github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-21 16:57:08 +00:00
Code Issues Projects Releases Wiki Activity

tests: Move k8s tests to this repo

Browse Source 
The first part of simplifying things to have all our tests using GitHub
actions is moving the k8s tests to this repo, as those will be the first
vict^W targets to be migrated to GitHub actions.

Those tests have been slightly adapted, mainly related to what they load
/ import, so they are more self-contained and do not require us bringing
a lot of scripts from the tests repo here.

A few scripts were also dropped along the way, as we no longer plan to
deploy kubernetes as part of every single run, but rather assume there
will always be k8s running whenever we land to run those tests.

It's important to mention that a few tests were not added here:

* k8s-block-volume:
* k8s-file-volume:
* k8s-volume:
* k8s-ro-volume:
  These tests depend on some sort of volume being created on the
  kubernetes node where the test will run, and this won't fly as the
  tests will run from a GitHub runner, targetting a different machine
  where kubernetes will be running.
  * https://github.com/kata-containers/kata-containers/issues/6566

* k8s-hugepages: This test depends a whole lot on the host where it
  lands and right now we cannot assume anything about that anymore, as
  the tests will run from a GitHub runner, targetting a different
  machine where kubernetes will be running.
  * https://github.com/kata-containers/kata-containers/issues/6567

* k8s-expose-ip: This is simply hanging when running on AKS and has to
  be debugged in order to figure out the root cause of that, and then
  adapted to also work on AKS.
  * https://github.com/kata-containers/kata-containers/issues/6578

Till those issues are solved, we'll keep running a jenkins job with
hose tests to avoid any possible regression.

Last but not least, I've decided to **not** keep the history when
bringing those tests here, otherwise we'd end up polluting a lot the
history of this repo, without any clear benefit on doing so.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This commit is contained in:
Fabiano Fidêncio
2023-03-30 22:14:25 +02:00
parent 73be4bd3f9
commit 11e0099fb5
96 changed files with 3372 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/integration/kubernetes/runtimeclass_workloads/busybox-pod.yaml Normal file
View File

@@ -0,0 +1,32 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: busybox
spec:
terminationGracePeriodSeconds: 0
shareProcessNamespace: true
runtimeClassName: kata
containers:
- name: first-test-container
image: quay.io/prometheus/busybox:latest
env:
- name: CONTAINER_NAME
value: "first-test-container"
command:
- sleep
- "30"
- name: second-test-container
image: quay.io/prometheus/busybox:latest
env:
- name: CONTAINER_NAME
value: "second-test-container"
command:
- sleep
- "30"
stdin: true
tty: true

19
tests/integration/kubernetes/runtimeclass_workloads/busybox-template.yaml Normal file
View File

@@ -0,0 +1,19 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: POD_NAME
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
shareProcessNamespace: true
containers:
- name: CTR_NAME
image: quay.io/prometheus/busybox:latest
command:
- sleep
- "120"

12
tests/integration/kubernetes/runtimeclass_workloads/configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: ConfigMap
metadata:
name: test-configmap
data:
data-1: value-1
data-2: value-2

12
tests/integration/kubernetes/runtimeclass_workloads/footloose-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
data:
authorized_keys: |
${ssh_key}
kind: ConfigMap
metadata:
name: ssh-config-map

29
tests/integration/kubernetes/runtimeclass_workloads/initContainer-shared-volume.yaml Normal file
View File

@@ -0,0 +1,29 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: initcontainer-shared-volume
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
initContainers:
- name: first
image: quay.io/prometheus/busybox:latest
command: [ "sh", "-c", "echo ${EPOCHREALTIME//.} > /volume/initContainer" ]
volumeMounts:
- mountPath: /volume
name: volume
containers:
- name: last
image: quay.io/prometheus/busybox:latest
command: [ "sh", "-c", "echo ${EPOCHREALTIME//.} > /volume/container; tail -f /dev/null" ]
volumeMounts:
- mountPath: /volume
name: volume
volumes:
- name: volume
emptyDir: {}

26
tests/integration/kubernetes/runtimeclass_workloads/initcontainer-shareprocesspid.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright (c) 2022 AntGroup Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: busybox
spec:
terminationGracePeriodSeconds: 0
shareProcessNamespace: true
runtimeClassName: kata
initContainers:
- name: first
image: quay.io/prometheus/busybox:latest
command: [ "sh", "-c", "echo 'nohup tail -f /dev/null >/dev/null 2>&1 &' > /init.sh && chmod +x /init.sh && /init.sh" ]
containers:
- name: first-test-container
image: quay.io/prometheus/busybox:latest
env:
- name: CONTAINER_NAME
value: "first-test-container"
command:
- sleep
- "300"

