首頁 探索 說明
登入
tzeneto
/
custom-kube-scheduler
關註 1
讚好 0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: cb14858ef6
分支列表 標籤列表
custom-kube-...
/
kubernetes
/
test
/
e2e_node
/
runtime_conformance_test.go

runtime_conformance_test.go 8.1 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. /*
    2. 

  2. Copyright 2016 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package e2enode
    18. 

  18. 

  19. import (
    20. 

  20. 	"fmt"
    21. 

  21. 	"io/ioutil"
    22. 

  22. 	"os"
    23. 

  23. 	"path/filepath"
    24. 

  24. 	"time"
    25. 

  25. 

  26. 	"k8s.io/api/core/v1"
    27. 

  27. 	"k8s.io/kubernetes/pkg/kubelet/images"
    28. 

  28. 	"k8s.io/kubernetes/test/e2e/common"
    29. 

  29. 	"k8s.io/kubernetes/test/e2e/framework"
    30. 

  30. 	"k8s.io/kubernetes/test/e2e_node/services"
    31. 

  31. 

  32. 	"github.com/onsi/ginkgo"
    33. 

  33. )
    34. 

  34. 

  35. var _ = framework.KubeDescribe("Container Runtime Conformance Test", func() {
    36. 

  36. 	f := framework.NewDefaultFramework("runtime-conformance")
    37. 

  37. 

  38. 	ginkgo.Describe("container runtime conformance blackbox test", func() {
    39. 

  39. 

  40. 		ginkgo.Context("when running a container with a new image", func() {
    41. 

  41. 			// The service account only has pull permission
    42. 

  42. 			auth := `
    43. 

  43. {
    44. 

  44. 	"auths": {
    45. 

  45. 		"https://gcr.io": {
    46. 

