] should not be restarted with a
/healthz http liveness probe [NodeConformance] [Conformance]
fails because it's using a nginx image that's spawns a server that's
only listening on IPv4 by default.
Switching to an image like TestWebserver that's listening in IPv4 and IPv6 by default
allows the test to run on IPv4 and IPv6 environments.
Reference: https://github.com/kubernetes/kubernetes/issues/70248
Current regex used in the Downward e2e API tests is matching only
IPv4 addresses, consequently those tests fails with IPv6 clusters.
This patch modifies the regex to match ipv4 and ipv6 addresses.
Ref: https://github.com/kubernetes/kubernetes/issues/70248
It has been suggested to replace the "e2eteam/busybox:1.29" image
used in the test "should be able to pull image from docker hub [NodeConformance]"
with a nanoserver image manifest list.
Adds a TODO for it.
Kubelet might miss reporting the new Running state when restarting
a pod after its backoff period expired, and thus, the pod will
continue to remain in CrashLoopBackOff state, causing the
"should cap back-off at MaxContainerBackOff" and
"should have their auto-restart back-off timer reset on image update"
tests to fail, since they're waiting the Pods to enter a Running state.
Waiting for the next Terminated state instead of the next Running state
is more reliable.
Note that this adds 5 seconds to the restart delay due to the fact that
the Container runs for 5 seconds (it's command is "sleep 5"), but it is
within the test's expectations.
Adds the test "should be able to pull from private registry with secret [NodeConformance]"
which will pull the image "gcr.io/authenticated-image-pulling/windows-nanoserver:v1".
The mentioned image is a manifest list, and it works for both
Windows Server 1803 and Windows Server 2019. The manifest list
will have to be amended when a new Windows Server is released.
