Permalink
Browse files

Docs and patch for cri-tools

  • Loading branch information...
vefimova committed Jun 27, 2017
1 parent a1c4191 commit de08eddfa1b3257a739f38b82b07b8129784fa6f
Showing with 270 additions and 0 deletions.
  1. +82 −0 cri-tools.patch
  2. +188 −0 docs/cri-tools.md
@@ -0,0 +1,82 @@
diff --git a/pkg/framework/util.go b/pkg/framework/util.go
index 290485a..7b53fe6 100644
--- a/pkg/framework/util.go
+++ b/pkg/framework/util.go
@@ -50,7 +50,7 @@ const (
DefaultAttempt uint32 = 2

// DefaultContainerImage is the default image for container using
- DefaultContainerImage string = "busybox:1.26"
+ DefaultContainerImage string = "download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img"

// DefaultStopContainerTimeout is the default timeout for stopping container
DefaultStopContainerTimeout int64 = 60
@@ -120,7 +120,7 @@ func NewUUID() string {

// RunDefaultPodSandbox runs a PodSandbox with default options.
func RunDefaultPodSandbox(c internalapi.RuntimeService, prefix string) string {
- podSandboxName := prefix + NewUUID()
+ podSandboxName := prefix
uid := DefaultUIDPrefix + NewUUID()
namespace := DefaultNamespacePrefix + NewUUID()

@@ -172,7 +172,7 @@ func BuildContainerMetadata(containerName string, attempt uint32) *runtimeapi.Co

// CreateDefaultContainer creates a default container with default options.
func CreateDefaultContainer(rc internalapi.RuntimeService, ic internalapi.ImageManagerService, podID string, podConfig *runtimeapi.PodSandboxConfig, prefix string) string {
- containerName := prefix + NewUUID()
+ containerName := prefix
containerConfig := &runtimeapi.ContainerConfig{
Metadata: BuildContainerMetadata(containerName, DefaultAttempt),
Image: &runtimeapi.ImageSpec{Image: DefaultContainerImage},
diff --git a/pkg/validate/container.go b/pkg/validate/container.go
index 67a414f..e7d6097 100644
--- a/pkg/validate/container.go
+++ b/pkg/validate/container.go
@@ -223,7 +223,7 @@ func getContainerStatus(c internalapi.RuntimeService, containerID string) *runti

// createShellContainer creates a container to run /bin/sh.
func createShellContainer(rc internalapi.RuntimeService, ic internalapi.ImageManagerService, podID string, podConfig *runtimeapi.PodSandboxConfig, prefix string) string {
- containerName := prefix + framework.NewUUID()
+ containerName := prefix
containerConfig := &runtimeapi.ContainerConfig{
Metadata: framework.BuildContainerMetadata(containerName, framework.DefaultAttempt),
Image: &runtimeapi.ImageSpec{Image: framework.DefaultContainerImage},
@@ -342,7 +342,7 @@ func createHostPath(podID string) (string, string) {
// createVolContainerOrFail creates a container with volume and the prefix of containerName and fails if it gets error.
func createVolumeContainer(rc internalapi.RuntimeService, ic internalapi.ImageManagerService, prefix string, podID string, podConfig *runtimeapi.PodSandboxConfig, hostPath, flagFile string) string {
By("create a container with volume and name")
- containerName := prefix + framework.NewUUID()
+ containerName := prefix
containerConfig := &runtimeapi.ContainerConfig{
Metadata: framework.BuildContainerMetadata(containerName, framework.DefaultAttempt),
Image: &runtimeapi.ImageSpec{Image: framework.DefaultContainerImage},
@@ -362,7 +362,7 @@ func createVolumeContainer(rc internalapi.RuntimeService, ic internalapi.ImageMa
// createLogContainer creates a container with log and the prefix of containerName.
func createLogContainer(rc internalapi.RuntimeService, ic internalapi.ImageManagerService, prefix string, podID string, podConfig *runtimeapi.PodSandboxConfig) (string, string) {
By("create a container with log and name")
- containerName := prefix + framework.NewUUID()
+ containerName := prefix
path := fmt.Sprintf("%s.log", containerName)
containerConfig := &runtimeapi.ContainerConfig{
Metadata: framework.BuildContainerMetadata(containerName, framework.DefaultAttempt),
diff --git a/pkg/validate/image.go b/pkg/validate/image.go
index 343ac67..cab9247 100644
--- a/pkg/validate/image.go
+++ b/pkg/validate/image.go
@@ -29,13 +29,13 @@ import (

var (
// image name for test image api
- testImageName = "busybox"
+ testImageName = "download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img"

