Running Suite: Kubernetes e2e suite =================================== Random Seed: 1630072963 - Will randomize all specs Will run 5668 specs Running in parallel across 10 nodes Aug 27 14:02:45.230: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.234: INFO: Waiting up to 30m0s for all (but 0) nodes to be schedulable Aug 27 14:02:45.259: INFO: Waiting up to 10m0s for all pods (need at least 0) in namespace 'kube-system' to be running and ready Aug 27 14:02:45.307: INFO: 12 / 12 pods in namespace 'kube-system' are running and ready (0 seconds elapsed) Aug 27 14:02:45.307: INFO: expected 2 pod replicas in namespace 'kube-system', 2 are Running and Ready. Aug 27 14:02:45.307: INFO: Waiting up to 5m0s for all daemonsets in namespace 'kube-system' to start Aug 27 14:02:45.316: INFO: 3 / 3 pods ready in namespace 'kube-system' in daemonset 'kindnet' (0 seconds elapsed) Aug 27 14:02:45.316: INFO: 3 / 3 pods ready in namespace 'kube-system' in daemonset 'kube-proxy' (0 seconds elapsed) Aug 27 14:02:45.316: INFO: e2e test version: v1.20.10 Aug 27 14:02:45.318: INFO: kube-apiserver version: v1.20.7 Aug 27 14:02:45.318: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.323: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.336: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.356: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.368: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.385: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.385: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.403: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.402: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.420: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.416: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.438: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.434: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.455: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.483: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.500: INFO: Cluster IP family: ipv4 Aug 27 14:02:45.516: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.539: INFO: Cluster IP family: ipv4 SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.471: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authz Aug 27 14:02:45.505: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:45.512: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:50 STEP: Creating a kubernetes client that impersonates a node Aug 27 14:02:45.521: INFO: >>> kubeConfig: /root/.kube/config [It] Getting an existing secret should exit with the Forbidden error /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:79 [AfterEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:45.535: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authz-2402" for this suite. •SSSSSSSS ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthorizer] Getting an existing secret should exit with the Forbidden error","total":-1,"completed":1,"skipped":98,"failed":0} SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.502: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authz Aug 27 14:02:45.524: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:45.537: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:50 STEP: Creating a kubernetes client that impersonates a node Aug 27 14:02:45.551: INFO: >>> kubeConfig: /root/.kube/config [It] A node shouldn't be able to delete another node /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:180 STEP: Create node foo by user: system:node:capi-leguer-control-plane-mt48s [AfterEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:45.555: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authz-5545" for this suite. •SSSSSSS ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthorizer] A node shouldn't be able to delete another node","total":-1,"completed":1,"skipped":79,"failed":0} SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.583: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authz STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:50 STEP: Creating a kubernetes client that impersonates a node Aug 27 14:02:45.616: INFO: >>> kubeConfig: /root/.kube/config [It] Getting a non-existent secret should exit with the Forbidden error, not a NotFound error /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:74 [AfterEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:45.619: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authz-6918" for this suite. •SSSSSSSSSSS ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthorizer] Getting a non-existent secret should exit with the Forbidden error, not a NotFound error","total":-1,"completed":2,"skipped":93,"failed":0} SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ Aug 27 14:02:45.644: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:45.664: INFO: Cluster IP family: ipv4 SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.764: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authz Aug 27 