Home Esplora Aiuto
Accedi
tzeneto
/
custom-kube-scheduler
Segui 1
Vota 0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): 7e8b047bed
Rami (Branch) Tag
custom-kube-...
/
kubernetes
/
pkg
/
kubelet
/
kuberuntime
/
kuberuntime_container_linux_test.go

kuberuntime_container_linux_test.go 10 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370 
  1. // +build linux
    2. 

  2. 

  3. /*
    4. 

  4. Copyright 2018 The Kubernetes Authors.
    5. 

  5. 

  6. Licensed under the Apache License, Version 2.0 (the "License");
    7. 

  7. you may not use this file except in compliance with the License.
    8. 

  8. You may obtain a copy of the License at
    9. 

  9. 

  10.     http://www.apache.org/licenses/LICENSE-2.0
    11. 

  11. 

  12. Unless required by applicable law or agreed to in writing, software
    13. 

  13. distributed under the License is distributed on an "AS IS" BASIS,
    14. 

  14. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15. 

  15. See the License for the specific language governing permissions and
    16. 

  16. limitations under the License.
    17. 

  17. */
    18. 

  18. 

  19. package kuberuntime
    20. 

  20. 

  21. import (
    22. 

  22. 	"reflect"
    23. 

  23. 	"testing"
    24. 

  24. 

  25. 	"github.com/google/go-cmp/cmp"
    26. 

  26. 	cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs"
    27. 

  27. 	"github.com/stretchr/testify/assert"
    28. 

  28. 	v1 "k8s.io/api/core/v1"
    29. 

  29. 	"k8s.io/apimachinery/pkg/api/resource"
    30. 

  30. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    31. 

  31. 	utilfeature "k8s.io/apiserver/pkg/util/feature"
    32. 

  32. 	featuregatetesting "k8s.io/component-base/featuregate/testing"
    33. 

  33. 	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
    34. 

  34. 	"k8s.io/kubernetes/pkg/features"
    35. 

  35. 	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
    36. 

  36. )
    37. 

  37. 

  38. func makeExpectedConfig(m *kubeGenericRuntimeManager, pod *v1.Pod, containerIndex int) *runtimeapi.ContainerConfig {
    39. 

  39. 	container := &pod.Spec.Containers[containerIndex]
    40. 

  40. 	podIP := ""
    41. 

  41. 	restartCount := 0
    42. 

  42. 	opts, _, _ := m.runtimeHelper.GenerateRunContainerOptions(pod, container, podIP, []string{podIP})
    43. 

  43. 	containerLogsPath := buildContainerLogsPath(container.Name, restartCount)
    44. 

  44. 	restartCountUint32 := uint32(restartCount)
    45. 

  45. 	envs := make([]*runtimeapi.KeyValue, len(opts.Envs))
    46. 

  46. 

  47. 	expectedConfig := &runtimeapi.ContainerConfig{
    48. 

  48. 		Metadata: &runtimeapi.ContainerMetadata{
    49. 

  49. 			Name:    container.Name,
    50. 

  50. 			Attempt: restartCountUint32,
    51. 

  51. 		},
    52. 

  52. 		Image:       &runtimeapi.ImageSpec{Image: container.Image},
    53. 

  53. 		Command:     container.Command,
    54. 

  54. 		Args:        []string(nil),
    55. 

  55. 		WorkingDir:  container.WorkingDir,
    56. 

  56. 		Labels:      newContainerLabels(container, pod),
    57. 

  57. 		Annotations: newContainerAnnotations(container, pod, restartCount, opts),
    58. 

  58. 		Devices:     makeDevices(opts),
    59. 

  59. 		Mounts:      m.makeMounts(opts, container),
    60. 

  60. 		LogPath:     containerLogsPath,
    61. 

  61. 		Stdin:       container.Stdin,
    62. 

  62. 		StdinOnce:   container.StdinOnce,
    63. 

  63. 		Tty:         container.TTY,
    64. 

  64. 		Linux:       m.generateLinuxContainerConfig(container, pod, new(int64), "", nil),
    65. 

  65. 		Envs:        envs,
    66. 

  66. 	}
    67. 

