Add node e2e tests for hostPid #44119
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
This change is |
k8s-github-robot
added
size/M
| } | ||
|
|
||
| // the pid of 'sh' should not be 1 if it is in hostPid mode. | ||
| if logs == "1\n" { |
There was a problem hiding this comment.
This would not work in the future if we enable shared pid namespace in the pod. Maybe we can create two host pid pods and check whether they can see each other.
You can also create a non-host-pid-ns pod, and verify that it cannot see others.
There was a problem hiding this comment.
This would not work in the future if we enable shared pid namespace in the pod. Maybe we can create to host pid pods and check whether they can see each other.
That's right. Will update.
feiskyer
force-pushed
the
e2e-node
branch
2 times, most recently
from
88b199f
to
3c21c6b
Compare
| busyboxPodName := "busybox-hostpid-" + string(uuid.NewUUID()) | ||
| nginxPodName := "nginx-hostpid-" + string(uuid.NewUUID()) | ||
| It("should create the pod in hostPid", func() { | ||
| podClient.CreateSync(makeHostPidPod(nginxPodName, |
There was a problem hiding this comment.
The test will pass if there happens to be any nginx process running on the node. We should make sure the pid actually matches. You can get the pid of the process by exec into the container and cat the /var/run/nginx.pid file.
In the other container, you should make sure if the output includes the pid we are looking for.
I'd still like to see a test for a non-hostpid pod to make sure we don't always use host pid.
There was a problem hiding this comment.
Agree. @xlgao-zju We could also test hostpid and hostipc in similar way.
| } | ||
| busyboxPodName := "busybox-hostpid-" + string(uuid.NewUUID()) | ||
| nginxPodName := "nginx-hostpid-" + string(uuid.NewUUID()) | ||
| It("should create the pod in hostPid", func() { |
There was a problem hiding this comment.
nit: s/in hostPid/in the host PID namespace
yujuhong
added
release-note-none
|
Adding @Random-Liu since we need an approver. |
yujuhong
added
release-note
| busyboxPodName := "busybox-hostpid-" + string(uuid.NewUUID()) | ||
| nginxPodName := "nginx-hostpid-" + string(uuid.NewUUID()) | ||
| It("should create the pod in hostPid", func() { | ||
| podClient.CreateSync(makeHostPidPod(nginxPodName, |
There was a problem hiding this comment.
Agree. @xlgao-zju We could also test hostpid and hostipc in similar way.
|
|
||
| podClient.CreateSync(makeHostPidPod(busyboxPodName, | ||
| "gcr.io/google_containers/busybox:1.24", | ||
| []string{"sh", "-c", "pgrep nginx; sleep 240"})) |
There was a problem hiding this comment.
Why sleep 240? Maybe just tail -f /dev/null
| []string{"sh", "-c", "pgrep nginx; sleep 240"})) | ||
|
|
||
| Eventually(func() error { | ||
| logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName) |
There was a problem hiding this comment.
Even if you go with current solution, we should trim spaces here to make sure logs is actually empty.
And I think yuju's suggestion is better and more reliable here.
k8s-github-robot
added
size/L
|
LGTM |
feiskyer
force-pushed
the
e2e-node
branch
2 times, most recently
from
440503f
to
dc034fc
Compare
|
test/e2e_node/security_context_test.go, line 63 at r4 (raw file):
Why not just Comments from Reviewable |
Good idea. Updated. |
|
Review status: 0 of 2 files reviewed at latest revision, 8 unresolved discussions. test/e2e_node/security_context_test.go, line 88 at r5 (raw file):
Why use test/e2e_node/security_context_test.go, line 113 at r5 (raw file):
Why use Comments from Reviewable |
|
/cc @Helen-Xie @heartlock |
feiskyer
force-pushed
the
e2e-node
branch
2 times, most recently
from
438f1ca
to
06b89fd
Compare
|
@Random-Liu Fixed. PTAL. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Random-Liu, feiskyer
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
|
Commit found in the "release-1.6" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
Automatic merge from submit-queue Automated cherry pick of kubernetes#44097 and kubernetes#44119 Cherry pick kubernetes#44097 and kubernetes#44119 for release-1.6. Fix container hostPid settings. **Release note**: ```release-note Fix container hostPid settings when CRI is enabled. ```
For #44118. Add node e2e tests for hostPid.
cc @yujuhong @kubernetes/sig-node-pr-reviews