debug stale webhook config map

dprotaso · dprotaso · commit 10135da22721 · 2026-03-13T21:13:10.000-04:00
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -182,9 +182,9 @@ linters:
       - legacy
       - std-error-handling
     rules:
-      - linters:
-          - staticcheck
-        text: corev1.Endpoint.* is deprecated
+      # - linters:
+      #     - staticcheck
+      #   text: corev1.Endpoint.* is deprecated
       - linters:
           - staticcheck
         text: NewSimpleClientset is deprecated
diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh
@@ -67,106 +67,109 @@ if (( SHORT )); then
   GO_TEST_FLAGS+=("-short")
 fi
 
-go_test_e2e -timeout=50m \
-  "${GO_TEST_FLAGS[@]}" \
-  ./test/conformance/api/... \
-  ./test/conformance/runtime/... \
-  ./test/e2e \
-  "${E2E_TEST_FLAGS[@]}" || failed=1
-
-toggle_feature tag-header-based-routing Enabled
-go_test_e2e -timeout=2m ./test/e2e/tagheader "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature tag-header-based-routing Disabled
-
-toggle_feature allow-zero-initial-scale true config-autoscaler || fail_test
-go_test_e2e -timeout=2m ./test/e2e/initscale "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature allow-zero-initial-scale false config-autoscaler || fail_test
-
-go_test_e2e -timeout=2m ./test/e2e/domainmapping "${E2E_TEST_FLAGS[@]}" || failed=1
-
-toggle_feature cluster-local-domain-tls enabled config-network || fail_test
-go_test_e2e -timeout=2m ./test/e2e/clusterlocaldomaintls "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature cluster-local-domain-tls disabled config-network || fail_test
-
-toggle_feature system-internal-tls enabled config-network || fail_test
-toggle_feature "logging.enable-request-log" true config-observability || fail_test
-toggle_feature "logging.request-log-template" "TLS: {{.Request.TLS}}" config-observability || fail_test
-# with current implementation, Activator must be restarted when configuring system-internal-tls. See https://github.com/knative/serving/issues/13754
-restart_pod "${SYSTEM_NAMESPACE}" "app=activator"
-
-# we need to restart the pod in order to start the net-certmanager-controller
-if (( ! HTTPS )); then
-  restart_pod "${SYSTEM_NAMESPACE}" "app=controller"
-fi
-go_test_e2e -timeout=3m ./test/e2e/systeminternaltls "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature system-internal-tls disabled config-network || fail_test
-toggle_feature "logging.enable-request-log" false config-observability || fail_test
-toggle_feature "logging.request-log-template" '' config-observability || fail_test
-# with the current implementation, Activator is always in the request path, and needs to be restarted after configuring system-internal-tls
-restart_pod "${SYSTEM_NAMESPACE}" "app=activator"
-
-# we need to restart the pod to stop the net-certmanager-controller
-if (( ! HTTPS )); then
-  restart_pod "${SYSTEM_NAMESPACE}" "app=controller"