  67. 	return expectedConfig
    68. 

  68. }
    69. 

  69. 

  70. func TestGenerateContainerConfig(t *testing.T) {
    71. 

  71. 	_, imageService, m, err := createTestRuntimeManager()
    72. 

  72. 	assert.NoError(t, err)
    73. 

  73. 

  74. 	runAsUser := int64(1000)
    75. 

  75. 	runAsGroup := int64(2000)
    76. 

  76. 	pod := &v1.Pod{
    77. 

  77. 		ObjectMeta: metav1.ObjectMeta{
    78. 

  78. 			UID:       "12345678",
    79. 

  79. 			Name:      "bar",
    80. 

  80. 			Namespace: "new",
    81. 

  81. 		},
    82. 

  82. 		Spec: v1.PodSpec{
    83. 

  83. 			Containers: []v1.Container{
    84. 

  84. 				{
    85. 

  85. 					Name:            "foo",
    86. 

  86. 					Image:           "busybox",
    87. 

  87. 					ImagePullPolicy: v1.PullIfNotPresent,
    88. 

  88. 					Command:         []string{"testCommand"},
    89. 

  89. 					WorkingDir:      "testWorkingDir",
    90. 

  90. 					SecurityContext: &v1.SecurityContext{
    91. 

  91. 						RunAsUser:  &runAsUser,
    92. 

  92. 						RunAsGroup: &runAsGroup,
    93. 

  93. 					},
    94. 

  94. 				},
    95. 

  95. 			},
    96. 

  96. 		},
    97. 

  97. 	}
    98. 

  98. 

  99. 	expectedConfig := makeExpectedConfig(m, pod, 0)
    100. 

  100. 	containerConfig, _, err := m.generateContainerConfig(&pod.Spec.Containers[0], pod, 0, "", pod.Spec.Containers[0].Image, []string{}, nil)
    101. 

  101. 	assert.NoError(t, err)
    102. 

  102. 	assert.Equal(t, expectedConfig, containerConfig, "generate container config for kubelet runtime v1.")
    103. 

  103. 	assert.Equal(t, runAsUser, containerConfig.GetLinux().GetSecurityContext().GetRunAsUser().GetValue(), "RunAsUser should be set")
    104. 

  104. 	assert.Equal(t, runAsGroup, containerConfig.GetLinux().GetSecurityContext().GetRunAsGroup().GetValue(), "RunAsGroup should be set")
    105. 

  105. 

  106. 	runAsRoot := int64(0)
    107. 

  107. 	runAsNonRootTrue := true
    108. 

  108. 	podWithContainerSecurityContext := &v1.Pod{
    109. 

  109. 		ObjectMeta: metav1.ObjectMeta{
    110. 

  110. 			UID:       "12345678",
    111. 

  111. 			Name:      "bar",
    112. 

  112. 			Namespace: "new",
    113. 

  113. 		},
    114. 

  114. 		Spec: v1.PodSpec{
    115. 

  115. 			Containers: []v1.Container{
    116. 

  116. 				{
    117. 

  117. 					Name:            "foo",
    118. 

  118. 					Image:           "busybox",
    119. 

  119. 					ImagePullPolicy: v1.PullIfNotPresent,
    120. 

  120. 					Command:         []string{"testCommand"},
    121. 

  121. 					WorkingDir:      "testWorkingDir",
    122. 

  122. 					SecurityContext: &v1.SecurityContext{
    123. 

  123. 						RunAsNonRoot: &runAsNonRootTrue,
    124. 

  124. 						RunAsUser:    &runAsRoot,
    125. 

  125. 					},
    126. 

  126. 				},
    127. 

  127. 			},
    128. 

  128. 		},
    129. 

  129. 	}
    130. 

  130. 

  131. 	_, _, err = m.generateContainerConfig(&podWithContainerSecurityContext.Spec.Containers[0], podWithContainerSecurityContext, 0, "", podWithContainerSecurityContext.Spec.Containers[0].Image, []string{}, nil)
    132. 

  132. 	assert.Error(t, err)
    133. 

  133. 

  134. 	imageID, _ := imageService.PullImage(&runtimeapi.ImageSpec{Image: "busybox"}, nil, nil)
    135. 

  135. 	image, _ := imageService.ImageStatus(&runtimeapi.ImageSpec{Image: imageID})
    136. 

  136. 

  137. 	image.Uid = nil
    138. 

  138. 	image.Username = "test"
    139. 

  139. 

  140. 	podWithContainerSecurityContext.Spec.Containers[0].SecurityContext.RunAsUser = nil
    141. 

  141. 	podWithContainerSecurityContext.Spec.Containers[0].SecurityContext.RunAsNonRoot = &runAsNonRootTrue
    142. 

  142. 

  143. 	_, _, err = m.generateContainerConfig(&podWithContainerSecurityContext.Spec.Containers[0], podWithContainerSecurityContext, 0, "", podWithContainerSecurityContext.Spec.Containers[0].Image, []string{}, nil)
    144. 

  144. 	assert.Error(t, err, "RunAsNonRoot should fail for non-numeric username")
    145. 

  145. }
    146. 

  146. 

  147. func TestGetHugepageLimitsFromResources(t *testing.T) {
    148. 

  148. 	var baseHugepage []*runtimeapi.HugepageLimit
    149. 

  149. 

  150. 	// For each page size, limit to 0.
    151. 

  151. 	for _, pageSize := range cgroupfs.HugePageSizes {
    152. 

  152. 		baseHugepage = append(baseHugepage, &runtimeapi.HugepageLimit{
    153. 

  153. 			PageSize: pageSize,
    154. 

  154. 			Limit:    uint64(0),
    155. 

  155. 		})
    156. 

  156. 	}
    157. 

  157. 

  158. 	tests := []struct {
    159. 

  159. 		name      string
    160. 

  160. 		resources v1.ResourceRequirements
    161. 

  161. 		expected  []*runtimeapi.HugepageLimit
    162. 

  162. 	}{
    163. 

  163. 		{
    164. 

  164. 			name: "Success2MB",
    165. 

  165. 			resources: v1.ResourceRequirements{
    166. 

  166. 				Limits: v1.ResourceList{
    167. 

  167. 					"hugepages-2Mi": resource.MustParse("2Mi"),
    168. 

  168. 				},
    169. 

  169. 			},
    170. 

  170. 			expected: []*runtimeapi.HugepageLimit{
    171. 

  171. 				{
    172. 

  172. 					PageSize: "2MB",
    173. 

  173. 					Limit:    2097152,
    174. 

  174. 				},
    175. 

  175. 			},
    176. 

  176. 		},
    177. 

  177. 		{
    178. 

  178. 			name: "Success1GB",
    179. 

  179. 			resources: v1.ResourceRequirements{
    180. 

  180. 				Limits: v1.ResourceList{
    181. 

  181. 					"hugepages-1Gi": resource.MustParse("2Gi"),
    182. 

  182. 				},
    183. 

  183. 			},
    184. 

  184. 			expected: []*runtimeapi.HugepageLimit{
    185. 

  185. 				{
    186. 

  186. 					PageSize: "1GB",
    187. 

  187. 					Limit:    2147483648,
    188. 

  188. 				},
    189. 

  189. 			},
    190. 

  190. 		},
    191. 

  191. 		{
    192. 

  192. 			name: "Skip2MB",
    193. 

  193. 			resources: v1.ResourceRequirements{
    194. 

  194. 				Limits: v1.ResourceList{
    195. 

  195. 					"hugepages-2MB": resource.MustParse("2Mi"),
    196. 

  196. 				},
    197. 

  197. 			},
    198. 

  198. 			expected: []*runtimeapi.HugepageLimit{
    199. 

  199. 				{
    200. 

  200. 					PageSize: "2MB",
    201. 

  201. 					Limit:    0,
    202. 

  202. 				},
    203. 

  203. 			},
    204. 

  204. 		},
    205. 

  205. 		{
    206. 

  206. 			name: "Skip1GB",
    207. 

  207. 			resources: v1.ResourceRequirements{
    208. 

