Skip to content

test(k8s): update k8s integrtion test #9725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 24, 2025
Merged

test(k8s): update k8s integrtion test #9725

merged 2 commits into from
Nov 24, 2025

Conversation

@afdesk
Copy link
Contributor

@afdesk afdesk commented Oct 29, 2025
edited
Loading

Description

The k8s integration suite was flaky and sometimes are failed:

This PR makes results deterministic, adds richer logs for troubleshooting, and narrows assertions to stable identifiers:

  • Added detailed debug-level logs to improve traceability and facilitate troubleshooting.
  • Scanning is now limited to default namespace to prevent unintended interactions with other environments.
  • Implemented a mechanism to wait until all pods are running and ready before proceeding with further operations.
  • Display all available ConfigMaps for better configuration transparency.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@afdesk afdesk changed the title test(k8s): add more logs and details for troubleshouting test(k8s): update k8s integrtion test Nov 3, 2025
@afdesk afdesk requested a review from simar7 November 3, 2025 06:51
@afdesk afdesk marked this pull request as ready for review November 3, 2025 06:51
@afdesk afdesk requested a review from knqyf263 as a code owner November 3, 2025 06:51
@simar7 simar7 added this pull request to the merge queue Nov 24, 2025
Merged via the queue into aquasecurity:main with commit 5f9b695 Nov 24, 2025
15 checks passed
@knqyf263
Copy link
Collaborator

knqyf263 commented Nov 25, 2025

It's failing in the main branch.
https://github.com/aquasecurity/trivy/actions/runs/19641893412/job/56247277894

@afdesk
Copy link
Contributor Author

afdesk commented Nov 25, 2025
edited
Loading

It seems sometimes Trivy finds secrets in the next config map kube-root-ca.crt.

kube-root-ca.crt 
apiVersion: v1
data:
    ca.crt: |
      -----BEGIN CERTIFICATE-----
      MIIDBTCCAe2gAwIBAgIIevGLiei8dRQwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
      AxMKa3ViZXJuZXRlczAeFw0yNTExMjEwNDU4NDFaFw0zNTExMTkwNTAzNDFaMBUx
      EzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
      AoIBAQCzD2yR94dZDmuKi7ZADTjjMhIZOW8Y/LiwDzbioCYdbb0UEqUDtU6DoT+A
      VvtCFcWy21Ac6Hlga5a14Mc5FOWHkwxS3BbM01Wc4CGNhoKM5l6S4TgQszLRCK0k
      6K4Igxa+Qsvo0/5sjIPYPzauTKCzr8+fcLftUdEZo7CUOg3xFuE3EaJtBAEIDjma
      AYItMSd9I0OPuOIB2pM/L1BDIM3yrZZ/OaB1W8MTJtlf1a1irV/50rheKMwGwDUO
      GO3oYC95vWz0+zV0Z4tj00Pg5wx8RBVo5RTqxyXi5XwWHn021Y111FTAe2jxnYGr
      DsEjPprhUJRkT8EvvuMFJwf3b+GLAgMBAAGjWTBXMA4GA1UdDwEB/wQEAwICpDAP
      BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTGvpOganXH1F8NHqrTcrzEOcnTPDAV
      BgNVHREEDjAMggprdWJlcm5ldGVzMA0GCSqGSIb3DQEBCwUAA4IBAQA98hH54HVJ
      hX8UBvQsb8pVGmruaA52HuMC9O2oehUMkbF0osZIyvdhId0O6jhjA1Qi8TpSp7GZ
      1CkePld5lrYZ3lyH6lll3tgYWvbCv8wyhyaZZd1bw5zP4wmCpcXYhMe7rdSVy3u2
      GGfNC8/3gaXQvF7nMVGkdY++uwotfdbq/f0fzv3gPNh3JCvX/sESfE0hiYozFwJT
      D3OFa7zUQIbwePyP7UbzNU4Agkt4dSxSxC7ay/oxEMtmpq8JrVZ3feuEBHpmPauM
      9O9KpbZ1YOYBrbw7N+7PQKH2//DGC1fVoWB5kxlpcFD6y1g0WnsT2w9erFUTh5L6
      eBnULIwHXHMk
      -----END CERTIFICATE-----
kind: ConfigMap
metadata:
    annotations:
      kubernetes.io/description: Contains a CA bundle that can be used to verify the
        kube-apiserver when using internal endpoints such as the internal service
        IP or kubernetes.default.svc. No other usage is guaranteed across distributions
        of Kubernetes clusters.
    creationTimestamp: "2025-11-21T05:03:56Z"
    name: kube-root-ca.crt
    namespace: default
    resourceVersion: "326"
    uid: c591571e-f9cc-4538-b9dc-f0fcd9dbca35

@afdesk afdesk mentioned this pull request Nov 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 simar7 approved these changes

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@afdesk @knqyf263 @simar7