New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-4.13] OCPBUGS-22402: test/e2e: Don't use openshift/origin-node #991
[release-4.13] OCPBUGS-22402: test/e2e: Don't use openshift/origin-node #991
Conversation
Use the "openshift/tools" image from the cluster image registry instead of using the "openshift/origin-node" image pullspec in E2E tests. Before this commit, the E2E tests were inadvertently pulling the "openshift/origin-node" image from Docker Hub and getting rate-limited. The choice to use "openshift/tools" is based on a similar change here: openshift/origin@4cbb844 Follow-up to commit 167bcc2 and commit a635566. This commit fixes OCPBUGS-17359. https://issues.redhat.com/browse/OCPBUGS-17359 * test/e2e/util_test.go (buildEchoPod, buildSlowHTTPDPod): Replace the "openshift/origin-node" image pullspec with "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest".
* test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Dump events in case of test failure, using the new dumpEventsInNamespace helper. * test/e2e/util_test.go (dumpEventsInNamespace): New helper function to log all events in a namespace.
When creating a new namespace for the TestHstsPolicyWorks test, wait for the "default" ServiceAccount and the "system:image-pullers" RoleBinding to be provisioned in the newly created namespace before proceeding with the test. Make a similar change for the TestMTLSWithCRLsCerts test. Before this commit, TestHstsPolicyWorks sometimes failed because it tried to create a pod before the ServiceAccount had been provisioned and granted access to pull images. As a result, the test would randomly fail with the following error: Failed to pull image "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest": rpc error: code = Unknown desc = reading manifest This change should prevent such failures. Because TestMTLSWithCRLsCerts also creates a namespace and then creates pods in this namespace, this commit makes the same change to this test as well. Some other tests create namespaces but do not create pods in those namespaces; those tests do not necessarily need to wait for the ServiceAccount and RoleBinding. Inspired by openshift/origin@877c652. * test/e2e/client_tls_test.go (TestMTLSWithCRLs): * test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Use the new createNamespace helper. * test/e2e/util_test.go (createNamespace): New helper function. Create a namespace with the specified name, register a cleanup handler to delete the namespace when the test finishes, wait for the "default" ServiceAccount and "system:image-pullers" RoleBinding to be created, and return the namespace.
@Miciah: This pull request references Jira Issue OCPBUGS-22402, which is valid. The bug has been moved to the POST state. 6 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
'Create the release image "latest" containing all images built by this job' failed. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: candita The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/label backport-risk-assessed |
@Miciah: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/label cherry-pick-approved |
@Miciah: Jira Issue OCPBUGS-22402: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-22402 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Fix included in accepted release 4.13.0-0.nightly-2023-10-26-052727 |
test/e2e
: Don't use "openshift/origin-node" imageUse the "openshift/tools" image from the cluster image registry instead of using the "openshift/origin-node" image pullspec in E2E tests.
Before this change, the E2E tests were inadvertently pulling the "openshift/origin-node" image from Docker Hub and getting rate-limited.
The choice to use "openshift/tools" is based on a similar change here: openshift/origin@4cbb844
Follow-up to #410 and #451.
test/e2e/util_test.go
(buildEchoPod
,buildSlowHTTPDPod
): Replace the "openshift/origin-node" image pullspec with "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest".TestHstsPolicyWorks
: Dump events if test failstest/e2e/hsts_policy_test.go
(TestHstsPolicyWorks
): Dump events in case of test failure, using the newdumpEventsInNamespace
helper.test/e2e/util_test.go
(dumpEventsInNamespace
): New helper function to log all events in a namespace.TestHstsPolicyWorks
: Wait for namespace to be provisionedWhen creating a new namespace for the
TestHstsPolicyWorks
test, wait for the "default" ServiceAccount and the "system:image-pullers" RoleBinding to be provisioned in the newly created namespace before proceeding with the test. Make a similar change for theTestMTLSWithCRLsCerts
test.Before this change,
TestHstsPolicyWorks
sometimes failed because it tried to create a pod before the ServiceAccount had been provisioned and granted access to pull images. As a result, the test would randomly fail with the following error:This change should prevent such failures.
Because
TestMTLSWithCRLsCerts
also creates a namespace and then creates pods in this namespace, this PR makes the same change to this test as well. Some other tests create namespaces but do not create pods in thosenamespaces; those tests do not necessarily need to wait for the ServiceAccount and RoleBinding.
Inspired by openshift/origin@877c652.
test/e2e/client_tls_test.go
(TestMTLSWithCRLs
):test/e2e/hsts_policy_test.go
(TestHstsPolicyWorks
): Use the newcreateNamespace
helper.test/e2e/util_test.go
(createNamespace
): New helper function. Create a namespace with the specified name, register a cleanup handler to delete the namespace when the test finishes, wait for the "default" ServiceAccount and "system:image-pullers" RoleBinding to be created, and return the namespace.This is manual cherry-pick of #970. #965 added the
getRouteHost
function totest/e2e/util_test.go
, which caused a conflict that needed manual resolution for this backport.