Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add node e2e tests for hostPid #44119

Merged
merged 1 commit into from Apr 7, 2017
Merged

Add node e2e tests for hostPid #44119

merged 1 commit into from Apr 7, 2017

Conversation

feiskyer
Copy link
Member

@feiskyer feiskyer commented Apr 5, 2017

For #44118. Add node e2e tests for hostPid.

cc @yujuhong @kubernetes/sig-node-pr-reviews

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 5, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Apr 6, 2017
yujuhong
yujuhong reviewed Apr 6, 2017
View reviewed changes
test/e2e_node/security_context_test.go Outdated
}

// the pid of 'sh' should not be 1 if it is in hostPid mode.
if logs == "1\n" {
Copy link
Contributor

@yujuhong yujuhong Apr 6, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would not work in the future if we enable shared pid namespace in the pod. Maybe we can create two host pid pods and check whether they can see each other.

You can also create a non-host-pid-ns pod, and verify that it cannot see others.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would not work in the future if we enable shared pid namespace in the pod. Maybe we can create to host pid pods and check whether they can see each other.

That's right. Will update.

@feiskyer feiskyer force-pushed the e2e-node branch 2 times, most recently from 88b199f to 3c21c6b Compare April 6, 2017 02:11
@enisoc enisoc mentioned this pull request Apr 6, 2017
Merged
yujuhong
yujuhong reviewed Apr 6, 2017
View reviewed changes
test/e2e_node/security_context_test.go Outdated
busyboxPodName := "busybox-hostpid-" + string(uuid.NewUUID())
nginxPodName := "nginx-hostpid-" + string(uuid.NewUUID())
It("should create the pod in hostPid", func() {
podClient.CreateSync(makeHostPidPod(nginxPodName,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test will pass if there happens to be any nginx process running on the node. We should make sure the pid actually matches. You can get the pid of the process by exec into the container and cat the /var/run/nginx.pid file.

In the other container, you should make sure if the output includes the pid we are looking for.

I'd still like to see a test for a non-hostpid pod to make sure we don't always use host pid.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree. @xlgao-zju We could also test hostpid and hostipc in similar way.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

test/e2e_node/security_context_test.go Outdated
}
busyboxPodName := "busybox-hostpid-" + string(uuid.NewUUID())
nginxPodName := "nginx-hostpid-" + string(uuid.NewUUID())
It("should create the pod in hostPid", func() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: s/in hostPid/in the host PID namespace

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

@yujuhong yujuhong assigned yujuhong and unassigned dchen1107 Apr 6, 2017
@yujuhong yujuhong added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Apr 6, 2017
@yujuhong
Copy link
Contributor

yujuhong commented Apr 6, 2017

Adding @Random-Liu since we need an approver.

@yujuhong yujuhong added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Apr 6, 2017
@yujuhong yujuhong added this to the v1.6 milestone Apr 6, 2017
Random-Liu
Random-Liu reviewed Apr 6, 2017
View reviewed changes
test/e2e_node/security_context_test.go Outdated
busyboxPodName := "busybox-hostpid-" + string(uuid.NewUUID())
nginxPodName := "nginx-hostpid-" + string(uuid.NewUUID())
It("should create the pod in hostPid", func() {
podClient.CreateSync(makeHostPidPod(nginxPodName,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree. @xlgao-zju We could also test hostpid and hostipc in similar way.

test/e2e_node/security_context_test.go Outdated

podClient.CreateSync(makeHostPidPod(busyboxPodName,
"gcr.io/google_containers/busybox:1.24",
[]string{"sh", "-c", "pgrep nginx; sleep 240"}))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why sleep 240? Maybe just tail -f /dev/null

test/e2e_node/security_context_test.go Outdated
[]string{"sh", "-c", "pgrep nginx; sleep 240"}))

Eventually(func() error {
logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even if you go with current solution, we should trim spaces here to make sure logs is actually empty.

And I think yuju's suggestion is better and more reliable here.

@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 7, 2017
@Random-Liu
Copy link
Member

LGTM

@feiskyer feiskyer force-pushed the e2e-node branch 2 times, most recently from 440503f to dc034fc Compare April 7, 2017 03:33
@Random-Liu
Copy link
Member

test/e2e_node/security_context_test.go, line 63 at r4 (raw file):

			podClient.Create(makeHostPidPod(podName,
				"gcr.io/google_containers/busybox:1.24",
				[]string{"sh", "-c", "pidof nginx"},

Why not just pidof nginx || true?

Comments from Reviewable

@feiskyer
Copy link
Member Author

feiskyer commented Apr 7, 2017

Why not just pidof nginx || true?

Good idea. Updated.

@Random-Liu
Copy link
Member

Review status: 0 of 2 files reviewed at latest revision, 8 unresolved discussions.

test/e2e_node/security_context_test.go, line 88 at r5 (raw file):

			createAndWaitHostPidPod(busyboxPodName, true)

			Eventually(func() error {

Why use Eventually here?

test/e2e_node/security_context_test.go, line 113 at r5 (raw file):

			createAndWaitHostPidPod(busyboxPodName, false)

			Eventually(func() error {

Why use Eventually here?

Comments from Reviewable

@xlgao-zju
Copy link
Contributor

/cc @Helen-Xie @heartlock

@feiskyer feiskyer force-pushed the e2e-node branch 2 times, most recently from 438f1ca to 06b89fd Compare April 7, 2017 04:58
@feiskyer
Copy link
Member Author

feiskyer commented Apr 7, 2017

@Random-Liu Fixed. PTAL.

@Random-Liu
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 7, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Random-Liu, feiskyer

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 7, 2017
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit a635aed into kubernetes:master Apr 7, 2017
@feiskyer feiskyer deleted the e2e-node branch April 8, 2017 01:35
k8s-github-robot pushed a commit that referenced this pull request Apr 10, 2017
Merge pull request #44116 from feiskyer/release-1.6
b309323 
Automatic merge from submit-queue

Automated cherry pick of #44097 and #44119

Cherry pick #44097 and #44119  for release-1.6.

Fix container hostPid settings.

**Release note**:

```release-note
Fix container hostPid settings when CRI is enabled.
```
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.6" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

@feiskyer feiskyer mentioned this pull request Apr 27, 2017
Closed
10 tasks
mintzhao pushed a commit to mintzhao/kubernetes that referenced this pull request Jun 1, 2017
Merge pull request kubernetes#44116 from feiskyer/release-1.6
30b49be 
Automatic merge from submit-queue

Automated cherry pick of kubernetes#44097 and kubernetes#44119

Cherry pick kubernetes#44097 and kubernetes#44119  for release-1.6.

Fix container hostPid settings.

**Release note**:

```release-note
Fix container hostPid settings when CRI is enabled.
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Random-Liu Random-Liu Random-Liu left review comments

@yujuhong yujuhong yujuhong left review comments

Assignees

@Random-Liu Random-Liu

@yujuhong yujuhong

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.6
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@feiskyer @k8s-reviewable @yujuhong @Random-Liu @xlgao-zju @k8s-github-robot @k8s-cherrypick-bot @dchen1107 @k8s-ci-robot