Unverified Commit 1a0a841a authored by Kubernetes Prow Robot's avatar Kubernetes Prow Robot Committed by GitHub

Merge pull request #73204 from bclau/tests/adds-linuxonly-tag

Adds [LinuxOnly] tag to conformance tests that cannot be run on Windows
parents 6ed54138 5daa0887
...@@ -45,8 +45,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() { ...@@ -45,8 +45,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() {
Release : v1.9 Release : v1.9
Testname: ConfigMap Volume, without mapping, volume mode set Testname: ConfigMap Volume, without mapping, volume mode set
Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. File mode is changed to a custom value of '0x400'. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The data content of the file MUST be readable and verified and file modes MUST be set to the custom value of ‘0x400’ Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. File mode is changed to a custom value of '0x400'. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The data content of the file MUST be readable and verified and file modes MUST be set to the custom value of ‘0x400’
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [LinuxOnly] [NodeConformance]", func() {
defaultMode := int32(0400) defaultMode := int32(0400)
doConfigMapE2EWithoutMappings(f, 0, 0, &defaultMode) doConfigMapE2EWithoutMappings(f, 0, 0, &defaultMode)
}) })
...@@ -60,8 +61,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() { ...@@ -60,8 +61,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() {
Release : v1.9 Release : v1.9
Testname: ConfigMap Volume, without mapping, non-root user Testname: ConfigMap Volume, without mapping, non-root user
Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. Pod is run as a non-root user with uid=1000. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The file on the volume MUST have file mode set to default value of 0x644. Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. Pod is run as a non-root user with uid=1000. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The file on the volume MUST have file mode set to default value of 0x644.
This test is marked LinuxOnly since Windows does not support running as UID / GID.
*/ */
framework.ConformanceIt("should be consumable from pods in volume as non-root [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume as non-root [LinuxOnly] [NodeConformance]", func() {
doConfigMapE2EWithoutMappings(f, 1000, 0, nil) doConfigMapE2EWithoutMappings(f, 1000, 0, nil)
}) })
...@@ -82,8 +84,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() { ...@@ -82,8 +84,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() {
Release : v1.9 Release : v1.9
Testname: ConfigMap Volume, with mapping, volume mode set Testname: ConfigMap Volume, with mapping, volume mode set
Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. Files are mapped to a path in the volume. File mode is changed to a custom value of '0x400'. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The data content of the file MUST be readable and verified and file modes MUST be set to the custom value of ‘0x400’ Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. Files are mapped to a path in the volume. File mode is changed to a custom value of '0x400'. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The data content of the file MUST be readable and verified and file modes MUST be set to the custom value of ‘0x400’
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with mappings and Item mode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with mappings and Item mode set [LinuxOnly] [NodeConformance]", func() {
mode := int32(0400) mode := int32(0400)
doConfigMapE2EWithMappings(f, 0, 0, &mode) doConfigMapE2EWithMappings(f, 0, 0, &mode)
}) })
...@@ -92,8 +95,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() { ...@@ -92,8 +95,9 @@ var _ = Describe("[sig-storage] ConfigMap", func() {
Release : v1.9 Release : v1.9
Testname: ConfigMap Volume, with mapping, non-root user Testname: ConfigMap Volume, with mapping, non-root user
Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. Files are mapped to a path in the volume. Pod is run as a non-root user with uid=1000. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The file on the volume MUST have file mode set to default value of 0x644. Description: Create a ConfigMap, create a Pod that mounts a volume and populates the volume with data stored in the ConfigMap. Files are mapped to a path in the volume. Pod is run as a non-root user with uid=1000. The ConfigMap that is created MUST be accessible to read from the newly created Pod using the volume mount. The file on the volume MUST have file mode set to default value of 0x644.
This test is marked LinuxOnly since Windows does not support running as UID / GID.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with mappings as non-root [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with mappings as non-root [LinuxOnly] [NodeConformance]", func() {
doConfigMapE2EWithMappings(f, 1000, 0, nil) doConfigMapE2EWithMappings(f, 1000, 0, nil)
}) })
......
...@@ -58,8 +58,9 @@ var _ = Describe("[sig-storage] Downward API volume", func() { ...@@ -58,8 +58,9 @@ var _ = Describe("[sig-storage] Downward API volume", func() {
Release : v1.9 Release : v1.9
Testname: DownwardAPI volume, volume mode 0400 Testname: DownwardAPI volume, volume mode 0400
Description: A Pod is configured with DownwardAPIVolumeSource with the volumesource mode set to -r-------- and DownwardAPIVolumeFiles contains a item for the Pod name. The container runtime MUST be able to access Pod name from the specified path on the mounted volume. Description: A Pod is configured with DownwardAPIVolumeSource with the volumesource mode set to -r-------- and DownwardAPIVolumeFiles contains a item for the Pod name. The container runtime MUST be able to access Pod name from the specified path on the mounted volume.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should set DefaultMode on files [NodeConformance]", func() { framework.ConformanceIt("should set DefaultMode on files [LinuxOnly] [NodeConformance]", func() {
podName := "downwardapi-volume-" + string(uuid.NewUUID()) podName := "downwardapi-volume-" + string(uuid.NewUUID())
defaultMode := int32(0400) defaultMode := int32(0400)
pod := downwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", nil, &defaultMode) pod := downwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", nil, &defaultMode)
...@@ -73,8 +74,9 @@ var _ = Describe("[sig-storage] Downward API volume", func() { ...@@ -73,8 +74,9 @@ var _ = Describe("[sig-storage] Downward API volume", func() {
Release : v1.9 Release : v1.9
Testname: DownwardAPI volume, file mode 0400 Testname: DownwardAPI volume, file mode 0400
Description: A Pod is configured with DownwardAPIVolumeSource and DownwartAPIVolumeFiles contains a item for the Pod name with the file mode set to -r--------. The container runtime MUST be able to access Pod name from the specified path on the mounted volume. Description: A Pod is configured with DownwardAPIVolumeSource and DownwartAPIVolumeFiles contains a item for the Pod name with the file mode set to -r--------. The container runtime MUST be able to access Pod name from the specified path on the mounted volume.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should set mode on item file [NodeConformance]", func() { framework.ConformanceIt("should set mode on item file [LinuxOnly] [NodeConformance]", func() {
podName := "downwardapi-volume-" + string(uuid.NewUUID()) podName := "downwardapi-volume-" + string(uuid.NewUUID())
mode := int32(0400) mode := int32(0400)
pod := downwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", &mode, nil) pod := downwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", &mode, nil)
......
