Melds the "pull image from gcr.io" and "pull image from docker hub" tests
into a single test that pulls the agnhost image from the configured
e2eRegistry.
This also removes the need to maintain and update the image
"gcr.io/kubernetes-e2e-test-images/windows-nanoserver:v1". It should have been
a manifest list that also includes future Windows releases, like Windows Server 1903.
Additionally, the image has ~300 MB, meaning that with this change, it won't have to
wait as much to spawn a pod.
Removes "should not be able to pull non-existing image from gcr.io", since
the test "should not be able to pull image from invalid registry" test already
exists, and both of them test the same effect: cannot spawn a pod with an
image that does not exist.
Moving pod related functions from e2e/framework/pv_util.go to
e2e/framework/pod in order to allow refactoring of pv_util.go into its
own package.
Signed-off-by: alejandrox1 <alarcj137@gmail.com>
Skips IPv6 tests on Windows.
Skips sysctl tests on Windows.
Skips network policy tests on Windows.
Skips RunAsUser / FSGroup / file permissions related tests, as those are
not supported on Windows.
Skips the test "should preserve source pod IP for traffic thru service cluster IP"
on Windows, as it creates a Pod with HostNetwork=true, which is unsupported.
What works and what doesn't work on Windows has been documented here:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md#windows--linux-considerations
RunDeployment() of the deployment e2e framework was used in
autoscaling_utils only. In addition, the deployment e2e framework
imported the core of e2e framework only for the function.
So this moves the function into autoscaling_utils then we can remove
dependency of core framework from the deployment e2e framework.
In ObserveEventAfterAction(), observedMatchingEvent is set if ok is
true. Now the ok is already checked with framework.ExpectEqual().
So this removes duplicated check for code cleanup.
Quite a few images are only used a few times in a few tests. Thus,
the images are being centralized into the agnhost image, reducing
the number of images that have to be pulled and used.
This PR replaces the usage of the following images with agnhost:
- audit-proxy
- crd-conversion-webhook
- entrypoint-tester
- inclusterclient
- iperf
- porter
- serve-hostname
As https://github.com/kubernetes/kubernetes/pull/78478 we can use
ExpectNoError() instead of Expect(err).ToNot(HaveOccurred()) also.
This makes the test code check strict to cover the above case and
replaces the remaining in test/e2e/common/expansion.go
- Add a package "node" under e2e/framework and alias e2enode;
- Rename some functions whose name have redundant string.
Signed-off-by: Jiatong Wang <wangjiatong@vmware.com>
Quite a few images are only used a few times in a few tests. Thus,
the images are being centralized into the agnhost image, reducing
the number of images that have to be pulled and used.
This PR replaces the usage of the following images with agnhost:
- net
- netexec
- nettest
- webhook
Because Linux images cannot run on Windows and vice-versa, separate
tests were added for both OSes, only separated by a [LinuxOnly] tag
in their names.
Based on the given --node-os-distro, we can select which image to
use when spawning the pod.
Quite a few images are only used a few times in a few tests. Thus,
the images are being centralized into the agnhost image, reducing
the number of images that have to be pulled and used.
This PR replaces the usage of the following images with agnhost:
- fakegitserver
- hostexec
- liveness
- logs-generator
- no-snat-test
- no-snat-test-proxy
- port-forward-tester
This is part of the transition to using framework/log instead
of the Logf inside the framework package. This will help with
import size/cycles when importing the framework or subpackages.
This is the continuation of the refactoring of framework/deployment_utils.go
into framework/deployment.
Signed-off-by: Jorge Alarcon Ochoa <alarcj137@gmail.com>
Basically conformance test checks the target k8s cluster works all
features which are specified in each test and that should not depend
on any condition.
This adds checking that conformance test should not call any Skip
methods. And it detects the existing conformance test
"creating/deleting custom resource definition objects works"
calls framework.SkipUnlessServerVersionGTE(). So this removes the
Skip also.
Previous IPv6 regex was too loose, this patchs adds a better and
more strict regex for IPv6 addresses and makes the IPv4 and IPv6
regex availables as constants inside the framework pkg
The containers are mounted the /tmp folder as a HostPath volume
and they are supposed to create a new file in it.
The /tmp folder has 777 file permissions, so there shouldn't be any
problems creating a file, even if the container is unprivileged.
The container status is not constant, and can change over time in the
following order:
- Running: When kubelet reports the Pod as running. This state is missable if
the container finishes its command faster than kubelet getting to report this
state.
- Terminated: After the Container finished its command, it will enter the Terminated
state, in which will remain for a short period of time, before kubelet will try
to restart it.
- Waiting: When kubelet has to wait for the backoff period to expire before actually
restarting the container.
Treating and handling each of these states when calculating the backoff period between
container restarts will make the tests more reliable.
E2E Test "Secret should fail to create secret in volume
due to empty secret key" tries to create a secret
with empty key and check whether it fails or not.
But the secret creation in this test fails with
double error due to invalid secret name. This will
make this test to pass even if the fuctionality
which needs to be tested is broken.
This commit fix the secret name error(name should not
have capital letters) so that the secret creation fails
only due to desired reason.
Signed-off-by: kanwar saad bin liaqat <kanwar.sbl@gmail.com>
Current e2e tests for the Container Lifecycle Hooks weren't
using brackets for the IPv6 URL addresses per RFC2732, thus those
tests were failing.
This patches add brackets to the target URL if it's an IPv6 address.
Reference: https://github.com/kubernetes/kubernetes/issues/70248
The test [k8s.io] Probing container [It] should not be restarted with a
/healthz http liveness probe [NodeConformance] [Conformance]
fails because it's using a nginx image that's spawns a server that's
only listening on IPv4 by default.
Switching to an image like TestWebserver that's listening in IPv4 and IPv6 by default
allows the test to run on IPv4 and IPv6 environments.
Reference: https://github.com/kubernetes/kubernetes/issues/70248
Current regex used in the Downward e2e API tests is matching only
IPv4 addresses, consequently those tests fails with IPv6 clusters.
This patch modifies the regex to match ipv4 and ipv6 addresses.
Ref: https://github.com/kubernetes/kubernetes/issues/70248
It has been suggested to replace the "e2eteam/busybox:1.29" image
used in the test "should be able to pull image from docker hub [NodeConformance]"
with a nanoserver image manifest list.
Adds a TODO for it.
Kubelet might miss reporting the new Running state when restarting
a pod after its backoff period expired, and thus, the pod will
continue to remain in CrashLoopBackOff state, causing the
"should cap back-off at MaxContainerBackOff" and
"should have their auto-restart back-off timer reset on image update"
tests to fail, since they're waiting the Pods to enter a Running state.
Waiting for the next Terminated state instead of the next Running state
is more reliable.
Note that this adds 5 seconds to the restart delay due to the fact that
the Container runs for 5 seconds (it's command is "sleep 5"), but it is
within the test's expectations.
Adds the test "should be able to pull from private registry with secret [NodeConformance]"
which will pull the image "gcr.io/authenticated-image-pulling/windows-nanoserver:v1".
The mentioned image is a manifest list, and it works for both
Windows Server 1803 and Windows Server 2019. The manifest list
will have to be amended when a new Windows Server is released.
Adds the test "should be able to pull image from gcr.io [NodeConformance]",
which will pull the the image "gcr.io/kubernetes-e2e-test-images/windows-nanoserver:v1".
The mentioned image is a manifest list, and it works for both
Windows Server 1803 and Windows Server 2019. The manifest list
will have to be amended when a new Windows Server is released.
The command passed to the Windows Container has been changed to
"ping -t localhost", which will keep the container in the Running state,
which is required and checked by the test.
* merge pkg/api/v1/node with pkg/util/node
* update test case for utilnode
* remove package pkg/api/v1/node
* move isNodeReady to internal func
* Split GetNodeCondition into e2e and controller pkg
* fix import errors
The test "should write entries to /etc/hosts" should have the [LinuxOnly] tag as
it cannot pass on Windows; individual files cannot be mounted in Windows Containers.
This test was missed in the original PR (https://github.com/kubernetes/kubernetes/pull/73204)
Adds the test "should be able to pull image from docker hub [WindowsOnly]",
which will pull a Windows busybox image from dockerhub. Since it is busybox,
the same command will also work for this image.
The busybox image is currently used in other E2E tests, so the image should
already be prepulled on the nodes. Additionally, the image has a manifest list
for Windows Server 1803 and Windows Server 2019, and future versions will be
added to it.
