From 2bbba1f6629996b721b3077067050c2f98ff4737 Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Thu, 26 Oct 2017 20:55:13 +0800 Subject: [PATCH] Add node e2e tests for pulling images from credential providers --- test/e2e_node/runtime_conformance_test.go | 28 +++++++++++++++++++---- test/e2e_node/services/kubelet.go | 6 ++--- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/test/e2e_node/runtime_conformance_test.go b/test/e2e_node/runtime_conformance_test.go index 5e3ab6b7b30..7e76778a432 100644 --- a/test/e2e_node/runtime_conformance_test.go +++ b/test/e2e_node/runtime_conformance_test.go @@ -18,13 +18,17 @@ package e2e_node import ( "fmt" + "io/ioutil" + "os" "path" + "path/filepath" "time" "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/kubernetes/pkg/kubelet/images" "k8s.io/kubernetes/test/e2e/framework" + "k8s.io/kubernetes/test/e2e_node/services" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -256,11 +260,12 @@ while true; do sleep 1; done // testing image pulling, these images don't need to be prepulled. The ImagePullPolicy // is v1.PullAlways, so it won't be blocked by framework image white list check. for _, testCase := range []struct { - description string - image string - secret bool - phase v1.PodPhase - waiting bool + description string + image string + secret bool + credentialProvider bool + phase v1.PodPhase + waiting bool }{ { description: "should not be able to pull image from invalid registry", @@ -299,6 +304,13 @@ while true; do sleep 1; done phase: v1.PodRunning, waiting: false, }, + { + description: "should be able to pull from private registry with credential provider", + image: "gcr.io/authenticated-image-pulling/alpine:3.1", + credentialProvider: true, + phase: v1.PodRunning, + waiting: false, + }, } { testCase := testCase It(testCase.description+" [Conformance]", func() { @@ -323,6 +335,12 @@ while true; do sleep 1; done defer f.ClientSet.Core().Secrets(f.Namespace.Name).Delete(secret.Name, nil) container.ImagePullSecrets = []string{secret.Name} } + if testCase.credentialProvider { + configFile := filepath.Join(services.KubeletRootDirectory, "config.json") + err := ioutil.WriteFile(configFile, []byte(auth), 0644) + Expect(err).NotTo(HaveOccurred()) + defer os.Remove(configFile) + } // checkContainerStatus checks whether the container status matches expectation. checkContainerStatus := func() error { status, err := container.GetStatus() diff --git a/test/e2e_node/services/kubelet.go b/test/e2e_node/services/kubelet.go index 3db592750af..0e655349075 100644 --- a/test/e2e_node/services/kubelet.go +++ b/test/e2e_node/services/kubelet.go @@ -85,7 +85,7 @@ const ( // Ports of different e2e services. kubeletPort = "10250" kubeletReadOnlyPort = "10255" - kubeletRootDirectory = "/var/lib/kubelet" + KubeletRootDirectory = "/var/lib/kubelet" // Health check url of kubelet kubeletHealthCheckURL = "http://127.0.0.1:" + kubeletReadOnlyPort + "/healthz" ) @@ -110,7 +110,7 @@ func (e *E2EServices) startKubelet() (*server, error) { return nil, err } e.rmDirs = append(e.rmDirs, manifestPath) - err = createRootDirectory(kubeletRootDirectory) + err = createRootDirectory(KubeletRootDirectory) if err != nil { return nil, err } @@ -151,7 +151,7 @@ func (e *E2EServices) startKubelet() (*server, error) { "--address", "0.0.0.0", "--port", kubeletPort, "--read-only-port", kubeletReadOnlyPort, - "--root-dir", kubeletRootDirectory, + "--root-dir", KubeletRootDirectory, "--volume-stats-agg-period", "10s", // Aggregate volumes frequently so tests don't need to wait as long "--allow-privileged", "true", "--serialize-image-pulls", "false",