CI: Use deployment instead of Pod for agnhost

This is a followup to 2ba28a338 (Revert "Wait for available API token in a new namespace (#7045)", 2024-10-25). While checking for the serviceaccount token is not effective, there is still a race when creating a Pod directly, because the ServiceAccount itself might not be created yet. More details at https://github.com/kubernetes/kubernetes/issues/66689. This cause very frequent flakes in our CI with spurious failures. Use a Deployment instead ; it will takes cares of creating the Pods and retrying ; it also let us use kubectl rollout status instead of manually checking for the pods.
2025-12-14 22:04:43 +03:00 · 2024-12-12 14:18:04 +01:00
parent 74aee12305
commit 930df78d8a
1 changed files with 33 additions and 39 deletions
--- a/tests/testcases/030_check-network.yml
+++ b/tests/testcases/030_check-network.yml
@@ -79,11 +79,19 @@
    command:
      cmd: "{{ bin_dir }}/kubectl apply -f -"
      stdin: |
-        apiVersion: v1
-        kind: Pod
+        apiVersion: apps/v1
+        kind: Deployment
        metadata:
-          name: {{ item }}
-          namespace: test
+          name: agnhost
+        spec:
+          replicas: 2
+          selector:
+            matchLabels:
+              app: agnhost
+          template:
+            metadata:
+              labels:
+                app: agnhost
            spec:
              containers:
              - name: agnhost
@@ -98,35 +106,21 @@
                  seccompProfile:
                    type: RuntimeDefault
    changed_when: false
-    loop:
-    - agnhost1
-    - agnhost2

  - import_role:  # noqa name[missing]
      name: cluster-dump

  - name: Check that all pods are running and ready
-    command: "{{ bin_dir }}/kubectl get pods --namespace test --no-headers -o yaml"
+    block:
+    - name: Check Deployment is ready
+      command: "{{ bin_dir }}/kubectl rollout status deploy --namespace test agnhost --timeout=180"
      changed_when: false
-    register: run_pods_log
-    until:
-    # Check that all pods are running
-    - '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.phase") | unique | list == ["Running"]'
-    # Check that all pods are ready
-    - '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.containerStatuses") | map("map", attribute = "ready") | map("min") | min'
-    retries: 18
-    delay: 10
-    failed_when: false
-
+    rescue:
    - name: Get pod names
      command: "{{ bin_dir }}/kubectl get pods -n test -o json"
      changed_when: false
      register: pods

-  - debug:  # noqa name[missing]
-      msg: "{{ pods.stdout.split('\n') }}"
-    failed_when: not run_pods_log is success
-
  - name: Get hostnet pods
    command: "{{ bin_dir }}/kubectl get pods -n test -o
            jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"