Commit graph

3412 commits

Author SHA1 Message Date
Kubernetes Prow Robot
5b63a8c68e
Merge pull request #136921 from dims/dump-from-utils
Move dump package from apimachinery to k8s.io/utils
2026-02-12 22:28:10 +05:30
Davanum Srinivas
550cc8645b
Move dump package from apimachinery to k8s.io/utils
Replace all imports of k8s.io/apimachinery/pkg/util/dump with
k8s.io/utils/dump across the repo. The apimachinery dump package
now contains deprecated wrapper functions that delegate to
k8s.io/utils/dump for backwards compatibility.

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2026-02-12 07:34:19 -05:00
Kubernetes Prow Robot
7b21ce7c9a
Merge pull request #136905 from bart0sh/PR222-e2e-fix-extended-resource-flake
Fix extended resource flake
2026-02-11 21:56:02 +05:30
Ed Bartosh
02485d02ea DRA: e2e: move util_sampledevice.go to e2e/node/framework
- Moved sample device plugin constants and helper code to the
test/e2e/node/framework, so that both deviceplugin and DRA tests can
use it without creating e2e -> e2e_node dependency.

- Moved SampleDevsAmount constant from the
test/e2e_node/device_plugin_test.go
2026-02-11 16:07:17 +02:00
Kubernetes Prow Robot
90a76aaa9a
Merge pull request #136846 from carlory/update-cri-losing-support
kubelet: defer the configurations flags (and the related fallback behavior) deprecation removal timeline from 1.36 to 1.37 to align with containerd v1.7 support
2026-02-11 09:26:15 +05:30
Kubernetes Prow Robot
c9534cbb2e
Merge pull request #134981 from haircommander/drop-cpu-load
kubelet: drop cpu load metrics from container metrics test
2026-02-11 03:00:01 +05:30
Francesco Romani
9bc91a75d3 e2e: cpumanager: test for custom cpu cfs quota period
Add basic e2e test coverage for the CFSCPUPeriod toggle

Signed-off-by: Francesco Romani <fromani@redhat.com>
2026-02-09 08:27:51 +01:00
carlory
bd31a168fd kubelet: defer the configurations flags (and the related fallback behavior) deprecation removal timeline from 1.36 to 1.37 to align with containerd v1.7 support
Signed-off-by: carlory <baofa.fan@daocloud.io>
2026-02-09 10:39:17 +08:00
Kubernetes Prow Robot
f7ca45a969
Merge pull request #136530 from saschagrunert/fix-image-volume-symlink-test
Fix image volume subPath test symlink issue
2026-02-03 02:18:34 +05:30
Sascha Grunert
59e3b9137e
Fix image volume subPath test and add feature tag
Change /etc/os-release to /etc/passwd in subPath test to avoid
symlink issues with Alpine 3.21 (kitten:1.8).

Add Feature:ImageVolume tag to properly categorize tests for CI.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2026-01-27 08:43:06 +01:00
Kubernetes Prow Robot
437184c055
Merge pull request #136292 from atombrella/feature/modernize_plusbuild
Remove obsolete `// +build` instruction.
2026-01-26 19:05:59 +05:30
Mads Jensen
757647786d Remove redundant re-assignments in for-loops in test/{e2e,integration,utils}
The modernize forvar rule was applied. There are more details in this blog
post: https://go.dev/blog/loopvar-preview
2026-01-25 22:58:27 +01:00
Davanum Srinivas
03e6622c92
Fix container_restart_test AfterEach failing when CRI Proxy is undefined
Two test contexts were failing because their AfterEach blocks run even
when BeforeEach skips the test (standard Ginkgo behavior). This caused
resetCRIProxyInjector to fail with "CRI Proxy is undefined".

Switched to using DeferCleanup inside BeforeEach instead, which only
runs if BeforeEach succeeds. This is the same pattern the other test
contexts in this file already use.

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2026-01-23 19:59:22 -05:00
Kubernetes Prow Robot
4c221cdc56
Merge pull request #133335 from bart0sh/PR190-pluginmanager-fix-handling-registration-failures
pluginmanager: fix handling registration failures
2026-01-23 23:35:29 +05:30
Davanum Srinivas
00e1a2e9a2
Switch node perf tests from TensorFlow to PyTorch Wide-Deep
Replace the TensorFlow-based wide-deep workload with the PyTorch
implementation. This change:

- Adds pytorchWideDeepWorkload using the new pytorch-wide-deep image (1.0.0)
- Removes tfWideDeepWorkload and tf-wide-deep image references
- Enables arm64 support (PyTorch image is multi-arch)
- Uses the same log parsing (time -p output format)

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2026-01-22 12:02:58 -05:00
Davanum Srinivas
0183b5547a
test: update code to use GlibcDnsTesting image
Updates the codebase to use the new glibc-dns-testing image which replaces
the deprecated jessie-dnsutils image.

This PR depends on the glibc-dns-testing image being available in the
registry (registry.k8s.io/e2e-test-images/glibc-dns-testing:2.0.0).

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2026-01-22 08:39:46 -05:00
Mads Jensen
64a7d4c741 Remove deprecated +build instruction. 2026-01-19 17:40:33 +01:00
Kubernetes Prow Robot
9bfe52e1fe
Merge pull request #136191 from saschagrunert/psi-memory-pressure-test
Skip memory pressure PSI test for CRI-O
2026-01-17 09:27:15 +05:30
Sascha Grunert
19e1f9cce2
Skip memory pressure PSI test for CRI-O
Skip the memory pressure PSI test when running with CRI-O until automatic
memory.high configuration is available in the runtime. The test fails on
Fedora CoreOS due to different page cache reclaim behavior, and CRI-O is
implementing a fix to automatically set memory.high to 95% of memory.max
for cgroup v2 containers.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2026-01-16 09:03:01 +01:00
Kubernetes Prow Robot
616fff8247
Merge pull request #131317 from bitoku/fix-static-init
Fix:Static pod status is always Init:0/1 if unable to get init container status
2026-01-15 00:27:38 +05:30
Sascha Grunert
1abe2c4860
Fix credential test by setting AlwaysVerify policy
The test expects unauthorized pods to be blocked from accessing cached
private images, but the default policy (NeverVerifyPreloadedImages)
allows access to any image previously pulled by the kubelet.

Configure the kubelet to use AlwaysVerify policy for this test, which
enforces credential checks for all images regardless of pull history.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2026-01-13 13:52:43 +01:00
Kubernetes Prow Robot
210881f0f0
Merge pull request #135485 from saschagrunert/fix-device-plugin-termination-grace-period
Fix device plugin admission failure after container restart
2026-01-12 22:24:22 +05:30
Kubernetes Prow Robot
af6c58193c
Merge pull request #135369 from saschagrunert/serial-tests
test: Fix image credential pulls test node scheduling
2026-01-12 22:24:13 +05:30
Sascha Grunert
172a65c71d
Fix device plugin admission failure after container restart
When a container restarts before kubelet restarts, containerMap has
multiple entries (old exited + new running). GetContainerID() may
return the exited container, causing the running check to fail. Fixed
by checking if ANY container for the pod/name is running.

Also filter terminal pods from podresources since they no longer
consume resources, and fix test error handling to avoid exiting
Eventually immediately on transient errors.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2026-01-12 11:55:25 +01:00
Kubernetes Prow Robot
5151096d1f
Merge pull request #136096 from pacoxu/patch-14
Update error message expectation in criproxy_test
2026-01-10 05:47:47 +05:30
Kubernetes Prow Robot
c71eec3c3f
Merge pull request #135687 from yashsingh74/cni-bump
Update CNI plugins to v1.9.0
2026-01-10 04:57:41 +05:30
Paco Xu
6cbfd72c15
Update error message expectation in criproxy_test 2026-01-08 15:56:14 +08:00
Kubernetes Prow Robot
8e4ba87939
Merge pull request #135689 from KasimVali2207/add-probe-stress-tests
Add stress tests for gRPC, HTTP, and TCP liveness probesAdd probe stress tests
2026-01-08 04:57:45 +05:30
Kubernetes Prow Robot
3619b0c8aa
Merge pull request #135189 from haircommander/proc-e2e-node
e2e_node: update proc mount test to correctly handle baseline PSA
2026-01-08 04:57:37 +05:30
Kubernetes Prow Robot
817f68f75f
Merge pull request #135377 from harche/dra_flake_test
Fix race condition in DRA health e2e test pod status update
2026-01-08 03:01:46 +05:30
Peter Hunt
da695e7b78 e2e_node: update proc mount test to correctly handle baseline PSA
Signed-off-by: Peter Hunt <pehunt@redhat.com>
2026-01-07 15:59:26 -05:00
Kubernetes Prow Robot
08ad958d0d
Merge pull request #135774 from pohly/e2e-framework-ginkgo-wrappers
E2E framework: make usage of Ginkgo wrappers optional
2026-01-07 19:01:38 +05:30
Patrick Ohly
47d02070ba E2E: remove unnecessary trailing spaces in test names
The spaces are unnecessary because Ginkgo adds spaces automatically.

