[KEP:2133] E2E tests for external Kubelet Credential Provider

[adisky]

What would you like to be added?

Kubelet credential provider is in alpha since 1.20 release, we need to add e2e tests to move it to beta.

Current e2e tests for intree credential providers:
[1] https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/runtime_conformance_test.go#L61 (uses intree docker config credential provider)
[2] https://github.com/kubernetes/kubernetes/blob/master/test/e2e/apps/rc.go#L68 (uses intree gcp credential provider)
[3] https://github.com/kubernetes/kubernetes/blob/master/test/e2e/apps/replica_set.go#L113 (uses intree gcp credential provider)

The job pull-kubernetes-e2e-gce-ubuntu-containerd fails with replica sets private image tests if external credential provider is enabled by default

Problems in adding e2e tests for external credential providers

• The credential provider binary and config file needs to be installed on node VM before Kubelet starts, external cloud providers credential providers like GCP only supported to install with external cloud providers
• Tests using intree docker config provider are part of node conformance tests

Work needs to be done

1. Provide a way to run existing node conformance tests[1] with external credential provider
   A sample-credential-provider repo needs to be created under k8s-sigs which can be build and installed via node e2e tests to run existing node conformance tests

2. Migrate the replica set tests [2] & [3] to out of tree gcp credential provider
   Need help from gcp cloud provider team to work on this.

/sig cloud-provider node
/ cc @cheftako @dims @endocrimes @DangerOnTheRanger @andrewsykim @SergeyKanzhelev

Why is this needed?

KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers
KEP issue: kubernetes/enhancements#2133

[endocrimes]

/triage accepted
/priority important-soon

[SergeyKanzhelev]

/label area/test

[k8s-ci-robot]

@SergeyKanzhelev: The label(s) /label area/test cannot be applied. These labels are supported: api-review, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, team/katacoda, refactor

In response to this:

/label area/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[SergeyKanzhelev]

/area test

[adisky]

@SergeyKanzhelev @DangerOnTheRanger @cheftako Is there any image available with gcp cloud provider+ credential provider that i can use directly to run e2e tests?

cc @spiffxp Also for any inputs on how this tests should move forward

[SergeyKanzhelev]

@cheftako do you know if there is already an image available?

[SergeyKanzhelev]

/assign @adisky

[adisky]

cc @andrewsykim

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[ruiwen-zhao]

/assign @ndixita

[k8s-ci-robot]

@ruiwen-zhao: GitHub didn't allow me to assign the following users: ndixita.

Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @ndixita

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ndixita]

Assigning it to myself as I will be looking into the logistics to add the e2e tests here

[ndixita]

/assign @ndixita

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ruiwen-zhao]

@ndixita is actively working on this.

/reopen

[k8s-ci-robot]

@ruiwen-zhao: Reopened this issue.

In response to this:

@ndixita is actively working on this.

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ruiwen-zhao]

@ndixita is actively working on this in #111495

/reopen

[k8s-ci-robot]

@ruiwen-zhao: Reopened this issue.

In response to this:

@ndixita is actively working on this in #111495

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[spiffxp]

/remove-lifecycle rotten
per #106248 (comment)

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[endocrimes]

/remove-lifecycle stale
/lifecycle frozen

[andrewsykim]

I think we can just close this, we now have both node e2e and standard e2e for this feature, thanks to @ndixita!

/close

[k8s-ci-robot]

@andrewsykim: Closing this issue.

In response to this:

I think we can just close this, we now have both node e2e and standard e2e for this feature, thanks to @ndixita!

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.