...@@ -44,8 +44,9 @@ var _ = Describe("[sig-storage] HostPath", func() { ...@@ -44,8 +44,9 @@ var _ = Describe("[sig-storage] HostPath", func() {
Release : v1.9 Release : v1.9
Testname: Host path, volume mode default Testname: Host path, volume mode default
Description: Create a Pod with host volume mounted. The volume mounted MUST be a directory with permissions mode -rwxrwxrwx and that is has the sticky bit (mode flag t) set. Description: Create a Pod with host volume mounted. The volume mounted MUST be a directory with permissions mode -rwxrwxrwx and that is has the sticky bit (mode flag t) set.
This test is marked LinuxOnly since Windows does not support setting the sticky bit (mode flag t).
*/ */
framework.ConformanceIt("should give a volume the correct mode [NodeConformance]", func() { framework.ConformanceIt("should give a volume the correct mode [LinuxOnly] [NodeConformance]", func() {
source := &v1.HostPathVolumeSource{ source := &v1.HostPathVolumeSource{
Path: "/tmp", Path: "/tmp",
} }
......
...@@ -190,8 +190,9 @@ var _ = framework.KubeDescribe("Kubelet", func() { ...@@ -190,8 +190,9 @@ var _ = framework.KubeDescribe("Kubelet", func() {
Release : v1.13 Release : v1.13
Testname: Kubelet, pod with read only root file system Testname: Kubelet, pod with read only root file system
Description: Create a Pod with security context set with ReadOnlyRootFileSystem set to true. The Pod then tries to write to the /file on the root, write operation to the root filesystem MUST fail as expected. Description: Create a Pod with security context set with ReadOnlyRootFileSystem set to true. The Pod then tries to write to the /file on the root, write operation to the root filesystem MUST fail as expected.
This test is marked LinuxOnly since Windows does not support creating containers with read-only access.
*/ */
framework.ConformanceIt("should not write to root filesystem [NodeConformance]", func() { framework.ConformanceIt("should not write to root filesystem [LinuxOnly] [NodeConformance]", func() {
isReadOnly := true isReadOnly := true
podClient.CreateSync(&v1.Pod{ podClient.CreateSync(&v1.Pod{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
......
...@@ -57,8 +57,9 @@ var _ = framework.KubeDescribe("KubeletManagedEtcHosts", func() { ...@@ -57,8 +57,9 @@ var _ = framework.KubeDescribe("KubeletManagedEtcHosts", func() {
1. The Pod with hostNetwork=false MUST have /etc/hosts of containers managed by the Kubelet. 1. The Pod with hostNetwork=false MUST have /etc/hosts of containers managed by the Kubelet.
2. The Pod with hostNetwork=false but the container mounts /etc/hosts file from the host. The /etc/hosts file MUST not be managed by the Kubelet. 2. The Pod with hostNetwork=false but the container mounts /etc/hosts file from the host. The /etc/hosts file MUST not be managed by the Kubelet.
3. The Pod with hostNetwork=true , /etc/hosts file MUST not be managed by the Kubelet. 3. The Pod with hostNetwork=true , /etc/hosts file MUST not be managed by the Kubelet.
This test is marked LinuxOnly since Windows cannot mount individual files in Containers.
*/ */
framework.ConformanceIt("should test kubelet managed /etc/hosts file [NodeConformance]", func() { framework.ConformanceIt("should test kubelet managed /etc/hosts file [LinuxOnly] [NodeConformance]", func() {
By("Setting up the test") By("Setting up the test")
config.setup() config.setup()
......
...@@ -35,8 +35,9 @@ var _ = Describe("[sig-network] Networking", func() { ...@@ -35,8 +35,9 @@ var _ = Describe("[sig-network] Networking", func() {
Testname: Networking, intra pod http Testname: Networking, intra pod http
Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes. Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames. The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
This test is marked LinuxOnly since HostNetwork is not supported on other platforms like Windows.
*/ */
framework.ConformanceIt("should function for intra-pod communication: http [NodeConformance]", func() { framework.ConformanceIt("should function for intra-pod communication: http [LinuxOnly] [NodeConformance]", func() {
config := framework.NewCoreNetworkingTestConfig(f) config := framework.NewCoreNetworkingTestConfig(f)
for _, endpointPod := range config.EndpointPods { for _, endpointPod := range config.EndpointPods {
config.DialFromTestContainer("http", endpointPod.Status.PodIP, framework.EndpointHttpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name)) config.DialFromTestContainer("http", endpointPod.Status.PodIP, framework.EndpointHttpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name))
...@@ -48,8 +49,9 @@ var _ = Describe("[sig-network] Networking", func() { ...@@ -48,8 +49,9 @@ var _ = Describe("[sig-network] Networking", func() {
Testname: Networking, intra pod udp Testname: Networking, intra pod udp
Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes. Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
The kubectl exec on the webserver container MUST reach a udp port on the each of service proxy endpoints in the cluster and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames. The kubectl exec on the webserver container MUST reach a udp port on the each of service proxy endpoints in the cluster and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
This test is marked LinuxOnly since HostNetwork is not supported on other platforms like Windows.
*/ */
framework.ConformanceIt("should function for intra-pod communication: udp [NodeConformance]", func() { framework.ConformanceIt("should function for intra-pod communication: udp [LinuxOnly] [NodeConformance]", func() {
config := framework.NewCoreNetworkingTestConfig(f) config := framework.NewCoreNetworkingTestConfig(f)
for _, endpointPod := range config.EndpointPods { for _, endpointPod := range config.EndpointPods {
config.DialFromTestContainer("udp", endpointPod.Status.PodIP, framework.EndpointUdpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name)) config.DialFromTestContainer("udp", endpointPod.Status.PodIP, framework.EndpointUdpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name))
...@@ -61,8 +63,9 @@ var _ = Describe("[sig-network] Networking", func() { ...@@ -61,8 +63,9 @@ var _ = Describe("[sig-network] Networking", func() {
Testname: Networking, intra pod http, from node Testname: Networking, intra pod http, from node
Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes. Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster using a http post(protocol=tcp) and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames. The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster using a http post(protocol=tcp) and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
This test is marked LinuxOnly since HostNetwork is not supported on other platforms like Windows.
*/ */
framework.ConformanceIt("should function for node-pod communication: http [NodeConformance]", func() { framework.ConformanceIt("should function for node-pod communication: http [LinuxOnly] [NodeConformance]", func() {
config := framework.NewCoreNetworkingTestConfig(f) config := framework.NewCoreNetworkingTestConfig(f)
for _, endpointPod := range config.EndpointPods { for _, endpointPod := range config.EndpointPods {
config.DialFromNode("http", endpointPod.Status.PodIP, framework.EndpointHttpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name)) config.DialFromNode("http", endpointPod.Status.PodIP, framework.EndpointHttpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name))
...@@ -74,8 +77,9 @@ var _ = Describe("[sig-network] Networking", func() { ...@@ -74,8 +77,9 @@ var _ = Describe("[sig-network] Networking", func() {
Testname: Networking, intra pod http, from node Testname: Networking, intra pod http, from node
Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes. Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster using a http post(protocol=udp) and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames. The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster using a http post(protocol=udp) and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
This test is marked LinuxOnly since HostNetwork is not supported on other platforms like Windows.
*/ */
framework.ConformanceIt("should function for node-pod communication: udp [NodeConformance]", func() { framework.ConformanceIt("should function for node-pod communication: udp [LinuxOnly] [NodeConformance]", func() {
config := framework.NewCoreNetworkingTestConfig(f) config := framework.NewCoreNetworkingTestConfig(f)
for _, endpointPod := range config.EndpointPods { for _, endpointPod := range config.EndpointPods {
config.DialFromNode("udp", endpointPod.Status.PodIP, framework.EndpointUdpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name)) config.DialFromNode("udp", endpointPod.Status.PodIP, framework.EndpointUdpPort, config.MaxTries, 0, sets.NewString(endpointPod.Name))
......
...@@ -45,7 +45,8 @@ var _ = framework.KubeDescribe("PrivilegedPod [NodeConformance]", func() { ...@@ -45,7 +45,8 @@ var _ = framework.KubeDescribe("PrivilegedPod [NodeConformance]", func() {
notPrivilegedContainer: "not-privileged-container", notPrivilegedContainer: "not-privileged-container",
} }
It("should enable privileged commands", func() { It("should enable privileged commands [LinuxOnly]", func() {
// Windows does not support privileged containers.
By("Creating a pod with a privileged container") By("Creating a pod with a privileged container")
config.createPods() config.createPods()
......
...@@ -46,8 +46,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() { ...@@ -46,8 +46,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, ConfigMap, volume mode 0400 Testname: Projected Volume, ConfigMap, volume mode 0400
Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap with permission mode set to 0400. Pod MUST be able to read the content of the ConfigMap successfully and the mode on the volume MUST be -r——-——-—-. Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap with permission mode set to 0400. Pod MUST be able to read the content of the ConfigMap successfully and the mode on the volume MUST be -r——-——-—-.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [LinuxOnly] [NodeConformance]", func() {
defaultMode := int32(0400) defaultMode := int32(0400)
doProjectedConfigMapE2EWithoutMappings(f, 0, 0, &defaultMode) doProjectedConfigMapE2EWithoutMappings(f, 0, 0, &defaultMode)
}) })
...@@ -61,8 +62,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() { ...@@ -61,8 +62,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, ConfigMap, non-root user Testname: Projected Volume, ConfigMap, non-root user
Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap as non-root user with uid 1000. Pod MUST be able to read the content of the ConfigMap successfully and the mode on the volume MUST be -rw—r——r—-. Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap as non-root user with uid 1000. Pod MUST be able to read the content of the ConfigMap successfully and the mode on the volume MUST be -rw—r——r—-.
This test is marked LinuxOnly since Windows does not support running as UID / GID.
