fix(ci): skip test if UserNamespacesSupport feature gate is not set

We should not just rely on the sysctl, also confirm that `UserNamespacesSupport=true` feature gate is set for apiserver, so that the tests gets skipped if only sysctl is set. Signed-off-by: Noel Georgi <[email protected]>
siderolabs · Nov 8, 2024 · fb72e4b · fb72e4b
1 parent 11380f9
commit fb72e4b
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 2 deletions.
diff --git a/internal/integration/api/extensions_qemu.go b/internal/integration/api/extensions_qemu.go
@@ -519,7 +519,7 @@ func (suite *ExtensionsSuiteQEMU) mdADMArrayExists() bool {
 // TestExtensionsZFS verifies zfs is working, udev rules work and the pool is mounted on reboot.
 func (suite *ExtensionsSuiteQEMU) TestExtensionsZFS() {
 	node := suite.RandomDiscoveredNodeInternalIP(machine.TypeWorker)
-	suite.AssertServicesRunning(suite.ctx, node, map[string]string{"ext-zpool-importer": "Finished"})
+	suite.AssertServicesRunning(suite.ctx, node, map[string]string{"ext-zfs-service": "Running"})
 
 	userDisks, err := suite.UserDisks(suite.ctx, node)
 	suite.Require().NoError(err)

diff --git a/internal/integration/k8s/usernamespace.go b/internal/integration/k8s/usernamespace.go
@@ -35,7 +35,7 @@ func (suite *UserNamespaceSuite) SuiteName() string {
 
 // TestUserNamespace verifies that a pod with user namespace works.
 //
-//nolint:gocyclo
+//nolint:gocyclo,cyclop
 func (suite *UserNamespaceSuite) TestUserNamespace() {
 	if suite.Cluster == nil {
 		suite.T().Skip("without full cluster state reaching out to the node IP is not reliable")
@@ -64,6 +64,38 @@ func (suite *UserNamespaceSuite) TestUserNamespace() {
 		suite.T().Skip("skipping test since user namespace is disabled")
 	}
 
+	controlPlaneNode := suite.RandomDiscoveredNodeInternalIP(machine.TypeControlPlane)
+
+	controlPlaneNodeCtx := client.WithNode(ctx, controlPlaneNode)
+
+	controlPlaneNodeConfig, err := suite.ReadConfigFromNode(controlPlaneNodeCtx)
+	suite.Require().NoError(err)
+
+	if controlPlaneNodeConfig.Cluster().APIServer().ExtraArgs() == nil {
+		suite.T().Skip("skipping test since no api server extra args found")
+	} else {
+		if featureGates, ok := controlPlaneNodeConfig.Cluster().APIServer().ExtraArgs()["feature-gates"]; ok {
+			if !strings.Contains(featureGates, "UserNamespacesSupport=true") {
+				suite.T().Skip("skipping test since user namespace feature gate is not enabled for kube-apiserver")
+			}
+		}
+	}
+
+	workerNodeConfig, err := suite.ReadConfigFromNode(client.WithNode(ctx, node))
+	suite.Require().NoError(err)
+
+	if workerNodeConfig.Machine().Kubelet().ExtraConfig() == nil {
+		suite.T().Skip("skipping test since no kubelet extra config found")
+	} else {
+		if featureGates, ok := workerNodeConfig.Machine().Kubelet().ExtraConfig()["featureGates"]; ok {
+			if fg, ok := featureGates.(map[string]string); ok {
+				if val, ok := fg["UserNamespacesSupport"]; !ok || val != "true" {
+					suite.T().Skip("skipping test since user namespace feature gate is not enabled for kubelet")
+				}
+			}
+		}
+	}
+
 	usernamespacePodManifest := suite.ParseManifests(userNamespacePodSpec)
 
 	suite.T().Cleanup(func() {