github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/kubelet/dockertools/docker_test.go

827 lines
24 KiB
Go
Raw Normal View History

kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
/*
Remove "All rights reserved" from all the headers.
2016-06-03 00:25:58 +00:00
Copyright 2014 The Kubernetes Authors.
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package dockertools
import (
add pull secret references to pods
2015-05-08 17:53:00 +00:00
"encoding/json"
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
"fmt"
"hash/adler32"
restrict log sym link filename to 255 characters Signed-off-by: Vishnu Kannan <vishnuk@google.com>
2016-07-24 21:28:31 +00:00
"math/rand"
"path"
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
"reflect"
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
"sort"
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
"strconv"
Filtered out unfriendly error from docker when registry is not reachable(code: 502, 503, 504)
2015-06-05 00:37:07 +00:00
"strings"
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
"testing"
run gofmt on everything we touched
2015-08-05 22:05:17 +00:00
"github.com/docker/docker/pkg/jsonmessage"
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
dockertypes "github.com/docker/engine-api/types"
Refactor CreateContainer.
2016-04-14 17:36:13 +00:00
dockernat "github.com/docker/go-connections/nat"
Del capatical local packagename for cadvisorApi
2015-10-16 03:00:28 +00:00
cadvisorapi "github.com/google/cadvisor/info/v1"
Clear tags to remove images with multiple tags
2016-07-20 00:36:48 +00:00
"github.com/stretchr/testify/assert"
rewrite go imports
2015-08-05 22:03:47 +00:00
"k8s.io/kubernetes/pkg/api"
kubenet: set bridge promiscuous mode based on hairpinMode Closes: https://github.com/kubernetes/kubernetes/issues/23657 Closes: https://github.com/kubernetes/kubernetes/issues/20475
2016-03-31 22:20:04 +00:00
"k8s.io/kubernetes/pkg/apis/componentconfig"
Move version agnostic parts of client pkg/client/unversioned/cache -> pkg/client/cache pkg/client/unversioned/record -> pkg/client/record
2015-09-03 21:40:58 +00:00
"k8s.io/kubernetes/pkg/client/record"
rewrite go imports
2015-08-05 22:03:47 +00:00
"k8s.io/kubernetes/pkg/credentialprovider"
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
Move test-only files to test-only packages
2016-02-25 23:40:44 +00:00
containertest "k8s.io/kubernetes/pkg/kubelet/container/testing"
Moving image pulling errors under kubelet/images
2016-07-19 22:42:21 +00:00
"k8s.io/kubernetes/pkg/kubelet/images"
rewrite go imports
2015-08-05 22:03:47 +00:00
"k8s.io/kubernetes/pkg/kubelet/network"
Move test-only files to test-only packages
2016-02-25 23:40:44 +00:00
nettest "k8s.io/kubernetes/pkg/kubelet/network/testing"
rewrite go imports
2015-08-05 22:03:47 +00:00
"k8s.io/kubernetes/pkg/types"
Use hashutil to hold hash tools
2016-01-05 07:31:20 +00:00
hashutil "k8s.io/kubernetes/pkg/util/hash"
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
)
func verifyCalls(t *testing.T, fakeDocker *FakeDockerClient, calls []string) {
Clear tags to remove images with multiple tags
2016-07-20 00:36:48 +00:00
assert.New(t).NoError(fakeDocker.AssertCalls(calls))
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
}
func verifyStringArrayEquals(t *testing.T, actual, expected []string) {
invalid := len(actual) != len(expected)
if !invalid {
for ix, value := range actual {
if expected[ix] != value {
invalid = true
}
}
}
if invalid {
t.Errorf("Expected: %#v, Actual: %#v", expected, actual)
}
}
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
func findPodContainer(dockerContainers []*dockertypes.Container, podFullName string, uid types.UID, containerName string) (*dockertypes.Container, bool, uint64) {
Move findPodContainer to docker_test.go
2015-11-02 17:49:07 +00:00
for _, dockerContainer := range dockerContainers {
if len(dockerContainer.Names) == 0 {
continue
}
dockerName, hash, err := ParseDockerName(dockerContainer.Names[0])
if err != nil {
continue
}
if dockerName.PodFullName == podFullName &&
(uid == "" || dockerName.PodUID == uid) &&
dockerName.ContainerName == containerName {
return dockerContainer, true, hash
}
}
return nil, false, 0
}
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
func TestGetContainerID(t *testing.T) {
Set fake docker client to minimum required version.
2016-04-04 23:01:11 +00:00
fakeDocker := NewFakeDockerClient()
Refactor InspectContainer.
2016-04-04 22:27:20 +00:00
fakeDocker.SetFakeRunningContainers([]*FakeContainer{
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
{
Cleanup fake_docker_client.go and manager_test.go
2015-11-19 21:59:18 +00:00
ID: "foobar",
Name: "/k8s_foo_qux_ns_1234_42",
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
},
{
Cleanup fake_docker_client.go and manager_test.go
2015-11-19 21:59:18 +00:00
ID: "barbar",
Name: "/k8s_bar_qux_ns_2565_42",
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
},
Cleanup fake_docker_client.go and manager_test.go
2015-11-19 21:59:18 +00:00
})
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
ListContainer filter
2014-09-29 21:38:31 +00:00
dockerContainers, err := GetKubeletDockerContainers(fakeDocker, false)
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
if err != nil {
t.Errorf("Expected no error, Got %#v", err)
}
if len(dockerContainers) != 2 {
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
t.Errorf("Expected %#v, Got %#v", fakeDocker.RunningContainerList, dockerContainers)
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
}
verifyCalls(t, fakeDocker, []string{"list"})
Remove unused type DockerContainers. Type DockerContainers and function FindPodContainer() are never used. Remove them to simplify the docker runtime api.
2015-11-02 02:49:05 +00:00
dockerContainer, found, _ := findPodContainer(dockerContainers, "qux_ns", "", "foo")
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
if dockerContainer == nil || !found {
t.Errorf("Failed to find container %#v", dockerContainer)
}
Track the sources that the kubelet has seen, and only delete pods when every source has been seen at least once.
