refactor(tests): consolidate KServe test infrastructure into two-file pattern#3352
Merged
google-oss-prow[bot] merged 8 commits intoFeb 24, 2026
Conversation
|
Welcome to the Kubeflow Manifests Repository Thanks for opening your first PR. Your contribution means a lot to the Kubeflow community. Before making more PRs: Community Resources:
Thanks again for helping to improve Kubeflow. |
Raakshass
force-pushed
the
cleanup/kserve-test-infrastructure
branch
from
96606f1 to
c4732b8
Compare
Raakshass
force-pushed
the
cleanup/kserve-test-infrastructure
branch
from
c4732b8 to
93b6c08
Compare
Raakshass
force-pushed
the
cleanup/kserve-test-infrastructure
branch
from
93b6c08 to
bef94d9
Compare
Member
The test must fail if the a single part fails, also the python part.
|
This was referenced Feb 20, 2026
Raakshass
force-pushed
the
cleanup/kserve-test-infrastructure
branch
from
efeffdd to
0165de3
Compare
Raakshass
force-pushed
the
cleanup/kserve-test-infrastructure
branch
3 times, most recently
from
5fc4d38 to
1775bec
Compare
Raakshass
force-pushed
the
cleanup/kserve-test-infrastructure
branch
from
f93858e to
e1903db
Compare
Member
|
I think the raw deployment mode is for a follow up PR. This one here is long-lived enough. "an additional test for a raw deployment would also be interesting, see kserve/kserve#5090 |
…ncipals Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com>
Raakshass
force-pushed
the
cleanup/kserve-test-infrastructure
branch
from
42d00eb to
9300633
Compare
Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com>
…redictor pod Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com>
Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com>
Member
|
And you need to update the documentation here https://github.com/kubeflow/manifests/blob/master/common/oauth2-proxy/README.md#kserve-authentication |
Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com>
Member
|
Thank you, lets cut down the documentation (removing code and documentation is often more important than adding.) and add tests for the raw deployment in a follow up PR. #3352 (comment) And please print actual prediction result on the console, do not hide them, such that from to test output its easier to see results. /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: juliusvonkohout The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Contributor
Author
|
Thank you for the thorough review and merge, @juliusvonkohout. Noted the follow-up items: Trim the KServe auth documentation — remove redundant code blocks |
Raakshass
added a commit
to Raakshass/manifests
that referenced
this pull request
Feb 24, 2026
…on output Addresses follow-up items from PR kubeflow#3352 as requested by @juliusvonkohout: 1. Trim KServe authentication documentation (README.md): - Remove verbose subsections: CI fallback YAML, routing table, Models Web App section, CI Test Coverage table (~70 lines removed) - Add concise 4-line note about CI rules: [{}] workaround - Preserve core architecture and Architecture Analysis sections 2. Add Test 7 for raw deployment mode (kserve_test.sh): - Deploy sklearn model with RawDeployment annotation - AuthorizationPolicy uses serving.kserve.io/inferenceservice label (works for both serverless and raw modes, unlike Knative labels) - Host-based routing only (path-based requires kserve/kserve#5090, not yet merged upstream) - Verifies auth enforcement: rejects unauthenticated, accepts authenticated requests - Reference: inferenceservice.yaml ingressClassName config 3. Print prediction results to console (kserve_test.sh): - All 12 curl commands now capture and print response body + HTTP status code for easier debugging of test failures - Pattern: curl -s -w '\n%{http_code}' + head/tail split 4. Fix pre-existing cleanup gap: - Add missing kubectl delete for allow-isvc-sklearn AuthorizationPolicy (was created but never cleaned up) References: - Follow-up to: kubeflow#3352 - Raw deployment ref: kserve/kserve#5090 - Config ref: kserve/kserve@b8fa0fb/config/configmap/inferenceservice.yaml#L389 - Reviewer comment: kubeflow#3352 (comment) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com>
3 tasks
Raakshass
added a commit
to Raakshass/manifests
that referenced
this pull request
Mar 7, 2026
…on output Addresses follow-up items from PR kubeflow#3352 as requested by @juliusvonkohout: 1. Trim KServe authentication documentation (README.md): - Remove verbose subsections: CI fallback YAML, routing table, Models Web App section, CI Test Coverage table (~70 lines removed) - Add concise 4-line note about CI rules: [{}] workaround - Preserve core architecture and Architecture Analysis sections 2. Add Test 7 for raw deployment mode (kserve_test.sh): - Deploy sklearn model with RawDeployment annotation - AuthorizationPolicy uses serving.kserve.io/inferenceservice label (works for both serverless and raw modes, unlike Knative labels) - Host-based routing only (path-based requires kserve/kserve#5090, not yet merged upstream) - Verifies auth enforcement: rejects unauthenticated, accepts authenticated requests - Reference: inferenceservice.yaml ingressClassName config 3. Print prediction results to console (kserve_test.sh): - All 12 curl commands now capture and print response body + HTTP status code for easier debugging of test failures - Pattern: curl -s -w '\n%{http_code}' + head/tail split 4. Fix pre-existing cleanup gap: - Add missing kubectl delete for allow-isvc-sklearn AuthorizationPolicy (was created but never cleaned up) References: - Follow-up to: kubeflow#3352 - Raw deployment ref: kserve/kserve#5090 - Config ref: kserve/kserve@b8fa0fb/config/configmap/inferenceservice.yaml#L389 - Reviewer comment: kubeflow#3352 (comment) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com>
