Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 2ecccae4ff62b687ec5e218349fcf8a42069dfc9^! / . / metropolis / test / e2e / suites / kubernetes / run_test.go
commit2ecccae4ff62b687ec5e218349fcf8a42069dfc9[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Wed Nov 27 22:03:35 2024 +0100
committerLorenz Brun <lorenz@monogon.tech>Mon Dec 02 16:50:54 2024 +0000
treec5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610
parentd58edf4e2f745427d69ecc72bfe9a9ead69d697d [diff] [blame]
m/node: enable user namespaces in K8s

This enables the two feature gates for user namespace support in K8s.
We did not previously have a passwd file which caused Go's UserLookup
to fail with an unexpected error. Add an mostly-empty placeholder file
to placate it.

Change-Id: I71a7a6dc889a289512075a25b7e551f2cd65ffb6
Reviewed-on: https://review.monogon.dev/c/monogon/+/3665
Reviewed-by: Tim Windelschmidt <tim@monogon.tech>
Tested-by: Jenkins CI

diff --git a/metropolis/test/e2e/suites/kubernetes/run_test.go b/metropolis/test/e2e/suites/kubernetes/run_test.go
index baaa235..18239e0 100644
--- a/metropolis/test/e2e/suites/kubernetes/run_test.go
+++ b/metropolis/test/e2e/suites/kubernetes/run_test.go

@@ -23,6 +23,7 @@
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	podv1 "k8s.io/kubernetes/pkg/api/v1/pod"
+	"k8s.io/utils/ptr"
 
 	common "source.monogon.dev/metropolis/node"
 	apb "source.monogon.dev/metropolis/proto/api"
@@ -400,6 +401,32 @@
 			return fmt.Errorf("pod is not ready: %v, log:\n  %s", pod.Status.Phase, strings.Join(lines, "\n  "))
 		})
 	}
+	util.TestEventual(t, "Deployment in user namespace", ctx, largeTestTimeout, func(ctx context.Context) error {
+		deployment := makeTestDeploymentSpec("test-userns-1")
+		deployment.Spec.Template.Spec.HostUsers = ptr.To(false)
+		deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.HTTPGet.Path = "/ready_userns"
+		_, err := clientSet.AppsV1().Deployments("default").Create(ctx, deployment, metav1.CreateOptions{})
+		return err
+	})
+	util.TestEventual(t, "Deployment in user namespace is running", ctx, largeTestTimeout, func(ctx context.Context) error {
+		res, err := clientSet.CoreV1().Pods("default").List(ctx, metav1.ListOptions{LabelSelector: "name=test-userns-1"})
+		if err != nil {
+			return err
+		}
+		if len(res.Items) == 0 {
+			return errors.New("pod didn't get created")
+		}
+		pod := res.Items[0]
+		if podv1.IsPodAvailable(&pod, 1, metav1.NewTime(time.Now())) {
+			return nil
+		}
+		events, err := clientSet.CoreV1().Events("default").List(ctx, metav1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.name=%s,involvedObject.namespace=default", pod.Name)})
+		if err != nil || len(events.Items) == 0 {
+			return fmt.Errorf("pod is not ready: %v", pod.Status.Phase)
+		} else {
+			return fmt.Errorf("pod is not ready: %v", events.Items[0].Message)
+		}
+	})
 	util.TestEventual(t, "In-cluster self-test job", ctx, smallTestTimeout, func(ctx context.Context) error {
 		_, err := clientSet.BatchV1().Jobs("default").Create(ctx, makeSelftestSpec("selftest"), metav1.CreateOptions{})
 		return err