*/ */
framework.ConformanceIt("should be consumable from pods in volume as non-root [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume as non-root [LinuxOnly] [NodeConformance]", func() {
doProjectedConfigMapE2EWithoutMappings(f, 1000, 0, nil) doProjectedConfigMapE2EWithoutMappings(f, 1000, 0, nil)
}) })
...@@ -83,8 +85,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() { ...@@ -83,8 +85,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, ConfigMap, mapped, volume mode 0400 Testname: Projected Volume, ConfigMap, mapped, volume mode 0400
Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap with permission mode set to 0400. The ConfigMap is also mapped to a custom path. Pod MUST be able to read the content of the ConfigMap from the custom location successfully and the mode on the volume MUST be -r-—r——r—-. Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap with permission mode set to 0400. The ConfigMap is also mapped to a custom path. Pod MUST be able to read the content of the ConfigMap from the custom location successfully and the mode on the volume MUST be -r-—r——r—-.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with mappings and Item mode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with mappings and Item mode set [LinuxOnly] [NodeConformance]", func() {
mode := int32(0400) mode := int32(0400)
doProjectedConfigMapE2EWithMappings(f, 0, 0, &mode) doProjectedConfigMapE2EWithMappings(f, 0, 0, &mode)
}) })
...@@ -93,8 +96,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() { ...@@ -93,8 +96,9 @@ var _ = Describe("[sig-storage] Projected configMap", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, ConfigMap, mapped, non-root user Testname: Projected Volume, ConfigMap, mapped, non-root user
Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap as non-root user with uid 1000. The ConfigMap is also mapped to a custom path. Pod MUST be able to read the content of the ConfigMap from the custom location successfully and the mode on the volume MUST be -r-—r——r—-. Description: A Pod is created with projected volume source ‘ConfigMap’ to store a configMap as non-root user with uid 1000. The ConfigMap is also mapped to a custom path. Pod MUST be able to read the content of the ConfigMap from the custom location successfully and the mode on the volume MUST be -r-—r——r—-.
This test is marked LinuxOnly since Windows does not support running as UID / GID.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with mappings as non-root [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with mappings as non-root [LinuxOnly] [NodeConformance]", func() {
doProjectedConfigMapE2EWithMappings(f, 1000, 0, nil) doProjectedConfigMapE2EWithMappings(f, 1000, 0, nil)
}) })
......
...@@ -58,8 +58,9 @@ var _ = Describe("[sig-storage] Projected downwardAPI", func() { ...@@ -58,8 +58,9 @@ var _ = Describe("[sig-storage] Projected downwardAPI", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, DownwardAPI, volume mode 0400 Testname: Projected Volume, DownwardAPI, volume mode 0400
Description: A Pod is created with a projected volume source for downwardAPI with pod name, cpu and memory limits and cpu and memory requests. The default mode for the volume mount is set to 0400. Pod MUST be able to read the pod name from the mounted DownwardAPIVolumeFiles and the volume mode must be -r—-—————. Description: A Pod is created with a projected volume source for downwardAPI with pod name, cpu and memory limits and cpu and memory requests. The default mode for the volume mount is set to 0400. Pod MUST be able to read the pod name from the mounted DownwardAPIVolumeFiles and the volume mode must be -r—-—————.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should set DefaultMode on files [NodeConformance]", func() { framework.ConformanceIt("should set DefaultMode on files [LinuxOnly] [NodeConformance]", func() {
podName := "downwardapi-volume-" + string(uuid.NewUUID()) podName := "downwardapi-volume-" + string(uuid.NewUUID())
defaultMode := int32(0400) defaultMode := int32(0400)
pod := projectedDownwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", nil, &defaultMode) pod := projectedDownwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", nil, &defaultMode)
...@@ -73,8 +74,9 @@ var _ = Describe("[sig-storage] Projected downwardAPI", func() { ...@@ -73,8 +74,9 @@ var _ = Describe("[sig-storage] Projected downwardAPI", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, DownwardAPI, volume mode 0400 Testname: Projected Volume, DownwardAPI, volume mode 0400
Description: A Pod is created with a projected volume source for downwardAPI with pod name, cpu and memory limits and cpu and memory requests. The default mode for the volume mount is set to 0400. Pod MUST be able to read the pod name from the mounted DownwardAPIVolumeFiles and the volume mode must be -r—-—————. Description: A Pod is created with a projected volume source for downwardAPI with pod name, cpu and memory limits and cpu and memory requests. The default mode for the volume mount is set to 0400. Pod MUST be able to read the pod name from the mounted DownwardAPIVolumeFiles and the volume mode must be -r—-—————.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should set mode on item file [NodeConformance]", func() { framework.ConformanceIt("should set mode on item file [LinuxOnly] [NodeConformance]", func() {
podName := "downwardapi-volume-" + string(uuid.NewUUID()) podName := "downwardapi-volume-" + string(uuid.NewUUID())
mode := int32(0400) mode := int32(0400)
pod := projectedDownwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", &mode, nil) pod := projectedDownwardAPIVolumePodForModeTest(podName, "/etc/podinfo/podname", &mode, nil)
......
...@@ -46,8 +46,9 @@ var _ = Describe("[sig-storage] Projected secret", func() { ...@@ -46,8 +46,9 @@ var _ = Describe("[sig-storage] Projected secret", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, Secrets, volume mode 0400 Testname: Projected Volume, Secrets, volume mode 0400
Description: A Pod is created with a projected volume source ‘secret’ to store a secret with a specified key with permission mode set to 0x400 on the Pod. Pod MUST be able to read the content of the key successfully and the mode MUST be -r—-—————. Description: A Pod is created with a projected volume source ‘secret’ to store a secret with a specified key with permission mode set to 0x400 on the Pod. Pod MUST be able to read the content of the key successfully and the mode MUST be -r—-—————.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [LinuxOnly] [NodeConformance]", func() {
defaultMode := int32(0400) defaultMode := int32(0400)
doProjectedSecretE2EWithoutMapping(f, &defaultMode, "projected-secret-test-"+string(uuid.NewUUID()), nil, nil) doProjectedSecretE2EWithoutMapping(f, &defaultMode, "projected-secret-test-"+string(uuid.NewUUID()), nil, nil)
}) })
...@@ -56,8 +57,9 @@ var _ = Describe("[sig-storage] Projected secret", func() { ...@@ -56,8 +57,9 @@ var _ = Describe("[sig-storage] Projected secret", func() {
Release : v1.9 Release : v1.9
Testname: Project Volume, Secrets, non-root, custom fsGroup Testname: Project Volume, Secrets, non-root, custom fsGroup
Description: A Pod is created with a projected volume source ‘secret’ to store a secret with a specified key. The volume has permission mode set to 0440, fsgroup set to 1001 and user set to non-root uid of 1000. Pod MUST be able to read the content of the key successfully and the mode MUST be -r—-r————-. Description: A Pod is created with a projected volume source ‘secret’ to store a secret with a specified key. The volume has permission mode set to 0440, fsgroup set to 1001 and user set to non-root uid of 1000. Pod MUST be able to read the content of the key successfully and the mode MUST be -r—-r————-.
This test is marked LinuxOnly since Windows does not support setting specific file permissions, or running as UID / GID.
*/ */
framework.ConformanceIt("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [LinuxOnly] [NodeConformance]", func() {
defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */ defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */
fsGroup := int64(1001) fsGroup := int64(1001)
uid := int64(1000) uid := int64(1000)
...@@ -77,8 +79,9 @@ var _ = Describe("[sig-storage] Projected secret", func() { ...@@ -77,8 +79,9 @@ var _ = Describe("[sig-storage] Projected secret", func() {
Release : v1.9 Release : v1.9
Testname: Projected Volume, Secrets, mapped, volume mode 0400 Testname: Projected Volume, Secrets, mapped, volume mode 0400
Description: A Pod is created with a projected volume source ‘secret’ to store a secret with a specified key with permission mode set to 0400. The secret is also mapped to a specific name. Pod MUST be able to read the content of the key successfully and the mode MUST be -r—-—————— on the mapped volume. Description: A Pod is created with a projected volume source ‘secret’ to store a secret with a specified key with permission mode set to 0400. The secret is also mapped to a specific name. Pod MUST be able to read the content of the key successfully and the mode MUST be -r—-—————— on the mapped volume.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with mappings and Item Mode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with mappings and Item Mode set [LinuxOnly] [NodeConformance]", func() {
mode := int32(0400) mode := int32(0400)
doProjectedSecretE2EWithMapping(f, &mode) doProjectedSecretE2EWithMapping(f, &mode)
}) })
......
...@@ -202,7 +202,8 @@ while true; do sleep 1; done ...@@ -202,7 +202,8 @@ while true; do sleep 1; done
}, },
} { } {
testCase := testCase testCase := testCase
It(fmt.Sprintf("should report termination message %s", testCase.name), func() { It(fmt.Sprintf("should report termination message %s [LinuxOnly]", testCase.name), func() {
// Cannot mount files in Windows Containers.
testCase.container.Name = "termination-message-container" testCase.container.Name = "termination-message-container"
c := ConformanceContainer{ c := ConformanceContainer{
PodClient: f.PodClient(), PodClient: f.PodClient(),
...@@ -271,13 +272,14 @@ while true; do sleep 1; done ...@@ -271,13 +272,14 @@ while true; do sleep 1; done
waiting: true, waiting: true,
}, },
{ {
description: "should be able to pull image from gcr.io", description: "should be able to pull image from gcr.io [LinuxOnly]",
image: "gcr.io/google-containers/debian-base:0.4.0", image: "gcr.io/google-containers/debian-base:0.4.0",
phase: v1.PodRunning, phase: v1.PodRunning,
waiting: false, waiting: false,
}, },
{ {
description: "should be able to pull image from docker hub", // TODO(claudiub): Remove the [LinuxOnly] tag when a Windows-friendly image is used instead of alpine.
description: "should be able to pull image from docker hub [LinuxOnly]",
image: "alpine:3.7", image: "alpine:3.7",
phase: v1.PodRunning, phase: v1.PodRunning,
waiting: false, waiting: false,
...@@ -289,7 +291,7 @@ while true; do sleep 1; done ...@@ -289,7 +291,7 @@ while true; do sleep 1; done
waiting: true, waiting: true,
}, },
{ {
description: "should be able to pull from private registry with secret", description: "should be able to pull from private registry with secret [LinuxOnly]",
image: "gcr.io/authenticated-image-pulling/alpine:3.7", image: "gcr.io/authenticated-image-pulling/alpine:3.7",
secret: true, secret: true,
phase: v1.PodRunning, phase: v1.PodRunning,
......