This was detected before only for tests using the wrapper functions,
now it also gets detected for ginkgo methods.
2026-01-07 12:05:43 +01:00
Harshal Patil
1e71a25950 Fix race condition in DRA health e2e test pod status update
Signed-off-by: Harshal Patil <12152047+harche@users.noreply.github.com>
2026-01-05 14:13:40 -05:00
Ayato Tokubi
8ef450884a Add standalone tests for init container status fix. 2025-12-18 17:07:35 +00:00
V0dik
ce3f6b1d0e Fix:Static pod status is always Init:0/1 if unable to get init container status from container runtime.
Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-12-18 16:15:33 +00:00
Patrick Ohly
ad79e479c2 build: remove deprecated '// +build' tag
This has been replaced by `//build:...` for a long time now.

Removal of the old build tag was automated with:

    for i in $(git grep -l '^// +build' | grep -v -e '^vendor/'); do if ! grep -q '^// Code generated' "$i"; then sed -i -e '/^\/\/ +build/d' "$i"; fi; done
2025-12-18 12:16:21 +01:00
Kubernetes Prow Robot
246fa57363
Merge pull request #135604 from dims/better-support-for-cri-stats
kubelet: improve CRI stats for resource metrics and testing
2025-12-17 23:28:10 -08:00
Kubernetes Prow Robot
1078cf59b9
Merge pull request #133964 from K-Diger/fix/dra-plugin-unreachable-code
kubelet: refactor DRA plugin health client initialization
2025-12-17 16:26:03 -08:00
Kubernetes Prow Robot
97e95711c5
Merge pull request #133654 from kwohlfahrt/kubelet-cert
Fix kubelet certificate reload when connecting by IP address
2025-12-17 16:25:32 -08:00
Davanum Srinivas
914ddf4468
kubelet: improve CRI stats for resource metrics and testing
properly support the resource metrics endpoint when `PodAndContainerStatsFromCRI` is enabled and fix the related e2e tests.

Stats Provider:
- add container-level CPU and memory stats to `ListPodCPUAndMemoryStats` so the resource metrics endpoint has complete data
- add `aggregatePodSwapStats` to compute pod-level swap from container stats (CRI doesn't provide pod-level swap directly)
- add missing memory stats fields: `AvailableBytes`, `PageFaults`, and `MajorPageFaults`
- add platform-specific implementations for Linux and Windows

Tests:
- skip cAdvisor metrics test when `PodAndContainerStatsFromCRI` is enabled (cAdvisor metrics aren't available in that mode)
- fix expected metrics in `ResourceMetricsAPI` test
- `node_swap_usage_bytes` is only available with cAdvisor (need to verify!)
- Add `dumpResourceMetricsForPods` helper to log actual metric values when tests fail, making debugging easier

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2025-12-17 10:52:32 -05:00
KasimVali2207
d8fe13bac7 Address review feedback: use gomega.Consistently and refactor pod creation
- Replaced time.Sleep with gomega.Consistently to ensure reliable failure detection if a restart occurs during the wait
- Refactored createPodWith*Probes functions into a single helper to remove code duplication

Signed-off-by: KasimVali2207 <kasimvali2207@gmail.com>
2025-12-12 19:28:45 +05:30
KasimVali2207
53e5dcec97 Add stress tests for gRPC, HTTP, and TCP liveness probes
This commit adds e2e stress tests to verify that liveness probes do not cause
unexpected container restarts under load. The tests create many containers
(50 per test) with liveness probes configured to run every 1 second.

