►
From YouTube: Kubernetes SIG Testing 2018-03-27
Description
A
B
B
But
I
was
trying
to
prioritize
those
might
be
a
good
idea
on
what
we're
actually
using
with
our
add-ons
and
obviously
it
would
also
help
with
our
API
coverage.
Just
have
a
what
are
we
covering
or
percentage,
and
so
we
looked
at
some
logs
I
think
we
have
some
things,
we're
looking
at
the
log
output
from
different
tools,
but
it
felt
more
complete
if
we
were
to
put
something
like
a
man-in-the-middle
proxy
and
record
all
of
those
calls
at
a
at
a
restful
level
and
compare
them
to
our
API
and
Spiker
definitions.
B
It's
a
based
on
some
other
work
that
uses
an
initializer
that
modifies
iptables
and
we
we
do
a
CSR
request
to
the
kubernetes
CA.
That
is,
has
the
same
C
names
and
as
the
API
server,
and
we
put
that
in
front
of
the
API
proxy
and
then
currently
were
setting
iptables
rules
in
the
initializer
for
the
destination.
B
B
B
A
Yeah
I
mean
I
have
to
review
that
the
good
that
he
looks
through
the
logs
and
I
guess
being
able
to
validate
the
format
of
incoming
requests
from
add-ons
seems
like
a
pretty
useful
thing.
What,
as
far
as
using
this
to
drive,
API
coverage
numbers
I'm
not
like
if
parsing
the
log
isn't
missing
anything
I'm,
not
sure
that
I'm
not
making
any
call
by
that
conduced.
My
first
blush
impression
is
like
this
who's.
B
That
for
the
kubernetes
add-ons
in
particular,
or
we
we
have
a
way
to
see
what
API
is
there
covered
easily
within
this
cuz
I
think
our
current
tooling
is
all
around
looking
at
the
output
logs
from
the
EDPs,
and
this
is
less
about
the
percentage
of
coverage.
I.
Think
then
prioritizing
what
tests
did
he
next
look
through
all
of
our
add-ons
and
kind
of
prioritize
which
add-ons
are
used
most
often
and
then
through
those
add-ons
which
API
calls
they
use.
B
Thinking
about
ways
to
handle
that,
because
we're
using
an
initializer
that
has
access
to
the
pod,
we
could
inject
some
things
there
to
identify
which,
because
it's
not
enough
just
to
do
the
token
or
the
secrets,
we
really
need
to
know
what
possibly,
what
container
and
also
what
pod
to
bring
that
into
the
lock.
So
we
can
sort
this
stuff
by,
even
with
in
a
particular
add-on
who's
making.
Those
calls
that
would
be
I.
Think
that
would
be
useful
that
we're
not
going
to
get
out
of
any
logs
early.
B
B
So
there's
several
ways
we
can
do
it
currently
we're
doing
it
via
an
IP
tables,
transparent
target
redirect,
based
on
the
variable
on
the
pod.
That
says
where
the
kubernetes
endpoint
is
but
a
cleaner
way.
We
thought
about
is
maybe
updating
the
environment
variable
to
point
to
a
unit
or
a
service
address,
and
then
using
a
CA
CSR
for
that
service
service
endpoint
and
running
the
proxy
there.
So
no
IP
tables
for
that
I
think.
C
One
thing
that
you
know
have
you
talked
to
Kenny
G
about:
he
he's
the
main
person
who
wrote
the
log,
analyzer
and
I
think
there
was
some
discussion
around
you
know
and
I.
Don't
think
there
was
a
consensus,
but
there
was
varying
opinions
about
whether
we
wanted
to
explicitly
look
at
the
calls
that
the
tests
were
making
versus.
You
know
calls
that
were
kind
of
just
randomly
happening
as
a
side
effect
of
you
know.
C
Maybe
I
make
a
call
here,
which
then
has
some
other
services
as
part
of
the
test,
and
so
that
would
potentially
give
like
you
know
a
differently.
You
know
it
may
make.
They
would
change
the
coverage
metrics
and
is
that
I
guess
it
yeah
I
mean
I,
guess
you
could
sort
of
look
at
where
you
could
sort
of
make
group
coverage
by
source
to
handle
some
I'm.
B
Hoping
that
we
can
take
it
a
bit
further
than
just
from
the
source
node,
but
down
not
just
to
the
pod
level
but
container.
So
if
an
add-on,
spins
up
multiple
containers
that
we
would
know
which
of
those
containers
are
making
those
API
calls
just
from
a
debugging
perspective
really,
but
also,
as
you
said,
is
this
part
of
our
test,
or
is
this
coming
from
random
things
that
we
don't
need
to
intercept?
B
Yep
I
can
send
a
link
to
the
initializer
okay.
We
basically
insert
an
IP
tables
rule
targeting
the
IP
address,
that's
mentioned
in
the
variable,
and
we
do
that
before
the
service
bench
a
table.
So
it's
really
the
first
pre
routing
rule.
So
we
win.
We
get
all
that
traffic
and
it
sits
at
the
pod
level,
really
I
think
I'm
looking
at
it
right
because
we're
initializing
the
pod.
So
it's
that's
global
to
the
pod,
but
I
still
like
the
idea
of
changing
that
bar
to
a
DNS
name
for
that
test
suite.
C
A
Cool,
that's
the
only
I,
don't
we
have
on
this
agenda
today.
So
unless
anybody
else
has
something
you
want
to
bring
up,
we
are
all
gonna,
go,
save
15
minutes.