diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-09-08 16:23:37 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-09-08 22:08:50 +0200 |
| commit | ad63aa20db09b3d4b8f9d5312a0022e50c417341 (patch) | |
| tree | aa06c5cba5e0293661bbf4f1fa124b20a35ae47f /test/e2e | |
| parent | 6d8bafe57a65970ead17a83cb1983629b3a2aedb (diff) | |
| download | podman-ad63aa20db09b3d4b8f9d5312a0022e50c417341.tar.gz podman-ad63aa20db09b3d4b8f9d5312a0022e50c417341.tar.bz2 podman-ad63aa20db09b3d4b8f9d5312a0022e50c417341.zip | |
kube: plug HostUsers in the pod spec
map HostUsers=false to userns=auto.
One difference with the current implementation in the Kubelet is that
the podman default size is 1024 while the Kubelet uses 65536.
This is done on purpose, because 65536 is a problem for rootless as
the entire IDs space would be allocated to a single pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test/e2e')
| -rw-r--r-- | test/e2e/play_kube_test.go | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index d1eb960cd..baa74cb51 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -380,6 +380,9 @@ spec: restartPolicy: {{ .RestartPolicy }} hostname: {{ .Hostname }} hostNetwork: {{ .HostNetwork }} +{{ if .HostUsers }} + hostUsers: {{ .HostUsers }} +{{ end }} hostAliases: {{ range .HostAliases }} - hostnames: @@ -844,6 +847,7 @@ type Pod struct { RestartPolicy string Hostname string HostNetwork bool + HostUsers *bool HostAliases []HostAlias Ctrs []*Ctr InitCtrs []*Ctr @@ -968,6 +972,12 @@ func withHostNetwork() podOption { } } +func withHostUsers(val bool) podOption { + return func(pod *Pod) { + pod.HostUsers = &val + } +} + // Deployment describes the options a kube yaml can be configured at deployment level type Deployment struct { Name string @@ -3783,8 +3793,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q Expect((inspect.InspectContainerToJSON()[0]).HostConfig.LogConfig.Tag).To(Equal("{{.ImageName}}")) }) - // Check that --userns=auto creates a user namespace - It("podman play kube --userns=auto", func() { + It("podman play kube using a user namespace", func() { u, err := user.Current() Expect(err).To(BeNil()) name := u.Name @@ -3831,6 +3840,26 @@ ENV OPENJ9_JAVA_OPTIONS=%q usernsInCtr.WaitWithDefaultTimeout() Expect(usernsInCtr).Should(Exit(0)) Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig)))) + + // Now try with hostUsers in the pod spec + for _, hostUsers := range []bool{true, false} { + pod = getPod(withHostUsers(hostUsers)) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.PodmanNoCache([]string{"play", "kube", "--replace", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + usernsInCtr = podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "cat", "/proc/self/uid_map"}) + usernsInCtr.WaitWithDefaultTimeout() + Expect(usernsInCtr).Should(Exit(0)) + if hostUsers { + Expect(string(usernsInCtr.Out.Contents())).To(Equal(string(initialUsernsConfig))) + } else { + Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig)))) + } + } }) // Check the block devices are exposed inside container |