PodSecurity featuregate is beta in kubernetes
1.23 and its causing problem for the existing
tests. This PR disables the PodSecurity featuregate
for now and will be enabled later.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit change the image registry URL for sidecars in the
deployment from `k8s.gcr.io` to `registry.k8s.io` as
the migration is happening from former to the latter. This commit
also correct the e2e readme for the change.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
The sidecar images in minikube deployment will be fetched from
build.env and used/validated accordingly.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
we dont need to specify the image version
separately in minikube script, use the image
version defined in the build.env
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
The ReadWriteOncePod feature gate need to be enabled only when we
are operating on kube 1.22 or above cluster. This commit adds the
logic to parse the kubernetes cluster at time of minikube deployment
and if it is above v1.22, enable the RWOP feature gate
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
The `expandCSIVolumes` feature gate is beta since kubernetes 1.16
version and we no longer wanted to explictly enable it in the
deployment.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
we need to start minikube with the
PodSecurityPolicy admission controller
and the pod-security-policy addon enabled
for psp.
Ref:- https://minikube.sigs.k8s.io/docs/
tutorials/using_psp/#tutorial
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
as we are no longer using older (<1.11.1)
version of minikube, removing the
workaround to support the psp with
older minikube versions.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Having double quotes around $DISK_CONFIG led to these args
not being properly passed to minikube start. This commit fixes it.
Signed-off-by: Rakshith R <rar@redhat.com>
Sometimes there is an unclear error while starting the Minikube VM.
Possibly this can be worked around by passing the --delete-on-failure
option:
If set, delete the current cluster if start fails and try again. Defaults to false.
See-also: https://minikube.sigs.k8s.io/docs/commands/start/
Signed-off-by: Niels de Vos <ndevos@redhat.com>
minikube waits for 6 minutes for the minikube or
host to be ready, due to resource issue sometimes
the host/minikube might take longer time to start
the cluster. Increase the timeout to 10m by default
updates #1969
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Test if metrics are available at all. The actual values are a little
difficult to validate.
BlockMode volumes support metrics since Kubernetes 1.22.
See-also: kubernetes/kubernetes#97972
Signed-off-by: Niels de Vos <ndevos@redhat.com>
BlockVolume, CSIBlockVolume(GA since k8s v1.18) & VolumeSnapshotDataSource
(GA since k8s v1.20) default to true and don't need to be set to true in
feature gates setting.
Signed-off-by: Rakshith R <rar@redhat.com>
It seems that recent minikube versions changed something in the
networking, and that prevents
$ ceph fs subvolumegroup create myfs testGroup
from working. Strangely RBD is not impacted. Possibly something is
confusing the CephMgr pod that handles the CephFS admin commands.
Using the "bridge" CNI seems to help, CephFS admin commands work with
this in minikube.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This PR makes the changes in csi templates and
upgrade documentation required for updating
csi sidecar images.
Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
Just like deploy-rook and teardown-rook, this patch will add
install snapshotter and cleanup snapshotter option to minikube
script.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Instead of using the Docker command to push the image to to minikube VM,
read the image from stdin over ssh and load it with the Docker command
that is available inside the VM.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Allow passing:
$ CONTAINER_CMD="sudo docker" ./scripts/minikube.sh cephcsi
or
$ CONTAINER_CMD="sudo podman" ./scripts/minikube.sh cephcsi
Because the container images could list in '# sudo docker images' or
'# sudo podman images' incase if the Makefile target image-cephcsi is
run with sudo
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Add a way to supply local CONTAINER_CMD option of choice via
env variable to minikube.sh
Note: we still use docker daemon env at minikube box, in the future
we can switch to podman service env '# minikube podman-env' if needed
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Problem:
-------
$ minikube version
minikube version: v1.12.2
commit: be7c19d391302656d27f1f213657d925c4e1cfc2-dirty
$ ./scripts/minikube.sh up
installed minikube version v1.12.2 is not matching requested version latest
Here v1.12.2 is the latest version of minikube, but the script simply bails out.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
In this script we defined all the functions at the top and then started
with executable commands (entry points to script start).
Only this function is odd in the script unlike the rest of them, defined
in between the execution sequence taking away the readability.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
By default minikube uses 2 CPUs, which might be too little for some of
the tests. When not passing a CPUS environment variable, use all CPUs
available on the system (detected with 'nproc').
Signed-off-by: Niels de Vos <ndevos@redhat.com>
minikube has /sbin/losetup from Busybox, and that does not work with
raw-block PVCs. Use the losetup executable from the host in the VM
instead.
See-also: kubernetes/minikube#8284
Signed-off-by: Niels de Vos <ndevos@redhat.com>
While testing with tehj default 3000 MB RAM in the minikube VM, creating
a encrypted RBD volume fails because 'cryptsetup' gets killed:
[ 766.072585] Out of memory: Kill process 18497 (cryptsetup) score 1182 or sacrifice child
[ 766.072589] Killed process 18497 (cryptsetup) total-vm:863136kB, anon-rss:510336kB, file-rss:10788kB, shmem-rss:0kB
[ 766.072688] oom_reaper: reaped process 18497 (cryptsetup), now anon-rss:510336kB, file-rss:10780kB, shmem-rss:0kB
Using 4 GB RAM should prevent this from occuring.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
In case kubectl did not get installed (VM_DRIVER != none),
scripts/minikube.sh can fail when kubectl is not in the path. By running
the "kubectl cluster-info" command through minikube, the script will
succeed.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
In case there is a minikube executable in the $PATH already, use that
for all commands. If there is none, install_minikube() will place a
newly downloaded executable in /usr/local/bin which will be used by the
full pathname, so that commands as root without /usr/local/bin in the
$PATH will work.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
The command fails when PWD=/. It is unclear what the command tries to
achieve. The next command does something more useful, although it can
maybe be removed as well.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
When starting minikube as root with --driver=kvm2, minikube complains
that this is not the right thing to do. However, in the CentOS CI we
really want to run as root, as that makes the scripts simpler.
Add the --force option while starting, so that minikube does not abort
anymore.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Storage providers and the default storage class is not needed for
Ceph-CSI testing. In order to reduce resources and potential conflicts
between storage plugins, disable them.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
With minikube versions greater than 1.6.2 and less than 1.11.1, the YAML files
minikube path will not be automatically applied to the cluster. we will get
errors during bootstrap of the cluster if the admission controller is enabled.
To use Pod Security Policies with these versions of minikube, first start a
cluster without the `PodSecurityPolicy` admission controller enabled.
Next, apply the psp yaml. and stop the cluster and then restart it
with the admission controller enabled.
```
minikube start
kubectl apply -f /path/to/psp.yaml
minikube stop
minikube start --extra-config=apiserver.enable-admission-plugins=PodSecurityPolicy
```
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
In some Linux distributions the /etc/resolv.conf file is a symlink. This
file gets included in the Kubernetes containers and will be used for
resolving hostnames. By including the symlink, it is possible that that
target file is not available in the container(s). This will cause
problems when resolving hostnames, and Kubernetes will not get deployed.
The default minikube VM provides /run/systemd/resolve/resolv.conf, with
/etc/resolv.conf being a symlink. Therefor, it is needed to pass the
`--extra-config=kubelet.resolv-conf=..` parameter to `kubeadm`.
In case minikube is started with `--vm-driver=none` and
/run/systemd/resolve/resolv.conf does not exist, the local
/etc/resolv.conf will be used for inclusion in the Kubelet container. If
this is a symlink, the final destination should get passed with
`--extra-config=kubelet.resolv-conf=..` so that a working hostname
resolution configuration is available in the container.
Updates: #1121
Signed-off-by: Niels de Vos <ndevos@redhat.com>
- This commit adds tests only for RBD, as CephFS still needs
an enhancement in CephFS subvolume commands to effectively use
topology based provisioning
Signed-off-by: ShyamsundarR <srangana@redhat.com>