a1d2df81fb
The sysctl tests have to be skipped when the node components are running in UserNS, because the tests fail due to `open /proc/sys/kernel/shm_rmid_forced: permission denied` (as expected). Can be verified with Rootless kind (https://kind.sigs.k8s.io/docs/user/rootless/): ``` dockerd-rootless-setuptool.sh install : The following steps are added because 'kubetest2 kind --build' does not seem to build e2e.test and ginkgo make WHAT=test/e2e/e2e.test make ginkgo cp -f _output/bin/{e2e.test,ginkgo} _output/dockerized/bin/linux/amd64 kubetest2 kind --build --up --down --test=ginkgo -- \ --use-built-binaries \ --focus-regex='\[NodeConformance\]' \ --skip-regex='\[Environment:NotInUserNS\]' ``` Test with the following host environment: - kubernetes-sigs/kind@ac28d7fb19 (main) - kubernetes-sigs/kubetest2@89f09b65e8 (master) - Docker 24.0.6 - Ubuntu 22.04 amd64, kernel 5.15 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
test/e2e
This is home to e2e tests used for presubmit, periodic, and postsubmit jobs.
Some of these jobs are merge-blocking, some are release-blocking.
e2e test ownership
All e2e tests must adhere to the following policies:
- the test must be owned by one and only one SIG
- the test must live in/underneath a sig-owned package matching pattern:
test/e2e/[{subpath}/]{sig}/..., e.g.test/e2e/auth- all tests owned by sig-authtest/e2e/common/storage- all testscommonto cluster-level and node-level e2e tests, owned by sig-nodetest/e2e/upgrade/apps- all tests used inupgradetesting, owned by sig-apps
- each sig-owned package should have an OWNERS file defining relevant approvers and labels for the owning sig, e.g.
# test/e2e/node/OWNERS
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- alice
- bob
- cynthia
emeritus_approvers:
- dave
reviewers:
- sig-node-reviewers
labels:
- sig/node
- packages that use
{subpath}should have animports.gofile importing sig-owned packages (for ginkgo's benefit), e.g.
// test/e2e/common/imports.go
package common
import (
// ensure these packages are scanned by ginkgo for e2e tests
_ "k8s.io/kubernetes/test/e2e/common/network"
_ "k8s.io/kubernetes/test/e2e/common/node"
_ "k8s.io/kubernetes/test/e2e/common/storage"
)
- test ownership must be declared via a top-level SIGDescribe call defined in the sig-owned package, e.g.
// test/e2e/lifecycle/framework.go
package lifecycle
import "k8s.io/kubernetes/test/e2e/framework"
// SIGDescribe annotates the test with the SIG label.
var SIGDescribe = framework.SIGDescribe("cluster-lifecycle")
// test/e2e/lifecycle/bootstrap/bootstrap_signer.go
package bootstrap
import (
"github.com/onsi/ginkgo"
"k8s.io/kubernetes/test/e2e/lifecycle"
)
var _ = lifecycle.SIGDescribe("[Feature:BootstrapTokens]", func() {
/* ... */
ginkgo.It("should sign the new added bootstrap tokens", func(ctx context.Context) {
/* ... */
})
/* etc */
})
These polices are enforced:
- via the merge-blocking presubmit job
pull-kubernetes-verify - which ends up running
hack/verify-e2e-test-ownership.sh - which can also be run via
make verify WHAT=e2e-test-ownership