14:02:45.788: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:45.791: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:50 STEP: Creating a kubernetes client that impersonates a node Aug 27 14:02:45.802: INFO: >>> kubeConfig: /root/.kube/config [It] Getting an existing configmap should exit with the Forbidden error /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:89 STEP: Create a configmap for testing [AfterEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:45.811: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authz-3274" for this suite. •SSSSS ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthorizer] Getting an existing configmap should exit with the Forbidden error","total":-1,"completed":1,"skipped":269,"failed":0} SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.903: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authz STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:50 STEP: Creating a kubernetes client that impersonates a node Aug 27 14:02:45.939: INFO: >>> kubeConfig: /root/.kube/config [It] A node shouldn't be able to create another node /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:167 STEP: Create node foo by user: system:node:capi-leguer-control-plane-mt48s [AfterEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:45.945: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authz-6300" for this suite. •SSSSSS ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthorizer] A node shouldn't be able to create another node","total":-1,"completed":2,"skipped":339,"failed":0} SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ [BeforeEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.684: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename svcaccounts STEP: Waiting for a default service account to be provisioned in namespace [It] should guarantee kube-root-ca.crt exist in any namespace /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:860 Aug 27 14:02:45.718: INFO: Got root ca configmap in namespace "svcaccounts-7001" Aug 27 14:02:45.721: INFO: Deleted root ca configmap in namespace "svcaccounts-7001" STEP: waiting for a new root ca configmap created Aug 27 14:02:46.225: INFO: Recreated root ca configmap in namespace "svcaccounts-7001" Aug 27 14:02:46.230: INFO: Updated root ca configmap in namespace "svcaccounts-7001" STEP: waiting for the root ca configmap reconciled Aug 27 14:02:46.764: INFO: Reconciled root ca configmap in namespace "svcaccounts-7001" [AfterEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:46.764: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "svcaccounts-7001" for this suite. • ------------------------------ {"msg":"PASSED [sig-auth] ServiceAccounts should guarantee kube-root-ca.crt exist in any namespace","total":-1,"completed":3,"skipped":134,"failed":0} SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ [BeforeEach] [sig-auth] Metadata Concealment /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:47.125: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename metadata-concealment STEP: Waiting for a default service account to be provisioned in namespace [It] should run a check-metadata-concealment job to completion /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/metadata_concealment.go:34 Aug 27 14:02:47.152: INFO: Only supported for providers [gce] (not skeleton) [AfterEach] [sig-auth] Metadata Concealment /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:47.153: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "metadata-concealment-8321" for this suite. S [SKIPPING] [0.036 seconds] [sig-auth] Metadata Concealment /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/framework.go:23 should run a check-metadata-concealment job to completion [It] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/metadata_concealment.go:34 Only supported for providers [gce] (not skeleton) /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/metadata_concealment.go:35 ------------------------------ [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:47.112: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authz STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:50 STEP: Creating a kubernetes client that impersonates a node Aug 27 14:02:47.152: INFO: >>> kubeConfig: /root/.kube/config [It] Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:84 [AfterEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:47.156: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authz-2542" for this suite. •S ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthorizer] Getting a non-existent configmap should exit with the Forbidden error, not a NotFound error","total":-1,"completed":4,"skipped":369,"failed":0} SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ Aug 27 14:02:47.252: INFO: Running AfterSuite actions on all nodes Aug 27 14:02:47.253: INFO: Running AfterSuite actions on all nodes [BeforeEach] [sig-auth] [Feature:NodeAuthenticator] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.679: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authn