helpers/helm: skip img-puller namespace in Hyper-V webhook by rzlink · Pull Request #563 · kubernetes-sigs/windows-testing

rzlink · 2026-05-20T23:31:14Z

What this PR does / why we need it

The e2e suite's img-puller namespace (created by test/e2e/e2e.go::prepullImages) runs DaemonSets that prewarm the Windows test images on every Windows worker. The Hyper-V webhook currently injects runhcs-wcow-hypervisor into these puller pods, turning each one into a Hyper-V UVM that holds ~500 MiB of host memory for the entire suite duration — and in practice deadlocks --prepull-images=true at SynchronizedBeforeSuite.

This PR adds a namespaceSelector that excludes namespaces labeled e2e-framework=img-puller (the label framework.CreateTestingNS sets on that namespace).

Verification

Validated on a CAPZ Hyper-V cluster (WS2025, k8s v1.37.0-alpha): a full hyperv-serial-slow run with --prepull-images=true now completes SynchronizedBeforeSuite in 76 s instead of deadlocking, and img-puller pods admit with no runtimeClassName.

Release note

NONE

The e2e suite's img-puller namespace (test/e2e/e2e.go::prepullImages) runs Linux helper DaemonSets to prewarm Windows images. Injecting runhcs-wcow-hypervisor into these pods makes them undeployable, which deadlocks --prepull-images=true at SynchronizedBeforeSuite and otherwise holds ~500 MiB/node of UVM overhead for the entire suite duration. Exclude namespaces labeled e2e-framework=img-puller via a namespaceSelector. The label is set by framework.CreateTestingNS and is stable across runs even though the namespace name has a random suffix. Verified on a CAPZ Hyper-V cluster (WS2025, k8s v1.37.0-alpha): a full hyperv-serial-slow run with --prepull-images=true now completes SynchronizedBeforeSuite in 76 s instead of deadlocking, and img-puller pods admit with no runtimeClassName.

k8s-ci-robot · 2026-05-20T23:31:24Z

Hi @rzlink. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

rzlink · 2026-05-20T23:51:00Z

/assign @mboersma @zylxjtu @Liunardy

marosset · 2026-05-21T16:44:38Z

/ok-to-test

marosset · 2026-05-21T17:20:25Z

/approve
/assign @zylxjtu

zylxjtu · 2026-05-21T17:32:22Z

/lgtm
/approve

k8s-ci-robot · 2026-05-21T17:32:32Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: marosset, rzlink, zylxjtu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [marosset,zylxjtu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot requested review from claudiubelu and marosset May 20, 2026 23:31

k8s-ci-robot added tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 20, 2026

k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels May 20, 2026

k8s-ci-robot assigned Liunardy, mboersma and zylxjtu May 20, 2026

k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 21, 2026

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 21, 2026

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 21, 2026

k8s-ci-robot merged commit 47b7b12 into kubernetes-sigs:master May 21, 2026
4 checks passed

rzlink deleted the fix/webhook-skip-img-puller-namespace branch June 1, 2026 20:48

rzlink mentioned this pull request Jun 4, 2026

REQUEST: New membership for rzlink kubernetes/org#6433

Open

10 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

helpers/helm: skip img-puller namespace in Hyper-V webhook#563

helpers/helm: skip img-puller namespace in Hyper-V webhook#563
k8s-ci-robot merged 1 commit into
kubernetes-sigs:masterfrom
rzlink:fix/webhook-skip-img-puller-namespace

rzlink commented May 20, 2026 •

edited

Loading

Uh oh!

k8s-ci-robot commented May 20, 2026

Uh oh!

rzlink commented May 20, 2026

Uh oh!

marosset commented May 21, 2026

Uh oh!

marosset commented May 21, 2026

Uh oh!

zylxjtu commented May 21, 2026

Uh oh!

k8s-ci-robot commented May 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

rzlink commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

k8s-ci-robot commented May 20, 2026

Uh oh!

rzlink commented May 20, 2026

Uh oh!

marosset commented May 21, 2026

Uh oh!

marosset commented May 21, 2026

Uh oh!

zylxjtu commented May 21, 2026

Uh oh!

k8s-ci-robot commented May 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

rzlink commented May 20, 2026 •

edited

Loading