12
tests/integration/kubernetes/runtimeclass_workloads/inject_secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Secret
metadata:
name: test-secret
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

32
tests/integration/kubernetes/runtimeclass_workloads/inotify-configmap-pod.yaml Normal file
View File

@@ -0,0 +1,32 @@
#
# Copyright (c) 2021 Apple Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: Pod
metadata:
name: inotify-configmap-testing
spec:
containers:
- name: c1
image: quay.io/kata-containers/fsnotify:latest
command: ["bash"]
args: ["-c", "inotifywait --timeout 120 -r /config/ && [[ -L /config/config.toml ]] && echo success" ]
resources:
requests:
cpu: 1
memory: 50Mi
limits:
cpu: 1
memory: 1024Mi
volumeMounts:
- name: config
mountPath: /config
runtimeClassName: kata
restartPolicy: Never
volumes:
- name: config
configMap:
name: cm

13
tests/integration/kubernetes/runtimeclass_workloads/inotify-configmap.yaml Normal file
View File

@@ -0,0 +1,13 @@
#
# Copyright (c) 2021 Apple Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
data:
config.toml: |-
foo original...
kind: ConfigMap
metadata:
name: cm

14
tests/integration/kubernetes/runtimeclass_workloads/inotify-updated-configmap.yaml Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2021 Apple Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
data:
config.toml: |-
foo original...
... updated
kind: ConfigMap
metadata:
name: cm

25
tests/integration/kubernetes/runtimeclass_workloads/job-template.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: batch/v1
kind: Job
metadata:
name: process-item-$ITEM
labels:
jobgroup: jobtest
spec:
template:
metadata:
name: jobtest
labels:
jobgroup: jobtest
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
restartPolicy: Never

20
tests/integration/kubernetes/runtimeclass_workloads/job.yaml Normal file
View File

@@ -0,0 +1,20 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: batch/v1
kind: Job
metadata:
name: job-pi-test
spec:
template:
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: pi
image: quay.io/prometheus/busybox:latest
command: ["/bin/sh", "-c", "echo 'scale=5; 4*a(1)' | bc -l"]
restartPolicy: Never
backoffLimit: 4

9
tests/integration/kubernetes/runtimeclass_workloads/kata-runtimeclass.yaml Normal file
View File

@@ -0,0 +1,9 @@
kind: RuntimeClass
apiVersion: node.k8s.io/v1
metadata:
name: kata
handler: kata
overhead:
podFixed:
memory: "160Mi"
cpu: "250m"

23
tests/integration/kubernetes/runtimeclass_workloads/lifecycle-events.yaml Normal file
View File

@@ -0,0 +1,23 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: handlers
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: handlers-container
image: quay.io/sjenning/${nginx_version}
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
preStop:
exec:
command: ["/usr/sbin/nginx","-s","quit"]

16
tests/integration/kubernetes/runtimeclass_workloads/limit-range.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-limit-range
spec:
limits:
- default:
cpu: 1
defaultRequest:
cpu: 0.5
type: Container

26
tests/integration/kubernetes/runtimeclass_workloads/nginx-deployment.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: nginx
image: quay.io/sjenning/${nginx_version}
ports:
- containerPort: 80

16
tests/integration/kubernetes/runtimeclass_workloads/pod-besteffort.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: besteffort-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: qos-besteffort
image: quay.io/prometheus/busybox:latest
command: ["/bin/sh", "-c", "tail -f /dev/null"]

21
tests/integration/kubernetes/runtimeclass_workloads/pod-burstable.yaml Normal file
View File

@@ -0,0 +1,21 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: burstable-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: qos-burstable
image: quay.io/prometheus/busybox:latest
command: ["/bin/sh", "-c", "tail -f /dev/null"]
resources:
limits:
memory: "200Mi"
requests:
memory: "100Mi"

18
tests/integration/kubernetes/runtimeclass_workloads/pod-caps.yaml Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2021 Apple Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: pod-caps
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-container
image: quay.io/prometheus/busybox:latest
command: ["sh"]
args: ["-c", "cat /proc/self/status | grep Cap && sleep infinity"]
restartPolicy: Never

28
tests/integration/kubernetes/runtimeclass_workloads/pod-configmap.yaml Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: config-env-test-pod
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-container
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
env:
- name: KUBE_CONFIG_1
valueFrom:
configMapKeyRef:
name: test-configmap
key: data-1
- name: KUBE_CONFIG_2
valueFrom:
configMapKeyRef:
name: test-configmap
key: data-2
restartPolicy: Never

16
tests/integration/kubernetes/runtimeclass_workloads/pod-cpu-defaults.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: default-cpu-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: default-cpu-demo-ctr
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]

23
tests/integration/kubernetes/runtimeclass_workloads/pod-cpu.yaml Normal file
View File

@@ -0,0 +1,23 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: constraints-cpu-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: first-cpu-container
image: quay.io/prometheus/busybox:latest
command:
- sleep
- "30"
resources:
limits:
cpu: "1"
requests:
cpu: "500m"

23
tests/integration/kubernetes/runtimeclass_workloads/pod-custom-dns.yaml Normal file
View File

@@ -0,0 +1,23 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
namespace: default
name: custom-dns-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
dnsPolicy: "None"
dnsConfig:
nameservers:
- 1.2.3.4
searches:
- dns.test.search

44
tests/integration/kubernetes/runtimeclass_workloads/pod-empty-dir-fsgroup.yaml Normal file
View File

@@ -0,0 +1,44 @@
#
# Copyright (c) 2021 Red Hat, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: sharevol-kata
spec:
runtimeClassName: kata
restartPolicy: Never
securityContext:
runAsUser: 1001
fsGroup: 123
containers:
- name: mounttest-container
image: ${agnhost_image}
args:
- mounttest
- --fs_type=/test-volume
- --new_file_0660=/test-volume/test-file
- --file_perm=/test-volume/test-file
- --file_owner=/test-volume/test-file
volumeMounts:
- name: emptydir-volume
mountPath: /test-volume
- name: mounttest-container-2
image: ${agnhost_image}
args:
- mounttest
- --fs_type=/test-volume-2
- --new_file_0660=/test-volume-2/test-file
- --file_perm=/test-volume-2/test-file
- --file_owner=/test-volume-2/test-file
volumeMounts:
- name: mem-emptydir-volume
mountPath: /test-volume-2
volumes:
- name: emptydir-volume
emptyDir: {}
- name: mem-emptydir-volume
emptyDir:
medium: Memory

28
tests/integration/kubernetes/runtimeclass_workloads/pod-empty-dir.yaml Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: sharevol-kata
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
volumeMounts:
- name: host-empty-vol
mountPath: "/host/cache"
- name: memory-empty-vol
mountPath: "/tmp/cache"
volumes:
- name: host-empty-vol
emptyDir: {}
- name: memory-empty-vol
emptyDir:
medium: Memory
sizeLimit: "50M"

46
tests/integration/kubernetes/runtimeclass_workloads/pod-env.yaml Normal file
View File

@@ -0,0 +1,46 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: test-env
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-container
image: quay.io/prometheus/busybox:latest
command: [ "sh", "-c"]
args:
- while true; do
echo -en '\n';
printenv MY_POD_NAME;
printenv HOST_IP;
printenv MEMORY_REQUESTS;
printenv MEMORY_LIMITS;
sleep 1;
done;
resources:
requests:
memory: "32Mi"
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: MEMORY_REQUESTS
valueFrom:
resourceFieldRef:
resource: requests.memory
- name: MEMORY_LIMITS
valueFrom:
resourceFieldRef:
resource: limits.memory
restartPolicy: Never

26
tests/integration/kubernetes/runtimeclass_workloads/pod-file-volume.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright (c) 2022 Ant Group
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: test-file-volume
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
restartPolicy: Never
volumes:
- name: shared-file
hostPath:
path: HOST_FILE
type: File
containers:
- name: busybox-file-volume-container
image: busybox
volumeMounts:
- name: shared-file
mountPath: MOUNT_PATH
command: ["/bin/sh"]
args: ["-c", "tail -f /dev/null"]

59
tests/integration/kubernetes/runtimeclass_workloads/pod-footloose.yaml Normal file
View File

@@ -0,0 +1,59 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: footubuntu
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
volumes:
- name: runv
emptyDir:
medium: "Memory"
- name: runlockv
emptyDir:
medium: "Memory"
- name: tmpv
emptyDir:
medium: "Memory"
- name: fakecgroup
hostPath:
path: /sys/fs/cgroup
- name: ssh-dir
emptyDir:
medium: "Memory"
- name: ssh-config-map
configMap:
name: ssh-config-map
defaultMode: 384
containers:
- name: vmcontainer
image: quay.io/footloose/ubuntu18.04:latest
command: ["/sbin/init"]
volumeMounts:
- name: runv
mountPath: /run
- name: runlockv
mountPath: /run/lock
- name: tmpv
mountPath: /tmp
- name: fakecgroup
readOnly: true
mountPath: /sys/fs/cgroup
- name: ssh-dir
mountPath: /root/.ssh
- name: ssh-config-map
mountPath: /root/.ssh/authorized_keys
subPath: authorized_keys
# These containers are run during pod initialization
initContainers:
- name: install
image: quay.io/prometheus/busybox:latest
command: ["sh", "-c", "chmod 700 /root/.ssh"]
volumeMounts:
- name: ssh-dir
mountPath: /root/.ssh

23
tests/integration/kubernetes/runtimeclass_workloads/pod-guaranteed.yaml Normal file
View File

@@ -0,0 +1,23 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: qos-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: qos-guaranteed
image: quay.io/prometheus/busybox:latest
command: ["/bin/sh", "-c", "tail -f /dev/null"]
resources:
limits:
memory: "200Mi"
cpu: "700m"
requests:
memory: "200Mi"
cpu: "700m"

25
tests/integration/kubernetes/runtimeclass_workloads/pod-http-liveness.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
labels:
test: liveness-test
name: liveness-http
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: liveness
image: ${agnhost_image}
args:
- liveness
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 3
periodSeconds: 3

30
tests/integration/kubernetes/runtimeclass_workloads/pod-hugepage.yaml Normal file
View File

@@ -0,0 +1,30 @@
#
# Copyright (c) 2022 Ant Group
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: hugepage-pod
spec:
runtimeClassName: kata
containers:
- name: hugepage-container
image: quay.io/prometheus/busybox:latest
command: ["/bin/sh"]
args: ["-c", "tail -f /dev/null"]
volumeMounts:
- mountPath: /hugepages
name: hugepage
resources:
limits:
hugepages-${hugepages_size}: 512Mi
memory: 512Mi
requests:
hugepages-${hugepages_size}: 512Mi
memory: 512Mi
volumes:
- name: hugepage
emptyDir:
medium: HugePages

28
tests/integration/kubernetes/runtimeclass_workloads/pod-liveness.yaml Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
labels:
test: liveness
name: liveness-exec
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: liveness
image: quay.io/prometheus/busybox:latest
args:
- /bin/sh
- -c
- touch /tmp/healthy; echo "Check status"; sleep 6; rm -rf /tmp/healthy; echo "Check dead"; sleep 12
livenessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 3
periodSeconds: 3

23
tests/integration/kubernetes/runtimeclass_workloads/pod-memory-limit.yaml Normal file
View File

@@ -0,0 +1,23 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: memory-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: memory-test-ctr
image: quay.io/kata-containers/sysbench-kata:latest
imagePullPolicy: IfNotPresent
resources:
limits:
memory: "${memory_size}"
requests:
memory: "500Mi"
command: ["stress"]
args: ["--vm", "1", "--vm-bytes", "${memory_allocated}", "--vm-hang", "1"]

44
tests/integration/kubernetes/runtimeclass_workloads/pod-nested-configmap-secret.yaml Normal file
View File

@@ -0,0 +1,44 @@
#
# Copyright (c) 2021 IBM Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: ConfigMap
metadata:
name: config
data:
config_key: myconfig
---
apiVersion: v1
data:
secret_key: bXlzZWNyZXQ= #mysecret
kind: Secret
metadata:
name: secret
type: Opaque
---
apiVersion: v1
kind: Pod
metadata:
name: nested-configmap-secret-pod
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-container
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
volumeMounts:
- mountPath: /config
name: config
- mountPath: /config/secret
name: secret
volumes:
- name: secret
secret:
secretName: secret
- name: config
configMap:
name: config
restartPolicy: Never

27
tests/integration/kubernetes/runtimeclass_workloads/pod-number-cpu.yaml Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: cpu-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: c1
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
resources:
limits:
cpu: "500m"
- name: c2
image: quay.io/prometheus/busybox:latest
command:
- sleep
- "10"
resources:
limits:
cpu: "500m"

25
tests/integration/kubernetes/runtimeclass_workloads/pod-oom.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright (c) 2020 Ant Group
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: pod-oom
namespace: default
spec:
runtimeClassName: kata
restartPolicy: Never
containers:
- image: quay.io/kata-containers/sysbench-kata:latest
imagePullPolicy: IfNotPresent
name: oom-test
command: ["/bin/sh"]
args: ["-c", "sleep 2; stress --vm 2 --vm-bytes 400M --timeout 30s"]
resources:
limits:
memory: 500Mi
requests:
memory: 500Mi

30
tests/integration/kubernetes/runtimeclass_workloads/pod-optional-empty-configmap.yaml Normal file
View File

@@ -0,0 +1,30 @@
#
# Copyright (c) 2021 IBM Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: optional-empty-config-test-pod
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-container
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
volumeMounts:
- mountPath: /empty-config
name: empty-config
- mountPath: /optional-missing-config
name: optional-missing-config
volumes:
- name: empty-config
configMap:
name: empty-config
- name: optional-missing-config
configMap:
name: optional-missing-config
optional: true
restartPolicy: Never

30
tests/integration/kubernetes/runtimeclass_workloads/pod-optional-empty-secret.yaml Normal file
View File

@@ -0,0 +1,30 @@
#
# Copyright (c) 2021 IBM Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: optional-empty-secret-test-pod
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-container
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
volumeMounts:
- mountPath: /empty-secret
name: empty-secret
- mountPath: /optional-missing-secret
name: optional-missing-secret
volumes:
- name: empty-secret
secret:
secretName: empty-secret
- name: optional-missing-secret
secret:
secretName: optional-missing-secret
optional: true
restartPolicy: Never

28
tests/integration/kubernetes/runtimeclass_workloads/pod-projected-volume.yaml Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: test-projected-volume
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-projected-volume
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
volumeMounts:
- name: all-in-one
mountPath: "/projected-volume"
readOnly: true
volumes:
- name: all-in-one
projected:
sources:
- secret:
name: user
- secret:
name: pass

26
tests/integration/kubernetes/runtimeclass_workloads/pod-quota-deployment.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploymenttest
namespace: test-quota-ns
spec:
selector:
matchLabels:
purpose: quota-demo
replicas: 2
template:
metadata:
labels:
purpose: quota-demo
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: pod-quota-demo
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]

27
tests/integration/kubernetes/runtimeclass_workloads/pod-readonly-volume.yaml Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright (c) 2021 Ant Group
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: test-readonly-volume
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
restartPolicy: Never
volumes:
- name: shared-data
hostPath:
path: /tmp
type: Directory
containers:
- name: busybox-ro-volume-container
image: busybox
volumeMounts:
- name: shared-data
mountPath: /tmp
readOnly: true
command: ["/bin/sh"]
args: ["-c", "tail -f /dev/null"]

22
tests/integration/kubernetes/runtimeclass_workloads/pod-seccomp.yaml Normal file
View File

@@ -0,0 +1,22 @@
#
# Copyright (c) 2021 Red Hat
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: seccomp-container
annotations:
io.katacontainers.config.runtime.disable_guest_seccomp: "false"
spec:
runtimeClassName: kata
terminationGracePeriodSeconds: 0
restartPolicy: Never
containers:
- name: busybox
image: quay.io/prometheus/busybox:latest
command: ["grep", "Seccomp:", "/proc/self/status"]
securityContext:
seccompProfile:
type: RuntimeDefault

27
tests/integration/kubernetes/runtimeclass_workloads/pod-secret-env.yaml Normal file
View File

@@ -0,0 +1,27 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: secret-envars-test-pod
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: envars-test-container
image: quay.io/prometheus/busybox:latest
command: ["/bin/sh", "-c", "tail -f /dev/null"]
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: test-secret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: test-secret
key: password

25
tests/integration/kubernetes/runtimeclass_workloads/pod-secret.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: secret-test-pod
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: test-container
image: quay.io/prometheus/busybox:latest
command: ["/bin/sh", "-c", "tail -f /dev/null"]
volumeMounts:
# name must match the volume name below
- name: secret-volume
mountPath: /tmp/secret-volume
# The secret data is exposed to Containers in the Pod through a Volume.
volumes:
- name: secret-volume
secret:
secretName: test-secret

18
tests/integration/kubernetes/runtimeclass_workloads/pod-security-context.yaml Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: security-context-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
securityContext:
runAsUser: 1000
containers:
- name: sec-text
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]

31
tests/integration/kubernetes/runtimeclass_workloads/pod-shared-volume.yaml Normal file
View File

@@ -0,0 +1,31 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: test-shared-volume
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
restartPolicy: Never
volumes:
- name: shared-data
emptyDir: {}
containers:
- name: busybox-first-container
image: quay.io/prometheus/busybox:latest
volumeMounts:
- name: shared-data
mountPath: /tmp
command: ["/bin/sh"]
args: ["-c", "tail -f /dev/null"]
- name: busybox-second-container
image: quay.io/prometheus/busybox:latest
volumeMounts:
- name: shared-data
mountPath: /tmp
command: ["/bin/sh"]
args: ["-c", "echo Hello from the busybox-second-container > /tmp/pod-data && tail -f /dev/null"]

28
tests/integration/kubernetes/runtimeclass_workloads/pod-sysctl.yaml Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: sysctl-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
securityContext:
sysctls:
- name: kernel.shm_rmid_forced
value: "0"
containers:
- name: test
securityContext:
privileged: true
image: quay.io/prometheus/busybox:latest
command: ["tail", "-f", "/dev/null"]
initContainers:
- name: init-sys
securityContext:
privileged: true
image: quay.io/prometheus/busybox:latest
command: ['sh', '-c', 'echo "64000" > /proc/sys/vm/max_map_count']

31
tests/integration/kubernetes/runtimeclass_workloads/pod-tcp-liveness.yaml Normal file
View File

@@ -0,0 +1,31 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: tcptest
labels:
app: tcp-liveness
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: tcp-liveness
image: ${agnhost_image}
args:
- liveness
ports:
- containerPort: 8080
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 15
periodSeconds: 20

36
tests/integration/kubernetes/runtimeclass_workloads/redis-master-deployment.yaml Normal file
View File

@@ -0,0 +1,36 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-master
labels:
app: redis
spec:
selector:
matchLabels:
app: redis
role: master
tier: backend
replicas: 1
template:
metadata:
labels:
app: redis
role: master
tier: backend
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: master
image: quay.io/libpod/redis
resources:
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 6379

21
tests/integration/kubernetes/runtimeclass_workloads/redis-master-service.yaml Normal file
View File

@@ -0,0 +1,21 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Service
metadata:
name: redis-master
labels:
app: redis
role: master
tier: backend
spec:
ports:
- port: 6379
targetPort: 6379
selector:
app: redis
role: master
tier: backend

26
tests/integration/kubernetes/runtimeclass_workloads/replication-controller.yaml Normal file
View File

@@ -0,0 +1,26 @@
#
# Copyright (c) 2019 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: ReplicationController
metadata:
name: replicationtest
spec:
replicas: 1
selector:
app: nginx-rc-test
template:
metadata:
name: nginx
labels:
app: nginx-rc-test
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: nginxtest
image: quay.io/sjenning/${nginx_version}
ports:
- containerPort: 80

20
tests/integration/kubernetes/runtimeclass_workloads/resource-quota.yaml Normal file
View File

@@ -0,0 +1,20 @@
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: Namespace
metadata:
name: test-quota-ns
- apiVersion: v1
kind: ResourceQuota
metadata:
name: pod-quota
namespace: test-quota-ns
spec:
hard:
pods: "2"

13
tests/integration/kubernetes/runtimeclass_workloads/stress/Dockerfile Normal file
View File

@@ -0,0 +1,13 @@
#
# Copyright (c) 2021 IBM Corp.
#
# SPDX-License-Identifier: Apache-2.0
# The image has only the 'latest' tag so it needs to ignore DL3007
#hadolint ignore=DL3007
FROM quay.io/libpod/ubuntu:latest
RUN apt-get -y update && \
apt-get -y upgrade && \
apt-get -y --no-install-recommends install stress && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

24
tests/integration/kubernetes/runtimeclass_workloads/vfio.yaml Normal file
View File

@@ -0,0 +1,24 @@
#
# Copyright (c) 2020 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
kind: Pod
metadata:
name: vfio
spec:
terminationGracePeriodSeconds: 0
runtimeClassName: kata
containers:
- name: c1
image: quay.io/prometheus/busybox:latest
command:
- sh
tty: true
stdin: true
resources:
limits:
intel.com/virtio_net: "1"
requests:
intel.com/virtio_net: "1"