-  kubectl get leases -n "${SYSTEM_NAMESPACE}" -o json | jq -r '.items[] | select(.metadata.name | test("controller.knative.dev.serving.pkg.reconciler.certificate.reconciler")).metadata.name' | xargs kubectl delete lease -n "${SYSTEM_NAMESPACE}"
-fi
-
-kubectl get cm "config-gc" -n "${SYSTEM_NAMESPACE}" -o yaml > "${TMP_DIR}"/config-gc.yaml
-add_trap "kubectl replace cm 'config-gc' -n ${SYSTEM_NAMESPACE} -f ${TMP_DIR}/config-gc.yaml" SIGKILL SIGTERM SIGQUIT
-immediate_gc
-go_test_e2e -timeout=2m ./test/e2e/gc "${E2E_TEST_FLAGS[@]}" || failed=1
-kubectl replace cm "config-gc" -n "${SYSTEM_NAMESPACE}" -f "${TMP_DIR}"/config-gc.yaml
-
-# Run scale tests.
-# Note that we use a very high -parallel because each ksvc is run as its own
-# sub-test. If this is not larger than the maximum scale tested then the test
-# simply cannot pass.
-# TODO - Renable once we get this reliably passing on GKE 1.21
-# go_test_e2e -timeout=20m -parallel=300 ./test/scale "${E2E_TEST_FLAGS[@]}" || failed=1
-
-# Run HPA tests
-go_test_e2e -timeout=30m -tags=hpa ./test/e2e "${E2E_TEST_FLAGS[@]}" || failed=1
-
-# Run initContainers tests with alpha enabled avoiding any issues with the testing options guard above
-# InitContainers test uses emptyDir.
-toggle_feature kubernetes.podspec-init-containers Enabled
-go_test_e2e -timeout=2m ./test/e2e/initcontainers "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature kubernetes.podspec-init-containers Disabled
-
-# Run multi-container probe tests
-toggle_feature multi-container-probing Enabled
-go_test_e2e -timeout=2m ./test/e2e/multicontainerprobing "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature multi-container-probing Disabled
-
-# RUN PVC tests with default storage class.
-toggle_feature kubernetes.podspec-persistent-volume-claim Enabled
-toggle_feature kubernetes.podspec-persistent-volume-write Enabled
-toggle_feature kubernetes.podspec-securitycontext Enabled
-go_test_e2e -timeout=5m ./test/e2e/pvc "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature kubernetes.podspec-securitycontext Disabled
-toggle_feature kubernetes.podspec-persistent-volume-write Disabled
-toggle_feature kubernetes.podspec-persistent-volume-claim Disabled
-
-# RUN secure pod defaults test in a separate install.
-toggle_feature secure-pod-defaults Enabled
-go_test_e2e -timeout=3m ./test/e2e/securedefaults "${E2E_TEST_FLAGS[@]}" || failed=1
-toggle_feature secure-pod-defaults Disabled
-
-# Run HA tests separately as they're stopping core Knative Serving pods.
-# Define short -spoofinterval to ensure frequent probing while stopping pods.
-go_test_e2e -timeout=30m -failfast -parallel=1 ./test/ha \
-  "${E2E_TEST_FLAGS[@]}" \
-  -replicas="${REPLICAS:-1}" \
-  -buckets="${BUCKETS:-1}" \
-  -spoofinterval="10ms" || failed=1
-
-if (( HTTPS )); then
-  kubectl delete -f "${E2E_YAML_DIR}"/test/config/externaldomaintls/certmanager/caissuer/ --ignore-not-found
-  toggle_feature external-domain-tls Disabled config-network
-  # we need to restart the pod to stop the net-certmanager-controller
-  restart_pod "${SYSTEM_NAMESPACE}" "app=controller"
