From 7c0de8703cae2204bcd9f96a6838e83db484be38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 5 Jul 2023 19:50:32 +0200
Subject: [PATCH] gha: k8s: Ensure tests are running on a specific namespace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's make sure we run our tests in a specific namespace, as in case of
any kind of issue, we will just get rid of the namespace itself, which
will take care of cleaning up any leftover from failing tests.

One important thing to mention is why we can get rid of the `namespace:
${namespace}` on the tests that are already using it, and let's do it in
parts:
* namespace: default
  We can easily get rid of this as that's the default namespace where
  pods are created, so it was a no-op so far.
* namespace: test-quota-ns
  My understanding is that we'd need this in order to get a clean
  namespace where we'd be setting a quota for.  Doing this in the
  namespace that's only used for tests should **not** cause any
  side-effect on the tests, as we're running those in serial and there's
  no other pods running on the `kata-containers-k8s-tests` namespace

Last but not least, we're not dynamically creating namespaces as the
tests are not running in parallel, **never**, not in the case of having
2 tests being ran at same time, neither in the case of having 2 jobs
being scheduled to the same machine.

Fixes: #6864

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tests/integration/gha-run.sh                       | 14 ++++++++++++++
 tests/integration/kubernetes/k8s-pod-quota.bats    |  6 ++----
 .../runtimeclass_workloads/pod-custom-dns.yaml     |  1 -
 .../kubernetes/runtimeclass_workloads/pod-oom.yaml |  1 -
 .../pod-quota-deployment.yaml                      |  1 -
 .../runtimeclass_workloads/resource-quota.yaml     |  1 -
 .../runtimeclass_workloads/tests-namespace.yaml    |  4 ++++
 7 files changed, 20 insertions(+), 8 deletions(-)
 create mode 100644 tests/integration/kubernetes/runtimeclass_workloads/tests-namespace.yaml

diff --git a/tests/integration/gha-run.sh b/tests/integration/gha-run.sh
index 103ce2cda7..11499283fc 100755
--- a/tests/integration/gha-run.sh
+++ b/tests/integration/gha-run.sh
@@ -58,6 +58,12 @@ function get_cluster_credentials() {
 function run_tests() {
     platform="${1}"
 
+    # Emsure we're in the default namespace
+    kubectl config set-context --current --namespace=default
+
+    # Delete any spurious tests namespace that was left behind
+    kubectl delete namespace kata-containers-k8s-tests &> /dev/null || true
+
     sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
     cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
     cat "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" | grep "${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}" || die "Failed to setup the tests image"
@@ -80,6 +86,10 @@ function run_tests() {
         sleep 60s
     fi
 
+    # Create a new namespace for the tests and switch to it
+    kubectl apply -f ${integration_dir}/kubernetes/runtimeclass_workloads/tests-namespace.yaml
+    kubectl config set-context --current --namespace=kata-containers-k8s-tests
+
     pushd "${integration_dir}/kubernetes"
     bash setup.sh
     bash run_kubernetes_tests.sh
@@ -89,6 +99,10 @@ function run_tests() {
 function cleanup() {
     platform="${1}"
 
+    # Switch back to the default namespace and delete the tests one
+    kubectl config set-context --current --namespace=default
+    kubectl delete namespace kata-containers-k8s-tests
+
     if [ "${platform}" = "tdx" ]; then
         deploy_spec="-k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/k3s""
         cleanup_spec="-k "${tools_dir}/packaging/kata-deploy/kata-cleanup/overlays/k3s""
diff --git a/tests/integration/kubernetes/k8s-pod-quota.bats b/tests/integration/kubernetes/k8s-pod-quota.bats
index addc37bb32..d9a5277251 100644
--- a/tests/integration/kubernetes/k8s-pod-quota.bats
+++ b/tests/integration/kubernetes/k8s-pod-quota.bats
@@ -14,13 +14,12 @@ setup() {
 @test "Pod quota" {
 	resource_name="pod-quota"
 	deployment_name="deploymenttest"
-	namespace="test-quota-ns"
 
 	# Create the resourcequota
 	kubectl create -f "${pod_config_dir}/resource-quota.yaml"
 
 	# View information about resourcequota
-	kubectl get -n "$namespace" resourcequota "$resource_name" \
+	kubectl get resourcequota "$resource_name" \
 		--output=yaml | grep 'pods: "2"'
 
 	# Create deployment
@@ -28,10 +27,9 @@ setup() {
 
 	# View deployment
 	kubectl wait --for=condition=Available --timeout=$timeout \
-		-n "$namespace" deployment/${deployment_name}
+		deployment/${deployment_name}
 }
 
 teardown() {
-	kubectl delete -n "$namespace" deployment "$deployment_name"
 	kubectl delete -f "${pod_config_dir}/resource-quota.yaml"
 }
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/pod-custom-dns.yaml b/tests/integration/kubernetes/runtimeclass_workloads/pod-custom-dns.yaml
index 680577a5f5..6341b0b1f3 100644
--- a/tests/integration/kubernetes/runtimeclass_workloads/pod-custom-dns.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/pod-custom-dns.yaml
@@ -6,7 +6,6 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  namespace: default
   name: custom-dns-test
 spec:
   terminationGracePeriodSeconds: 0
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/pod-oom.yaml b/tests/integration/kubernetes/runtimeclass_workloads/pod-oom.yaml
index 672c54e681..90fc28667e 100644
--- a/tests/integration/kubernetes/runtimeclass_workloads/pod-oom.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/pod-oom.yaml
@@ -8,7 +8,6 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: pod-oom
-  namespace: default
 spec:
   runtimeClassName: kata
   restartPolicy: Never
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/pod-quota-deployment.yaml b/tests/integration/kubernetes/runtimeclass_workloads/pod-quota-deployment.yaml
index ecdaf5e640..9383349d73 100644
--- a/tests/integration/kubernetes/runtimeclass_workloads/pod-quota-deployment.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/pod-quota-deployment.yaml
@@ -7,7 +7,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: deploymenttest
-  namespace: test-quota-ns
 spec:
   selector:
     matchLabels:
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/resource-quota.yaml b/tests/integration/kubernetes/runtimeclass_workloads/resource-quota.yaml
index a8d84d9ad4..8ae0a19983 100644
--- a/tests/integration/kubernetes/runtimeclass_workloads/resource-quota.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/resource-quota.yaml
@@ -14,7 +14,6 @@ items:
   kind: ResourceQuota
   metadata:
     name: pod-quota
-    namespace: test-quota-ns
   spec:
     hard:
       pods: "2"
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/tests-namespace.yaml b/tests/integration/kubernetes/runtimeclass_workloads/tests-namespace.yaml
new file mode 100644
index 0000000000..916003d131
--- /dev/null
+++ b/tests/integration/kubernetes/runtimeclass_workloads/tests-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kata-containers-k8s-tests