Skip to content

Unable to run e2e tests on CRC cluster with OpenShift 4.18.2 #1436

New issue
New issue
Closed
#1465
Closed
Unable to run e2e tests on CRC cluster with OpenShift 4.18.2#1436
#1465
Assignees
rohanKanojia
Milestone
v0.36.x
@rohanKanojia

Description

@rohanKanojia
rohanKanojia
opened on May 20, 2025

Description

When I'm trying to run DWO e2e tests on my CRC cluster that's running OpenShift 4.18, I'm getting this error:

2025/05/20 17:38:32 Running DevWorkspace Controller e2e tests...
Running Suite: Workspaces Controller Operator Tests - /home/rohan/go/src/github.com/devfile/devworkspace-operator
=================================================================================================================
Random Seed: 1747742912

Will run 4 of 4 specs
2025/05/20 17:38:32 Starting to setup objects before run ginkgo suite
2025/05/20 17:38:33 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 9s
2025/05/20 17:38:34 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 8s
2025/05/20 17:38:35 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 7s
2025/05/20 17:38:36 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 6s
2025/05/20 17:38:37 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 5s
2025/05/20 17:38:38 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 4s
2025/05/20 17:38:39 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 3s
2025/05/20 17:38:40 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 2s
2025/05/20 17:38:41 ServiceAccount 'test-terminal-namespace/terminal-test' token is not found yet. Waiting 1s until it's removed. Will time out in 1s

It seems the test is polling for a Secret for ServiceAccount token to be found, which is not getting created:

devworkspace-operator/test/e2e/cmd/workspaces_test.go

Line 82 in efb5ad6

token, err := config.AdminK8sClient.WaitSAToken(config.DevWorkspaceNamespace, testServiceAccount)

Not 100% sure but I think this behavior might be due to recent changes in Kubernetes that don't create ServiceAccount tokens automatically:

https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#manual-secret-management-for-serviceaccounts

Versions of Kubernetes before v1.22 automatically created credentials for accessing the Kubernetes API. This older mechanism was based on creating token Secrets that could then be mounted into running Pods.

In more recent versions, including Kubernetes v1.33, API credentials are obtained directly using the TokenRequest API, and are mounted into Pods using a projected volume. The tokens obtained using this method have bounded lifetimes, and are automatically invalidated when the Pod they are mounted into is deleted.

You can still manually create a Secret to hold a service account token; for example, if you need a token that never expires.

If this is the case, we might need to adapt our tests to handle this. In my case I was able to resolve this issue by changing polling secret code to creating secret for ServiceAccount.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions