Closed
Description
Which jobs are flaking?
pull-kubernetes-kind-dra-all
Which tests are flaking?
DRA [Feature:DynamicResourceAllocation] cluster DaemonSet with admin access
Since when has it been flaking?
Only once so far on 2024-11-01.
Testgrid link
https://testgrid.k8s.io/sig-node-dynamic-resource-allocation#ci-kind-dra-all
Reason for failure (if possible)
"support validating admission policy for admin access" must have run in parallel to "DaemonSet with admin access". The former deploys a VAP which prevents admin access, the latter doesn't.
Anything else we need to know?
This patch should fix, but somehow the namespace selector didn't match the test namespace and thus the VAP didn't trigger anymore:
diff --git a/test/e2e/dra/dra.go b/test/e2e/dra/dra.go
index cb2324e0a5e..1498b0cbea4 100644
--- a/test/e2e/dra/dra.go
+++ b/test/e2e/dra/dra.go
@@ -830,6 +830,10 @@ var _ = framework.SIGDescribe("node")("DRA", feature.DynamicResourceAllocation,
f.It("support validating admission policy for admin access", feature.DRAAdminAccess, func(ctx context.Context) {
// Create VAP, after making it unique to the current test.
adminAccessPolicyYAML := strings.ReplaceAll(adminAccessPolicyYAML, "dra.example.com", b.f.UniqueName)
+ adminAccessPolicyYAML = strings.ReplaceAll(adminAccessPolicyYAML,
+ "null # namespaceSelector",
+ fmt.Sprintf(`{matchExpressions: [{key: "metadata.name", operator: "In", values: [%q]}]}`, f.Namespace.Name),
+ )
driver.createFromYAML(ctx, []byte(adminAccessPolicyYAML), "")
diff --git a/test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml b/test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml
index 822b1c7d991..964d0f00145 100644
--- a/test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml
+++ b/test/e2e/dra/test-driver/deploy/example/admin-access-policy.yaml
@@ -22,6 +22,9 @@ spec:
apiVersions: ["v1alpha3", "v1beta1"]
operations: ["CREATE", "UPDATE"]
resources: ["resourceclaims"]
+
+ # This is for tests. Don't change the comment!
+ namespaceSelector: null # namespaceSelector
validations:
- expression: '! object.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)'
reason: Forbidden
@@ -52,6 +55,9 @@ spec:
apiVersions: ["v1alpha3", "v1beta1"]
operations: ["CREATE", "UPDATE"]
resources: ["resourceclaimtemplates"]
+
+ # This is for tests. Don't change the comment!
+ namespaceSelector: null # namespaceSelector
validations:
- expression: '! object.spec.spec.devices.requests.exists(e, has(e.adminAccess) && e.adminAccess)'
reason: ForbiddenRelevant SIG(s)
/sig node
/wg device-management
Metadata
Metadata
Assignees
Labels
Categorizes issue or PR as related to a flaky test.Indicates an issue or PR lacks a `triage/foo` label and requires one.Important over the long term, but may not be staffed and/or may need multiple releases to complete.Categorizes an issue or PR as relevant to SIG Node.Categorizes an issue or PR as relevant to WG Device Management.
Type
Projects
Status
✅ Done
Status
Done