Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e: adapt play kube test on remote rootless #17392

Merged
merged 1 commit into from
Feb 15, 2023
Merged

e2e: adapt play kube test on remote rootless #17392

merged 1 commit into from
Feb 15, 2023

Conversation

sstosh
Copy link
Contributor

@sstosh sstosh commented Feb 7, 2023

Use podmanTest.PodmanBinary because podman-remote unshare
cannot be used.

Signed-off-by: Toshiki Sonoda [email protected]

Does this PR introduce a user-facing change?

None

@sstosh
e2e: adapt play kube test on remote rootless
3152150 
Use podmanTest.PodmanBinary because podman-remote unshare
cannot be used.

Signed-off-by: Toshiki Sonoda <[email protected]>
@sstosh
Copy link
Contributor Author

sstosh commented Feb 7, 2023
edited
Loading

The CI/CI system currently doesn't run on remote rootless.
Therefore, this test wasn't failed.

However, it still fails even if applying this commit,
because podman-remote --userns=auto doesn't work.

Maybe related to #16795

podman play kube --replace --userns=auto 
$ podman unshare cat /proc/self/uid_map
         0       1000          1
         1     524288      65536
				 
$ podman play kube test.yaml
Pod:
2d2b4eecb98417dd63d4e69cc081ab58cba72e361c55092f169c041c09c0c039
Container:
6c074ef87be3160eab459b4e794509aed481c13cc8d7654f9994e99fec11853a

$ podman exec testPod-testCtr cat /proc/self/uid_map
         0       1000          1
         1     524288      65536
				 
$ podman play kube --replace --userns=auto test.yaml
Pods stopped:
2d2b4eecb98417dd63d4e69cc081ab58cba72e361c55092f169c041c09c0c039
Pods removed:
2d2b4eecb98417dd63d4e69cc081ab58cba72e361c55092f169c041c09c0c039
Volumes removed:
Pod:
58e71395ace095464a362cf6a08db1e8340d0c76637da45c3e2b34a4216c170e
Container:
76d3d14c0a1ab23329fe7aa2c897bccfb5084ed47f2e11c08afd1089a405de4e

$ podman exec testPod-testCtr cat /proc/self/uid_map
         0          1       1024
podman-remote play kube --replace --userns=auto 
$ podman unshare cat /proc/self/uid_map
         0       1000          1
         1     524288      65536
				 
$ podman-remote play kube test.yaml
Pod:
4e1275d67859c7fa5903c4061250d397ae4f6897744be1592002365d6705577f
Container:
1c4485a37cf0792a8c8a7bea4bf694d32ddf1e4c5d9ae1e02f05a79dbff4323b

$ podman-remote exec testPod-testCtr cat /proc/self/uid_map
         0       1000          1
         1     524288      65536
				 
$ podman-remote play kube --replace --userns=auto test.yaml
Pods stopped:
4e1275d67859c7fa5903c4061250d397ae4f6897744be1592002365d6705577f
Pods removed:
4e1275d67859c7fa5903c4061250d397ae4f6897744be1592002365d6705577f
Volumes removed:
Pod:
91c0032e508c89fab2fc95fd38c286479e99638e7165af2b0b6d95bf82c70332
Container:
79897fd37da1727d86f73f82dc69d06fd42462bb6b0fe2b317bbd2e3be9e668a

$ podman-remote exec testPod-testCtr cat /proc/self/uid_map
         0       1000          1
         1     524288      65536

(Expected) 0          1       1024
test.yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2019-07-17T14:44:08Z"
  name: testPod
  labels:
    app: testPod
spec:
  restartPolicy: Never
  hostNetwork: false
  containers:
  - command:
    - top
    args:
    - -d
    - 1.5
    env:
    - name: HOSTNAME
    image: quay.io/libpod/alpine:latest
    name: testCtr
    imagePullPolicy:
    securityContext:
      allowPrivilegeEscalation: true
      privileged: false
      readOnlyRootFilesystem: false
    ports:
    - containerPort:
      protocol: TCP
    workingDir: /
    volumeMounts:
status: {}

@rhatdan
Copy link
Member

rhatdan commented Feb 15, 2023

LGTM
@edsantiago PTAL

edsantiago
edsantiago approved these changes Feb 15, 2023
View reviewed changes
Copy link
Member

@edsantiago edsantiago left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Sorry for tardy review; it took me a while to convince myself that this test is meaningful under remote.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 15, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: edsantiago, sstosh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 15, 2023
@rhatdan
Copy link
Member

rhatdan commented Feb 15, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 15, 2023
@openshift-merge-robot openshift-merge-robot merged commit 0cad682 into containers:main Feb 15, 2023
@sstosh sstosh deleted the e2e-kube-unshare branch July 11, 2023 04:32
sstosh added a commit to sstosh/podman that referenced this pull request Jul 12, 2023
@sstosh
remote: fix podman-remote play kube --userns
8aafd7b 
In the remote environment, podman play kube --userns should work.

Related: containers#17392

Signed-off-by: Toshiki Sonoda <[email protected]>
@sstosh sstosh mentioned this pull request Jul 12, 2023
Merged
sstosh added a commit to sstosh/podman that referenced this pull request Jul 12, 2023
@sstosh
remote: fix podman-remote play kube --userns
c6b5b9a 
Fix `podman play kube --userns` to work in remote environment.

Related: containers#17392

Signed-off-by: Toshiki Sonoda <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Oct 10, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@edsantiago edsantiago edsantiago approved these changes

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sstosh @rhatdan @edsantiago @openshift-merge-robot