-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Netpol e2e tests to use framework CreateNamespace #111789
Update Netpol e2e tests to use framework CreateNamespace #111789
Conversation
The main purpose of this change is to update the e2e Netpol tests to use the srandard CreateNamespace function from the Framework. Before this change, a custom Namespace creation function was used, with the following consequences: * Pod security admission settings had to be enforced locally (not using the centralized mechanism) * the custom function was brittle, not waiting for default Namespace ServiceAccount creation, causing tests to fail in some infrastructures * tests were not benefiting from standard framework capabilities: Namespace name generation, automatic Namespace deletion, etc. As part of this change, we also do the following: * clearly decouple responsibilities between the Model, which defines the K8s objects to be created, and the KubeManager, which has access to runtime information (actual Namespace names after their creation by the framework, Service IPs, etc.) * simplify / clean-up tests and remove as much unneeded logic / funtions as possible for easier long-term maintenance * remove the useFixedNamespaces compile-time constant switch, which aimed at re-using existing K8s resources across test cases. The reasons: a) it is currently broken as setting it to true causes most tests to panic on the master branch, b) it is not a good idea to have some switch like this which changes the behavior of the tests and is never exercised in CI, c) it cannot possibly work as different test cases have different Model requirements (e.g., the protocols list can differ) and hence different K8s resource requirements. For kubernetes#108298 Signed-off-by: Antonin Bas <abas@vmware.com>
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Wed Aug 10 13:31:11 UTC 2022. |
@antoninbas: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi @antoninbas. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Ran the test suite manually (with Antrea as CNI provider):
|
/ok-to-test |
+1 nice one Antonin ! 🚀 |
/assign Let's try to get this early in the cycle, release is tomorrow |
I just saw this! Thanks |
B) I actually like the use fixed names paces switch for certain test hacking but there's an e2e flag that u can use that persists the names paces instead so... ok makes sense |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: antoninbas, jayunit100 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
everyone else ok with this one ? |
/lgtm |
I do see the appeal as well. It was actually one of the initial selling points for the updated netpol framework: create a set of Namespaces / Pods / Services once and run a bunch of tests with different NetworkPolicies to validate a CNI implementation. However, the ability to do that was lost over time after upstreaming the framework and making it work with the standard upstream e2e framework. Before removing the flag, I tried to run it locally and confirmed it was broken. I tried to fix it to keep the functionality, but couldn't find a good way to do it. One of the reasons is that different test cases within the test suite have different protocols requirements, and that requires test Pods to be re-created. Even if it's fixed somehow, it will probably break again within a couple of months as folks make additional changes to these files, given that this way of running tests would not be exercised in CI. When doing local development, I find that a common pattern is running an individual test case, in which case the ability to use the same K8s resources is not super useful. |
The main purpose of this change is to update the e2e Netpol tests to use
the srandard CreateNamespace function from the Framework. Before this
change, a custom Namespace creation function was used, with the
following consequences:
the centralized mechanism)
ServiceAccount creation, causing tests to fail in some infrastructures
Namespace name generation, automatic Namespace deletion, etc.
As part of this change, we also do the following:
K8s objects to be created, and the KubeManager, which has access to
runtime information (actual Namespace names after their creation by
the framework, Service IPs, etc.)
as possible for easier long-term maintenance
aimed at re-using existing K8s resources across test cases. The
reasons: a) it is currently broken as setting it to true causes most
tests to panic on the master branch, b) it is not a good idea to have
some switch like this which changes the behavior of the tests and is
never exercised in CI, c) it cannot possibly work as different test
cases have different Model requirements (e.g., the protocols list can
differ) and hence different K8s resource requirements.
For #108298
Signed-off-by: Antonin Bas abas@vmware.com
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
Which issue(s) this PR fixes:
For #108298
It only addresses the issue for Netpol tests. Some other e2e tests may still be using a custom Namespace creation function instead of the Framework one.
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: