From a1d2df81fb3292ccf1ef97719ae83eaaf4ae1da1 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 17 Oct 2023 21:33:02 +0900 Subject: [PATCH] e2e: add [Environment:NotInUserNS] tag to sysctl tests The sysctl tests have to be skipped when the node components are running in UserNS, because the tests fail due to `open /proc/sys/kernel/shm_rmid_forced: permission denied` (as expected). Can be verified with Rootless kind (https://kind.sigs.k8s.io/docs/user/rootless/): ``` dockerd-rootless-setuptool.sh install : The following steps are added because 'kubetest2 kind --build' does not seem to build e2e.test and ginkgo make WHAT=test/e2e/e2e.test make ginkgo cp -f _output/bin/{e2e.test,ginkgo} _output/dockerized/bin/linux/amd64 kubetest2 kind --build --up --down --test=ginkgo -- \ --use-built-binaries \ --focus-regex='\[NodeConformance\]' \ --skip-regex='\[Environment:NotInUserNS\]' ``` Test with the following host environment: - kubernetes-sigs/kind@ac28d7fb19b4f353369d889b3900a7a9dd46f4c1 (main) - kubernetes-sigs/kubetest2@89f09b65e8dd756e57eec8650a789ea67ff07917 (master) - Docker 24.0.6 - Ubuntu 22.04 amd64, kernel 5.15 Signed-off-by: Akihiro Suda --- test/conformance/testdata/conformance.yaml | 5 +++-- test/e2e/common/node/sysctl.go | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/test/conformance/testdata/conformance.yaml b/test/conformance/testdata/conformance.yaml index 494e358a2c1..b1fe237ca41 100755 --- a/test/conformance/testdata/conformance.yaml +++ b/test/conformance/testdata/conformance.yaml @@ -2466,10 +2466,11 @@ file: test/e2e/common/node/sysctl.go - testname: Sysctl, test sysctls codename: '[sig-node] Sysctls [LinuxOnly] [NodeConformance] should support sysctls - [MinimumKubeletVersion:1.21] [Conformance]' + [MinimumKubeletVersion:1.21] [Environment:NotInUserNS] [Conformance]' description: 'Pod is created with kernel.shm_rmid_forced sysctl. Kernel.shm_rmid_forced must be set to 1 [LinuxOnly]: This test is marked as LinuxOnly since Windows does - not support sysctls' + not support sysctls [Environment:NotInUserNS]: The test fails in UserNS (as expected): + `open /proc/sys/kernel/shm_rmid_forced: permission denied`' release: v1.21 file: test/e2e/common/node/sysctl.go - testname: Environment variables, expansion diff --git a/test/e2e/common/node/sysctl.go b/test/e2e/common/node/sysctl.go index 438590bc4b2..1de5be72722 100644 --- a/test/e2e/common/node/sysctl.go +++ b/test/e2e/common/node/sysctl.go @@ -73,8 +73,9 @@ var _ = SIGDescribe("Sysctls [LinuxOnly] [NodeConformance]", func() { Testname: Sysctl, test sysctls Description: Pod is created with kernel.shm_rmid_forced sysctl. Kernel.shm_rmid_forced must be set to 1 [LinuxOnly]: This test is marked as LinuxOnly since Windows does not support sysctls + [Environment:NotInUserNS]: The test fails in UserNS (as expected): `open /proc/sys/kernel/shm_rmid_forced: permission denied` */ - framework.ConformanceIt("should support sysctls [MinimumKubeletVersion:1.21]", func(ctx context.Context) { + framework.ConformanceIt("should support sysctls [MinimumKubeletVersion:1.21] [Environment:NotInUserNS]", func(ctx context.Context) { pod := testPod() pod.Spec.SecurityContext = &v1.PodSecurityContext{ Sysctls: []v1.Sysctl{ @@ -182,8 +183,9 @@ var _ = SIGDescribe("Sysctls [LinuxOnly] [NodeConformance]", func() { Testname: Sysctl, test sysctls supports slashes Description: Pod is created with kernel/shm_rmid_forced sysctl. Support slashes as sysctl separator. The '/' separator is also accepted in place of a '.' [LinuxOnly]: This test is marked as LinuxOnly since Windows does not support sysctls + [Environment:NotInUserNS]: The test fails in UserNS (as expected): `open /proc/sys/kernel/shm_rmid_forced: permission denied` */ - ginkgo.It("should support sysctls with slashes as separator [MinimumKubeletVersion:1.23]", func(ctx context.Context) { + ginkgo.It("should support sysctls with slashes as separator [MinimumKubeletVersion:1.23] [Environment:NotInUserNS]", func(ctx context.Context) { pod := testPod() pod.Spec.SecurityContext = &v1.PodSecurityContext{ Sysctls: []v1.Sysctl{