From baa1e4912e5bca31d1bb4d02dc4486fdceef16eb Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Thu, 20 Aug 2020 22:12:45 -0700 Subject: [PATCH 1/5] Fix update-kube-vendor.sh script The previous shortcut in updating staging repos breaks when the local repo contains tags that are not present in openshift/kubernetes. --- hack/update-kube-vendor.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/hack/update-kube-vendor.sh b/hack/update-kube-vendor.sh index cfad632c3146..472605348faa 100755 --- a/hack/update-kube-vendor.sh +++ b/hack/update-kube-vendor.sh @@ -23,17 +23,11 @@ echo "Updating vendoring for ${UPSTREAM_REPO}" go mod edit -replace "${UPSTREAM_REPO}=${REPO_REPLACEMENT}@${SHA}" go mod tidy -VERSION="$(grep 'k8s.io/kubernetes =>' go.mod | awk '{print $4}')" -echo "Using version ${VERSION}" - echo "Updating vendoring for the staging repos of ${UPSTREAM_REPO}" TARGET_DEPS="$( grep 'staging/src/k8s.io' go.mod | awk '{print $1}' )" for TARGET_DEP in ${TARGET_DEPS}; do - # The version discovered for k8s.io/kubernetes will be the same for - # all the staging repos. Using sed to apply that version to the - # staging repos is much faster than running `go mod edit -replace && - # go mod tidy` for each repo. - sed -i -e 's+\(\s'"${TARGET_DEP}"' => \).*+\1'"${REPO_REPLACEMENT}/staging/src/${TARGET_DEP} ${VERSION}"'+' go.mod + go mod edit -replace "${TARGET_DEP}=${REPO_REPLACEMENT}/staging/src/${TARGET_DEP}@${SHA}" + go mod tidy done go mod tidy From 482ad9b92260338d18d168a4ab3eb95795f97224 Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Wed, 5 Aug 2020 22:09:52 -0700 Subject: [PATCH 2/5] Revise test annotation to reuse rules+code from openshift/kubernetes The test annotation code and rules in this repo have been updated to rely on code and rules vendored from openshift/kubernetes. The rules defined in this repo are intended to apply to openshift-only tests and platforms, since rules about kube e2e are inherited from openshift/kubernetes. Responsibility for maintaining the test annotation code and kube e2e rules was moved to openshift/kubernetes to allow for an openshift-compatible kube e2e job to gate openshift/kubernetes PRs. Such a job can ensure that a PR that includes test changes will be validated against those changes in advance of their incorporation into an openshift-tests binary built from origin. --- test/extended/include.go | 18 +- test/extended/util/annotate/annotate.go | 268 +++------------------- test/extended/util/annotate/rules.go | 206 ++--------------- test/extended/util/annotate/rules_test.go | 94 -------- 4 files changed, 52 insertions(+), 534 deletions(-) delete mode 100644 test/extended/util/annotate/rules_test.go diff --git a/test/extended/include.go b/test/extended/include.go index 661abf7ed9c0..24d635a8ef04 100644 --- a/test/extended/include.go +++ b/test/extended/include.go @@ -3,22 +3,8 @@ package extended //go:generate go run -mod vendor ./util/annotate -- ./util/annotate/generated/zz_generated.annotations.go import ( - _ "k8s.io/kubernetes/test/e2e" - - // test sources - _ "k8s.io/kubernetes/test/e2e/apimachinery" - _ "k8s.io/kubernetes/test/e2e/apps" - _ "k8s.io/kubernetes/test/e2e/auth" - _ "k8s.io/kubernetes/test/e2e/autoscaling" - _ "k8s.io/kubernetes/test/e2e/common" - _ "k8s.io/kubernetes/test/e2e/instrumentation" - _ "k8s.io/kubernetes/test/e2e/kubectl" - - _ "k8s.io/kubernetes/test/e2e/network" - _ "k8s.io/kubernetes/test/e2e/node" - _ "k8s.io/kubernetes/test/e2e/scheduling" - _ "k8s.io/kubernetes/test/e2e/servicecatalog" - _ "k8s.io/kubernetes/test/e2e/storage" + // openshift/kubernetes defines the set of kube tests that should be included + _ "k8s.io/kubernetes/openshift-hack/e2e" _ "github.com/openshift/origin/test/extended/apiserver" _ "github.com/openshift/origin/test/extended/authentication" diff --git a/test/extended/util/annotate/annotate.go b/test/extended/util/annotate/annotate.go index 854b56f6a01e..ab002b730ec2 100644 --- a/test/extended/util/annotate/annotate.go +++ b/test/extended/util/annotate/annotate.go @@ -2,256 +2,46 @@ package main import ( "fmt" - "io/ioutil" - "os" - "os/exec" - "regexp" - "sort" - "strings" - "github.com/onsi/ginkgo" - "github.com/onsi/ginkgo/types" -) - -var reHasSig = regexp.MustCompile(`\[sig-[\w-]+\]`) - -func main() { - if len(os.Args) != 2 && len(os.Args) != 3 { - fmt.Fprintf(os.Stderr, "error: requires exactly one argument\n") - os.Exit(1) - } - filename := os.Args[len(os.Args)-1] - - generator := newGenerator() - ginkgo.WalkTests(generator.generateRename) - - renamer := newRenamerFromGenerated(generator.output) - ginkgo.WalkTests(renamer.updateNodeText) - if len(renamer.missing) > 0 { - var names []string - for name := range renamer.missing { - names = append(names, name) - } - sort.Strings(names) - fmt.Fprintf(os.Stderr, "failed:\n%s\n", strings.Join(names, "\n")) - os.Exit(1) - } - - // All tests must be associated with a sig (either upstream), or downstream - // If you get this error, you should add the [sig-X] tag to your test (if its - // in origin) or if it is upstream add a new rule to rules.go that assigns - // the test in question to the right sig. - // - // Upstream sigs map to teams (if you have representation on that sig, you - // own those tests in origin) - // Downstream sigs: sig-imageregistry, sig-builds, sig-devex - var errors []string - for from, to := range generator.output { - if !reHasSig.MatchString(from) && !reHasSig.MatchString(to) { - errors = append(errors, fmt.Sprintf("all tests must define a [sig-XXXX] tag or have a rule %q", from)) - } - } - if len(errors) > 0 { - sort.Strings(errors) - for _, s := range errors { - fmt.Fprintf(os.Stderr, "failed: %s\n", s) - } - os.Exit(1) - } - - var pairs []string - for from, to := range generator.output { - pairs = append(pairs, fmt.Sprintf("%q:\n%q,", from, to)) - } - sort.Strings(pairs) - contents := fmt.Sprintf(` -package generated + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/kubernetes/openshift-hack/e2e/annotate" -import ( - "fmt" - "github.com/onsi/ginkgo" - "github.com/onsi/ginkgo/types" + _ "github.com/openshift/origin/test/extended" ) -var annotations = map[string]string{ -%s -} - -func init() { - ginkgo.WalkTests(func(name, parentName string, node types.TestNode) { - combined := name - if len(parentName) > 0 { - combined = parentName + " " + combined - } - if updated, ok := annotations[combined]; ok { - node.SetText(updated) - } else { - panic(fmt.Sprintf("unable to find test %%s", combined)) - } - }) -} -`, strings.Join(pairs, "\n\n")) - if err := ioutil.WriteFile(filename, []byte(contents), 0644); err != nil { - fmt.Fprintf(os.Stderr, "error: %v", err) - os.Exit(1) - } - if _, err := exec.Command("gofmt", "-s", "-w", filename).Output(); err != nil { - fmt.Fprintf(os.Stderr, "error: %v", err) - os.Exit(1) - } -} - -func newGenerator() *ginkgoTestRenamer { - var allLabels []string - matches := make(map[string]*regexp.Regexp) - stringMatches := make(map[string][]string) - excludes := make(map[string]*regexp.Regexp) - - for label, items := range testMaps { - sort.Strings(items) - allLabels = append(allLabels, label) - var remain []string - for _, item := range items { - re := regexp.MustCompile(item) - if p, ok := re.LiteralPrefix(); ok { - stringMatches[label] = append(stringMatches[label], p) - } else { - remain = append(remain, item) +// mergeMaps updates an existing map of string slices with the +// contents of a new map. Duplicate keys are allowed but duplicate +// values are not to ensure matches are defined in this repo or +// openshift/kubernetes but not both. +func mergeMaps(existingMap, newMap map[string][]string) error { + for key, newValues := range newMap { + if _, ok := existingMap[key]; !ok { + existingMap[key] = []string{} + } + existingValues := sets.NewString(existingMap[key]...) + for _, value := range newValues { + if existingValues.Has(value) { + return fmt.Errorf("value %s for key %s is already present", value, key) } + existingMap[key] = append(existingMap[key], value) } - if len(remain) > 0 { - matches[label] = regexp.MustCompile(strings.Join(remain, `|`)) - } - } - for label, items := range labelExcludes { - sort.Strings(items) - excludes[label] = regexp.MustCompile(strings.Join(items, `|`)) } - sort.Strings(allLabels) - - excludedTestsFilter := regexp.MustCompile(strings.Join(excludedTests, `|`)) - - return &ginkgoTestRenamer{ - allLabels: allLabels, - stringMatches: stringMatches, - matches: matches, - excludes: excludes, - excludedTestsFilter: excludedTestsFilter, - - output: make(map[string]string), - } -} - -func newRenamerFromGenerated(names map[string]string) *ginkgoTestRenamer { - return &ginkgoTestRenamer{ - output: names, - missing: make(map[string]struct{}), - } -} - -type ginkgoTestRenamer struct { - allLabels []string - stringMatches map[string][]string - matches map[string]*regexp.Regexp - excludes map[string]*regexp.Regexp - excludedTestsFilter *regexp.Regexp - - output map[string]string - missing map[string]struct{} + return nil } -func (r *ginkgoTestRenamer) updateNodeText(name, parentName string, node types.TestNode) { - if updated, ok := r.output[combineNames(parentName, name)]; ok { - node.SetText(updated) - } else { - r.missing[combineNames(parentName, name)] = struct{}{} - } -} - -func (r *ginkgoTestRenamer) generateRename(name, parentName string, node types.TestNode) { - originalName := name - combinedName := combineNames(parentName, name) - - labels := "" - for { - count := 0 - for _, label := range r.allLabels { - // never apply a sig label twice - if strings.HasPrefix(label, "[sig-") && strings.Contains(combinedName, "[sig-") { - continue - } - if strings.Contains(combinedName, label) { - continue - } - - var hasLabel bool - for _, segment := range r.stringMatches[label] { - hasLabel = strings.Contains(combinedName, segment) - if hasLabel { - break - } - } - if !hasLabel { - if re := r.matches[label]; re != nil { - hasLabel = r.matches[label].MatchString(combinedName) - } - } - - if hasLabel { - // TODO: remove when we no longer need it - if re, ok := r.excludes[label]; ok && re.MatchString(combinedName) { - continue - } - count++ - labels += " " + label - combinedName += " " + label - name += " " + label - } - } - if count == 0 { - break - } - } - - if !r.excludedTestsFilter.MatchString(combinedName) { - isSerial := strings.Contains(combinedName, "[Serial]") - isConformance := strings.Contains(combinedName, "[Conformance]") - switch { - case isSerial && isConformance: - name += " [Suite:openshift/conformance/serial/minimal]" - case isSerial: - name += " [Suite:openshift/conformance/serial]" - case isConformance: - name += " [Suite:openshift/conformance/parallel/minimal]" - default: - name += " [Suite:openshift/conformance/parallel]" - } - } - if isGoModulePath(node.CodeLocation().FileName, "github.com/openshift/origin", "test") && !strings.Contains(name, "[Suite:openshift") { - name += " [Suite:openshift]" +func init() { + // Merge the local rules with the rules for the kube e2e tests + // inherited from openshift/kubernetes. + err := mergeMaps(annotate.TestMaps, testMaps) + if err != nil { + panic(fmt.Sprintf("Error updating annotate.TestMaps: %v", err)) } - if isGoModulePath(node.CodeLocation().FileName, "k8s.io/kubernetes", "test/e2e") { - name += " [Suite:k8s]" + err = mergeMaps(annotate.LabelExcludes, labelExcludes) + if err != nil { + panic(fmt.Sprintf("Error updating annotate.LabelExcludes: %v", err)) } - - r.output[combineNames(parentName, originalName)] = name } -// isGoModulePath returns true if the packagePath reported by reflection is within a -// module and given module path. When go mod is in use, module and modulePath are not -// contiguous as they were in older golang versions with vendoring, so naive contains -// tests fail. -// -// historically: ".../vendor/k8s.io/kubernetes/test/e2e" -// go.mod: "k8s.io/kubernetes@0.18.4/test/e2e" -// -func isGoModulePath(packagePath, module, modulePath string) bool { - return regexp.MustCompile(fmt.Sprintf(`\b%s(@[^/]*|)/%s\b`, regexp.QuoteMeta(module), regexp.QuoteMeta(modulePath))).MatchString(packagePath) -} - -func combineNames(parentName, name string) string { - if len(parentName) == 0 { - return name - } - return parentName + " " + name +func main() { + annotate.Run() } diff --git a/test/extended/util/annotate/rules.go b/test/extended/util/annotate/rules.go index fcd59e1b7017..65cf6c5d1b6c 100644 --- a/test/extended/util/annotate/rules.go +++ b/test/extended/util/annotate/rules.go @@ -1,9 +1,16 @@ package main -import ( - // ensure all the ginkgo tests are loaded - _ "github.com/openshift/origin/test/extended" -) +// NOTE: Only annotation rules targeting tests implemented in origin +// should be added to this file. +// +// Rules defined here are additive to the rules already defined for +// kube e2e tests in openshift/kubernetes. The kube rules are +// vendored via the following file: +// +// vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/rules.go +// +// Changes to rules for kube e2e tests should be proposed to +// openshift/kubernetes and vendored back into origin. var ( testMaps = map[string][]string{ @@ -13,180 +20,40 @@ var ( `\[Feature:ImagePrune\]`, }, // alpha features that are not gated - "[Disabled:Alpha]": { - // ALPHA features in 1.19, disabled by default. - // !!! Review their status as part of the 1.20 rebase. - `\[Feature:CSIStorageCapacity\]`, - `\[Feature:IPv6DualStack.*\]`, - `\[Feature:ServiceAccountIssuerDiscovery\]`, - `\[Feature:SetHostnameAsFQDN\]`, - `\[Feature:TTLAfterFinished\]`, - - // BETA features in 1.19, enabled by default - // Their enablement is tracked via bz's targeted at 4.6. - `\[Feature:SCTPConnectivity\]`, // https://bugzilla.redhat.com/show_bug.cgi?id=1861606 - }, + "[Disabled:Alpha]": {}, // tests for features that are not implemented in openshift - "[Disabled:Unimplemented]": { - `\[Feature:Networking-IPv6\]`, // openshift-sdn doesn't support yet - `Monitoring`, // Not installed, should be - `Cluster level logging`, // Not installed yet - `Kibana`, // Not installed - `Ubernetes`, // Can't set zone labels today - `kube-ui`, // Not installed by default - `Kubernetes Dashboard`, // Not installed by default (also probably slow image pull) - - `NetworkPolicy.*egress`, // not supported - `NetworkPolicy.*named port`, // not yet implemented - `enforce egress policy`, // not support - `should proxy to cadvisor`, // we don't expose cAdvisor port directly for security reasons - - `NetworkPolicy.*IPBlock`, // not supported - `NetworkPolicy.*Egress`, // not supported - `NetworkPolicy.*default-deny-all`, // not supported - }, + "[Disabled:Unimplemented]": {}, + // tests that rely on special configuration that we do not yet support + "[Disabled:SpecialConfig]": {}, // tests that rely on special configuration that we do not yet support - "[Disabled:SpecialConfig]": { - // GPU node needs to be available - `\[Feature:GPUDevicePlugin\]`, - `\[sig-scheduling\] GPUDevicePluginAcrossRecreate \[Feature:Recreate\]`, - - `\[Feature:ImageQuota\]`, // Quota isn't turned on by default, we should do that and then reenable these tests - `\[Feature:Audit\]`, // Needs special configuration - `\[Feature:LocalStorageCapacityIsolation\]`, // relies on a separate daemonset? - `\[sig-cloud-provider-gcp\]`, // these test require a different configuration - note that GCE tests from the sig-cluster-lifecycle were moved to the sig-cloud-provider-gcpcluster lifecycle see https://github.com/kubernetes/kubernetes/commit/0b3d50b6dccdc4bbd0b3e411c648b092477d79ac#diff-3b1910d08fb8fd8b32956b5e264f87cb - - `kube-dns-autoscaler`, // Don't run kube-dns - `should check if Kubernetes master services is included in cluster-info`, // Don't run kube-dns - `DNS configMap`, // this tests dns federation configuration via configmap, which we don't support yet - - `NodeProblemDetector`, // requires a non-master node to run on - `Advanced Audit should audit API calls`, // expects to be able to call /logs - - `Firewall rule should have correct firewall rules for e2e cluster`, // Upstream-install specific - }, // tests that are known broken and need to be fixed upstream or in openshift // always add an issue here "[Disabled:Broken]": { - `mount an API token into pods`, // We add 6 secrets, not 1 - `ServiceAccounts should ensure a single API token exists`, // We create lots of secrets - `unchanging, static URL paths for kubernetes api services`, // the test needs to exclude URLs that are not part of conformance (/logs) - `Services should be able to up and down services`, // we don't have wget installed on nodes - `Network should set TCP CLOSE_WAIT timeout`, // possibly some difference between ubuntu and fedora - `\[NodeFeature:Sysctls\]`, // needs SCC support - `should check kube-proxy urls`, // previously this test was skipped b/c we reported -1 as the number of nodes, now we report proper number and test fails - `SSH`, // TRIAGE - `should implement service.kubernetes.io/service-proxy-name`, // this is an optional test that requires SSH. sig-network `should idle the service and DeploymentConfig properly`, // idling with a single service and DeploymentConfig `should answer endpoint and wildcard queries for the cluster`, // currently not supported by dns operator https://github.com/openshift/cluster-dns-operator/issues/43 - `should allow ingress access on one named port`, // https://bugzilla.redhat.com/show_bug.cgi?id=1711602 - `recreate nodes and ensure they function upon restart`, // https://bugzilla.redhat.com/show_bug.cgi?id=1756428 - `\[Driver: iscsi\]`, // https://bugzilla.redhat.com/show_bug.cgi?id=1711627 - - "RuntimeClass should reject", - - `Services should implement service.kubernetes.io/headless`, // requires SSH access to function, needs to be refactored - `ClusterDns \[Feature:Example\] should create pod that uses dns`, // doesn't use bindata, not part of kube test binary - `Simple pod should handle in-cluster config`, // kubectl cp doesn't work or is not preserving executable bit, we have this test already - - // TODO(node): configure the cri handler for the runtime class to make this work - "should run a Pod requesting a RuntimeClass with a configured handler", - "should reject a Pod requesting a RuntimeClass with conflicting node selector", - "should run a Pod requesting a RuntimeClass with scheduling", - - // A fix is in progress: https://github.com/openshift/origin/pull/24709 - `Multi-AZ Clusters should spread the pods of a replication controller across zones`, - - // Disabled as per networking team. Follow-up tracked via https://bugzilla.redhat.com/show_bug.cgi?id=1861214 - `EndpointSliceMirroring should mirror a custom Endpoints resource through create update and delete`, // Perma-fail // https://bugzilla.redhat.com/show_bug.cgi?id=1862322 `an end user can use OLM can subscribe to the operator`, }, // tests that may work, but we don't support them - "[Disabled:Unsupported]": { - `\[Driver: rbd\]`, // OpenShift 4.x does not support Ceph RBD (use CSI instead) - `\[Driver: ceph\]`, // OpenShift 4.x does not support CephFS (use CSI instead) - }, + "[Disabled:Unsupported]": {}, // tests too slow to be part of conformance - "[Slow]": { - `\[sig-scalability\]`, // disable from the default set for now - `should create and stop a working application`, // Inordinately slow tests - - `\[Feature:PerformanceDNS\]`, // very slow - - `validates that there exists conflict between pods with same hostPort and protocol but one using 0\.0\.0\.0 hostIP`, // 5m, really? - }, + "[Slow]": {}, // tests that are known flaky "[Flaky]": { - `Job should run a job to completion when tasks sometimes fail and are not locally restarted`, // seems flaky, also may require too many resources - `openshift mongodb replication creating from a template`, // flaking on deployment - - // TODO(node): test works when run alone, but not in the suite in CI - `\[Feature:HPA\] Horizontal pod autoscaling \(scale resource: CPU\) \[sig-autoscaling\] ReplicationController light Should scale from 1 pod to 2 pods`, + `openshift mongodb replication creating from a template`, // flaking on deployment }, // tests that must be run without competition - "[Serial]": { - `\[Disruptive\]`, - `\[Feature:Performance\]`, // requires isolation - - `Service endpoints latency`, // requires low latency - `Clean up pods on node`, // schedules up to max pods per node - `DynamicProvisioner should test that deleting a claim before the volume is provisioned deletes the volume`, // test is very disruptive to other tests - - `Multi-AZ Clusters should spread the pods of a service across zones`, // spreading is a priority, not a predicate, and if the node is temporarily full the priority will be ignored - - `Should be able to support the 1\.7 Sample API Server using the current Aggregator`, // down apiservices break other clients today https://bugzilla.redhat.com/show_bug.cgi?id=1623195 - - `\[Feature:HPA\] Horizontal pod autoscaling \(scale resource: CPU\) \[sig-autoscaling\] ReplicationController light Should scale from 1 pod to 2 pods`, - - `should prevent Ingress creation if more than 1 IngressClass marked as default`, // https://bugzilla.redhat.com/show_bug.cgi?id=1822286 - - `\[sig-network\] IngressClass \[Feature:Ingress\] should set default value on new IngressClass`, //https://bugzilla.redhat.com/show_bug.cgi?id=1833583 - }, - "[Skipped:azure]": { - "Networking should provide Internet connection for containers", // Azure does not allow ICMP traffic to internet. - }, + "[Serial]": {}, + "[Skipped:azure]": {}, "[Skipped:ovirt]": { // https://bugzilla.redhat.com/show_bug.cgi?id=1838751 `\[sig-network\] Networking Granular Checks: Services should function for endpoint-Service`, `\[sig-network\] Networking Granular Checks: Services should function for node-Service`, `\[sig-network\] Networking Granular Checks: Services should function for pod-Service`, }, - "[Skipped:gce]": { - // Requires creation of a different compute instance in a different zone and is not compatible with volumeBindingMode of WaitForFirstConsumer which we use in 4.x - `\[sig-scheduling\] Multi-AZ Cluster Volumes \[sig-storage\] should only be allowed to provision PDs in zones where nodes exist`, - - // The following tests try to ssh directly to a node. None of our nodes have external IPs - `\[k8s.io\] \[sig-node\] crictl should be able to run crictl on the node`, - `\[sig-storage\] Flexvolumes should be mountable`, - `\[sig-storage\] Detaching volumes should not work when mount is in progress`, - - // We are using openshift-sdn to conceal metadata - `\[sig-auth\] Metadata Concealment should run a check-metadata-concealment job to completion`, - - // https://bugzilla.redhat.com/show_bug.cgi?id=1740959 - `\[sig-api-machinery\] AdmissionWebhook should be able to deny pod and configmap creation`, - - // https://bugzilla.redhat.com/show_bug.cgi?id=1745720 - `\[sig-storage\] CSI Volumes \[Driver: pd.csi.storage.gke.io\]\[Serial\]`, - - // https://bugzilla.redhat.com/show_bug.cgi?id=1749882 - `\[sig-storage\] CSI Volumes CSI Topology test using GCE PD driver \[Serial\]`, - - // https://bugzilla.redhat.com/show_bug.cgi?id=1751367 - `gce-localssd-scsi-fs`, - - // https://bugzilla.redhat.com/show_bug.cgi?id=1750851 - // should be serial if/when it's re-enabled - `\[HPA\] Horizontal pod autoscaling \(scale resource: Custom Metrics from Stackdriver\)`, - }, - // tests that don't pass under openshift-sdn but that are expected to pass - // with other network plugins (particularly ovn-kubernetes) - "[Skipped:Network/OpenShiftSDN]": { - `NetworkPolicy between server and client should allow egress access on one named port`, // not yet implemented - }, + "[Skipped:gce]": {}, // tests that don't pass under openshift-sdn multitenant mode "[Skipped:Network/OpenShiftSDN/Multitenant]": { `\[Feature:NetworkPolicy\]`, // not compatible with multitenant mode @@ -238,39 +105,8 @@ var ( // https://bugzilla.redhat.com/show_bug.cgi?id=1825027 `\[Feature:Platform\] Managed cluster should ensure control plane operators do not make themselves unevictable`, }, - "[sig-node]": { - `\[NodeConformance\]`, - `NodeLease`, - `lease API`, - `\[NodeFeature`, - `\[NodeAlphaFeature`, - `Probing container`, - `Security Context When creating a`, - `Downward API should create a pod that prints his name and namespace`, - `Liveness liveness pods should be automatically restarted`, - `Secret should create a pod that reads a secret`, - `Pods should delete a collection of pods`, - }, - "[sig-cluster-lifecycle]": { - `Feature:ClusterAutoscalerScalability`, - `recreate nodes and ensure they function`, - }, - "[sig-arch]": { - // not run, assigned to arch as catch-all - `\[Feature:GKELocalSSD\]`, - `\[Feature:GKENodePool\]`, - }, } // labelExcludes temporarily block tests out of a specific suite labelExcludes = map[string][]string{} - - excludedTests = []string{ - `\[Disabled:`, - `\[Disruptive\]`, - `\[Skipped\]`, - `\[Slow\]`, - `\[Flaky\]`, - `\[Local\]`, - } ) diff --git a/test/extended/util/annotate/rules_test.go b/test/extended/util/annotate/rules_test.go deleted file mode 100644 index f34dceeacbbc..000000000000 --- a/test/extended/util/annotate/rules_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package main - -import ( - "testing" - - "github.com/onsi/ginkgo/types" -) - -type testNode struct { - text string -} - -func (n *testNode) Type() types.SpecComponentType { - return 0 -} -func (n *testNode) CodeLocation() types.CodeLocation { - return types.CodeLocation{} -} -func (n *testNode) Text() string { - return n.text -} -func (n *testNode) SetText(text string) { - n.text = text -} -func (n *testNode) Flag() types.FlagType { - return 0 -} -func (n *testNode) SetFlag(flag types.FlagType) { -} - -func TestStockRules(t *testing.T) { - tests := []struct { - name string - - testName string - parentName string - - expectedText string - }{ - { - name: "simple serial match", - parentName: "", - testName: "[Serial] test", - expectedText: "[Serial] test [Suite:openshift/conformance/serial]", - }, - { - name: "don't tag skipped", - parentName: "", - testName: `[Serial] example test [Skipped:gce]`, - expectedText: `[Serial] example test [Skipped:gce] [Suite:openshift/conformance/serial]`, // notice that this isn't categorized into any of our buckets - }, - { - name: "not skipped", - parentName: "", - testName: `[sig-network] Networking Granular Checks: Pods should function for intra-pod communication: http [LinuxOnly] [NodeConformance] [Conformance]`, - expectedText: `[sig-network] Networking Granular Checks: Pods should function for intra-pod communication: http [LinuxOnly] [NodeConformance] [Conformance] [Suite:openshift/conformance/parallel/minimal]`, - }, - { - name: "should skip localssd on gce", - parentName: "", - testName: `[sig-storage] In-tree Volumes [Driver: local][LocalVolumeType: gce-localssd-scsi-fs] [Serial] [Testpattern: Dynamic PV (default fs)] subPath should be able to unmount after the subpath directory is deleted`, - expectedText: `[sig-storage] In-tree Volumes [Driver: local][LocalVolumeType: gce-localssd-scsi-fs] [Serial] [Testpattern: Dynamic PV (default fs)] subPath should be able to unmount after the subpath directory is deleted [Skipped:gce] [Suite:openshift/conformance/serial]`, // notice that this isn't categorized into any of our buckets - }, - { - name: "should skip NetworkPolicy tests on multitenant", - parentName: "[Feature:NetworkPolicy]", - testName: `should do something with NetworkPolicy`, - expectedText: `should do something with NetworkPolicy [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel]`, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - testRenamer := newGenerator() - testNode := &testNode{ - text: test.testName, - } - - testRenamer.generateRename(test.testName, test.parentName, testNode) - changed := testRenamer.output[combineNames(test.parentName, test.testName)] - - if e, a := test.expectedText, changed; e != a { - t.Error(a) - } - testRenamer = newRenamerFromGenerated(map[string]string{combineNames(test.parentName, test.testName): test.expectedText}) - testRenamer.updateNodeText(test.testName, test.parentName, testNode) - - if e, a := test.expectedText, testNode.Text(); e != a { - t.Error(a) - } - - }) - } -} From 2f12af0fc20256358431b660e4b79100ae2f5d40 Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Wed, 5 Aug 2020 19:08:51 -0700 Subject: [PATCH 3/5] bump(k8s.io/kubernetes) --- go.mod | 14 +- go.sum | 24 +- .../pkg/admission/imagepolicy/accept.go | 2 +- .../pkg/admission/imagepolicy/imagepolicy.go | 2 +- .../pkg/admission/imagepolicy/rules/accept.go | 2 +- .../pkg/admission/imagepolicy/rules/rules.go | 2 +- .../sccadmission/admission.go | 2 +- .../sccmatching/matcher.go | 2 +- .../util/sort/byrestrictions.go | 2 +- .../apiserver/pkg/server/genericapiserver.go | 3 - .../pkg/server/patch_genericapiserver.go | 2 +- vendor/k8s.io/cloud-provider/go.mod | 1 + vendor/k8s.io/cloud-provider/go.sum | 9 +- .../pkg/apiserver/apiserver.go | 2 +- .../openshift-hack/e2e/annotate/annotate.go | 258 ++++++++++++++++++ .../openshift-hack/e2e/annotate/rules.go | 216 +++++++++++++++ .../kubernetes/openshift-hack/e2e/include.go | 23 ++ .../restrictusers/restrictusers.go | 2 +- .../clusterresourceoverride/admission.go | 2 +- .../autoscaling/runonceduration/admission.go | 2 +- .../externalipranger/externalip_admission.go | 2 +- .../restrictedendpoints/endpoint_admission.go | 2 +- .../scheduler/podnodeconstraints/admission.go | 2 +- .../oauth/bootstrapauthenticator.go | 11 + .../authentication/oauth/timeoutvalidator.go | 2 +- .../oauth/tokenauthenticator.go | 4 +- .../configdefault/kubecontrolplane_default.go | 2 +- .../openshiftkubeapiserver/patch.go | 7 + .../openshiftkubeapiserver/sdn_readyz_wait.go | 126 +++++++++ .../pkg/kubelet/kuberuntime/convert.go | 13 +- .../kubernetes/pkg/kubelet/pleg/generic.go | 16 +- .../certificates/certificates/strategy.go | 21 -- .../test/e2e/storage/csi_mock_volume.go | 6 +- .../k8s.io/kubernetes/test/e2e/viperconfig.go | 5 + vendor/modules.txt | 16 +- 35 files changed, 726 insertions(+), 81 deletions(-) create mode 100644 vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/annotate.go create mode 100644 vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/rules.go create mode 100644 vendor/k8s.io/kubernetes/openshift-hack/e2e/include.go create mode 100644 vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/sdn_readyz_wait.go diff --git a/go.mod b/go.mod index e45ea8c23786..b672244bdbe9 100644 --- a/go.mod +++ b/go.mod @@ -31,11 +31,11 @@ require ( github.com/lestrrat/go-jsschema v0.0.0-20181205002244-5c81c58ffcc3 github.com/lpabon/godbc v0.0.0-00010101000000-000000000000 // indirect github.com/mohae/deepcopy v0.0.0-00010101000000-000000000000 // indirect - github.com/onsi/ginkgo v1.11.0 + github.com/onsi/ginkgo v4.5.0-origin.1+incompatible github.com/onsi/gomega v1.7.0 github.com/opencontainers/go-digest v1.0.0-rc1 github.com/openshift/api v0.0.0-20200722204502-c33fd0aa6ffa - github.com/openshift/apiserver-library-go v0.0.0-20200722231130-01c5eee5e10b + github.com/openshift/apiserver-library-go v0.0.0-20200723181026-dd21ec96ba0a github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7 github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15 github.com/openshift/library-go v0.0.0-20200722204747-e3f2c82ff290 @@ -420,10 +420,10 @@ replace ( k8s.io/api => k8s.io/api v0.19.0-rc.2 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.19.0-rc.2 k8s.io/apimachinery => k8s.io/apimachinery v0.19.0-rc.2 - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200803060402-d32435439579 + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200826132615-f71a7ab366cf k8s.io/cli-runtime => k8s.io/cli-runtime v0.19.0-rc.2 - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200803060402-d32435439579 - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200803060402-d32435439579 + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200826132615-f71a7ab366cf + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200826132615-f71a7ab366cf k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.19.0-rc.2 k8s.io/code-generator => k8s.io/code-generator v0.19.0-rc.2 k8s.io/component-base => k8s.io/component-base v0.19.0-rc.2 @@ -432,13 +432,13 @@ replace ( k8s.io/gengo => k8s.io/gengo v0.0.0-20200114144118-36b2048a9120 k8s.io/heapster => k8s.io/heapster v1.2.0-beta.1 k8s.io/klog => k8s.io/klog v1.0.0 - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200803060402-d32435439579 + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200826132615-f71a7ab366cf k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.19.0-rc.2 k8s.io/kube-proxy => k8s.io/kube-proxy v0.19.0-rc.2 k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.19.0-rc.2 k8s.io/kubectl => k8s.io/kubectl v0.19.0-rc.2 k8s.io/kubelet => k8s.io/kubelet v0.19.0-rc.2 - k8s.io/kubernetes => github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200803060402-d32435439579 + k8s.io/kubernetes => github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200826132615-f71a7ab366cf k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20200826132615-f71a7ab366cf k8s.io/metrics => k8s.io/metrics v0.19.0-rc.2 k8s.io/repo-infra => k8s.io/repo-infra v0.0.1-alpha.1 diff --git a/go.sum b/go.sum index 49bf4d058bed..ea03aa44f82a 100644 --- a/go.sum +++ b/go.sum @@ -428,24 +428,24 @@ github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwy github.com/openshift/api v0.0.0-20200722170803-0ba2c3658da6/go.mod h1:IXsT3F4NjLtRzfnQvwU+g/oPWpoNsVV5vd5aaOMO8eU= github.com/openshift/api v0.0.0-20200722204502-c33fd0aa6ffa h1:Ty11UANoi60q8bnaA/XHornmFFzRDkYHwWE2fQMNzqQ= github.com/openshift/api v0.0.0-20200722204502-c33fd0aa6ffa/go.mod h1:IXsT3F4NjLtRzfnQvwU+g/oPWpoNsVV5vd5aaOMO8eU= -github.com/openshift/apiserver-library-go v0.0.0-20200722231130-01c5eee5e10b h1:vNXXR0IaFvYhuEXROIZZLT1yKTpheMDn8YVmjXtKjOo= -github.com/openshift/apiserver-library-go v0.0.0-20200722231130-01c5eee5e10b/go.mod h1:Mfg9VY4GCU3I7Fu9BXonA9Bx0MnK8NdUSXJ9rECVMs0= +github.com/openshift/apiserver-library-go v0.0.0-20200723181026-dd21ec96ba0a h1:5jNauFKxYwStYVdLRY+Oy+hS/8h1wioW5RYaIWXFpC8= +github.com/openshift/apiserver-library-go v0.0.0-20200723181026-dd21ec96ba0a/go.mod h1://gQP1LMTExUTcFCgJdKHY23UVHhkaQILXsTdVz0Qok= github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7 h1:iP7TOaN+tEVNUQ0ODEbN1ukjLz918lsIt7Czf8giWlM= github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15 