2014-12-17 05:11:27 +00:00
fakeDocker.ClearCalls()
Remove unused type DockerContainers. Type DockerContainers and function FindPodContainer() are never used. Remove them to simplify the docker runtime api.
2015-11-02 02:49:05 +00:00
dockerContainer, found, _ = findPodContainer(dockerContainers, "foobar", "", "foo")
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
verifyCalls(t, fakeDocker, []string{})
if dockerContainer != nil || found {
t.Errorf("Should not have found container %#v", dockerContainer)
}
}
Ensure Namespace and UID are set in kubelet Make all kubelet config sources ensure that UID and Namespace are defaulted, if need be. We can *almost* disable the "if blank" logic for UID, except for tests that call APIs that do not run through SyncPods. We really ought to be enforcing invariants better.
2015-01-05 01:30:30 +00:00
func verifyPackUnpack(t *testing.T, podNamespace, podUID, podName, containerName string) {
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
container := &api.Container{Name: containerName}
hasher := adler32.New()
Use hashutil to hold hash tools
2016-01-05 07:31:20 +00:00
hashutil.DeepHashObject(hasher, *container)
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
computedHash := uint64(hasher.Sum32())
kubelet: revamp the pod/container naming scheme There are two main goals for this change. 1. Fix the naming scheme in kubelet so that it accepts DNS subdomain name/namespaces correctly (#4920). The design is discussed in #3453. 2. Prepare for syncing the static pods back to the apiserver(#4090). This includes - Eliminate the source component in the internal full pod name (#4922). Pods no longer need sources as they will all be sync'd via apiserver. - Changing the naming scheme for the static (file-, http-, and etcd-based) pods such that they are distinguishable when syncing back to the apiserver. The changes includes: * name = <pod.Name>-<hostname> * namespace = <cluster_namespace> (i.e. "default" for now). * container_name = k8s_<contianer_name>.<hash_of_container>_<pod_name>_<namespace>_<uid>_<random> Note that this is not backward-compatible, meaning the kubelet won't recognize existing running containers using the old naming scheme.
2015-02-26 20:27:14 +00:00
podFullName := fmt.Sprintf("%s_%s", podName, podNamespace)
Deprecate HostConfig at container start
2016-02-04 00:40:04 +00:00
_, name, _ := BuildDockerName(KubeletContainerName{podFullName, types.UID(podUID), container.Name}, container)
Refactor build/parse dockername. #3511 Functions Build/ParseDockerName now work with struct instead of the long list of arguments. This new struct also was reused in the kubelet.go instead of auxilary podContainer struct.
2015-03-20 11:55:02 +00:00
returned, hash, err := ParseDockerName(name)
Make ParseDockerName() return an error. This forces callers to handle cases where the container name could not be parsed.
2015-03-12 23:31:57 +00:00
if err != nil {
t.Errorf("Failed to parse Docker container name %q: %v", name, err)
}
Refactor build/parse dockername. #3511 Functions Build/ParseDockerName now work with struct instead of the long list of arguments. This new struct also was reused in the kubelet.go instead of auxilary podContainer struct.
2015-03-20 11:55:02 +00:00
if podFullName != returned.PodFullName || podUID != string(returned.PodUID) || containerName != returned.ContainerName || computedHash != hash {
t.Errorf("For (%s, %s, %s, %d), unpacked (%s, %s, %s, %d)", podFullName, podUID, containerName, computedHash, returned.PodFullName, returned.PodUID, returned.ContainerName, hash)
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
}
}
Removing ContainerManifest
2015-06-15 19:04:30 +00:00
func TestContainerNaming(t *testing.T) {
Remove logic to handle if UID is blank This should only have been triggered by tests, and those should now be fixed. I tested by calling panic() if UID was blank in BuildDockerName() or if number of fields was < 5 in ParseDockerName(). All errors were fixed.
2015-01-10 01:19:31 +00:00
podUID := "12345678"
verifyPackUnpack(t, "file", podUID, "name", "container")
verifyPackUnpack(t, "file", podUID, "name-with-dashes", "container")
Ensure Namespace and UID are set in kubelet Make all kubelet config sources ensure that UID and Namespace are defaulted, if need be. We can *almost* disable the "if blank" logic for UID, except for tests that call APIs that do not run through SyncPods. We really ought to be enforcing invariants better.
2015-01-05 01:30:30 +00:00
// UID is same as pod name
Remove logic to handle if UID is blank This should only have been triggered by tests, and those should now be fixed. I tested by calling panic() if UID was blank in BuildDockerName() or if number of fields was < 5 in ParseDockerName(). All errors were fixed.
2015-01-10 01:19:31 +00:00
verifyPackUnpack(t, "file", podUID, podUID, "container")
use _ as the separator for docker container name.
2014-09-25 00:05:53 +00:00
// No Container name
Remove logic to handle if UID is blank This should only have been triggered by tests, and those should now be fixed. I tested by calling panic() if UID was blank in BuildDockerName() or if number of fields was < 5 in ParseDockerName(). All errors were fixed.
2015-01-10 01:19:31 +00:00
verifyPackUnpack(t, "other", podUID, "name", "")
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
container := &api.Container{Name: "container"}
podName := "foo"
podNamespace := "test"
kubelet: revamp the pod/container naming scheme There are two main goals for this change. 1. Fix the naming scheme in kubelet so that it accepts DNS subdomain name/namespaces correctly (#4920). The design is discussed in #3453. 2. Prepare for syncing the static pods back to the apiserver(#4090). This includes - Eliminate the source component in the internal full pod name (#4922). Pods no longer need sources as they will all be sync'd via apiserver. - Changing the naming scheme for the static (file-, http-, and etcd-based) pods such that they are distinguishable when syncing back to the apiserver. The changes includes: * name = <pod.Name>-<hostname> * namespace = <cluster_namespace> (i.e. "default" for now). * container_name = k8s_<contianer_name>.<hash_of_container>_<pod_name>_<namespace>_<uid>_<random> Note that this is not backward-compatible, meaning the kubelet won't recognize existing running containers using the old naming scheme.
