Skip to content

chore(eks-v2): update integ tests for eks-addon and eks-cluster-removal-policy#37236

Draft
aemada-aws wants to merge 1 commit intomainfrom
fix/eks-v2-integ-addon-removal-policy
Draft

chore(eks-v2): update integ tests for eks-addon and eks-cluster-removal-policy#37236
aemada-aws wants to merge 1 commit intomainfrom
fix/eks-v2-integ-addon-removal-policy

Conversation

@aemada-aws
Copy link
Copy Markdown
Collaborator

@aemada-aws aemada-aws commented Mar 12, 2026
edited
Loading

Issue # (if applicable)

N/A

Reason for this change

Two aws-eks-v2 integration tests needed fixes to deploy successfully:

  1. integ.eks-addon: Used coredns as the addon under test, which conflicts with the default EKS-managed coredns addon installed on every cluster. This caused deployment and teardown failures, requiring expectError: true on destroy as a workaround.
  2. integ.eks-cluster-removal-policy: Used a hardcoded fake IAM ARN (arn:aws:iam::123456789012:user/test-user) for the AccessEntry principal, which fails deployment since the ARN doesn't exist. The HelmChart also lacked an explicit dependency on the ALB Controller, causing intermittent failures when the webhook wasn't ready.

Description of changes

integ.eks-addon:

  • Replace coredns addon with snapshot-controller to avoid conflict with the default EKS addon
  • Preserve preserveOnDelete: true and configurationValues (using logLevel: 3) to maintain test coverage of addon configuration
  • Remove expectError: true on destroy since snapshot-controller tears down cleanly

integ.eks-cluster-removal-policy:

  • Replace hardcoded fake IAM ARN with a real iam.Role resource for the AccessEntry principal so the stack actually deploys
  • Add explicit dependency from HelmChart to ALB Controller (helmChart.node.addDependency(albController)) to ensure the webhook is ready before chart installation
  • Clarify comments to distinguish Pod Identity vs IRSA service accounts and document the HelmChart dependency
  • Update snapshots via integ-runner

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Both tests deployed and destroyed successfully:

yarn integ \
  test/aws-eks-v2/test/integ.eks-addon.js \
  test/aws-eks-v2/test/integ.eks-cluster-removal-policy.js \
  --disable-update-workflow \
  --update-on-failed \
  --force \
  --parallel-regions us-east-1 \
  --parallel-regions us-west-2 \
  --parallel-regions eu-west-1 \
  --verbose
  SUCCESS    aws-eks-v2/test/integ.eks-addon-EksClusterwithAddon/DefaultTest 2614.378s
  SUCCESS    aws-eks-v2/test/integ.eks-cluster-removal-policy-eks-cluster-removal-policy-integ/DefaultTest 2638.313s

Tests:    2 passed, 2 total

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aemada-aws
fix(eks-v2): update integ tests for eks-addon and eks-cluster-removal…
c201b8d 
…-policy

- integ.eks-addon: replace coredns with snapshot-controller to avoid
  conflict with default EKS addon, add configurationValues (logLevel: 3),
  remove expectError on destroy
- integ.eks-cluster-removal-policy: update snapshots
@aws-cdk-automation aws-cdk-automation requested a review from a team March 12, 2026 11:55
@github-actions github-actions bot added the p2 label Mar 12, 2026
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Mar 12, 2026
@aemada-aws aemada-aws changed the title fix(eks-v2): update integ tests for eks-addon and eks-cluster-removal-policy chore(eks-v2): update integ tests for eks-addon and eks-cluster-removal-policy Mar 12, 2026
@aemada-aws aemada-aws marked this pull request as ready for review March 12, 2026 12:02
@aemada-aws aemada-aws added the pr/needs-integration-tests-deployment Requires the PR to deploy the integration test snapshots. label Mar 12, 2026
@aemada-aws aemada-aws had a problem deploying to deployment-integ-test March 12, 2026 12:03 — with GitHub Actions Error
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 12, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results48 ran48 passed
TestResult
No test annotations available

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 12, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results with resolved templates48 ran48 passed
TestResult
No test annotations available

@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Mar 12, 2026
@aemada-aws aemada-aws marked this pull request as draft March 16, 2026 10:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. p2 pr/needs-integration-tests-deployment Requires the PR to deploy the integration test snapshots. pr/needs-maintainer-review This PR needs a review from a Core Team Member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aemada-aws @aws-cdk-automation