mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-19 09:52:49 +00:00
197 lines
6.4 KiB
Bash
Executable File
197 lines
6.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Copyright 2014 The Kubernetes Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# This command checks that the built commands can function together for
|
|
# simple scenarios. It does not require Docker.
|
|
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
|
|
# start the cache mutation detector by default so that cache mutators will be found
|
|
KUBE_CACHE_MUTATION_DETECTOR="${KUBE_CACHE_MUTATION_DETECTOR:-true}"
|
|
export KUBE_CACHE_MUTATION_DETECTOR
|
|
|
|
# panic the server on watch decode errors since they are considered coder mistakes
|
|
KUBE_PANIC_WATCH_DECODE_ERROR="${KUBE_PANIC_WATCH_DECODE_ERROR:-true}"
|
|
export KUBE_PANIC_WATCH_DECODE_ERROR
|
|
|
|
KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
|
|
source "${KUBE_ROOT}/hack/lib/init.sh"
|
|
source "${KUBE_ROOT}/hack/lib/test.sh"
|
|
source "${KUBE_ROOT}/test/cmd/legacy-script.sh"
|
|
|
|
# setup envs for TokenRequest required flags
|
|
SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-true}
|
|
SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-/tmp/kube-serviceaccount.key}
|
|
# Generate ServiceAccount key if needed
|
|
if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
|
|
mkdir -p "$(dirname "${SERVICE_ACCOUNT_KEY}")"
|
|
openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
|
|
fi
|
|
|
|
# Runs kube-apiserver
|
|
#
|
|
# Exports:
|
|
# APISERVER_PID
|
|
function run_kube_apiserver() {
|
|
kube::log::status "Building kube-apiserver"
|
|
make -C "${KUBE_ROOT}" WHAT="cmd/kube-apiserver"
|
|
|
|
# Start kube-apiserver
|
|
kube::log::status "Starting kube-apiserver"
|
|
|
|
# Admission Controllers to invoke prior to persisting objects in cluster
|
|
ENABLE_ADMISSION_PLUGINS="LimitRanger,ResourceQuota"
|
|
DISABLE_ADMISSION_PLUGINS="ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,StorageObjectInUseProtection"
|
|
|
|
# Include RBAC (to exercise bootstrapping), and AlwaysAllow to allow all actions
|
|
AUTHORIZATION_MODE="RBAC,AlwaysAllow"
|
|
|
|
# Enable features
|
|
ENABLE_FEATURE_GATES=""
|
|
|
|
"${KUBE_OUTPUT_HOSTBIN}/kube-apiserver" \
|
|
--bind-address="127.0.0.1" \
|
|
--authorization-mode="${AUTHORIZATION_MODE}" \
|
|
--secure-port="${SECURE_API_PORT}" \
|
|
--feature-gates="${ENABLE_FEATURE_GATES}" \
|
|
--enable-admission-plugins="${ENABLE_ADMISSION_PLUGINS}" \
|
|
--disable-admission-plugins="${DISABLE_ADMISSION_PLUGINS}" \
|
|
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
|
|
--runtime-config=api/v1 \
|
|
--service-account-key-file="${SERVICE_ACCOUNT_KEY}" \
|
|
--service-account-lookup="${SERVICE_ACCOUNT_LOOKUP}" \
|
|
--service-account-issuer="https://kubernetes.default.svc" \
|
|
--service-account-signing-key-file="${SERVICE_ACCOUNT_KEY}" \
|
|
--storage-media-type="${KUBE_TEST_API_STORAGE_TYPE-}" \
|
|
--cert-dir="${TMPDIR:-/tmp/}" \
|
|
--service-cluster-ip-range="10.0.0.0/24" \
|
|
--client-ca-file=hack/testdata/ca/ca.crt \
|
|
--token-auth-file=hack/testdata/auth-tokens.csv 1>&2 &
|
|
export APISERVER_PID=$!
