New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

`nettest` web server crashes in `PreStop` conformance test when default service account is disabled #56897

Closed
jlhawn opened this Issue Dec 6, 2017 · 8 comments

Comments

Projects
None yet
6 participants
@jlhawn

jlhawn commented Dec 6, 2017

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

What happened:

I get a failure in the PreStop conformance test:

[Fail] [k8s.io] PreStop [It] should call prestop when killing a pod [Conformance]

What you expected to happen:

I expect it to pass.

How to reproduce it (as minimally and precisely as possible):

Run this conformance test against a cluster which does not enable the default ServiceAccount admission controller plugin.

Anything else we need to know?:

The nettest web server relies on service account credentials to be able to contactOthers, i.e., discover peer endpoints within the same namespace. This is an operation that is completely unrelated to the thing that the PreStop test is checking for. The nettest web server should not need to access the api server for this test to pass. The PreStop test should either use a different web server container image or supply an option to disable this contactOthers feature of the nettest web server.

The kube-apiserver returns a 403 Forbidden response when the nettest pod tried to check the server version: https://github.com/kubernetes/kubernetes/blob/master/test/images/nettest/nettest.go#L246 This crashes the web server, causing the PreStop test to ultimately timeout.

@kubernetes/sig-testing
@kubernetes/sig-testing-misc
@kubernetes/sig-testing-bugs
@kubernetes/sig-testing-test-failures

Environment:

  • Kubernetes version (use kubectl version): 1.8
@jlhawn

This comment has been minimized.

Show comment
Hide comment
@jlhawn

jlhawn Dec 6, 2017

Maybe @k8s-merge-robot doesn't read edited issue descriptions?

@kubernetes/sig-testing-bugs
@kubernetes/sig-testing-test-failures

jlhawn commented Dec 6, 2017

Maybe @k8s-merge-robot doesn't read edited issue descriptions?

@kubernetes/sig-testing-bugs
@kubernetes/sig-testing-test-failures

@k8s-ci-robot

This comment has been minimized.

Show comment
Hide comment
@k8s-ci-robot

k8s-ci-robot Dec 6, 2017

Contributor

@jlhawn: Reiterating the mentions to trigger a notification:
@kubernetes/sig-testing-bugs, @kubernetes/sig-testing-test-failures

In response to this:

Maybe @k8s-merge-robot doesn't read edited issue descriptions?

@kubernetes/sig-testing-bugs
@kubernetes/sig-testing-test-failures

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Contributor

k8s-ci-robot commented Dec 6, 2017

@jlhawn: Reiterating the mentions to trigger a notification:
@kubernetes/sig-testing-bugs, @kubernetes/sig-testing-test-failures

In response to this:

Maybe @k8s-merge-robot doesn't read edited issue descriptions?

@kubernetes/sig-testing-bugs
@kubernetes/sig-testing-test-failures

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@cjwagner

This comment has been minimized.

Show comment
Hide comment
@cjwagner

cjwagner Dec 6, 2017

Member

Most bot commands do not detect commands that were added as a result of an edit. This is to avoid re-executing a command if a different part of the comment or issue is edited.

Member

cjwagner commented Dec 6, 2017

Most bot commands do not detect commands that were added as a result of an edit. This is to avoid re-executing a command if a different part of the comment or issue is edited.

@spiffxp

This comment has been minimized.

Show comment
Hide comment
@spiffxp

spiffxp Jan 2, 2018

Member

/remove-sig testing
/sig node
this is a test owned by sig-node

/sig architecture
this is a conformance test that's maybe making an unfair assumption

Member

spiffxp commented Jan 2, 2018

/remove-sig testing
/sig node
this is a test owned by sig-node

/sig architecture
this is a conformance test that's maybe making an unfair assumption

@spiffxp

This comment has been minimized.

Show comment
Hide comment
@spiffxp

spiffxp Jan 3, 2018

Member

/area test

Member

spiffxp commented Jan 3, 2018

/area test

@fejta-bot

This comment has been minimized.

Show comment
Hide comment
@fejta-bot

fejta-bot Apr 3, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

fejta-bot commented Apr 3, 2018

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@fejta-bot

This comment has been minimized.

Show comment
Hide comment
@fejta-bot

fejta-bot May 3, 2018

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

fejta-bot commented May 3, 2018

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

@fejta-bot

This comment has been minimized.

Show comment
Hide comment
@fejta-bot

fejta-bot Jun 2, 2018

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

fejta-bot commented Jun 2, 2018

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment