github.phpd.cn/cilium/cilium@v1.6.12/test/standalone/microk8s-static-pods.sh (about)

     1  #!/bin/bash
     2  
     3  SNAP_COMMON=${SNAP_COMMON:-"/var/snap/microk8s/common"}
     4  KUBELET_CONF="/var/snap/microk8s/current/args/kubelet"
     5  POD_MANIFESTS_PATH="${SNAP_COMMON}/etc/kubelet.d"
     6  STATIC_POD_PATH="${POD_MANIFESTS_PATH}/static-web.yaml"
     7  TEST_NAME="$0"
     8  
     9  set -e
    10  
    11  if [ $UID != 0 ]; then
    12      echo "Script must be run as root"
    13      exit
    14  fi
    15  
    16  trap cleanup EXIT
    17  
    18  function log {
    19      echo "$@" >&2
    20  }
    21  
    22  function abort {
    23      log "$@"
    24      return 1
    25  }
    26  
    27  function test_succeeded {
    28      log "$@"
    29      echo "Success"
    30  }
    31  
    32  function cilium {
    33      microk8s.cilium "$@"
    34  }
    35  
    36  function cleanup {
    37      rm -rf $STATIC_POD_PATH
    38  }
    39  
    40  function cfg_kubelet {
    41      if ! grep -q "pod-manifest-path" $KUBELET_CONF; then
    42          echo "--pod-manifest-path=${POD_MANIFESTS_PATH}" >> $KUBELET_CONF
    43          systemctl restart snap.microk8s.daemon-apiserver.service
    44      fi
    45  }
    46  
    47  # $1 - start / stop / restart
    48  function apiserver {
    49      systemctl "$1" snap.microk8s.daemon-apiserver.service
    50  }
    51  
    52  function cfg_static_pod {
    53      mkdir -p $POD_MANIFESTS_PATH
    54      cat <<EOF >$STATIC_POD_PATH
    55  apiVersion: v1
    56  kind: Pod
    57  metadata:
    58    name: static-web
    59    labels:
    60      role: myrole
    61  spec:
    62    containers:
    63      - name: web
    64        image: nginx
    65        ports:
    66          - name: web
    67            containerPort: 80
    68            protocol: TCP
    69  EOF
    70  }
    71  
    72  function check_pod_labels {
    73      static_pod_labels="$(cilium endpoint list -o json \
    74          | jq '.[].status.labels."security-relevant"
    75                | select(any(.[]; contains("k8s"))|not)
    76                | select(any(.[]; contains("health"))|not)')"
    77      log "$static_pod_labels"
    78      [ "$(echo "$static_pod_labels" | jq 'length')" = "" ]
    79  }
    80  
    81  # Setup
    82  log "Configuring the test"
    83  cleanup
    84  cfg_kubelet
    85  apiserver stop
    86  cfg_static_pod
    87  sleep 2
    88  apiserver start
    89  
    90  # Initial logging status
    91  log "Gathering initial state from cilium"
    92  log "$(cilium status)"
    93  log "$(cilium endpoint list)"
    94  
    95  log "Running test..."
    96  if ! check_pod_labels; then
    97      # Sleep for up to 50 seconds, checking that the pod labels get properly updated from apiserver
    98      for i in {1..10}; do
    99          if check_pod_labels; then
   100              break
   101          fi
   102          log "Static pod labels don't contain kubernetes labels"
   103          sleep 5
   104      done
   105      if ! check_pod_labels; then
   106          abort "Static pod labels don't contain kubernetes labels after timeout"
   107      fi
   108  fi
   109  
   110  test_succeeded "${TEST_NAME}"