// name-tagged reference for test image
testImageRef = testImageName + ":1.26.2"

// Digested reference for test image
- busyboxDigestRef = testImageName + "@sha256:817a12c32a39bbe394944ba49de563e085f1d3c5266eb8e9723256bc4448680e"
+ busyboxDigestRef = "download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img"
)

var _ = framework.KubeDescribe("Image Manager", func() {
@@ -0,0 +1,188 @@
# [CRI-tools](https://github.com/kubernetes-incubator/cri-tools) compatibility status

CRI-tools project utilizes [ginkgo](https://onsi.github.io/ginkgo) package, which provides means for setup/teardown, organizing tests in groups, and flags for running/skipping specific subsets of tests.

## Summary by Groups (Specs)
### Validation

| Test Spec Name | Overall number | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| Container | 7 | 7 | 5 |
| Image Manager | 6 | 4 | 4 |
| Networking | 3 | 0 | 0 |
| PodSandbox | 3 | 3 | 3 |
| Runtime info | 2 | 2 | 2 |
| Security Context | 12 | 4 | 0 |
| Streaming | 3 | 0 | 0 |
| **overall** | 36 | 20 | 14 |

Use `Spec names` from the first column above to run specif subsets of tests:
`# critest --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock --focus="Container" validation`

#### critest validation results

##### "Container" Spec:
| Test Spec Name | Short description | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| creating container | create, list | y | y |
| starting container | create, start | y | y |
| stopping container | create, start, stop | y | y |
| removing container | create, remove | y | y |
| execSync | check execSync | y | n |
| container with volume | create container with hostDir | y | y |
| container with log | start container with LogPath | y | n |

##### "Image Manager"
| Test Spec Name | Short description | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| image with tag | pull image by ref| y | y |
| image without tag| pull image by name| y | y |
| image with digest | pull image by digestRef | y | y |
| get image| get image status | y | y |
| exactly 3 image | tags | n | n |
| exactly 3 repoTags | tags | n | n |

##### "Networking"
| Test Spec Name | Short description | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| support DNS config| check /etc/resolv.conf content | n | n |
| port mapping with only container port | | n | n |
| port mapping with host port and container port | | n | n |

##### "PodSandbox"
| Test Spec Name | Short description | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| running PodSandbox | run sandbox, list | y | y |
| stopping PodSandbox | run sandbox, stop | y | y |
| removing PodSandbox| run sandbox, stop, remove | y | y |

##### "Runtime info"
| Test Spec Name | Short description | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| runtime info | get runtime version | y | y |
| runtime conditions | get runtime status | y | y |

##### "Security Context"
| Test Spec Name | Short description | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| support HostPID | created sandbox with nginx and busybox containers with with hostPID. Nginx pid must be seen from within busybox. Using execSync for checking. | n | n |
| HostIpc is true | check shared memory segment in included in the “busybox” container created with hostIPC set. Using execSync for check. | n | n |
| HostIpc is false | the same as abive but check that memory is not included | n | n |
| HostNetwork is true| | n | n |
| HostNetwork is false | | n | n |
| support RunAsUser | execSync check | y | n |
| support RunAsUserName | execSync check | y | n |
| ReadOnlyRootfs is false | | y | n |
| ReadOnlyRootfs is true | | y | n |
| Privileged is true| | ? | n |
| Privileged is false| | ? | n |
| setting Capability| | ? | n |

##### "Streaming"
| Test Spec Name | Short description | Compatible to virtlet | Passed |
| -----------------------|:---------------------:|:---------------------------:|:----------:|
| support exec | | y | n |
| support attach | y | n |
| support portforward | n | n |

## critest running steps
1. To be able to run virtlet compatible tests you need to fix following issues in cri-tools"
1. Currently CRI-tools uses hardcoded "busybox" and "nginx" image names for tests. To be able to run compatible with virtlet tests you need to make changes following changes in cri-tools:
1. Virtlet adds ids when creating to domain’s name + cri-tools also adds id and prefix, what leads to error on domain creation:

> Monitor path /var/lib/libvirt/qemu/domain-ceb27ab2-385b-574b-54cc-90a9db9e92be-container-for-start-test-7916763f-5b2e-11e7-87bc-52540070019e/monitor.sock too big for destination'
Need to apply `cri-tools.patch` and build `cri-tools` inside `virtlet-builder`:

```
build/cmd.sh stop
build/cmd.sh run "mkdir /go/src/github.com/kubernetes-incubator ; \
cd /go/src/github.com/kubernetes-incubator ; \
git clone https://github.com/kubernetes-incubator/cri-tools.git && cd cri-tools ; \
git apply ../../Mirantis/virtlet/cri-tools.patch ; \
make binaries && make install; "
```

2. Setup `virtlet-build` container to be ready to run `critest`:
```
build/cmd.sh run "mkdir -p /usr/libexec/kubernetes/kubelet-plugins/volume/exec ; \
mkdir -p /var/lib/kubelet/pods ; \
cp ./_output/flexvolume_driver /flexvolume_driver ; \
cp ./_output/virtlet /usr/local/bin/ ; "
build/cmd.sh run "VIRTLET_DISABLE_KVM=1 /start.sh > ./virtlet-cri-rools.log 2>&1 &"
build/cmd.sh vsh
critest --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock --focus="Container" validation
```

## crictl usage example:

```
# cat sandbox-config.json
{
"metadata": {
"name": "cirros-sandbox",
"namespace": "default",
"attempt": 1,
"uid": "hdishd83djaidwnduwk28bcsb"
},
"linux": {
}
}
# cat container-config.json
{
"metadata": {
"name": "cirros-vm"
},
"image":{
"image": "download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img"
},
"linux": {
}
}
#
# crictl --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock sandbox run ./vm-sandbox.json
hdishd83djaidwnduwk28bcsb
#
# crictl --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock sandbox ls
SANDBOX ID NAME STATE
hdishd83djaidwnduwk28bcsb cirros-sandbox SANDBOX_READY
#
# crictl --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock image pull download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
# virsh vol-list --pool default
Name Path
------------------------------------------------------------------------------
10da1bf07c27b64768ed07b798095f8d779bdbc3_cirros-0.3.5-x86_64-disk.img /var/lib/libvirt/images/10da1bf07c27b64768ed07b798095f8d779bdbc3_cirros-0.3.5-x86_64-disk.img
# crictl --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock container create hdishd83djaidwnduwk28bcsb ./vm-container.json ./vm-sandbox.json
264e1739-7b6a-5a3d-564c-baae69b5bdb0
# crictl --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock container create hdishd83djaidwnduwk28bcsb ./vm-container.json ./vm-sandbox.json
264e1739-7b6a-5a3d-564c-baae69b5bdb0
# virsh vol-list --pool volumes
Name Path
------------------------------------------------------------------------------
root_264e1739-7b6a-5a3d-564c-baae69b5bdb0 /var/lib/virtlet/root_264e1739-7b6a-5a3d-564c-baae69b5bdb0
root@3ef5de7d492b:/go/src/github.com/Mirantis/virtlet# virsh list --all
Id Name State
----------------------------------------------------
- 264e1739-7b6a-5a3d-564c-baae69b5bdb0-cirros-vm shut off
# crictl --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock container start 264e1739-7b6a-5a3d-564c-baae69b5bdb0
264e1739-7b6a-5a3d-564c-baae69b5bdb0
# crictl --runtime-endpoint=/run/virtlet.sock --image-endpoint=/run/virtlet.sock container ls
CONTAINER ID CREATED STATE NAME
264e1739-7b6a-5a3d-564c-baae69b5bdb0 2017-06-26 18:44:36.437995153 +0000 UTC CONTAINER_RUNNING cirros-vm
# virsh list --all
Id Name State
----------------------------------------------------
1 264e1739-7b6a-5a3d-564c-baae69b5bdb0-cirros-vm running
```

0 comments on commit de08edd

Please sign in to comment.