mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
Merge pull request #35587 from rkouj/master
Automatic merge from submit-queue Add test for: mount a secret with another secret having same name in different namespace <!-- Thanks for sending a pull request! Here are some tips for you: 1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md 2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md 3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes --> **What this PR does / why we need it**: If two secrets exist with the same name but different namespace, a pod in one namespace should be able to mount the secret without issue. **Which issue this PR fixes** _(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)_: fixes # **Special notes for your reviewer**: **Release note**: <!-- Steps to write your release note: 1. Use the release-note-* labels to set the release note state (if you have access) 2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. --> ``` release-note ``` …nother secret with same name and different namespace
This commit is contained in:
Kubernetes Submit Queue
GitHub
commit
c1b2481540
@ -31,12 +31,12 @@ var _ = framework.KubeDescribe("Secrets", func() {
|
||||
f := framework.NewDefaultFramework("secrets")
|
||||
|
||||
It("should be consumable from pods in volume [Conformance]", func() {
|
||||
doSecretE2EWithoutMapping(f, nil)
|
||||
doSecretE2EWithoutMapping(f, nil /* default mode */, "secret-test-"+string(uuid.NewUUID()))
|
||||
})
|
||||
|
||||
It("should be consumable from pods in volume with defaultMode set [Conformance]", func() {
|
||||
defaultMode := int32(0400)
|
||||
doSecretE2EWithoutMapping(f, &defaultMode)
|
||||
doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()))
|
||||
})
|
||||
|
||||
It("should be consumable from pods in volume with mappings [Conformance]", func() {
|
||||
@ -48,6 +48,27 @@ var _ = framework.KubeDescribe("Secrets", func() {
|
||||
doSecretE2EWithMapping(f, &mode)
|
||||
})
|
||||
|
||||
It("should be able to mount in a volume regardless of a different secret existing with same name in different namespace", func() {
|
||||
var (
|
||||
namespace2 *api.Namespace
|
||||
err error
|
||||
secret2Name = "secret-test-" + string(uuid.NewUUID())
|
||||
)
|
||||
|
||||
if namespace2, err = f.CreateNamespace("secret-namespace", nil); err != nil {
|
||||
framework.Failf("unable to create new namespace %s: %v", namespace2.Name, err)
|
||||
}
|
||||
|
||||
secret2 := secretForTest(namespace2.Name, secret2Name)
|
||||
secret2.Data = map[string][]byte{
|
||||
"this_should_not_match_content_of_other_secret": []byte("similarly_this_should_not_match_content_of_other_secret\n"),
|
||||
}
|
||||
if secret2, err = f.ClientSet.Core().Secrets(namespace2.Name).Create(secret2); err != nil {
|
||||
framework.Failf("unable to create test secret %s: %v", secret2.Name, err)
|
||||
}
|
||||
doSecretE2EWithoutMapping(f, nil /* default mode */, secret2.Name)
|
||||
})
|
||||
|
||||
It("should be consumable in multiple volumes in a pod [Conformance]", func() {
|
||||
// This test ensures that the same secret can be mounted in multiple
|
||||
// volumes in the same pod. This test case exists to prevent
|
||||
@ -180,12 +201,11 @@ func secretForTest(namespace, name string) *api.Secret {
|
||||
}
|
||||
}
|
||||
|
||||
func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
|
||||
func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32, secretName string) {
|
||||
var (
|
||||
name = "secret-test-" + string(uuid.NewUUID())
|
||||
volumeName = "secret-volume"
|
||||
volumeMountPath = "/etc/secret-volume"
|
||||
secret = secretForTest(f.Namespace.Name, name)
|
||||
secret = secretForTest(f.Namespace.Name, secretName)
|
||||
)
|
||||
|
||||
By(fmt.Sprintf("Creating secret with name %s", secret.Name))
|
||||
@ -196,7 +216,8 @@ func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
|
||||
|
||||
pod := &api.Pod{
|
||||
ObjectMeta: api.ObjectMeta{
|
||||
Name: "pod-secrets-" + string(uuid.NewUUID()),
|
||||
Name: "pod-secrets-" + string(uuid.NewUUID()),
|
||||
Namespace: f.Namespace.Name,
|
||||
},
|
||||
Spec: api.PodSpec{
|
||||
Volumes: []api.Volume{
|
||||
@ -204,7 +225,7 @@ func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
|
||||
Name: volumeName,
|
||||
VolumeSource: api.VolumeSource{
|
||||
Secret: &api.SecretVolumeSource{
|
||||
SecretName: name,
|
||||
SecretName: secretName,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@ -38,6 +38,7 @@ Container Lifecycle Hook when create a pod with lifecycle hook when it is http h
|
||||
Container Runtime Conformance Test container runtime conformance blackbox test when running a container with a new image *,Random-Liu,0
|
||||
Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits it should run with the expected status,luxas,1
|
||||
Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits should report termination message if TerminationMessagePath is set,timothysc,1
|
||||
ContainerLogPath Pod with a container printed log to stdout should print log to correct log path,resouer,0
|
||||
CronJob should not emit unexpected warnings,soltysh,1
|
||||
CronJob should not schedule jobs when suspended,soltysh,1
|
||||
CronJob should not schedule new jobs when ForbidConcurrent,soltysh,1
|
||||
@ -45,7 +46,6 @@ CronJob should replace jobs when ReplaceConcurrent,soltysh,1
|
||||
CronJob should schedule multiple jobs concurrently,soltysh,1
|
||||
DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods in both nonfaulty and faulty scenarios,MrHohn,0
|
||||
DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods when cluster size changed,MrHohn,0
|
||||
ContainerLogPath Pod with a container printed log to stdout should print log to correct log path,resouer,0
|
||||
DNS should provide DNS for ExternalName services,rmmh,1
|
||||
DNS should provide DNS for pods for Hostname and Subdomain Annotation,mtaufen,1
|
||||
DNS should provide DNS for services,roberthbailey,1
|
||||
@ -77,6 +77,9 @@ Deployment overlapping deployment should not fight with each other,kargakis,1
|
||||
Deployment paused deployment should be able to scale,kargakis,1
|
||||
Deployment paused deployment should be ignored by the controller,kargakis,0
|
||||
Deployment scaled rollout deployment should not block on annotation check,kargakis,1
|
||||
DisruptionController evictions: * => *,rkouj,0
|
||||
DisruptionController should create a PodDisruptionBudget,rkouj,0
|
||||
DisruptionController should update PodDisruptionBudget status,rkouj,0
|
||||
Docker Containers should be able to override the image's default arguments (docker cmd),maisem,0
|
||||
Docker Containers should be able to override the image's default command and arguments,maisem,0
|
||||
Docker Containers should be able to override the image's default commmand (docker entrypoint),maisem,0
|
||||
@ -145,10 +148,9 @@ Federation API server authentication should not accept cluster resources when th
|
||||
Federation API server authentication should not accept cluster resources when the client has no authentication credentials,nikhiljindal,1
|
||||
Federation apiserver Admission control should not be able to create resources if namespace does not exist,alex-mohr,1
|
||||
Federation apiserver Cluster objects should be created and deleted successfully,ghodss,1
|
||||
Federation daemonsets DaemonSet objects should be created and deleted successfully,soltysh,1
|
||||
Federation daemonsets DaemonSet objects should be created and deleted successfully,nikhiljindal,0
|
||||
Federation deployments Deployment objects should be created and deleted successfully,soltysh,1
|
||||
Federation deployments Federated Deployment should create and update matching deployments in underling clusters,soltysh,1
|
||||
Federation daemonsets DaemonSet objects should be created and deleted successfully,nikhiljindal,0
|
||||
Federation events Event objects should be created and deleted successfully,karlkfi,1
|
||||
Federation namespace Namespace objects all resources in the namespace should be deleted when namespace is deleted,nikhiljindal,0
|
||||
Federation namespace Namespace objects should be created and deleted successfully,xiang90,1
|
||||
@ -159,6 +161,8 @@ Federation replicasets ReplicaSet objects should be created and deleted successf
|
||||
Federation secrets Secret objects should be created and deleted successfully,pmorie,1
|
||||
Federation secrets Secret objects should be deleted from underlying clusters when OrphanDependents is false,nikhiljindal,0
|
||||
Federation secrets Secret objects should not be deleted from underlying clusters when OrphanDependents is true,nikhiljindal,0
|
||||
GCP Volumes GlusterFS should be mountable,rkouj,0
|
||||
GCP Volumes NFSv4 should be mountable for NFSv4,rkouj,0
|
||||
GKE local SSD should write and read from node local SSD,fabioy,0
|
||||
GKE node pools should create a cluster with multiple node pools,fabioy,1
|
||||
Garbage collector should delete pods created by rc when not orphaning,justinsb,1
|
||||
@ -166,7 +170,8 @@ Garbage collector should orphan pods created by rc if delete options say so,fabi
|
||||
Garbage collector should orphan pods created by rc if deleteOptions.OrphanDependents is nil,zmerlynn,1
|
||||
"Generated release_1_5 clientset should create pods, delete pods, watch pods",ghodss,1
|
||||
"Generated release_1_5 clientset should create v2alpha1 cronJobs, delete cronJobs, watch cronJobs",soltysh,1
|
||||
HA-master pods survive addition/removal,roberthbailey,1
|
||||
HA-master pods survive addition/removal different zones,rkouj,0
|
||||
HA-master pods survive addition/removal same zone,rkouj,0
|
||||
Hazelcast should create and scale hazelcast,mikedanese,1
|
||||
Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 1 pod to 3 pods and from 3 to 5,jszczepkowski,0
|
||||
Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 5 pods to 3 pods and from 3 to 1,jszczepkowski,0
|
||||
@ -398,6 +403,7 @@ SchedulerPredicates validates that required NodeAffinity setting is respected if
|
||||
SchedulerPredicates validates that taints-tolerations is respected if matching,jlowdermilk,1
|
||||
SchedulerPredicates validates that taints-tolerations is respected if not matching,derekwaynecarr,1
|
||||
Secret should create a pod that reads a secret,luxas,1
|
||||
Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace,rkouj,0
|
||||
Secrets should be consumable from pods in env vars,mml,1
|
||||
Secrets should be consumable from pods in volume,ghodss,1
|
||||
Secrets should be consumable from pods in volume with defaultMode set,derekwaynecarr,1
|
||||
@ -658,7 +664,7 @@ k8s.io/kubernetes/pkg/kubelet/qos,vishh,0
|
||||
k8s.io/kubernetes/pkg/kubelet/rkt,apelisse,1
|
||||
k8s.io/kubernetes/pkg/kubelet/rktshim,mml,1
|
||||
k8s.io/kubernetes/pkg/kubelet/server,timstclair,0
|
||||
k8s.io/kubernetes/pkg/kubelet/server/portforward,caesarxuchao,1
|
||||
k8s.io/kubernetes/pkg/kubelet/server/portforward,rkouj,0
|
||||
k8s.io/kubernetes/pkg/kubelet/server/stats,timstclair,0
|
||||
k8s.io/kubernetes/pkg/kubelet/server/streaming,caesarxuchao,1
|
||||
k8s.io/kubernetes/pkg/kubelet/status,mwielgus,1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user