diff --git a/tests/integration/kubernetes/confidential_common.sh b/tests/integration/kubernetes/confidential_common.sh index e487fadf5f..73535a2ff2 100644 --- a/tests/integration/kubernetes/confidential_common.sh +++ b/tests/integration/kubernetes/confidential_common.sh @@ -116,12 +116,16 @@ function is_confidential_gpu_hardware() { return 1 } +# create_loop_device creates a loop device backed by a file. +# $1: loop file path (default: /tmp/trusted-image-storage.img) +# $2: size in MB (default: 2500, i.e. ~2.5Gi; use 30720 for ~30Gi) function create_loop_device(){ local loop_file="${1:-/tmp/trusted-image-storage.img}" + local size_mb="${2:-2500}" local node="$(get_one_kata_node)" cleanup_loop_device "$loop_file" - exec_host "$node" "dd if=/dev/zero of=$loop_file bs=1M count=2500" + exec_host "$node" "dd if=/dev/zero of=$loop_file bs=1M count=$size_mb" exec_host "$node" "losetup -fP $loop_file >/dev/null 2>&1" local device=$(exec_host "$node" losetup -j $loop_file | awk -F'[: ]' '{print $1}') diff --git a/tests/integration/kubernetes/k8s-guest-pull-image.bats b/tests/integration/kubernetes/k8s-guest-pull-image.bats index ab6422b678..493748ac94 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image.bats @@ -97,7 +97,10 @@ setup() { storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXXXXX.yaml") local_device=$(create_loop_device) - LOCAL_DEVICE="$local_device" NODE_NAME="$node" envsubst < "$storage_config_template" > "$storage_config" + PV_NAME=trusted-block-pv PVC_NAME=trusted-pvc \ + PV_STORAGE_CAPACITY=10Gi PVC_STORAGE_REQUEST=1Gi \ + LOCAL_DEVICE="$local_device" NODE_NAME="$node" \ + envsubst < "$storage_config_template" > "$storage_config" # For debug sake echo "Trusted storage $storage_config file:" @@ -142,7 +145,10 @@ setup() { @test "Test we cannot pull a large image that pull time exceeds createcontainer timeout inside the guest" { storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXXXXX.yaml") local_device=$(create_loop_device) - LOCAL_DEVICE="$local_device" NODE_NAME="$node" envsubst < "$storage_config_template" > "$storage_config" + PV_NAME=trusted-block-pv PVC_NAME=trusted-pvc \ + PV_STORAGE_CAPACITY=10Gi PVC_STORAGE_REQUEST=1Gi \ + LOCAL_DEVICE="$local_device" NODE_NAME="$node" \ + envsubst < "$storage_config_template" > "$storage_config" # For debug sake echo "Trusted storage $storage_config file:" @@ -193,7 +199,10 @@ setup() { fi storage_config=$(mktemp "${BATS_FILE_TMPDIR}/$(basename "${storage_config_template}").XXXXXX.yaml") local_device=$(create_loop_device) - LOCAL_DEVICE="$local_device" NODE_NAME="$node" envsubst < "$storage_config_template" > "$storage_config" + PV_NAME=trusted-block-pv PVC_NAME=trusted-pvc \ + PV_STORAGE_CAPACITY=10Gi PVC_STORAGE_REQUEST=1Gi \ + LOCAL_DEVICE="$local_device" NODE_NAME="$node" \ + envsubst < "$storage_config_template" > "$storage_config" # For debug sake echo "Trusted storage $storage_config file:" diff --git a/tests/integration/kubernetes/runtimeclass_workloads/confidential/trusted-storage.yaml.in b/tests/integration/kubernetes/runtimeclass_workloads/confidential/trusted-storage.yaml.in index 68ae4f5a95..8a0ebf17eb 100644 --- a/tests/integration/kubernetes/runtimeclass_workloads/confidential/trusted-storage.yaml.in +++ b/tests/integration/kubernetes/runtimeclass_workloads/confidential/trusted-storage.yaml.in @@ -14,10 +14,10 @@ volumeBindingMode: WaitForFirstConsumer apiVersion: v1 kind: PersistentVolume metadata: - name: trusted-block-pv + name: $PV_NAME spec: capacity: - storage: 10Gi + storage: $PV_STORAGE_CAPACITY volumeMode: Block accessModes: - ReadWriteOnce @@ -37,12 +37,12 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: trusted-pvc + name: $PVC_NAME spec: accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi + storage: $PVC_STORAGE_REQUEST volumeMode: Block storageClassName: local-storage