From 758d78a662e7b39ba9ab4fba970e96840402fcf8 Mon Sep 17 00:00:00 2001 From: Andrew Sy Kim Date: Thu, 10 Mar 2022 15:58:37 +0000 Subject: [PATCH] test/e2e_node: add a test pulling a private GCR image Signed-off-by: Andrew Sy Kim Co-authored-by: Aditi Sharma --- test/e2e_node/image_credential_provider.go | 63 ++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 test/e2e_node/image_credential_provider.go diff --git a/test/e2e_node/image_credential_provider.go b/test/e2e_node/image_credential_provider.go new file mode 100644 index 00000000000..b94917f3c7c --- /dev/null +++ b/test/e2e_node/image_credential_provider.go @@ -0,0 +1,63 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2enode + +import ( + "github.com/onsi/ginkgo" + + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/uuid" + "k8s.io/kubernetes/test/e2e/framework" + imageutils "k8s.io/kubernetes/test/utils/image" +) + +var _ = SIGDescribe("ImageCredentialProvider [Feature:KubeletCredentialProviders]", func() { + f := framework.NewDefaultFramework("image-credential-provider") + var podClient *framework.PodClient + + ginkgo.BeforeEach(func() { + podClient = f.PodClient() + }) + + /* + Release: v1.24 + Testname: Test kubelet image pull with external credential provider plugins + Description: Create Pod with an image from a private registry. This test assumes that the kubelet credential provider plugin is enabled for the registry hosting imageutils.AgnhostPrivate. + */ + ginkgo.It("should be able to create pod with image credentials fetched from external credential provider ", func() { + privateimage := imageutils.GetConfig(imageutils.AgnhostPrivate) + name := "pod-auth-image-" + string(uuid.NewUUID()) + pod := &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: "container-auth-image", + Image: privateimage.GetE2EImage(), + ImagePullPolicy: v1.PullAlways, + }, + }, + }, + } + + // CreateSync tests that the Pod is running and ready + podClient.CreateSync(pod) + }) +})