  208. 				Limits: v1.ResourceList{
    209. 

  209. 					"hugepages-1GB": resource.MustParse("2Gi"),
    210. 

  210. 				},
    211. 

  211. 			},
    212. 

  212. 			expected: []*runtimeapi.HugepageLimit{
    213. 

  213. 				{
    214. 

  214. 					PageSize: "1GB",
    215. 

  215. 					Limit:    0,
    216. 

  216. 				},
    217. 

  217. 			},
    218. 

  218. 		},
    219. 

  219. 		{
    220. 

  220. 			name: "Success2MBand1GB",
    221. 

  221. 			resources: v1.ResourceRequirements{
    222. 

  222. 				Limits: v1.ResourceList{
    223. 

  223. 					v1.ResourceName(v1.ResourceCPU): resource.MustParse("0"),
    224. 

  224. 					"hugepages-2Mi":                 resource.MustParse("2Mi"),
    225. 

  225. 					"hugepages-1Gi":                 resource.MustParse("2Gi"),
    226. 

  226. 				},
    227. 

  227. 			},
    228. 

  228. 			expected: []*runtimeapi.HugepageLimit{
    229. 

  229. 				{
    230. 

  230. 					PageSize: "2MB",
    231. 

  231. 					Limit:    2097152,
    232. 

  232. 				},
    233. 

  233. 				{
    234. 

  234. 					PageSize: "1GB",
    235. 

  235. 					Limit:    2147483648,
    236. 

  236. 				},
    237. 

  237. 			},
    238. 

  238. 		},
    239. 

  239. 		{
    240. 

  240. 			name: "Skip2MBand1GB",
    241. 

  241. 			resources: v1.ResourceRequirements{
    242. 

  242. 				Limits: v1.ResourceList{
    243. 

  243. 					v1.ResourceName(v1.ResourceCPU): resource.MustParse("0"),
    244. 

  244. 					"hugepages-2MB":                 resource.MustParse("2Mi"),
    245. 

  245. 					"hugepages-1GB":                 resource.MustParse("2Gi"),
    246. 

  246. 				},
    247. 

  247. 			},
    248. 

  248. 			expected: []*runtimeapi.HugepageLimit{
    249. 

  249. 				{
    250. 

  250. 					PageSize: "2MB",
    251. 

  251. 					Limit:    0,
    252. 

  252. 				},
    253. 

  253. 				{
    254. 

  254. 					PageSize: "1GB",
    255. 

  255. 					Limit:    0,
    256. 

  256. 				},
    257. 

  257. 			},
    258. 

  258. 		},
    259. 

  259. 	}
    260. 

  260. 

  261. 	for _, test := range tests {
    262. 

  262. 		// Validate if machine supports hugepage size that used in test case.
    263. 

  263. 		machineHugepageSupport := true
    264. 

  264. 		for _, hugepageLimit := range test.expected {
    265. 

  265. 			hugepageSupport := false
    266. 

  266. 			for _, pageSize := range cgroupfs.HugePageSizes {
    267. 

  267. 				if pageSize == hugepageLimit.PageSize {
    268. 

  268. 					hugepageSupport = true
    269. 

  269. 					break
    270. 

  270. 				}
    271. 

  271. 			}
    272. 

  272. 

  273. 			if !hugepageSupport {
    274. 

  274. 				machineHugepageSupport = false
    275. 

  275. 				break
    276. 

  276. 			}
    277. 

  277. 		}
    278. 

  278. 

  279. 		// Case of machine can't support hugepage size
    280. 

  280. 		if !machineHugepageSupport {
    281. 

  281. 			continue
    282. 

  282. 		}
    283. 

  283. 

  284. 		expectedHugepages := baseHugepage
    285. 

  285. 		for _, hugepage := range test.expected {
    286. 

  286. 			for _, expectedHugepage := range expectedHugepages {
    287. 

  287. 				if expectedHugepage.PageSize == hugepage.PageSize {
    288. 

  288. 					expectedHugepage.Limit = hugepage.Limit
    289. 

  289. 				}
    290. 

  290. 			}
    291. 

  291. 		}
    292. 

  292. 

  293. 		results := GetHugepageLimitsFromResources(test.resources)
    294. 

  294. 		if !reflect.DeepEqual(expectedHugepages, results) {
    295. 

  295. 			t.Errorf("%s test failed. Expected %v but got %v", test.name, expectedHugepages, results)
    296. 

  296. 		}
    297. 

  297. 

  298. 		for _, hugepage := range baseHugepage {
    299. 

  299. 			hugepage.Limit = uint64(0)
    300. 

  300. 		}
    301. 

  301. 	}
    302. 

  302. }
    303. 

  303. 

  304. func TestGenerateLinuxContainerConfigNamespaces(t *testing.T) {
    305. 

  305. 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.EphemeralContainers, true)()
    306. 

  306. 	_, _, m, err := createTestRuntimeManager()
    307. 

  307. 	if err != nil {
    308. 

  308. 		t.Fatalf("error creating test RuntimeManager: %v", err)
    309. 

  309. 	}
    310. 

  310. 

  311. 	for _, tc := range []struct {
    312. 

  312. 		name   string
    313. 

  313. 		pod    *v1.Pod
    314. 

  314. 		target *kubecontainer.ContainerID
    315. 

  315. 		want   *runtimeapi.NamespaceOption
    316. 

  316. 	}{
    317. 

  317. 		{
    318. 

  318. 			"Default namespaces",
    319. 

  319. 			&v1.Pod{
    320. 

  320. 				Spec: v1.PodSpec{
    321. 

  321. 					Containers: []v1.Container{
    322. 

  322. 						{Name: "test"},
    323. 

  323. 					},
    324. 

  324. 				},
    325. 

  325. 			},
    326. 

  326. 			nil,
    327. 

  327. 			&runtimeapi.NamespaceOption{
    328. 

  328. 				Pid: runtimeapi.NamespaceMode_CONTAINER,
    329. 

  329. 			},
    330. 

  330. 		},
    331. 

  331. 		{
    332. 

  332. 			"PID Namespace POD",
    333. 

  333. 			&v1.Pod{
    334. 

  334. 				Spec: v1.PodSpec{
    335. 

  335. 					Containers: []v1.Container{
    336. 

  336. 						{Name: "test"},
    337. 

  337. 					},
    338. 

  338. 					ShareProcessNamespace: &[]bool{true}[0],
    339. 

  339. 				},
    340. 

  340. 			},
    341. 

  341. 			nil,
    342. 

  342. 			&runtimeapi.NamespaceOption{
    343. 

  343. 				Pid: runtimeapi.NamespaceMode_POD,
    344. 

  344. 			},
    345. 

  345. 		},
    346. 

  346. 		{
    347. 

  347. 			"PID Namespace TARGET",
    348. 

  348. 			&v1.Pod{
    349. 

  349. 				Spec: v1.PodSpec{
    350. 

  350. 					Containers: []v1.Container{
    351. 

  351. 						{Name: "test"},
    352. 

  352. 					},
    353. 

  353. 				},
    354. 

  354. 			},
    355. 

  355. 			&kubecontainer.ContainerID{Type: "docker", ID: "really-long-id-string"},
    356. 

  356. 			&runtimeapi.NamespaceOption{
    357. 

  357. 				Pid:      runtimeapi.NamespaceMode_TARGET,
    358. 

  358. 				TargetId: "really-long-id-string",
    359. 

  359. 			},
    360. 

  360. 		},
    361. 

  361. 	} {
    362. 

  362. 		t.Run(tc.name, func(t *testing.T) {
    363. 

  363. 			got := m.generateLinuxContainerConfig(&tc.pod.Spec.Containers[0], tc.pod, nil, "", tc.target)
    364. 

  364. 			if diff := cmp.Diff(tc.want, got.SecurityContext.NamespaceOptions); diff != "" {
    365. 

  365. 				t.Errorf("%v: diff (-want +got):\n%v", t.Name(), diff)
    366. 

  366. 			}
    367. 

  367. 		})
    368. 

  368. 	}
    369. 

  369. }
    370. 

  370.