From 5cc1e5624839a9f911c332c060a90bf5d9d32790 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Mon, 11 Mar 2024 11:00:23 +0900
Subject: [PATCH 1/2] e2e_node: mount_rro: add
 SkipUnlessFeatureGateEnabled(RecursiveReadOnlyMounts)

Fix issue 123848

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 test/e2e_node/mount_rro_linux_test.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/e2e_node/mount_rro_linux_test.go b/test/e2e_node/mount_rro_linux_test.go
index 0a7a4e33d56..e85f5b4d24b 100644
--- a/test/e2e_node/mount_rro_linux_test.go
+++ b/test/e2e_node/mount_rro_linux_test.go
@@ -25,6 +25,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/uuid"
+	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/test/e2e/framework"
 	e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
 	e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
@@ -135,6 +136,7 @@ var _ = SIGDescribe("Mount recursive read-only [LinuxOnly]", framework.WithSeria
 		}) // Context
 		ginkgo.Context("when the runtime does not support recursive read-only mounts", func() {
 			f.It("should accept non-recursive read-only mounts", func(ctx context.Context) {
+				e2eskipper.SkipUnlessFeatureGateEnabled(features.RecursiveReadOnlyMounts)
 				ginkgo.By("waiting for the node to be ready", func() {
 					waitForNodeReady(ctx)
 					if supportsRRO(ctx, f) {
@@ -175,6 +177,7 @@ var _ = SIGDescribe("Mount recursive read-only [LinuxOnly]", framework.WithSeria
 				}) // By
 			}) // It
 			f.It("should reject recursive read-only mounts", func(ctx context.Context) {
+				e2eskipper.SkipUnlessFeatureGateEnabled(features.RecursiveReadOnlyMounts)
 				ginkgo.By("waiting for the node to be ready", func() {
 					waitForNodeReady(ctx)
 					if supportsRRO(ctx, f) {

From ea14ccdf13f83c4242d711d006880f7eae619b2c Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Mon, 11 Mar 2024 11:26:40 +0900
Subject: [PATCH 2/2] e2e_node: mount_rro: fix error string comparison

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 test/e2e_node/mount_rro_linux_test.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/test/e2e_node/mount_rro_linux_test.go b/test/e2e_node/mount_rro_linux_test.go
index e85f5b4d24b..b4952bea5db 100644
--- a/test/e2e_node/mount_rro_linux_test.go
+++ b/test/e2e_node/mount_rro_linux_test.go
@@ -123,13 +123,8 @@ var _ = SIGDescribe("Mount recursive read-only [LinuxOnly]", framework.WithSeria
 							},
 						},
 					}
-					pod = e2epod.NewPodClient(f).Create(ctx, pod)
-					framework.ExpectNoError(e2epod.WaitForPodContainerToFail(ctx, f.ClientSet, pod.Namespace, pod.Name, 0, "CreateContainerConfigError", framework.PodStartShortTimeout))
-					var err error
-					pod, err = f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(ctx, pod.Name, metav1.GetOptions{})
-					framework.ExpectNoError(err)
-					gomega.Expect(pod.Status.ContainerStatuses[0].State.Waiting.Message).To(
-						gomega.ContainSubstring("failed to resolve recursive read-only mode: volume \"mnt\" requested recursive read-only mode, but it is not read-only"))
+					_, err := f.ClientSet.CoreV1().Pods(pod.Namespace).Create(ctx, pod, metav1.CreateOptions{})
+					gomega.Expect(err).To(gomega.MatchError(gomega.ContainSubstring("spec.containers[0].volumeMounts.recursiveReadOnly: Forbidden: may only be specified when readOnly is true")))
 				}) // By
 				// See also the unit test [pkg/kubelet.TestResolveRecursiveReadOnly] for more invalid conditions (e.g., incompatible mount propagation)
 			}) // It