package networking
import (
"k8s.io/kubernetes/pkg/fields"
"k8s.io/kubernetes/pkg/labels"
"k8s.io/kubernetes/test/e2e"
. "github.com/onsi/ginkgo"
)
var _ = Describe("networking: sanity", func() {
svcname := "net-sanity"
timeout := 10
f := e2e.NewFramework(svcname)
It("should function for pod communication on a single node", func() {
By("Picking a node")
nodes, err := f.Client.Nodes().List(labels.Everything(), fields.Everything())
if err != nil {
e2e.Failf("Failed to list nodes: %v", err)
}
node := nodes.Items[0]
By("Creating a webserver pod")
podName := "same-node-webserver"
defer f.Client.Pods(f.Namespace.Name).Delete(podName, nil)
ip := launchWebserverPod(f, podName, node.Name)
By("Checking that the webserver is accessible from a pod on the same node")
"github.com/fsouza/go-dockerclient"
g "github.com/onsi/ginkgo"
o "github.com/onsi/gomega"
kapi "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/test/e2e"
testutil "github.com/openshift/origin/test/util"
)
var _ = g.Describe("security: supplemental groups", func() {
defer g.GinkgoRecover()
var (
f = e2e.NewFramework("security-supgroups")
)
g.Describe("Ensure supplemental groups propagate to docker", func() {
g.It("should propagate requested groups to the docker host config", func() {
// Before running any of this test we need to first check that
// the docker version being used supports the supplemental groups feature
g.By("ensuring the feature is supported")
dockerCli, err := testutil.NewDockerClient()
o.Expect(err).NotTo(o.HaveOccurred())
env, err := dockerCli.Version()
o.Expect(err).NotTo(o.HaveOccurred(), "error getting docker environment")
version := env.Get("Version")
supports, err, requiredVersion := supportsSupplementalGroups(version)
package networking
import (
"k8s.io/kubernetes/test/e2e"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
// This test requires a network plugin that supports namespace isolation.
// NOTE: if you change the test description, update networking.sh too!
var _ = Describe("[networking] network isolation plugin", func() {
f1 := e2e.NewFramework("net-isolation1")
f2 := e2e.NewFramework("net-isolation2")
It("should prevent communication between pods in different namespaces", func() {
By("Picking multiple nodes")
nodes := getMultipleNodes(f1)
node1 := nodes.Items[0]
node2 := nodes.Items[1]
By("Running a webserver in one namespace")
podName := "isolation-webserver"
defer f1.Client.Pods(f1.Namespace.Name).Delete(podName, nil)
ip := launchWebserverPod(f1, podName, node1.Name)
By("Checking that the webserver is not accessible from a pod in a different namespace on the same node")
err := checkConnectivityToHost(f2, node1.Name, "isolation-same-node-wget", ip, 10)
Expect(err).To(HaveOccurred())
By("Checking that the webserver is not accessible from a pod in a different namespace on a different node")