|
|
|
|
kube::util::wait_for_url_with_bearer_token "https://127.0.0.1:${SECURE_API_PORT}/healthz" "admin-token" "apiserver"
|
|
}
|
|
|
|
# Runs run_kube_controller_manager
|
|
#
|
|
# Exports:
|
|
# CTLRMGR_PID
|
|
function run_kube_controller_manager() {
|
|
kube::log::status "Building kube-controller-manager"
|
|
make -C "${KUBE_ROOT}" WHAT="cmd/kube-controller-manager"
|
|
|
|
# Start controller manager
|
|
kube::log::status 'Generate kubeconfig for controller-manager'
|
|
local config
|
|
config="$(mktemp controller-manager.kubeconfig.XXXXX)"
|
|
cat <<EOF > "$config"
|
|
kind: Config
|
|
users:
|
|
- name: controller-manager
|
|
user:
|
|
token: admin-token
|
|
clusters:
|
|
- cluster:
|
|
server: https://127.0.0.1:${SECURE_API_PORT}
|
|
insecure-skip-tls-verify: true
|
|
name: local
|
|
contexts:
|
|
- context:
|
|
cluster: local
|
|
user: controller-manager
|
|
name: local-context
|
|
current-context: local-context
|
|
EOF
|
|
|
|
kube::log::status "Starting controller-manager"
|
|
"${KUBE_OUTPUT_HOSTBIN}/kube-controller-manager" \
|
|
--kube-api-content-type="${KUBE_TEST_API_TYPE-}" \
|
|
--cluster-signing-cert-file=hack/testdata/ca/ca.crt \
|
|
--cluster-signing-key-file=hack/testdata/ca/ca.key \
|
|
--kubeconfig="${config}" 1>&2 &
|
|
export CTLRMGR_PID=$!
|
|
|
|
kube::util::wait_for_url "https://127.0.0.1:${SECURE_CTLRMGR_PORT}/healthz" "controller-manager"
|
|
}
|
|
|
|
# Creates a node object with name 127.0.0.1. This is required because we do not
|
|
# run kubelet.
|
|
#
|
|
# An arbitrary annotation is needed to ensure field managers are saved on the
|
|
# object. Without it, we would be creating an empty object and because status
|
|
# and name get wiped, there were be no field managers tracking any fields.
|
|
#
|
|
# Exports:
|
|
# SUPPORTED_RESOURCES(Array of all resources supported by the apiserver).
|
|
function create_node() {
|
|
kubectl create -f - << __EOF__
|
|
{
|
|
"kind": "Node",
|
|
"apiVersion": "v1",
|
|
"metadata": {
|
|
"name": "127.0.0.1",
|
|
"annotations": {
|
|
"save-managers": "true"
|
|
}
|
|
},
|
|
"status": {
|
|
"capacity": {
|
|
"memory": "1Gi"
|
|
}
|
|
}
|
|
}
|
|
__EOF__
|
|
}
|
|
|
|
# Run it if:
|
|
# 1) $WHAT is empty
|
|
# 2) $WHAT is not empty and kubeadm is part of $WHAT
|
|
WHAT=${WHAT:-}
|
|
if [[ ${WHAT} == "" || ${WHAT} =~ .*kubeadm.* ]] ; then
|
|
kube::log::status "Running kubeadm tests"
|
|
|
|
# build kubeadm
|
|
make all -C "${KUBE_ROOT}" WHAT=cmd/kubeadm
|
|
# unless the user sets KUBEADM_PATH, assume that "make all..." just built it
|
|
export KUBEADM_PATH="${KUBEADM_PATH:=$(kube::realpath "${KUBE_ROOT}")/_output/local/go/bin/kubeadm}"
|
|
# invoke the tests
|
|
make -C "${KUBE_ROOT}" test \
|
|
WHAT=k8s.io/kubernetes/cmd/kubeadm/test/cmd \
|
|
KUBE_TIMEOUT=--timeout=240s \
|
|
KUBE_RACE=""
|
|
|
|
# if we ONLY want to run kubeadm, then exit here.
|
|
if [[ ${WHAT} == "kubeadm" ]]; then
|
|
kube::log::status "TESTS PASSED"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
kube::log::status "Running kubectl tests for kube-apiserver"
|
|
|
|
setup
|
|
run_kube_apiserver
|
|
run_kube_controller_manager
|
|
create_node
|
|
export SUPPORTED_RESOURCES=("*")
|
|
# WARNING: Do not wrap this call in a subshell to capture output, e.g. output=$(runTests)
|
|
# Doing so will suppress errexit behavior inside runTests
|
|
runTests
|
|
|
|
kube::log::status "TESTS PASSED"
|