e2e Tests failing due to missing Service Accounts

[Neumann-Nils]

Description

When running the e2e tests for karydia, occasionally, some tests fail due to a missing service account (often the default service account). These problem have been introduced into the project in the last couple of weeks (maybe because of updates in Kubernetes and its environment?).

Steps to reproduce

1. Install karydia (using probably any current version)
2. Run the e2e tests and check results

Expected behavior

The e2e should never (or rarely) fail due to some missing resource. We should implement some precaution mechanism that checks if the requested resources exist and otherwise has a fall-back mechanism (e.g. wait and re-try at first).

Logs / console output / screenshots / affected lines of code

go test -v ./tests/e2e/... --server "" --kubeconfig "/Users/d064871/.kube/config"
=== RUN   TestAutomountServiceAccountToken
=== RUN   TestAutomountServiceAccountToken/defaultServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN   TestAutomountServiceAccountToken/defaultServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN   TestAutomountServiceAccountToken/defaultServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN   TestAutomountServiceAccountToken/dedicatedServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN   TestAutomountServiceAccountToken/dedicatedServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN   TestAutomountServiceAccountToken/dedicatedServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
--- PASS: TestAutomountServiceAccountToken (37.57s)
    --- PASS: TestAutomountServiceAccountToken/defaultServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (3.61s)
    --- PASS: TestAutomountServiceAccountToken/defaultServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (6.41s)
    --- PASS: TestAutomountServiceAccountToken/defaultServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (12.49s)
    --- PASS: TestAutomountServiceAccountToken/dedicatedServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (4.36s)
    --- PASS: TestAutomountServiceAccountToken/dedicatedServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (7.39s)
    --- PASS: TestAutomountServiceAccountToken/dedicatedServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (3.31s)
=== RUN   TestAutomountServiceAccountTokenInDefaultNamespace
--- PASS: TestAutomountServiceAccountTokenInDefaultNamespace (6.14s)
    admission_automount_token_test.go:185: expected is mounted to be false but is true
=== RUN   TestAutomountServiceAccountTokenEditServiceAccount
--- FAIL: TestAutomountServiceAccountTokenEditServiceAccount (0.35s)
    admission_automount_token_test.go:218: failed to update service account: Operation cannot be fulfilled on serviceaccounts "dedicated": the object has been modified; please apply your changes to the latest version and try again
=== RUN   TestAutomountServiceAccountTokenDefaultServiceAccountFromConfig
--- PASS: TestAutomountServiceAccountTokenDefaultServiceAccountFromConfig (7.20s)
=== RUN   TestAutomountServiceAccountTokenDedicatedServiceAccountFromConfig
--- PASS: TestAutomountServiceAccountTokenDedicatedServiceAccountFromConfig (6.31s)
=== RUN   TestSeccompWithNamespaceAnnotationUndefinedProfile
--- PASS: TestSeccompWithNamespaceAnnotationUndefinedProfile (3.40s)
=== RUN   TestSeccompWithNamespaceAnnotationDefinedProfile
--- PASS: TestSeccompWithNamespaceAnnotationDefinedProfile (6.26s)
=== RUN   TestSeccompWithoutNamespaceAnnotationUndefinedProfileFromConfig
--- PASS: TestSeccompWithoutNamespaceAnnotationUndefinedProfileFromConfig (6.36s)
=== RUN   TestSeccompWithNamespaceAnnotationUndefinedProfileFromConfig
--- FAIL: TestSeccompWithNamespaceAnnotationUndefinedProfileFromConfig (1.37s)
    admission_seccomp_test.go:184: failed to create pod: pods "karydia-e2e-test-pod" is forbidden: error looking up service account karydia-e2e-test-kqptg/default: serviceaccount "default" not found
=== RUN   TestSeccompWithoutNamespaceAnnotationDefinedProfile
--- FAIL: TestSeccompWithoutNamespaceAnnotationDefinedProfile (2.04s)
    admission_seccomp_test.go:228: failed to create pod: pods "karydia-e2e-test-pod" is forbidden: error looking up service account karydia-e2e-test-wb8lj/default: serviceaccount "default" not found
=== RUN   TestSecurityContextWithNamespaceAnnotationUndefinedContext
--- FAIL: TestSecurityContextWithNamespaceAnnotationUndefinedContext (1.21s)
    admission_security_context_test.go:55: failed to create pod: pods "karydia-e2e-test-pod" is forbidden: error looking up service account karydia-e2e-test-gj59c/default: serviceaccount "default" not found
=== RUN   TestSecurityContextWithNamespaceAnnotationDefinedContext
--- PASS: TestSecurityContextWithNamespaceAnnotationDefinedContext (8.68s)
=== RUN   TestSecurityContextWithoutNamespaceAnnotationUndefinedContextFromConfig
--- PASS: TestSecurityContextWithoutNamespaceAnnotationUndefinedContextFromConfig (3.53s)
=== RUN   TestNetworkPolicyLevel1
--- PASS: TestNetworkPolicyLevel1 (43.74s)
=== RUN   TestCreateKarydiaNetworkPolicyForNewNamespace
--- PASS: TestCreateKarydiaNetworkPolicyForNewNamespace (3.69s)
=== RUN   TestCreateKarydiaNetworkPolicyForAnnotatedNamespace
--- PASS: TestCreateKarydiaNetworkPolicyForAnnotatedNamespace (0.64s)
=== RUN   TestCreateNamespaceAndUpdateWithAnnotation
--- PASS: TestCreateNamespaceAndUpdateWithAnnotation (0.85s)
=== RUN   TestGetKarydiaNetworkPolicyForExcludedNamespace
--- PASS: TestGetKarydiaNetworkPolicyForExcludedNamespace (0.02s)
FAIL
FAIL    github.com/karydia/karydia/tests/e2e    142.026s
?       github.com/karydia/karydia/tests/e2e/framework  [no test files]
make: *** [e2e-test] Error 1