This test wishes to observe a watch event. In order to do this in the
past, the test chose a well-known `Service` object, fetched it, and did
arithmetic on the returned `resourceVersion` in order to start a watch
that was guaranteed to see an event. It is not valid to parse the
`resourceVersion` as an integer or to do arithmetic on it, so in order
to make the test conformant to an appropriate use of the API it now:
- creates a namespace
- fetches the current `resourceVersion`
- creates an object
- watches from the previous `resourceVersion` that was read
This ensures that an event is seen by the watch, but uses the publically
supported API.
`ConfigMap`s are used instead of `Service`s as they do not require a
valid `spec` for creation and make the test terser.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Previously, callers of `Exists()` would not know why the cGroup was or
was not existing. In one call-site in particular, the `kubelet` would
entirely fail to start if the cGroup validation did not succeed. In
these cases we MUST explain what went wrong and pass that information
clearly to the caller. Previously, some but not all of the reasons for
invalidation were logged at a low log-level instead. This led to poor
UX.
The original method was retained on the interface so as to make this
diff small.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* kubectl debug: print container messages
This provides feedback to the user, for example that the server is
unable to pull the debug container image.
* Label debug container updates as warnings
Co-authored-by: Eddie Zaneski <eddiezane@gmail.com>
Co-authored-by: Eddie Zaneski <eddiezane@gmail.com>
at present the spec.csi.secretRef name has to be DNS1035 label
format and it should fail if we use DNSSubdomain secretRef in
the secretReference field of CSI spec. The newly added test cases
validate this behaviour in validation tests for controllerPublish,
nodePublish and nodeStage secretRef formats.
Additionally csiExpansionEnabled struct field also removed from
the validation function.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
- Also update test-cmd.sh to pass a signing ca to the kube controller
manager, so CSRs work properly in integration tests.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Upon reconsidering as to the purpose of the test i.e to test the lock
contention flags (--lock-file-contention and --lock-file), it makes
sense that we test only the actual functionality which is the kubelet
should stop once there is a lock contention.
In no way it is the responsiblity of the kubelet to restart, which would
be the responsiblity of a higher system such as systemd.
Hence the removal of the check for releasing the lock and checking for
whether the kubelet is healthy again or not seem out of scope from
kubelet's responsiblities.
Signed-off-by: Imran Pochi <imran@kinvolk.io>
