e2e: fix test issues #154

rethil · 2025-07-20T12:30:26Z

Description

E2E tests are misusing kuttl, which makes them not really working properly.

Fixes:

prom query escaping is invalid (due to golang "bug"), same fix is in prometheus scaler: make healthcheck customizable #153
kuttl doesn't like mixing TestStep with anything else
TestStep.script doesn't exists based on https://kuttl.dev/docs/testing/reference.html#teststep
calling curl from inside commands[].script doesn't use kind network. curl pod which acts as gateway was added
cooldownPeriodin CRD has to correlate with metric collection period, otherwise scaler health check is failing
deployment/target is being poisoned in 04-public-private-svc-sync, so full replace rather than apply is called.

Remarks:
1.~~tests are unstable, as manual scaling is probably interfering with Elasti~~ typo in test
2. ~~02-enable-serve-via-traffic shows problems with proxy. When deployment is scaled up, proxy isn't forwarding whole response.~~ Converted into #157

Type of change

Please delete options that are not relevant.

Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

e2e testing

Checklist:

I have performed a self-review of my own code
I have made corresponding changes to the documentation
I have added tests that prove my fix is effective or that my feature works
New and existing unit tests pass locally with my changes
A PR is open to update the helm chart (link)[https://github.com/truefoundry/elasti/tree/main/charts/elasti] if applicable
I have updated the CHANGELOG.md file with the changes I made

Summary by CodeRabbit

Bug Fixes
- Improved URL encoding for Prometheus queries to ensure spaces are encoded correctly.
Chores
- Updated and streamlined end-to-end test manifests and scripts for better clarity and maintainability.
- Added a new Kubernetes Pod manifest for test scenarios.
- Increased the cooldown period in ElastiService test configuration.
- Refactored test steps to use structured command lists instead of shell scripts, improving test readability and consistency.
- Removed redundant resource definitions and comments from test files.

coderabbitai · 2025-07-20T12:30:35Z

Walkthrough

The changes introduce a helper for URL query escaping in Prometheus scaler code, update and streamline Kubernetes end-to-end test manifests and scripts, and refactor test steps for clarity and explicitness. Several deployment definitions are removed from test YAMLs, commands are restructured for better readability, and a new Pod manifest is added for curl-based testing.

Changes

File(s)	Change Summary
pkg/scaling/scalers/prometheus_scaler.go	Added `queryEscape` helper to encode spaces as `%20` in Prometheus queries; updated usage in `executePromQuery`.
tests/e2e/kuttl-test.yaml	Prepends command to apply new Pod manifest for curl testing in the `target` namespace.
tests/e2e/manifest/pod-curl-target-gw.yaml	Adds a new Pod manifest for a curl container running indefinitely.
tests/e2e/manifest/reset.sh	Replaces separate scale and patch commands with a single manifest replacement for resetting deployment/service.
tests/e2e/manifest/target-elastiservice.yaml	Increases `cooldownPeriod` from 5 to 30 in the ElastiService manifest.
tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml	Removes Deployment resource; replaces shell script with explicit scale and wait commands; changes wait namespace.
tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml	Removes Deployment resource; uses explicit scale and wait commands for pod deletion.
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml	Runs curl via `kubectl exec` in a Pod; switches to commands array; updates curl logic and error handling.
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml	Switches from shell script to structured command with explicit timeout field.
tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml	Removes Deployment resource; uses explicit scale and wait commands; updates wait namespace and format.
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml	Switches from shell script to structured command list with explicit timeout.
tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml	Removes Deployment resource; uses explicit scale and wait commands; updates wait namespace and format.
tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml	Removes two Deployment resources; replaces shell script with explicit scale and wait commands.
tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml	Removes explanatory comment; test step logic unchanged.
tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml	Removes Deployment resource; uses explicit scale and wait commands; updates wait namespace and format.
tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml	Switches from single script to commands array; script content unchanged.
tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml	Removes Deployment resource; uses explicit scale and wait commands for resolver pods.
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml	Switches from single script to command array; script content unchanged.
tests/e2e/README.md	Adds `jq` 1.7 as a prerequisite tool for E2E testing.

Sequence Diagram(s)

sequenceDiagram
    participant TestRunner
    participant K8sCluster
    participant CurlPod

    TestRunner->>K8sCluster: Apply pod-curl-target-gw.yaml (create CurlPod)
    TestRunner->>K8sCluster: Scale target-deployment to 0
    TestRunner->>K8sCluster: Wait for target pods to be deleted
    TestRunner->>K8sCluster: Scale target-deployment to 1 (if needed)
    TestRunner->>K8sCluster: Wait for target pods to be ready
    TestRunner->>CurlPod: kubectl exec curl to service endpoint
    CurlPod-->>TestRunner: Return HTTP status code/result

sequenceDiagram
    participant PrometheusScaler
    participant PrometheusServer

    PrometheusScaler->>PrometheusScaler: queryEscape(query)
    PrometheusScaler->>PrometheusServer: GET /api/v1/query?query=escaped_query
    PrometheusServer-->>PrometheusScaler: Query result

Estimated code review effort

2 (~20 minutes)

Poem

A rabbit hops through YAML fields,
With scripts now neat and clear,
Pods curl up in namespaces,
Cooldown waits a bit longer here.
URLs escape with care and grace,
Test steps prance in tidy space—
Hooray for code that’s clean, my dear! 🐇✨

✨ Finishing Touches

📝 Generate Docstrings

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai generate unit tests to generate unit tests for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 13

🔭 Outside diff range comments (2)

tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1)
4-28: Harden shell script for early failures

Add strict mode to surface errors quickly and avoid silent mis-matches (e.g., empty variables).
-  - script: |
-      #!/bin/sh
+  - script: |
+      #!/bin/sh
+      set -euo pipefail
Optional but improves debuggability and reliability.
pkg/scaling/scalers/prometheus_scaler.go (1)
32-41: Potential data race on the global promQueryResponse variable

promQueryResponse is package-level and shared across all concurrent calls to executePromQuery. If your controller runs multiple scaler instances in parallel, JSON decoding will race and corrupt data.

