tests: parametrize storage parameters

- trusted-storage.yaml.in: use $PV_STORAGE_CAPACITY and
  $PVC_STORAGE_REQUEST so that PV/PVC size can vary per test.
- confidential_common.sh: add optional size (MB) argument to
  create_loop_device.
- k8s-guest-pull-image.bats: pass PV_STORAGE_CAPACITY and
  PVC_STORAGE_REQUEST when generating storage config.

Signed-off-by: Manuel Huber <manuelh@nvidia.com>

tests/integration/kubernetes/confidential_common.sh

@@ -116,12 +116,16 @@ function is_confidential_gpu_hardware() {
 	return 1
 }
 
+# create_loop_device creates a loop device backed by a file.
+# $1: loop file path (default: /tmp/trusted-image-storage.img)
+# $2: size in MB (default: 2500, i.e. ~2.5Gi; use 30720 for ~30Gi)
 function create_loop_device(){
 	local loop_file="${1:-/tmp/trusted-image-storage.img}"
+	local size_mb="${2:-2500}"
 	local node="$(get_one_kata_node)"
 	cleanup_loop_device "$loop_file"
 
-	exec_host "$node" "dd if=/dev/zero of=$loop_file bs=1M count=2500"
+	exec_host "$node" "dd if=/dev/zero of=$loop_file bs=1M count=$size_mb"
 	exec_host "$node" "losetup -fP $loop_file >/dev/null 2>&1"
 	local device=$(exec_host "$node" losetup -j $loop_file | awk -F'[: ]' '{print $1}')
 

tests/integration/kubernetes/k8s-guest-pull-image.bats

@@ -97,7 +97,10 @@ setup() {
 
     storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXXXXX.yaml")
     local_device=$(create_loop_device)
-    LOCAL_DEVICE="$local_device" NODE_NAME="$node" envsubst < "$storage_config_template" > "$storage_config"
+    PV_NAME=trusted-block-pv PVC_NAME=trusted-pvc \
+        PV_STORAGE_CAPACITY=10Gi PVC_STORAGE_REQUEST=1Gi \
+        LOCAL_DEVICE="$local_device" NODE_NAME="$node" \
+        envsubst < "$storage_config_template" > "$storage_config"
 
     # For debug sake
     echo "Trusted storage $storage_config file:"
@@ -142,7 +145,10 @@ setup() {
 @test "Test we cannot pull a large image that pull time exceeds createcontainer timeout inside the guest" {
     storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXXXXX.yaml")
     local_device=$(create_loop_device)
-    LOCAL_DEVICE="$local_device" NODE_NAME="$node" envsubst < "$storage_config_template" > "$storage_config"
+    PV_NAME=trusted-block-pv PVC_NAME=trusted-pvc \
+        PV_STORAGE_CAPACITY=10Gi PVC_STORAGE_REQUEST=1Gi \
+        LOCAL_DEVICE="$local_device" NODE_NAME="$node" \
+        envsubst < "$storage_config_template" > "$storage_config"
 
     # For debug sake
     echo "Trusted storage $storage_config file:"
@@ -193,7 +199,10 @@ setup() {
     fi
     storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXXXXX.yaml")
     local_device=$(create_loop_device)
-    LOCAL_DEVICE="$local_device" NODE_NAME="$node" envsubst < "$storage_config_template" > "$storage_config"
+    PV_NAME=trusted-block-pv PVC_NAME=trusted-pvc \
+        PV_STORAGE_CAPACITY=10Gi PVC_STORAGE_REQUEST=1Gi \
+        LOCAL_DEVICE="$local_device" NODE_NAME="$node" \
+        envsubst < "$storage_config_template" > "$storage_config"
 
     # For debug sake
     echo "Trusted storage $storage_config file:"

tests/integration/kubernetes/runtimeclass_workloads/confidential/trusted-storage.yaml.in

@@ -14,10 +14,10 @@ volumeBindingMode: WaitForFirstConsumer
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: trusted-block-pv
+  name: $PV_NAME
 spec:
   capacity:
-    storage: 10Gi
+    storage: $PV_STORAGE_CAPACITY
   volumeMode: Block
   accessModes:
     - ReadWriteOnce
@@ -37,12 +37,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: trusted-pvc
+  name: $PVC_NAME
 spec:
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: $PVC_STORAGE_REQUEST
   volumeMode: Block
   storageClassName: local-storage