-  kubectl get leases -n "${SYSTEM_NAMESPACE}" -o json | jq -r '.items[] | select(.metadata.name | test("controller.knative.dev.serving.pkg.reconciler.certificate.reconciler")).metadata.name' | xargs kubectl delete lease -n "${SYSTEM_NAMESPACE}"
-fi
+# go_test_e2e -timeout=50m \
+#   "${GO_TEST_FLAGS[@]}" \
+#   ./test/conformance/api/... \
+#   ./test/conformance/runtime/... \
+#   ./test/e2e \
+#   "${E2E_TEST_FLAGS[@]}" || failed=1
+#
+# toggle_feature tag-header-based-routing Enabled
+# go_test_e2e -timeout=2m ./test/e2e/tagheader "${E2E_TEST_FLAGS[@]}" || failed=1
+# toggle_feature tag-header-based-routing Disabled
+
+for i in {1..20}; do
+  export TEST_RUN=$i
+  toggle_feature allow-zero-initial-scale true config-autoscaler || fail_test
+  go_test_e2e -timeout=2m ./test/e2e/initscale "${E2E_TEST_FLAGS[@]}" || failed=1
+  toggle_feature allow-zero-initial-scale false config-autoscaler || fail_test
+done
+
+# go_test_e2e -timeout=2m ./test/e2e/domainmapping "${E2E_TEST_FLAGS[@]}" || failed=1
+#
+# toggle_feature cluster-local-domain-tls enabled config-network || fail_test
+# go_test_e2e -timeout=2m ./test/e2e/clusterlocaldomaintls "${E2E_TEST_FLAGS[@]}" || failed=1
+# toggle_feature cluster-local-domain-tls disabled config-network || fail_test
+#
+# toggle_feature system-internal-tls enabled config-network || fail_test
+# toggle_feature "logging.enable-request-log" true config-observability || fail_test
+# toggle_feature "logging.request-log-template" "TLS: {{.Request.TLS}}" config-observability || fail_test
+# # with current implementation, Activator must be restarted when configuring system-internal-tls. See https://github.com/knative/serving/issues/13754
+# restart_pod "${SYSTEM_NAMESPACE}" "app=activator"
+#
+# # we need to restart the pod in order to start the net-certmanager-controller
+# if (( ! HTTPS )); then
+#   restart_pod "${SYSTEM_NAMESPACE}" "app=controller"
+# fi
+# go_test_e2e -timeout=3m ./test/e2e/systeminternaltls "${E2E_TEST_FLAGS[@]}" || failed=1
+# toggle_feature system-internal-tls disabled config-network || fail_test
+# toggle_feature "logging.enable-request-log" false config-observability || fail_test
+# toggle_feature "logging.request-log-template" '' config-observability || fail_test
+# # with the current implementation, Activator is always in the request path, and needs to be restarted after configuring system-internal-tls
+# restart_pod "${SYSTEM_NAMESPACE}" "app=activator"
+#
+# # we need to restart the pod to stop the net-certmanager-controller
+# if (( ! HTTPS )); then
+#   restart_pod "${SYSTEM_NAMESPACE}" "app=controller"
+#   kubectl get leases -n "${SYSTEM_NAMESPACE}" -o json | jq -r '.items[] | select(.metadata.name | test("controller.knative.dev.serving.pkg.reconciler.certificate.reconciler")).metadata.name' | xargs kubectl delete lease -n "${SYSTEM_NAMESPACE}"
+# fi
+#
+# kubectl get cm "config-gc" -n "${SYSTEM_NAMESPACE}" -o yaml > "${TMP_DIR}"/config-gc.yaml
+# add_trap "kubectl replace cm 'config-gc' -n ${SYSTEM_NAMESPACE} -f ${TMP_DIR}/config-gc.yaml" SIGKILL SIGTERM SIGQUIT
