From cdb1a039c18eb18c173cb71dc99b2ed8fec7b75b Mon Sep 17 00:00:00 2001 From: Random-Liu Date: Fri, 22 Jul 2016 14:55:50 -0700 Subject: [PATCH 1/3] Change LoadConfig to generate restclient config for node e2e test --- test/e2e/framework/framework.go | 20 ++++---------------- test/e2e/framework/util.go | 4 ++++ 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index d1e0e4b1ab5..c498ac40bf3 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -32,7 +32,6 @@ import ( apierrs "k8s.io/kubernetes/pkg/api/errors" "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_2" "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_3" - "k8s.io/kubernetes/pkg/client/restclient" client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/pkg/fields" "k8s.io/kubernetes/pkg/labels" @@ -137,21 +136,10 @@ func (f *Framework) BeforeEach() { f.cleanupHandle = AddCleanupAction(f.AfterEach) if f.Client == nil { By("Creating a kubernetes client") - var config *restclient.Config - if TestContext.NodeName != "" { - // This is a node e2e test, apply the node e2e configuration - config = &restclient.Config{ - Host: TestContext.Host, - QPS: 100, - Burst: 100, - } - } else { - var err error - config, err = LoadConfig() - Expect(err).NotTo(HaveOccurred()) - config.QPS = f.options.ClientQPS - config.Burst = f.options.ClientBurst - } + config, err := LoadConfig() + Expect(err).NotTo(HaveOccurred()) + config.QPS = f.options.ClientQPS + config.Burst = f.options.ClientBurst if TestContext.KubeAPIContentType != "" { config.ContentType = TestContext.KubeAPIContentType } diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index a18f821d785..cda046de047 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -1711,6 +1711,10 @@ func restclientConfig(kubeContext string) (*clientcmdapi.Config, error) { type ClientConfigGetter func() (*restclient.Config, error) func LoadConfig() (*restclient.Config, error) { + if TestContext.NodeName != "" { + // This is a node e2e test, apply the node e2e configuration + return &restclient.Config{Host: TestContext.Host}, nil + } c, err := restclientConfig(TestContext.KubeContext) if err != nil { return nil, err From 268f458ea4d7dce471f5365f839b506e1a18363a Mon Sep 17 00:00:00 2001 From: Random-Liu Date: Sat, 23 Jul 2016 22:04:09 -0700 Subject: [PATCH 2/3] Add exec util in test framework. --- test/e2e/framework/exec_util.go | 90 +++++++++++++++++++++++++++++++++ test/e2e/framework/util.go | 11 ---- 2 files changed, 90 insertions(+), 11 deletions(-) create mode 100644 test/e2e/framework/exec_util.go diff --git a/test/e2e/framework/exec_util.go b/test/e2e/framework/exec_util.go new file mode 100644 index 00000000000..cf4e1fe7e5f --- /dev/null +++ b/test/e2e/framework/exec_util.go @@ -0,0 +1,90 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package framework + +import ( + "bytes" + "io" + "net/url" + "strings" + + "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/client/restclient" + "k8s.io/kubernetes/pkg/client/unversioned/remotecommand" + remotecommandserver "k8s.io/kubernetes/pkg/kubelet/server/remotecommand" + + . "github.com/onsi/gomega" +) + +// ExecCommandInContainer execute a command in the specified container. +// Pass in stdin, tty if needed in the future. +func (f *Framework) ExecCommandInContainer(podName, containerName string, cmd ...string) string { + Logf("Exec running '%s'", strings.Join(cmd, " ")) + config, err := LoadConfig() + Expect(err).NotTo(HaveOccurred(), "failed to load restclient config") + var stdout, stderr bytes.Buffer + var stdin io.Reader + tty := false + req := f.Client.RESTClient.Post(). + Resource("pods"). + Name(podName). + Namespace(f.Namespace.Name). + SubResource("exec"). + Param("container", containerName) + req.VersionedParams(&api.PodExecOptions{ + Container: containerName, + Command: cmd, + Stdin: stdin != nil, + Stdout: true, + Stderr: true, + TTY: tty, + }, api.ParameterCodec) + + err = execute("POST", req.URL(), config, stdin, &stdout, &stderr, tty) + Expect(err).NotTo(HaveOccurred(), "post request failed") + Logf("Exec stderr: %q", stderr.String()) + return strings.TrimSpace(stdout.String()) +} + +func (f *Framework) ExecShellInContainer(podName, containerName string, cmd string) string { + return f.ExecCommandInContainer(podName, containerName, "/bin/sh", "-c", cmd) +} + +func (f *Framework) ExecCommandInPod(podName string, cmd ...string) string { + pod, err := f.PodClient().Get(podName) + Expect(err).NotTo(HaveOccurred(), "failed to get pod") + Expect(pod.Spec.Containers).NotTo(BeEmpty()) + return f.ExecCommandInContainer(podName, pod.Spec.Containers[0].Name, cmd...) +} + +func (f *Framework) ExecShellInPod(podName string, cmd string) string { + return f.ExecCommandInPod(podName, "/bin/sh", "-c", cmd) +} + +func execute(method string, url *url.URL, config *restclient.Config, stdin io.Reader, stdout, stderr io.Writer, tty bool) error { + exec, err := remotecommand.NewExecutor(config, method, url) + if err != nil { + return err + } + return exec.Stream(remotecommand.StreamOptions{ + SupportedProtocols: remotecommandserver.SupportedStreamingProtocols, + Stdin: stdin, + Stdout: stdout, + Stderr: stderr, + Tty: tty, + }) +} diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index cda046de047..bde9e9f9d11 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -45,7 +45,6 @@ import ( apierrs "k8s.io/kubernetes/pkg/api/errors" "k8s.io/kubernetes/pkg/api/resource" "k8s.io/kubernetes/pkg/api/unversioned" - "k8s.io/kubernetes/pkg/apimachinery/registered" "k8s.io/kubernetes/pkg/apis/extensions" "k8s.io/kubernetes/pkg/client/cache" clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" @@ -3632,10 +3631,6 @@ func IssueSSHCommand(cmd, provider string, node *api.Node) error { // NewHostExecPodSpec returns the pod spec of hostexec pod func NewHostExecPodSpec(ns, name string) *api.Pod { pod := &api.Pod{ - TypeMeta: unversioned.TypeMeta{ - Kind: "Pod", - APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(), - }, ObjectMeta: api.ObjectMeta{ Name: name, Namespace: ns, @@ -4449,9 +4444,6 @@ func LaunchWebserverPod(f *Framework, podName, nodeName string) (ip string) { containerName := fmt.Sprintf("%s-container", podName) port := 8080 pod := &api.Pod{ - TypeMeta: unversioned.TypeMeta{ - Kind: "Pod", - }, ObjectMeta: api.ObjectMeta{ Name: podName, }, @@ -4485,9 +4477,6 @@ func LaunchWebserverPod(f *Framework, podName, nodeName string) (ip string) { func CheckConnectivityToHost(f *Framework, nodeName, podName, host string, timeout int) error { contName := fmt.Sprintf("%s-container", podName) pod := &api.Pod{ - TypeMeta: unversioned.TypeMeta{ - Kind: "Pod", - }, ObjectMeta: api.ObjectMeta{ Name: podName, }, From 749e0d0d72b96eb5c783e38b7ebc12b1521229d2 Mon Sep 17 00:00:00 2001 From: Random-Liu Date: Sat, 23 Jul 2016 22:04:52 -0700 Subject: [PATCH 3/3] Move privileged and kubelet_etc_hosts into common directory. --- test/e2e/{ => common}/kubelet_etc_hosts.go | 37 +---- test/e2e/{ => common}/privileged.go | 44 ++---- test/e2e_node/exec_util.go | 70 --------- test/e2e_node/privileged_test.go | 162 --------------------- 4 files changed, 16 insertions(+), 297 deletions(-) rename test/e2e/{ => common}/kubelet_etc_hosts.go (82%) rename test/e2e/{ => common}/privileged.go (77%) delete mode 100644 test/e2e_node/exec_util.go delete mode 100644 test/e2e_node/privileged_test.go diff --git a/test/e2e/kubelet_etc_hosts.go b/test/e2e/common/kubelet_etc_hosts.go similarity index 82% rename from test/e2e/kubelet_etc_hosts.go rename to test/e2e/common/kubelet_etc_hosts.go index b511bb0efdb..4bce13edf3b 100644 --- a/test/e2e/kubelet_etc_hosts.go +++ b/test/e2e/common/kubelet_etc_hosts.go @@ -1,5 +1,5 @@ /* -Copyright 2014 The Kubernetes Authors. +Copyright 2016 The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,16 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */ -package e2e +package common import ( - "fmt" "strings" . "github.com/onsi/ginkgo" api "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/api/unversioned" - "k8s.io/kubernetes/pkg/apimachinery/registered" "k8s.io/kubernetes/test/e2e/framework" ) @@ -106,32 +103,13 @@ func assertEtcHostsIsNotKubeletManaged(etcHostsContent string) { } func (config *KubeletManagedHostConfig) getEtcHostsContent(podName, containerName string) string { - cmd := framework.KubectlCmd("exec", fmt.Sprintf("--namespace=%v", config.f.Namespace.Name), podName, "-c", containerName, "cat", "/etc/hosts") - stdout, stderr, err := framework.StartCmdAndStreamOutput(cmd) - if err != nil { - framework.Failf("Failed to retrieve /etc/hosts, err: %q", err) - } - defer stdout.Close() - defer stderr.Close() - - buf := make([]byte, 1000) - var n int - framework.Logf("reading from `kubectl exec` command's stdout") - if n, err = stdout.Read(buf); err != nil { - framework.Failf("Failed to read from kubectl exec stdout: %v", err) - } - return string(buf[:n]) + return config.f.ExecCommandInContainer(podName, containerName, "cat", "/etc/hosts") } func (config *KubeletManagedHostConfig) createPodSpec(podName string) *api.Pod { pod := &api.Pod{ - TypeMeta: unversioned.TypeMeta{ - Kind: "Pod", - APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(), - }, ObjectMeta: api.ObjectMeta{ - Name: podName, - Namespace: config.f.Namespace.Name, + Name: podName, }, Spec: api.PodSpec{ Containers: []api.Container{ @@ -186,13 +164,8 @@ func (config *KubeletManagedHostConfig) createPodSpec(podName string) *api.Pod { func (config *KubeletManagedHostConfig) createPodSpecWithHostNetwork(podName string) *api.Pod { pod := &api.Pod{ - TypeMeta: unversioned.TypeMeta{ - Kind: "Pod", - APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(), - }, ObjectMeta: api.ObjectMeta{ - Name: podName, - Namespace: config.f.Namespace.Name, + Name: podName, }, Spec: api.PodSpec{ SecurityContext: &api.PodSecurityContext{ diff --git a/test/e2e/privileged.go b/test/e2e/common/privileged.go similarity index 77% rename from test/e2e/privileged.go rename to test/e2e/common/privileged.go index c606552dbb3..1f68de866d2 100644 --- a/test/e2e/privileged.go +++ b/test/e2e/common/privileged.go @@ -1,5 +1,5 @@ /* -Copyright 2015 The Kubernetes Authors. +Copyright 2016 The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package e2e +package common import ( "encoding/json" @@ -24,9 +24,6 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/api/unversioned" - "k8s.io/kubernetes/pkg/apimachinery/registered" - client "k8s.io/kubernetes/pkg/client/unversioned" "k8s.io/kubernetes/test/e2e/framework" ) @@ -54,7 +51,8 @@ var _ = framework.KubeDescribe("PrivilegedPod", func() { f: f, } It("should test privileged pod", func() { - config.hostExecPod = framework.LaunchHostExecPod(config.f.Client, config.f.Namespace.Name, "hostexec") + By("Creating a hostexec pod") + config.createHostExecPod() By("Creating a privileged pod") config.createPrivilegedPod() @@ -90,7 +88,7 @@ func (config *PrivilegedPodTestConfig) dialFromContainer(containerIP string, con v.Encode()) By(fmt.Sprintf("Exec-ing into container over http. Running command:%s", cmd)) - stdout := framework.RunHostCmdOrDie(config.hostExecPod.Namespace, config.hostExecPod.Name, cmd) + stdout := config.f.ExecShellInPod(config.hostExecPod.Name, cmd) var output map[string]string err := json.Unmarshal([]byte(stdout), &output) Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Could not unmarshal curl response: %s", stdout)) @@ -102,10 +100,6 @@ func (config *PrivilegedPodTestConfig) createPrivilegedPodSpec() *api.Pod { isPrivileged := true notPrivileged := false pod := &api.Pod{ - TypeMeta: unversioned.TypeMeta{ - Kind: "Pod", - APIVersion: registered.GroupOrDie(api.GroupName).GroupVersion.String(), - }, ObjectMeta: api.ObjectMeta{ Name: privilegedPodName, Namespace: config.f.Namespace.Name, @@ -140,28 +134,12 @@ func (config *PrivilegedPodTestConfig) createPrivilegedPodSpec() *api.Pod { return pod } +func (config *PrivilegedPodTestConfig) createHostExecPod() { + podSpec := framework.NewHostExecPodSpec(config.f.Namespace.Name, "hostexec") + config.hostExecPod = config.f.PodClient().CreateSync(podSpec) +} + func (config *PrivilegedPodTestConfig) createPrivilegedPod() { podSpec := config.createPrivilegedPodSpec() - config.privilegedPod = config.createPod(podSpec) -} - -func (config *PrivilegedPodTestConfig) createPod(pod *api.Pod) *api.Pod { - createdPod, err := config.getPodClient().Create(pod) - if err != nil { - framework.Failf("Failed to create %q pod: %v", pod.Name, err) - } - framework.ExpectNoError(config.f.WaitForPodRunning(pod.Name)) - createdPod, err = config.getPodClient().Get(pod.Name) - if err != nil { - framework.Failf("Failed to retrieve %q pod: %v", pod.Name, err) - } - return createdPod -} - -func (config *PrivilegedPodTestConfig) getPodClient() client.PodInterface { - return config.f.Client.Pods(config.f.Namespace.Name) -} - -func (config *PrivilegedPodTestConfig) getNamespaceClient() client.NamespaceInterface { - return config.f.Client.Namespaces() + config.privilegedPod = config.f.PodClient().CreateSync(podSpec) } diff --git a/test/e2e_node/exec_util.go b/test/e2e_node/exec_util.go deleted file mode 100644 index 1986091cda8..00000000000 --- a/test/e2e_node/exec_util.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package e2e_node - -import ( - "bytes" - "io" - "net/url" - "strings" - - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/client/restclient" - client "k8s.io/kubernetes/pkg/client/unversioned" - "k8s.io/kubernetes/pkg/client/unversioned/remotecommand" - remotecommandserver "k8s.io/kubernetes/pkg/kubelet/server/remotecommand" -) - -func execute(method string, url *url.URL, config *restclient.Config, stdin io.Reader, stdout, stderr io.Writer, tty bool) error { - exec, err := remotecommand.NewExecutor(config, method, url) - if err != nil { - return err - } - return exec.Stream(remotecommand.StreamOptions{ - SupportedProtocols: remotecommandserver.SupportedStreamingProtocols, - Stdin: stdin, - Stdout: stdout, - Stderr: stderr, - Tty: tty, - }) -} - -func execCommandInContainer(config *restclient.Config, c *client.Client, ns, podName, containerName string, cmd []string) (string, error) { - var stdout, stderr bytes.Buffer - var stdin io.Reader - tty := false - req := c.RESTClient.Post(). - Resource("pods"). - Name(podName). - Namespace(ns). - SubResource("exec"). - Param("container", containerName) - req.VersionedParams(&api.PodExecOptions{ - Container: containerName, - Command: cmd, - Stdin: false, - Stdout: true, - Stderr: true, - TTY: tty, - }, api.ParameterCodec) - - err := execute("POST", req.URL(), config, stdin, &stdout, &stderr, tty) - if err != nil { - return "", err - } - return strings.TrimSpace(stdout.String()), nil -} diff --git a/test/e2e_node/privileged_test.go b/test/e2e_node/privileged_test.go deleted file mode 100644 index f471bbe9db0..00000000000 --- a/test/e2e_node/privileged_test.go +++ /dev/null @@ -1,162 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package e2e_node - -import ( - "encoding/json" - "fmt" - "net/url" - - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/client/restclient" - client "k8s.io/kubernetes/pkg/client/unversioned" - "k8s.io/kubernetes/test/e2e/framework" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -// TODO: This test was ported from test/e2e/privileged.go. We should -// re-evaluate the need of testing the feature in both suites. -const ( - privilegedPodName = "privileged-pod" - privilegedContainerName = "privileged-container" - privilegedHttpPort = 8080 - privilegedUdpPort = 8081 - notPrivilegedHttpPort = 9090 - notPrivilegedUdpPort = 9091 - notPrivilegedContainerName = "not-privileged-container" - privilegedCommand = "ip link add dummy1 type dummy" -) - -type PrivilegedPodTestConfig struct { - config *restclient.Config - client *client.Client - namespace string - hostExecPod *api.Pod - privilegedPod *api.Pod -} - -// TODO(random-liu): Change the test to use framework and framework pod client. -var _ = Describe("PrivilegedPod", func() { - f := framework.NewDefaultFramework("privileged-pod") - It("should test privileged pod", func() { - config := &PrivilegedPodTestConfig{ - client: f.Client, - config: &restclient.Config{Host: framework.TestContext.Host}, - namespace: f.Namespace.Name, - } - By("Creating a host exec pod") - config.hostExecPod = f.PodClient().CreateSync(newHostExecPodSpec("hostexec")) - - By("Creating a privileged pod") - config.privilegedPod = f.PodClient().CreateSync(config.createPrivilegedPodSpec()) - - By("Executing privileged command on privileged container") - config.runPrivilegedCommandOnPrivilegedContainer() - - By("Executing privileged command on non-privileged container") - config.runPrivilegedCommandOnNonPrivilegedContainer() - }) -}) - -func (config *PrivilegedPodTestConfig) createPrivilegedPodSpec() *api.Pod { - isPrivileged := true - notPrivileged := false - pod := &api.Pod{ - ObjectMeta: api.ObjectMeta{ - Name: privilegedPodName, - }, - Spec: api.PodSpec{ - Containers: []api.Container{ - { - Name: privilegedContainerName, - Image: ImageRegistry[netExecImage], - ImagePullPolicy: api.PullIfNotPresent, - SecurityContext: &api.SecurityContext{Privileged: &isPrivileged}, - Command: []string{ - "/netexec", - fmt.Sprintf("--http-port=%d", privilegedHttpPort), - fmt.Sprintf("--udp-port=%d", privilegedUdpPort), - }, - }, - { - Name: notPrivilegedContainerName, - Image: ImageRegistry[netExecImage], - ImagePullPolicy: api.PullIfNotPresent, - SecurityContext: &api.SecurityContext{Privileged: ¬Privileged}, - Command: []string{ - "/netexec", - fmt.Sprintf("--http-port=%d", notPrivilegedHttpPort), - fmt.Sprintf("--udp-port=%d", notPrivilegedUdpPort), - }, - }, - }, - }, - } - return pod -} - -func (config *PrivilegedPodTestConfig) runPrivilegedCommandOnPrivilegedContainer() { - outputMap := config.dialFromContainer(config.privilegedPod.Status.PodIP, privilegedHttpPort) - Expect(len(outputMap["error"]) == 0).To(BeTrue(), fmt.Sprintf("Privileged command failed unexpectedly on privileged container, output: %v", outputMap)) -} - -func (config *PrivilegedPodTestConfig) runPrivilegedCommandOnNonPrivilegedContainer() { - outputMap := config.dialFromContainer(config.privilegedPod.Status.PodIP, notPrivilegedHttpPort) - Expect(len(outputMap["error"]) > 0).To(BeTrue(), fmt.Sprintf("Privileged command should have failed on non-privileged container, output: %v", outputMap)) -} - -func (config *PrivilegedPodTestConfig) dialFromContainer(containerIP string, containerHttpPort int) map[string]string { - v := url.Values{} - v.Set("shellCommand", "ip link add dummy1 type dummy") - cmd := fmt.Sprintf("curl -q 'http://%s:%d/shell?%s'", - containerIP, - containerHttpPort, - v.Encode()) - By(fmt.Sprintf("Exec-ing into container over http. Running command: %s", cmd)) - - stdout, err := execCommandInContainer(config.config, config.client, config.namespace, config.hostExecPod.Name, config.hostExecPod.Spec.Containers[0].Name, - []string{"/bin/sh", "-c", cmd}) - Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Error running command %q: %v", cmd, err)) - - var output map[string]string - err = json.Unmarshal([]byte(stdout), &output) - Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Could not unmarshal curl response: %s", stdout)) - return output -} - -// newHostExecPodSpec returns the pod spec of hostexec pod -func newHostExecPodSpec(name string) *api.Pod { - return &api.Pod{ - ObjectMeta: api.ObjectMeta{ - Name: name, - }, - Spec: api.PodSpec{ - Containers: []api.Container{ - { - Name: "hostexec", - Image: ImageRegistry[hostExecImage], - ImagePullPolicy: api.PullIfNotPresent, - }, - }, - SecurityContext: &api.PodSecurityContext{ - HostNetwork: true, - }, - }, - } -}