Promote admission webhook e2e tests to conformance #81857
Conversation
k8s-ci-robot
added
the
release-note-none
k8s-ci-robot
added
kind/cleanup
jpbetz
force-pushed
the
admission-conformance
branch
2 times, most recently
from
626659d
to
7f5b08d
Compare
k8s-ci-robot
added
area/test
sig/architecture
|
/retest |
|
/test pull-kubernetes-e2e-aks-engine-azure-windows |
|
Thanks for the quick first pass on syntactical issues @johnbelamaric. Feedback is applied. |
|
/test pull-kubernetes-conformance-image-test |
|
/test pull-kubernetes-e2e-kind |
|
hmm 🤔 EDIT: one of these flaked once in |
jpbetz
force-pushed
the
admission-conformance
branch
from
6cdef31
to
8af7625
Compare
|
thanks @liggitt @johnbelamaric. I'm adding the [Privileged:ClusterAdmin] tag |
k8s-ci-robot
added
the
needs-rebase
roycaihw
force-pushed
the
admission-conformance
branch
from
3a989b6
to
344971c
Compare
k8s-ci-robot
removed
the
needs-rebase
roycaihw
force-pushed
the
admission-conformance
branch
from
344971c
to
4254b70
Compare
mutation results
roycaihw
force-pushed
the
admission-conformance
branch
from
4254b70
to
b9674fa
Compare
roycaihw
force-pushed
the
admission-conformance
branch
from
b9674fa
to
68bafe4
Compare
|
rebased and promoted the discovery doc test #82019, to cover all endpoints for conformance |
|
/retest |
|
Originally conformance was "make sure apps run on kube clusters the same". We limited privilege because lots of clusters won't allow those privileges. We want conformance to apply to more than just app function (to cover extension function and admin function). We really, really, really need either profiles or to drop the requirements around non-privilege in the short term. Edited for clarity |
|
/retest |
|
/lgtm Note for conformance approvers: These tests require clusterAdmin, because this functionality is inherently privileged. To mitigate this in environments where the tests cannot be run as clusterAdmin, we added a [Privileged:ClusterAdmin] tag to that they can be easily excluded. This is a new tag and I will propose an update to the docs to cover this case. |
k8s-ci-robot
added
the
lgtm
|
/assign @bgrant0607 @smarterclayton |
|
/approve This is such a fundamental part of Kube that I think we should get it in conformance, then use this as a focus to sort out profiles. You can be conformant for apps without allowing webhook registration, but you can't be conformant for extension without it. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jpbetz, smarterclayton The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/retest |
|
@jpbetz: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/area admission-control |
Test stability status: https://k8s-testgrid.appspot.com/sig-release-master-blocking#gce-cos-master-default&width=5&sort-by-flakiness=&include-filter-by-regex=.*AdmissionWebhook.*
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
Admission webhoooks graduate to GA in 1.16. Conformance tests are now required for graduation to GA.
Which issue(s) this PR fixes:
Fixes #80767
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
/area conformance
@kubernetes/sig-architecture-pr-reviews @kubernetes/sig-api-machinery-pr-reviews @kubernetes/cncf-conformance-wg
/cc @liggitt @roycaihw @sttts @caesarxuchao
/priority important-soon