New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test/e2e_node: add kubelet credential provider tests #108651
test/e2e_node: add kubelet credential provider tests #108651
Conversation
func getCredentials() error { | ||
provider := &provider{ | ||
client: &http.Client{ | ||
Timeout: 10 * time.Second, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a hard timeout, I mean, it can still be downloading something that it will exit, just mentioning most probably you are aware :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just taken from https://github.com/kubernetes/kubernetes/blob/master/pkg/credentialprovider/gcp/metadata.go#L65 -- but 10s seems generous though for an htttp request against a metadata endpoint to get an auth token, we're not downloading images or anything like that
} | ||
|
||
var parsedBlob TokenBlob | ||
if err := json.Unmarshal([]byte(tokenJSONBlob), &parsedBlob); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: are you not already returning a []byte?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks, fixed this
ee57539
to
fa1abe5
Compare
Testname: Test kubelet image credential provider | ||
Description: Create Pod with image from private registry, image credentials fetched from external credential provider by kubelet. | ||
*/ | ||
framework.ConformanceIt("should be able to create pod with image credentials fetched from external credential provider [NodeConformance]", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Conformance part is temporary cause I want to try to run it on pre-submit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Passed:
- https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/108651/pull-kubernetes-node-e2e-containerd/1502295879808192512/
- https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/108651/pull-kubernetes-node-e2e-containerd/1503400567169355776/
- https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/108651/pull-kubernetes-node-e2e-containerd/1503799908786769920/
5a117b5
to
7d4236c
Compare
df06191
to
30b7804
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/retest |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andrewsykim, SergeyKanzhelev The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass. This bot retests PRs for certain kubernetes repos according to the following rules:
You can:
/retest |
/retest |
/test pull-kubernetes-integration |
The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass. This bot retests PRs for certain kubernetes repos according to the following rules:
You can:
/retest |
1 similar comment
The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass. This bot retests PRs for certain kubernetes repos according to the following rules:
You can:
/retest |
Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
…vider for testing only Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
…-credential-provider Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
30b7804
to
a4b7959
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/retest |
1 similar comment
/retest |
Co-authored-by: Aditi Sharma adi.sky17@gmail.com
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR adds a node e2e test for the kubelet credential provider feature by implementing a barebones credential provider for GCP that is built alongside the node e2e artifacts.
Reasons why including a GCP-specific implementation just for testing could work:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: