test: Extend coredns clusterrole with additional resource permissions

[aditighag]

Commit didn't add permissions for endpointslices resource to the
coredns cluterrole on k8s < 1.20. As a result, core-dns deployments
failed on the these versions with the error -

2021-11-30T14:09:43.349414540Z E1130 14:09:43.349292 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.EndpointSlice: failed to list *v1beta1.EndpointSlice: endpointslices.discovery.k8s.io is forbidden: User "system:serviceaccount:kube-system:coredns" cannot list resource "endpointslices" in API group "discovery.k8s.io" at the cluster scope

Note : Hold off onto enabling the feature gate on older versions. -

cilium/test/provision/k8s_install.sh

Line 302 in 7ed8a42

CONTROLLER_FEATURE_GATES="EndpointSlice=true"

.

Fixes: 398d55c
Fixes: #18086

Signed-off-by: Aditi Ghag aditi@cilium.io

[aditighag]

test-only --focus="K8sServicesTest.*" --k8s_version=1.19 --kernel_version="49"

Edit : Passed - https://jenkins.cilium.io/job/Cilium-PR-Tests-Kernel-Focus/374/console

[aditighag]

I've triggered --focus="K8sServicesTest.*" with k8s 1.16, kernel 4.19 and k8s 1.19, kernel 4.19 manually - https://jenkins.cilium.io/view/PR/job/Cilium-PR-Tests-Kernel-Focus/380/
https://jenkins.cilium.io/view/PR/job/Cilium-PR-Tests-Kernel-Focus/381/ (Hit #18072)

[aditighag]

test-only --focus="K8sServicesTest.*" --k8s_version=1.19 --kernel_version="49"

Edit : Passed - https://jenkins.cilium.io/job/Cilium-PR-Tests-Kernel-Focus/374/console

I've triggered --focus="K8sServicesTest.*" with k8s 1.16, kernel 4.19 and k8s 1.19, kernel 4.19 manually - https://jenkins.cilium.io/view/PR/job/Cilium-PR-Tests-Kernel-Focus/380/ https://jenkins.cilium.io/view/PR/job/Cilium-PR-Tests-Kernel-Focus/381/

All focused tests have passed.

[nbusseneau]

Ah, I think the commit description might be malformed as its missing a link to the commit it fixes after Fixes:?

[aditighag]

Ah, I think the commit description might be malformed as its missing a link to the commit it fixes after Fixes:?

Fixed.

Only updated the commit description in the latest push, no need to re-run the tests.

[joestringer]

FYI for generating the "fixes:" tag for commits, typically we will use this format:

git log -1 --pretty="%h (\"%s\")"

This way, if the sha is ambiguous (eg because it's too short and the first N characters are identical between two different git commit shas, which can happen over time as the number of commits grows), then we can clearly disambiguate which underlying commit is being referenced here.

[joestringer]

^^ Given that the bug is only on master and we're not likely to track this down in future, I don't think it's necessary to fix this up in git history. Good to merge.

[aditighag]

FYI for generating the "fixes:" tag for commits, typically we will use this format:

git log -1 --pretty="%h (\"%s\")"

This way, if the sha is ambiguous (eg because it's too short and the first N characters are identical between two different git commit shas, which can happen over time as the number of commits grows), then we can clearly disambiguate which underlying commit is being referenced here.

Noted. I simply copied it from the IDE git window so it ended up copying just the first N characters.