Aug 27 14:02:45.717: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:45.720: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthenticator] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authn.go:39 [It] The kubelet's main port 10250 should reject requests with no credentials /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authn.go:59 Aug 27 14:02:47.743: INFO: Running '/usr/local/bin/kubectl --kubeconfig=/root/.kube/config --namespace=node-authn-522 exec agnhost-pod -- /bin/sh -x -c curl -sIk -o /dev/null -w '%{http_code}' https://172.23.0.4:10250/metrics' Aug 27 14:02:48.111: INFO: stderr: "+ curl -sIk -o /dev/null -w %{http_code} https://172.23.0.4:10250/metrics\n" Aug 27 14:02:48.111: INFO: stdout: "401" Aug 27 14:02:48.111: INFO: stdout: 401 [AfterEach] [sig-auth] [Feature:NodeAuthenticator] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:48.111: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authn-522" for this suite. • ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthenticator] The kubelet's main port 10250 should reject requests with no credentials","total":-1,"completed":1,"skipped":240,"failed":0} Aug 27 14:02:48.124: INFO: Running AfterSuite actions on all nodes [BeforeEach] [sig-auth] [Feature:NodeAuthenticator] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.973: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authn Aug 27 14:02:45.997: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:46.000: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthenticator] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authn.go:39 [It] The kubelet can delegate ServiceAccount tokens to the API server /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authn.go:68 STEP: create a new ServiceAccount for authentication Aug 27 14:02:48.027: INFO: Running '/usr/local/bin/kubectl --kubeconfig=/root/.kube/config --namespace=node-authn-7584 exec agnhost-pod -- /bin/sh -x -c curl -sIk -o /dev/null -w '%{http_code}' --header "Authorization: Bearer `cat /var/run/secrets/kubernetes.io/serviceaccount/token`" https://172.23.0.4:10250/metrics' Aug 27 14:02:48.343: INFO: stderr: "+ cat /var/run/secrets/kubernetes.io/serviceaccount/token\n+ curl -sIk -o /dev/null -w %{http_code} --header Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Il9mOUNVcW5VNUY0cUhaa1pZckpVRWFta01pRzdyUXBHZkVsYnh4V19zbEUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJub2RlLWF1dGhuLTc1ODQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiZGVmYXVsdC10b2tlbi1icjRqNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiY2FhYzBkMjctYWI0Ny00OGI5LTgxNmEtN2M2NjE3MDc1YTQ0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om5vZGUtYXV0aG4tNzU4NDpkZWZhdWx0In0.Bn1XTXtKknTa-vgmwSvbMQppFS98T73a4ECcnH_vXCbGNF456roxW6N_9y4NjUn2urkkgblFvyP5S4FfwRK3dmVAj93EJQcZ9bOoAST4zmIDBqEba02__9PPHeCpATIYAx3tT4H5FC73bwoc-1PlN7Ucr7hF57JRGun4lfehUm1iC3scf_M6-PToAnKhXu8c7Mo4lHbuBFe9McH8eW_IMorzBjAGY-F9Dmf-h8jEp94jvuI449KRlTnT_pSUKiXC3FFqbWBvf1_mcy8liG8u9Egawz4MJwwAlTnVaMGczPCSa8a4dDTKpQCCDnY43TO7s2292Nsvv_UJElmRU8k5lg https://172.23.0.4:10250/metrics\n" Aug 27 14:02:48.343: INFO: stdout: "403" Aug 27 14:02:48.343: INFO: stdout: 403 [AfterEach] [sig-auth] [Feature:NodeAuthenticator] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:48.344: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authn-7584" for this suite. • ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthenticator] The kubelet can delegate ServiceAccount tokens to the API server","total":-1,"completed":1,"skipped":365,"failed":0} Aug 27 14:02:48.355: INFO: Running AfterSuite actions on all nodes [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:46.456: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename node-authz Aug 27 14:02:46.764: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:46.771: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [BeforeEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:50 STEP: Creating a kubernetes client that impersonates a node Aug 27 14:02:46.782: INFO: >>> kubeConfig: /root/.kube/config [It] Getting a secret for a workload the node has access to should succeed /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/node_authz.go:106 STEP: Create a secret for testing STEP: Node should not get the secret STEP: Create a pod that use the secret STEP: The node should able to access the secret [AfterEach] [sig-auth] [Feature:NodeAuthorizer] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:48.802: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "node-authz-4068" for this suite. • ------------------------------ {"msg":"PASSED [sig-auth] [Feature:NodeAuthorizer] Getting a secret for a workload the node has access to should succeed","total":-1,"completed":1,"skipped":841,"failed":0} Aug 27 14:02:48.815: INFO: Running AfterSuite actions on all nodes [BeforeEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.733: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename svcaccounts STEP: Waiting for a default service account to be provisioned in namespace [It] should ensure a single API token exists /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:52 STEP: waiting for a single token reference Aug 27 14:02:46.259: INFO: default service account has a single secret reference STEP: ensuring the single token reference persists STEP: deleting the service account token STEP: waiting for a new token reference Aug 27 14:02:48.777: INFO: default service account has a new single secret reference STEP: ensuring the single token reference persists STEP: deleting the reference to the service account token STEP: waiting for a new token to be created and added Aug 27 14:02:51.292: INFO: default service account has a new single secret reference STEP: ensuring the single token reference persists [AfterEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:53.296: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "svcaccounts-5284" for this suite. • [SLOW TEST:7.573 seconds] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/framework.go:23 should ensure a single API token exists /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:52 ------------------------------ [BeforeEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.535: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename svcaccounts Aug 27 14:02:45.562: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:45.566: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [It] should set ownership and permission when RunAsUser or FsGroup is present [LinuxOnly] [NodeFeature:FSGroup] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:488 STEP: Creating a pod to test service account token: Aug 27 14:02:45.574: INFO: Waiting up to 5m0s for pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" in namespace "svcaccounts-6927" to be "Succeeded or Failed" Aug 27 14:02:45.577: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Pending", Reason="", readiness=false. Elapsed: 3.112993ms Aug 27 14:02:47.582: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Running", Reason="", readiness=true. Elapsed: 2.007922297s Aug 27 14:02:49.588: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Succeeded", Reason="", readiness=false. Elapsed: 4.01412762s STEP: Saw pod success Aug 27 14:02:49.588: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" satisfied condition "Succeeded or Failed" Aug 27 14:02:49.592: INFO: Trying to get logs from node capi-leguer-md-0-555f949c67-5brzb pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 container agnhost-container: STEP: delete the pod Aug 27 14:02:49.626: INFO: Waiting for pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 to disappear Aug 27 14:02:49.630: INFO: Pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 no longer exists STEP: Creating a pod to test service account token: Aug 27 14:02:49.635: INFO: Waiting up to 5m0s for pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" in namespace "svcaccounts-6927" to be "Succeeded or Failed" Aug 27 14:02:49.639: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Pending", Reason="", readiness=false. Elapsed: 3.179301ms Aug 27 14:02:51.644: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Succeeded", Reason="", readiness=false. Elapsed: 2.008495632s STEP: Saw pod success Aug 27 14:02:51.644: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" satisfied condition "Succeeded or Failed" Aug 27 14:02:51.647: INFO: Trying to get logs from node capi-leguer-md-0-555f949c67-5brzb pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 container agnhost-container: STEP: delete the pod Aug 27 14:02:51.663: INFO: Waiting for pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 to disappear Aug 27 14:02:51.667: INFO: Pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 no longer exists STEP: Creating a pod to test service account token: Aug 27 14:02:51.672: INFO: Waiting up to 5m0s for pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" in namespace "svcaccounts-6927" to be "Succeeded or Failed" Aug 27 14:02:51.675: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Pending", Reason="", readiness=false. Elapsed: 2.59951ms Aug 27 14:02:53.679: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Succeeded", Reason="", readiness=false. Elapsed: 2.006955646s STEP: Saw pod success Aug 27 14:02:53.679: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" satisfied condition "Succeeded or Failed" Aug 27 14:02:53.682: INFO: Trying to get logs from node capi-leguer-md-0-555f949c67-5brzb pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 container agnhost-container: STEP: delete the pod Aug 27 14:02:53.694: INFO: Waiting for pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 to disappear Aug 27 14:02:53.699: INFO: Pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 no longer exists STEP: Creating a pod to test service account token: Aug 27 14:02:53.703: INFO: Waiting up to 5m0s for pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" in namespace "svcaccounts-6927" to be "Succeeded or Failed" Aug 27 14:02:53.705: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Pending", Reason="", readiness=false. Elapsed: 2.221849ms Aug 27 14:02:55.709: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6": Phase="Succeeded", Reason="", readiness=false. Elapsed: 2.005918344s STEP: Saw pod success Aug 27 14:02:55.709: INFO: Pod "test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6" satisfied condition "Succeeded or Failed" Aug 27 14:02:55.712: INFO: Trying to get logs from node capi-leguer-md-0-555f949c67-5brzb pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 container agnhost-container: STEP: delete the pod Aug 27 14:02:55.725: INFO: Waiting for pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 to disappear Aug 27 14:02:55.728: INFO: Pod test-pod-58cec842-842e-4f4e-b08a-c71c6107f5f6 no longer exists [AfterEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:55.728: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "svcaccounts-6927" for this suite. • [SLOW TEST:10.200 seconds] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/framework.go:23 should set ownership and permission when RunAsUser or FsGroup is present [LinuxOnly] [NodeFeature:FSGroup] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:488 ------------------------------ {"msg":"PASSED [sig-auth] ServiceAccounts should set ownership and permission when RunAsUser or FsGroup is present [LinuxOnly] [NodeFeature:FSGroup]","total":-1,"completed":1,"skipped":58,"failed":0} Aug 27 14:02:55.736: INFO: Running AfterSuite actions on all nodes [BeforeEach] [sig-auth] Certificates API [Privileged:ClusterAdmin] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:46.623: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename certificates Aug 27 14:02:46.786: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:46.790: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [It] should support building a client with a CSR /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/certificates.go:55 Aug 27 14:02:46.985: INFO: creating CSR Aug 27 14:02:46.989: INFO: approving CSR Aug 27 14:02:51.995: INFO: waiting for CSR to be signed Aug 27 14:02:57.000: INFO: testing the client Aug 27 14:02:57.000: INFO: >>> kubeConfig: /root/.kube/config Aug 27 14:02:57.002: INFO: creating CSR as new client [AfterEach] [sig-auth] Certificates API [Privileged:ClusterAdmin] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:02:57.047: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "certificates-440" for this suite. • [SLOW TEST:10.433 seconds] [sig-auth] Certificates API [Privileged:ClusterAdmin] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/framework.go:23 should support building a client with a CSR /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/certificates.go:55 ------------------------------ {"msg":"PASSED [sig-auth] Certificates API [Privileged:ClusterAdmin] should support building a client with a CSR","total":-1,"completed":1,"skipped":980,"failed":0} Aug 27 14:02:57.057: INFO: Running AfterSuite actions on all nodes [BeforeEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:45.962: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename svcaccounts Aug 27 14:02:45.987: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:45.990: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [It] should support OIDC discovery of service account issuer [Feature:ServiceAccountIssuerDiscovery] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:676 Aug 27 14:02:46.002: INFO: created pod Aug 27 14:02:46.002: INFO: Waiting up to 5m0s for pod "oidc-discovery-validator" in namespace "svcaccounts-3034" to be "Succeeded or Failed" Aug 27 14:02:46.005: INFO: Pod "oidc-discovery-validator": Phase="Pending", Reason="", readiness=false. Elapsed: 2.298023ms Aug 27 14:02:48.009: INFO: Pod "oidc-discovery-validator": Phase="Pending", Reason="", readiness=false. Elapsed: 2.006860086s Aug 27 14:02:50.014: INFO: Pod "oidc-discovery-validator": Phase="Succeeded", Reason="", readiness=false. Elapsed: 4.011198768s STEP: Saw pod success Aug 27 14:02:50.014: INFO: Pod "oidc-discovery-validator" satisfied condition "Succeeded or Failed" Aug 27 14:03:20.014: INFO: polling logs Aug 27 14:03:20.023: INFO: Pod logs: 2021/08/27 14:02:47 OK: Got token 2021/08/27 14:02:47 OK: got issuer https://kubernetes.default.svc.cluster.local 2021/08/27 14:02:47 Full, not-validated claims: openidmetadata.claims{Claims:jwt.Claims{Issuer:"https://kubernetes.default.svc.cluster.local", Subject:"system:serviceaccount:svcaccounts-3034:default", Audience:jwt.Audience{"oidc-discovery-test"}, Expiry:1630073566, NotBefore:1630072966, IssuedAt:1630072966, ID:""}, Kubernetes:openidmetadata.kubeClaims{Namespace:"svcaccounts-3034", ServiceAccount:openidmetadata.kubeName{Name:"default", UID:"9bd30147-8e99-4c0b-bcb0-7cd49bd383e9"}}} 2021/08/27 14:02:47 OK: Constructed OIDC provider for issuer https://kubernetes.default.svc.cluster.local 2021/08/27 14:02:47 OK: Validated signature on JWT 2021/08/27 14:02:47 OK: Got valid claims from token! 