Fix: make it a local variable inside executePromQuery:
-func (s *prometheusScaler) executePromQuery(...) (float64, error) {
-    ...
-    if err := json.NewDecoder(resp.Body).Decode(&promQueryResponse); err != nil {
+func (s *prometheusScaler) executePromQuery(...) (float64, error) {
+    var promQueryResponse struct {
+        Status string `json:"status"`
+        ...
+    }
+    if err := json.NewDecoder(resp.Body).Decode(&promQueryResponse); err != nil {

♻️ Duplicate comments (1)

tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1)

4-6: Same namespace / resource-type inconsistency as above

Replicate the correction here to avoid flaky waits.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between af46434 and eec3279.

📒 Files selected for processing (18)

pkg/scaling/scalers/prometheus_scaler.go (2 hunks)
tests/e2e/kuttl-test.yaml (1 hunks)
tests/e2e/manifest/pod-curl-target-gw.yaml (1 hunks)
tests/e2e/manifest/reset.sh (1 hunks)
tests/e2e/manifest/target-elastiservice.yaml (1 hunks)
tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (1 hunks)
tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml (0 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1 hunks)

💤 Files with no reviewable changes (1)

tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml

🧰 Additional context used

🪛 Shellcheck (0.10.0)

tests/e2e/manifest/reset.sh

[info] 8-8: Double quote to prevent globbing and word splitting.

(SC2086)

[info] 11-11: Double quote to prevent globbing and word splitting.

(SC2086)

🪛 Checkov (3.2.334)

tests/e2e/manifest/pod-curl-target-gw.yaml

[MEDIUM] 2-14: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[LOW] 2-14: CPU limits should be set

(CKV_K8S_11)

[LOW] 2-14: CPU requests should be set

(CKV_K8S_10)

[LOW] 2-14: Apply security context to your containers

(CKV_K8S_30)

[LOW] 2-14: Minimize the admission of containers with the NET_RAW capability

(CKV_K8S_28)

[LOW] 2-14: Image should use digest

(CKV_K8S_43)

[LOW] 2-14: Image Pull Policy should be Always

(CKV_K8S_15)

[LOW] 2-14: Liveness Probe Should be Configured

(CKV_K8S_8)

[LOW] 2-14: Memory limits should be set

(CKV_K8S_13)

[LOW] 2-14: Memory requests should be set

(CKV_K8S_12)

[LOW] 2-14: Minimize the admission of containers with capabilities assigned

(CKV_K8S_37)

[LOW] 2-14: Apply security context to your pods and containers

(CKV_K8S_29)

[LOW] 2-14: Use read-only filesystem for containers where possible

(CKV_K8S_22)

[LOW] 2-14: Readiness Probe Should be Configured

(CKV_K8S_9)

[MEDIUM] 2-14: Minimize the admission of root containers

(CKV_K8S_23)

[LOW] 2-14: Containers should run as a high UID to avoid host conflict

(CKV_K8S_40)

[LOW] 2-14: Ensure that the seccomp profile is set to docker/default or runtime/default

(CKV_K8S_31)

[LOW] 2-14: Ensure that Service Account Tokens are only mounted where necessary

(CKV_K8S_38)

🪛 YAMLlint (1.37.1)

tests/e2e/manifest/pod-curl-target-gw.yaml

[error] 11-11: wrong indentation: expected 4 but found 2

(indentation)

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

🔇 Additional comments (6)

tests/e2e/manifest/target-elastiservice.yaml (1)

8-8: Cooldown raised to 30 s – double-check it matches metric scrape interval

Looks good but make sure Prometheus scrape_interval ≥ 30 s, otherwise the scaler will act on stale data.
tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1)

4-6: Namespace targetPort looks suspicious

Scaling happens in target, but the wait uses targetPort. Is this intentional? If not, the wait will never complete.
-  - command: kubectl wait --for=delete pods -l app=target-deployment -n targetPort
+  - command: kubectl wait --for=delete pod -l app=target-deployment -n target --timeout=60s
tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1)

4-5: Namespace mismatch between scale and wait commands

kubectl scale targets namespace target, whereas the subsequent kubectl wait watches in targetPort. If the pods truly live in target, the wait will never observe their deletion and the step will hit the 60-second timeout, yielding a false failure.
-  - command: kubectl wait --for=delete pods -l app=target-deployment -n targetPort
+  - command: kubectl wait --for=delete pods -l app=target-deployment -n target
Please verify the intended namespace and align both commands accordingly.
tests/e2e/kuttl-test.yaml (1)

9-10: Looks good – curl pod applied early in suite bootstrap

The additional kubectl apply correctly installs the helper pod before any traffic-related steps. Using namespaced: false is appropriate because the command already specifies -n target.

pkg/scaling/scalers/prometheus_scaler.go (1)

79-81: 👍 Correct fix for the Go url.QueryEscape space bug

Switching to the new helper eliminates the + vs %20 problem that broke Prometheus queries.

tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1)

3-6: LGTM – consistent scale/-wait pattern
The step uses the same command structure adopted across the suite and the correct namespace.

pkg/scaling/scalers/prometheus_scaler.go

tests/e2e/manifest/pod-curl-target-gw.yaml

tests/e2e/manifest/reset.sh

tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml

tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml

tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml

tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml

tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml

coderabbitai

Actionable comments posted: 10

🔭 Outside diff range comments (2)

pkg/scaling/scalers/prometheus_scaler.go (1)
32-41: Shared global promQueryResponse causes data races under concurrency

The JSON is decoded into a package-level variable that is overwritten on every call.
If multiple scalers call executePromQuery concurrently (common in parallel reconcile loops) this leads to undefined behaviour and crashes under -race.

