github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-22 01:56:16 +00:00
Code Issues Projects Releases Wiki Activity

e2e: add [Environment:NotInUserNS] tag to sysctl tests

Browse Source 
The sysctl tests have to be skipped when the node components are running in UserNS,
because the tests fail due to `open /proc/sys/kernel/shm_rmid_forced: permission denied`
(as expected).

Can be verified with Rootless kind (https://kind.sigs.k8s.io/docs/user/rootless/):
```
dockerd-rootless-setuptool.sh install

: The following steps are added because 'kubetest2 kind --build' does not seem to build e2e.test and ginkgo
make WHAT=test/e2e/e2e.test
make ginkgo
cp -f _output/bin/{e2e.test,ginkgo} _output/dockerized/bin/linux/amd64

kubetest2 kind --build --up --down --test=ginkgo -- \
  --use-built-binaries \
  --focus-regex='\[NodeConformance\]' \
  --skip-regex='\[Environment:NotInUserNS\]'
```

Test with the following host environment:
- kubernetes-sigs/kind@ac28d7fb19 (main)
- kubernetes-sigs/kubetest2@89f09b65e8 (master)
- Docker 24.0.6
- Ubuntu 22.04 amd64, kernel 5.15

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2023-10-17 21:33:02 +09:00
parent c46d737ce5
commit a1d2df81fb
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
test/conformance/testdata/conformance.yaml vendored
View File

@ -2466,10 +2466,11 @@
file: test/e2e/common/node/sysctl.go
- testname: Sysctl, test sysctls
codename: '[sig-node] Sysctls [LinuxOnly] [NodeConformance] should support sysctls
[MinimumKubeletVersion:1.21] [Conformance]'
[MinimumKubeletVersion:1.21] [Environment:NotInUserNS] [Conformance]'
description: 'Pod is created with kernel.shm_rmid_forced sysctl. Kernel.shm_rmid_forced
must be set to 1 [LinuxOnly]: This test is marked as LinuxOnly since Windows does
not support sysctls'
not support sysctls [Environment:NotInUserNS]: The test fails in UserNS (as expected):
`open /proc/sys/kernel/shm_rmid_forced: permission denied`'
release: v1.21
file: test/e2e/common/node/sysctl.go
- testname: Environment variables, expansion

6
test/e2e/common/node/sysctl.go
View File

@ -73,8 +73,9 @@ var _ = SIGDescribe("Sysctls [LinuxOnly] [NodeConformance]", func() {
Testname: Sysctl, test sysctls
Description: Pod is created with kernel.shm_rmid_forced sysctl. Kernel.shm_rmid_forced must be set to 1
[LinuxOnly]: This test is marked as LinuxOnly since Windows does not support sysctls
[Environment:NotInUserNS]: The test fails in UserNS (as expected): `open /proc/sys/kernel/shm_rmid_forced: permission denied`
*/
framework.ConformanceIt("should support sysctls [MinimumKubeletVersion:1.21]", func(ctx context.Context) {
framework.ConformanceIt("should support sysctls [MinimumKubeletVersion:1.21] [Environment:NotInUserNS]", func(ctx context.Context) {
pod := testPod()
pod.Spec.SecurityContext = &v1.PodSecurityContext{
Sysctls: []v1.Sysctl{
@ -182,8 +183,9 @@ var _ = SIGDescribe("Sysctls [LinuxOnly] [NodeConformance]", func() {
Testname: Sysctl, test sysctls supports slashes
Description: Pod is created with kernel/shm_rmid_forced sysctl. Support slashes as sysctl separator. The '/' separator is also accepted in place of a '.'
[LinuxOnly]: This test is marked as LinuxOnly since Windows does not support sysctls
[Environment:NotInUserNS]: The test fails in UserNS (as expected): `open /proc/sys/kernel/shm_rmid_forced: permission denied`
*/
ginkgo.It("should support sysctls with slashes as separator [MinimumKubeletVersion:1.23]", func(ctx context.Context) {
ginkgo.It("should support sysctls with slashes as separator [MinimumKubeletVersion:1.23] [Environment:NotInUserNS]", func(ctx context.Context) {
pod := testPod()
pod.Spec.SecurityContext = &v1.PodSecurityContext{
Sysctls: []v1.Sysctl{