2021/08/27 14:02:47 Full, validated claims: &openidmetadata.claims{Claims:jwt.Claims{Issuer:"https://kubernetes.default.svc.cluster.local", Subject:"system:serviceaccount:svcaccounts-3034:default", Audience:jwt.Audience{"oidc-discovery-test"}, Expiry:1630073566, NotBefore:1630072966, IssuedAt:1630072966, ID:""}, Kubernetes:openidmetadata.kubeClaims{Namespace:"svcaccounts-3034", ServiceAccount:openidmetadata.kubeName{Name:"default", UID:"9bd30147-8e99-4c0b-bcb0-7cd49bd383e9"}}} Aug 27 14:03:20.023: INFO: completed pod [AfterEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:03:20.023: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "svcaccounts-3034" for this suite. • [SLOW TEST:34.074 seconds] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/framework.go:23 should support OIDC discovery of service account issuer [Feature:ServiceAccountIssuerDiscovery] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:676 ------------------------------ {"msg":"PASSED [sig-auth] ServiceAccounts should support OIDC discovery of service account issuer [Feature:ServiceAccountIssuerDiscovery]","total":-1,"completed":1,"skipped":259,"failed":0} Aug 27 14:03:20.038: INFO: Running AfterSuite actions on all nodes [BeforeEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:174 STEP: Creating a kubernetes client Aug 27 14:02:46.726: INFO: >>> kubeConfig: /root/.kube/config STEP: Building a namespace api object, basename svcaccounts Aug 27 14:02:46.788: INFO: Found PodSecurityPolicies; testing pod creation to see if PodSecurityPolicy is enabled Aug 27 14:02:46.792: INFO: No PSP annotation exists on dry run pod; assuming PodSecurityPolicy is disabled STEP: Waiting for a default service account to be provisioned in namespace [It] should support InClusterConfig with token rotation [Slow] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:584 Aug 27 14:02:46.803: INFO: created pod Aug 27 14:02:46.803: INFO: Waiting up to 1m0s for 1 pods to be running and ready: [inclusterclient] Aug 27 14:02:46.803: INFO: Waiting up to 1m0s for pod "inclusterclient" in namespace "svcaccounts-3234" to be "running and ready" Aug 27 14:02:46.806: INFO: Pod "inclusterclient": Phase="Pending", Reason="", readiness=false. Elapsed: 2.541443ms Aug 27 14:02:48.810: INFO: Pod "inclusterclient": Phase="Pending", Reason="", readiness=false. Elapsed: 2.006392835s Aug 27 14:02:50.814: INFO: Pod "inclusterclient": Phase="Running", Reason="", readiness=true. Elapsed: 4.01046769s Aug 27 14:02:50.814: INFO: Pod "inclusterclient" satisfied condition "running and ready" Aug 27 14:02:50.814: INFO: Wanted all 1 pods to be running and ready. Result: true. Pods: [inclusterclient] Aug 27 14:02:50.814: INFO: pod is ready Aug 27 14:03:50.814: INFO: polling logs Aug 27 14:03:50.853: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:04:50.814: INFO: polling logs Aug 27 14:04:50.823: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:05:50.814: INFO: polling logs Aug 27 14:05:50.823: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:06:50.814: INFO: polling logs Aug 27 14:06:50.823: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:07:50.814: INFO: polling logs Aug 27 14:07:50.827: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:08:50.815: INFO: polling logs Aug 27 14:08:50.824: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:09:50.814: INFO: polling logs Aug 27 14:09:50.827: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:10:50.814: INFO: polling logs Aug 27 14:10:50.824: INFO: Retrying. Still waiting to see more unique tokens: got=1, want=2 Aug 27 14:11:50.814: INFO: polling logs [AfterEach] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/framework/framework.go:175 Aug 27 14:11:50.825: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready STEP: Destroying namespace "svcaccounts-3234" for this suite. • [SLOW TEST:544.112 seconds] [sig-auth] ServiceAccounts /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/framework.go:23 should support InClusterConfig with token rotation [Slow] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/auth/service_accounts.go:584 ------------------------------ {"msg":"PASSED [sig-auth] ServiceAccounts should support InClusterConfig with token rotation [Slow]","total":-1,"completed":1,"skipped":969,"failed":0} Aug 27 14:11:50.842: INFO: Running AfterSuite actions on all nodes {"msg":"PASSED [sig-auth] ServiceAccounts should ensure a single API token exists","total":-1,"completed":2,"skipped":241,"failed":0} Aug 27 14:02:53.307: INFO: Running AfterSuite actions on all nodes Aug 27 14:11:50.904: INFO: Running AfterSuite actions on node 1 Aug 27 14:11:50.904: INFO: Skipping dumping logs from cluster Ran 15 of 5668 Specs in 545.680 seconds SUCCESS! -- 15 Passed | 0 Failed | 0 Pending | 5653 Skipped Ginkgo ran 1 suite in 9m7.40474979s Test Suite Passed