h1:b2QkHrmaYtY6kzy2VrYLc+KBmCuTpJjgvBahPqpt6V0= github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15/go.mod h1:yd4Zpcdk+8JyMWi6v+h78jPqK0FvXbJY41Wq3SZxl+c= github.com/openshift/golang-glog v0.0.0-20190322123450-3c92600d7533 h1:A5VovyRu3JFIPmC20HHrsOOny0PIdHuzDdNMULru48k= github.com/openshift/golang-glog v0.0.0-20190322123450-3c92600d7533/go.mod h1:3sa6LKKRDnR1xy4Kn8htvPwqIOVwXh8fIU3LRY22q3U= -github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200803060402-d32435439579 h1:ZR3W1ucbbvnKLXJa2XJcIWD46BgVFCBgQp1ylRfSh2o= -github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200803060402-d32435439579/go.mod h1:CocnRx4YBHt4EM7L4iUYMeVYdZgyOcsLiR9j12Bh2VA= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200803060402-d32435439579 h1:w3NiU6RpydQzBmGj/RQXBMdAcTr9CZrY4eeWpsc4WFo= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200803060402-d32435439579/go.mod h1:+byIt/wuDt8WgIusF3aWdyun5O4cIvIHPiQWUZTjUiE= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200803060402-d32435439579 h1:MeMXPKhxhCtnQVz88TyU6xOmnpV5Vy1lSuExjIYTq+8= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200803060402-d32435439579/go.mod h1:l5+662plwhIL4vDAeaySrk6peI36J0lKKSOtc1cHTO4= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200803060402-d32435439579 h1:bOUbz+UcfsIvRJA8aOYefB4kjUvEqN7frmhNDXjIduQ= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200803060402-d32435439579/go.mod h1:+7rIJYlH+r3D4eWt4HVRk52OcWNLyFDIi0uT5DdivUQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200803060402-d32435439579 h1:dAQitjT7Z0epj09lRnuPgJmcnveN4xZX44S8lD4J7nQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200803060402-d32435439579/go.mod h1:Fgq/XF/OXIjTpvL79ZjF1h/cXPVUFAxocIQDGRfoQYw= +github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200826132615-f71a7ab366cf h1:ZN/QjGb0pIrsNQYpBTEveZzFoPqv7P26JB/nsKzZ6n4= +github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200826132615-f71a7ab366cf/go.mod h1:aJkJxeDTYuttw+MRc5T2zhDsP24ZhZmpGmc+jmdz7w0= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200826132615-f71a7ab366cf h1:N8rG0zKTjJRuTO0UfQDXaxaBEtLTULxncmcgBScaWgI= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200826132615-f71a7ab366cf/go.mod h1:q9rHEv1UltcR8OSRYNAJOOiS8HrCX9U7I2RacSAr4XM= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200826132615-f71a7ab366cf h1:5JYxm4t7jUPEoLiFViiqcPujntSOztnOSuGybRItBOU= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200826132615-f71a7ab366cf/go.mod h1:+D+tDV3iwgbrqITjgufYYBkYVIfzD564qL10LbnKzgM= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200826132615-f71a7ab366cf h1:dKA2Rmv4nZJphas3gtH8W98+ZRMrFrZjKkMj+Ucj/gk= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200826132615-f71a7ab366cf/go.mod h1:vx/reZx/iefWuS3A7hRi4cwoptpCkVhqqITKpUsIkWs= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200826132615-f71a7ab366cf h1:A30pBAUeL4ogH6sAamr346lPGvNybGo/2YO/POhHPc4= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200826132615-f71a7ab366cf/go.mod h1:MUq2YTU8mwp7qYhM8Gu95ZSBOIp2+OyDSY7dOeHgCTA= github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20200826132615-f71a7ab366cf h1:6WYK5JAFYXehPZbVkkkSqeibs7clN3mRHZmiXG+K79w= github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20200826132615-f71a7ab366cf/go.mod h1:kUaainILK6Zy9oE3FRx+pp7y5+eTb73H3Z4oEmzaxQ8= github.com/openshift/library-go v0.0.0-20200722204747-e3f2c82ff290 h1:x2MMkmR0gr+3UazejQcIafWCXh8d0W+6EWTtWLyGBnQ= diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/accept.go b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/accept.go index 19c11d42fc22..8ff6c7d70eec 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/accept.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/accept.go @@ -3,7 +3,7 @@ package imagepolicy import ( "fmt" - "k8s.io/klog" + "k8s.io/klog/v2" apierrs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/imagepolicy.go b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/imagepolicy.go index 9bff5b1b2d8a..df97813f821b 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/imagepolicy.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/imagepolicy.go @@ -24,7 +24,7 @@ import ( "k8s.io/client-go/informers" corev1listers "k8s.io/client-go/listers/core/v1" "k8s.io/client-go/rest" - "k8s.io/klog" + "k8s.io/klog/v2" kapi "k8s.io/kubernetes/pkg/apis/core" imagev1 "github.com/openshift/api/image/v1" diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/accept.go b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/accept.go index 3785219dbc38..f117cb73ae36 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/accept.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/accept.go @@ -1,7 +1,7 @@ package rules import ( - "k8s.io/klog" + "k8s.io/klog/v2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/rules.go b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/rules.go index a9acc672a5ec..78735e4276e8 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/rules.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/rules/rules.go @@ -5,7 +5,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/klog" + "k8s.io/klog/v2" "github.com/openshift/api/image/docker10" imagev1 "github.com/openshift/api/image/v1" diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccadmission/admission.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccadmission/admission.go index 7f3e87272981..da613abd13d4 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccadmission/admission.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccadmission/admission.go @@ -18,7 +18,7 @@ import ( "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - "k8s.io/klog" + "k8s.io/klog/v2" coreapi "k8s.io/kubernetes/pkg/apis/core" kapihelper "k8s.io/kubernetes/pkg/apis/core/helper" rbacregistry "k8s.io/kubernetes/pkg/registry/rbac" diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/matcher.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/matcher.go index 78159e0c1827..7625979b4a5d 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/matcher.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/matcher.go @@ -6,7 +6,7 @@ import ( "sort" "strings" - "k8s.io/klog" + "k8s.io/klog/v2" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/util/sort/byrestrictions.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/util/sort/byrestrictions.go index aabdb3c189e5..67189e0859f4 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/util/sort/byrestrictions.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/util/sort/byrestrictions.go @@ -3,7 +3,7 @@ package sort import ( "strings" - "k8s.io/klog" + "k8s.io/klog/v2" corev1 "k8s.io/api/core/v1" diff --git a/vendor/k8s.io/apiserver/pkg/server/genericapiserver.go b/vendor/k8s.io/apiserver/pkg/server/genericapiserver.go index 72120eb7341f..c5a1fc344a12 100644 --- a/vendor/k8s.io/apiserver/pkg/server/genericapiserver.go +++ b/vendor/k8s.io/apiserver/pkg/server/genericapiserver.go @@ -658,9 +658,6 @@ func (s *GenericAPIServer) Eventf(eventType, reason, messageFmt string, args ... InvolvedObject: ref, Reason: reason, Message: fmt.Sprintf(messageFmt, args...), - FirstTimestamp: t, - LastTimestamp: t, - Count: 1, Type: eventType, Source: corev1.EventSource{Component: "apiserver", Host: host}, } diff --git a/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go b/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go index 05ba071b7df7..1ee461fba4ab 100644 --- a/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go +++ b/vendor/k8s.io/apiserver/pkg/server/patch_genericapiserver.go @@ -24,7 +24,7 @@ import ( "go.uber.org/atomic" - "k8s.io/klog" + "k8s.io/klog/v2" corev1 "k8s.io/api/core/v1" ) diff --git a/vendor/k8s.io/cloud-provider/go.mod b/vendor/k8s.io/cloud-provider/go.mod index ea4b0cdaa609..77b2eb465afd 100644 --- a/vendor/k8s.io/cloud-provider/go.mod +++ b/vendor/k8s.io/cloud-provider/go.mod @@ -22,6 +22,7 @@ replace ( github.com/go-bindata/go-bindata => github.com/go-bindata/go-bindata v3.1.1+incompatible github.com/golang/glog => github.com/openshift/golang-glog v0.0.0-20190322123450-3c92600d7533 github.com/imdario/mergo => github.com/imdario/mergo v0.3.5 + github.com/onsi/ginkgo => github.com/openshift/onsi-ginkgo v4.5.0-origin.1+incompatible github.com/openshift/build-machinery-go => github.com/openshift/build-machinery-go v0.0.0-20200424080330-082bf86082cc github.com/robfig/cron => github.com/robfig/cron v1.1.0 go.uber.org/multierr => go.uber.org/multierr v1.1.0 diff --git a/vendor/k8s.io/cloud-provider/go.sum b/vendor/k8s.io/cloud-provider/go.sum index 6337f13a1fc8..8fd8acfcc0aa 100644 --- a/vendor/k8s.io/cloud-provider/go.sum +++ b/vendor/k8s.io/cloud-provider/go.sum @@ -389,11 +389,6 @@ github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= @@ -411,11 +406,13 @@ github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwy github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= github.com/openshift/api v0.0.0-20200722170803-0ba2c3658da6/go.mod h1:IXsT3F4NjLtRzfnQvwU+g/oPWpoNsVV5vd5aaOMO8eU= github.com/openshift/api v0.0.0-20200722204502-c33fd0aa6ffa/go.mod h1:IXsT3F4NjLtRzfnQvwU+g/oPWpoNsVV5vd5aaOMO8eU= -github.com/openshift/apiserver-library-go v0.0.0-20200722231130-01c5eee5e10b/go.mod h1:Mfg9VY4GCU3I7Fu9BXonA9Bx0MnK8NdUSXJ9rECVMs0= +github.com/openshift/apiserver-library-go v0.0.0-20200723181026-dd21ec96ba0a/go.mod h1://gQP1LMTExUTcFCgJdKHY23UVHhkaQILXsTdVz0Qok= github.com/openshift/build-machinery-go v0.0.0-20200424080330-082bf86082cc/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15/go.mod h1:yd4Zpcdk+8JyMWi6v+h78jPqK0FvXbJY41Wq3SZxl+c= github.com/openshift/golang-glog v0.0.0-20190322123450-3c92600d7533/go.mod h1:3sa6LKKRDnR1xy4Kn8htvPwqIOVwXh8fIU3LRY22q3U= github.com/openshift/library-go v0.0.0-20200722204747-e3f2c82ff290/go.mod h1:/gVyoY2dl35bcCCgs+36UmGt6n/kn3f64hfDduujQ1c= +github.com/openshift/onsi-ginkgo v4.5.0-origin.1+incompatible h1:GtzyDU5vBFU40hz4GWd1qU5FJByNljWdgkM2LtdelGk= +github.com/openshift/onsi-ginkgo v4.5.0-origin.1+incompatible/go.mod h1:azqkkH4Vpp9A579CC26hicol/wViXag9rOwElif6v9E= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= diff --git a/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go b/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go index 576b624e2fc9..ec6612e7a72a 100644 --- a/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go +++ b/vendor/k8s.io/kube-aggregator/pkg/apiserver/apiserver.go @@ -18,7 +18,7 @@ package apiserver import ( "fmt" - "k8s.io/klog" + "k8s.io/klog/v2" "net/http" "strings" "time" diff --git a/vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/annotate.go b/vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/annotate.go new file mode 100644 index 000000000000..e9a2ab985780 --- /dev/null +++ b/vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/annotate.go @@ -0,0 +1,258 @@ +package annotate + +import ( + "fmt" + "io/ioutil" + "os" + "os/exec" + "regexp" + "sort" + "strings" + + "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/types" +) + +var reHasSig = regexp.MustCompile(`\[sig-[\w-]+\]`) + +// Run generates tests annotations for the targeted package. +func Run() { + if len(os.Args) != 2 && len(os.Args) != 3 { + fmt.Fprintf(os.Stderr, "error: requires exactly one argument\n") + os.Exit(1) + } + filename := os.Args[len(os.Args)-1] + + generator := newGenerator() + ginkgo.WalkTests(generator.generateRename) + + renamer := newRenamerFromGenerated(generator.output) + ginkgo.WalkTests(renamer.updateNodeText) + if len(renamer.missing) > 0 { + var names []string + for name := range renamer.missing { + names = append(names, name) + } + sort.Strings(names) + fmt.Fprintf(os.Stderr, "failed:\n%s\n", strings.Join(names, "\n")) + os.Exit(1) + } + + // All tests must be associated with a sig (either upstream), or downstream + // If you get this error, you should add the [sig-X] tag to your test (if its + // in origin) or if it is upstream add a new rule to rules.go that assigns + // the test in question to the right sig. + // + // Upstream sigs map to teams (if you have representation on that sig, you + // own those tests in origin) + // Downstream sigs: sig-imageregistry, sig-builds, sig-devex + var errors []string + for from, to := range generator.output { + if !reHasSig.MatchString(from) && !reHasSig.MatchString(to) { + errors = append(errors, fmt.Sprintf("all tests must define a [sig-XXXX] tag or have a rule %q", from)) + } + } + if len(errors) > 0 { + sort.Strings(errors) + for _, s := range errors { + fmt.Fprintf(os.Stderr, "failed: %s\n", s) + } + os.Exit(1) + } + + var pairs []string + for from, to := range generator.output { + pairs = append(pairs, fmt.Sprintf("%q:\n%q,", from, to)) + } + sort.Strings(pairs) + contents := fmt.Sprintf(` +package generated + +import ( + "fmt" + "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/types" +) + +var annotations = map[string]string{ +%s +} + +func init() { + ginkgo.WalkTests(func(name, parentName string, node types.TestNode) { + combined := name + if len(parentName) > 0 { + combined = parentName + " " + combined + } + if updated, ok := annotations[combined]; ok { + node.SetText(updated) + } else { + panic(fmt.Sprintf("unable to find test %%s", combined)) + } + }) +} +`, strings.Join(pairs, "\n\n")) + if err := ioutil.WriteFile(filename, []byte(contents), 0644); err != nil { + fmt.Fprintf(os.Stderr, "error: %v", err) + os.Exit(1) + } + if _, err := exec.Command("gofmt", "-s", "-w", filename).Output(); err != nil { + fmt.Fprintf(os.Stderr, "error: %v", err) + os.Exit(1) + } +} + +func newGenerator() *ginkgoTestRenamer { + var allLabels []string + matches := make(map[string]*regexp.Regexp) + stringMatches := make(map[string][]string) + excludes := make(map[string]*regexp.Regexp) + + for label, items := range TestMaps { + sort.Strings(items) + allLabels = append(allLabels, label) + var remain []string + for _, item := range items { + re := regexp.MustCompile(item) + if p, ok := re.LiteralPrefix(); ok { + stringMatches[label] = append(stringMatches[label], p) + } else { + remain = append(remain, item) + } + } + if len(remain) > 0 { + matches[label] = regexp.MustCompile(strings.Join(remain, `|`)) + } + } + for label, items := range LabelExcludes { + sort.Strings(items) + excludes[label] = regexp.MustCompile(strings.Join(items, `|`)) + } + sort.Strings(allLabels) + + excludedTestsFilter := regexp.MustCompile(strings.Join(ExcludedTests, `|`)) + + return &ginkgoTestRenamer{ + allLabels: allLabels, + stringMatches: stringMatches, + matches: matches, + excludes: excludes, + excludedTestsFilter: excludedTestsFilter, + + output: make(map[string]string), + } +} + +func newRenamerFromGenerated(names map[string]string) *ginkgoTestRenamer { + return &ginkgoTestRenamer{ + output: names, + missing: make(map[string]struct{}), + } +} + +type ginkgoTestRenamer struct { + allLabels []string + stringMatches map[string][]string + matches map[string]*regexp.Regexp + excludes map[string]*regexp.Regexp + excludedTestsFilter *regexp.Regexp + + output map[string]string + missing map[string]struct{} +} + +func (r *ginkgoTestRenamer) updateNodeText(name, parentName string, node types.TestNode) { + if updated, ok := r.output[combineNames(parentName, name)]; ok { + node.SetText(updated) + } else { + r.missing[combineNames(parentName, name)] = struct{}{} + } +} + +func (r *ginkgoTestRenamer) generateRename(name, parentName string, node types.TestNode) { + originalName := name + combinedName := combineNames(parentName, name) + + labels := "" + for { + count := 0 + for _, label := range r.allLabels { + // never apply a sig label twice + if strings.HasPrefix(label, "[sig-") && strings.Contains(combinedName, "[sig-") { + continue + } + if strings.Contains(combinedName, label) { + continue + } + + var hasLabel bool + for _, segment := range r.stringMatches[label] { + hasLabel = strings.Contains(combinedName, segment) + if hasLabel { + break + } + } + if !hasLabel { + if re := r.matches[label]; re != nil { + hasLabel = r.matches[label].MatchString(combinedName) + } + } + + if hasLabel { + // TODO: remove when we no longer need it + if re, ok := r.excludes[label]; ok && re.MatchString(combinedName) { + continue + } + count++ + labels += " " + label + combinedName += " " + label + name += " " + label + } + } + if count == 0 { + break + } + } + + if !r.excludedTestsFilter.MatchString(combinedName) { + isSerial := strings.Contains(combinedName, "[Serial]") + isConformance := strings.Contains(combinedName, "[Conformance]") + switch { + case isSerial && isConformance: + name += " [Suite:openshift/conformance/serial/minimal]" + case isSerial: + name += " [Suite:openshift/conformance/serial]" + case isConformance: + name += " [Suite:openshift/conformance/parallel/minimal]" + default: + name += " [Suite:openshift/conformance/parallel]" + } + } + if isGoModulePath(node.CodeLocation().FileName, "github.com/openshift/origin", "test") && !strings.Contains(name, "[Suite:openshift") { + name += " [Suite:openshift]" + } + if isGoModulePath(node.CodeLocation().FileName, "k8s.io/kubernetes", "test/e2e") { + name += " [Suite:k8s]" + } + + r.output[combineNames(parentName, originalName)] = name +} + +// isGoModulePath returns true if the packagePath reported by reflection is within a +// module and given module path. When go mod is in use, module and modulePath are not +// contiguous as they were in older golang versions with vendoring, so naive contains +// tests fail. +// +// historically: ".../vendor/k8s.io/kubernetes/test/e2e" +// go.mod: "k8s.io/kubernetes@0.18.4/test/e2e" +// +func isGoModulePath(packagePath, module, modulePath string) bool { + return regexp.MustCompile(fmt.Sprintf(`\b%s(@[^/]*|)/%s\b`, regexp.QuoteMeta(module), regexp.QuoteMeta(modulePath))).MatchString(packagePath) +} + +func combineNames(parentName, name string) string { + if len(parentName) == 0 { + return name + } + return parentName + " " + name +} diff --git a/vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/rules.go b/vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/rules.go new file mode 100644 index 000000000000..262b965fc237 --- /dev/null +++ b/vendor/k8s.io/kubernetes/openshift-hack/e2e/annotate/rules.go @@ -0,0 +1,216 @@ +package annotate + +import ( + // ensure all the ginkgo tests are loaded + _ "k8s.io/kubernetes/openshift-hack/e2e" +) + +var ( + TestMaps = map[string][]string{ + // alpha features that are not gated + "[Disabled:Alpha]": { + // ALPHA features in 1.19, disabled by default. + // !!! Review their status as part of the 1.20 rebase. + `\[Feature:CSIStorageCapacity\]`, + `\[Feature:IPv6DualStack.*\]`, + `\[Feature:ServiceAccountIssuerDiscovery\]`, + `\[Feature:SetHostnameAsFQDN\]`, + `\[Feature:TTLAfterFinished\]`, + + // BETA features in 1.19, enabled by default + // Their enablement is tracked via bz's targeted at 4.6. + `\[Feature:ExpandCSIVolumes\]`, // https://bugzilla.redhat.com/show_bug.cgi?id=1861218 + `\[Feature:SCTPConnectivity\]`, // https://bugzilla.redhat.com/show_bug.cgi?id=1861606 + }, + // tests for features that are not implemented in openshift + "[Disabled:Unimplemented]": { + `\[Feature:Networking-IPv6\]`, // openshift-sdn doesn't support yet + `Monitoring`, // Not installed, should be + `Cluster level logging`, // Not installed yet + `Kibana`, // Not installed + `Ubernetes`, // Can't set zone labels today + `kube-ui`, // Not installed by default + `Kubernetes Dashboard`, // Not installed by default (also probably slow image pull) + + `NetworkPolicy.*egress`, // not supported + `NetworkPolicy.*named port`, // not yet implemented + `enforce egress policy`, // not support + `should proxy to cadvisor`, // we don't expose cAdvisor port directly for security reasons + + `NetworkPolicy.*IPBlock`, // not supported + `NetworkPolicy.*Egress`, // not supported + `NetworkPolicy.*default-deny-all`, // not supported + }, + // tests that rely on special configuration that we do not yet support + "[Disabled:SpecialConfig]": { + // GPU node needs to be available + `\[Feature:GPUDevicePlugin\]`, + `\[sig-scheduling\] GPUDevicePluginAcrossRecreate \[Feature:Recreate\]`, + + `\[Feature:ImageQuota\]`, // Quota isn't turned on by default, we should do that and then reenable these tests + `\[Feature:Audit\]`, // Needs special configuration + `\[Feature:LocalStorageCapacityIsolation\]`, // relies on a separate daemonset? + `\[sig-cloud-provider-gcp\]`, // these test require a different configuration - note that GCE tests from the sig-cluster-lifecycle were moved to the sig-cloud-provider-gcpcluster lifecycle see https://github.com/kubernetes/kubernetes/commit/0b3d50b6dccdc4bbd0b3e411c648b092477d79ac#diff-3b1910d08fb8fd8b32956b5e264f87cb + + `kube-dns-autoscaler`, // Don't run kube-dns + `should check if Kubernetes master services is included in cluster-info`, // Don't run kube-dns + `DNS configMap`, // this tests dns federation configuration via configmap, which we don't support yet + + `NodeProblemDetector`, // requires a non-master node to run on + `Advanced Audit should audit API calls`, // expects to be able to call /logs + + `Firewall rule should have correct firewall rules for e2e cluster`, // Upstream-install specific + }, + // tests that are known broken and need to be fixed upstream or in openshift + // always add an issue here + "[Disabled:Broken]": { + `mount an API token into pods`, // We add 6 secrets, not 1 + `ServiceAccounts should ensure a single API token exists`, // We create lots of secrets + `unchanging, static URL paths for kubernetes api services`, // the test needs to exclude URLs that are not part of conformance (/logs) + `Services should be able to up and down services`, // we don't have wget installed on nodes + `Network should set TCP CLOSE_WAIT timeout`, // possibly some difference between ubuntu and fedora + `\[NodeFeature:Sysctls\]`, // needs SCC support + `should check kube-proxy urls`, // previously this test was skipped b/c we reported -1 as the number of nodes, now we report proper number and test fails + `SSH`, // TRIAGE + `should implement service.kubernetes.io/service-proxy-name`, // this is an optional test that requires SSH. sig-network + `should allow ingress access on one named port`, // https://bugzilla.redhat.com/show_bug.cgi?id=1711602 + `recreate nodes and ensure they function upon restart`, // https://bugzilla.redhat.com/show_bug.cgi?id=1756428 + `\[Driver: iscsi\]`, // https://bugzilla.redhat.com/show_bug.cgi?id=1711627 + + "RuntimeClass should reject", + + `Services should implement service.kubernetes.io/headless`, // requires SSH access to function, needs to be refactored + `ClusterDns \[Feature:Example\] should create pod that uses dns`, // doesn't use bindata, not part of kube test binary + `Simple pod should handle in-cluster config`, // kubectl cp doesn't work or is not preserving executable bit, we have this test already + + // TODO(node): configure the cri handler for the runtime class to make this work + "should run a Pod requesting a RuntimeClass with a configured handler", + "should reject a Pod requesting a