  46. 			"auth": "X2pzb25fa2V5OnsKICAidHlwZSI6ICJzZXJ2aWNlX2FjY291bnQiLAogICJwcm9qZWN0X2lkIjogImF1dGhlbnRpY2F0ZWQtaW1hZ2UtcHVsbGluZyIsCiAgInByaXZhdGVfa2V5X2lkIjogImI5ZjJhNjY0YWE5YjIwNDg0Y2MxNTg2MDYzZmVmZGExOTIyNGFjM2IiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzdTSG5LVEVFaVlMamZcbkpmQVBHbUozd3JCY2VJNTBKS0xxS21GWE5RL3REWGJRK2g5YVl4aldJTDhEeDBKZTc0bVovS01uV2dYRjVLWlNcbm9BNktuSU85Yi9SY1NlV2VpSXRSekkzL1lYVitPNkNjcmpKSXl4anFWam5mVzJpM3NhMzd0OUE5VEZkbGZycm5cbjR6UkpiOWl4eU1YNGJMdHFGR3ZCMDNOSWl0QTNzVlo1ODhrb1FBZmgzSmhhQmVnTWorWjRSYko0aGVpQlFUMDNcbnZVbzViRWFQZVQ5RE16bHdzZWFQV2dydDZOME9VRGNBRTl4bGNJek11MjUzUG4vSzgySFpydEx4akd2UkhNVXhcbng0ZjhwSnhmQ3h4QlN3Z1NORit3OWpkbXR2b0wwRmE3ZGducFJlODZWRDY2ejNZenJqNHlLRXRqc2hLZHl5VWRcbkl5cVhoN1JSQWdNQkFBRUNnZ0VBT3pzZHdaeENVVlFUeEFka2wvSTVTRFVidi9NazRwaWZxYjJEa2FnbmhFcG9cbjFJajJsNGlWMTByOS9uenJnY2p5VlBBd3pZWk1JeDFBZVF0RDdoUzRHWmFweXZKWUc3NkZpWFpQUm9DVlB6b3VcbmZyOGRDaWFwbDV0enJDOWx2QXNHd29DTTdJWVRjZmNWdDdjRTEyRDNRS3NGNlo3QjJ6ZmdLS251WVBmK0NFNlRcbmNNMHkwaCtYRS9kMERvSERoVy96YU1yWEhqOFRvd2V1eXRrYmJzNGYvOUZqOVBuU2dET1lQd2xhbFZUcitGUWFcbkpSd1ZqVmxYcEZBUW14M0Jyd25rWnQzQ2lXV2lGM2QrSGk5RXRVYnRWclcxYjZnK1JRT0licWFtcis4YlJuZFhcbjZWZ3FCQWtKWjhSVnlkeFVQMGQxMUdqdU9QRHhCbkhCbmM0UW9rSXJFUUtCZ1FEMUNlaWN1ZGhXdGc0K2dTeGJcbnplanh0VjFONDFtZHVjQnpvMmp5b1dHbzNQVDh3ckJPL3lRRTM0cU9WSi9pZCs4SThoWjRvSWh1K0pBMDBzNmdcblRuSXErdi9kL1RFalk4MW5rWmlDa21SUFdiWHhhWXR4UjIxS1BYckxOTlFKS2ttOHRkeVh5UHFsOE1veUdmQ1dcbjJ2aVBKS05iNkhabnY5Q3lqZEo5ZzJMRG5RS0JnUUREcVN2eURtaGViOTIzSW96NGxlZ01SK205Z2xYVWdTS2dcbkVzZlllbVJmbU5XQitDN3ZhSXlVUm1ZNU55TXhmQlZXc3dXRldLYXhjK0krYnFzZmx6elZZdFpwMThNR2pzTURcbmZlZWZBWDZCWk1zVXQ3Qmw3WjlWSjg1bnRFZHFBQ0xwWitaLzN0SVJWdWdDV1pRMWhrbmxHa0dUMDI0SkVFKytcbk55SDFnM2QzUlFLQmdRQ1J2MXdKWkkwbVBsRklva0tGTkh1YTBUcDNLb1JTU1hzTURTVk9NK2xIckcxWHJtRjZcbkMwNGNTKzQ0N0dMUkxHOFVUaEpKbTRxckh0Ti9aK2dZOTYvMm1xYjRIakpORDM3TVhKQnZFYTN5ZUxTOHEvK1JcbjJGOU1LamRRaU5LWnhQcG84VzhOSlREWTVOa1BaZGh4a2pzSHdVNGRTNjZwMVRESUU0MGd0TFpaRFFLQmdGaldcbktyblFpTnEzOS9iNm5QOFJNVGJDUUFKbmR3anhTUU5kQTVmcW1rQTlhRk9HbCtqamsxQ1BWa0tNSWxLSmdEYkpcbk9heDl2OUc2Ui9NSTFIR1hmV3QxWU56VnRocjRIdHNyQTB0U3BsbWhwZ05XRTZWejZuQURqdGZQSnMyZUdqdlhcbmpQUnArdjhjY21MK3dTZzhQTGprM3ZsN2VlNXJsWWxNQndNdUdjUHhBb0dBZWRueGJXMVJMbVZubEFpSEx1L0xcbmxtZkF3RFdtRWlJMFVnK1BMbm9Pdk81dFE1ZDRXMS94RU44bFA0cWtzcGtmZk1Rbk5oNFNZR0VlQlQzMlpxQ1RcbkpSZ2YwWGpveXZ2dXA5eFhqTWtYcnBZL3ljMXpmcVRaQzBNTzkvMVVjMWJSR2RaMmR5M2xSNU5XYXA3T1h5Zk9cblBQcE5Gb1BUWGd2M3FDcW5sTEhyR3pNPVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogImltYWdlLXB1bGxpbmdAYXV0aGVudGljYXRlZC1pbWFnZS1wdWxsaW5nLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjExMzc5NzkxNDUzMDA3MzI3ODcxMiIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L2ltYWdlLXB1bGxpbmclNDBhdXRoZW50aWNhdGVkLWltYWdlLXB1bGxpbmcuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iCn0=",
    47. 

  47. 			"email": "image-pulling@authenticated-image-pulling.iam.gserviceaccount.com"
    48. 

  48. 		}
    49. 

  49. 	}
    50. 

  50. }`
    51. 

  51. 			// The following images are not added into NodeImageWhiteList, because this test is
    52. 

  52. 			// testing image pulling, these images don't need to be prepulled. The ImagePullPolicy
    53. 

  53. 			// is v1.PullAlways, so it won't be blocked by framework image white list check.
    54. 

  54. 			for _, testCase := range []struct {
    55. 

  55. 				description string
    56. 

  56. 				image       string
    57. 

  57. 				phase       v1.PodPhase
    58. 

  58. 				waiting     bool
    59. 

  59. 			}{
    60. 

  60. 				{
    61. 

  61. 					description: "should be able to pull from private registry with credential provider",
    62. 

  62. 					image:       "gcr.io/authenticated-image-pulling/alpine:3.7",
    63. 

  63. 					phase:       v1.PodRunning,
    64. 

  64. 					waiting:     false,
    65. 

  65. 				},
    66. 

  66. 			} {
    67. 

  67. 				testCase := testCase
    68. 

  68. 				ginkgo.It(testCase.description+" [NodeConformance]", func() {
    69. 

  69. 					name := "image-pull-test"
    70. 

  70. 					command := []string{"/bin/sh", "-c", "while true; do sleep 1; done"}
    71. 

  71. 					container := common.ConformanceContainer{
    72. 

  72. 						PodClient: f.PodClient(),
    73. 

  73. 						Container: v1.Container{
    74. 

  74. 							Name:    name,
    75. 

  75. 							Image:   testCase.image,
    76. 

  76. 							Command: command,
    77. 

  77. 							// PullAlways makes sure that the image will always be pulled even if it is present before the test.
    78. 

  78. 							ImagePullPolicy: v1.PullAlways,
    79. 

  79. 						},
    80. 

  80. 						RestartPolicy: v1.RestartPolicyNever,
    81. 

  81. 					}
    82. 

  82. 

  83. 					configFile := filepath.Join(services.KubeletRootDirectory, "config.json")
    84. 

  84. 					err := ioutil.WriteFile(configFile, []byte(auth), 0644)
    85. 

  85. 					framework.ExpectNoError(err)
    86. 

  86. 					defer os.Remove(configFile)
    87. 

  87. 

  88. 					// checkContainerStatus checks whether the container status matches expectation.
    89. 

  89. 					checkContainerStatus := func() error {
    90. 

  90. 						status, err := container.GetStatus()
    91. 

  91. 						if err != nil {
    92. 

  92. 							return fmt.Errorf("failed to get container status: %v", err)
    93. 

  93. 						}
    94. 

  94. 						// We need to check container state first. The default pod status is pending, If we check
    95. 

  95. 						// pod phase first, and the expected pod phase is Pending, the container status may not
    96. 

  96. 						// even show up when we check it.
    97. 

  97. 						// Check container state
    98. 

  98. 						if !testCase.waiting {
    99. 

  99. 							if status.State.Running == nil {
    100. 

  100. 								return fmt.Errorf("expected container state: Running, got: %q",
    101. 

  101. 									common.GetContainerState(status.State))
    102. 

  102. 							}
    103. 

  103. 						}
    104. 

  104. 						if testCase.waiting {
    105. 

  105. 							if status.State.Waiting == nil {
    106. 

  106. 								return fmt.Errorf("expected container state: Waiting, got: %q",
    107. 

  107. 									common.GetContainerState(status.State))
    108. 

  108. 							}
    109. 

  109. 							reason := status.State.Waiting.Reason
    110. 

  110. 							if reason != images.ErrImagePull.Error() &&
    111. 

  111. 								reason != images.ErrImagePullBackOff.Error() {
    112. 

  112. 								return fmt.Errorf("unexpected waiting reason: %q", reason)
    113. 

  113. 							}
    114. 

  114. 						}
    115. 

  115. 						// Check pod phase
    116. 

  116. 						phase, err := container.GetPhase()
    117. 

  117. 						if err != nil {
    118. 

  118. 							return fmt.Errorf("failed to get pod phase: %v", err)
    119. 

  119. 						}
    120. 

  120. 						if phase != testCase.phase {
    121. 

  121. 							return fmt.Errorf("expected pod phase: %q, got: %q", testCase.phase, phase)
    122. 

  122. 						}
    123. 

  123. 						return nil
    124. 

  124. 					}
    125. 

  125. 					// The image registry is not stable, which sometimes causes the test to fail. Add retry mechanism to make this
    126. 

  126. 					// less flaky.
    127. 

  127. 					const flakeRetry = 3
    128. 

  128. 					for i := 1; i <= flakeRetry; i++ {
    129. 

  129. 						var err error
    130. 

  130. 						ginkgo.By("create the container")
    131. 

  131. 						container.Create()
    132. 

  132. 						ginkgo.By("check the container status")
    133. 

  133. 						for start := time.Now(); time.Since(start) < common.ContainerStatusRetryTimeout; time.Sleep(common.ContainerStatusPollInterval) {
    134. 

  134. 							if err = checkContainerStatus(); err == nil {
    135. 

  135. 								break
    136. 

  136. 							}
    137. 

  137. 						}
    138. 

  138. 						ginkgo.By("delete the container")
    139. 

  139. 						container.Delete()
    140. 

  140. 						if err == nil {
    141. 

  141. 							break
    142. 

  142. 						}
    143. 

  143. 						if i < flakeRetry {
    144. 

  144. 							framework.Logf("No.%d attempt failed: %v, retrying...", i, err)
    145. 

  145. 						} else {
    146. 

  146. 							framework.Failf("All %d attempts failed: %v", flakeRetry, err)
    147. 

  147. 						}
    148. 

  148. 					}
    149. 

  149. 				})
    150. 

  150. 			}
    151. 

  151. 		})
    152. 

  152. 	})
    153. 

  153. })
    154. 

  154.