Move the struct into executePromQuery so each invocation has its own instance.
- if err := json.NewDecoder(resp.Body).Decode(&promQueryResponse); err != nil {
+ var promQueryResponse struct {
+     Status string `json:"status"`
+     Data   struct {
+         ResultType string `json:"resultType"`
+         Result     []struct {
+             Metric map[string]string `json:"metric"`
+             Value  []interface{}     `json:"value"`
+         } `json:"result"`
+     } `json:"data"`
+ }
+ if err := json.NewDecoder(resp.Body).Decode(&promQueryResponse); err != nil {
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1)
3-26: jq dependency + wrong jsonpath makes the count always fail

The runner image often lacks jq; the step will error out.

-o jsonpath='{.endpoints}' returns a Go-formatted map string, not valid JSON, so jq 'length' will exit non-zero even if jq were present.

Proposed self-contained fix eliminating the external tool and using native JSONPath:
-      ENDPOINTS_COUNT=$(kubectl get endpointslice -n target elasti-target-deployment-endpointslice-to-resolver-9696239e87 -o jsonpath='{.endpoints}' | jq 'length')
+      ENDPOINTS_COUNT=$(kubectl get endpointslice -n target elasti-target-deployment-endpointslice-to-resolver-9696239e87 \
+        -o jsonpath='{.endpoints[*].addresses}' | tr ' ' '\n' | grep -c .)
This counts the addresses with shell built-ins only.

If keeping jq, ensure the test image includes it and switch to -o json:
kubectl get ... -o json | jq '.endpoints | length'

♻️ Duplicate comments (3)

tests/e2e/manifest/pod-curl-target-gw.yaml (1)
13-14: Container never starts – infitiy typo breaks the pod

sleep exits immediately because the argument is misspelled, causing the pod to CrashLoop and all subsequent kubectl exec steps to fail.
-      command: [ "sleep" ]
-      args: [ "infitiy" ]
+      command: ["sleep"]
+      args: ["infinity"]
Please fix the typo and consider adding a minimal securityContext / resource stanza so the manifest passes basic cluster policies.
pkg/scaling/scalers/prometheus_scaler.go (1)
69-75: Minor optimisation: reuse a strings.Replacer to avoid per-call allocations

strings.ReplaceAll allocates on every invocation. A package-level var spaceReplacer = strings.NewReplacer("+", "%20") keeps it zero-alloc and thread-safe in hot paths.
-func queryEscape(query string) string {
-	queryEscaped := url.QueryEscape(query)
-	plusEscaped := strings.ReplaceAll(queryEscaped, "+", "%20")
-	return plusEscaped
-}
+var spaceReplacer = strings.NewReplacer("+", "%20")
+
+func queryEscape(query string) string {
+	return spaceReplacer.Replace(url.QueryEscape(query))
+}
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1)
6-15: Re-enable exit-status check and use POSIX‐compliant string comparison

Network / DNS failures are currently ignored because the curl exit status validation is commented out.
Additionally, [ … ] with == is a Bashism; the POSIX /bin/sh used by kuttl pods only guarantees =.
-        # [ "$result" == "0" ] || exit 1
-        [ "$code" == "200" ] || exit 2
+        [ "$result" = "0" ]  || exit 1   # network / DNS failure
+        [ "$code"   = "200" ] || exit 2  # unexpected HTTP status
Keeping distinct exit codes makes post-mortem debugging easier and eliminates false positives when the request never reaches the service.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eec3279 and 6d62dad.

📒 Files selected for processing (18)

pkg/scaling/scalers/prometheus_scaler.go (2 hunks)
tests/e2e/kuttl-test.yaml (1 hunks)
tests/e2e/manifest/pod-curl-target-gw.yaml (1 hunks)
tests/e2e/manifest/reset.sh (1 hunks)
tests/e2e/manifest/target-elastiservice.yaml (1 hunks)
tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (1 hunks)
tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml (0 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1 hunks)

💤 Files with no reviewable changes (1)

tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml

🧰 Additional context used

🪛 Checkov (3.2.334)

tests/e2e/manifest/pod-curl-target-gw.yaml

[MEDIUM] 2-14: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[LOW] 2-14: CPU limits should be set

(CKV_K8S_11)

[LOW] 2-14: CPU requests should be set

(CKV_K8S_10)

[LOW] 2-14: Apply security context to your containers

(CKV_K8S_30)

[LOW] 2-14: Minimize the admission of containers with the NET_RAW capability

(CKV_K8S_28)

[LOW] 2-14: Image should use digest

(CKV_K8S_43)

[LOW] 2-14: Image Pull Policy should be Always

(CKV_K8S_15)

[LOW] 2-14: Liveness Probe Should be Configured

(CKV_K8S_8)

[LOW] 2-14: Memory limits should be set

(CKV_K8S_13)

[LOW] 2-14: Memory requests should be set

(CKV_K8S_12)

[LOW] 2-14: Minimize the admission of containers with capabilities assigned

(CKV_K8S_37)

[LOW] 2-14: Apply security context to your pods and containers

(CKV_K8S_29)

[LOW] 2-14: Use read-only filesystem for containers where possible

(CKV_K8S_22)