+# immediate_gc
+# go_test_e2e -timeout=2m ./test/e2e/gc "${E2E_TEST_FLAGS[@]}" || failed=1
+# kubectl replace cm "config-gc" -n "${SYSTEM_NAMESPACE}" -f "${TMP_DIR}"/config-gc.yaml
+#
+# # Run scale tests.
+# # Note that we use a very high -parallel because each ksvc is run as its own
+# # sub-test. If this is not larger than the maximum scale tested then the test
+# # simply cannot pass.
+# # TODO - Renable once we get this reliably passing on GKE 1.21
+# # go_test_e2e -timeout=20m -parallel=300 ./test/scale "${E2E_TEST_FLAGS[@]}" || failed=1
+#
+# # Run HPA tests
+# go_test_e2e -timeout=30m -tags=hpa ./test/e2e "${E2E_TEST_FLAGS[@]}" || failed=1
+#
+# # Run initContainers tests with alpha enabled avoiding any issues with the testing options guard above
+# # InitContainers test uses emptyDir.
+# toggle_feature kubernetes.podspec-init-containers Enabled
+# go_test_e2e -timeout=2m ./test/e2e/initcontainers "${E2E_TEST_FLAGS[@]}" || failed=1
+# toggle_feature kubernetes.podspec-init-containers Disabled
+#
+# # Run multi-container probe tests
+# toggle_feature multi-container-probing Enabled
+# go_test_e2e -timeout=2m ./test/e2e/multicontainerprobing "${E2E_TEST_FLAGS[@]}" || failed=1
+# toggle_feature multi-container-probing Disabled
+#
+# # RUN PVC tests with default storage class.
+# toggle_feature kubernetes.podspec-persistent-volume-claim Enabled
+# toggle_feature kubernetes.podspec-persistent-volume-write Enabled
+# toggle_feature kubernetes.podspec-securitycontext Enabled
+# go_test_e2e -timeout=5m ./test/e2e/pvc "${E2E_TEST_FLAGS[@]}" || failed=1
+# toggle_feature kubernetes.podspec-securitycontext Disabled
+# toggle_feature kubernetes.podspec-persistent-volume-write Disabled
+# toggle_feature kubernetes.podspec-persistent-volume-claim Disabled
+#
+# # RUN secure pod defaults test in a separate install.
+# toggle_feature secure-pod-defaults Enabled
+# go_test_e2e -timeout=3m ./test/e2e/securedefaults "${E2E_TEST_FLAGS[@]}" || failed=1
+# toggle_feature secure-pod-defaults Disabled
+#
+# # Run HA tests separately as they're stopping core Knative Serving pods.
+# # Define short -spoofinterval to ensure frequent probing while stopping pods.
+# go_test_e2e -timeout=30m -failfast -parallel=1 ./test/ha \
+#   "${E2E_TEST_FLAGS[@]}" \
+#   -replicas="${REPLICAS:-1}" \
+#   -buckets="${BUCKETS:-1}" \
+#   -spoofinterval="10ms" || failed=1
+#
+# if (( HTTPS )); then
+#   kubectl delete -f "${E2E_YAML_DIR}"/test/config/externaldomaintls/certmanager/caissuer/ --ignore-not-found
+#   toggle_feature external-domain-tls Disabled config-network
+#   # we need to restart the pod to stop the net-certmanager-controller
+#   restart_pod "${SYSTEM_NAMESPACE}" "app=controller"
+#   kubectl get leases -n "${SYSTEM_NAMESPACE}" -o json | jq -r '.items[] | select(.metadata.name | test("controller.knative.dev.serving.pkg.reconciler.certificate.reconciler")).metadata.name' | xargs kubectl delete lease -n "${SYSTEM_NAMESPACE}"
+# fi
 
