Skip to content

failing e2e test: dryrun-latest #3202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
neolit123 opened this issue May 21, 2025 · 4 comments · Fixed by kubernetes/kubernetes#131880
Closed

failing e2e test: dryrun-latest #3202

neolit123 opened this issue May 21, 2025 · 4 comments · Fixed by kubernetes/kubernetes#131880
Labels
kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Milestone
v1.34

Comments

@neolit123
Copy link
Member

failing since yesterday
https://testgrid.k8s.io/sig-cluster-lifecycle-kubeadm#kubeadm-kinder-dryrun-latest

https://storage.googleapis.com/kubernetes-ci-logs/logs/ci-kubernetes-e2e-kubeadm-kinder-dryrun-latest/1924882460127006720/build-log.txt

failed to verify JWS signature of received cluster info object, can't trust this API Server
k8s.io/kubernetes/cmd/kubeadm/app/discovery/token.validateClusterInfoToken
	k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/token.go:185
k8s.io/kubernetes/cmd/kubeadm/app/discovery/token.retrieveValidatedConfigInfo
	k8s.io/kubernetes/cmd/kubeadm/app/discovery/token/token.go:96
k8s.io/kubernetes/cmd/kubeadm/app/discovery/token.RetrieveValidatedConfigInfo

suspect PRs
@neolit123 neolit123 added priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. labels May 21, 2025
@neolit123 neolit123 added this to the v1.34 milestone May 21, 2025
@neolit123
Copy link
Member Author

confirmed it's the second pr 131741 that broke this

adhoc test failed here:
https://github.com/neolit123/kubeadm-test/actions/runs/15157540968

@neolit123
Copy link
Member Author

reproduced it with this locally

sudo kubeadm join 192.168.0.101:6443 --control-plane --token abcdef.abcdef0123456789 --discovery-token-ca-cert-hash sha256:3b793efefe27a19f93b0fbe6e637e9c41d0dde8a377d6ab1c0f656bf1136dd8a --certificate-key 2e3c4239bc78c27f40530ddc2df7049a2c5ff146e5a702e9c9b6cdbec70df9f3 --ignore-preflight-errors=all --dry-run --v=6

@neolit123
Copy link
Member Author

tested this fix locally and it works

diff --git a/cmd/kubeadm/app/util/apiclient/dryrun.go b/cmd/kubeadm/app/util/apiclient/dryrun.go
index c677e4c502e..0d879a44106 100644
--- a/cmd/kubeadm/app/util/apiclient/dryrun.go
+++ b/cmd/kubeadm/app/util/apiclient/dryrun.go
@@ -610,7 +610,7 @@ kind: Config
 users: null
 `)
        data := map[string]string{
-               bootstrapapi.JWSSignatureKeyPrefix + "abcdef": "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiY2RlZiJ9..wUZ0q9o0VK1RWFptmSBOEem2bXHWrHyxrposHg0mb1w",
+               bootstrapapi.JWSSignatureKeyPrefix + "abcdef": "eyJhbGciOiJIUzI1NiIsImtpZCI6ImFiY2RlZiJ9..rh3cVKiU2mdt3CqHzC81sNE-4WQLRHMtXduHWfSbrIM",
                bootstrapapi.KubeConfigKey:                    kubeconfig,
        }
        return getConfigMap(metav1.NamespacePublic, bootstrapapi.ConfigMapClusterInfo, data)

what happened is that they changed the cluster-info config map used for dry-run, so we must recalculate a new JWS signature from the changed config-map, or the function DetachedTokenIsValid from k8s.io/cluster-bootstrap/token/jws/jws.go will return false during the validation of cluster-info from kubeadm.

This was referenced May 21, 2025
Merged
Merged
@neolit123
Copy link
Member Author

fix pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Projects
None yet
Milestone
v1.34
Development

Successfully merging a pull request may close this issue.

kubeadm: fix dryrun-latest e2e by updating cluster-info fixture neolit123/kubernetes
1 participant
@neolit123