github.com/containers/podman/v5@v5.1.0-rc1/test/system/710-kube.bats (about) 1 #!/usr/bin/env bats -*- bats -*- 2 # 3 # Test podman kube generate 4 # 5 6 load helpers 7 8 # capability drop list 9 capabilities='{"drop":["CAP_FOWNER","CAP_SETFCAP"]}' 10 11 # filter: convert yaml to json, because bash+yaml=madness 12 function yaml2json() { 13 python3 -c 'import yaml 14 import json 15 import sys 16 json.dump(yaml.safe_load(sys.stdin), sys.stdout)' 17 } 18 19 ############################################################################### 20 # BEGIN tests 21 22 @test "podman kube generate - usage message" { 23 run_podman kube generate --help 24 is "$output" ".*podman.* kube generate \[options\] {CONTAINER...|POD...|VOLUME...}" 25 run_podman generate kube --help 26 is "$output" ".*podman.* generate kube \[options\] {CONTAINER...|POD...|VOLUME...}" 27 } 28 29 @test "podman kube generate - container" { 30 cname=c$(random_string 15) 31 run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname $IMAGE top 32 run_podman kube generate $cname 33 34 # As of #18542, we must never see this message again. 35 assert "$output" !~ "Kubernetes only allows 63 characters" 36 # Convert yaml to json, and dump to stdout (to help in case of errors) 37 json=$(yaml2json <<<"$output") 38 jq . <<<"$json" 39 40 # What we expect to see. This is by necessity an incomplete list. 41 # For instance, it does not include org.opencontainers.image.base.* 42 # because sometimes we get that, sometimes we don't. No clue why. 43 # 44 # And, unfortunately, if new fields are added to the YAML, we won't 45 # test those unless a developer remembers to add them here. 46 # 47 # Reasons for doing it this way, instead of straight-comparing yaml: 48 # 1) the arbitrariness of the org.opencontainers.image.base annotations 49 # 2) YAML order is nondeterministic, so on a pod with two containers 50 # (as in the pod test below) we cannot rely on cname1/cname2. 51 expect=" 52 apiVersion | = | v1 53 kind | = | Pod 54 55 metadata.creationTimestamp | =~ | [0-9T:-]\\+Z 56 metadata.labels.app | = | ${cname}-pod 57 metadata.name | = | ${cname}-pod 58 59 spec.containers[0].command | = | [\"top\"] 60 spec.containers[0].image | = | $IMAGE 61 spec.containers[0].name | = | $cname 62 63 spec.containers[0].securityContext.capabilities | = | $capabilities 64 65 status | = | null 66 " 67 68 # Parse and check all those 69 while read key op expect; do 70 actual=$(jq -r -c ".$key" <<<"$json") 71 assert "$actual" $op "$expect" ".$key" 72 done < <(parse_table "$expect") 73 74 run_podman rm $cname 75 } 76 77 @test "podman kube generate unmasked" { 78 KUBE=$PODMAN_TMPDIR/kube.yaml 79 run_podman create --name test --security-opt unmask=all $IMAGE 80 run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test 81 is "$output" "[unmask=all]" "Inspect should see unmask all" 82 run_podman kube generate test -f $KUBE 83 assert "$(< $KUBE)" =~ "procMount: Unmasked" "Generated kube yaml should have procMount unmasked" 84 run_podman kube play $KUBE 85 run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test-pod-test 86 is "$output" "[unmask=all]" "Inspect kube play container should see unmask all" 87 run_podman kube down $KUBE 88 run_podman pod rm -a 89 run_podman rm -a 90 run_podman rmi $(pause_image) 91 } 92 93 @test "podman kube generate - pod" { 94 local pname=p$(random_string 15) 95 local cname1=c1$(random_string 15) 96 local cname2=c2$(random_string 15) 97 98 run_podman pod create --name $pname --publish 9999:8888 99 100 # Needs at least one container. Error is slightly different between 101 # regular and remote podman: 102 # regular: Error: pod ... only has... 103 # remote: Error: generating YAML: pod ... only has... 104 run_podman 125 kube generate $pname 105 assert "$output" =~ "Error: .* only has an infra container" 106 107 run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname1 --pod $pname $IMAGE top 108 run_podman container create --name $cname2 --pod $pname $IMAGE bottom 109 run_podman kube generate $pname 110 111 json=$(yaml2json <<<"$output") 112 jq . <<<"$json" 113 114 # See container test above for description of this table 115 expect=" 116 apiVersion | = | v1 117 kind | = | Pod 118 119 metadata.creationTimestamp | =~ | [0-9T:-]\\+Z 120 metadata.labels.app | = | ${pname} 121 metadata.name | = | ${pname} 122 123 spec.hostname | = | null 124 125 spec.containers[0].command | = | [\"top\"] 126 spec.containers[0].image | = | $IMAGE 127 spec.containers[0].name | = | $cname1 128 spec.containers[0].ports[0].containerPort | = | 8888 129 spec.containers[0].ports[0].hostPort | = | 9999 130 spec.containers[0].resources | = | null 131 132 spec.containers[1].command | = | [\"bottom\"] 133 spec.containers[1].image | = | $IMAGE 134 spec.containers[1].name | = | $cname2 135 spec.containers[1].ports | = | null 136 spec.containers[1].resources | = | null 137 138 spec.containers[0].securityContext.capabilities | = | $capabilities 139 140 status | = | null 141 " 142 143 while read key op expect; do 144 actual=$(jq -r -c ".$key" <<<"$json") 145 assert "$actual" $op "$expect" ".$key" 146 done < <(parse_table "$expect") 147 148 run_podman rm $cname1 $cname2 149 run_podman pod rm $pname 150 run_podman rmi $(pause_image) 151 } 152 153 @test "podman kube generate - deployment" { 154 skip_if_remote "containersconf needs to be set on server side" 155 local pname=p$(random_string 15) 156 local cname1=c1$(random_string 15) 157 local cname2=c2$(random_string 15) 158 159 run_podman pod create --name $pname 160 run_podman container create --name $cname1 --pod $pname $IMAGE top 161 run_podman container create --name $cname2 --pod $pname $IMAGE bottom 162 163 containersconf=$PODMAN_TMPDIR/containers.conf 164 cat >$containersconf <<EOF 165 [engine] 166 kube_generate_type="deployment" 167 EOF 168 CONTAINERS_CONF_OVERRIDE=$containersconf run_podman kube generate $pname 169 170 json=$(yaml2json <<<"$output") 171 # For debugging purposes in the event we regress, we can see the generate output to know what went wrong 172 jq . <<<"$json" 173 174 # See container test above for description of this table 175 expect=" 176 apiVersion | = | apps/v1 177 kind | = | Deployment 178 179 metadata.creationTimestamp | =~ | [0-9T:-]\\+Z 180 metadata.labels.app | = | ${pname} 181 metadata.name | = | ${pname}-deployment 182 " 183 184 while read key op expect; do 185 actual=$(jq -r -c ".$key" <<<"$json") 186 assert "$actual" $op "$expect" ".$key" 187 done < <(parse_table "$expect") 188 189 run_podman rm $cname1 $cname2 190 run_podman pod rm $pname 191 run_podman rmi $(pause_image) 192 } 193 194 # vim: filetype=sh