mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-05-08 00:17:31 +00:00
c5ff513e0b
> Double quote array expansions to avoid re-splitting elements Signed-off-by: stevenhorsman <steven@uk.ibm.com>
87 lines
2.3 KiB
Bash
Executable File
87 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (c) 2021 Red Hat
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# Run this script to check the webhook is deployed and working
|
|
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
|
|
webhook_dir=$(dirname $0)
|
|
source "${webhook_dir}/../../../tests/common.bash"
|
|
source "${webhook_dir}/common.bash"
|
|
|
|
readonly hello_pod="hello-kata-webhook"
|
|
# The Pod RuntimeClassName for Kata Containers.
|
|
RUNTIME_CLASS="${RUNTIME_CLASS:-$(kubectl get configmap kata-webhook -o jsonpath='{.data.runtime_class}' 2>/dev/null || echo "kata")}"
|
|
|
|
cleanup() {
|
|
{
|
|
kubectl get -n ${WEBHOOK_NS} pod/${hello_pod} && \
|
|
kubectl delete -n ${WEBHOOK_NS} pod/${hello_pod}
|
|
} &>/dev/null
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
# Check the deployment exists and is available.
|
|
#
|
|
check_deployed() {
|
|
local timeout="60s"
|
|
kubectl get -n ${WEBHOOK_NS} deployment/${WEBHOOK_SVC} &>/dev/null || \
|
|
die "The ${WEBHOOK_SVC} deployment does not exist"
|
|
|
|
kubectl wait -n ${WEBHOOK_NS} deployment/${WEBHOOK_SVC} \
|
|
--for condition=Available --timeout ${timeout} &>/dev/null || \
|
|
die "The ${WEBHOOK_SVC} deployment is unavailable after ${timeout} waiting"
|
|
}
|
|
|
|
# Check the webhook is working as expected.
|
|
#
|
|
check_working() {
|
|
kubectl get -n ${WEBHOOK_NS} pod/${hello_pod} &>/dev/null && \
|
|
die "${hello_pod} pod exists, cannot reliably check the webhook"
|
|
|
|
cat <<-EOF | kubectl apply -f -
|
|
kind: Pod
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ${hello_pod}
|
|
namespace: ${WEBHOOK_NS}
|
|
spec:
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: ${hello_pod}
|
|
image: quay.io/prometheus/busybox:latest
|
|
command: ["echo", "Hello Webhook"]
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
EOF
|
|
local class_name=$(kubectl get -n ${WEBHOOK_NS} \
|
|
-o jsonpath='{.spec.runtimeClassName}' pod/${hello_pod})
|
|
if [ "${class_name}" != "${RUNTIME_CLASS}" ]; then
|
|
warn "RuntimeClassName expected ${RUNTIME_CLASS}, got ${class_name}"
|
|
die "kata-webhook is not working"
|
|
fi
|
|
}
|
|
|
|
main() {
|
|
info "Going to check the kata-webhook installation"
|
|
[ -n "${KUBECONFIG:-}" ] || die "KUBECONFIG should be exported"
|
|
check_deployed
|
|
check_working
|
|
info "kata-webhook is up and working"
|
|
}
|
|
|
|
main "$@"
|