[KEP:2133] E2E tests for external Kubelet Credential Provider #106248
Description
What would you like to be added?
Kubelet credential provider is in alpha since 1.20 release, we need to add e2e tests to move it to beta.
Current e2e tests for intree credential providers:
[1] https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/runtime_conformance_test.go#L61 (uses intree docker config credential provider)
[2] https://github.com/kubernetes/kubernetes/blob/master/test/e2e/apps/rc.go#L68 (uses intree gcp credential provider)
[3] https://github.com/kubernetes/kubernetes/blob/master/test/e2e/apps/replica_set.go#L113 (uses intree gcp credential provider)
The job pull-kubernetes-e2e-gce-ubuntu-containerd fails with replica sets private image tests if external credential provider is enabled by default
Problems in adding e2e tests for external credential providers
- The credential provider binary and config file needs to be installed on node VM before Kubelet starts, external cloud providers credential providers like GCP only supported to install with external cloud providers
- Tests using intree docker config provider are part of node conformance tests
Work needs to be done
-
Provide a way to run existing node conformance tests[1] with external credential provider
A sample-credential-provider repo needs to be created under k8s-sigs which can be build and installed via node e2e tests to run existing node conformance tests -
Migrate the replica set tests [2] & [3] to out of tree gcp credential provider
Need help from gcp cloud provider team to work on this.
/sig cloud-provider node
/ cc @cheftako @dims @endocrimes @DangerOnTheRanger @andrewsykim @SergeyKanzhelev
Why is this needed?
KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers
KEP issue: kubernetes/enhancements#2133
Metadata
Metadata
Labels
Type
Projects
Status