From 0068e4149ca4b385b399a565eebaff39d4745715 Mon Sep 17 00:00:00 2001 From: William Yao Date: Fri, 10 Apr 2026 11:54:07 -0700 Subject: [PATCH] Fix flaky hostPID security context test by retrying nginx PID file read Signed-off-by: William Yao --- test/e2e_node/security_context_test.go | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/test/e2e_node/security_context_test.go b/test/e2e_node/security_context_test.go index 95bd0f02ac7..6fb087aa807 100644 --- a/test/e2e_node/security_context_test.go +++ b/test/e2e_node/security_context_test.go @@ -18,10 +18,12 @@ package e2enode import ( "context" + "errors" "fmt" "net" "os/exec" "strings" + "time" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,6 +36,7 @@ import ( admissionapi "k8s.io/pod-security-admission/api" "github.com/onsi/ginkgo/v2" + "github.com/onsi/gomega" ) var _ = SIGDescribe("Security Context", func() { @@ -143,9 +146,22 @@ var _ = SIGDescribe("Security Context", func() { true, )) - output := e2epod.ExecShellInContainer(f, nginxPodName, nginxPodName, - "cat /var/run/nginx.pid") - nginxPid = strings.TrimSpace(output) + // Retry reading the nginx PID file since nginx may not have + // finished starting by the time the pod is marked Ready. + gomega.Eventually(ctx, func() error { + output, _, err := e2epod.ExecCommandInContainerWithFullOutput( + f, nginxPodName, nginxPodName, + "/bin/cat", "/var/run/nginx.pid") + if err != nil { + return fmt.Errorf("failed to read nginx pid: %w", err) + } + pid := strings.TrimSpace(output) + if pid == "" { + return errors.New("nginx pid file is empty") + } + nginxPid = pid + return nil + }, 30*time.Second, 1*time.Second).Should(gomega.Succeed()) }) f.It("should show its pid in the host PID namespace", feature.HostAccess, func(ctx context.Context) {