Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 : e2e test: do tests with restricted pods #2732

Merged
merged 1 commit into from
Jun 20, 2022
Merged

🌱 : e2e test: do tests with restricted pods #2732

merged 1 commit into from
Jun 20, 2022

Conversation

camilamacedo86
Copy link
Member

@camilamacedo86 camilamacedo86 commented Jun 16, 2022
edited
Loading

Description
do tests with restricted pods

motivation
Ensure that the default scaffold works with restricted pods

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jun 16, 2022
@camilamacedo86 camilamacedo86 marked this pull request as ready for review June 16, 2022 06:10
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Jun 16, 2022
@camilamacedo86 camilamacedo86 changed the title 🌱 : clean up and improve ci to test with Pod Standards restricted (increase the coverage) 🌱 : e2e test: do tests with restricted pods Jun 16, 2022
@kubernetes-sigs kubernetes-sigs deleted a comment from k8s-ci-robot Jun 16, 2022
@camilamacedo86
Copy link
Member Author

/test pull-kubebuilder-e2e-k8s-1-18-20

@camilamacedo86 camilamacedo86 added this to the 3.5.0 milestone Jun 16, 2022
everettraven
everettraven suggested changes Jun 17, 2022
View reviewed changes
Copy link
Contributor

@everettraven everettraven left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, just a couple minor nits

test/e2e/v3/generate_test.go Outdated
@@ -130,7 +130,7 @@ Count int `+"`"+`json:"count,omitempty"`+"`"+`
}

// GenerateV3 implements a go/v3(-alpha) plugin project defined by a TestContext.
func GenerateV3(kbc *utils.TestContext, crdAndWebhookVersion string) {
func GenerateV3(kbc *utils.TestContext, crdAndWebhookVersion string, restrictived bool) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a nit, but I think the bool should either be restrictive or restricted

Suggested change
func GenerateV3(kbc *utils.TestContext, crdAndWebhookVersion string, restrictived bool) {
func GenerateV3(kbc *utils.TestContext, crdAndWebhookVersion string, restrictive bool) {

test/e2e/v3/generate_test.go Show resolved Hide resolved
test/e2e/v3/plugin_cluster_test.go Outdated
Comment on lines 170 to 189
It("should generate a runnable project go/v3 with v1 CRDs and Webhooks with restricted pods", func() {
// Skip if cluster version < 1.16, when v1 CRDs and webhooks did not exist.
// Skip if cluster version < 1.19, because securityContext.seccompProfile only works from 1.19
// Otherwise, unknown field "seccompProfile" in io.k8s.api.core.v1.PodSecurityContext will be faced
if srvVer := kbc.K8sVersion.ServerVersion; srvVer.GetMajorInt() <= 1 && srvVer.GetMinorInt() < 19 {
Skip(fmt.Sprintf("cluster version %s does not support v1 CRDs or webhooks"+
"and securityContext.seccompProfile", srvVer.GitVersion))
}

GenerateV3(kbc, "v1", true)

// only if running on Kubernetes >= 1.24 do we need to generate the ServiceAccount token Secret
// TODO: Remove this once a better implementation using something like the TokenRequest API
// is used in the e2e tests
if srvVer := kbc.K8sVersion.ServerVersion; srvVer.GetMajorInt() == 1 && srvVer.GetMinorInt() >= 24 {
sat = true
}

Run(kbc, sat)
})
It("should generate a runnable project with the golang base plugin v3 and kustomize v4-alpha"+
" with restricted pods", func() {
// Skip if cluster version < 1.16, when v1 CRDs and webhooks did not exist.
// Skip if cluster version < 1.19, because securityContext.seccompProfile only works from 1.19
// Otherwise, unknown field "seccompProfile" in io.k8s.api.core.v1.PodSecurityContext will be faced
if srvVer := kbc.K8sVersion.ServerVersion; srvVer.GetMajorInt() <= 1 && srvVer.GetMinorInt() < 19 {
Skip(fmt.Sprintf("cluster version %s does not support v1 CRDs or webhooks "+
"and securityContext.seccompProfile", srvVer.GitVersion))
}

GenerateV3WithKustomizeV2(kbc, "v1", true)

// only if running on Kubernetes >= 1.24 do we need to generate the ServiceAccount token Secret
// TODO: Remove this once a better implementation using something like the TokenRequest API
// is used in the e2e tests
if srvVer := kbc.K8sVersion.ServerVersion; srvVer.GetMajorInt() == 1 && srvVer.GetMinorInt() >= 24 {
sat = true
}

Run(kbc, sat)
})
It("should generate a runnable project with v1beta1 CRDs and Webhooks with restricted pods", func() {
// Skip if cluster version < 1.15, when `.spec.preserveUnknownFields` was not a v1beta1 CRD field.
// Skip if cluster version < 1.19, because securityContext.seccompProfile only works from 1.19
// Otherwise, unknown field "seccompProfile" in io.k8s.api.core.v1.PodSecurityContext will be faced
// Skip if cluster version >= 1.22 because pre v1 CRDs and webhooks no longer exist.
if srvVer := kbc.K8sVersion.ServerVersion; srvVer.GetMajorInt() <= 1 && srvVer.GetMinorInt() < 19 ||
srvVer.GetMajorInt() <= 1 && srvVer.GetMinorInt() >= 22 {
Skip(fmt.Sprintf("cluster version %s does not support project defaults "+
"and securityContext.seccompProfile", srvVer.GitVersion))
}

GenerateV3(kbc, "v1beta1", true)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious as to why these lines were added? These look to be the same as the above tests that have a minor change to enable the testing with restricted pods.

Copy link
Member Author

@camilamacedo86 camilamacedo86 Jun 17, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a test for an scaffold with CRD v1beta1

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the lines:
https://github.com/kubernetes-sigs/kubebuilder/pull/2732/files/56f0ba5b2730702ed56b5e66d3b5e741ba016c55#diff-5f5cf1a838c4d92e543721d2697ea0e2b0cf57b9f9a3c72bc9fa51a030bc56b8R170-R224

are repeated tests. I may be wrong but I think all of these tests already exist in these lines:
https://github.com/kubernetes-sigs/kubebuilder/pull/2732/files/56f0ba5b2730702ed56b5e66d3b5e741ba016c55#diff-5f5cf1a838c4d92e543721d2697ea0e2b0cf57b9f9a3c72bc9fa51a030bc56b8R114-R168

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • the first one test the Operator with v1 CRDs/Webooks and pod restriction
  • the second one test the Operator with kustomze v2 changes and pod restriction
  • the third one test the Operator with v1beta1 CRDs/Webooks and pod restriction

In the long run we will need to refractory the tests. This code is confusing for sure.

rashmigottipati
rashmigottipati reviewed Jun 17, 2022
View reviewed changes
test/e2e/v3/generate_test.go

func uncommentPodStandards(kbc *utils.TestContext) {
configManager := filepath.Join(kbc.Dir, "config", "manager", "manager.yaml")
managerAuth := filepath.Join(kbc.Dir, "config", "default", "manager_auth_proxy_patch.yaml")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:

Suggested change
managerAuth := filepath.Join(kbc.Dir, "config", "default", "manager_auth_proxy_patch.yaml")
managerAuth := filepath.Join(configManager, "default", "manager_auth_proxy_patch.yaml")

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We cannot do this change.
Why?
configManager-> has the full path with the file

everettraven
everettraven approved these changes Jun 19, 2022
View reviewed changes
Copy link
Contributor

@everettraven everettraven left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86, everettraven

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@camilamacedo86
Copy link
Member Author

@rashmigottipati I am moving forward with this one but we can be working on any improvement that you see fit as a fallow up as well.

@camilamacedo86 camilamacedo86 added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 20, 2022
@camilamacedo86
Copy link
Member Author

/hold

to rebase with master

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 20, 2022
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 20, 2022
@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jun 20, 2022
@camilamacedo86
Copy link
Member Author

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 20, 2022
@camilamacedo86 camilamacedo86 added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Jun 20, 2022
@camilamacedo86 camilamacedo86 added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 20, 2022
@k8s-ci-robot k8s-ci-robot merged commit dcc5bb4 into kubernetes-sigs:master Jun 20, 2022
@camilamacedo86 camilamacedo86 deleted the test-improvements branch June 20, 2022 13:42
rashmigottipati
rashmigottipati reviewed Jun 20, 2022
View reviewed changes
Copy link
Contributor

@rashmigottipati rashmigottipati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@everettraven everettraven mentioned this pull request Jun 24, 2022
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rashmigottipati rashmigottipati rashmigottipati left review comments

@everettraven everettraven everettraven approved these changes

@joelanford joelanford Awaiting requested review from joelanford

@pwittrock pwittrock Awaiting requested review from pwittrock

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
3.5.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@camilamacedo86 @k8s-ci-robot @rashmigottipati @everettraven