diff --git a/test/e2e/persistent_volumes.go b/test/e2e/persistent_volumes.go index 38bcfd69ce..9309eb9d9a 100644 --- a/test/e2e/persistent_volumes.go +++ b/test/e2e/persistent_volumes.go @@ -28,6 +28,7 @@ import ( "k8s.io/kubernetes/pkg/api/testapi" "k8s.io/kubernetes/pkg/api/unversioned" client "k8s.io/kubernetes/pkg/client/unversioned" + "k8s.io/kubernetes/pkg/volume/util/volumehelper" "k8s.io/kubernetes/test/e2e/framework" ) @@ -343,8 +344,9 @@ var _ = framework.KubeDescribe("PersistentVolumes", func() { NFSconfig = VolumeTestConfig{ namespace: api.NamespaceDefault, prefix: "nfs", - serverImage: "gcr.io/google_containers/volume-nfs:0.6", + serverImage: "gcr.io/google_containers/volume-nfs:0.7", serverPorts: []int{2049}, + serverArgs: []string{"-G", "777", "/exports"}, } BeforeEach(func() { @@ -486,6 +488,9 @@ func makePersistentVolume(serverIP string, pvc *api.PersistentVolumeClaim) *api. return &api.PersistentVolume{ ObjectMeta: api.ObjectMeta{ GenerateName: "nfs-", + Annotations: map[string]string{ + volumehelper.VolumeGidAnnotationKey: "777", + }, }, Spec: api.PersistentVolumeSpec{ PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle, @@ -555,7 +560,7 @@ func makeWritePod(ns string, pvcName string) *api.Pod { Name: "write-pod", Image: "gcr.io/google_containers/busybox:1.24", Command: []string{"/bin/sh"}, - Args: []string{"-c", "touch /mnt/SUCCESS && exit 0 || exit 1"}, + Args: []string{"-c", "touch /mnt/SUCCESS && (id -G | grep -E '\\b777\\b')"}, VolumeMounts: []api.VolumeMount{ { Name: "nfs-pvc", diff --git a/test/e2e/volumes.go b/test/e2e/volumes.go index f7e608ab50..c9367b679d 100644 --- a/test/e2e/volumes.go +++ b/test/e2e/volumes.go @@ -68,6 +68,8 @@ type VolumeTestConfig struct { serverImage string // Ports to export from the server pod. TCP only. serverPorts []int + // Arguments to pass to the container image. + serverArgs []string // Volumes needed to be mounted to the server container from the host // map -> volumes map[string]string @@ -134,6 +136,7 @@ func startVolumeServer(client *client.Client, config VolumeTestConfig) *api.Pod SecurityContext: &api.SecurityContext{ Privileged: privileged, }, + Args: config.serverArgs, Ports: serverPodPorts, VolumeMounts: mounts, }, diff --git a/test/images/volumes-tester/nfs/Dockerfile b/test/images/volumes-tester/nfs/Dockerfile index 38eb14aa23..87c329f599 100644 --- a/test/images/volumes-tester/nfs/Dockerfile +++ b/test/images/volumes-tester/nfs/Dockerfile @@ -23,4 +23,5 @@ RUN chmod 644 /tmp/index.html # expose mountd 20048/tcp and nfsd 2049/tcp EXPOSE 2049/tcp 20048/tcp -ENTRYPOINT ["/usr/local/bin/run_nfs.sh", "/exports", "/"] +ENTRYPOINT ["/usr/local/bin/run_nfs.sh"] +CMD ["/exports", "/"] diff --git a/test/images/volumes-tester/nfs/Makefile b/test/images/volumes-tester/nfs/Makefile index 85dd053b6a..5111f019f4 100644 --- a/test/images/volumes-tester/nfs/Makefile +++ b/test/images/volumes-tester/nfs/Makefile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -TAG = 0.6 +TAG = 0.7 PREFIX = gcr.io/google_containers all: push diff --git a/test/images/volumes-tester/nfs/README.md b/test/images/volumes-tester/nfs/README.md index a621af9c15..4715531862 100644 --- a/test/images/volumes-tester/nfs/README.md +++ b/test/images/volumes-tester/nfs/README.md @@ -2,6 +2,9 @@ This container exports '/' directory with an index.html inside. NFSv4 only. +Accepts a -G option for specifying a group id to give exported directories. +Clients in the specified group will have full rwx permissions, others none. + Inspired by https://github.com/cpuguy83/docker-nfs-server. Used by test/e2e/* to test NFSVolumeSource. Not for production use! diff --git a/test/images/volumes-tester/nfs/run_nfs.sh b/test/images/volumes-tester/nfs/run_nfs.sh index fa7b165c01..e9c84fd254 100755 --- a/test/images/volumes-tester/nfs/run_nfs.sh +++ b/test/images/volumes-tester/nfs/run_nfs.sh @@ -17,10 +17,23 @@ function start() { + unset gid + # accept "-G gid" option + while getopts "G:" opt; do + case ${opt} in + G) gid=${OPTARG};; + esac + done + shift $(($OPTIND - 1)) + # prepare /etc/exports for i in "$@"; do # fsid=0: needed for NFSv4 echo "$i *(rw,fsid=0,insecure,no_root_squash)" >> /etc/exports + if [ -v gid ] ; then + chmod 070 $i + chgrp $gid $i + fi # move index.html to here /bin/cp /tmp/index.html $i/ chmod 644 $i/index.html