2015-02-26 20:27:14 +00:00
name := fmt.Sprintf("k8s_%s_%s_%s_%s_42", container.Name, podName, podNamespace, podUID)
podFullName := fmt.Sprintf("%s_%s", podName, podNamespace)
Remove logic to handle if UID is blank This should only have been triggered by tests, and those should now be fixed. I tested by calling panic() if UID was blank in BuildDockerName() or if number of fields was < 5 in ParseDockerName(). All errors were fixed.
2015-01-10 01:19:31 +00:00
Refactor build/parse dockername. #3511 Functions Build/ParseDockerName now work with struct instead of the long list of arguments. This new struct also was reused in the kubelet.go instead of auxilary podContainer struct.
2015-03-20 11:55:02 +00:00
returned, hash, err := ParseDockerName(name)
Make ParseDockerName() return an error. This forces callers to handle cases where the container name could not be parsed.
2015-03-12 23:31:57 +00:00
if err != nil {
t.Errorf("Failed to parse Docker container name %q: %v", name, err)
}
Refactor build/parse dockername. #3511 Functions Build/ParseDockerName now work with struct instead of the long list of arguments. This new struct also was reused in the kubelet.go instead of auxilary podContainer struct.
2015-03-20 11:55:02 +00:00
if returned.PodFullName != podFullName || string(returned.PodUID) != podUID || returned.ContainerName != container.Name || hash != 0 {
t.Errorf("unexpected parse: %s %s %s %d", returned.PodFullName, returned.PodUID, returned.ContainerName, hash)
kubelet: move docker-related code into sub-package
2014-09-09 04:33:17 +00:00
}
}
Cleanup the code with new engine-api
2016-04-25 19:40:59 +00:00
func TestApplyDefaultImageTag(t *testing.T) {
for _, testCase := range []struct {
Input string
Output string
Use docker's ParseRepositoryTag when pulling
2015-03-17 00:51:20 +00:00
}{
Cleanup the code with new engine-api
2016-04-25 19:40:59 +00:00
{Input: "root", Output: "root:latest"},
{Input: "root:tag", Output: "root:tag"},
{Input: "root@sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", Output: "root@sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"},
} {
image, err := applyDefaultImageTag(testCase.Input)
Fix use of docker removed ParseRepositoryTag() function Docker has removed the ParseRepositoryTag() function in leading to failures using the kubernetes Go client API. Lets use github.com/docker/distribution reference.ParseNamed() instead. Failure: ../k8s.io/kubernetes/pkg/util/parsers/parsers.go:30: undefined: parsers.ParseRepositoryTag
2016-03-30 14:23:07 +00:00
if err != nil {
Cleanup the code with new engine-api
2016-04-25 19:40:59 +00:00
t.Errorf("applyDefaultTag(%s) failed: %v", testCase.Input, err)
} else if image != testCase.Output {
t.Errorf("Expected image reference: %q, got %q", testCase.Output, image)
Use docker's ParseRepositoryTag when pulling
2015-03-17 00:51:20 +00:00
}
}
Revert "Use docker's ParseRepositoryTag when pulling"
2015-03-17 22:16:33 +00:00
}
make the dockerkeyring handle mutiple matching credentials
2015-05-08 17:30:59 +00:00
func TestPullWithNoSecrets(t *testing.T) {
Use docker's ParseRepositoryTag when pulling
2015-03-17 00:51:20 +00:00
tests := []struct {
imageName string
expectedImage string
}{
make the dockerkeyring handle mutiple matching credentials
2015-05-08 17:30:59 +00:00
{"ubuntu", "ubuntu:latest using {}"},
{"ubuntu:2342", "ubuntu:2342 using {}"},
{"ubuntu:latest", "ubuntu:latest using {}"},
{"foo/bar:445566", "foo/bar:445566 using {}"},
{"registry.example.com:5000/foobar", "registry.example.com:5000/foobar:latest using {}"},
{"registry.example.com:5000/foobar:5342", "registry.example.com:5000/foobar:5342 using {}"},
{"registry.example.com:5000/foobar:latest", "registry.example.com:5000/foobar:latest using {}"},
Use docker's ParseRepositoryTag when pulling
2015-03-17 00:51:20 +00:00
}
for _, test := range tests {
fakeKeyring := &credentialprovider.FakeKeyring{}
Set fake docker client to minimum required version.
2016-04-04 23:01:11 +00:00
fakeClient := NewFakeDockerClient()
Use docker's ParseRepositoryTag when pulling
2015-03-17 00:51:20 +00:00
dp := dockerPuller{
client: fakeClient,
keyring: fakeKeyring,
}
add pull secret references to pods
2015-05-08 17:53:00 +00:00
err := dp.Pull(test.imageName, []api.Secret{})
Use docker's ParseRepositoryTag when pulling
2015-03-17 00:51:20 +00:00
if err != nil {
t.Errorf("unexpected non-nil err: %s", err)
continue
}
if e, a := 1, len(fakeClient.pulled); e != a {
t.Errorf("%s: expected 1 pulled image, got %d: %v", test.imageName, a, fakeClient.pulled)
continue
}
if e, a := test.expectedImage, fakeClient.pulled[0]; e != a {
t.Errorf("%s: expected pull of %q, but got %q", test.imageName, e, a)
Revert "Use docker's ParseRepositoryTag when pulling"
2015-03-17 22:16:33 +00:00
}
}
}
Filtered out unfriendly error from docker when registry is not reachable(code: 502, 503, 504)
2015-06-05 00:37:07 +00:00
func TestPullWithJSONError(t *testing.T) {
tests := map[string]struct {
imageName string
err error
expectedError string
}{
"Json error": {
"ubuntu",
&jsonmessage.JSONError{Code: 50, Message: "Json error"},
"Json error",
},
"Bad gateway": {
"ubuntu",
&jsonmessage.JSONError{Code: 502, Message: "<!doctype html>\n<html class=\"no-js\" lang=\"\">\n <head>\n </head>\n <body>\n <h1>Oops, there was an error!</h1>\n <p>We have been contacted of this error, feel free to check out <a href=\"http://status.docker.com/\">status.docker.com</a>\n to see if there is a bigger issue.</p>\n\n </body>\n</html>"},
Moving image pulling errors under kubelet/images
2016-07-19 22:42:21 +00:00
images.RegistryUnavailable.Error(),
Filtered out unfriendly error from docker when registry is not reachable(code: 502, 503, 504)
2015-06-05 00:37:07 +00:00
},
}
for i, test := range tests {
fakeKeyring := &credentialprovider.FakeKeyring{}
Set fake docker client to minimum required version.
2016-04-04 23:01:11 +00:00
fakeClient := NewFakeDockerClient()
fakeClient.InjectError("pull", test.err)
Filtered out unfriendly error from docker when registry is not reachable(code: 502, 503, 504)
2015-06-05 00:37:07 +00:00
puller := &dockerPuller{
client: fakeClient,
keyring: fakeKeyring,
}
err := puller.Pull(test.imageName, []api.Secret{})
if err == nil || !strings.Contains(err.Error(), test.expectedError) {
Correcting all go vet errors
2015-08-08 01:52:23 +00:00
t.Errorf("%s: expect error %s, got : %s", i, test.expectedError, err)
Filtered out unfriendly error from docker when registry is not reachable(code: 502, 503, 504)
2015-06-05 00:37:07 +00:00
continue
}
}
}
add pull secret references to pods
2015-05-08 17:53:00 +00:00
func TestPullWithSecrets(t *testing.T) {
reduce scope of DockerConfigEntryWithAuth
2015-05-19 13:00:12 +00:00
// auth value is equivalent to: "username":"passed-user","password":"passed-password"
dockerCfg := map[string]map[string]string{"index.docker.io/v1/": {"email": "passed-email", "auth": "cGFzc2VkLXVzZXI6cGFzc2VkLXBhc3N3b3Jk"}}
add pull secret references to pods
2015-05-08 17:53:00 +00:00
dockercfgContent, err := json.Marshal(dockerCfg)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
Support new docker config format for private registries
2015-08-14 09:08:08 +00:00
dockerConfigJson := map[string]map[string]map[string]string{"auths": dockerCfg}
dockerConfigJsonContent, err := json.Marshal(dockerConfigJson)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
add pull secret references to pods
2015-05-08 17:53:00 +00:00
tests := map[string]struct {
imageName string
passedSecrets []api.Secret
builtInDockerConfig credentialprovider.DockerConfig
expectedPulls []string
}{
"no matching secrets": {
"ubuntu",
[]api.Secret{},
credentialprovider.DockerConfig(map[string]credentialprovider.DockerConfigEntry{}),
[]string{"ubuntu:latest using {}"},
},
"default keyring secrets": {
"ubuntu",
[]api.Secret{},
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
credentialprovider.DockerConfig(map[string]credentialprovider.DockerConfigEntry{"index.docker.io/v1/": {"built-in", "password", "email", nil}}),
add pull secret references to pods
2015-05-08 17:53:00 +00:00
[]string{`ubuntu:latest using {"username":"built-in","password":"password","email":"email"}`},
},
"default keyring secrets unused": {
"ubuntu",
[]api.Secret{},
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
credentialprovider.DockerConfig(map[string]credentialprovider.DockerConfigEntry{"extraneous": {"built-in", "password", "email", nil}}),
add pull secret references to pods
2015-05-08 17:53:00 +00:00
[]string{`ubuntu:latest using {}`},
},
"builtin keyring secrets, but use passed": {
"ubuntu",
[]api.Secret{{Type: api.SecretTypeDockercfg, Data: map[string][]byte{api.DockerConfigKey: dockercfgContent}}},
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
credentialprovider.DockerConfig(map[string]credentialprovider.DockerConfigEntry{"index.docker.io/v1/": {"built-in", "password", "email", nil}}),
add pull secret references to pods
2015-05-08 17:53:00 +00:00
[]string{`ubuntu:latest using {"username":"passed-user","password":"passed-password","email":"passed-email"}`},
},
Support new docker config format for private registries
2015-08-14 09:08:08 +00:00
"builtin keyring secrets, but use passed with new docker config": {
"ubuntu",
[]api.Secret{{Type: api.SecretTypeDockerConfigJson, Data: map[string][]byte{api.DockerConfigJsonKey: dockerConfigJsonContent}}},
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
credentialprovider.DockerConfig(map[string]credentialprovider.DockerConfigEntry{"index.docker.io/v1/": {"built-in", "password", "email", nil}}),
add pull secret references to pods
2015-05-08 17:53:00 +00:00
[]string{`ubuntu:latest using {"username":"passed-user","password":"passed-password","email":"passed-email"}`},
},
}
Unqualified host:port pairs are valid Docker auth fields The dockercfg and .docker/config.json files can contain host:path combos, which are not correctly parsed by the keyring.
2016-02-16 01:32:12 +00:00
for i, test := range tests {
add pull secret references to pods
2015-05-08 17:53:00 +00:00
builtInKeyRing := &credentialprovider.BasicDockerKeyring{}
builtInKeyRing.Add(test.builtInDockerConfig)
Set fake docker client to minimum required version.
2016-04-04 23:01:11 +00:00
fakeClient := NewFakeDockerClient()
add pull secret references to pods
2015-05-08 17:53:00 +00:00
dp := dockerPuller{
client: fakeClient,
keyring: builtInKeyRing,
}
err := dp.Pull(test.imageName, test.passedSecrets)
if err != nil {
Unqualified host:port pairs are valid Docker auth fields The dockercfg and .docker/config.json files can contain host:path combos, which are not correctly parsed by the keyring.
2016-02-16 01:32:12 +00:00
t.Errorf("%s: unexpected non-nil err: %s", i, err)
add pull secret references to pods
2015-05-08 17:53:00 +00:00
continue
}
if e, a := 1, len(fakeClient.pulled); e != a {
Unqualified host:port pairs are valid Docker auth fields The dockercfg and .docker/config.json files can contain host:path combos, which are not correctly parsed by the keyring.
2016-02-16 01:32:12 +00:00
t.Errorf("%s: expected 1 pulled image, got %d: %v", i, a, fakeClient.pulled)
add pull secret references to pods
2015-05-08 17:53:00 +00:00
continue
}
if e, a := test.expectedPulls, fakeClient.pulled; !reflect.DeepEqual(e, a) {
Unqualified host:port pairs are valid Docker auth fields The dockercfg and .docker/config.json files can contain host:path combos, which are not correctly parsed by the keyring.
2016-02-16 01:32:12 +00:00
t.Errorf("%s: expected pull of %v, but got %v", i, e, a)
add pull secret references to pods
2015-05-08 17:53:00 +00:00
}
}
}
Add a more detailed error message for potential auth fails in docker pull.
2015-02-10 15:23:32 +00:00
func TestDockerKeyringLookupFails(t *testing.T) {
fakeKeyring := &credentialprovider.FakeKeyring{}
Set fake docker client to minimum required version.
2016-04-04 23:01:11 +00:00
fakeClient := NewFakeDockerClient()
fakeClient.InjectError("pull", fmt.Errorf("test error"))
Add a more detailed error message for potential auth fails in docker pull.
2015-02-10 15:23:32 +00:00
dp := dockerPuller{
client: fakeClient,
keyring: fakeKeyring,
}
add pull secret references to pods
2015-05-08 17:53:00 +00:00
err := dp.Pull("host/repository/image:version", []api.Secret{})
Add a more detailed error message for potential auth fails in docker pull.
2015-02-10 15:23:32 +00:00
if err == nil {
t.Errorf("unexpected non-error")
}
Use docker's ParseRepositoryTag when pulling
2015-03-17 00:51:20 +00:00
msg := "image pull failed for host/repository/image:version, this may be because there are no credentials on this request. details: (test error)"
Add a more detailed error message for potential auth fails in docker pull.
2015-02-10 15:23:32 +00:00
if err.Error() != msg {
t.Errorf("expected: %s, saw: %s", msg, err.Error())
}
}
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
func TestDockerKeyringLookup(t *testing.T) {
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
ada := credentialprovider.LazyAuthConfiguration{
Refactor PullImage RemoveImage methods Refactor image remove
2016-04-06 15:06:37 +00:00
AuthConfig: dockertypes.AuthConfig{
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
Username: "ada",
Password: "smash",
Email: "ada@example.com",
},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
}
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
grace := credentialprovider.LazyAuthConfiguration{
Refactor PullImage RemoveImage methods Refactor image remove
2016-04-06 15:06:37 +00:00
AuthConfig: dockertypes.AuthConfig{
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
Username: "grace",
Password: "squash",
Email: "grace@example.com",
},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
}
Implements a credentialprovider library for use by DockerPuller. This change refactors the way Kubelet's DockerPuller handles the docker config credentials to utilize a new credentialprovider library. The credentialprovider library is based on several of the files from the Kubelet's dockertools directory, but supports a new pluggable model for retrieving a .dockercfg-compatible JSON blob with credentials. With this change, the Kubelet will lazily ask for the docker config from a set of DockerConfigProvider extensions each time it needs a credential. This change provides common implementations of DockerConfigProvider for: - "Default": load .dockercfg from disk - "Caching": wraps another provider in a cache that expires after a pre-specified lifetime. GCP-only: - "google-dockercfg": reads a .dockercfg from a GCE instance's metadata - "google-dockercfg-url": reads a .dockercfg from a URL specified in a GCE instance's metadata. - "google-container-registry": reads an access token from GCE metadata into a password field.
2014-11-15 13:50:59 +00:00
dk := &credentialprovider.BasicDockerKeyring{}
dk.Add(credentialprovider.DockerConfig{
"bar.example.com/pong": credentialprovider.DockerConfigEntry{
Username: grace.Username,
Password: grace.Password,
Email: grace.Email,
},
"bar.example.com": credentialprovider.DockerConfigEntry{
Username: ada.Username,
Password: ada.Password,
Email: ada.Email,
},
})
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
tests := []struct {
image string
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
match []credentialprovider.LazyAuthConfiguration
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
ok bool
}{
// direct match
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"bar.example.com", []credentialprovider.LazyAuthConfiguration{ada}, true},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
// direct match deeper than other possible matches
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"bar.example.com/pong", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
// no direct match, deeper path ignored
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"bar.example.com/ping", []credentialprovider.LazyAuthConfiguration{ada}, true},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
// match first part of path token
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"bar.example.com/pongz", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
// match regardless of sub-path
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"bar.example.com/pong/pang", []credentialprovider.LazyAuthConfiguration{grace, ada}, true},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
// no host match
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"example.com", []credentialprovider.LazyAuthConfiguration{}, false},
{"foo.example.com", []credentialprovider.LazyAuthConfiguration{}, false},
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
}
for i, tt := range tests {
Implements a credentialprovider library for use by DockerPuller. This change refactors the way Kubelet's DockerPuller handles the docker config credentials to utilize a new credentialprovider library. The credentialprovider library is based on several of the files from the Kubelet's dockertools directory, but supports a new pluggable model for retrieving a .dockercfg-compatible JSON blob with credentials. With this change, the Kubelet will lazily ask for the docker config from a set of DockerConfigProvider extensions each time it needs a credential. This change provides common implementations of DockerConfigProvider for: - "Default": load .dockercfg from disk - "Caching": wraps another provider in a cache that expires after a pre-specified lifetime. GCP-only: - "google-dockercfg": reads a .dockercfg from a GCE instance's metadata - "google-dockercfg-url": reads a .dockercfg from a URL specified in a GCE instance's metadata. - "google-container-registry": reads an access token from GCE metadata into a password field.
2014-11-15 13:50:59 +00:00
match, ok := dk.Lookup(tt.image)
kubelet: generate keyring from .dockercfg
2014-09-06 01:13:19 +00:00
if tt.ok != ok {
t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
}
if !reflect.DeepEqual(tt.match, match) {
t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
}
}
}
unit test for #2815, as requested by @brendandburns
2014-12-10 20:33:38 +00:00
Fix for issue 3797. Docker's logic for resolving credentials from .dockercfg accepts two kinds of matches: 1. an exact match between the dockercfg entry and the image prefix 2. a hostname match between the dockercfg entry and the image prefix This change implements the latter, which permits the docker client to take .dockercfg entries of the form: https://quay.io/v1/ and use them for images of the form: quay.io/foo/bar even though they are not a prefix-match.
2015-01-26 22:06:12 +00:00
// This validates that dockercfg entries with a scheme and url path are properly matched
// by images that only match the hostname.
// NOTE: the above covers the case of a more specific match trumping just hostname.
func TestIssue3797(t *testing.T) {
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
rex := credentialprovider.LazyAuthConfiguration{
Refactor PullImage RemoveImage methods Refactor image remove
2016-04-06 15:06:37 +00:00
AuthConfig: dockertypes.AuthConfig{
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
Username: "rex",
Password: "tiny arms",
Email: "rex@example.com",
},
Fix for issue 3797. Docker's logic for resolving credentials from .dockercfg accepts two kinds of matches: 1. an exact match between the dockercfg entry and the image prefix 2. a hostname match between the dockercfg entry and the image prefix This change implements the latter, which permits the docker client to take .dockercfg entries of the form: https://quay.io/v1/ and use them for images of the form: quay.io/foo/bar even though they are not a prefix-match.
2015-01-26 22:06:12 +00:00
}
dk := &credentialprovider.BasicDockerKeyring{}
dk.Add(credentialprovider.DockerConfig{
"https://quay.io/v1/": credentialprovider.DockerConfigEntry{
Username: rex.Username,
Password: rex.Password,
Email: rex.Email,
},
})
tests := []struct {
image string
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
match []credentialprovider.LazyAuthConfiguration
Fix for issue 3797. Docker's logic for resolving credentials from .dockercfg accepts two kinds of matches: 1. an exact match between the dockercfg entry and the image prefix 2. a hostname match between the dockercfg entry and the image prefix This change implements the latter, which permits the docker client to take .dockercfg entries of the form: https://quay.io/v1/ and use them for images of the form: quay.io/foo/bar even though they are not a prefix-match.
2015-01-26 22:06:12 +00:00
ok bool
}{
// direct match
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"quay.io", []credentialprovider.LazyAuthConfiguration{rex}, true},
Fix for issue 3797. Docker's logic for resolving credentials from .dockercfg accepts two kinds of matches: 1. an exact match between the dockercfg entry and the image prefix 2. a hostname match between the dockercfg entry and the image prefix This change implements the latter, which permits the docker client to take .dockercfg entries of the form: https://quay.io/v1/ and use them for images of the form: quay.io/foo/bar even though they are not a prefix-match.
2015-01-26 22:06:12 +00:00
// partial matches
Allow lazy binding in credential providers; don't use it in AWS yet This is step one for cross-region ECR support and has no visible effects yet. I'm not crazy about the name LazyProvide. Perhaps the interface method could remain like that and the package method of the same name could become LateBind(). I still don't understand why the credential provider has a DockerConfigEntry that has the same fields but is distinct from docker.AuthConfiguration. I had to write a converter now that we do that in more than one place. In step two, I'll add another intermediate, lazy provider for each AWS region, whose empty LazyAuthConfiguration will have a refresh time of months or years. Behind the scenes, it'll use an actual ecrProvider with the usual ~12 hour credentials, that will get created (and later refreshed) only when kubelet is attempting to pull an image. If we simply turned ecrProvider directly into a lazy provider, we would bypass all the caching and get new credentials for each image pulled.
2016-03-29 18:27:59 +00:00
{"quay.io/foo", []credentialprovider.LazyAuthConfiguration{rex}, true},
{"quay.io/foo/bar", []credentialprovider.LazyAuthConfiguration{rex}, true},
Fix for issue 3797. Docker's logic for resolving credentials from .dockercfg accepts two kinds of matches: 1. an exact match between the dockercfg entry and the image prefix 2. a hostname match between the dockercfg entry and the image prefix This change implements the latter, which permits the docker client to take .dockercfg entries of the form: https://quay.io/v1/ and use them for images of the form: quay.io/foo/bar even though they are not a prefix-match.
2015-01-26 22:06:12 +00:00
}
for i, tt := range tests {
match, ok := dk.Lookup(tt.image)
if tt.ok != ok {
t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
}
if !reflect.DeepEqual(tt.match, match) {
t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
}
}
}
unit test for #2815, as requested by @brendandburns
2014-12-10 20:33:38 +00:00
type imageTrackingDockerClient struct {
*FakeDockerClient
imageName string
}
fixed minor formatting
2014-12-13 01:43:07 +00:00
Refactor InspectImage method
2016-04-06 14:15:38 +00:00
func (f *imageTrackingDockerClient) InspectImage(name string) (image *dockertypes.ImageInspect, err error) {
unit test for #2815, as requested by @brendandburns
2014-12-10 20:33:38 +00:00
image, err = f.FakeDockerClient.InspectImage(name)
f.imageName = name
return
}
fixed minor formatting
2014-12-13 01:43:07 +00:00
unit test for #2815, as requested by @brendandburns
2014-12-10 20:33:38 +00:00
func TestIsImagePresent(t *testing.T) {
Set fake docker client to minimum required version.
2016-04-04 23:01:11 +00:00
cl := &imageTrackingDockerClient{NewFakeDockerClient(), ""}
unit test for #2815, as requested by @brendandburns
2014-12-10 20:33:38 +00:00
puller := &dockerPuller{
client: cl,
}
_, _ = puller.IsImagePresent("abc:123")
if cl.imageName != "abc:123" {
t.Errorf("expected inspection of image abc:123, instead inspected image %v", cl.imageName)
}
}
Wait until containers actually finish running before trying to clean up volumes or pods.
2015-02-03 20:14:16 +00:00
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
type podsByID []*kubecontainer.Pod
func (b podsByID) Len() int { return len(b) }
func (b podsByID) Swap(i, j int) { b[i], b[j] = b[j], b[i] }
func (b podsByID) Less(i, j int) bool { return b[i].ID < b[j].ID }
type containersByID []*kubecontainer.Container
func (b containersByID) Len() int { return len(b) }
func (b containersByID) Swap(i, j int) { b[i], b[j] = b[j], b[i] }
Use strong type for container ID Change all references to the container ID in pkg/kubelet/... to the strong type defined in pkg/kubelet/container: ContainerID The motivation for this change is to make the format of the ID unambiguous, specifically whether or not it includes the runtime prefix (e.g. "docker://").
2015-10-07 17:58:05 +00:00
func (b containersByID) Less(i, j int) bool { return b[i].ID.ID < b[j].ID.ID }
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
func TestFindContainersByPod(t *testing.T) {
tests := []struct {
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
runningContainerList []dockertypes.Container
exitedContainerList []dockertypes.Container
all bool
expectedPods []*kubecontainer.Pod
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
}{
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
{
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
[]dockertypes.Container{
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
ID: "foobar",
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Names: []string{"/k8s_foobar.1234_qux_ns_1234_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
ID: "barbar",
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Names: []string{"/k8s_barbar.1234_qux_ns_2343_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
ID: "baz",
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Names: []string{"/k8s_baz.1234_qux_ns_1234_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
},
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
[]dockertypes.Container{
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
ID: "barfoo",
Names: []string{"/k8s_barfoo.1234_qux_ns_1234_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
ID: "bazbaz",
Names: []string{"/k8s_bazbaz.1234_qux_ns_5678_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
false,
[]*kubecontainer.Pod{
{
ID: "1234",
Name: "qux",
Namespace: "ns",
Containers: []*kubecontainer.Container{
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("foobar").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "foobar",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("baz").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "baz",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
ID: "2343",
Name: "qux",
Namespace: "ns",
Containers: []*kubecontainer.Container{
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("barbar").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "barbar",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
},
},
{
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
[]dockertypes.Container{
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
ID: "foobar",
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Names: []string{"/k8s_foobar.1234_qux_ns_1234_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
ID: "barbar",
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Names: []string{"/k8s_barbar.1234_qux_ns_2343_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
ID: "baz",
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
Names: []string{"/k8s_baz.1234_qux_ns_1234_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
},
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
[]dockertypes.Container{
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
ID: "barfoo",
Names: []string{"/k8s_barfoo.1234_qux_ns_1234_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
ID: "bazbaz",
Names: []string{"/k8s_bazbaz.1234_qux_ns_5678_42"},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
true,
[]*kubecontainer.Pod{
{
ID: "1234",
Name: "qux",
Namespace: "ns",
Containers: []*kubecontainer.Container{
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("foobar").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "foobar",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("barfoo").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "barfoo",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("baz").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "baz",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
ID: "2343",
Name: "qux",
Namespace: "ns",
Containers: []*kubecontainer.Container{
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("barbar").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "barbar",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
ID: "5678",
Name: "qux",
Namespace: "ns",
Containers: []*kubecontainer.Container{
{
Split the Kubelet flag options and struct Reduces the size of the app/server.go file and ensures that the flags and their defaults are clearly separated.
2015-12-24 23:46:56 +00:00
ID: kubecontainer.DockerID("bazbaz").ContainerID(),
Change original PodStatus to APIPodStatus, and start using kubelet internal PodStatus in dockertools
2015-12-05 00:06:25 +00:00
Name: "bazbaz",
Hash: 0x1234,
State: kubecontainer.ContainerStateUnknown,
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
},
},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
},
},
},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
{
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
[]dockertypes.Container{},
[]dockertypes.Container{},
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
true,
nil,
},
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
}
Set fake docker client to minimum required version.
2016-04-04 23:01:11 +00:00
fakeClient := NewFakeDockerClient()
kubenet masqurade for outbound traffic
2016-06-09 17:32:28 +00:00
np, _ := network.InitNetworkPlugin([]network.NetworkPlugin{}, "", nettest.NewFakeHost(nil), componentconfig.HairpinNone, "10.0.0.0/8")
Spelling fixes inspired by github.com/client9/misspell
2016-02-12 19:33:32 +00:00
// image back-off is set to nil, this test should not pull images
Fix unit test build errors These tests can just use the empty string for the PodInfraContainerImage.
2016-06-20 18:38:37 +00:00
containerManager := NewFakeDockerManager(fakeClient, &record.FakeRecorder{}, nil, nil, &cadvisorapi.MachineInfo{}, "", 0, 0, "", &containertest.FakeOS{}, np, nil, nil, nil)
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
for i, test := range tests {
Refactr ListContainers.
2016-04-04 08:56:49 +00:00
fakeClient.RunningContainerList = test.runningContainerList
kubelet: Remove unused docker functions. Remove kubelet.getPodInfraContainer(). Remove dockertools.RemoveContainerWithID(). Remove dockertools.FindContainersByPod(). Also replace the useless test with a test for GetPods().
2015-04-13 22:25:14 +00:00
fakeClient.ExitedContainerList = test.exitedContainerList
result, _ := containerManager.GetPods(test.all)
for i := range result {
sort.Sort(containersByID(result[i].Containers))
}
for i := range test.expectedPods {
sort.Sort(containersByID(test.expectedPods[i].Containers))
}
sort.Sort(podsByID(result))
sort.Sort(podsByID(test.expectedPods))
if !reflect.DeepEqual(test.expectedPods, result) {
t.Errorf("%d: expected: %#v, saw: %#v", i, test.expectedPods, result)
Refactor pkg/kubelet/kubelet.go: syncPod(). Makes the syncPod() takes only the containers that belongs to the pod.
2015-03-04 01:33:48 +00:00
}
}
}
kubelet: Refactor kubelet.runContainer. Push the run container logic into container runtime.
2015-03-26 18:59:41 +00:00
func TestMakePortsAndBindings(t *testing.T) {
Reduce LOC in kubelet tests
2016-04-27 04:53:07 +00:00
portMapping := func(container, host int, protocol api.Protocol, ip string) kubecontainer.PortMapping {
return kubecontainer.PortMapping{
ContainerPort: container,
HostPort: host,
Protocol: protocol,
HostIP: ip,
}
}
portBinding := func(port, ip string) dockernat.PortBinding {
return dockernat.PortBinding{
HostPort: port,
HostIP: ip,
}
}
kubelet/container: Refactor RunContainerOptions. Make Envs, Mounts, PortMappings more generic. Also add default name for PortMapping if it's not specified.
2015-05-12 21:49:35 +00:00
ports := []kubecontainer.PortMapping{
Reduce LOC in kubelet tests
2016-04-27 04:53:07 +00:00
portMapping(80, 8080, "", "127.0.0.1"),
portMapping(443, 443, "tcp", ""),
portMapping(444, 444, "udp", ""),
portMapping(445, 445, "foobar", ""),
portMapping(443, 446, "tcp", ""),
portMapping(443, 446, "udp", ""),
kubelet: Refactor kubelet.runContainer. Push the run container logic into container runtime.
2015-03-26 18:59:41 +00:00
}
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
kubelet/container: Refactor RunContainerOptions. Make Envs, Mounts, PortMappings more generic. Also add default name for PortMapping if it's not specified.
2015-05-12 21:49:35 +00:00
exposedPorts, bindings := makePortsAndBindings(ports)
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
// Count the expected exposed ports and bindings
expectedExposedPorts := map[string]struct{}{}
for _, binding := range ports {
dockerKey := strconv.Itoa(binding.ContainerPort) + "/" + string(binding.Protocol)
expectedExposedPorts[dockerKey] = struct{}{}
}
// Should expose right ports in docker
if len(expectedExposedPorts) != len(exposedPorts) {
kubelet/container: Refactor RunContainerOptions. Make Envs, Mounts, PortMappings more generic. Also add default name for PortMapping if it's not specified.
2015-05-12 21:49:35 +00:00
t.Errorf("Unexpected ports and bindings, %#v %#v %#v", ports, exposedPorts, bindings)
kubelet: Refactor kubelet.runContainer. Push the run container logic into container runtime.
2015-03-26 18:59:41 +00:00
}
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
// Construct expected bindings
Refactor CreateContainer.
2016-04-14 17:36:13 +00:00
expectPortBindings := map[string][]dockernat.PortBinding{
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
"80/tcp": {
Reduce LOC in kubelet tests
2016-04-27 04:53:07 +00:00
portBinding("8080", "127.0.0.1"),
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
},
"443/tcp": {
Reduce LOC in kubelet tests
2016-04-27 04:53:07 +00:00
portBinding("443", ""),
portBinding("446", ""),
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
},
"443/udp": {
Reduce LOC in kubelet tests
2016-04-27 04:53:07 +00:00
portBinding("446", ""),
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
},
"444/udp": {
Reduce LOC in kubelet tests
2016-04-27 04:53:07 +00:00
portBinding("444", ""),
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
},
"445/tcp": {
Reduce LOC in kubelet tests
2016-04-27 04:53:07 +00:00
portBinding("445", ""),
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
},
}
// interate the bindings by dockerPort, and check its portBindings
for dockerPort, portBindings := range bindings {
switch dockerPort {
case "80/tcp", "443/tcp", "443/udp", "444/udp", "445/tcp":
if !reflect.DeepEqual(expectPortBindings[string(dockerPort)], portBindings) {
t.Errorf("Unexpected portbindings for %#v, expected: %#v, but got: %#v",
dockerPort, expectPortBindings[string(dockerPort)], portBindings)
kubelet: Refactor kubelet.runContainer. Push the run container logic into container runtime.
2015-03-26 18:59:41 +00:00
}
Fix tests and clear fmt mess in manager.go
2015-08-31 12:53:02 +00:00
default:
t.Errorf("Unexpected docker port: %#v with portbindings: %#v", dockerPort, portBindings)
kubelet: Refactor kubelet.runContainer. Push the run container logic into container runtime.
2015-03-26 18:59:41 +00:00
}
}
}
Add support for CFS quota in kubelet
2015-09-01 13:27:01 +00:00
func TestMilliCPUToQuota(t *testing.T) {
testCases := []struct {
input int64
quota int64
period int64
}{
{
input: int64(0),
quota: int64(0),
period: int64(0),
},
1. Make kubelet default to 10ms for CPU quota if limit < 10m for backwards compat. 2. Update documentation to reflect minimum CPU limits. Signed-off-by: Vishnu kannan <vishnuk@google.com>
2016-03-17 19:10:04 +00:00
{
input: int64(5),
quota: int64(1000),
period: int64(100000),
},
{
input: int64(9),
quota: int64(1000),
period: int64(100000),
},
{
input: int64(10),
quota: int64(1000),
period: int64(100000),
},
Add support for CFS quota in kubelet
2015-09-01 13:27:01 +00:00
{
input: int64(200),
quota: int64(20000),
period: int64(100000),
},
{
input: int64(500),
quota: int64(50000),
period: int64(100000),
},
{
input: int64(1000),
quota: int64(100000),
period: int64(100000),
},
{
input: int64(1500),
quota: int64(150000),
period: int64(100000),
},
}
for _, testCase := range testCases {
quota, period := milliCPUToQuota(testCase.input)
if quota != testCase.quota || period != testCase.period {
t.Errorf("Input %v, expected quota %v period %v, but got quota %v period %v", testCase.input, testCase.quota, testCase.period, quota, period)
}
}
}
restrict log sym link filename to 255 characters Signed-off-by: Vishnu Kannan <vishnuk@google.com>
2016-07-24 21:28:31 +00:00
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
func randStringBytes(n int) string {
b := make([]byte, n)
for i := range b {
b[i] = letterBytes[rand.Intn(len(letterBytes))]
}
return string(b)
}
func TestLogSymLink(t *testing.T) {
as := assert.New(t)
containerLogsDir := "/foo/bar"
podFullName := randStringBytes(128)
containerName := randStringBytes(70)
dockerId := randStringBytes(80)
// The file name cannot exceed 255 characters. Since .log suffix is required, the prefix cannot exceed 251 characters.
expectedPath := path.Join(containerLogsDir, fmt.Sprintf("%s_%s-%s", podFullName, containerName, dockerId)[:251]+".log")
as.Equal(expectedPath, LogSymlink(containerLogsDir, podFullName, containerName, dockerId))
}