github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #67071 from mgdevstack/master-secretvolume-nodeconformance

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 67071, 66906, 66722, 67276, 67039). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Promoting "[sig-storage] Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace" to Conformance

**What this PR does / why we need it**:
An consolidated effort to resolve the issue https://github.com/kubernetes/kubernetes/issues/66875
> _[sig-storage] Secrets   should be able to mount in a volume regardless of a different secret existing with same name in different namespace_

Promoting mentioned e2e test for Conformance as it -
- Validates that secret with same name can be created in different namespaces but secrets which reside in same namespace as that of pod can be only be accessed from volume mounted in the container.
- Improves api coverage including prioritized Pod API lists. https://github.com/cncf/k8s-conformance/issues/220#issuecomment-393344061

> GET /api/v1/namespaces/{namespace}/pods/{name}/log
GET /api/v1/namespaces/{namespace}/pods
GET /api/v1/namespaces/{namespace}/pods/{name}
POST /api/v1/namespaces/{namespace}/pods
PUT /api/v1/namespaces/{namespace}/pods/{name}/status
DELETE /api/v1/namespaces/{namespace}/pods
DELETE /api/v1/namespaces/{namespace}/pods/{name}

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:
No Flakes Found.
```
• [SLOW TEST:16.326 seconds]
[sig-storage] Secrets
/home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:33
  should be able to mount in a volume regardless of a different secret existing with same name in different namespace [NodeConformance]
  /home/vagrant/go-workspace/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/secrets_volume.go:86
------------------------------
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
Aug  7 07:12:44.133: INFO: Running AfterSuite actions on all node
Aug  7 07:12:44.134: INFO: Running AfterSuite actions on node 1

Ran 1 of 1020 Specs in 16.441 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 1019 Skipped PASS

All tests passed...
Will keep running them until they fail.
This was attempt #40
No, seriously... you can probably stop now.
```

**Release note**:

```release-note
NONE
```
/area conformance
@kubernetes/sig-node-pr-reviews
This commit is contained in:
Kubernetes Submit Queue 2018-08-14 22:43:15 -07:00 committed by GitHub
commit f9d63000a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/conformance/testdata/conformance.txt vendored
View File

@ -137,6 +137,7 @@ test/e2e/common/secrets_volume.go: "should be consumable from pods in volume wit
test/e2e/common/secrets_volume.go: "should be consumable from pods in volume as non-root with defaultMode and fsGroup set"
test/e2e/common/secrets_volume.go: "should be consumable from pods in volume with mappings"
test/e2e/common/secrets_volume.go: "should be consumable from pods in volume with mappings and Item Mode set"
test/e2e/common/secrets_volume.go: "should be able to mount in a volume regardless of a different secret existing with same name in different namespace"
test/e2e/common/secrets_volume.go: "should be consumable in multiple volumes in a pod"
test/e2e/common/secrets_volume.go: "optional updates should be reflected in volume"
test/e2e/kubectl/kubectl.go: "should create and stop a replication controller"

7
test/e2e/common/secrets_volume.go
View File

@ -83,7 +83,12 @@ var _ = Describe("[sig-storage] Secrets", func() {
doSecretE2EWithMapping(f, &mode)
})
It("should be able to mount in a volume regardless of a different secret existing with same name in different namespace [NodeConformance]", func() {
/*
Release : v1.12
Testname: Secrets Volume, volume mode default, secret with same name in different namespace
Description: Create a secret with same name in two namespaces. Create a Pod with secret volume source configured into the container. Pod MUST be able to read the secrets from the mounted volume from the container runtime and only secrets which are associated with namespace where pod is created. The file mode of the secret MUST be -rw-r--r-- by default.
*/
framework.ConformanceIt("should be able to mount in a volume regardless of a different secret existing with same name in different namespace [NodeConformance]", func() {
var (
namespace2 *v1.Namespace
err error