Merge pull request kata-containers#7132 from sprt/aks-volume-tests

tests: Add `k8s-volume` and `k8s-file-volume` tests to GHA CI
bookinabox · Jul 28, 2023 · e8f8641 · e8f8641
2 parents 68b9acf + 6222bd9
commit e8f8641
Show file tree

Hide file tree

Showing 7 changed files with 190 additions and 0 deletions.
diff --git a/tests/integration/kubernetes/k8s-file-volume.bats b/tests/integration/kubernetes/k8s-file-volume.bats
@@ -0,0 +1,47 @@
+#!/usr/bin/env bats
+#
+# Copyright (c) 2022 Ant Group
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+load "${BATS_TEST_DIRNAME}/../../common.bash"
+load "${BATS_TEST_DIRNAME}/tests_common.sh"
+TEST_INITRD="${TEST_INITRD:-no}"
+
+setup() {
+	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
+	pod_name="test-file-volume"
+	container_name="busybox-file-volume-container"
+	tmp_file=$(exec_host mktemp /tmp/file-volume-test-foo.XXXXX)
+	mount_path="/tmp/foo.txt"
+	file_body="test"
+	get_pod_config_dir
+}
+
+@test "Test readonly volume for pods" {
+	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
+	# Write test body to temp file
+	exec_host "echo "$file_body" > $tmp_file"
+
+	# Create test yaml
+	sed -e "s|HOST_FILE|$tmp_file|" ${pod_config_dir}/pod-file-volume.yaml > ${pod_config_dir}/test-pod-file-volume.yaml
+	sed -i "s|MOUNT_PATH|$mount_path|" ${pod_config_dir}/test-pod-file-volume.yaml
+
+	# Create pod
+	kubectl create -f "${pod_config_dir}/test-pod-file-volume.yaml"
+
+	# Check pod creation
+	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
+
+	# Validate file volume body inside the pod
+	file_in_container=$(kubectl exec $pod_name -- cat $mount_path)
+	[ "$file_body" == "$file_in_container" ]
+}
+
+teardown() {
+	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
+	kubectl delete pod "$pod_name"
+	exec_host rm -f $tmp_file
+	rm -f ${pod_config_dir}/test-pod-file-volume.yaml.yaml
+}
diff --git a/tests/integration/kubernetes/k8s-volume.bats b/tests/integration/kubernetes/k8s-volume.bats
@@ -0,0 +1,67 @@
+#!/usr/bin/env bats
+#
+# Copyright (c) 2018 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+load "${BATS_TEST_DIRNAME}/../../common.bash"
+load "${BATS_TEST_DIRNAME}/tests_common.sh"
+TEST_INITRD="${TEST_INITRD:-no}"
+
+setup() {
+	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
+
+	get_pod_config_dir
+
+	tmp_file=$(exec_host mktemp -d /tmp/data.XXXX)
+	pod_yaml=$(mktemp --tmpdir pod_config.XXXXXX.yaml)
+	msg="Hello from Kubernetes"
+	exec_host "echo $msg > $tmp_file/index.html"
+	pod_name="pv-pod"
+	# Define temporary file at yaml
+	sed -e "s|tmp_data|${tmp_file}|g" ${pod_config_dir}/pv-volume.yaml > "$pod_yaml"
+}
+
+@test "Create Persistent Volume" {
+	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
+
+	volume_name="pv-volume"
+	volume_claim="pv-claim"
+
+	# Create the persistent volume
+	kubectl create -f "$pod_yaml"
+
+	# Check the persistent volume is Available
+	cmd="kubectl get pv $volume_name | grep Available"
+	waitForProcess "$wait_time" "$sleep_time" "$cmd"
+
+	# Create the persistent volume claim
+	kubectl create -f "${pod_config_dir}/volume-claim.yaml"
+
+	# Check the persistent volume claim is Bound.
+	cmd="kubectl get pvc $volume_claim | grep Bound"
+	waitForProcess "$wait_time" "$sleep_time" "$cmd"
+
+	# Create pod
+	kubectl create -f "${pod_config_dir}/pv-pod.yaml"
+
+	# Check pod creation
+	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
+
+	cmd="cat /mnt/index.html"
+	kubectl exec $pod_name -- sh -c "$cmd" | grep "$msg"
+}
+
+teardown() {
+	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
+
+	# Debugging information
+	kubectl describe "pod/$pod_name"
+
+	kubectl delete pod "$pod_name"
+	kubectl delete pvc "$volume_claim"
+	kubectl delete pv "$volume_name"
+	rm -f "$pod_yaml"
+	exec_host rm -rf "$tmp_file"
+}
diff --git a/tests/integration/kubernetes/run_kubernetes_tests.sh b/tests/integration/kubernetes/run_kubernetes_tests.sh
@@ -28,6 +28,7 @@ else
 		"k8s-empty-dirs.bats" \
 		"k8s-env.bats" \
 		"k8s-exec.bats" \
+		"k8s-file-volume.bats" \
 		"k8s-inotify.bats" \
 		"k8s-job.bats" \
 		"k8s-kill-all-process-in-container.bats" \
@@ -51,6 +52,7 @@ else
 		"k8s-sysctls.bats" \
 		"k8s-security-context.bats" \
 		"k8s-shared-volume.bats" \
+		"k8s-volume.bats" \
 		"k8s-nginx-connectivity.bats" \
 	)
 fi

diff --git a/tests/integration/kubernetes/runtimeclass_workloads/pv-pod.yaml b/tests/integration/kubernetes/runtimeclass_workloads/pv-pod.yaml
@@ -0,0 +1,26 @@
+#
+# Copyright (c) 2018 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+kind: Pod
+apiVersion: v1
+metadata:
+  name: pv-pod
+spec:
+  terminationGracePeriodSeconds: 0
+  runtimeClassName: kata
+  volumes:
+    - name: pv-storage
+      persistentVolumeClaim:
+       claimName: pv-claim
+  containers:
+    - name: pv-container
+      image: quay.io/prometheus/busybox:latest
+      ports:
+      command:
+        - sleep
+        - "120"
+      volumeMounts:
+        - mountPath: "/mnt/"
+          name: pv-storage
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/pv-volume.yaml b/tests/integration/kubernetes/runtimeclass_workloads/pv-volume.yaml
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2018 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "tmp_data"
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/volume-claim.yaml b/tests/integration/kubernetes/runtimeclass_workloads/volume-claim.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2018 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh
@@ -37,3 +37,16 @@ get_pod_config_dir() {
 	pod_config_dir="${BATS_TEST_DIRNAME}/runtimeclass_workloads_work"
 	info "k8s configured to use runtimeclass"
 }
+
+# Runs a command in the host filesystem.
+exec_host() {
+	node="$(kubectl get node -o name)"
+	# `kubectl debug` always returns 0, so we hack it to return the right exit code.
+	command="$@"
+	command+='; echo -en \\n$?'
+	output="$(kubectl debug -qit "${node}" --image=alpine:latest -- chroot /host bash -c "${command}")"
+	kubectl get pods -o name | grep node-debugger | xargs kubectl delete > /dev/null
+	exit_code="$(echo "${output}" | tail -1)"
+	echo "$(echo "${output}" | head -n -1)"
+	return ${exit_code}
+}