Some of the tests cannot pass using Windows nodes due to various reasons:
- seLinuxOptions are not supported on Windows.
- Running as an UID / GID is not supported on Windows.
- file permissions work differently on Windows, and they cannot be set in
the same manner as on Linux.
- individual files cannot be mounted in Windows Containers.
- Cannot create container using Linux image (e.g.: alpine) on Windows.
Because of this, it has been decided to use the "[LinuxOnly]" tag for the
tests which cannot run on Windows because of the mentioned reasons. This way,
when running tests using Windows nodes, those tests can simply be skipped by
adding the "[LinuxOnly]" tag to the ginkgo.skip argument.
Some tests use .yaml files to deploy pods, which have hardcoded
images. Those images cannot be used for Windows containers.
The image names can be injected by the tests themselves, based on
the configured registries.
Remove SLOW tag and update description for KUBEDESCRIBE(Probing container) and SIGDESCRIBE(EmptyDir Wrapper Volume)
Remove slow references for tests that execute below 5 minutes
Some mounttest related tests are checking the file permissions set on the
container files, but the default file permissions on Windows is 775 instead of
644, causing some tests to fail.
Keep in mind that file permissions work differently on Windows, and setting file
permissions via Kubernetes is not currently supported on Windows.
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
When node lease feature is enabled, kubelet reports node status to api server
only if there is some change or it didn't report over last report interval.
As discussing on #68905
some tests of test/e2e/common/host_path.go are covered with
test/e2e/storage/testsuites/subpath.go
So we don't need to keep them in test/e2e/common/host_path.go
anymore for the maintenance.
- Scale down based on custom metric was flaking. Increase target value
of the metric.
- Scale down based on CPU was flaking during stabilization. Increase
tolerance of stabilization (caused by resource consumer using more CPU
than requested).
The test "should run with the expected status" passes with and without
the set SELinuxOptions, but removing it will ensure that the test will
be able to run and pass on Windows nodes as well.
Automatic merge from submit-queue (batch tested with PRs 66840, 68159). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
TTL for cleaning up Jobs after they finish
**What this PR does / why we need it**: https://github.com/kubernetes/features/issues/592
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64470
For https://github.com/kubernetes/features/issues/592
**Special notes for your reviewer**: @kubernetes/sig-apps-pr-reviews
**Release note**:
```release-note
Add a TTL machenism to clean up Jobs after they finish.
```
Automatic merge from submit-queue (batch tested with PRs 67736, 68123, 68138). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.
Port security context NodeConformance e2e_node tests to e2e
**What this PR does / why we need it**:
Port all [NodeConformance] SecurityContext e2e_node tests to e2e/common.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67032
**Special notes for your reviewer**:
- This PR is a continuing effort to close#67032.
- Removed ContainerRuntime constraint [as discussed](https://github.com/kubernetes/kubernetes/pull/67032#discussion_r214201870).
- Porting all [NodeConformance] tests to e2e/common which do not have node dependencies.
- Does it make sense to port [privileged test](https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/security_context_test.go#L558) to e2e/common and remove [NodeFeature:HostAccess] label from test name?
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 67739, 65222). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tests: Make e2e test platform-agnostic
The test:
[k8s.io] Pods should support remote command execution over websockets [NodeConformance]
uses cat on /etc/resolv.conf and checks if the output from the container is "namespace",
which is incompatible with windows containers as there is no such file.
Since the test just check if remote command execution works, the command is
irrelevant as long as the output checks out. Switched to using echo "remote execution test",
and checking that output as it works for both windows and linux.
This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on [KEP-0009](https://github.com/kubernetes/community/blob/master/keps/sig-node/0009-node-heartbeat.md),
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.
- add NodeLease feature gate
- add kube-node-lease system namespace for node leases
- add Kubelet option for lease duration
- add Kubelet-internal lease controller to create and update lease
- add e2e test for NodeLease feature
- modify node authorizer and node restriction admission controller
to allow Kubelets access to corresponding leases
Automatic merge from submit-queue (batch tested with PRs 67100, 67426). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
porting e2e_node lifecycle testcases into e2e folder under common
a) Shifted (and renamed) file existing in e2e_node to e2e/common.
b) Added these tests to the conformance suite:
- "should execute poststart exec hook properly"
- "should execute prestop exec hook properly"
- "should execute poststart http hook properly"
- "should execute prestop http hook properly"
[reference issue](https://github.com/kubernetes/kubernetes/issues/67086) explaining the effort.
