generation test into pod_admission.go and commenting out
PodReadyToStartContainers. Conformance promotion will follow in a
separate PR once this lands green, per review feedback.
The test uses an invalid image to induce a pull error. The previous image
name 'some-image-that-doesnt-exist' causes slow DNS/registry resolution
on some environments (especially metal), leading to 30s timeouts.
Using 'localhost/some-image-that-does-not-exist' makes the pull fail
instantly since there is no registry on localhost, avoiding flaky
timeouts.
The spaces are unnecessary because Ginkgo adds spaces automatically.
This was detected before only for tests using the wrapper functions,
now it also gets detected for ginkgo methods.
A couple of tests were recently promoted to conformance
but they did not include a minimimum kubelet version,
which broke the kubeadm/kinder e2e jobs that skew the kubelet
version against the apiserver version.
This doubles the termination timeout for the eviction test from 5min to
10min. Reason for that is that the eviction manager relies on pod stats
metrics, which may not be acceessible during a period of time because of
the kubelet API unreachable. This could be reasoned in hardware or
network pressure when multiple tests run in parallel.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
there are many cases of an e2e feature being the main filtering mechanism for a test.
However, this makes it tricky for suite authors to filter tests based on available features.
This mechanism is still useful for e.g. making sure a runtime on a suite is of the correct level,
but in general we should both label tests with the Feature set they require (whether runtime is correct) as well
as the feature gates they test.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
It's possible that a conflict will happen when
attempting to create a `ClusterRole` resource
without a randomized name given that is a cluster
scoped object and another object with same name
might exist. This commit fixes this issue by ensuring
the name of the `ClusterRole` is randomized. Additionally,
it adds clean up for the clusterRole and clusterRoleBinding.
This sets the appropriate groups (system:authenticated, system:serviceaccounts,
system:serviceaccounts:<ns>) in the SAR used in WaitForAuthzUpdate to accurately
simulate the service account’s identity.