github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Add node e2e tests for pulling images from credential providers

Browse Source
This commit is contained in:
Pengfei Ni 2017-10-26 20:55:13 +08:00
parent 0515895c08
commit 2bbba1f662
2 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
test/e2e_node/runtime_conformance_test.go
View File

@ -18,13 +18,17 @@ package e2e_node
import ( import (
"fmt" "fmt"
"io/ioutil"
"os"
"path" "path"
"path/filepath"
"time" "time"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/uuid" "k8s.io/apimachinery/pkg/util/uuid"
"k8s.io/kubernetes/pkg/kubelet/images" "k8s.io/kubernetes/pkg/kubelet/images"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e_node/services"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
@ -259,6 +263,7 @@ while true; do sleep 1; done
description string description string
image string image string
secret bool secret bool
credentialProvider bool
phase v1.PodPhase phase v1.PodPhase
waiting bool waiting bool
}{ }{
@ -299,6 +304,13 @@ while true; do sleep 1; done
phase: v1.PodRunning, phase: v1.PodRunning,
waiting: false, waiting: false,
}, },
{
description: "should be able to pull from private registry with credential provider",
image: "gcr.io/authenticated-image-pulling/alpine:3.1",
credentialProvider: true,
phase: v1.PodRunning,
waiting: false,
},
} { } {
testCase := testCase testCase := testCase
It(testCase.description+" [Conformance]", func() { It(testCase.description+" [Conformance]", func() {
@ -323,6 +335,12 @@ while true; do sleep 1; done
defer f.ClientSet.Core().Secrets(f.Namespace.Name).Delete(secret.Name, nil) defer f.ClientSet.Core().Secrets(f.Namespace.Name).Delete(secret.Name, nil)
container.ImagePullSecrets = []string{secret.Name} container.ImagePullSecrets = []string{secret.Name}
} }
if testCase.credentialProvider {
configFile := filepath.Join(services.KubeletRootDirectory, "config.json")
err := ioutil.WriteFile(configFile, []byte(auth), 0644)
Expect(err).NotTo(HaveOccurred())
defer os.Remove(configFile)
}
// checkContainerStatus checks whether the container status matches expectation. // checkContainerStatus checks whether the container status matches expectation.
checkContainerStatus := func() error { checkContainerStatus := func() error {
status, err := container.GetStatus() status, err := container.GetStatus()

6
test/e2e_node/services/kubelet.go
View File

@ -85,7 +85,7 @@ const (
// Ports of different e2e services. // Ports of different e2e services.
kubeletPort = "10250" kubeletPort = "10250"
kubeletReadOnlyPort = "10255" kubeletReadOnlyPort = "10255"
kubeletRootDirectory = "/var/lib/kubelet" KubeletRootDirectory = "/var/lib/kubelet"
// Health check url of kubelet // Health check url of kubelet
kubeletHealthCheckURL = "http://127.0.0.1:" + kubeletReadOnlyPort + "/healthz" kubeletHealthCheckURL = "http://127.0.0.1:" + kubeletReadOnlyPort + "/healthz"
) )
@ -110,7 +110,7 @@ func (e *E2EServices) startKubelet() (*server, error) {
return nil, err return nil, err
} }
e.rmDirs = append(e.rmDirs, manifestPath) e.rmDirs = append(e.rmDirs, manifestPath)
err = createRootDirectory(kubeletRootDirectory) err = createRootDirectory(KubeletRootDirectory)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -151,7 +151,7 @@ func (e *E2EServices) startKubelet() (*server, error) {
"--address", "0.0.0.0", "--address", "0.0.0.0",
"--port", kubeletPort, "--port", kubeletPort,
"--read-only-port", kubeletReadOnlyPort, "--read-only-port", kubeletReadOnlyPort,
"--root-dir", kubeletRootDirectory, "--root-dir", KubeletRootDirectory,
"--volume-stats-agg-period", "10s", // Aggregate volumes frequently so tests don't need to wait as long "--volume-stats-agg-period", "10s", // Aggregate volumes frequently so tests don't need to wait as long
"--allow-privileged", "true", "--allow-privileged", "true",
"--serialize-image-pulls", "false", "--serialize-image-pulls", "false",