[LOW] 2-14: Readiness Probe Should be Configured

(CKV_K8S_9)

[MEDIUM] 2-14: Minimize the admission of root containers

(CKV_K8S_23)

[LOW] 2-14: Containers should run as a high UID to avoid host conflict

(CKV_K8S_40)

[LOW] 2-14: Ensure that the seccomp profile is set to docker/default or runtime/default

(CKV_K8S_31)

[LOW] 2-14: Ensure that Service Account Tokens are only mounted where necessary

(CKV_K8S_38)

🪛 YAMLlint (1.37.1)

tests/e2e/manifest/pod-curl-target-gw.yaml

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

🔇 Additional comments (8)

tests/e2e/manifest/target-elastiservice.yaml (1)

8-8: Verify that the longer cooldownPeriod won’t mask legitimate scale-down events

Bumping the period from 5 → 30 s gives the scaler six-times more inertia.
Double-check that this still satisfies SLOs (especially latency/CPU budgets) and matches the Prometheus scrape interval used in tests.

tests/e2e/manifest/reset.sh (1)

8-11: Quoting fix looks good

The previously unquoted $1 arguments are now safely wrapped in quotes; this removes the ShellCheck warnings and prevents word-splitting issues.

tests/e2e/kuttl-test.yaml (1)

9-10: No kubectl exec invocations in this TestSuite – waiting for Pod readiness isn’t needed

I reviewed tests/e2e/kuttl-test.yaml and did not find any kubectl exec commands in this file. It only applies manifests and runs a reset script. Since there are no exec steps that could race against Pod readiness, adding a kubectl wait here isn’t necessary.

Likely an incorrect or invalid review comment.

tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1)

3-5: Commands split out cleanly – good fix 🟢

Moving from a wrapped shell script to discrete kubectl commands greatly improves readability and avoids the old plural-resource pitfall.
No functional concerns here.

tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (1)

3-7: Scale-down / up sequence looks solid

The namespace typo and plural-resource issue from the previous revision are both resolved – nice catch.

tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1)

3-5: Solid clean-up; plural alias issue gone

Breaking the shell script into explicit commands and switching to the singular pod resource removes the flake seen earlier.

tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml (1)

3-5: Namespace corrected – flake fixed

The old targetPort typo is gone, so the wait will no longer hang. 👍

tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1)

3-5: Clean, explicit step definition

The plural alias issue is resolved and the step is now self-describing.

tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml

tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml

tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml

tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml

tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml

tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml

tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml

tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml

tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml

tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml

coderabbitai

Actionable comments posted: 5

🔭 Outside diff range comments (1)

tests/e2e/manifest/reset.sh (1)
17-18: Re-order & singularise kubectl wait for portability

kubectl wait expects flags before the resource selector. Using the canonical order avoids “unknown flag” errors on stricter versions. Also switch to singular pod.
-kubectl wait pods -l app=target-deployment -n target --for=condition=Ready --timeout=30s
-kubectl wait pods -l app=elasti-resolver -n elasti --for=condition=Ready --timeout=30s
+kubectl wait --for=condition=Ready pod -l app=target-deployment   -n target --timeout=30s
+kubectl wait --for=condition=Ready pod -l app=elasti-resolver     -n elasti --timeout=30s

♻️ Duplicate comments (11)

tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (2)
5-6: Enable fail-fast behaviour with set -euo pipefail

The script still runs in permissive mode: any sub-command that fails will be silently ignored, potentially yielding false-positive test passes.
-#!/bin/sh
+#!/bin/sh
+set -euo pipefail
12-13: Hard-coded EndpointSlice name is brittle; resolve it dynamically

The suffix 9696239e87 changes across clusters/k8s versions. Hard-coding it will break the test on fresh installs or future upgrades.
-# Check if resolver IPs are present in the endpointslice
-ENDPOINTSLICE_IPS=$(kubectl get endpointslice -n target elasti-target-deployment-endpointslice-to-resolver-9696239e87 -o jsonpath='{.endpoints[*].addresses[*]}')
+# Resolve EndpointSlice name dynamically based on labels
+ES_NAME=$(kubectl get endpointslice -n target -l app=target-deployment -o jsonpath='{.items[0].metadata.name}')
+# Check if resolver IPs are present in the endpointslice
+ENDPOINTSLICE_IPS=$(kubectl get endpointslice -n target "$ES_NAME" -o jsonpath='{.endpoints[*].addresses[*]}')
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (2)
16-16: External dependency on jq (repeat of earlier feedback)
The reliance on jq noted in the previous review is still present here. Either bundle jq in the test image or drop the dependency as suggested above.

15-25: Remove the jq dependency & harden the numeric check

The runner image still might not contain jq, and the current comparison will break if ENDPOINTS_COUNT is non-numeric (e.g. empty/null). A pure-kubectl solution keeps the test self-contained and eliminates that failure mode.
-      ENDPOINTS_COUNT=$(kubectl get endpointslice -n target elasti-target-deployment-endpointslice-to-resolver-9696239e87 -o jsonpath='{.endpoints}' | jq 'length')
+      # Count addresses without relying on external tools
+      ENDPOINTS_COUNT=$(kubectl get endpointslice -n target elasti-target-deployment-endpointslice-to-resolver-9696239e87 \
+        -o jsonpath='{range .endpoints[*]}{.addresses[*]}{"\n"}{end}' | wc -l)
Consider also adding set -euo pipefail near the top of the script to fail fast on any error:
-      #!/bin/sh
+      #!/usr/bin/env sh
+      set -euo pipefail
pkg/scaling/scalers/prometheus_scaler.go (1)
69-75: Reuse a shared strings.Replacer to avoid per-call allocations
The helper now allocates a new replacement map for every query, which is hot-path (called once per decision). The same refactor was suggested previously.
+var spaceReplacer = strings.NewReplacer("+", "%20") // alloc-free & thread-safe
+
 func queryEscape(query string) string {
-	queryEscaped := url.QueryEscape(query)
-	plusEscaped := strings.ReplaceAll(queryEscaped, "+", "%20")
-
-	return plusEscaped
+	return spaceReplacer.Replace(url.QueryEscape(query))
 }
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1)
3-4: Style: keep flag form consistent (--timeout=60s)
Same nit as earlier review – using the = form matches other steps and avoids rare parsing quirks.
-  - command: kubectl wait --for=condition=Ready pod -l app=target-deployment -n target --timeout 60s
+  - command: kubectl wait --for=condition=Ready pod -l app=target-deployment -n target --timeout=60s
tests/e2e/manifest/pod-curl-target-gw.yaml (1)
10-14: Harden the curl pod & satisfy basic policy gates

Running as root with no limits will be flagged by most clusters. Minimal hardening suffices for tests.
 spec:
   containers:
-    - name: curl
-      image: ghcr.io/curl/curl-container/curl:master
-      command: [ "sleep" ]
-      args: [ "infinity" ]
+    - name: curl
+      image: ghcr.io/curl/curl-container/curl:master
+      imagePullPolicy: IfNotPresent
+      securityContext:
+        runAsNonRoot: true
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop: ["ALL"]
+      resources:
+        requests:
+          cpu: 10m
+          memory: 32Mi
+        limits:
+          cpu: 50m
+          memory: 128Mi
+      command: ["sleep"]
+      args: ["infinity"]
   restartPolicy: Never
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (1)
4-5: Timeout still tight & plural resource – previous feedback unresolved

The earlier review (see history) suggested (a) bumping the timeout to 120 s to reduce CI flakes and (b) using singular pod. Neither change landed.
-  - command: kubectl wait --for=condition=Ready pods -l app=target-deployment -n target --timeout=60s
+  - command: kubectl wait --for=condition=Ready pod  -l app=target-deployment -n target --timeout=120s
tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml (1)
4-5: Keep resource kind singular for consistency (already raised earlier)

We previously suggested using the singular resource (pod) to avoid plural alias quirks and stay consistent with the rest of the suite, but the command is still using pods.
-  - command: kubectl wait --for=delete pods -l app=elasti-resolver -n elasti --timeout=60s
+  - command: kubectl wait --for=delete pod -l app=elasti-resolver -n elasti --timeout=60s
tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (1)
7-7: Use kubectl rollout status for a more reliable readiness check

Waiting on individual Pods can pass when only a subset is ready or if Pods churn; kubectl rollout status gives a higher-level, deployment-aware signal.
-  - command: kubectl wait --for=condition=Ready pods -l app=target-deployment -n target --timeout=60s
+  - command: kubectl rollout status deployment/target-deployment -n target --timeout=60s
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1)
12-13: Re-enable the curl exit-status check to catch hard network failures

This was pointed out earlier but is still commented out; without it, DNS/connection errors are silently ignored, giving false positives.
-        # if [ "$result" != "0" ]; then exit 1; fi
+        [ "$result" = "0" ] || exit 1   # network / DNS failure

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6d62dad and d413c52.

📒 Files selected for processing (18)

pkg/scaling/scalers/prometheus_scaler.go (2 hunks)
tests/e2e/kuttl-test.yaml (1 hunks)
tests/e2e/manifest/pod-curl-target-gw.yaml (1 hunks)
tests/e2e/manifest/reset.sh (1 hunks)
tests/e2e/manifest/target-elastiservice.yaml (1 hunks)
tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (1 hunks)
tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml (0 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1 hunks)

💤 Files with no reviewable changes (1)

tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: rethil
PR: truefoundry/KubeElasti#153
File: pkg/scaling/scalers/prometheus_scaler.go:46-46
Timestamp: 2025-07-21T17:07:03.210Z
Learning: The ElastiService.spec.triggers[].metadata.query field in KubeElasti has a broader attack vector for Prometheus query injection compared to the uptimeFilter parameter, as it allows arbitrary Prometheus queries to be executed.

pkg/scaling/scalers/prometheus_scaler.go (1)

Learnt from: rethil
PR: #153
File: pkg/scaling/scalers/prometheus_scaler.go:46-46
Timestamp: 2025-07-21T17:07:03.210Z
Learning: The ElastiService.spec.triggers[].metadata.query field in KubeElasti has a broader attack vector for Prometheus query injection compared to the uptimeFilter parameter, as it allows arbitrary Prometheus queries to be executed.

🪛 Checkov (3.2.334)

tests/e2e/manifest/pod-curl-target-gw.yaml

[MEDIUM] 2-14: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[LOW] 2-14: CPU limits should be set

(CKV_K8S_11)

[LOW] 2-14: CPU requests should be set

(CKV_K8S_10)

[LOW] 2-14: Apply security context to your containers

(CKV_K8S_30)

[LOW] 2-14: Minimize the admission of containers with the NET_RAW capability

(CKV_K8S_28)

[LOW] 2-14: Image should use digest

(CKV_K8S_43)

[LOW] 2-14: Image Pull Policy should be Always

(CKV_K8S_15)

[LOW] 2-14: Liveness Probe Should be Configured

(CKV_K8S_8)

[LOW] 2-14: Memory limits should be set

(CKV_K8S_13)

[LOW] 2-14: Memory requests should be set

(CKV_K8S_12)