 (( failed )) && fail_test
 
diff --git a/test/e2e/initscale/initial_scale_zero_test.go b/test/e2e/initscale/initial_scale_zero_test.go
@@ -20,6 +20,7 @@ limitations under the License.
 package initscale
 
 import (
+	"os"
 	"testing"
 
 	"knative.dev/serving/test"
@@ -30,16 +31,18 @@ import (
 // the revision level. This test runs after the cluster wide flag allow-zero-initial-scale
 // is set to true.
 func TestInitScaleZero(t *testing.T) {
-	t.Parallel()
+	t.Run(os.Getenv("TEST_RUN"), func(t *testing.T) {
+		t.Parallel()
 
-	clients := e2e.Setup(t)
-	names := test.ResourceNames{
-		Config: test.ObjectNameForTest(t),
-		Image:  test.HelloWorld,
-	}
+		clients := e2e.Setup(t)
+		names := test.ResourceNames{
+			Config: test.ObjectNameForTest(t),
+			Image:  test.HelloWorld,
+		}
 
-	test.EnsureTearDown(t, clients, &names)
+		test.EnsureTearDown(t, clients, &names)
 
-	t.Log("Creating a new Configuration with initial scale zero and verifying that no pods are created")
-	e2e.CreateAndVerifyInitialScaleConfiguration(t, clients, names, 0)
+		t.Log("Creating a new Configuration with initial scale zero and verifying that no pods are created")
+		e2e.CreateAndVerifyInitialScaleConfiguration(t, clients, names, 0)
+	})
 }
diff --git a/vendor/knative.dev/pkg/configmap/informer/informed_watcher.go b/vendor/knative.dev/pkg/configmap/informer/informed_watcher.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"fmt"
 
+	"go.uber.org/zap"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -99,6 +100,8 @@ type InformedWatcher struct {
 	// of registering and notifying observers. This simplifies the
 	// InformedWatcher to just setting up the Kubernetes informer.
 	configmap.ManualWatcher
+
+	Logger *zap.SugaredLogger
 }
 
 // Asserts that InformedWatcher implements Watcher.
@@ -218,15 +221,27 @@ func (i *InformedWatcher) checkObservedResourcesExist() error {
 func (i *InformedWatcher) addConfigMapEvent(obj interface{}) {
 	configMap := obj.(*corev1.ConfigMap)
 	i.OnChange(configMap)
+
+	if i.Logger != nil {
+		i.Logger.Warnf("config map %q added: %#v", configMap)
+	}
 }
 
 func (i *InformedWatcher) updateConfigMapEvent(o, n interface{}) {
+	configMap := n.(*corev1.ConfigMap)
+
 	// Ignore updates that are idempotent. We are seeing those
 	// periodically.
 	if equality.Semantic.DeepEqual(o, n) {
+		if i.Logger != nil {
+			i.Logger.Warnf("config map update ignored %s", configMap.Name)
+		}
 		return
 	}
-	configMap := n.(*corev1.ConfigMap)
+
+	if i.Logger != nil {
+		i.Logger.Warnf("config map %q updated: %#v", configMap)
+	}
 	i.OnChange(configMap)
 }
 
@@ -246,6 +261,10 @@ func (i *InformedWatcher) deleteConfigMapEvent(obj interface{}) {
 		return
 	}
 
+	if i.Logger != nil {
+		i.Logger.Warnf("config map %q deleted: %#v", configMap)
+	}
+
 	if def, ok := i.defaults[configMap.Name]; ok {
 		i.OnChange(def)
 	}
diff --git a/vendor/knative.dev/pkg/injection/sharedmain/main.go b/vendor/knative.dev/pkg/injection/sharedmain/main.go
@@ -479,7 +479,9 @@ func SetupConfigMapWatchOrDie(ctx context.Context, logger *zap.SugaredLogger) *c
 		cmLabelReqs = append(cmLabelReqs, *req)
 	}
 	// TODO(mattmoor): This should itself take a context and be injection-based.
-	return cminformer.NewInformedWatcher(kc, system.Namespace(), cmLabelReqs...)
+	cmw := cminformer.NewInformedWatcher(kc, system.Namespace(), cmLabelReqs...)
+	cmw.Logger = logger.Named("cmw")
+	return cmw
 }
 
 // WatchLoggingConfigOrDie establishes a watch of the logging config or dies by

Original file line number	Diff line number	Diff line change
`@@ -479,7 +479,9 @@ func SetupConfigMapWatchOrDie(ctx context.Context, logger zap.SugaredLogger) c`
`479`	`479`	`cmLabelReqs = append(cmLabelReqs, *req)`
`480`	`480`	`}`
`481`	`481`	`// TODO(mattmoor): This should itself take a context and be injection-based.`
`482`		`- return cminformer.NewInformedWatcher(kc, system.Namespace(), cmLabelReqs...)`
	`482`	`+ cmw := cminformer.NewInformedWatcher(kc, system.Namespace(), cmLabelReqs...)`
	`483`	`+ cmw.Logger = logger.Named("cmw")`
	`484`	`+ return cmw`
`483`	`485`	`}`
`484`	`486`
`485`	`487`	`// WatchLoggingConfigOrDie establishes a watch of the logging config or dies by`