diff --git a/test/e2e_node/builder/build.go b/test/e2e_node/builder/build.go index 33699358b58..afaf3341ba0 100644 --- a/test/e2e_node/builder/build.go +++ b/test/e2e_node/builder/build.go @@ -35,6 +35,7 @@ var buildTargets = []string{ "test/e2e_node/e2e_node.test", "vendor/github.com/onsi/ginkgo/ginkgo", "cluster/gce/gci/mounter", + "cluster/gce/gci/credential-provider", } // BuildGo builds k8s binaries. diff --git a/test/e2e_node/remote/node_e2e.go b/test/e2e_node/remote/node_e2e.go index 4ebd1859554..ab8f40beeb0 100644 --- a/test/e2e_node/remote/node_e2e.go +++ b/test/e2e_node/remote/node_e2e.go @@ -60,7 +60,7 @@ func (n *NodeE2ERemote) SetupTestPackage(tardir, systemSpecName string) error { } // Copy binaries - requiredBins := []string{"kubelet", "e2e_node.test", "ginkgo", "mounter"} + requiredBins := []string{"kubelet", "e2e_node.test", "ginkgo", "mounter", "credential-provider"} for _, bin := range requiredBins { source := filepath.Join(buildOutputDir, bin) if _, err := os.Stat(source); err != nil { @@ -102,6 +102,16 @@ func prependMemcgNotificationFlag(args string) string { return "--kubelet-flags=--kernel-memcg-notification=true " + args } +// prependGCPCredentialProviderFlag prepends the flags for enabling +// a credential provider plugin. +func prependGCPCredentialProviderFlag(args, workspace string) string { + credentialProviderConfig := filepath.Join(workspace, "credential-provider.yaml") + disableIntreeCredentialProviderFlag := "--kubelet-flags=--feature-gates=DisableKubeletCloudCredentialProviders=true" + configFlag := fmt.Sprintf("--kubelet-flags=--image-credential-provider-config=%s", credentialProviderConfig) + binFlag := fmt.Sprintf("--kubelet-flags=--image-credential-provider-bin-dir=%s", workspace) + return fmt.Sprintf("%s %s %s %s", disableIntreeCredentialProviderFlag, configFlag, binFlag, args) +} + // osSpecificActions takes OS specific actions required for the node tests func osSpecificActions(args, host, workspace string) (string, error) { output, err := getOSDistribution(host) @@ -114,6 +124,7 @@ func osSpecificActions(args, host, workspace string) (string, error) { return args, setKubeletSELinuxLabels(host, workspace) case strings.Contains(output, "gci"), strings.Contains(output, "cos"): args = prependMemcgNotificationFlag(args) + args = prependGCPCredentialProviderFlag(args, workspace) return prependCOSMounterFlag(args, host, workspace) case strings.Contains(output, "ubuntu"): return prependMemcgNotificationFlag(args), nil @@ -166,6 +177,11 @@ func (n *NodeE2ERemote) RunTest(host, workspace, results, imageDesc, junitFilePr return "", err } + // Install the kubelet credential provider plugin + if err := configureCredentialProvider(host, workspace); err != nil { + return "", err + } + // Kill any running node processes cleanupNodeProcesses(host) diff --git a/test/e2e_node/remote/utils.go b/test/e2e_node/remote/utils.go index 044a3e838bb..48408929574 100644 --- a/test/e2e_node/remote/utils.go +++ b/test/e2e_node/remote/utils.go @@ -48,6 +48,16 @@ const cniConfig = `{ } ` +const credentialProviderConfig = `kind: CredentialProviderConfig +apiVersion: kubelet.config.k8s.io/v1alpha1 +providers: + - name: credential-provider + apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1 + matchImages: + - "gcr.io" + - "*.gcr.io" + defaultCacheDuration: 1m` + // Install the cni plugin and add basic bridge configuration to the // configuration directory. func setupCNI(host, workspace string) error { @@ -76,6 +86,19 @@ func setupCNI(host, workspace string) error { return nil } +func configureCredentialProvider(host, workspace string) error { + klog.V(2).Infof("Configuring kubelet credential provider on %q", host) + + cmd := getSSHCommand(" ; ", + fmt.Sprintf("echo %s > %s", quote(credentialProviderConfig), filepath.Join(workspace, "credential-provider.yaml")), + ) + if output, err := SSH(host, "sh", "-c", cmd); err != nil { + return fmt.Errorf("failed to write credential provider configuration on %q: %v output: %q", host, err, output) + } + + return nil +} + // configureFirewall configures iptable firewall rules. func configureFirewall(host string) error { klog.V(2).Infof("Configure iptables firewall rules on %q", host)