[LOW] 2-14: Minimize the admission of containers with capabilities assigned

(CKV_K8S_37)

[LOW] 2-14: Apply security context to your pods and containers

(CKV_K8S_29)

[LOW] 2-14: Use read-only filesystem for containers where possible

(CKV_K8S_22)

[LOW] 2-14: Readiness Probe Should be Configured

(CKV_K8S_9)

[MEDIUM] 2-14: Minimize the admission of root containers

(CKV_K8S_23)

[LOW] 2-14: Containers should run as a high UID to avoid host conflict

(CKV_K8S_40)

[LOW] 2-14: Ensure that the seccomp profile is set to docker/default or runtime/default

(CKV_K8S_31)

[LOW] 2-14: Ensure that Service Account Tokens are only mounted where necessary

(CKV_K8S_38)

🪛 YAMLlint (1.37.1)

tests/e2e/manifest/pod-curl-target-gw.yaml

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

🔇 Additional comments (6)

tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1)

3-4: Migration to commands array is spot-on

Switching from the deprecated single script field to the commands list is fully aligned with current kuttl expectations and eliminates the parser warnings we were seeing.

tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1)

3-4: commands list looks good – kuttl will now execute the step

Switching from the (ignored) command: key to commands: fixes the schema mismatch that previously caused the step to be skipped.

tests/e2e/manifest/target-elastiservice.yaml (1)

8-8: Cooldown bump might stall fast-flapping workloads

Going from 5 → 30 seconds means Elasti will ignore legitimate scale signals for half a minute. Double-check that this aligns with your Prom scrape interval and business SLOs; otherwise scale-up/-down latency will increase noticeably.
tests/e2e/kuttl-test.yaml (1)

9-10: Race: pod may not be ready before later kubectl exec calls

kubectl apply is fire-and-forget; subsequent steps that exec into curl-target-gw can fail if the container isn’t yet Running. Add an explicit wait:
-  - command: kubectl apply -f ./manifest/pod-curl-target-gw.yaml -n target
+  - command: kubectl apply -f ./manifest/pod-curl-target-gw.yaml -n target
+  - command: kubectl wait --for=condition=Ready pod/curl-target-gw -n target --timeout=60s
tests/e2e/manifest/reset.sh (1)

8-11: 👍 Quoting fixes look good

Thanks for quoting $1; this removes the ShellCheck SC2086 warnings and guards against paths containing spaces.

tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1)

3-5: LGTM – commands are clear and robust

The explicit scale-down and pod-deletion wait align with the new test-suite style. No further action needed.

tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml

tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml

tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml

tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml

tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml

coderabbitai

Actionable comments posted: 7

🔭 Outside diff range comments (1)

tests/e2e/manifest/reset.sh (1)
1-7: Add strict-mode guards (set -euo pipefail) and argument validation early

Without set -euo pipefail the script happily continues on silent failures (e.g., a bad manifest path or a failed kubectl apply).
Guarding for the single required argument also prevents obscure “file not found” errors later.
 #!/bin/sh
+set -euo pipefail
+
+# Expect exactly one argument – path to manifest dir
+if [ "$#" -ne 1 ]; then
+  echo "Usage: $0 <path-to-manifest-dir>" >&2
+  exit 64   # EX_USAGE
+fi

♻️ Duplicate comments (3)

tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1)

3-27: Same robustness concerns as step 05
For consistency, consider adding set -euo pipefail and resolving the EndpointSlice name dynamically here as well.
tests/e2e/manifest/pod-curl-target-gw.yaml (1)
1-14: Well-designed test utility pod.

This curl gateway pod provides a clean solution for running in-cluster traffic tests, addressing the networking limitations mentioned in the PR description. The sleep infinity approach ensures the pod stays available for kubectl exec commands.

For production-like testing, consider adding basic resource limits to prevent resource exhaustion during test runs:
  containers:
    - name: curl
      image: ghcr.io/curl/curl-container/curl:master
      command: ["sleep"]
      args: ["infinity"]
+     resources:
+       requests:
+         cpu: 10m
+         memory: 32Mi
+       limits:
+         cpu: 50m
+         memory: 128Mi
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1)
4-13: Re-enable exit-status check to catch network/exec failures

If kubectl exec or curl fails (DNS, connection reset, pod crash) the loop still reports HTTP code 000 and passes, masking real outages.
-        # if [ "$result" != "0" ]; then exit 1; fi
+        if [ "$result" != "0" ]; then
+          echo "kubectl exec or curl failed with exit code $result" >&2
+          exit 1
+        fi
Optionally add set -e right after the shebang for immediate failure propagation.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d413c52 and 7480fd1.

📒 Files selected for processing (19)

pkg/scaling/scalers/prometheus_scaler.go (2 hunks)
tests/e2e/README.md (1 hunks)
tests/e2e/kuttl-test.yaml (1 hunks)
tests/e2e/manifest/pod-curl-target-gw.yaml (1 hunks)
tests/e2e/manifest/reset.sh (1 hunks)
tests/e2e/manifest/target-elastiservice.yaml (1 hunks)
tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (1 hunks)
tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml (0 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1 hunks)

💤 Files with no reviewable changes (1)

tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml

🧰 Additional context used

🧠 Learnings (17)

📓 Common learnings

Learnt from: rethil
PR: truefoundry/KubeElasti#154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like `jq` should be documented as E2E test prerequisites rather than worrying about container image contents.

Learnt from: rethil
PR: truefoundry/KubeElasti#154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: `jq` should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like `tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml` for JSON parsing.