Automatic merge from submit-queue (batch tested with PRs 67347, 67307, 67358, 67364, 67385). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
delete the busyboxImage and mountTest var and change use imageutils
**What this PR does / why we need it**:
delete the ```busyboxImage```,```mountTest``` variable and change everything to use ```imageutils.GetE2EImage(imageutils.BusyBox)```, ```imageutils.GetE2EImage(imageutils.MountTest)```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#67237
**Special notes for your reviewer**:
/cc @mikedanese
/assign @mikedanese
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
#50102 Task 1: Move apimachinery/pkg/watch.Until into client-go/tools/watch.UntilWithoutRetry
**What this PR does / why we need it**:
This is a split off from https://github.com/kubernetes/kubernetes/pull/50102 to go in smaller pieces.
Moves `apimachinery/pkg/watch.Until` into `client-go/tools/watch.UntilWithoutRetry` and adds context so it is cancelable.
**Release note**:
```release-note
NONE
```
**Dev release note**:
```dev-release-note
`apimachinery/pkg/watch.Until` has been moved to `client-go/tools/watch.UntilWithoutRetry`.
While switching please consider using the new `client-go/tools/watch.UntilWithSync` or `client-go/tools/watch.Until`.
```
/cc @smarterclayton @kubernetes/sig-api-machinery-pr-reviews
/milestone v1.12
/priority important-soon
/kind bug
(bug after the main PR which is this split from)
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promoting "[sig-storage] Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace" to Conformance
**What this PR does / why we need it**:
An consolidated effort to resolve the issue https://github.com/kubernetes/kubernetes/issues/66875
> _[sig-storage] Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace_
Promoting mentioned e2e test for Conformance as it -
- Validates that secret with same name can be created in different namespaces but secrets which reside in same namespace as that of pod can be only be accessed from volume mounted in the container.
- Improves api coverage including prioritized Pod API lists. https://github.com/cncf/k8s-conformance/issues/220#issuecomment-393344061
> GET /api/v1/namespaces/{namespace}/pods/{name}/log
GET /api/v1/namespaces/{namespace}/pods
GET /api/v1/namespaces/{namespace}/pods/{name}
POST /api/v1/namespaces/{namespace}/pods
PUT /api/v1/namespaces/{namespace}/pods/{name}/status
DELETE /api/v1/namespaces/{namespace}/pods
DELETE /api/v1/namespaces/{namespace}/pods/{name}
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
No Flakes Found.
```
• [SLOW TEST:16.326 seconds]
[sig-storage] Secrets
/home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:33
should be able to mount in a volume regardless of a different secret existing with same name in different namespace [NodeConformance]
/home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:86
------------------------------
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
Aug 7 07:12:44.133: INFO: Running AfterSuite actions on all node
Aug 7 07:12:44.134: INFO: Running AfterSuite actions on node 1
Ran 1 of 1020 Specs in 16.441 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 1019 Skipped PASS
All tests passed...
Will keep running them until they fail.
This was attempt #40
No, seriously... you can probably stop now.
```
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 61212, 66369, 66446, 66895, 66969). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Promoting configmap binarydata support [NodeConformance] test to conformance
**What this PR does / why we need it**:
**e2e:** _[sig-storage] ConfigMap binary data should be reflected in volume [NodeConformance]_
Promotes mentioned e2e to conformance as it -
1. Validates ConfigMap's binarydata support effectively
2. Improves API Coverage for prioritized api lists. (https://github.com/cncf/k8s-conformance/issues/220#issuecomment-393344061)
> GET /api/v1/namespaces/{namespace}/pods
GET /api/v1/namespaces/{namespace}/pods/{name}
GET /api/v1/namespaces/{namespace}/pods/{name}/log
POST /api/v1/namespaces/{namespace}/pods
PUT /api/v1/namespaces/{namespace}/pods/{name}/status
DELETE /api/v1/namespaces/{namespace}/pods
DELETE /api/v1/namespaces/{namespace}/pods/{name}
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
No Flakes found.
**Release note**:
```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