...@@ -46,8 +46,9 @@ var _ = Describe("[sig-storage] Secrets", func() { ...@@ -46,8 +46,9 @@ var _ = Describe("[sig-storage] Secrets", func() {
Release : v1.9 Release : v1.9
Testname: Secrets Volume, volume mode 0400 Testname: Secrets Volume, volume mode 0400
Description: Create a secret. Create a Pod with secret volume source configured into the container with file mode set to 0x400. Pod MUST be able to read the secret from the mounted volume from the container runtime and the file mode of the secret MUST be -r——--—-—- by default. Description: Create a secret. Create a Pod with secret volume source configured into the container with file mode set to 0x400. Pod MUST be able to read the secret from the mounted volume from the container runtime and the file mode of the secret MUST be -r——--—-—- by default.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with defaultMode set [LinuxOnly] [NodeConformance]", func() {
defaultMode := int32(0400) defaultMode := int32(0400)
doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()), nil, nil) doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()), nil, nil)
}) })
...@@ -56,8 +57,9 @@ var _ = Describe("[sig-storage] Secrets", func() { ...@@ -56,8 +57,9 @@ var _ = Describe("[sig-storage] Secrets", func() {
Release : v1.9 Release : v1.9
Testname: Secrets Volume, volume mode 0440, fsGroup 1001 and uid 1000 Testname: Secrets Volume, volume mode 0440, fsGroup 1001 and uid 1000
Description: Create a secret. Create a Pod with secret volume source configured into the container with file mode set to 0x440 as a non-root user with uid 1000 and fsGroup id 1001. Pod MUST be able to read the secret from the mounted volume from the container runtime and the file mode of the secret MUST be -r——r-—-—- by default. Description: Create a secret. Create a Pod with secret volume source configured into the container with file mode set to 0x440 as a non-root user with uid 1000 and fsGroup id 1001. Pod MUST be able to read the secret from the mounted volume from the container runtime and the file mode of the secret MUST be -r——r-—-—- by default.
This test is marked LinuxOnly since Windows does not support setting specific file permissions, or running as UID / GID.
*/ */
framework.ConformanceIt("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume as non-root with defaultMode and fsGroup set [LinuxOnly] [NodeConformance]", func() {
defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */ defaultMode := int32(0440) /* setting fsGroup sets mode to at least 440 */
fsGroup := int64(1001) fsGroup := int64(1001)
uid := int64(1000) uid := int64(1000)
...@@ -77,8 +79,9 @@ var _ = Describe("[sig-storage] Secrets", func() { ...@@ -77,8 +79,9 @@ var _ = Describe("[sig-storage] Secrets", func() {
Release : v1.9 Release : v1.9
Testname: Secrets Volume, mapping, volume mode 0400 Testname: Secrets Volume, mapping, volume mode 0400
Description: Create a secret. Create a Pod with secret volume source configured into the container with a custom path and file mode set to 0x400. Pod MUST be able to read the secret from the mounted volume from the specified custom path. The file mode of the secret MUST be -r-—r-—r—-. Description: Create a secret. Create a Pod with secret volume source configured into the container with a custom path and file mode set to 0x400. Pod MUST be able to read the secret from the mounted volume from the specified custom path. The file mode of the secret MUST be -r-—r-—r—-.
This test is marked LinuxOnly since Windows does not support setting specific file permissions.
*/ */
framework.ConformanceIt("should be consumable from pods in volume with mappings and Item Mode set [NodeConformance]", func() { framework.ConformanceIt("should be consumable from pods in volume with mappings and Item Mode set [LinuxOnly] [NodeConformance]", func() {
mode := int32(0400) mode := int32(0400)
doSecretE2EWithMapping(f, &mode) doSecretE2EWithMapping(f, &mode)
}) })
......
...@@ -73,8 +73,9 @@ var _ = framework.KubeDescribe("Security Context", func() { ...@@ -73,8 +73,9 @@ var _ = framework.KubeDescribe("Security Context", func() {
Testname: Security Context: runAsUser (id:65534) Testname: Security Context: runAsUser (id:65534)
Description: Container created with runAsUser option, passing an id (id:65534) uses that Description: Container created with runAsUser option, passing an id (id:65534) uses that
given id when running the container. given id when running the container.
This test is marked LinuxOnly since Windows does not support running as UID / GID.
*/ */
It("should run the container with uid 65534 [NodeConformance]", func() { It("should run the container with uid 65534 [LinuxOnly] [NodeConformance]", func() {
createAndWaitUserPod(65534) createAndWaitUserPod(65534)
}) })
...@@ -83,8 +84,9 @@ var _ = framework.KubeDescribe("Security Context", func() { ...@@ -83,8 +84,9 @@ var _ = framework.KubeDescribe("Security Context", func() {
Testname: Security Context: runAsUser (id:0) Testname: Security Context: runAsUser (id:0)
Description: Container created with runAsUser option, passing an id (id:0) uses that Description: Container created with runAsUser option, passing an id (id:0) uses that
given id when running the container. given id when running the container.
This test is marked LinuxOnly since Windows does not support running as UID / GID.
*/ */
It("should run the container with uid 0 [NodeConformance]", func() { It("should run the container with uid 0 [LinuxOnly] [NodeConformance]", func() {
createAndWaitUserPod(0) createAndWaitUserPod(0)
}) })
}) })
...@@ -131,8 +133,9 @@ var _ = framework.KubeDescribe("Security Context", func() { ...@@ -131,8 +133,9 @@ var _ = framework.KubeDescribe("Security Context", func() {
Release : v1.12 Release : v1.12
Testname: Security Context: readOnlyRootFilesystem=true. Testname: Security Context: readOnlyRootFilesystem=true.
Description: when a container has configured readOnlyRootFilesystem to true, write operations are not allowed. Description: when a container has configured readOnlyRootFilesystem to true, write operations are not allowed.
This test is marked LinuxOnly since Windows does not support creating containers with read-only access.