RuntimeClass with conflicting node selector", + "should run a Pod requesting a RuntimeClass with scheduling", + + // A fix is in progress: https://github.com/openshift/origin/pull/24709 + `Multi-AZ Clusters should spread the pods of a replication controller across zones`, + + // Fix is in progress upstream and tracked via https://bugzilla.redhat.com/show_bug.cgi?id=1861215 + `Secret should create a pod that reads a secret`, + + // disabled until oc and origin are on k8s 1.19 - workloads team + `should return command exit codes`, + + // Disabled as per networking team. Follow-up tracked via https://bugzilla.redhat.com/show_bug.cgi?id=1861214 + `EndpointSliceMirroring should mirror a custom Endpoints resource through create update and delete`, + + // Test passes but container it uses exits with non-zero. + // https://bugzilla.redhat.com/show_bug.cgi?id=1861526 + `ServiceAccounts should set ownership and permission when RunAsUser or FsGroup is present`, + }, + // tests that may work, but we don't support them + "[Disabled:Unsupported]": { + `\[Driver: rbd\]`, // OpenShift 4.x does not support Ceph RBD (use CSI instead) + `\[Driver: ceph\]`, // OpenShift 4.x does not support CephFS (use CSI instead) + }, + // tests too slow to be part of conformance + "[Slow]": { + `\[sig-scalability\]`, // disable from the default set for now + `should create and stop a working application`, // Inordinately slow tests + + `\[Feature:PerformanceDNS\]`, // very slow + + `validates that there exists conflict between pods with same hostPort and protocol but one using 0\.0\.0\.0 hostIP`, // 5m, really? + }, + // tests that are known flaky + "[Flaky]": { + `Job should run a job to completion when tasks sometimes fail and are not locally restarted`, // seems flaky, also may require too many resources + // TODO(node): test works when run alone, but not in the suite in CI + `\[Feature:HPA\] Horizontal pod autoscaling \(scale resource: CPU\) \[sig-autoscaling\] ReplicationController light Should scale from 1 pod to 2 pods`, + }, + // tests that must be run without competition + "[Serial]": { + `\[Disruptive\]`, + `\[Feature:Performance\]`, // requires isolation + + `Service endpoints latency`, // requires low latency + `Clean up pods on node`, // schedules up to max pods per node + `DynamicProvisioner should test that deleting a claim before the volume is provisioned deletes the volume`, // test is very disruptive to other tests + + `Multi-AZ Clusters should spread the pods of a service across zones`, // spreading is a priority, not a predicate, and if the node is temporarily full the priority will be ignored + + `Should be able to support the 1\.7 Sample API Server using the current Aggregator`, // down apiservices break other clients today https://bugzilla.redhat.com/show_bug.cgi?id=1623195 + + `\[Feature:HPA\] Horizontal pod autoscaling \(scale resource: CPU\) \[sig-autoscaling\] ReplicationController light Should scale from 1 pod to 2 pods`, + + `should prevent Ingress creation if more than 1 IngressClass marked as default`, // https://bugzilla.redhat.com/show_bug.cgi?id=1822286 + + `\[sig-network\] IngressClass \[Feature:Ingress\] should set default value on new IngressClass`, //https://bugzilla.redhat.com/show_bug.cgi?id=1833583 + }, + "[Skipped:azure]": { + "Networking should provide Internet connection for containers", // Azure does not allow ICMP traffic to internet. + + // openshift-tests cannot access Azure API to create in-line or pre-provisioned volumes, https://bugzilla.redhat.com/show_bug.cgi?id=1723603 + `\[sig-storage\] In-tree Volumes \[Driver: azure\] \[Testpattern: Inline-volume`, + `\[sig-storage\] In-tree Volumes \[Driver: azure\] \[Testpattern: Pre-provisioned PV`, + }, + "[Skipped:gce]": { + // Requires creation of a different compute instance in a different zone and is not compatible with volumeBindingMode of WaitForFirstConsumer which we use in 4.x + `\[sig-scheduling\] Multi-AZ Cluster Volumes \[sig-storage\] should only be allowed to provision PDs in zones where nodes exist`, + + // The following tests try to ssh directly to a node. None of our nodes have external IPs + `\[k8s.io\] \[sig-node\] crictl should be able to run crictl on the node`, + `\[sig-storage\] Flexvolumes should be mountable`, + `\[sig-storage\] Detaching volumes should not work when mount is in progress`, + + // We are using openshift-sdn to conceal metadata + `\[sig-auth\] Metadata Concealment should run a check-metadata-concealment job to completion`, + + // https://bugzilla.redhat.com/show_bug.cgi?id=1740959 + `\[sig-api-machinery\] AdmissionWebhook should be able to deny pod and configmap creation`, + + // https://bugzilla.redhat.com/show_bug.cgi?id=1745720 + `\[sig-storage\] CSI Volumes \[Driver: pd.csi.storage.gke.io\]\[Serial\]`, + + // https://bugzilla.redhat.com/show_bug.cgi?id=1749882 + `\[sig-storage\] CSI Volumes CSI Topology test using GCE PD driver \[Serial\]`, + + // https://bugzilla.redhat.com/show_bug.cgi?id=1751367 + `gce-localssd-scsi-fs`, + + // https://bugzilla.redhat.com/show_bug.cgi?id=1750851 + // should be serial if/when it's re-enabled + `\[HPA\] Horizontal pod autoscaling \(scale resource: Custom Metrics from Stackdriver\)`, + }, + "[sig-node]": { + `\[NodeConformance\]`, + `NodeLease`, + `lease API`, + `\[NodeFeature`, + `\[NodeAlphaFeature`, + `Probing container`, + `Security Context When creating a`, + `Downward API should create a pod that prints his name and namespace`, + `Liveness liveness pods should be automatically restarted`, + `Secret should create a pod that reads a secret`, + `Pods should delete a collection of pods`, + }, + "[sig-cluster-lifecycle]": { + `Feature:ClusterAutoscalerScalability`, + `recreate nodes and ensure they function`, + }, + "[sig-arch]": { + // not run, assigned to arch as catch-all + `\[Feature:GKELocalSSD\]`, + `\[Feature:GKENodePool\]`, + }, + } + + // labelExcludes temporarily block tests out of a specific suite + LabelExcludes = map[string][]string{} + + ExcludedTests = []string{ + `\[Disabled:`, + `\[Disruptive\]`, + `\[Skipped\]`, + `\[Slow\]`, + `\[Flaky\]`, + `\[Local\]`, + } +) diff --git a/vendor/k8s.io/kubernetes/openshift-hack/e2e/include.go b/vendor/k8s.io/kubernetes/openshift-hack/e2e/include.go new file mode 100644 index 000000000000..fb219fb87ff0 --- /dev/null +++ b/vendor/k8s.io/kubernetes/openshift-hack/e2e/include.go @@ -0,0 +1,23 @@ +package e2e + +// This file should import all the packages defining k8s e2e tests that are +// relevant to openshift. It is intended to affect: +// +// - what is included in the k8s-e2e.test binary built from this package +// - the annotations generated by the annotate package + +import ( + _ "k8s.io/kubernetes/test/e2e" + _ "k8s.io/kubernetes/test/e2e/apimachinery" + _ "k8s.io/kubernetes/test/e2e/apps" + _ "k8s.io/kubernetes/test/e2e/auth" + _ "k8s.io/kubernetes/test/e2e/autoscaling" + _ "k8s.io/kubernetes/test/e2e/common" + _ "k8s.io/kubernetes/test/e2e/instrumentation" + _ "k8s.io/kubernetes/test/e2e/kubectl" + _ "k8s.io/kubernetes/test/e2e/network" + _ "k8s.io/kubernetes/test/e2e/node" + _ "k8s.io/kubernetes/test/e2e/scheduling" + _ "k8s.io/kubernetes/test/e2e/servicecatalog" + _ "k8s.io/kubernetes/test/e2e/storage" +) diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/restrictusers.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/restrictusers.go index 63522ce06a5b..4c7885820318 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/restrictusers.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/restrictusers.go @@ -13,7 +13,7 @@ import ( "k8s.io/apiserver/pkg/admission/initializer" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" - "k8s.io/klog" + "k8s.io/klog/v2" "k8s.io/kubernetes/pkg/apis/rbac" userv1 "github.com/openshift/api/user/v1" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/clusterresourceoverride/admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/clusterresourceoverride/admission.go index 3b09f6a89f07..6aed487fdef1 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/clusterresourceoverride/admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/clusterresourceoverride/admission.go @@ -9,7 +9,7 @@ import ( "github.com/openshift/library-go/pkg/config/helpers" v1 "k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/apis/clusterresourceoverride/v1" - "k8s.io/klog" + "k8s.io/klog/v2" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/runonceduration/admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/runonceduration/admission.go index 948068638b72..9326205f9b33 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/runonceduration/admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/runonceduration/admission.go @@ -7,7 +7,7 @@ import ( "io" "strconv" - "k8s.io/klog" + "k8s.io/klog/v2" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/initializer" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/externalipranger/externalip_admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/externalipranger/externalip_admission.go index a307769a5504..79a1be9cee7e 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/externalipranger/externalip_admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/externalipranger/externalip_admission.go @@ -12,7 +12,7 @@ import ( "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/initializer" "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/klog" + "k8s.io/klog/v2" "k8s.io/kubernetes/openshift-kube-apiserver/admission/network/apis/externalipranger" v1 "k8s.io/kubernetes/openshift-kube-apiserver/admission/network/apis/externalipranger/v1" kapi "k8s.io/kubernetes/pkg/apis/core" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/restrictedendpoints/endpoint_admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/restrictedendpoints/endpoint_admission.go index 1a69c1c9869b..09566962e713 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/restrictedendpoints/endpoint_admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/network/restrictedendpoints/endpoint_admission.go @@ -10,7 +10,7 @@ import ( "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/initializer" "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/klog" + "k8s.io/klog/v2" kapi "k8s.io/kubernetes/pkg/apis/core" "github.com/openshift/library-go/pkg/config/helpers" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/scheduler/podnodeconstraints/admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/scheduler/podnodeconstraints/admission.go index ad38cc27895a..05ef26277fca 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/scheduler/podnodeconstraints/admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/scheduler/podnodeconstraints/admission.go @@ -10,7 +10,7 @@ import ( "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission/initializer" "k8s.io/apiserver/pkg/authorization/authorizer" - "k8s.io/klog" + "k8s.io/klog/v2" coreapi "k8s.io/kubernetes/pkg/apis/core" "k8s.io/kubernetes/pkg/auth/nodeidentifier" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/bootstrapauthenticator.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/bootstrapauthenticator.go index 3d4fa46511f3..fc594f218f83 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/bootstrapauthenticator.