k8s.io/kubernetes@v1.29.3/test/e2e/common/node/expansion.go (about) 1 /* 2 Copyright 2016 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package node 18 19 import ( 20 "context" 21 22 v1 "k8s.io/api/core/v1" 23 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 "k8s.io/apimachinery/pkg/util/uuid" 25 "k8s.io/kubernetes/test/e2e/framework" 26 e2epod "k8s.io/kubernetes/test/e2e/framework/pod" 27 e2epodoutput "k8s.io/kubernetes/test/e2e/framework/pod/output" 28 imageutils "k8s.io/kubernetes/test/utils/image" 29 admissionapi "k8s.io/pod-security-admission/api" 30 31 "github.com/onsi/ginkgo/v2" 32 "github.com/onsi/gomega" 33 ) 34 35 // These tests exercise the Kubernetes expansion syntax $(VAR). 36 // For more information, see: 37 // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/expansion.md 38 var _ = SIGDescribe("Variable Expansion", func() { 39 f := framework.NewDefaultFramework("var-expansion") 40 f.NamespacePodSecurityLevel = admissionapi.LevelBaseline 41 42 /* 43 Release: v1.9 44 Testname: Environment variables, expansion 45 Description: Create a Pod with environment variables. Environment variables defined using previously defined environment variables MUST expand to proper values. 46 */ 47 framework.ConformanceIt("should allow composing env vars into new env vars", f.WithNodeConformance(), func(ctx context.Context) { 48 envVars := []v1.EnvVar{ 49 { 50 Name: "FOO", 51 Value: "foo-value", 52 }, 53 { 54 Name: "BAR", 55 Value: "bar-value", 56 }, 57 { 58 Name: "FOOBAR", 59 Value: "$(FOO);;$(BAR)", 60 }, 61 } 62 pod := newPod([]string{"sh", "-c", "env"}, envVars, nil, nil) 63 64 e2epodoutput.TestContainerOutput(ctx, f, "env composition", pod, 0, []string{ 65 "FOO=foo-value", 66 "BAR=bar-value", 67 "FOOBAR=foo-value;;bar-value", 68 }) 69 }) 70 71 /* 72 Release: v1.9 73 Testname: Environment variables, command expansion 74 Description: Create a Pod with environment variables and container command using them. Container command using the defined environment variables MUST expand to proper values. 75 */ 76 framework.ConformanceIt("should allow substituting values in a container's command", f.WithNodeConformance(), func(ctx context.Context) { 77 envVars := []v1.EnvVar{ 78 { 79 Name: "TEST_VAR", 80 Value: "test-value", 81 }, 82 } 83 pod := newPod([]string{"sh", "-c", "TEST_VAR=wrong echo \"$(TEST_VAR)\""}, envVars, nil, nil) 84 85 e2epodoutput.TestContainerOutput(ctx, f, "substitution in container's command", pod, 0, []string{ 86 "test-value", 87 }) 88 }) 89 90 /* 91 Release: v1.9 92 Testname: Environment variables, command argument expansion 93 Description: Create a Pod with environment variables and container command arguments using them. Container command arguments using the defined environment variables MUST expand to proper values. 94 */ 95 framework.ConformanceIt("should allow substituting values in a container's args", f.WithNodeConformance(), func(ctx context.Context) { 96 envVars := []v1.EnvVar{ 97 { 98 Name: "TEST_VAR", 99 Value: "test-value", 100 }, 101 } 102 pod := newPod([]string{"sh", "-c"}, envVars, nil, nil) 103 pod.Spec.Containers[0].Args = []string{"TEST_VAR=wrong echo \"$(TEST_VAR)\""} 104 105 e2epodoutput.TestContainerOutput(ctx, f, "substitution in container's args", pod, 0, []string{ 106 "test-value", 107 }) 108 }) 109 110 /* 111 Release: v1.19 112 Testname: VolumeSubpathEnvExpansion, subpath expansion 113 Description: Make sure a container's subpath can be set using an expansion of environment variables. 114 */ 115 framework.ConformanceIt("should allow substituting values in a volume subpath", func(ctx context.Context) { 116 envVars := []v1.EnvVar{ 117 { 118 Name: "POD_NAME", 119 Value: "foo", 120 }, 121 } 122 mounts := []v1.VolumeMount{ 123 { 124 Name: "workdir1", 125 MountPath: "/logscontainer", 126 SubPathExpr: "$(POD_NAME)", 127 }, 128 { 129 Name: "workdir1", 130 MountPath: "/testcontainer", 131 }, 132 } 133 volumes := []v1.Volume{ 134 { 135 Name: "workdir1", 136 VolumeSource: v1.VolumeSource{ 137 EmptyDir: &v1.EmptyDirVolumeSource{}, 138 }, 139 }, 140 } 141 pod := newPod([]string{}, envVars, mounts, volumes) 142 envVars[0].Value = pod.ObjectMeta.Name 143 pod.Spec.Containers[0].Command = []string{"sh", "-c", "test -d /testcontainer/" + pod.ObjectMeta.Name + ";echo $?"} 144 145 e2epodoutput.TestContainerOutput(ctx, f, "substitution in volume subpath", pod, 0, []string{ 146 "0", 147 }) 148 }) 149 150 /* 151 Release: v1.19 152 Testname: VolumeSubpathEnvExpansion, subpath with backticks 153 Description: Make sure a container's subpath can not be set using an expansion of environment variables when backticks are supplied. 154 */ 155 framework.ConformanceIt("should fail substituting values in a volume subpath with backticks", f.WithSlow(), func(ctx context.Context) { 156 157 envVars := []v1.EnvVar{ 158 { 159 Name: "POD_NAME", 160 Value: "..", 161 }, 162 } 163 mounts := []v1.VolumeMount{ 164 { 165 Name: "workdir1", 166 MountPath: "/logscontainer", 167 SubPathExpr: "$(POD_NAME)", 168 }, 169 } 170 volumes := []v1.Volume{ 171 { 172 Name: "workdir1", 173 VolumeSource: v1.VolumeSource{ 174 EmptyDir: &v1.EmptyDirVolumeSource{}, 175 }, 176 }, 177 } 178 pod := newPod(nil, envVars, mounts, volumes) 179 180 // Pod should fail 181 testPodFailSubpath(ctx, f, pod) 182 }) 183 184 /* 185 Release: v1.19 186 Testname: VolumeSubpathEnvExpansion, subpath with absolute path 187 Description: Make sure a container's subpath can not be set using an expansion of environment variables when absolute path is supplied. 188 */ 189 framework.ConformanceIt("should fail substituting values in a volume subpath with absolute path", f.WithSlow(), func(ctx context.Context) { 190 absolutePath := "/tmp" 191 if framework.NodeOSDistroIs("windows") { 192 // Windows does not typically have a C:\tmp folder. 193 absolutePath = "C:\\Users" 194 } 195 196 envVars := []v1.EnvVar{ 197 { 198 Name: "POD_NAME", 199 Value: absolutePath, 200 }, 201 } 202 mounts := []v1.VolumeMount{ 203 { 204 Name: "workdir1", 205 MountPath: "/logscontainer", 206 SubPathExpr: "$(POD_NAME)", 207 }, 208 } 209 volumes := []v1.Volume{ 210 { 211 Name: "workdir1", 212 VolumeSource: v1.VolumeSource{ 213 EmptyDir: &v1.EmptyDirVolumeSource{}, 214 }, 215 }, 216 } 217 pod := newPod(nil, envVars, mounts, volumes) 218 219 // Pod should fail 220 testPodFailSubpath(ctx, f, pod) 221 }) 222 223 /* 224 Release: v1.19 225 Testname: VolumeSubpathEnvExpansion, subpath ready from failed state 226 Description: Verify that a failing subpath expansion can be modified during the lifecycle of a container. 