google-oss-prow Bot
pushed a commit
that referenced
this pull request
Mar 12, 2026
…ization documentation, print prediction output (#3354) * test(kserve): add raw deployment test, trim auth docs, print prediction output Addresses follow-up items from PR #3352 as requested by @juliusvonkohout: 1. Trim KServe authentication documentation (README.md): - Remove verbose subsections: CI fallback YAML, routing table, Models Web App section, CI Test Coverage table (~70 lines removed) - Add concise 4-line note about CI rules: [{}] workaround - Preserve core architecture and Architecture Analysis sections 2. Add Test 7 for raw deployment mode (kserve_test.sh): - Deploy sklearn model with RawDeployment annotation - AuthorizationPolicy uses serving.kserve.io/inferenceservice label (works for both serverless and raw modes, unlike Knative labels) - Host-based routing only (path-based requires kserve/kserve#5090, not yet merged upstream) - Verifies auth enforcement: rejects unauthenticated, accepts authenticated requests - Reference: inferenceservice.yaml ingressClassName config 3. Print prediction results to console (kserve_test.sh): - All 12 curl commands now capture and print response body + HTTP status code for easier debugging of test failures - Pattern: curl -s -w '\n%{http_code}' + head/tail split 4. Fix pre-existing cleanup gap: - Add missing kubectl delete for allow-isvc-sklearn AuthorizationPolicy (was created but never cleaned up) References: - Follow-up to: #3352 - Raw deployment ref: kserve/kserve#5090 - Config ref: kserve/kserve@b8fa0fb/config/configmap/inferenceservice.yaml#L389 - Reviewer comment: #3352 (comment) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * address review: remove Architecture Analysis, add securityContext, truncate response body Changes addressing juliusvonkohout review comments: - Remove speculative Architecture Analysis section and orphaned [^6] footnote - Add CI workflow and test script links to KServe Authentication heading - Add host-based and path-based routing sentence with kserve#5090 reference - Add securityContext to secure-model-predictor Knative Service fixture - Truncate response body to 200 characters in echo statements for readable CI logs - Log prediction results in kserve_sklearn_test.py before assertion - Fix pre-existing em dashes in comments (Unicode to ASCII) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(test): add runAsUser to secure-model-predictor securityContext The gcr.io/knative-samples/helloworld-go image runs as root UID 0 by default. Setting runAsNonRoot: true without runAsUser causes kubelet to reject the pod, leading to ksvc timeout in CI. Fix: runAsUser 65534 forces non-root execution. Go binaries are statically linked and run at any UID. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(test): expand ksvc abbreviation, enable live pytest logging Address review: replace ksvc with Knative Service in echo statements. Switch --log-level info to --log-cli-level=INFO so prediction results stream to console during CI runs instead of being captured by pytest. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(test): force-kill port-forward to prevent script hang The kubectl port-forward background process ignores SIGTERM when connections are active. Bash waits for all child processes before exiting, causing the test step to hang indefinitely after all tests pass. Fix by sending SIGTERM, waiting 2s for graceful shutdown, then SIGKILL as fallback, and finally reaping with wait. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * ci(kserve): add 60-min timeout and log collection on failure Add timeout-minutes: 60 per maintainer guidance -- no test should run longer than 60 minutes. Add 'Collect Logs on Failure' and 'Upload Diagnostic Logs' steps modeled after full_kubeflow_integration_test.yaml to capture pod descriptions, events, and container logs when the job fails, enabling root-cause analysis instead of blind timeout bumps. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(ci): collect logs on timeout, skip cleanup waits Two bugs found in run #901 (cancelled at 60m, all tests passed): 1. Log collection used if: failure() but timeout triggers cancelled(), not failure(). Logs were never collected. Fix: failure() || cancelled(). 2. Cleanup kubectl-delete commands waited for Kubernetes finalizer reconciliation (default --wait=true). Each InferenceService delete blocked 3-5 min for Knative revision teardown on the 2-vCPU runner, adding ~15 min to the test step. The runner is destroyed after the job, so waiting is pointless. Fix: --wait=false on all deletes. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * Reduce timeout for kserve test job to 25 minutes Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * address review: rename UNAUTH_TOKEN, remove --wait=false - Rename UNAUTH_TOKEN to UNAUTHORIZED_TOKEN: this test validates authorization (RBAC), not authentication (JWT). The token is valid but the ServiceAccount lacks namespace-scoped permissions. - Remove --wait=false from cleanup deletes: deletion is part of the test -- verifying that resources tear down cleanly matters. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(ci): parallelize cleanup deletes, bump timeout to 30m Julius: cleanup must succeed and should complete in <60s. Sequential deletes took ~5 min (sum of finalizer waits). Parallel deletes bring total to ~30-45s (max of individual). All 6 resources are independent — no ordering dependencies. Bump kserve_test.yaml timeout from 25m to 30m per Julius. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(ci): reduce AuthorizationPolicy sleep 60s to 30s, bump models web app timeout to 30m Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(kserve): restore 60s sleep for AuthorizationPolicy propagation The sleep was reduced from 60s to 30s in d31918d, but Envoy in the KinD CI environment needs ~45-60s to pick up the new AuthorizationPolicy. With only 30s, Test 2b (host-based with token) fires before the ALLOW rule propagates, causing 403 RBAC: access denied. Restore 60s for both Test 2 and Test 7 (raw deployment). Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(kserve): replace blind sleep with active polling for AuthorizationPolicy The two sleep 60 calls add 2 minutes of dead time, causing the job to exceed the 30-minute timeout by ~15 seconds. Replace with polling loops that exit as soon as the AuthorizationPolicy propagates through Envoy (typically 10-30s). Each loop polls every 5 seconds for up to 120 seconds, providing both faster execution and more robust handling of slow environments. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(kserve): poll host-based URL to avoid false-positive 404 from path-based route The previous polling loop used the path-based URL, which returns 404 immediately in CI before the route is configured. Since 404 != 403, the loop exited after 5 seconds thinking the AuthorizationPolicy had propagated — but it had not. Test 2b host-based then failed with 403. Fix: poll the host-based URL instead, which correctly returns 403 until the AuthorizationPolicy propagates through Envoy. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * ci(kserve): bump timeout to 35m for expanded test suite The test suite grew with Test 7 (raw deployment) and active polling loops. Total runtime is ~30m18s with 30m timeout. Bump to 35m to validate all tests pass before finalizing the timeout value. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * Update kserve_test.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update kserve_test.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Apply suggestion from @juliusvonkohout Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update kserve_test.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Apply suggestion from @juliusvonkohout Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * fix(kserve): use Standard instead of deprecated RawDeployment annotation KServe v0.16 renamed RawDeployment to Standard (and Serverless to Knative). Using the legacy name causes the validation webhook to reject status updates during deletion, leaving the finalizer in place and the ISVC stuck in a terminating state indefinitely. Update the kserve_test.sh annotation and comments to use Standard. Ref: kserve/kserve#4710, kserve/kserve#4798 Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> --------- Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Raakshass
added a commit
to Raakshass/manifests
that referenced
this pull request
Mar 27, 2026
… pattern (kubeflow#3352) * refactor(tests): consolidate KServe test infrastructure into two-file pattern Merge scattered KServe test scripts into the canonical *_install.sh + *_test.sh pattern matching all other components. Inline utils.py and iris_input.json into kserve_sklearn_test.py, removing the tests/kserve/ subfolder entirely. Key changes: - Consolidate 3 test scripts into kserve_test.sh (6 tests) - Add pathTemplate ConfigMap patch in kustomization.yaml - Use source.namespaces mTLS AuthorizationPolicy - Both path-based and host-based routing tested via curl - Python SDK prediction test runs independently via pytest - Remove accidental build artifacts (kubeflow-all.yaml) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * Apply suggestion from @juliusvonkohout Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * fix: address reviewer feedback — inline deps, revert AP to requestPrincipals Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * Apply suggestions from code review Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * fix: bootstrap pytest before python -m pytest in kserve_test.sh Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix: use permissive allow-all AuthorizationPolicy (rules: [{}]) for predictor pod Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix: use allow-all AuthorizationPolicy in bash test (same sidecar issue) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * docs: update KServe Authentication section in oauth2-proxy README Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> --------- Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Raakshass
