Improve k8s integration tests in CI #5817
Labels
priority/backlog
Issue is approved and in the backlog
Comments
amartinezfayo
added
priority/backlog
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently we try to figure out the latest kind release and then the tags from the first 5 pages of kindes/node image releases and try to run the k8s integration test using all of the found tags with the latest kind version.
This has some issues with the potential to break CI or even compromise it (if kind is compromises, since we automatically pick up latest releases from there). Each kind release advertises a list of compatible images. It's likely to work with other images, but there's no guarantee given.
We need to see what's the easiest way to maintain this in a way that isn't likely to break and that is secure.
kindmaintainers suggest that we pin the version of kind we use and the sha256 of the images that are compatible with that release. Addingkindas a tool dependency (once we upgrade to go 1.24) might make it a bit easier to manage. Dependabot would at least notify us of new release so we'd know when update the image list.The text was updated successfully, but these errors were encountered: