github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-02 09:24:35 +00:00
Code Issues Projects Releases Wiki Activity

test/k8s: Extend initdata tests to run on s390x

Browse Source 
Enable testing of initdata on the qemu-coco-dev and qemu-se
runtime classes, so we can validate the function on s390x

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
2025-07-31 10:02:34 +01:00
committed by rafsalrahim
parent 4cc373c06e
commit 8ee80b4c37
1 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/integration/kubernetes/k8s-initdata.bats
View File

@@ -10,7 +10,7 @@
# 3. Pull an image from a banned registry # 3. Pull an image from a banned registry
# 4. Check if the pulling fails with log `image security validation failed`, # 4. Check if the pulling fails with log `image security validation failed`,
# the initdata works. # the initdata works.
# #
# Note that if initdata does not work, the pod still fails to launch (hang at # Note that if initdata does not work, the pod still fails to launch (hang at
# CreatingContainer status). The error information is # CreatingContainer status). The error information is
# `[CDH] [ERROR]: Get Resource failed` which internally means that the KBS URL # `[CDH] [ERROR]: Get Resource failed` which internally means that the KBS URL
@@ -35,7 +35,7 @@ setup() {
setup_common || die "setup_common failed" setup_common || die "setup_common failed"
FAIL_TEST_IMAGE="quay.io/prometheus/busybox:latest" FAIL_TEST_IMAGE="quay.io/prometheus/busybox:latest"
SECURITY_POLICY_KBS_URI="kbs:///default/security-policy/test" SECURITY_POLICY_KBS_URI="kbs:///default/security-policy/test"
} }
@@ -45,13 +45,16 @@ function setup_kbs_image_policy_for_initdata() {
fi fi
export CURRENT_ARCH=$(uname -m) export CURRENT_ARCH=$(uname -m)
if [ "${CURRENT_ARCH}" != "x86_64" ]; then case "${CURRENT_ARCH}" in
skip "Test skipped as only x86-64 supports, while current platform is ${CURRENT_ARCH}" "x86_64"|"s390x")
fi ;;
*)
skip "Test skipped as only x86-64 & s390x is supported, while current platform is ${CURRENT_ARCH}"
;;
esac
# TODO: Enable for more archs
case "$KATA_HYPERVISOR" in case "$KATA_HYPERVISOR" in
"qemu-tdx"|"qemu-coco-dev"|"qemu-snp") "qemu-tdx"|"qemu-coco-dev"|"qemu-snp"|"qemu-se")
;; ;;
*) *)
skip "Test not supported for ${KATA_HYPERVISOR}." skip "Test not supported for ${KATA_HYPERVISOR}."
@@ -88,7 +91,7 @@ EOF
@test "Test that creating a container from an rejected image configured by initdata, fails according to policy reject" { @test "Test that creating a container from an rejected image configured by initdata, fails according to policy reject" {
setup_kbs_image_policy_for_initdata setup_kbs_image_policy_for_initdata
CC_KBS_ADDRESS=$(kbs_k8s_svc_http_addr) CC_KBS_ADDRESS=$(kbs_k8s_svc_http_addr)
kernel_parameter="agent.image_policy_file=${SECURITY_POLICY_KBS_URI} agent.enable_signature_verification=true" kernel_parameter="agent.image_policy_file=${SECURITY_POLICY_KBS_URI} agent.enable_signature_verification=true"