*/ */
It("should run the container with readonly rootfs when readOnlyRootFilesystem=true [NodeConformance]", func() { It("should run the container with readonly rootfs when readOnlyRootFilesystem=true [LinuxOnly] [NodeConformance]", func() {
createAndWaitUserPod(true) createAndWaitUserPod(true)
}) })
...@@ -178,7 +181,8 @@ var _ = framework.KubeDescribe("Security Context", func() { ...@@ -178,7 +181,8 @@ var _ = framework.KubeDescribe("Security Context", func() {
return podName return podName
} }
It("should run the container as unprivileged when false [NodeConformance]", func() { It("should run the container as unprivileged when false [LinuxOnly] [NodeConformance]", func() {
// This test is marked LinuxOnly since it runs a Linux-specific command, and Windows does not support Windows escalation.
podName := createAndWaitUserPod(false) podName := createAndWaitUserPod(false)
logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName) logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, podName, podName)
if err != nil { if err != nil {
...@@ -227,8 +231,9 @@ var _ = framework.KubeDescribe("Security Context", func() { ...@@ -227,8 +231,9 @@ var _ = framework.KubeDescribe("Security Context", func() {
Description: Configuring the allowPrivilegeEscalation unset, allows the privilege escalation operation. Description: Configuring the allowPrivilegeEscalation unset, allows the privilege escalation operation.
A container is configured with allowPrivilegeEscalation not specified (nil) and a given uid which is not 0. A container is configured with allowPrivilegeEscalation not specified (nil) and a given uid which is not 0.
When the container is run, the container is run using uid=0. When the container is run, the container is run using uid=0.
This test is marked LinuxOnly since Windows does not support running as UID / GID, or privilege escalation.
*/ */
It("should allow privilege escalation when not explicitly set and uid != 0 [NodeConformance]", func() { It("should allow privilege escalation when not explicitly set and uid != 0 [LinuxOnly] [NodeConformance]", func() {
podName := "alpine-nnp-nil-" + string(uuid.NewUUID()) podName := "alpine-nnp-nil-" + string(uuid.NewUUID())
if err := createAndMatchOutput(podName, "Effective uid: 0", nil, 1000); err != nil { if err := createAndMatchOutput(podName, "Effective uid: 0", nil, 1000); err != nil {
framework.Failf("Match output for pod %q failed: %v", podName, err) framework.Failf("Match output for pod %q failed: %v", podName, err)
...@@ -240,8 +245,9 @@ var _ = framework.KubeDescribe("Security Context", func() { ...@@ -240,8 +245,9 @@ var _ = framework.KubeDescribe("Security Context", func() {
Description: Configuring the allowPrivilegeEscalation to false, does not allow the privilege escalation operation. Description: Configuring the allowPrivilegeEscalation to false, does not allow the privilege escalation operation.
A container is configured with allowPrivilegeEscalation=false and a given uid (1000) which is not 0. A container is configured with allowPrivilegeEscalation=false and a given uid (1000) which is not 0.
When the container is run, the container is run using uid=1000. When the container is run, the container is run using uid=1000.
This test is marked LinuxOnly since Windows does not support running as UID / GID, or privilege escalation.
*/ */
It("should not allow privilege escalation when false [NodeConformance]", func() { It("should not allow privilege escalation when false [LinuxOnly] [NodeConformance]", func() {
podName := "alpine-nnp-false-" + string(uuid.NewUUID()) podName := "alpine-nnp-false-" + string(uuid.NewUUID())
apeFalse := false apeFalse := false
if err := createAndMatchOutput(podName, "Effective uid: 1000", &apeFalse, 1000); err != nil { if err := createAndMatchOutput(podName, "Effective uid: 1000", &apeFalse, 1000); err != nil {
...@@ -254,8 +260,9 @@ var _ = framework.KubeDescribe("Security Context", func() { ...@@ -254,8 +260,9 @@ var _ = framework.KubeDescribe("Security Context", func() {
Description: Configuring the allowPrivilegeEscalation to true, allows the privilege escalation operation. Description: Configuring the allowPrivilegeEscalation to true, allows the privilege escalation operation.
A container is configured with allowPrivilegeEscalation=true and a given uid (1000) which is not 0. A container is configured with allowPrivilegeEscalation=true and a given uid (1000) which is not 0.
When the container is run, the container is run using uid=0 (making use of the privilege escalation). When the container is run, the container is run using uid=0 (making use of the privilege escalation).
This test is marked LinuxOnly since Windows does not support running as UID / GID.
*/ */
It("should allow privilege escalation when true [NodeConformance]", func() { It("should allow privilege escalation when true [LinuxOnly] [NodeConformance]", func() {
podName := "alpine-nnp-true-" + string(uuid.NewUUID()) podName := "alpine-nnp-true-" + string(uuid.NewUUID())
apeTrue := true apeTrue := true
if err := createAndMatchOutput(podName, "Effective uid: 0", &apeTrue, 1000); err != nil { if err := createAndMatchOutput(podName, "Effective uid: 0", &apeTrue, 1000); err != nil {
......
...@@ -55,8 +55,9 @@ var _ = utils.SIGDescribe("Subpath", func() { ...@@ -55,8 +55,9 @@ var _ = utils.SIGDescribe("Subpath", func() {
Release : v1.12 Release : v1.12
Testname: SubPath: Reading content from a secret volume. Testname: SubPath: Reading content from a secret volume.
Description: Containers in a pod can read content from a secret mounted volume which was configured with a subpath. Description: Containers in a pod can read content from a secret mounted volume which was configured with a subpath.
This test is marked LinuxOnly since Windows cannot mount individual files in Containers.
