github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 22:17:14 +00:00
Code Issues Projects Releases Wiki Activity

pkg/kubelet/userns: add idsPerPod tests

Browse Source 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2025-02-14 10:47:03 +09:00
parent 1592bfa4a8
commit 09fdae408f
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
1 changed files with 72 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
pkg/kubelet/userns/userns_manager_test.go
View File

@ -102,51 +102,81 @@ func (m *testUserNsPodsManager) GetUserNamespacesIDsPerPod() uint32 {
func TestUserNsManagerAllocate(t *testing.T) { func TestUserNsManagerAllocate(t *testing.T) {
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true) featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)
testUserNsPodsManager := &testUserNsPodsManager{} customUserNsLength := uint32(1048576)
m, err := MakeUserNsManager(testUserNsPodsManager)
require.NoError(t, err)
allocated, length, err := m.allocateOne("one") cases := []struct {
assert.NoError(t, err) name string
assert.Equal(t, testUserNsLength, length, "m.isSet(%d).length=%v", allocated, length) userNsLength uint32
assert.True(t, m.isSet(allocated), "m.isSet(%d)", allocated) mappingFirstID uint32
mappingLen uint32
allocated2, length2, err := m.allocateOne("two") }{
assert.NoError(t, err) {
assert.NotEqual(t, allocated, allocated2, "allocated != allocated2") name: "default",
assert.Equal(t, length, length2, "length == length2") userNsLength: testUserNsLength,
mappingFirstID: minimumMappingUID,
// verify that re-adding the same pod with the same settings won't fail mappingLen: mappingLen,
err = m.record("two", allocated2, length2) },
assert.NoError(t, err) {
// but it fails if anyting is different name: "custom",
err = m.record("two", allocated2+1, length2) userNsLength: customUserNsLength,
assert.Error(t, err) mappingFirstID: customUserNsLength,
mappingLen: customUserNsLength * 2000,
m.Release("one") },
m.Release("two")
assert.False(t, m.isSet(allocated), "m.isSet(%d)", allocated)
assert.False(t, m.isSet(allocated2), "m.nsSet(%d)", allocated2)
var allocs []uint32
for i := 0; i < 1000; i++ {
allocated, length, err = m.allocateOne(types.UID(fmt.Sprintf("%d", i)))
assert.Equal(t, testUserNsLength, length, "length is not the expected. iter: %v", i)
assert.NoError(t, err)
assert.GreaterOrEqual(t, allocated, uint32(minimumMappingUID))
// The last ID of the userns range (allocated+userNsLength) should be within bounds.
assert.LessOrEqual(t, allocated, uint32(minimumMappingUID+mappingLen-testUserNsLength))
allocs = append(allocs, allocated)
} }
for i, v := range allocs {
assert.True(t, m.isSet(v), "m.isSet(%d) should be true", v)
m.Release(types.UID(fmt.Sprintf("%d", i)))
assert.False(t, m.isSet(v), "m.isSet(%d) should be false", v)
err = m.record(types.UID(fmt.Sprintf("%d", i)), v, testUserNsLength) for _, tc := range cases {
assert.NoError(t, err) t.Run(tc.name, func(t *testing.T) {
m.Release(types.UID(fmt.Sprintf("%d", i))) testUserNsPodsManager := &testUserNsPodsManager{
assert.False(t, m.isSet(v), "m.isSet(%d) should be false", v) userNsLength: tc.userNsLength,
mappingFirstID: tc.mappingFirstID,
mappingLen: tc.mappingLen,
}
m, err := MakeUserNsManager(testUserNsPodsManager)
require.NoError(t, err)
allocated, length, err := m.allocateOne("one")
require.NoError(t, err)
assert.Equal(t, tc.userNsLength, length, "m.isSet(%d).length=%v", allocated, length)
assert.True(t, m.isSet(allocated), "m.isSet(%d)", allocated)
allocated2, length2, err := m.allocateOne("two")
require.NoError(t, err)
assert.NotEqual(t, allocated, allocated2, "allocated != allocated2")
assert.Equal(t, length, length2, "length == length2")
// verify that re-adding the same pod with the same settings won't fail
err = m.record("two", allocated2, length2)
require.NoError(t, err)
// but it fails if anyting is different
err = m.record("two", allocated2+1, length2)
require.Error(t, err)
m.Release("one")
m.Release("two")
assert.False(t, m.isSet(allocated), "m.isSet(%d)", allocated)
assert.False(t, m.isSet(allocated2), "m.nsSet(%d)", allocated2)
var allocs []uint32
for i := 0; i < 1000; i++ {
allocated, length, err = m.allocateOne(types.UID(fmt.Sprintf("%d", i)))
assert.Equal(t, tc.userNsLength, length, "length is not the expected. iter: %v", i)
require.NoError(t, err)
assert.GreaterOrEqual(t, allocated, tc.mappingFirstID)
// The last ID of the userns range (allocated+userNsLength) should be within bounds.
assert.LessOrEqual(t, allocated, tc.mappingFirstID+tc.mappingLen-tc.userNsLength)
allocs = append(allocs, allocated)
}
for i, v := range allocs {
assert.True(t, m.isSet(v), "m.isSet(%d) should be true", v)
m.Release(types.UID(fmt.Sprintf("%d", i)))
assert.False(t, m.isSet(v), "m.isSet(%d) should be false", v)
err = m.record(types.UID(fmt.Sprintf("%d", i)), v, tc.userNsLength)
require.NoError(t, err)
m.Release(types.UID(fmt.Sprintf("%d", i)))
assert.False(t, m.isSet(v), "m.isSet(%d) should be false", v)
}
})
} }
} }