When running the e2e tests for karydia, occasionally, some tests fail due to a missing service account (often the default service account). These problem have been introduced into the project in the last couple of weeks (maybe because of updates in Kubernetes and its environment?).
Steps to reproduce
Install karydia (using probably any current version)
Run the e2e tests and check results
Expected behavior
The e2e should never (or rarely) fail due to some missing resource. We should implement some precaution mechanism that checks if the requested resources exist and otherwise has a fall-back mechanism (e.g. wait and re-try at first).
go test -v ./tests/e2e/... --server "" --kubeconfig "/Users/d064871/.kube/config"
=== RUN TestAutomountServiceAccountToken
=== RUN TestAutomountServiceAccountToken/defaultServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN TestAutomountServiceAccountToken/defaultServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN TestAutomountServiceAccountToken/defaultServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN TestAutomountServiceAccountToken/dedicatedServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN TestAutomountServiceAccountToken/dedicatedServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
=== RUN TestAutomountServiceAccountToken/dedicatedServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount
--- PASS: TestAutomountServiceAccountToken (37.57s)
--- PASS: TestAutomountServiceAccountToken/defaultServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (3.61s)
--- PASS: TestAutomountServiceAccountToken/defaultServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (6.41s)
--- PASS: TestAutomountServiceAccountToken/defaultServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (12.49s)
--- PASS: TestAutomountServiceAccountToken/dedicatedServiceAccountUndefinedAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (4.36s)
--- PASS: TestAutomountServiceAccountToken/dedicatedServiceAccountchange-defaultAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (7.39s)
--- PASS: TestAutomountServiceAccountToken/dedicatedServiceAccountchange-allAnnotationUndefinedServiceAccountAutomountUndefinedPodAutomount (3.31s)
=== RUN TestAutomountServiceAccountTokenInDefaultNamespace
--- PASS: TestAutomountServiceAccountTokenInDefaultNamespace (6.14s)
admission_automount_token_test.go:185: expected is mounted to be false but is true
=== RUN TestAutomountServiceAccountTokenEditServiceAccount
--- FAIL: TestAutomountServiceAccountTokenEditServiceAccount (0.35s)
admission_automount_token_test.go:218: failed to update service account: Operation cannot be fulfilled on serviceaccounts "dedicated": the object has been modified; please apply your changes to the latest version and try again
=== RUN TestAutomountServiceAccountTokenDefaultServiceAccountFromConfig
--- PASS: TestAutomountServiceAccountTokenDefaultServiceAccountFromConfig (7.20s)
=== RUN TestAutomountServiceAccountTokenDedicatedServiceAccountFromConfig
--- PASS: TestAutomountServiceAccountTokenDedicatedServiceAccountFromConfig (6.31s)
=== RUN TestSeccompWithNamespaceAnnotationUndefinedProfile
--- PASS: TestSeccompWithNamespaceAnnotationUndefinedProfile (3.40s)
=== RUN TestSeccompWithNamespaceAnnotationDefinedProfile
--- PASS: TestSeccompWithNamespaceAnnotationDefinedProfile (6.26s)
=== RUN TestSeccompWithoutNamespaceAnnotationUndefinedProfileFromConfig
--- PASS: TestSeccompWithoutNamespaceAnnotationUndefinedProfileFromConfig (6.36s)
=== RUN TestSeccompWithNamespaceAnnotationUndefinedProfileFromConfig
--- FAIL: TestSeccompWithNamespaceAnnotationUndefinedProfileFromConfig (1.37s)
admission_seccomp_test.go:184: failed to create pod: pods "karydia-e2e-test-pod" is forbidden: error looking up service account karydia-e2e-test-kqptg/default: serviceaccount "default" not found
=== RUN TestSeccompWithoutNamespaceAnnotationDefinedProfile
--- FAIL: TestSeccompWithoutNamespaceAnnotationDefinedProfile (2.04s)
admission_seccomp_test.go:228: failed to create pod: pods "karydia-e2e-test-pod" is forbidden: error looking up service account karydia-e2e-test-wb8lj/default: serviceaccount "default" not found
=== RUN TestSecurityContextWithNamespaceAnnotationUndefinedContext
--- FAIL: TestSecurityContextWithNamespaceAnnotationUndefinedContext (1.21s)
admission_security_context_test.go:55: failed to create pod: pods "karydia-e2e-test-pod" is forbidden: error looking up service account karydia-e2e-test-gj59c/default: serviceaccount "default" not found
=== RUN TestSecurityContextWithNamespaceAnnotationDefinedContext
--- PASS: TestSecurityContextWithNamespaceAnnotationDefinedContext (8.68s)
=== RUN TestSecurityContextWithoutNamespaceAnnotationUndefinedContextFromConfig
--- PASS: TestSecurityContextWithoutNamespaceAnnotationUndefinedContextFromConfig (3.53s)
=== RUN TestNetworkPolicyLevel1
--- PASS: TestNetworkPolicyLevel1 (43.74s)
=== RUN TestCreateKarydiaNetworkPolicyForNewNamespace
--- PASS: TestCreateKarydiaNetworkPolicyForNewNamespace (3.69s)
=== RUN TestCreateKarydiaNetworkPolicyForAnnotatedNamespace
--- PASS: TestCreateKarydiaNetworkPolicyForAnnotatedNamespace (0.64s)
=== RUN TestCreateNamespaceAndUpdateWithAnnotation
--- PASS: TestCreateNamespaceAndUpdateWithAnnotation (0.85s)
=== RUN TestGetKarydiaNetworkPolicyForExcludedNamespace
--- PASS: TestGetKarydiaNetworkPolicyForExcludedNamespace (0.02s)
FAIL
FAIL github.com/karydia/karydia/tests/e2e 142.026s
? github.com/karydia/karydia/tests/e2e/framework [no test files]
make: *** [e2e-test] Error 1
Description
When running the e2e tests for karydia, occasionally, some tests fail due to a missing service account (often the
default
service account). These problem have been introduced into the project in the last couple of weeks (maybe because of updates in Kubernetes and its environment?).Steps to reproduce
Expected behavior
The e2e should never (or rarely) fail due to some missing resource. We should implement some precaution mechanism that checks if the requested resources exist and otherwise has a fall-back mechanism (e.g. wait and re-try at first).
Logs / console output / screenshots / affected lines of code