Kenichi Omichi 275c54e810
Wait for available API token in a new namespace (#7045)
Just after creating a namespace, the corresponding token could not be
created and sometimes the pod creation might be failed.
This adds check of the token in the new namespace to make this test
case stable.
2020-12-19 04:54:24 -08:00

- hosts: kube-master[0]
test_image_repo: busybox
test_image_tag: latest
- name: Force binaries directory for Flatcar Container Linux by Kinvolk
bin_dir: "/opt/bin"
when: ansible_os_family in ["Flatcar Container Linux by Kinvolk"]
- name: Force binaries directory for other hosts
bin_dir: "/usr/local/bin"
when: not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]
- name: Approve kubelet serving certificates
- name: Get certificate signing requests
command: "{{ bin_dir }}/kubectl get csr -o name"
register: get_csr
changed_when: false
- name: Check there are csrs
that: get_csr.stdout_lines | length > 0
fail_msg: kubelet_rotate_server_certificates is {{ kubelet_rotate_server_certificates }} but no csr's found
- name: Approve certificates
command: "{{ bin_dir }}/kubectl certificate approve {{ get_csr.stdout_lines | join(' ') }}"
register: certificate_approve
when: get_csr.stdout_lines | length > 0
changed_when: certificate_approve.stdout
- debug:
msg: "{{ certificate_approve.stdout.split('\n') }}"
when: kubelet_rotate_server_certificates | default(false)
- name: Create test namespace
command: "{{ bin_dir }}/kubectl create namespace test"
changed_when: false
- name: Wait for API token of test namespace
shell: "set -o pipefail && {{ bin_dir }}/kubectl describe serviceaccounts default --namespace test | grep Tokens | awk '{print $2}'"
executable: /bin/bash
changed_when: false
register: default_token
until: default_token.stdout.find('<none>') == -1
retries: 5
delay: 5
- name: Run 2 busybox pods in test ns
command: "{{ bin_dir }}/kubectl run {{ item }} --image={{ test_image_repo }}:{{ test_image_tag }} --namespace test --command -- tail -f /dev/null"
changed_when: false
- busybox1
- busybox2
- import_role:
name: cluster-dump
- name: Check that all pods are running and ready
command: "{{ bin_dir }}/kubectl get pods --namespace test --no-headers -o yaml"
changed_when: false
register: run_pods_log
# Check that all pods are running
- '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.phase") | unique | list == ["Running"]'
# Check that all pods are ready
- '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.containerStatuses") | map("map", attribute = "ready") | map("min") | min'
retries: 18
delay: 10
failed_when: false
no_log: true
- name: Get pod names
command: "{{ bin_dir }}/kubectl get pods -n test -o json"
changed_when: false
register: pods
no_log: true
- debug:
msg: "{{ pods.stdout.split('\n') }}"
failed_when: not run_pods_log is success
- name: Get hostnet pods
command: "{{ bin_dir }}/kubectl get pods -n test -o
jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
changed_when: false
register: hostnet_pods
ignore_errors: true
no_log: true
- name: Get running pods
command: "{{ bin_dir }}/kubectl get pods -n test -o
jsonpath='{range .items[?(.status.phase==\"Running\")]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
changed_when: False
register: running_pods
no_log: true
- name: Check kubectl output
command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
changed_when: False
register: get_pods
no_log: true
- debug:
msg: "{{ get_pods.stdout.split('\n') }}"
- name: Set networking facts
pod_names: "{{ (pods.stdout | from_json)['items'] | map(attribute = 'metadata.name') | list }}"
pod_ips: "{{ (pods.stdout | from_json)['items'] | selectattr('status.podIP', 'defined') | map(attribute = 'status.podIP') | list }}"
pods_hostnet: |
{% set list = hostnet_pods.stdout.split(" ") %}
{{ list }}
pods_running: |
{% set list = running_pods.stdout.split(" ") %}
{{ list }}
- name: Check pods IP are in correct network
that: item | ipaddr(kube_pods_subnet)
- not item in pods_hostnet
- item in pods_running
with_items: "{{ pod_ips }}"
- name: Ping between pods is working
command: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
- not item[0] in pods_hostnet
- not item[1] in pods_hostnet
- "{{ pod_names }}"
- "{{ pod_ips }}"
- name: Ping between hostnet pods is working
command: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
- item[0] in pods_hostnet
- item[1] in pods_hostnet
- "{{ pod_names }}"
- "{{ pod_ips }}"