Three test cases are included:
- HTTP liveness probe stress test
- TCP liveness probe stress test
- gRPC liveness probe stress test

Each test waits for all containers to be running, observes probe behavior for
2 minutes, and validates that no containers have restarted unexpectedly.

These tests address the bug fix from issue kubernetes#89898 and serve as a
replacement for the skipped unit test from PR kubernetes#115329.
2025-12-12 19:28:44 +05:30
Sascha Grunert
cb011623c8
test: Fix image credential pulls test for CRI-O digest handling
This commit fixes the image credential pulls test by ensuring GetImageRef
and PullImage return the same digest reference format for credential validation.

The test was failing because:
1. PullImage returns a digest reference (e.g., localhost:5000/pause@sha256:abc...)
2. Pull records were stored under this digest
3. GetImageRef returned Image.Id (config hash) instead of a digest reference
4. Credential validation failed due to the lookup mismatch

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2025-12-11 16:10:06 +01:00
yashsingh74
1618bf1357
Update CNI plugins to v1.9.0
Signed-off-by: yashsingh74 <yashsingh1774@gmail.com>
2025-12-10 10:01:39 +05:30
k-diger
b255410b4f Remove duplicate connection management in DRA plugin Fixes 2025-12-05 01:34:44 +09:00
Kai Wohlfahrt
2ba1b66b57 Fix kubelet certificate reload when connecting by IP
Currently, we set TLSConfig.Config.GetCertificate, but then also pass
certificate and key paths to http.Server.ListenAndServeTLS.

ListenAndServeTLS uses these paths to populate the TLS config Certificate
property. Then, when accepting connections, a non-nil Certificate is preferred
over GetCertificate if the ServerName is not set in ClientHelloInfo. Finally,
the Go TLS client doesn't set ServerName when connecting by IP. As a result,
when connecting to the kubelet by IP (e.g. to fetch pod logs), stale
certificates are served.

This patch passes empty certFile and keyFile arguments, to force the TLS
server to use the GetCertificate function.

This is done by clearing key/cert file config when setting GetCertificate as
suggested in PR review. This way, all downstream users of kubeDeps.TLSConfig
will do the right thing automatically.
2025-11-25 20:44:19 +01:00
Itamar Holder
792f1643d4 Add e2e tests
Signed-off-by: Itamar Holder <iholder@redhat.com>
2025-11-18 14:14:42 +02:00
Sascha Grunert
a66c025dc9
test/e2e_node: Update procMount test to use Restricted PSA level
Update the procMount test expectations to match the intentional PSA
policy relaxation introduced in commit e8bd3f629d.

As of Kubernetes 1.35+, Pod Security Admission Baseline policy
allows UnmaskedProcMount for pods with user namespaces (hostUsers:
false). This was an intentional change to support nested container
use cases while maintaining security through user namespace isolation.

The test "will fail to unmask proc mounts if not privileged" was
written before this relaxation and expected Baseline level to reject
UnmaskedProcMount. Since Baseline now allows it (for user namespace
pods), the test needs to use Restricted level instead, which
unconditionally blocks UnmaskedProcMount regardless of user namespace
settings.

Changes:
- Change PSA level from Baseline to Restricted
- Update test name to clarify it's testing Restricted level behavior
- Update framework name from "proc-mount-baseline-test" to
  "proc-mount-restricted-test"

Fixes the ci-crio-userns-e2e-serial test failure that started occurring
when runtimes began reporting user namespace support.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2025-11-14 10:17:54 +01:00
Stanislav Láznička
805eb885e3
node e2e: add tests for Ensure Secret Image Pulls default policy
Signed-off-by: Stanislav Láznička <slznika@microsoft.com>

Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2025-11-11 11:15:53 -05:00