Learnt from: rethil
PR: truefoundry/KubeElasti#153
File: pkg/scaling/scalers/prometheus_scaler.go:46-46
Timestamp: 2025-07-21T17:07:03.210Z
Learning: The ElastiService.spec.triggers[].metadata.query field in KubeElasti has a broader attack vector for Prometheus query injection compared to the uptimeFilter parameter, as it allows arbitrary Prometheus queries to be executed.

tests/e2e/README.md (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/kuttl-test.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

pkg/scaling/scalers/prometheus_scaler.go (2)

Learnt from: rethil
PR: #153
File: pkg/scaling/scalers/prometheus_scaler.go:46-46
Timestamp: 2025-07-21T17:07:03.210Z
Learning: The ElastiService.spec.triggers[].metadata.query field in KubeElasti has a broader attack vector for Prometheus query injection compared to the uptimeFilter parameter, as it allows arbitrary Prometheus queries to be executed.

Learnt from: rethil
PR: #154
File: pkg/scaling/scalers/prometheus_scaler.go:69-75
Timestamp: 2025-07-21T19:03:53.348Z
Learning: In Go, strings.NewReplacer() creates a new Replacer instance each time it's called, so using it inside a function would allocate on every invocation, making it less efficient than strings.ReplaceAll for simple single-replacement scenarios. Package-level variables should be used for strings.Replacer to avoid repeated allocations.

tests/e2e/manifest/reset.sh (1)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (2)

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like jq should be documented as E2E test prerequisites rather than worrying about container image contents.

Learnt from: rethil
PR: #154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: jq should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml for JSON parsing.

🪛 Checkov (3.2.334)

tests/e2e/manifest/pod-curl-target-gw.yaml

[MEDIUM] 2-14: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

[LOW] 2-14: CPU limits should be set

(CKV_K8S_11)

[LOW] 2-14: CPU requests should be set

(CKV_K8S_10)

[LOW] 2-14: Apply security context to your containers

(CKV_K8S_30)

[LOW] 2-14: Minimize the admission of containers with the NET_RAW capability

(CKV_K8S_28)

[LOW] 2-14: Image should use digest

(CKV_K8S_43)

[LOW] 2-14: Image Pull Policy should be Always

(CKV_K8S_15)

[LOW] 2-14: Liveness Probe Should be Configured

(CKV_K8S_8)

[LOW] 2-14: Memory limits should be set

(CKV_K8S_13)

[LOW] 2-14: Memory requests should be set

(CKV_K8S_12)

[LOW] 2-14: Minimize the admission of containers with capabilities assigned

(CKV_K8S_37)

[LOW] 2-14: Apply security context to your pods and containers

(CKV_K8S_29)

[LOW] 2-14: Use read-only filesystem for containers where possible

(CKV_K8S_22)

[LOW] 2-14: Readiness Probe Should be Configured

(CKV_K8S_9)

[MEDIUM] 2-14: Minimize the admission of root containers

(CKV_K8S_23)

[LOW] 2-14: Containers should run as a high UID to avoid host conflict

(CKV_K8S_40)

[LOW] 2-14: Ensure that the seccomp profile is set to docker/default or runtime/default

(CKV_K8S_31)

[LOW] 2-14: Ensure that Service Account Tokens are only mounted where necessary

(CKV_K8S_38)

🪛 YAMLlint (1.37.1)

tests/e2e/manifest/pod-curl-target-gw.yaml

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 13-13: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

[error] 14-14: too many spaces inside brackets

(brackets)

🔇 Additional comments (11)

tests/e2e/manifest/target-elastiservice.yaml (1)

8-8: Confirm the 6× cooldown increase won’t make scaling feel sluggish
Going from 5 s → 30 s heavily delays the first down-/up-scale that KEDA can trigger. Make sure this larger window still meets SLOs for responsiveness and does not hide real load spikes in your E2E scenarios.

tests/e2e/kuttl-test.yaml (1)

9-11: LGTM – pre-create curl pod before tests run
Applying the curl pod up-front avoids repeated pod spawns inside steps and keeps logs centralised. Nice improvement.
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1)

3-25: Harden the script for future-proofing

Add set -euo pipefail so invisible failures abort immediately.

Derive the EndpointSlice name via a label selector instead of relying on the hashed suffix – this changes across K8s versions and breaks when CR names differ.

[ suggest_optional_refactor ]
-  - script: |
+  - script: |
       #!/bin/sh
+      set -euo pipefail
+
+      ES_NAME=$(kubectl get endpointslice -n target -l app=target-deployment -o jsonpath='{.items[0].metadata.name}')
-      kubectl get endpointslice -n target elasti-target-deployment-endpointslice-to-resolver-9696239e87 -o jsonpath='{.metadata.name}' | grep "$ES_NAME" || exit 1
+      kubectl get endpointslice -n target "$ES_NAME" -o jsonpath='{.metadata.name}' | grep "$ES_NAME" || exit 1
...
-      ENDPOINTS_COUNT=$(kubectl get endpointslice -n target elasti-target-deployment-endpointslice-to-resolver-9696239e87 -o jsonpath='{.endpoints}' | jq 'length')
+      ENDPOINTS_COUNT=$(kubectl get endpointslice -n target "$ES_NAME" -o jsonpath='{.endpoints}' | jq 'length')
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1)

3-4: Good refactoring to structured commands format.

The conversion from shell script to explicit commands improves test clarity and makes the wait operation more explicit.

tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1)

3-5: Consistent refactoring aligns with test suite standardization.

The explicit scale and wait commands improve test clarity compared to static deployment manifests. This change aligns well with the broader test suite refactoring.

tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1)

3-5: Excellent consistency across test suite.

This follows the same explicit command pattern as other test files, creating a unified approach to deployment scaling and pod lifecycle management in the E2E tests.

pkg/scaling/scalers/prometheus_scaler.go (3)

11-11: Required import for the queryEscape fix.

