add test for sysctls

Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
This commit is contained in:
HaoZhang 2016-11-19 10:17:14 +08:00
parent d1e1b7c183
commit bdd817d002
2 changed files with 43 additions and 1 deletions

View file

@ -187,3 +187,43 @@ function teardown() {
cleanup_pods cleanup_pods
stop_ocid stop_ocid
} }
@test "pass pod sysctls to runtime" {
# this test requires docker, thus it can't yet be run in a container
if [ "$TRAVIS" = "true" ]; then # instead of $TRAVIS, add a function is_containerized to skip here
skip "cannot yet run this test in a container, use sudo make localintegration"
fi
start_ocid
run ocic pod create --config "$TESTDATA"/sandbox_config.json
echo "$output"
[ "$status" -eq 0 ]
pod_id="$output"
run ocic ctr create --pod "$pod_id" --config "$TESTDATA"/container_redis.json
echo "$output"
[ "$status" -eq 0 ]
container_id="$output"
run ocic ctr start --id "$container_id"
echo "$output"
[ "$status" -eq 0 ]
run ocic ctr execsync --id "$container_id" sysctl kernel.shm_rmid_forced
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "kernel.shm_rmid_forced = 1" ]]
run ocic ctr execsync --id "$container_id" sysctl kernel.msgmax
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "kernel.msgmax = 8192" ]]
run ocic ctr execsync --id "$container_id" sysctl net.ipv4.ip_local_port_range
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "net.ipv4.ip_local_port_range = 1024 65000" ]]
cleanup_pods
stop_ocid
}

View file

@ -46,7 +46,9 @@
"group": "test" "group": "test"
}, },
"annotations": { "annotations": {
"owner": "hmeng" "owner": "hmeng",
"security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000",
"security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192"
}, },
"linux": { "linux": {
"cgroup_parent": "podsandbox1.slice:container:infra", "cgroup_parent": "podsandbox1.slice:container:infra",