github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

e2e SecurityContext tests wrong volume dir

Browse Source 
The volume directory is not guaranteed to be /var/lib/kubelet
for a conforming implementation of Kubernetes.  Add --volume-dir
and an internal shim
This commit is contained in:
Clayton Coleman 2016-02-07 15:20:32 -05:00
parent c26087db45
commit e8cbb762e2
4 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hack/verify-flags/known-flags.txt
View File

@ -364,6 +364,7 @@ upgrade-target
use-kubernetes-cluster-service
user-whitelist
verify-only
volume-dir
volume-plugin-dir
volume-stats-agg-period
watch-cache

1
test/e2e/e2e.go
View File

@ -63,6 +63,7 @@ func RegisterFlags() {
flag.StringVar(&testContext.KubeConfig, clientcmd.RecommendedConfigPathFlag, "", "Path to kubeconfig containing embedded authinfo.")
flag.StringVar(&testContext.KubeContext, clientcmd.FlagContext, "", "kubeconfig context to use/override. If unset, will use value from 'current-context'")
flag.StringVar(&testContext.KubeVolumeDir, "volume-dir", "/var/lib/kubelet", "Path to the directory containing the kubelet volumes.")
flag.StringVar(&testContext.CertDir, "cert-dir", "", "Path to the directory containing the certs. Default is empty, which doesn't use certs.")
flag.StringVar(&testContext.Host, "host", "", "The host, or apiserver, to connect to")
flag.StringVar(&testContext.RepoRoot, "repo-root", "../../", "Root directory of kubernetes repository, for finding test files.")

4
test/e2e/security_context.go
View File

@ -154,8 +154,8 @@ func testPodSELinuxLabeling(framework *Framework, hostIPC bool, hostPID bool) {
// Confirm that the file can be accessed from a second
// pod using host_path with the same MCS label
volumeHostPath := fmt.Sprintf("/var/lib/kubelet/pods/%s/volumes/kubernetes.io~empty-dir/%s", foundPod.UID, volumeName)
By("confirming a container with the same label can read the file")
volumeHostPath := fmt.Sprintf("%s/pods/%s/volumes/kubernetes.io~empty-dir/%s", testContext.KubeVolumeDir, foundPod.UID, volumeName)
By(fmt.Sprintf("confirming a container with the same label can read the file under --volume-dir=%s", testContext.KubeVolumeDir))
pod = scTestPod(hostIPC, hostPID)
pod.Spec.NodeName = foundPod.Spec.NodeName
volumeMounts := []api.VolumeMount{

1
test/e2e/util.go
View File

@ -139,6 +139,7 @@ var runId = util.NewUUID()
type TestContextType struct {
KubeConfig string
KubeContext string
KubeVolumeDir string
CertDir string
Host string
RepoRoot string