From 88898492b3520e4ff35ee31e881af84a6d6f4aec Mon Sep 17 00:00:00 2001 From: Kasturi Narra Date: Tue, 10 Feb 2026 23:49:14 +0530 Subject: [PATCH] Fix kindnet POD_SUBNET mismatch in CNCF conformance tests --- .github/workflows/cncf-conformance.yaml | 75 ++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cncf-conformance.yaml b/.github/workflows/cncf-conformance.yaml index b620db04..41458023 100644 --- a/.github/workflows/cncf-conformance.yaml +++ b/.github/workflows/cncf-conformance.yaml @@ -94,6 +94,61 @@ jobs: sudo podman exec "${node}" systemctl disable firewalld || true done + # Deploy a DNS monitoring pod on node 2 (where test pods land) to capture + # TCP DNS behavior throughout the conformance tests. Use kube-system + # namespace to survive sonobuoy cleanup. + echo "" + echo "Starting background TCP DNS monitor on microshift-okd-2..." + cat > /tmp/dns-monitor.yaml <<'EOF' + apiVersion: v1 + kind: Pod + metadata: + name: dns-monitor + namespace: kube-system + spec: + nodeName: microshift-okd-2 + restartPolicy: Never + containers: + - name: monitor + image: registry.k8s.io/e2e-test-images/jessie-dnsutils:1.7 + command: ["sleep", "86400"] + EOF + sed -i 's/^ //' /tmp/dns-monitor.yaml + make env CMD="kubectl apply -f /tmp/dns-monitor.yaml" || true + make env CMD="kubectl -n kube-system wait --for=condition=Ready pod/dns-monitor --timeout=60s" || true + + # Write a probe script and copy it into the monitor pod + cat > /tmp/dns-probe.sh <<'PROBE' + #!/bin/sh + echo "=== resolv.conf ===" + cat /etc/resolv.conf + echo "" + echo "=== UDP short ===" + dig +notcp +short kubernetes.default.svc.cluster.local A 2>&1 || true + echo "=== TCP short ===" + dig +tcp +short +time=3 +tries=1 kubernetes.default.svc.cluster.local A 2>&1 || true + echo "=== TCP full ===" + dig +tcp +time=3 +tries=1 kubernetes.default.svc.cluster.local A 2>&1 || true + echo "=== TCP +noall +answer +search (same flags as e2e test) ===" + dig +tcp +noall +answer +search kubernetes.default.svc.cluster.local A 2>&1 + echo "exit_code=$?" + PROBE + make env CMD="kubectl -n kube-system cp /tmp/dns-probe.sh dns-monitor:/tmp/dns-probe.sh" || true + + # Start background monitoring loop - one make env call per 60s probe + echo "Starting background DNS probe loop..." + ( + sleep 30 + i=0 + while true; do + i=$((i+1)) + echo "--- probe $i at $(date +%H:%M:%S) ---" + make env CMD="kubectl -n kube-system exec dns-monitor -- sh /tmp/dns-probe.sh" 2>&1 || true + sleep 60 + done + ) > /tmp/dns-monitor.log 2>&1 & + echo "DNS monitor PID: $!" + - name: Configure hostname resolution for cluster nodes shell: bash run: | @@ -109,7 +164,7 @@ jobs: ip=$(sudo podman inspect "$node" | jq -r '.[].NetworkSettings.Networks | to_entries[0].value.IPAddress') if [ -n "$ip" ] && [ "$ip" != "null" ]; then echo "$ip $node" | sudo tee -a /etc/hosts - echo " ✓ Added: $ip $node" + echo " Added: $ip $node" else echo "ERROR: Could not get IP address for node: $node" exit 1 @@ -120,7 +175,7 @@ jobs: echo "Verifying hostname resolution:" for node in microshift-okd-1 microshift-okd-2; do if getent hosts "$node" > /dev/null 2>&1; then - echo " ✓ $node resolves successfully" + echo " $node resolves successfully" else echo "ERROR: Hostname resolution failed for node: $node" exit 1 @@ -148,6 +203,22 @@ jobs: path: /tmp/sonobuoy-output/ retention-days: 30 + - name: Collect DNS monitor logs + if: always() + shell: bash + run: | + echo "=== DNS Monitor Pod Status ===" + make env CMD="kubectl -n kube-system get pod dns-monitor -o wide" || true + echo "" + echo "=== DNS Monitor Background Logs ===" + cat /tmp/dns-monitor.log 2>/dev/null || echo "(no monitor log found)" + echo "" + echo "=== CoreDNS pod status ===" + make env CMD="kubectl -n openshift-dns get pods -o wide" || true + echo "" + echo "=== Cleanup monitor pod ===" + make env CMD="kubectl -n kube-system delete pod dns-monitor --force --grace-period=0" || true + - name: Clean up Sonobuoy resources if: always() shell: bash