Files

Patrick Ohly c526d7796e DRA e2e: use VAP to control "admin access" permissions

The advantages of using a validation admission policy (VAP) are that no changes
are needed in Kubernetes and that admins have full flexibility if and how they
want to control which users are allowed to use "admin access" in their
requests.

The downside is that without admins taking actions, the feature is enabled
out-of-the-box in a cluster. Documentation for DRA will have to make it very
clear that something needs to be done in multi-tenant clusters.

The test/e2e/testing-manifests/dra/admin-access-policy.yaml shows how to do
this. The corresponding E2E tests ensures that it actually works as intended.

For some reason, adding the namespace to the message expression leads to a
type check errors, so it's currently commented out.

2024-07-22 18:09:34 +02:00

apimachinery

Revert "e2e/apimachinery/watchlist: always run WatchList e2e tests"

2024-07-18 09:29:46 +02:00

apps

Promote JobPodFailurePolicy and PodDisruptionConditions e2e tests to Conformance

2024-07-17 18:13:08 +02:00

architecture

e2e: enhance SIGDescribe

2023-10-10 18:15:49 +02:00

auth

ClusterTrustBundle projection: e2e test

2023-11-03 12:08:35 -07:00

autoscaling

tag e2e test that depends on cloud-provider-gcp

2024-05-27 18:14:48 +00:00

chaosmonkey

e2e: use Ginkgo context

2022-12-16 20:14:04 +01:00

cloud

fix node lease e2e flakes

2024-07-15 11:59:44 +08:00

common

Merge pull request #125401 from bitoku/fix-fail-message

2024-06-28 16:48:38 -07:00

dra

DRA e2e: use VAP to control "admin access" permissions

2024-07-22 18:09:34 +02:00

environment

e2e labels: ensure that the lists remain sorted

2024-02-13 11:51:45 +01:00

feature

KEP-3619: implement e2e test for SupplementalGroupsPolicy

2024-07-16 12:36:00 +09:00

framework

Format helper scripts in Job e2e tests as multiline for readability

2024-07-18 11:05:36 +02:00

instrumentation

Update PodSecurityLevel used during tests

2024-05-15 16:50:30 +02:00

kubectl

Add logging to show which unexpected events were received in kubectl events e2e test

2024-05-23 20:33:17 -04:00

lifecycle

e2e: use framework labels

2023-11-01 15:17:34 +01:00

network

e2e: fix flake on loadbalancer tests

2024-07-18 12:54:54 +00:00

node

KEP-3619: implement e2e test for SupplementalGroupsPolicy

2024-07-16 12:36:00 +09:00

nodefeature

refactor nodefeature

2024-07-18 08:45:52 +00:00

perftype

hack/update-bazel.sh

2021-02-28 15:17:29 -08:00

reporters

e2e: comment the known limitation of the ProgressReporter

2022-12-23 18:43:49 +08:00

scheduling

Promote JobPodFailurePolicy and PodDisruptionConditions e2e tests to Conformance

2024-07-17 18:13:08 +02:00

storage

Remove static PV topology test

2024-07-12 09:49:26 +02:00

testing-manifests

Add sig/etcd labels for related directories

2024-06-24 17:03:34 -04:00

upgrades

drop deprecated PollWithContext and adopt PollUntilContextTimeout instead

2024-06-21 19:23:31 +08:00

windows

Adding e2e test to validate memory-pressure eviction on Windows

2024-07-17 15:11:30 -07:00

e2e_test.go

chore:update invalid package name by golint

2024-05-04 22:55:43 +08:00

e2e-example-config.json

Add viper support to core e2es

2016-09-15 18:38:01 -04:00

e2e.go

Use new WaitForAlmostAllPodsReady function ins e2e setup

2024-04-17 23:18:26 -05:00

providers.go

Remove gcp in-tree cloud provider and credential provider

2024-05-01 09:03:53 -04:00

README.md

e2e: use framework labels

2023-11-01 15:17:34 +01:00

suites.go

e2e: use error wrapping with %w

2023-02-06 15:39:13 +01:00

README.md

test/e2e

This is home to e2e tests used for presubmit, periodic, and postsubmit jobs.

Some of these jobs are merge-blocking, some are release-blocking.

e2e test ownership

All e2e tests must adhere to the following policies:

the test must be owned by one and only one SIG
the test must live in/underneath a sig-owned package matching pattern: test/e2e/[{subpath}/]{sig}/..., e.g.
- test/e2e/auth - all tests owned by sig-auth
- test/e2e/common/storage - all tests common to cluster-level and node-level e2e tests, owned by sig-node
- test/e2e/upgrade/apps - all tests used in upgrade testing, owned by sig-apps
each sig-owned package should have an OWNERS file defining relevant approvers and labels for the owning sig, e.g.

# test/e2e/node/OWNERS
# See the OWNERS docs at https://go.k8s.io/owners

approvers:
- alice
- bob
- cynthia
emeritus_approvers:
- dave
reviewers:
- sig-node-reviewers
labels:
- sig/node

packages that use {subpath} should have an imports.go file importing sig-owned packages (for ginkgo's benefit), e.g.

// test/e2e/common/imports.go
package common

import (
	// ensure these packages are scanned by ginkgo for e2e tests
	_ "k8s.io/kubernetes/test/e2e/common/network"
	_ "k8s.io/kubernetes/test/e2e/common/node"
	_ "k8s.io/kubernetes/test/e2e/common/storage"
)

test ownership must be declared via a top-level SIGDescribe call defined in the sig-owned package, e.g.

// test/e2e/lifecycle/framework.go
package lifecycle

import "k8s.io/kubernetes/test/e2e/framework"

// SIGDescribe annotates the test with the SIG label.
var SIGDescribe = framework.SIGDescribe("cluster-lifecycle")

// test/e2e/lifecycle/bootstrap/bootstrap_signer.go

package bootstrap

import (
	"github.com/onsi/ginkgo"
	"k8s.io/kubernetes/test/e2e/lifecycle"
)
var _ = lifecycle.SIGDescribe("cluster", feature.BootstrapTokens, func() {
  /* ... */
  ginkgo.It("should sign the new added bootstrap tokens", func(ctx context.Context) {
    /* ... */
  })
  /* etc */
})

These polices are enforced:

via the merge-blocking presubmit job pull-kubernetes-verify
which ends up running hack/verify-e2e-test-ownership.sh
which can also be run via make verify WHAT=e2e-test-ownership

more info

See kubernetes/community/.../e2e-tests.md