liggitt

{
  "apiVersion": "certificates.k8s.io/v1",
  "kind": "CertificateSigningRequest",
  "metadata": { "name": "test" },
  "spec": {
      "signerName": "example.com/signer",
      "usages": ["any"],
      "request": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQnlqQ0NBVE1DQVFBd2dZa3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJRXdwRFlXeHBabTl5Ym1saApNUll3RkFZRFZRUUhFdzFOYjNWdWRHRnBiaUJXYVdWM01STXdFUVlEVlFRS0V3cEhiMjluYkdVZ1NXNWpNUjh3CkhRWURWUVFMRXhaSmJtWnZjbTFoZEdsdmJpQlVaV05vYm05c2IyZDVNUmN3RlFZRFZRUURFdzUzZDNjdVoyOXYKWjJ4bExtTnZiVENCbnpBTkJna3Foa2lHOXcwQkFRRUZBQU9CalFBd2dZa0NnWUVBcFp0WUpDSEo0VnBWWEhmVgpJbHN0UVRsTzRxQzAzaGpYK1prUHl2ZFlkMVE0K3FiQWVUd1htQ1VLWUhUaFZSZDVhWFNxbFB6eUlCd2llTVpyCldGbFJRZGRaMUl6WEFsVlJEV3dBbzYwS2VjcWVBWG5uVUsrNWZYb1RJL1VnV3NocmU4dEoreC9UTUhhUUtSL0oKY0lXUGhxYVFoc0p1elpidkFkR0E4MEJMeGRNQ0F3RUFBYUFBTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUlobAo0UHZGcStlN2lwQVJnSTVaTStHWng2bXBDejQ0RFRvMEprd2ZSRGYrQnRyc2FDMHE2OGVUZjJYaFlPc3E0ZmtIClEwdUEwYVZvZzNmNWlKeENhM0hwNWd4YkpRNnpWNmtKMFRFc3VhYU9oRWtvOXNkcENvUE

liggitt

# run on k8s.io/kubernetes checkout at 99190634ab252604a4496882912ac328542d649d
# go version 1.20.6

govulncheck -scan module  -json -test ./... > module_test.json
govulncheck -scan module  -json       ./... > module.json
govulncheck -scan package -json -test ./... > package_test.json
govulncheck -scan package -json       ./... > package.json
govulncheck -scan symbol  -json -test ./... > symbol_test.json
govulncheck -scan symbol  -json       ./... > symbol.json

liggitt

# Apply like this to bypass client-side validation and exercise server-side validation:
#
# kubectl apply -f cel-type-mismatch.yaml --validate=false

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: mismatches.example.com
spec:
  group: example.com

liggitt

API Changes

What APIs?

• REST APIs
  • built-in go-based APIs
  • custom resources
    • x-k8s.io - experimental, fast prototyping
    • k8s.io - "official", get API reviewed
  • most difficult to change over time
• all (non-alpha) versions have to round-trip to each other losslessly

liggitt

kind: Pod
apiVersion: v1
metadata:
  name: baseline-pod
spec:
  containers:
  - name: default
    image: k8s.gcr.io/pause:3.2

liggitt

package main

import (
	"fmt"
	"runtime"
	"sync"
	"time"
)

func main() {

liggitt

Video

This content was presented at a sig-testing meeting on 8/25/2020, available as a video here

Links / References

• http://git.k8s.io/community/contributors/devel/sig-testing/flaky-tests.md
• https://github.com/kubernetes/kubernetes/labels/kind%2Fflake
• http://storage.googleapis.com/k8s-metrics/flakes-latest.json
• https://testgrid.k8s.io

liggitt

apiVersion: example.com/v1
kind: Scaler
metadata:
  name: foo
spec:
  replicas: 1

liggitt

{
    "manifest_version": 2,
    "content_scripts": [ {
        "exclude_globs":    [  ],
        "include_globs":    [  ],
        "js":               [ "github-review.user.js" ],
        "matches":          [   "https://*.github.com/*",
                                "https://github.com/*"
                            ],
        "run_at": "document_end"

liggitt

package main

import (
	"fmt"
	"os"

	"github.com/spf13/pflag"

	"k8s.io/apimachinery/pkg/api/meta"
	"k8s.io/cli-runtime/pkg/genericclioptions"