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/bootstrapauthenticator.go @@ -2,7 +2,10 @@ package oauth import ( "context" + "crypto/sha256" + "encoding/base64" "fmt" + "strings" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -34,6 +37,14 @@ func NewBootstrapAuthenticator(tokens oauthclient.OAuthAccessTokenInterface, get } func (a *bootstrapAuthenticator) AuthenticateToken(ctx context.Context, name string) (*kauthenticator.Response, bool, error) { + // hash token for new-style sha256~ prefixed token + // TODO: reject non-sha256 prefix tokens in 4.7+ + if strings.HasPrefix(name, sha256Prefix) { + withoutPrefix := strings.TrimPrefix(name, sha256Prefix) + h := sha256.Sum256([]byte(withoutPrefix)) + name = sha256Prefix + base64.RawURLEncoding.EncodeToString(h[0:]) + } + token, err := a.tokens.Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { return nil, false, errLookup // mask the error so we do not leak token data in logs diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/timeoutvalidator.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/timeoutvalidator.go index cc750cc0848c..4d51502fd456 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/timeoutvalidator.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/timeoutvalidator.go @@ -6,7 +6,7 @@ import ( "time" "k8s.io/apimachinery/pkg/util/clock" - "k8s.io/klog" + "k8s.io/klog/v2" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/tokenauthenticator.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/tokenauthenticator.go index 5752ca29e93f..3ce6e0e7a9c0 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/tokenauthenticator.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/authentication/oauth/tokenauthenticator.go @@ -37,10 +37,10 @@ func NewTokenAuthenticator(tokens oauthclient.OAuthAccessTokenInterface, users u } } -const sha256Prefix = "sha256:" +const sha256Prefix = "sha256~" func (a *tokenAuthenticator) AuthenticateToken(ctx context.Context, name string) (*kauthenticator.Response, bool, error) { - // hash token for new-style sha256: prefixed token + // hash token for new-style sha256~ prefixed token // TODO: reject non-sha256 prefix tokens in 4.7+ if strings.HasPrefix(name, sha256Prefix) { withoutPrefix := strings.TrimPrefix(name, sha256Prefix) diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/configdefault/kubecontrolplane_default.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/configdefault/kubecontrolplane_default.go index 0dcd5fe71cda..7e48ecea2ec9 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/configdefault/kubecontrolplane_default.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/configdefault/kubecontrolplane_default.go @@ -7,7 +7,7 @@ import ( kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1" "github.com/openshift/library-go/pkg/config/configdefaults" - "k8s.io/klog" + "k8s.io/klog/v2" ) // ResolveDirectoriesForSATokenVerification takes our config (which allows directories) and navigates one level of diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go index 4d8537ecc5ca..bd5d050fdd8d 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go @@ -79,10 +79,17 @@ func OpenShiftKubeAPIServerConfigPatch(genericConfig *genericapiserver.Config, k } // END HANDLER CHAIN + openshiftAPIServiceReachabilityCheck := newOpenshiftAPIServiceReachabilityCheck() + genericConfig.ReadyzChecks = append(genericConfig.ReadyzChecks, openshiftAPIServiceReachabilityCheck) + genericConfig.AddPostStartHookOrDie("openshift.io-startkubeinformers", func(context genericapiserver.PostStartHookContext) error { go openshiftInformers.Start(context.StopCh) return nil }) + genericConfig.AddPostStartHookOrDie("openshift.io-openshift-apiserver-reachable", func(context genericapiserver.PostStartHookContext) error { + go openshiftAPIServiceReachabilityCheck.checkForConnection(context) + return nil + }) enablement.AppendPostStartHooksOrDie(genericConfig) return nil diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/sdn_readyz_wait.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/sdn_readyz_wait.go new file mode 100644 index 000000000000..3d8a86cf714c --- /dev/null +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/sdn_readyz_wait.go @@ -0,0 +1,126 @@ +package openshiftkubeapiserver + +import ( + gocontext "context" + "crypto/tls" + "fmt" + "net" + "net/http" + "net/http/httputil" + "time" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apimachinery/pkg/util/wait" + genericapiserver "k8s.io/apiserver/pkg/server" + "k8s.io/client-go/kubernetes" + "k8s.io/klog/v2" +) + +func newOpenshiftAPIServiceReachabilityCheck() *openshiftAPIServiceAvailabilityCheck { + return &openshiftAPIServiceAvailabilityCheck{done: make(chan struct{})} +} + +type openshiftAPIServiceAvailabilityCheck struct { + // done indicates that this check is complete (success or failure) and the check should return true + done chan struct{} +} + +func (c *openshiftAPIServiceAvailabilityCheck) Name() string { + return "openshift-apiservices-available" +} + +func (c *openshiftAPIServiceAvailabilityCheck) Check(req *http.Request) error { + select { + case <-c.done: + return nil + default: + return fmt.Errorf("check is not yet complete") + } +} + +func (c *openshiftAPIServiceAvailabilityCheck) checkForConnection(context genericapiserver.PostStartHookContext) { + defer utilruntime.HandleCrash() + + reachedOpenshiftAPIServer := make(chan struct{}) + noOpenshiftAPIServer := make(chan struct{}) + waitUntilCh := make(chan struct{}) + defer func() { + close(waitUntilCh) // this stops the endpoint check + close(c.done) // once this method is done, the ready check should return true + }() + start := time.Now() + + kubeClient, err := kubernetes.NewForConfig(context.LoopbackClientConfig) + if err != nil { + // shouldn't happen. this means the loopback config didn't work. + panic(err) + } + + // Start a thread which repeatedly tries to connect to any openshift-apiserver endpoint. + // 1. if the openshift-apiserver endpoint doesn't exist, logs a warning and reports ready + // 2. if a connection cannot be made, after 60 seconds logs an error and reports ready -- this avoids a rebootstrapping cycle + // 3. as soon as a connection can be made, logs a time to be ready and reports ready. + go func() { + defer utilruntime.HandleCrash() + + client := http.Client{ + Transport: &http.Transport{ + // since any http return code satisfies us, we don't bother to send credentials. + // we don't care about someone faking a response and we aren't sending credentials, so we don't check the server CA + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + }, + Timeout: 1 * time.Second, // these should all be very fast. if none work, we continue anyway. + } + + wait.PollImmediateUntil(1*time.Second, func() (bool, error) { + ctx := gocontext.TODO() + openshiftEndpoints, err := kubeClient.CoreV1().Endpoints("openshift-apiserver").Get(ctx, "api", metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + // if we have no openshift apiserver endpoint, we have no reason to wait + klog.Warning("api.openshift-apiserver.svc endpoints were not found") + close(noOpenshiftAPIServer) + return true, nil + } + if err != nil { + utilruntime.HandleError(err) + return false, nil + } + for _, subset := range openshiftEndpoints.Subsets { + for _, address := range subset.Addresses { + url := fmt.Sprintf("https://%v", net.JoinHostPort(address.IP, "8443")) + resp, err := client.Get(url) + if err == nil { // any http response is fine. it means that we made contact + response, dumpErr := httputil.DumpResponse(resp, true) + klog.V(4).Infof("reached to connect to %q: %v\n%v", url, dumpErr, string(response)) + close(reachedOpenshiftAPIServer) + resp.Body.Close() + return true, nil + } + klog.V(2).Infof("failed to connect to %q: %v", url, err) + } + } + + return false, nil + }, waitUntilCh) + }() + + select { + case <-time.After(60 * time.Second): + // if we timeout, always return ok so that we can start from a case where all kube-apiservers are down and the SDN isn't coming up + utilruntime.HandleError(fmt.Errorf("openshift.io-openshift-apiserver-reachable never reached openshift apiservice")) + return + case <-context.StopCh: + utilruntime.HandleError(fmt.Errorf("openshift.io-openshift-apiserver-reachable interrupted")) + return + case <-noOpenshiftAPIServer: + utilruntime.HandleError(fmt.Errorf("openshift.io-openshift-apiserver-reachable did not find an openshift-apiserver endpoint")) + return + + case <-reachedOpenshiftAPIServer: + end := time.Now() + klog.Infof("reached openshift apiserver via SDN after %v milliseconds", end.Sub(start).Milliseconds()) + return + } +} diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/convert.go b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/convert.go index 35feaaa8f313..6b80477ce481 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/convert.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/kuberuntime/convert.go @@ -17,6 +17,8 @@ limitations under the License. package kuberuntime import ( + "sort" + runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" ) @@ -26,11 +28,16 @@ import ( func toKubeContainerImageSpec(image *runtimeapi.Image) kubecontainer.ImageSpec { var annotations []kubecontainer.Annotation - if image.Spec != nil && image.Spec.Annotations != nil { - for k, v := range image.Spec.Annotations { + if image.Spec != nil && len(image.Spec.Annotations) > 0 { + annotationKeys := make([]string, 0, len(image.Spec.Annotations)) + for k := range image.Spec.Annotations { + annotationKeys = append(annotationKeys, k) + } + sort.Strings(annotationKeys) + for _, k := range annotationKeys { annotations = append(annotations, kubecontainer.Annotation{ Name: k, - Value: v, + Value: image.Spec.Annotations[k], }) } } diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/pleg/generic.go b/vendor/k8s.io/kubernetes/pkg/kubelet/pleg/generic.go index 9be35dcaa1aa..bad984fb0945 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/pleg/generic.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/pleg/generic.go @@ -423,8 +423,7 @@ func getContainerState(pod *kubecontainer.Pod, cid *kubecontainer.ContainerID) p } func updateRunningPodAndContainerMetrics(pods []*kubecontainer.Pod) { - // Set the number of running pods in the parameter - metrics.RunningPodCount.Set(float64(len(pods))) + runningSandboxNum := 0 // intermediate map to store the count of each "container_state" containerStateCount := make(map[string]int) @@ -434,10 +433,23 @@ func updateRunningPodAndContainerMetrics(pods []*kubecontainer.Pod) { // update the corresponding "container_state" in map to set value for the gaugeVec metrics containerStateCount[string(container.State)]++ } + + sandboxes := pod.Sandboxes + + for _, sandbox := range sandboxes { + if sandbox.State == kubecontainer.ContainerStateRunning { + runningSandboxNum++ + // every pod should only have one running sandbox + break + } + } } for key, value := range containerStateCount { metrics.RunningContainerCount.WithLabelValues(key).Set(float64(value)) } + + // Set the number of running pods in the parameter + metrics.RunningPodCount.Set(float64(runningSandboxNum)) } func (pr podRecords) getOld(id types.UID) *kubecontainer.Pod { diff --git a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go index b99cbc25d71d..fc35c33acfa3 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go @@ -19,10 +19,6 @@ package certificates import ( "context" "fmt" - "os" - "time" - - "k8s.io/kubernetes/pkg/apis/core" certificatesv1beta1 "k8s.io/api/certificates/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -85,23 +81,6 @@ func (csrStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { // Be explicit that users cannot create pre-approved certificate requests. csr.Status = certificates.CertificateSigningRequestStatus{} csr.Status.Conditions = []certificates.CertificateSigningRequestCondition{} - - // REBASE HACK: auto-approve during bootstrapping - // TODO: remove when https://github.com/openshift/installer/pull/3943 or equivalent merges - for _, a := range os.Args { - if a == "--log-file=/var/log/bootstrap-control-plane/kube-apiserver.log" { - csr.Status.Conditions = []certificates.CertificateSigningRequestCondition{ - { - Type: certificates.CertificateApproved, - Status: core.ConditionTrue, - Reason: "AutoApproveDuringBootstrapping", - Message: "CSR was auto-approved during bootstrapping through the API server", - LastUpdateTime: metav1.Time{Time: time.Now()}, - LastTransitionTime: metav1.Time{Time: time.Now()}, - }, - } - } - } } // PrepareForUpdate clears fields that are not allowed to be set by end users diff --git a/vendor/k8s.io/kubernetes/test/e2e/storage/csi_mock_volume.go b/vendor/k8s.io/kubernetes/test/e2e/storage/csi_mock_volume.go index e8643e192ea5..74fad8c24e01 100644 --- a/vendor/k8s.io/kubernetes/test/e2e/storage/csi_mock_volume.go +++ b/vendor/k8s.io/kubernetes/test/e2e/storage/csi_mock_volume.go @@ -892,7 +892,11 @@ var _ = utils.SIGDescribe("CSI mock volume", func() { loop: for { select { - case event := <-pvcWatch.ResultChan(): + case event, ok := <-pvcWatch.ResultChan(): + if !ok { + framework.Failf("PVC watch ended prematurely") + } + framework.Logf("PVC event %s: %#v", event.Type, event.Object) switch event.Type { case watch.Modified: diff --git a/vendor/k8s.io/kubernetes/test/e2e/viperconfig.go b/vendor/k8s.io/kubernetes/test/e2e/viperconfig.go index bb41c2aa026b..8dc12999fb1f 100644 --- a/vendor/k8s.io/kubernetes/test/e2e/viperconfig.go +++ b/vendor/k8s.io/kubernetes/test/e2e/viperconfig.go @@ -26,6 +26,11 @@ import ( "github.com/spf13/viper" ) +// ViperizeFlags is exported for use by the k8s-e2e.test binary used for testing openshift. +func ViperizeFlagsForKubeE2E(requiredConfig, optionalConfig string, flags *flag.FlagSet) error { + return viperizeFlags(requiredConfig, optionalConfig, flags) +} + // viperizeFlags checks whether a configuration file was specified, // reads it, and updates the configuration variables in the specified // flag set accordingly. Must be called after framework.HandleFlags() diff --git a/vendor/modules.txt b/vendor/modules.txt index bfc789fd551b..50cb80d780af 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -533,7 +533,7 @@ github.com/mrunalp/fileutils github.com/munnerz/goautoneg # github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f => github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f github.com/mxk/go-flowrate/flowrate -# github.com/onsi/ginkgo v1.11.0 => github.com/openshift/onsi-ginkgo v4.5.0-origin.1+incompatible +# github.com/onsi/ginkgo v4.5.0-origin.1+incompatible => github.com/openshift/onsi-ginkgo v4.5.0-origin.1+incompatible github.com/onsi/ginkgo github.com/onsi/ginkgo/config github.com/onsi/ginkgo/extensions/table @@ -654,7 +654,7 @@ github.com/openshift/api/template/v1 github.com/openshift/api/unidling/v1alpha1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/apiserver-library-go v0.0.0-20200722231130-01c5eee5e10b +# github.com/openshift/apiserver-library-go v0.0.0-20200723181026-dd21ec96ba0a github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/apis/imagepolicy/v1 github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/apis/imagepolicy/validation @@ -1422,7 +1422,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200803060402-d32435439579 +# k8s.io/apiserver v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20200826132615-f71a7ab366cf k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration k8s.io/apiserver/pkg/admission/initializer @@ -1564,7 +1564,7 @@ k8s.io/cli-runtime/pkg/kustomize/k8sdeps/transformer/patch k8s.io/cli-runtime/pkg/kustomize/k8sdeps/validator k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200803060402-d32435439579 +# k8s.io/client-go v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20200826132615-f71a7ab366cf k8s.io/client-go/discovery k8s.io/client-go/discovery/cached k8s.io/client-go/discovery/cached/disk @@ -1809,7 +1809,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200803060402-d32435439579 +# k8s.io/cloud-provider v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20200826132615-f71a7ab366cf k8s.io/cloud-provider k8s.io/cloud-provider/api k8s.io/cloud-provider/node/helpers @@ -1852,7 +1852,7 @@ k8s.io/csi-translation-lib/plugins k8s.io/klog # k8s.io/klog/v2 v2.2.0 k8s.io/klog/v2 -# k8s.io/kube-aggregator v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200803060402-d32435439579 +# k8s.io/kube-aggregator v0.19.0-rc.2 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20200826132615-f71a7ab366cf k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 @@ -1921,12 +1921,14 @@ k8s.io/kubectl/pkg/validation k8s.io/kubelet/config/v1beta1 k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1 k8s.io/kubelet/pkg/apis/pluginregistration/v1 -# k8s.io/kubernetes v1.19.0-rc.2 => github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200803060402-d32435439579 +# k8s.io/kubernetes v1.19.0-rc.2 => github.com/openshift/kubernetes v1.20.0-alpha.0.0.20200826132615-f71a7ab366cf k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options k8s.io/kubernetes/cmd/kube-proxy/app k8s.io/kubernetes/cmd/kubelet/app k8s.io/kubernetes/cmd/kubelet/app/options +k8s.io/kubernetes/openshift-hack/e2e +k8s.io/kubernetes/openshift-hack/e2e/annotate k8s.io/kubernetes/openshift-kube-apiserver/admission/admissionenablement k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/usercache From ea67fb4ff26cc60439ff9c4fb2f5305cd380830e Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Wed, 5 Aug 2020 22:19:11 -0700 Subject: [PATCH 4/5] make update --- .../util/annotate/generated/zz_generated.annotations.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/extended/util/annotate/generated/zz_generated.annotations.go b/test/extended/util/annotate/generated/zz_generated.annotations.go index 185b065cdf42..cf7a36ed05b6 100644 --- a/test/extended/util/annotate/generated/zz_generated.annotations.go +++ b/test/extended/util/annotate/generated/zz_generated.annotations.go @@ -221,7 +221,7 @@ var annotations = map[string]string{ "[Top Level] [k8s.io] [Feature:Example] [k8s.io] Liveness liveness pods should be automatically restarted": "liveness pods should be automatically restarted [sig-node] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [k8s.io] [Feature:Example] [k8s.io] Secret should create a pod that reads a secret": "should create a pod that reads a secret [sig-node] [Suite:openshift/conformance/parallel] [Suite:k8s]", + "[Top Level] [k8s.io] [Feature:Example] [k8s.io] Secret should create a pod that reads a secret": "should create a pod that reads a secret [Disabled:Broken] [sig-node] [Suite:k8s]", "[Top Level] [k8s.io] [Feature:TTLAfterFinished][NodeAlphaFeature:TTLAfterFinished] job should be deleted once it finishes after TTL seconds": "job should be deleted once it finishes after TTL seconds [Disabled:Alpha] [sig-node] [Suite:k8s]", @@ -815,7 +815,7 @@ var annotations = map[string]string{ "[Top Level] [sig-auth] ServiceAccounts should run through the lifecycle of a ServiceAccount [Conformance]": "should run through the lifecycle of a ServiceAccount [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", - "[Top Level] [sig-auth] ServiceAccounts should set ownership and permission when RunAsUser or FsGroup is present [LinuxOnly] [NodeFeature:FSGroup] [Feature:TokenRequestProjection]": "should set ownership and permission when RunAsUser or FsGroup is present [LinuxOnly] [NodeFeature:FSGroup] [Feature:TokenRequestProjection] [Suite:openshift/conformance/parallel] [Suite:k8s]", + "[Top Level] [sig-auth] ServiceAccounts should set ownership and permission when RunAsUser or FsGroup is present [LinuxOnly] [NodeFeature:FSGroup] [Feature:TokenRequestProjection]": "should set ownership and permission when RunAsUser or FsGroup is present [LinuxOnly] [NodeFeature:FSGroup] [Feature:TokenRequestProjection] [Disabled:Broken] [Suite:k8s]", "[Top Level] [sig-auth] ServiceAccounts should support InClusterConfig with token rotation [Slow] [Feature:TokenRequestProjection]": "should support InClusterConfig with token rotation [Slow] [Feature:TokenRequestProjection] [Suite:k8s]", @@ -1383,7 +1383,7 @@ var annotations = map[string]string{ "[Top Level] [sig-cli] Kubectl client Simple pod should handle in-cluster config": "should handle in-cluster config [Disabled:Broken] [Suite:k8s]", - "[Top Level] [sig-cli] Kubectl client Simple pod should return command exit codes": "should return command exit codes [Suite:openshift/conformance/parallel] [Suite:k8s]", + "[Top Level] [sig-cli] Kubectl client Simple pod should return command exit codes": "should return command exit codes [Disabled:Broken] [Suite:k8s]", "[Top Level] [sig-cli] Kubectl client Simple pod should support exec through an HTTP proxy": "should support exec through an HTTP proxy [Suite:openshift/conformance/parallel] [Suite:k8s]", @@ -1961,7 +1961,7 @@ var annotations = map[string]string{ "[Top Level] [sig-network] Network should set TCP CLOSE_WAIT timeout [Privileged]": "should set TCP CLOSE_WAIT timeout [Privileged] [Disabled:Broken] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Disabled:Unimplemented] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Disabled:Unimplemented] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy]": "should allow egress access to server in CIDR block [Feature:NetworkPolicy] [Disabled:Unimplemented] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", From f20fb3a541f36af1973af051b6d8065b23711dad Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Wed, 2 Sep 2020 11:18:48 -0700 Subject: [PATCH 5/5] Update README to document test annotation maintenance --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.md b/README.md index 27c3833a0468..83b3748bee0b 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,35 @@ will switch to vendoring origin-specific branches (e.g carries that need to be considered in the context of `openshift/kubernetes` rebases. +### Test annotation rules + +Test annotation rules are used to label e2e tests so that they can be +filtered or skipped. For example, rules can be defined that match kube +e2e tests that are known to be incompatible with openshift and label +those tests to be skipped. + +Maintenance of test annotation rules is split between the +`openshift/kubernetes` and `origin` repos to ensure that PRs proposed +to `openshift/kubernetes` can be validated against the set of kube e2e +tests known to be compatible with openshift. + +Test annotation rules for kubernetes e2e tests are maintained in: + +https://github.com/openshift/kubernetes/blob/master/openshift-hack/e2e/annotate/rules.go + +Test annotation rules for openshift e2e tests are maintained in: + +https://github.com/openshift/origin/blob/master/test/extended/util/annotate/rules.go + +Origin vendors the kube rules and applies both the kube and openshift +rules to the set of tests included in the `openshift-tests` binary. + +In order to update test annotation rules for kube e2e tests, it will +be necessary to: + + - Update `rules.go` in `openshift/kubernetes` + - Bump the version of `openshift/kubernetes` vendored in origin + ### Vendoring from `openshift/kubernetes` These origin branches vendor `k8s.io/kubernetes` and some of its