// Start a client pod using given VolumeSource (exported by startVolumeServer()) // and check that the pod sees the data from the server pod. func testVolumeClient(f *framework.Framework, config VolumeTestConfig, volume v1.VolumeSource, fsGroup *int64, expectedContent string) { By(fmt.Sprint("starting ", config.prefix, " client")) clientPod := &v1.Pod{ TypeMeta: metav1.TypeMeta{ Kind: "Pod", APIVersion: "v1", }, ObjectMeta: metav1.ObjectMeta{ Name: config.prefix + "-client", Labels: map[string]string{ "role": config.prefix + "-client", }, }, Spec: v1.PodSpec{ Containers: []v1.Container{ { Name: config.prefix + "-client", Image: "gcr.io/google_containers/busybox:1.24", WorkingDir: "/opt", // An imperative and easily debuggable container which reads vol contents for // us to scan in the tests or by eye. // We expect that /opt is empty in the minimal containers which we use in this test. Command: []string{ "/bin/sh", "-c", "while true ; do cat /opt/index.html ; sleep 2 ; ls -altrh /opt/ ; sleep 2 ; done ", }, VolumeMounts: []v1.VolumeMount{ { Name: config.prefix + "-volume", MountPath: "/opt/", }, }, }, }, SecurityContext: &v1.PodSecurityContext{ SELinuxOptions: &v1.SELinuxOptions{ Level: "s0:c0,c1", }, }, Volumes: []v1.Volume{ { Name: config.prefix + "-volume", VolumeSource: volume, }, }, }, } podClient := f.PodClient() if fsGroup != nil { clientPod.Spec.SecurityContext.FSGroup = fsGroup } clientPod = podClient.CreateSync(clientPod) By("Checking that text file contents are perfect.") result := f.ExecCommandInPod(clientPod.Name, "cat", "/opt/index.html") var err error if !strings.Contains(result, expectedContent) { err = fmt.Errorf("Failed to find \"%s\", last result: \"%s\"", expectedContent, result) } Expect(err).NotTo(HaveOccurred(), "failed: finding the contents of the mounted file.") if fsGroup != nil { By("Checking fsGroup is correct.") _, err := framework.LookForStringInPodExec(config.namespace, clientPod.Name, []string{"ls", "-ld", "/opt"}, strconv.Itoa(int(*fsGroup)), time.Minute) Expect(err).NotTo(HaveOccurred(), "failed: getting the right priviliges in the file %v", int(*fsGroup)) } }
// Start a client pod using given VolumeSource (exported by startVolumeServer()) // and check that the pod sees the data from the server pod. func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api.VolumeSource, fsGroup *int64, expectedContent string) { By(fmt.Sprint("starting ", config.prefix, " client")) clientPod := &api.Pod{ TypeMeta: unversioned.TypeMeta{ Kind: "Pod", APIVersion: "v1", }, ObjectMeta: api.ObjectMeta{ Name: config.prefix + "-client", Labels: map[string]string{ "role": config.prefix + "-client", }, }, Spec: api.PodSpec{ Containers: []api.Container{ { Name: config.prefix + "-client", Image: "gcr.io/google_containers/busybox:1.24", WorkingDir: "/opt", // An imperative and easily debuggable container which reads vol contents for // us to scan in the tests or by eye. // We expect that /opt is empty in the minimal containers which we use in this test. Command: []string{ "/bin/sh", "-c", "while true ; do cat /opt/index.html ; sleep 2 ; ls -altrh /opt/ ; sleep 2 ; done ", }, VolumeMounts: []api.VolumeMount{ { Name: config.prefix + "-volume", MountPath: "/opt/", }, }, }, }, SecurityContext: &api.PodSecurityContext{ SELinuxOptions: &api.SELinuxOptions{ Level: "s0:c0,c1", }, }, Volumes: []api.Volume{ { Name: config.prefix + "-volume", VolumeSource: volume, }, }, }, } podsNamespacer := client.Pods(config.namespace) if fsGroup != nil { clientPod.Spec.SecurityContext.FSGroup = fsGroup } clientPod, err := podsNamespacer.Create(clientPod) if err != nil { framework.Failf("Failed to create %s pod: %v", clientPod.Name, err) } framework.ExpectNoError(framework.WaitForPodRunningInNamespace(client, clientPod)) By("Checking that text file contents are perfect.") _, err = framework.LookForStringInPodExec(config.namespace, clientPod.Name, []string{"cat", "/opt/index.html"}, expectedContent, time.Minute) Expect(err).NotTo(HaveOccurred(), "failed: finding the contents of the mounted file.") if fsGroup != nil { By("Checking fsGroup is correct.") _, err = framework.LookForStringInPodExec(config.namespace, clientPod.Name, []string{"ls", "-ld", "/opt"}, strconv.Itoa(int(*fsGroup)), time.Minute) Expect(err).NotTo(HaveOccurred(), "failed: getting the right priviliges in the file %v", int(*fsGroup)) } }
// the name is already resolvable. So let's try to query DNS from // the pod we have, until we find our service name. // This complicated code may be removed if the pod itself retried after // dns error or timeout. // This code is probably unnecessary, but let's stay on the safe side. label := labels.SelectorFromSet(labels.Set(map[string]string{"name": backendPodName})) options := api.ListOptions{LabelSelector: label} pods, err := c.Pods(namespaces[0].Name).List(options) if err != nil || pods == nil || len(pods.Items) == 0 { framework.Failf("no running pods found") } podName := pods.Items[0].Name queryDns := fmt.Sprintf(queryDnsPythonTemplate, backendSvcName+"."+namespaces[0].Name) _, err = framework.LookForStringInPodExec(namespaces[0].Name, podName, []string{"python", "-c", queryDns}, "ok", dnsReadyTimeout) Expect(err).NotTo(HaveOccurred(), "waiting for output from pod exec") updatedPodYaml := prepareResourceWithReplacedString(frontendPodYaml, "dns-backend.development.cluster.local", fmt.Sprintf("dns-backend.%s.svc.cluster.local", namespaces[0].Name)) // create a pod in each namespace for _, ns := range namespaces { framework.NewKubectlCommand("create", "-f", "-", getNsCmdFlag(ns)).WithStdinData(updatedPodYaml).ExecOrDie() } // wait until the pods have been scheduler, i.e. are not Pending anymore. Remember // that we cannot wait for the pods to be running because our pods terminate by themselves. for _, ns := range namespaces { err := framework.WaitForPodNotPending(c, ns.Name, frontendPodName) framework.ExpectNoError(err) }