New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: Wait for POD policy revision increment in all cases. #11995
Merged
+119
−100
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Wait for each POD incrementing their policy revision also after deleting a policy, as otherwise there is a race between policy deletion and the following test traffic that expects policy deletion to have taken effect already. This fixes CI flakes following policy deletes like: 08:35:50 STEP: Deleting Egress deny all clusterwide policy 08:35:51 STEP: Testing ingress connectivity from "app2" to "app1" in "2020060908341k8spolicytestclusterwidepoliciestestclusterwidecon" namespace FAIL: Ingress connectivity should be allowed for service in 2020060908341k8spolicytestclusterwidepoliciestestclusterwidecon namespace Expected command: kubectl exec -n 2020060908341k8spolicytestclusterwidepoliciestestclusterwidecon app2-88b7f8c4b-cvg64 -- curl --path-as-is -s -D /dev/stderr --fail --connect-timeout 5 --max-time 20 http://10.110.187.138/public -w "time-> DNS: '%{time_namelookup}(%{remote_ip})', Connect: '%{time_connect}',Transfer '%{time_starttransfer}', total '%{time_total}'" To succeed, but it failed: Exitcode: 28 Stdout: time-> DNS: '0.000013()', Connect: '0.000000',Transfer '0.000000', total '5.000688' Stderr: command terminated with exit code 28 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
added
kind/bug/CI
This is a bug in the testing code.
needs-backport/1.6
release-note/ci
This PR makes changes to the CI.
labels
Jun 9, 2020
test-me-please |
jrajahalme
changed the title
test: Wait for POD policy revision increment also after policy delete
test: Wait for POD policy revision increment in all cases.
Jun 9, 2020
The following tests may have been flaking because of this:
|
jrajahalme
added
the
ci/flake
This is a known failure that occurs in the tree. Please investigate me!
label
Jun 10, 2020
tgraf
approved these changes
Jun 10, 2020
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.8
in 1.8.0
Jun 11, 2020
maintainer-s-little-helper
bot
moved this from Backport pending to v1.8
to Backport done to v1.8
in 1.8.0
Jun 12, 2020
This was referenced Jun 12, 2020
v1.6 backport seems complicated, will not do it. |
joestringer
moved this from Needs backport from master
to Backport pending to v1.7
in 1.7.7
Jul 9, 2020
We also decided not to backport to v1.7, see #12060 (comment). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
ci/flake
This is a known failure that occurs in the tree. Please investigate me!
kind/bug/CI
This is a bug in the testing code.
release-note/ci
This PR makes changes to the CI.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Wait for each POD incrementing their policy revision also after
adding a cluster-wide policy or deleting a policy, as otherwise there is a race between policy
add or deletion and the following test traffic that expects policy add or deletion
to have taken effect already.
This fixes CI flakes following policy deletes like:
08:35:50 STEP: Deleting Egress deny all clusterwide policy
08:35:51 STEP: Testing ingress connectivity from "app2" to "app1" in "2020060908341k8spolicytestclusterwidepoliciestestclusterwidecon" namespace
FAIL: Ingress connectivity should be allowed for service in 2020060908341k8spolicytestclusterwidepoliciestestclusterwidecon namespace
Expected command: kubectl exec -n 2020060908341k8spolicytestclusterwidepoliciestestclusterwidecon app2-88b7f8c4b-cvg64 -- curl --path-as-is -s -D /dev/stderr --fail --connect-timeout 5 --max-time 20 http://10.110.187.138/public -w "time-> DNS: '%{time_namelookup}(%{remote_ip})', Connect: '%{time_connect}',Transfer '%{time_starttransfer}', total '%{time_total}'"
To succeed, but it failed:
Exitcode: 28
Stdout:
time-> DNS: '0.000013()', Connect: '0.000000',Transfer '0.000000', total '5.000688'
Stderr:
command terminated with exit code 28
Note to backporters: v1.6 does not have
CiliumClusterwidePolicyAction()
so changes to it can safely be dropped.