227 */ 228 framework.ConformanceIt("should verify that a failing subpath expansion can be modified during the lifecycle of a container", f.WithSlow(), func(ctx context.Context) { 229 230 envVars := []v1.EnvVar{ 231 { 232 Name: "POD_NAME", 233 Value: "foo", 234 }, 235 { 236 Name: "ANNOTATION", 237 ValueFrom: &v1.EnvVarSource{ 238 FieldRef: &v1.ObjectFieldSelector{ 239 APIVersion: "v1", 240 FieldPath: "metadata.annotations['mysubpath']", 241 }, 242 }, 243 }, 244 } 245 mounts := []v1.VolumeMount{ 246 { 247 Name: "workdir1", 248 MountPath: "/subpath_mount", 249 SubPathExpr: "$(ANNOTATION)/$(POD_NAME)", 250 }, 251 { 252 Name: "workdir1", 253 MountPath: "/volume_mount", 254 }, 255 } 256 volumes := []v1.Volume{ 257 { 258 Name: "workdir1", 259 VolumeSource: v1.VolumeSource{ 260 EmptyDir: &v1.EmptyDirVolumeSource{}, 261 }, 262 }, 263 } 264 pod := newPod([]string{"sh", "-c", "tail -f /dev/null"}, envVars, mounts, volumes) 265 pod.ObjectMeta.Annotations = map[string]string{"notmysubpath": "mypath"} 266 267 ginkgo.By("creating the pod with failed condition") 268 podClient := e2epod.NewPodClient(f) 269 pod = podClient.Create(ctx, pod) 270 271 getPod := e2epod.Get(f.ClientSet, pod) 272 gomega.Consistently(ctx, getPod).WithTimeout(framework.PodStartShortTimeout).Should(e2epod.BeInPhase(v1.PodPending)) 273 274 ginkgo.By("updating the pod") 275 podClient.Update(ctx, pod.ObjectMeta.Name, func(pod *v1.Pod) { 276 if pod.ObjectMeta.Annotations == nil { 277 pod.ObjectMeta.Annotations = make(map[string]string) 278 } 279 pod.ObjectMeta.Annotations["mysubpath"] = "mypath" 280 }) 281 282 ginkgo.By("waiting for pod running") 283 err := e2epod.WaitTimeoutForPodRunningInNamespace(ctx, f.ClientSet, pod.Name, pod.Namespace, framework.PodStartShortTimeout) 284 framework.ExpectNoError(err, "while waiting for pod to be running") 285 286 ginkgo.By("deleting the pod gracefully") 287 err = e2epod.DeletePodWithWait(ctx, f.ClientSet, pod) 288 framework.ExpectNoError(err, "failed to delete pod") 289 }) 290 291 /* 292 Release: v1.19 293 Testname: VolumeSubpathEnvExpansion, subpath test writes 294 Description: Verify that a subpath expansion can be used to write files into subpaths. 295 1. valid subpathexpr starts a container running 296 2. test for valid subpath writes 297 3. successful expansion of the subpathexpr isn't required for volume cleanup 298 299 */ 300 framework.ConformanceIt("should succeed in writing subpaths in container", f.WithSlow(), func(ctx context.Context) { 301 302 envVars := []v1.EnvVar{ 303 { 304 Name: "POD_NAME", 305 Value: "foo", 306 }, 307 { 308 Name: "ANNOTATION", 309 ValueFrom: &v1.EnvVarSource{ 310 FieldRef: &v1.ObjectFieldSelector{ 311 APIVersion: "v1", 312 FieldPath: "metadata.annotations['mysubpath']", 313 }, 314 }, 315 }, 316 } 317 mounts := []v1.VolumeMount{ 318 { 319 Name: "workdir1", 320 MountPath: "/subpath_mount", 321 SubPathExpr: "$(ANNOTATION)/$(POD_NAME)", 322 }, 323 { 324 Name: "workdir1", 325 MountPath: "/volume_mount", 326 }, 327 } 328 volumes := []v1.Volume{ 329 { 330 Name: "workdir1", 331 VolumeSource: v1.VolumeSource{ 332 EmptyDir: &v1.EmptyDirVolumeSource{}, 333 }, 334 }, 335 } 336 pod := newPod([]string{"sh", "-c", "tail -f /dev/null"}, envVars, mounts, volumes) 337 pod.ObjectMeta.Annotations = map[string]string{"mysubpath": "mypath"} 338 339 ginkgo.By("creating the pod") 340 podClient := e2epod.NewPodClient(f) 341 pod = podClient.Create(ctx, pod) 342 343 ginkgo.By("waiting for pod running") 344 err := e2epod.WaitTimeoutForPodRunningInNamespace(ctx, f.ClientSet, pod.Name, pod.Namespace, framework.PodStartShortTimeout) 345 framework.ExpectNoError(err, "while waiting for pod to be running") 346 347 ginkgo.By("creating a file in subpath") 348 cmd := "touch /volume_mount/mypath/foo/test.log" 349 _, _, err = e2epod.ExecShellInPodWithFullOutput(ctx, f, pod.Name, cmd) 350 if err != nil { 351 framework.Failf("expected to be able to write to subpath") 352 } 353 354 ginkgo.By("test for file in mounted path") 355 cmd = "test -f /subpath_mount/test.log" 356 _, _, err = e2epod.ExecShellInPodWithFullOutput(ctx, f, pod.Name, cmd) 357 if err != nil { 358 framework.Failf("expected to be able to verify file") 359 } 360 361 ginkgo.By("updating the annotation value") 362 podClient.Update(ctx, pod.ObjectMeta.Name, func(pod *v1.Pod) { 363 pod.ObjectMeta.Annotations["mysubpath"] = "mynewpath" 364 }) 365 366 ginkgo.By("waiting for annotated pod running") 367 err = e2epod.WaitTimeoutForPodRunningInNamespace(ctx, f.ClientSet, pod.Name, pod.Namespace, framework.PodStartShortTimeout) 368 framework.ExpectNoError(err, "while waiting for annotated pod to be running") 369 370 ginkgo.By("deleting the pod gracefully") 371 err = e2epod.DeletePodWithWait(ctx, f.ClientSet, pod) 372 framework.ExpectNoError(err, "failed to delete pod") 373 }) 374 }) 375 376 func testPodFailSubpath(ctx context.Context, f *framework.Framework, pod *v1.Pod) { 377 podClient := e2epod.NewPodClient(f) 378 pod = podClient.Create(ctx, pod) 379 380 ginkgo.DeferCleanup(e2epod.DeletePodWithWait, f.ClientSet, pod) 381 382 err := e2epod.WaitForPodContainerToFail(ctx, f.ClientSet, pod.Namespace, pod.Name, 0, "CreateContainerConfigError", framework.PodStartShortTimeout) 383 framework.ExpectNoError(err, "while waiting for the pod container to fail") 384 } 385 386 func newPod(command []string, envVars []v1.EnvVar, mounts []v1.VolumeMount, volumes []v1.Volume) *v1.Pod { 387 podName := "var-expansion-" + string(uuid.NewUUID()) 388 return &v1.Pod{ 389 ObjectMeta: metav1.ObjectMeta{ 390 Name: podName, 391 Labels: map[string]string{"name": podName}, 392 }, 393 Spec: v1.PodSpec{ 394 Containers: []v1.Container{newContainer("dapi-container", command, envVars, mounts)}, 395 RestartPolicy: v1.RestartPolicyNever, 396 Volumes: volumes, 397 }, 398 } 399 } 400 401 func newContainer(containerName string, command []string, envVars []v1.EnvVar, mounts []v1.VolumeMount) v1.Container { 402 return v1.Container{ 403 Name: containerName, 404 Image: imageutils.GetE2EImage(imageutils.BusyBox), 405 Command: command, 406 Env: envVars, 407 VolumeMounts: mounts, 408 } 409 }