Make secret tests work in large clusters

2017-02-28 18:51:39 +01:00 · 2017-02-28 18:51:39 +01:00 · 9db6aa50f0
parent 70797f51e1
commit 9db6aa50f0
3 changed files with 50 additions and 14 deletions
--- a/test/e2e/common/projected.go
+++ b/test/e2e/common/projected.go
@ -172,13 +172,24 @@ var _ = framework.KubeDescribe("Projected", func() {

 	It("optional updates should be reflected in volume [Conformance] [Volume]", func() {

-		// We may have to wait or a full sync period to elapse before the
-		// Kubelet projects the update into the volume and the container picks
-		// it up. This timeout is based on the default Kubelet sync period (1
-		// minute) plus additional time for fudge factor.
-		const podLogTimeout = 300 * time.Second
-		trueVal := true
+		// With SecretManager, we may have to wait up to full sync period + TTL of
+		// a secret to elapse before the Kubelet projects the update into the volume
+		// and the container picks it ip.
+		// This timeout is based on default Kubelet sync period (1 minute) plus
+		// maximum secret TTL (based on cluster size) plus additional time for fudge
+		// factor.
+		nodes, err := f.ClientSet.Core().Nodes().List(metav1.ListOptions{})
+		framework.ExpectNoError(err)
+		// Since TTL the kubelet is using are stored in node object, for the timeout
+		// purpose we take it from a first node (all of them should be the same).
+		// We take the TTL from the first node.
+		secretTTL, exists := framework.GetTTLAnnotationFromNode(&nodes.Items[0])
+		if !exists {
+			framework.Logf("Couldn't get ttl annotation from: %#v", nodes.Items[0])
+		}
+		podLogTimeout := 240*time.Second + secretTTL

+		trueVal := true
 		volumeMountPath := "/etc/projected-secret-volumes"

 		deleteName := "s-test-opt-del-" + string(uuid.NewUUID())
@ -221,7 +232,6 @@ var _ = framework.KubeDescribe("Projected", func() {
 		}

 		By(fmt.Sprintf("Creating secret with name %s", deleteSecret.Name))
-		var err error
 		if deleteSecret, err = f.ClientSet.Core().Secrets(f.Namespace.Name).Create(deleteSecret); err != nil {
 			framework.Failf("unable to create test secret %s: %v", deleteSecret.Name, err)
 		}
--- a/test/e2e/common/secrets.go
+++ b/test/e2e/common/secrets.go
@ -155,13 +155,24 @@ var _ = framework.KubeDescribe("Secrets", func() {

 	It("optional updates should be reflected in volume [Conformance] [Volume]", func() {

-		// We may have to wait or a full sync period to elapse before the
-		// Kubelet projects the update into the volume and the container picks
-		// it up. This timeout is based on the default Kubelet sync period (1
-		// minute) plus additional time for fudge factor.
-		const podLogTimeout = 300 * time.Second
-		trueVal := true
+		// With SecretManager, we may have to wait up to full sync period + TTL of
+		// a secret to elapse before the Kubelet projects the update into the volume
+		// and the container picks it ip.
+		// This timeout is based on default Kubelet sync period (1 minute) plus
+		// maximum secret TTL (based on cluster size) plus additional time for fudge
+		// factor.
+		nodes, err := f.ClientSet.Core().Nodes().List(metav1.ListOptions{})
+		framework.ExpectNoError(err)
+		// Since TTL the kubelet is using are stored in node object, for the timeout
+		// purpose we take it from a first node (all of them should be the same).
+		// We take the TTL from the first node.
+		secretTTL, exists := framework.GetTTLAnnotationFromNode(&nodes.Items[0])
+		if !exists {
+			framework.Logf("Couldn't get ttl annotation from: %#v", nodes.Items[0])
+		}
+		podLogTimeout := 240*time.Second + secretTTL

+		trueVal := true
 		volumeMountPath := "/etc/secret-volumes"

 		deleteName := "s-test-opt-del-" + string(uuid.NewUUID())
@ -204,7 +215,6 @@ var _ = framework.KubeDescribe("Secrets", func() {
 		}

 		By(fmt.Sprintf("Creating secret with name %s", deleteSecret.Name))
-		var err error
 		if deleteSecret, err = f.ClientSet.Core().Secrets(f.Namespace.Name).Create(deleteSecret); err != nil {
 			framework.Failf("unable to create test secret %s: %v", deleteSecret.Name, err)
 		}
--- a/test/e2e/framework/util.go
+++ b/test/e2e/framework/util.go
@ -2527,6 +2527,22 @@ func WaitForAllNodesSchedulable(c clientset.Interface, timeout time.Duration) er
 	})
 }

+func GetTTLAnnotationFromNode(node *v1.Node) (time.Duration, bool) {
+	if node.Annotations == nil {
+		return time.Duration(0), false
+	}
+	value, ok := node.Annotations[v1.ObjectTTLAnnotationKey]
+	if !ok {
+		return time.Duration(0), false
+	}
+	intValue, err := strconv.Atoi(value)
+	if err != nil {
+		Logf("Cannot convert TTL annotation from %#v to int", *node)
+		return time.Duration(0), false
+	}
+	return time.Duration(intValue) * time.Second, true
+}
+
 func AddOrUpdateLabelOnNode(c clientset.Interface, nodeName string, labelKey, labelValue string) {
 	ExpectNoError(testutils.AddLabelsToNode(c, nodeName, map[string]string{labelKey: labelValue}))
 }