Ejemplo n.º 1
0
package networking

import (
	"k8s.io/kubernetes/pkg/fields"
	"k8s.io/kubernetes/pkg/labels"
	"k8s.io/kubernetes/test/e2e"

	. "github.com/onsi/ginkgo"
)

var _ = Describe("networking: sanity", func() {
	svcname := "net-sanity"
	timeout := 10

	f := e2e.NewFramework(svcname)

	It("should function for pod communication on a single node", func() {

		By("Picking a node")
		nodes, err := f.Client.Nodes().List(labels.Everything(), fields.Everything())
		if err != nil {
			e2e.Failf("Failed to list nodes: %v", err)
		}
		node := nodes.Items[0]

		By("Creating a webserver pod")
		podName := "same-node-webserver"
		defer f.Client.Pods(f.Namespace.Name).Delete(podName, nil)
		ip := launchWebserverPod(f, podName, node.Name)

		By("Checking that the webserver is accessible from a pod on the same node")
Ejemplo n.º 2
0
	"github.com/fsouza/go-dockerclient"
	g "github.com/onsi/ginkgo"
	o "github.com/onsi/gomega"

	kapi "k8s.io/kubernetes/pkg/api"
	"k8s.io/kubernetes/test/e2e"

	testutil "github.com/openshift/origin/test/util"
)

var _ = g.Describe("security: supplemental groups", func() {
	defer g.GinkgoRecover()

	var (
		f = e2e.NewFramework("security-supgroups")
	)

	g.Describe("Ensure supplemental groups propagate to docker", func() {
		g.It("should propagate requested groups to the docker host config", func() {
			// Before running any of this test we need to first check that
			// the docker version being used supports the supplemental groups feature
			g.By("ensuring the feature is supported")
			dockerCli, err := testutil.NewDockerClient()
			o.Expect(err).NotTo(o.HaveOccurred())

			env, err := dockerCli.Version()
			o.Expect(err).NotTo(o.HaveOccurred(), "error getting docker environment")
			version := env.Get("Version")
			supports, err, requiredVersion := supportsSupplementalGroups(version)
Ejemplo n.º 3
0
package networking

import (
	"k8s.io/kubernetes/test/e2e"

	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

// This test requires a network plugin that supports namespace isolation.
// NOTE: if you change the test description, update networking.sh too!
var _ = Describe("[networking] network isolation plugin", func() {
	f1 := e2e.NewFramework("net-isolation1")
	f2 := e2e.NewFramework("net-isolation2")

	It("should prevent communication between pods in different namespaces", func() {
		By("Picking multiple nodes")
		nodes := getMultipleNodes(f1)
		node1 := nodes.Items[0]
		node2 := nodes.Items[1]

		By("Running a webserver in one namespace")
		podName := "isolation-webserver"
		defer f1.Client.Pods(f1.Namespace.Name).Delete(podName, nil)
		ip := launchWebserverPod(f1, podName, node1.Name)

		By("Checking that the webserver is not accessible from a pod in a different namespace on the same node")
		err := checkConnectivityToHost(f2, node1.Name, "isolation-same-node-wget", ip, 10)
		Expect(err).To(HaveOccurred())

		By("Checking that the webserver is not accessible from a pod in a different namespace on a different node")