migrate testcase 67564 from OTP to origin

BhargaviGudi · BhargaviGudi · commit f6be5a16bcd4 · 2026-05-12T14:33:22.000+05:30
diff --git a/test/extended/node/node_e2e/node.go b/test/extended/node/node_e2e/node.go
@@ -1,12 +1,18 @@
 package node
 
 import (
+	"context"
 	"path/filepath"
 	"strings"
 	"time"
 
 	g "github.com/onsi/ginkgo/v2"
 	o "github.com/onsi/gomega"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	policyv1 "k8s.io/api/policy/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/wait"
 	e2e "k8s.io/kubernetes/test/e2e/framework"
 
@@ -157,4 +163,126 @@ var _ = g.Describe("[sig-node] [Jira:Node/Kubelet] Kubelet, CRI-O, CPU manager",
 		e2e.Logf("/dev/fuse mount output: %s", output)
 		o.Expect(output).To(o.ContainSubstring("fuse"), "dev fuse is not mounted inside pod")
 	})
+
+	//author: bgudi@redhat.com
+	//migrated from openshift-tests-private
+	//automates: https://issues.redhat.com/browse/OCPBUGS-15035
+	g.It("[OTP] node's drain should block when PodDisruptionBudget minAvailable equals 100 percentage and selector is empty [Disruptive] [OCP-67564]", func() {
+		ctx := context.Background()
+		oc.SetupProject()
+		namespace := oc.Namespace()
+
+		g.By("Create a deployment with 6 replicas")
+		replicas := int32(6)
+		deployment := &appsv1.Deployment{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "hello-openshift",
+				Namespace: namespace,
+				Labels: map[string]string{
+					"app": "myapp",
+				},
+			},
+			Spec: appsv1.DeploymentSpec{
+				Replicas: &replicas,
+				Selector: &metav1.LabelSelector{
+					MatchLabels: map[string]string{
+						"app": "myapp",
+					},
+				},
+				Template: corev1.PodTemplateSpec{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "myapp",
+						Labels: map[string]string{
+							"app": "myapp",
+						},
+					},
+					Spec: corev1.PodSpec{
+						SecurityContext: &corev1.PodSecurityContext{
+							RunAsNonRoot: &[]bool{true}[0],
+							SeccompProfile: &corev1.SeccompProfile{
+								Type: corev1.SeccompProfileTypeRuntimeDefault,
+							},
+						},
+						Containers: []corev1.Container{
+							{
+								Name:  "myapp",
+								Image: "quay.io/openshifttest/hello-openshift@sha256:4200f438cf2e9446f6bcff9d67ceea1f69ed07a2f83363b7fb52529f7ddd8a83",
+								SecurityContext: &corev1.SecurityContext{
+									AllowPrivilegeEscalation: &[]bool{false}[0],
+									Capabilities: &corev1.Capabilities{
+										Drop: []corev1.Capability{"ALL"},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+		_, err := oc.KubeClient().AppsV1().Deployments(namespace).Create(ctx, deployment, metav1.CreateOptions{})
+		o.Expect(err).NotTo(o.HaveOccurred())
+		defer oc.KubeClient().AppsV1().Deployments(namespace).Delete(ctx, "hello-openshift", metav1.DeleteOptions{})
+
+		g.By("Wait for deployment to be ready")
+		err = wait.Poll(3*time.Second, 5*time.Minute, func() (bool, error) {
+			deploy, pollErr := oc.KubeClient().AppsV1().Deployments(namespace).Get(ctx, "hello-openshift", metav1.GetOptions{})
+			if pollErr != nil {
+				e2e.Logf("Error getting deployment: %v", pollErr)
+				return false, nil
+			}
+			if deploy.Status.ReadyReplicas == 6 {
+				e2e.Logf("Deployment is ready with %d replicas", deploy.Status.ReadyReplicas)
+				return true, nil
+			}
+			e2e.Logf("Waiting for deployment, ready replicas: %d/6", deploy.Status.ReadyReplicas)
+			return false, nil
+		})
+		o.Expect(err).NotTo(o.HaveOccurred(), "deployment did not become ready")
+
+		g.By("Create PodDisruptionBudget with 100% minAvailable")
+		pdb := &policyv1.PodDisruptionBudget{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "my-pdb",
+				Namespace: namespace,
+			},
+			Spec: policyv1.PodDisruptionBudgetSpec{
+				MinAvailable: &intstr.IntOrString{
+					Type:   intstr.String,
+					StrVal: "100%",
+				},
+				Selector: &metav1.LabelSelector{},
+			},
+		}
+		_, err = oc.KubeClient().PolicyV1().PodDisruptionBudgets(namespace).Create(ctx, pdb, metav1.CreateOptions{})
+		o.Expect(err).NotTo(o.HaveOccurred())
+		defer oc.KubeClient().PolicyV1().PodDisruptionBudgets(namespace).Delete(ctx, "my-pdb", metav1.DeleteOptions{})
+
+		g.By("Get a single worker node")
+		workerNode := nodeutils.GetSingleWorkerNode(ctx, oc)
+		e2e.Logf("Selected worker node: %s", workerNode)
+
+		g.By("Obtain the pods running on node " + workerNode)
+		podsInWorker, err := oc.AsAdmin().WithoutNamespace().Run("get").Args("pods", "-n", namespace, "-o=jsonpath={.items[?(@.spec.nodeName=='"+workerNode+"')].metadata.name}").Output()
+		o.Expect(err).NotTo(o.HaveOccurred())
+		o.Expect(len(strings.Split(podsInWorker, " "))).Should(o.BeNumerically(">", 0))
+
+		g.By("Make sure that PDB's status is False")
+		pdbStatus, err := oc.AsAdmin().WithoutNamespace().Run("get").Args("poddisruptionbudget", "my-pdb", "-n", namespace, "-o=jsonpath={.status.conditions[0].status}").Output()
+		o.Expect(err).NotTo(o.HaveOccurred())
+		o.Expect(strings.Contains(pdbStatus, "False")).Should(o.BeTrue())
+
+		g.By("Drain the node " + workerNode)
+		defer nodeutils.WaitClusterOperatorAvailable(ctx, oc)
+		defer oc.AsAdmin().WithoutNamespace().Run("adm").Args("uncordon", workerNode).Execute()
+
+		out, err := oc.AsAdmin().WithoutNamespace().Run("adm").Args("drain", workerNode, "--ignore-daemonsets", "--delete-emptydir-data", "--timeout=30s").Output()
+		o.Expect(err).To(o.HaveOccurred(), "Drain operation should have been blocked but it wasn't")
+		o.Expect(strings.Contains(out, "Cannot evict pod as it would violate the pod's disruption budget")).Should(o.BeTrue())
+		o.Expect(strings.Contains(out, "There are pending nodes to be drained")).Should(o.BeTrue())
+
+		g.By("Verify that the pods were not drained from the node")
+		podsAfterDrain, err := oc.AsAdmin().WithoutNamespace().Run("get").Args("pods", "-n", namespace, "-o=jsonpath={.items[?(@.spec.nodeName=='"+workerNode+"')].metadata.name}").Output()
+		o.Expect(err).NotTo(o.HaveOccurred())
+		o.Expect(podsInWorker).Should(o.BeIdenticalTo(podsAfterDrain))
+	})
 })
diff --git a/test/extended/node/node_utils.go b/test/extended/node/node_utils.go
@@ -741,3 +741,27 @@ func ensureDropInDirectoryExists(ctx context.Context, oc *exutil.CLI, dirPath st
 
 	return nil
 }
+
+// GetSingleWorkerNode returns the name of a single worker node
+func GetSingleWorkerNode(ctx context.Context, oc *exutil.CLI) string {
+	nodes, err := getNodesByLabel(ctx, oc, "node-role.kubernetes.io/worker")
+	o.Expect(err).NotTo(o.HaveOccurred())
+	o.Expect(nodes).NotTo(o.BeEmpty(), "No worker nodes found")
+	framework.Logf("Worker Node Name is %v", nodes[0].Name)
+	return nodes[0].Name
+}
+
+// WaitClusterOperatorAvailable waits for all cluster operators to be available
+func WaitClusterOperatorAvailable(ctx context.Context, oc *exutil.CLI) {
+	timeout := 120 * time.Minute
+
+	waitErr := wait.PollUntilContextTimeout(ctx, 10*time.Second, timeout, true, func(ctx context.Context) (bool, error) {
+		availableCOStatus, err := oc.AsAdmin().WithoutNamespace().Run("get").Args("clusteroperator", "-o=jsonpath={.items[*].status.conditions[?(@.type==\"Available\")].status}").Output()
+		if err != nil || strings.Contains(availableCOStatus, "False") {
+			framework.Logf("Some Cluster Operator is still Unavailable")
+			return false, nil
+		}
+		return true, nil
+	})
+	o.Expect(waitErr).NotTo(o.HaveOccurred(), "Some cluster operator is still unavailable after timeout")
+}