added a commit
to Raakshass/manifests
that referenced
this pull request
Mar 27, 2026
…ization documentation, print prediction output (kubeflow#3354) * test(kserve): add raw deployment test, trim auth docs, print prediction output Addresses follow-up items from PR kubeflow#3352 as requested by @juliusvonkohout: 1. Trim KServe authentication documentation (README.md): - Remove verbose subsections: CI fallback YAML, routing table, Models Web App section, CI Test Coverage table (~70 lines removed) - Add concise 4-line note about CI rules: [{}] workaround - Preserve core architecture and Architecture Analysis sections 2. Add Test 7 for raw deployment mode (kserve_test.sh): - Deploy sklearn model with RawDeployment annotation - AuthorizationPolicy uses serving.kserve.io/inferenceservice label (works for both serverless and raw modes, unlike Knative labels) - Host-based routing only (path-based requires kserve/kserve#5090, not yet merged upstream) - Verifies auth enforcement: rejects unauthenticated, accepts authenticated requests - Reference: inferenceservice.yaml ingressClassName config 3. Print prediction results to console (kserve_test.sh): - All 12 curl commands now capture and print response body + HTTP status code for easier debugging of test failures - Pattern: curl -s -w '\n%{http_code}' + head/tail split 4. Fix pre-existing cleanup gap: - Add missing kubectl delete for allow-isvc-sklearn AuthorizationPolicy (was created but never cleaned up) References: - Follow-up to: kubeflow#3352 - Raw deployment ref: kserve/kserve#5090 - Config ref: kserve/kserve@b8fa0fb/config/configmap/inferenceservice.yaml#L389 - Reviewer comment: kubeflow#3352 (comment) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * address review: remove Architecture Analysis, add securityContext, truncate response body Changes addressing juliusvonkohout review comments: - Remove speculative Architecture Analysis section and orphaned [^6] footnote - Add CI workflow and test script links to KServe Authentication heading - Add host-based and path-based routing sentence with kserve#5090 reference - Add securityContext to secure-model-predictor Knative Service fixture - Truncate response body to 200 characters in echo statements for readable CI logs - Log prediction results in kserve_sklearn_test.py before assertion - Fix pre-existing em dashes in comments (Unicode to ASCII) Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(test): add runAsUser to secure-model-predictor securityContext The gcr.io/knative-samples/helloworld-go image runs as root UID 0 by default. Setting runAsNonRoot: true without runAsUser causes kubelet to reject the pod, leading to ksvc timeout in CI. Fix: runAsUser 65534 forces non-root execution. Go binaries are statically linked and run at any UID. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(test): expand ksvc abbreviation, enable live pytest logging Address review: replace ksvc with Knative Service in echo statements. Switch --log-level info to --log-cli-level=INFO so prediction results stream to console during CI runs instead of being captured by pytest. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(test): force-kill port-forward to prevent script hang The kubectl port-forward background process ignores SIGTERM when connections are active. Bash waits for all child processes before exiting, causing the test step to hang indefinitely after all tests pass. Fix by sending SIGTERM, waiting 2s for graceful shutdown, then SIGKILL as fallback, and finally reaping with wait. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * ci(kserve): add 60-min timeout and log collection on failure Add timeout-minutes: 60 per maintainer guidance -- no test should run longer than 60 minutes. Add 'Collect Logs on Failure' and 'Upload Diagnostic Logs' steps modeled after full_kubeflow_integration_test.yaml to capture pod descriptions, events, and container logs when the job fails, enabling root-cause analysis instead of blind timeout bumps. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(ci): collect logs on timeout, skip cleanup waits Two bugs found in run kubeflow#901 (cancelled at 60m, all tests passed): 1. Log collection used if: failure() but timeout triggers cancelled(), not failure(). Logs were never collected. Fix: failure() || cancelled(). 2. Cleanup kubectl-delete commands waited for Kubernetes finalizer reconciliation (default --wait=true). Each InferenceService delete blocked 3-5 min for Knative revision teardown on the 2-vCPU runner, adding ~15 min to the test step. The runner is destroyed after the job, so waiting is pointless. Fix: --wait=false on all deletes. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * Reduce timeout for kserve test job to 25 minutes Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * address review: rename UNAUTH_TOKEN, remove --wait=false - Rename UNAUTH_TOKEN to UNAUTHORIZED_TOKEN: this test validates authorization (RBAC), not authentication (JWT). The token is valid but the ServiceAccount lacks namespace-scoped permissions. - Remove --wait=false from cleanup deletes: deletion is part of the test -- verifying that resources tear down cleanly matters. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(ci): parallelize cleanup deletes, bump timeout to 30m Julius: cleanup must succeed and should complete in <60s. Sequential deletes took ~5 min (sum of finalizer waits). Parallel deletes bring total to ~30-45s (max of individual). All 6 resources are independent — no ordering dependencies. Bump kserve_test.yaml timeout from 25m to 30m per Julius. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(ci): reduce AuthorizationPolicy sleep 60s to 30s, bump models web app timeout to 30m Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(kserve): restore 60s sleep for AuthorizationPolicy propagation The sleep was reduced from 60s to 30s in d31918d, but Envoy in the KinD CI environment needs ~45-60s to pick up the new AuthorizationPolicy. With only 30s, Test 2b (host-based with token) fires before the ALLOW rule propagates, causing 403 RBAC: access denied. Restore 60s for both Test 2 and Test 7 (raw deployment). Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(kserve): replace blind sleep with active polling for AuthorizationPolicy The two sleep 60 calls add 2 minutes of dead time, causing the job to exceed the 30-minute timeout by ~15 seconds. Replace with polling loops that exit as soon as the AuthorizationPolicy propagates through Envoy (typically 10-30s). Each loop polls every 5 seconds for up to 120 seconds, providing both faster execution and more robust handling of slow environments. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * fix(kserve): poll host-based URL to avoid false-positive 404 from path-based route The previous polling loop used the path-based URL, which returns 404 immediately in CI before the route is configured. Since 404 != 403, the loop exited after 5 seconds thinking the AuthorizationPolicy had propagated — but it had not. Test 2b host-based then failed with 403. Fix: poll the host-based URL instead, which correctly returns 403 until the AuthorizationPolicy propagates through Envoy. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * ci(kserve): bump timeout to 35m for expanded test suite The test suite grew with Test 7 (raw deployment) and active polling loops. Total runtime is ~30m18s with 30m timeout. Bump to 35m to validate all tests pass before finalizing the timeout value. Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> * Update kserve_test.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update kserve_test.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Apply suggestion from @juliusvonkohout Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update kserve_test.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Apply suggestion from @juliusvonkohout Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * fix(kserve): use Standard instead of deprecated RawDeployment annotation KServe v0.16 renamed RawDeployment to Standard (and Serverless to Knative). Using the legacy name causes the validation webhook to reject status updates during deletion, leaving the finalizer in place and the ISVC stuck in a terminating state indefinitely. Update the kserve_test.sh annotation and comments to use Standard. Ref: kserve/kserve#4710, kserve/kserve#4798 Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> --------- Signed-off-by: Siddhant Jain <siddhantjainofficial26@gmail.com> Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
This was referenced Apr 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
✏️ Summary of Changes
Consolidates scattered KServe test scripts into the canonical
kserve_install.sh+kserve_test.shtwo-file pattern, matching every other component's test structure in this repository.Consolidated
tests/kserve_test.shMerged three separate test scripts into a single structured script with 6 tests:
kserve_test.shkserve_test.sh(removed manual VirtualService)kserve_models_web_application_test.shkserve_test.shkserve_complete_authentication_test.shkserve_test.shkserve_test.sh:pathTemplate— see Kserve path based routing #3348)/kserve/to/serving/to align with Kserve path based routing #3348echo "FAIL: ..."error messages for all failure casesDeleted obsolete files
tests/kserve_complete_authentication_test.shkserve_test.shtests/kserve_models_web_application_test.shkserve_test.shtests/kserve_setup_external_access.shpathTemplatesupporttests/kserve/kserve-external-access.yamlpathTemplatesupporttests/kserve_test.yamlUpdated CI workflows
.github/workflows/kserve_models_web_application_test.yaml:kserve_test.shinstead of deletedkserve_models_web_application_test.shsetup-python@v4step (required by pytest in consolidated script)tests/kserve/**path triggertimeout-minutesfrom 25 to 45 (now runs all 6 tests).github/workflows/full_kubeflow_integration_test.yaml:Test KServe Models Web Application APIstep (already covered bykserve_test.shon the preceding step)Updated dependencies
tests/kserve/requirements.txt:kserve>=0.15.0→kserve>=0.16.0📦 Dependencies
🐛 Related Issues
*_install.sh+*_test.sh) used by all other components✅ Contributor Checklist
/cc @juliusvonkohout