The strings import is correctly added to support the new queryEscape function.

69-75: Excellent fix for Go's URL encoding quirk.

The queryEscape function properly addresses the known Go issue where url.QueryEscape encodes spaces as + instead of %20. The implementation is clean, well-documented with the GitHub issue reference, and efficiently handles the single replacement case.

79-79: Proper integration of the escape fix.

Using the new queryEscape helper ensures Prometheus queries with spaces are correctly encoded in the URL.

tests/e2e/manifest/reset.sh (1)

17-18: Consider a longer timeout for pod readiness

kubectl wait … --timeout=30s is tight on congested CI clusters; sporadic flakes are likely.
60-90 s is usually a safer lower bound for deployment/pod readiness during E2E.

tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1)

3-5: Looks good – concise & idiomatic kubectl usage

Scaling to zero followed by kubectl wait --for=delete pods … is clear and consistent with the rest of the suite.

tests/e2e/README.md

tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml

tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml

tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml

tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml

tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml

coderabbitai

Actionable comments posted: 5

🔭 Outside diff range comments (1)

tests/e2e/manifest/pod-curl-target-gw.yaml (1)
1-15: LGTM with suggestions for test robustness.

The Pod manifest correctly addresses the network isolation issues mentioned in the PR objectives. The typo fix from "infitiy" to "infinity" is good.

For more robust E2E testing, consider adding minimal resource constraints and security context:
spec:
  containers:
    - name: curl
      image: ghcr.io/curl/curl-container/curl:master
+     imagePullPolicy: IfNotPresent
      command: ["sleep"]
      args: ["infinity"]
+     resources:
+       requests:
+         cpu: 10m
+         memory: 32Mi
+       limits:
+         cpu: 50m
+         memory: 128Mi
+     securityContext:
+       runAsNonRoot: true
+       allowPrivilegeEscalation: false

♻️ Duplicate comments (4)

tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1)

3-4: Prefer singular pod for kubectl wait

Kubernetes docs and most examples use the singular resource (pod) – a few older kubectl builds reject the plural form here. Switching keeps the suite consistent with other files already updated.

tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1)

3-5: Same determinism concern as in 06-resolver test

For the reasons explained in the previous file (race-free confirmation that the Deployment is fully reconciled), consider inserting a kubectl rollout status after the scale command and before any follow-up assertions.
Implementation is identical to the diff shown in the other file.
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1)
6-13: Still ignores hard network/DNS failures – re-enable the curl exit-status check

The result guard is commented out, so the loop happily succeeds even when
curl cannot resolve the host or connect (exit ≠ 0, HTTP code 000).
This reproduces the same false-positive risk flagged in a previous review.
-        # if [ "$result" != "0" ]; then exit 1; fi
+        [ "$result" = "0" ] || exit 1    # abort on network/DNS error
(Use = for POSIX [ … ] consistency and keep the distinct exit codes.)
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (1)

4-5: Consider waiting on the Deployment rollout instead of individual Pods

kubectl rollout status deployment/target-deployment -n target --timeout=60s
gives a single high-level success signal and handles ReplicaSet churn,
reducing flakiness if the Deployment ever scales beyond one replica.

No functional blocker, just a sturdier alternative.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7480fd1 and 4e0196f.

📒 Files selected for processing (19)

pkg/scaling/scalers/prometheus_scaler.go (2 hunks)
tests/e2e/README.md (1 hunks)
tests/e2e/kuttl-test.yaml (1 hunks)
tests/e2e/manifest/pod-curl-target-gw.yaml (1 hunks)
tests/e2e/manifest/reset.sh (1 hunks)
tests/e2e/manifest/target-elastiservice.yaml (1 hunks)
tests/e2e/tests/01-enable-proxy-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/01-send-traffic.yaml (1 hunks)
tests/e2e/tests/02-enable-serve-via-traffic/02-wait-ready.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/00-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/03-enable-serve-via-manual/01-manual-scale.yaml (1 hunks)
tests/e2e/tests/04-public-private-svc-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/00-scale-target.yaml (1 hunks)
tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml (0 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/01-scale-to-0-target.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/03-check-endpointslice-has-resolver-ips.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/04-scale-to-0-resolver.yaml (1 hunks)
tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml (1 hunks)

💤 Files with no reviewable changes (1)

tests/e2e/tests/05-elasti-crd-remove/03-reset.yaml

🧰 Additional context used

🧠 Learnings (17)

📓 Common learnings

Learnt from: rethil
PR: truefoundry/KubeElasti#154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: In KubeElasti E2E tests, kuttl TestStep scripts do not run inside the kuttl container - they run in the host environment or separate execution context, so external dependencies like `jq` should be documented as E2E test prerequisites rather than worrying about container image contents.

Learnt from: rethil
PR: truefoundry/KubeElasti#154
File: tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml:16-17
Timestamp: 2025-07-21T19:06:12.046Z
Learning: `jq` should be added as a prerequisite for running KubeElasti E2E tests since it's used in test scripts like `tests/e2e/tests/06-resolver-endpoint-sync/05-check-endpointslice-with-resolver-scaled-to-0.yaml` for JSON parsing.

Learnt from: rethil
PR: truefoundry/KubeElasti#153
File: pkg/scaling/scalers/prometheus_scaler.go:46-46
Timestamp: 2025-07-21T17:07:03.210Z
Learning: The ElastiService.spec.triggers[].metadata.query field in KubeElasti has a broader attack vector for Prometheus query injection compared to the uptimeFilter parameter, as it allows arbitrary Prometheus queries to be executed.