*/ */
framework.ConformanceIt("should support subpaths with secret pod", func() { framework.ConformanceIt("should support subpaths with secret pod [LinuxOnly]", func() {
pod := testsuites.SubpathTestPod(f, "secret-key", "secret", &v1.VolumeSource{Secret: &v1.SecretVolumeSource{SecretName: "my-secret"}}, privilegedSecurityContext) pod := testsuites.SubpathTestPod(f, "secret-key", "secret", &v1.VolumeSource{Secret: &v1.SecretVolumeSource{SecretName: "my-secret"}}, privilegedSecurityContext)
testsuites.TestBasicSubpath(f, "secret-value", pod) testsuites.TestBasicSubpath(f, "secret-value", pod)
}) })
...@@ -65,8 +66,9 @@ var _ = utils.SIGDescribe("Subpath", func() { ...@@ -65,8 +66,9 @@ var _ = utils.SIGDescribe("Subpath", func() {
Release : v1.12 Release : v1.12
Testname: SubPath: Reading content from a configmap volume. Testname: SubPath: Reading content from a configmap volume.
Description: Containers in a pod can read content from a configmap mounted volume which was configured with a subpath. Description: Containers in a pod can read content from a configmap mounted volume which was configured with a subpath.
This test is marked LinuxOnly since Windows cannot mount individual files in Containers.
*/ */
framework.ConformanceIt("should support subpaths with configmap pod", func() { framework.ConformanceIt("should support subpaths with configmap pod [LinuxOnly]", func() {
pod := testsuites.SubpathTestPod(f, "configmap-key", "configmap", &v1.VolumeSource{ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: "my-configmap"}}}, privilegedSecurityContext) pod := testsuites.SubpathTestPod(f, "configmap-key", "configmap", &v1.VolumeSource{ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: "my-configmap"}}}, privilegedSecurityContext)
testsuites.TestBasicSubpath(f, "configmap-value", pod) testsuites.TestBasicSubpath(f, "configmap-value", pod)
}) })
...@@ -75,8 +77,9 @@ var _ = utils.SIGDescribe("Subpath", func() { ...@@ -75,8 +77,9 @@ var _ = utils.SIGDescribe("Subpath", func() {
Release : v1.12 Release : v1.12
Testname: SubPath: Reading content from a configmap volume. Testname: SubPath: Reading content from a configmap volume.
Description: Containers in a pod can read content from a configmap mounted volume which was configured with a subpath and also using a mountpath that is a specific file. Description: Containers in a pod can read content from a configmap mounted volume which was configured with a subpath and also using a mountpath that is a specific file.
This test is marked LinuxOnly since Windows cannot mount individual files in Containers.
*/ */
framework.ConformanceIt("should support subpaths with configmap pod with mountPath of existing file", func() { framework.ConformanceIt("should support subpaths with configmap pod with mountPath of existing file [LinuxOnly]", func() {
pod := testsuites.SubpathTestPod(f, "configmap-key", "configmap", &v1.VolumeSource{ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: "my-configmap"}}}, privilegedSecurityContext) pod := testsuites.SubpathTestPod(f, "configmap-key", "configmap", &v1.VolumeSource{ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: "my-configmap"}}}, privilegedSecurityContext)
file := "/etc/resolv.conf" file := "/etc/resolv.conf"
pod.Spec.Containers[0].VolumeMounts[0].MountPath = file pod.Spec.Containers[0].VolumeMounts[0].MountPath = file
...@@ -87,8 +90,9 @@ var _ = utils.SIGDescribe("Subpath", func() { ...@@ -87,8 +90,9 @@ var _ = utils.SIGDescribe("Subpath", func() {
Release : v1.12 Release : v1.12
Testname: SubPath: Reading content from a downwardAPI volume. Testname: SubPath: Reading content from a downwardAPI volume.
Description: Containers in a pod can read content from a downwardAPI mounted volume which was configured with a subpath. Description: Containers in a pod can read content from a downwardAPI mounted volume which was configured with a subpath.
This test is marked LinuxOnly since Windows cannot mount individual files in Containers.
*/ */
framework.ConformanceIt("should support subpaths with downward pod", func() { framework.ConformanceIt("should support subpaths with downward pod [LinuxOnly]", func() {
pod := testsuites.SubpathTestPod(f, "downward/podname", "downwardAPI", &v1.VolumeSource{ pod := testsuites.SubpathTestPod(f, "downward/podname", "downwardAPI", &v1.VolumeSource{
DownwardAPI: &v1.DownwardAPIVolumeSource{ DownwardAPI: &v1.DownwardAPIVolumeSource{
Items: []v1.DownwardAPIVolumeFile{{Path: "downward/podname", FieldRef: &v1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "metadata.name"}}}, Items: []v1.DownwardAPIVolumeFile{{Path: "downward/podname", FieldRef: &v1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "metadata.name"}}},
...@@ -101,8 +105,9 @@ var _ = utils.SIGDescribe("Subpath", func() { ...@@ -101,8 +105,9 @@ var _ = utils.SIGDescribe("Subpath", func() {
Release : v1.12 Release : v1.12
Testname: SubPath: Reading content from a projected volume. Testname: SubPath: Reading content from a projected volume.
Description: Containers in a pod can read content from a projected mounted volume which was configured with a subpath. Description: Containers in a pod can read content from a projected mounted volume which was configured with a subpath.
This test is marked LinuxOnly since Windows cannot mount individual files in Containers.
*/ */
framework.ConformanceIt("should support subpaths with projected pod", func() { framework.ConformanceIt("should support subpaths with projected pod [LinuxOnly]", func() {
pod := testsuites.SubpathTestPod(f, "projected/configmap-key", "projected", &v1.VolumeSource{ pod := testsuites.SubpathTestPod(f, "projected/configmap-key", "projected", &v1.VolumeSource{
Projected: &v1.ProjectedVolumeSource{ Projected: &v1.ProjectedVolumeSource{
Sources: []v1.VolumeProjection{ Sources: []v1.VolumeProjection{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment