Merge pull request #35587 from rkouj/master

Automatic merge from submit-queue

Add test for: mount a secret with another secret having same name in different namespace

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

If two secrets exist with the same name but different namespace, a pod in one namespace should be able to mount the secret without issue.

**Which issue this PR fixes** _(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)_: fixes #

**Special notes for your reviewer**:

**Release note**:

<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->

``` release-note
```

…nother secret with same name and different namespace
This commit is contained in:
Kubernetes Submit Queue
2016-11-14 16:21:47 -08:00
committed by GitHub
2 changed files with 39 additions and 12 deletions

View File

@@ -31,12 +31,12 @@ var _ = framework.KubeDescribe("Secrets", func() {
f := framework.NewDefaultFramework("secrets") f := framework.NewDefaultFramework("secrets")
It("should be consumable from pods in volume [Conformance]", func() { It("should be consumable from pods in volume [Conformance]", func() {
doSecretE2EWithoutMapping(f, nil) doSecretE2EWithoutMapping(f, nil /* default mode */, "secret-test-"+string(uuid.NewUUID()))
}) })
It("should be consumable from pods in volume with defaultMode set [Conformance]", func() { It("should be consumable from pods in volume with defaultMode set [Conformance]", func() {
defaultMode := int32(0400) defaultMode := int32(0400)
doSecretE2EWithoutMapping(f, &defaultMode) doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()))
}) })
It("should be consumable from pods in volume with mappings [Conformance]", func() { It("should be consumable from pods in volume with mappings [Conformance]", func() {
@@ -48,6 +48,27 @@ var _ = framework.KubeDescribe("Secrets", func() {
doSecretE2EWithMapping(f, &mode) doSecretE2EWithMapping(f, &mode)
}) })
It("should be able to mount in a volume regardless of a different secret existing with same name in different namespace", func() {
var (
namespace2 *api.Namespace
err error
secret2Name = "secret-test-" + string(uuid.NewUUID())
)
if namespace2, err = f.CreateNamespace("secret-namespace", nil); err != nil {
framework.Failf("unable to create new namespace %s: %v", namespace2.Name, err)
}
secret2 := secretForTest(namespace2.Name, secret2Name)
secret2.Data = map[string][]byte{
"this_should_not_match_content_of_other_secret": []byte("similarly_this_should_not_match_content_of_other_secret\n"),
}
if secret2, err = f.ClientSet.Core().Secrets(namespace2.Name).Create(secret2); err != nil {
framework.Failf("unable to create test secret %s: %v", secret2.Name, err)
}
doSecretE2EWithoutMapping(f, nil /* default mode */, secret2.Name)
})
It("should be consumable in multiple volumes in a pod [Conformance]", func() { It("should be consumable in multiple volumes in a pod [Conformance]", func() {
// This test ensures that the same secret can be mounted in multiple // This test ensures that the same secret can be mounted in multiple
// volumes in the same pod. This test case exists to prevent // volumes in the same pod. This test case exists to prevent
@@ -180,12 +201,11 @@ func secretForTest(namespace, name string) *api.Secret {
} }
} }
func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) { func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32, secretName string) {
var ( var (
name = "secret-test-" + string(uuid.NewUUID())
volumeName = "secret-volume" volumeName = "secret-volume"
volumeMountPath = "/etc/secret-volume" volumeMountPath = "/etc/secret-volume"
secret = secretForTest(f.Namespace.Name, name) secret = secretForTest(f.Namespace.Name, secretName)
) )
By(fmt.Sprintf("Creating secret with name %s", secret.Name)) By(fmt.Sprintf("Creating secret with name %s", secret.Name))
@@ -196,7 +216,8 @@ func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
pod := &api.Pod{ pod := &api.Pod{
ObjectMeta: api.ObjectMeta{ ObjectMeta: api.ObjectMeta{
Name: "pod-secrets-" + string(uuid.NewUUID()), Name: "pod-secrets-" + string(uuid.NewUUID()),
Namespace: f.Namespace.Name,
}, },
Spec: api.PodSpec{ Spec: api.PodSpec{
Volumes: []api.Volume{ Volumes: []api.Volume{
@@ -204,7 +225,7 @@ func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
Name: volumeName, Name: volumeName,
VolumeSource: api.VolumeSource{ VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{ Secret: &api.SecretVolumeSource{
SecretName: name, SecretName: secretName,
}, },
}, },
}, },

View File

@@ -38,6 +38,7 @@ Container Lifecycle Hook when create a pod with lifecycle hook when it is http h
Container Runtime Conformance Test container runtime conformance blackbox test when running a container with a new image *,Random-Liu,0 Container Runtime Conformance Test container runtime conformance blackbox test when running a container with a new image *,Random-Liu,0
Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits it should run with the expected status,luxas,1 Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits it should run with the expected status,luxas,1
Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits should report termination message if TerminationMessagePath is set,timothysc,1 Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits should report termination message if TerminationMessagePath is set,timothysc,1
ContainerLogPath Pod with a container printed log to stdout should print log to correct log path,resouer,0
CronJob should not emit unexpected warnings,soltysh,1 CronJob should not emit unexpected warnings,soltysh,1
CronJob should not schedule jobs when suspended,soltysh,1 CronJob should not schedule jobs when suspended,soltysh,1
CronJob should not schedule new jobs when ForbidConcurrent,soltysh,1 CronJob should not schedule new jobs when ForbidConcurrent,soltysh,1
@@ -45,7 +46,6 @@ CronJob should replace jobs when ReplaceConcurrent,soltysh,1
CronJob should schedule multiple jobs concurrently,soltysh,1 CronJob should schedule multiple jobs concurrently,soltysh,1
DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods in both nonfaulty and faulty scenarios,MrHohn,0 DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods in both nonfaulty and faulty scenarios,MrHohn,0
DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods when cluster size changed,MrHohn,0 DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods when cluster size changed,MrHohn,0
ContainerLogPath Pod with a container printed log to stdout should print log to correct log path,resouer,0
DNS should provide DNS for ExternalName services,rmmh,1 DNS should provide DNS for ExternalName services,rmmh,1
DNS should provide DNS for pods for Hostname and Subdomain Annotation,mtaufen,1 DNS should provide DNS for pods for Hostname and Subdomain Annotation,mtaufen,1
DNS should provide DNS for services,roberthbailey,1 DNS should provide DNS for services,roberthbailey,1
@@ -77,6 +77,9 @@ Deployment overlapping deployment should not fight with each other,kargakis,1
Deployment paused deployment should be able to scale,kargakis,1 Deployment paused deployment should be able to scale,kargakis,1
Deployment paused deployment should be ignored by the controller,kargakis,0 Deployment paused deployment should be ignored by the controller,kargakis,0
Deployment scaled rollout deployment should not block on annotation check,kargakis,1 Deployment scaled rollout deployment should not block on annotation check,kargakis,1
DisruptionController evictions: * => *,rkouj,0
DisruptionController should create a PodDisruptionBudget,rkouj,0
DisruptionController should update PodDisruptionBudget status,rkouj,0
Docker Containers should be able to override the image's default arguments (docker cmd),maisem,0 Docker Containers should be able to override the image's default arguments (docker cmd),maisem,0
Docker Containers should be able to override the image's default command and arguments,maisem,0 Docker Containers should be able to override the image's default command and arguments,maisem,0
Docker Containers should be able to override the image's default commmand (docker entrypoint),maisem,0 Docker Containers should be able to override the image's default commmand (docker entrypoint),maisem,0
@@ -145,10 +148,9 @@ Federation API server authentication should not accept cluster resources when th
Federation API server authentication should not accept cluster resources when the client has no authentication credentials,nikhiljindal,1 Federation API server authentication should not accept cluster resources when the client has no authentication credentials,nikhiljindal,1
Federation apiserver Admission control should not be able to create resources if namespace does not exist,alex-mohr,1 Federation apiserver Admission control should not be able to create resources if namespace does not exist,alex-mohr,1
Federation apiserver Cluster objects should be created and deleted successfully,ghodss,1 Federation apiserver Cluster objects should be created and deleted successfully,ghodss,1
Federation daemonsets DaemonSet objects should be created and deleted successfully,soltysh,1 Federation daemonsets DaemonSet objects should be created and deleted successfully,nikhiljindal,0
Federation deployments Deployment objects should be created and deleted successfully,soltysh,1 Federation deployments Deployment objects should be created and deleted successfully,soltysh,1
Federation deployments Federated Deployment should create and update matching deployments in underling clusters,soltysh,1 Federation deployments Federated Deployment should create and update matching deployments in underling clusters,soltysh,1
Federation daemonsets DaemonSet objects should be created and deleted successfully,nikhiljindal,0
Federation events Event objects should be created and deleted successfully,karlkfi,1 Federation events Event objects should be created and deleted successfully,karlkfi,1
Federation namespace Namespace objects all resources in the namespace should be deleted when namespace is deleted,nikhiljindal,0 Federation namespace Namespace objects all resources in the namespace should be deleted when namespace is deleted,nikhiljindal,0
Federation namespace Namespace objects should be created and deleted successfully,xiang90,1 Federation namespace Namespace objects should be created and deleted successfully,xiang90,1
@@ -159,6 +161,8 @@ Federation replicasets ReplicaSet objects should be created and deleted successf
Federation secrets Secret objects should be created and deleted successfully,pmorie,1 Federation secrets Secret objects should be created and deleted successfully,pmorie,1
Federation secrets Secret objects should be deleted from underlying clusters when OrphanDependents is false,nikhiljindal,0 Federation secrets Secret objects should be deleted from underlying clusters when OrphanDependents is false,nikhiljindal,0
Federation secrets Secret objects should not be deleted from underlying clusters when OrphanDependents is true,nikhiljindal,0 Federation secrets Secret objects should not be deleted from underlying clusters when OrphanDependents is true,nikhiljindal,0
GCP Volumes GlusterFS should be mountable,rkouj,0
GCP Volumes NFSv4 should be mountable for NFSv4,rkouj,0
GKE local SSD should write and read from node local SSD,fabioy,0 GKE local SSD should write and read from node local SSD,fabioy,0
GKE node pools should create a cluster with multiple node pools,fabioy,1 GKE node pools should create a cluster with multiple node pools,fabioy,1
Garbage collector should delete pods created by rc when not orphaning,justinsb,1 Garbage collector should delete pods created by rc when not orphaning,justinsb,1
@@ -166,7 +170,8 @@ Garbage collector should orphan pods created by rc if delete options say so,fabi
Garbage collector should orphan pods created by rc if deleteOptions.OrphanDependents is nil,zmerlynn,1 Garbage collector should orphan pods created by rc if deleteOptions.OrphanDependents is nil,zmerlynn,1
"Generated release_1_5 clientset should create pods, delete pods, watch pods",ghodss,1 "Generated release_1_5 clientset should create pods, delete pods, watch pods",ghodss,1
"Generated release_1_5 clientset should create v2alpha1 cronJobs, delete cronJobs, watch cronJobs",soltysh,1 "Generated release_1_5 clientset should create v2alpha1 cronJobs, delete cronJobs, watch cronJobs",soltysh,1
HA-master pods survive addition/removal,roberthbailey,1 HA-master pods survive addition/removal different zones,rkouj,0
HA-master pods survive addition/removal same zone,rkouj,0
Hazelcast should create and scale hazelcast,mikedanese,1 Hazelcast should create and scale hazelcast,mikedanese,1
Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 1 pod to 3 pods and from 3 to 5,jszczepkowski,0 Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 1 pod to 3 pods and from 3 to 5,jszczepkowski,0
Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 5 pods to 3 pods and from 3 to 1,jszczepkowski,0 Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 5 pods to 3 pods and from 3 to 1,jszczepkowski,0
@@ -398,6 +403,7 @@ SchedulerPredicates validates that required NodeAffinity setting is respected if
SchedulerPredicates validates that taints-tolerations is respected if matching,jlowdermilk,1 SchedulerPredicates validates that taints-tolerations is respected if matching,jlowdermilk,1
SchedulerPredicates validates that taints-tolerations is respected if not matching,derekwaynecarr,1 SchedulerPredicates validates that taints-tolerations is respected if not matching,derekwaynecarr,1
Secret should create a pod that reads a secret,luxas,1 Secret should create a pod that reads a secret,luxas,1
Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace,rkouj,0
Secrets should be consumable from pods in env vars,mml,1 Secrets should be consumable from pods in env vars,mml,1
Secrets should be consumable from pods in volume,ghodss,1 Secrets should be consumable from pods in volume,ghodss,1
Secrets should be consumable from pods in volume with defaultMode set,derekwaynecarr,1 Secrets should be consumable from pods in volume with defaultMode set,derekwaynecarr,1
@@ -658,7 +664,7 @@ k8s.io/kubernetes/pkg/kubelet/qos,vishh,0
k8s.io/kubernetes/pkg/kubelet/rkt,apelisse,1 k8s.io/kubernetes/pkg/kubelet/rkt,apelisse,1
k8s.io/kubernetes/pkg/kubelet/rktshim,mml,1 k8s.io/kubernetes/pkg/kubelet/rktshim,mml,1
k8s.io/kubernetes/pkg/kubelet/server,timstclair,0 k8s.io/kubernetes/pkg/kubelet/server,timstclair,0
k8s.io/kubernetes/pkg/kubelet/server/portforward,caesarxuchao,1 k8s.io/kubernetes/pkg/kubelet/server/portforward,rkouj,0
k8s.io/kubernetes/pkg/kubelet/server/stats,timstclair,0 k8s.io/kubernetes/pkg/kubelet/server/stats,timstclair,0
k8s.io/kubernetes/pkg/kubelet/server/streaming,caesarxuchao,1 k8s.io/kubernetes/pkg/kubelet/server/streaming,caesarxuchao,1
k8s.io/kubernetes/pkg/kubelet/status,mwielgus,1 k8s.io/kubernetes/pkg/kubelet/status,mwielgus,1
1 name owner auto-assigned
38 Container Runtime Conformance Test container runtime conformance blackbox test when running a container with a new image * Random-Liu 0
39 Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits it should run with the expected status luxas 1
40 Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits should report termination message if TerminationMessagePath is set timothysc 1
41 ContainerLogPath Pod with a container printed log to stdout should print log to correct log path resouer 0
42 CronJob should not emit unexpected warnings soltysh 1
43 CronJob should not schedule jobs when suspended soltysh 1
44 CronJob should not schedule new jobs when ForbidConcurrent soltysh 1
46 CronJob should schedule multiple jobs concurrently soltysh 1
47 DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods in both nonfaulty and faulty scenarios MrHohn 0
48 DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods when cluster size changed MrHohn 0
ContainerLogPath Pod with a container printed log to stdout should print log to correct log path resouer 0
49 DNS should provide DNS for ExternalName services rmmh 1
50 DNS should provide DNS for pods for Hostname and Subdomain Annotation mtaufen 1
51 DNS should provide DNS for services roberthbailey 1
77 Deployment paused deployment should be able to scale kargakis 1
78 Deployment paused deployment should be ignored by the controller kargakis 0
79 Deployment scaled rollout deployment should not block on annotation check kargakis 1
80 DisruptionController evictions: * => * rkouj 0
81 DisruptionController should create a PodDisruptionBudget rkouj 0
82 DisruptionController should update PodDisruptionBudget status rkouj 0
83 Docker Containers should be able to override the image's default arguments (docker cmd) maisem 0
84 Docker Containers should be able to override the image's default command and arguments maisem 0
85 Docker Containers should be able to override the image's default commmand (docker entrypoint) maisem 0
148 Federation API server authentication should not accept cluster resources when the client has no authentication credentials nikhiljindal 1
149 Federation apiserver Admission control should not be able to create resources if namespace does not exist alex-mohr 1
150 Federation apiserver Cluster objects should be created and deleted successfully ghodss 1
151 Federation daemonsets DaemonSet objects should be created and deleted successfully soltysh nikhiljindal 1 0
152 Federation deployments Deployment objects should be created and deleted successfully soltysh 1
153 Federation deployments Federated Deployment should create and update matching deployments in underling clusters soltysh 1
Federation daemonsets DaemonSet objects should be created and deleted successfully nikhiljindal 0
154 Federation events Event objects should be created and deleted successfully karlkfi 1
155 Federation namespace Namespace objects all resources in the namespace should be deleted when namespace is deleted nikhiljindal 0
156 Federation namespace Namespace objects should be created and deleted successfully xiang90 1
161 Federation secrets Secret objects should be created and deleted successfully pmorie 1
162 Federation secrets Secret objects should be deleted from underlying clusters when OrphanDependents is false nikhiljindal 0
163 Federation secrets Secret objects should not be deleted from underlying clusters when OrphanDependents is true nikhiljindal 0
164 GCP Volumes GlusterFS should be mountable rkouj 0
165 GCP Volumes NFSv4 should be mountable for NFSv4 rkouj 0
166 GKE local SSD should write and read from node local SSD fabioy 0
167 GKE node pools should create a cluster with multiple node pools fabioy 1
168 Garbage collector should delete pods created by rc when not orphaning justinsb 1
170 Garbage collector should orphan pods created by rc if deleteOptions.OrphanDependents is nil zmerlynn 1
171 Generated release_1_5 clientset should create pods, delete pods, watch pods ghodss 1
172 Generated release_1_5 clientset should create v2alpha1 cronJobs, delete cronJobs, watch cronJobs soltysh 1
173 HA-master pods survive addition/removal HA-master pods survive addition/removal different zones roberthbailey rkouj 1 0
174 HA-master pods survive addition/removal same zone rkouj 0
175 Hazelcast should create and scale hazelcast mikedanese 1
176 Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 1 pod to 3 pods and from 3 to 5 jszczepkowski 0
177 Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 5 pods to 3 pods and from 3 to 1 jszczepkowski 0
403 SchedulerPredicates validates that taints-tolerations is respected if matching jlowdermilk 1
404 SchedulerPredicates validates that taints-tolerations is respected if not matching derekwaynecarr 1
405 Secret should create a pod that reads a secret luxas 1
406 Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace rkouj 0
407 Secrets should be consumable from pods in env vars mml 1
408 Secrets should be consumable from pods in volume ghodss 1
409 Secrets should be consumable from pods in volume with defaultMode set derekwaynecarr 1
664 k8s.io/kubernetes/pkg/kubelet/rkt apelisse 1
665 k8s.io/kubernetes/pkg/kubelet/rktshim mml 1
666 k8s.io/kubernetes/pkg/kubelet/server timstclair 0
667 k8s.io/kubernetes/pkg/kubelet/server/portforward caesarxuchao rkouj 1 0
668 k8s.io/kubernetes/pkg/kubelet/server/stats timstclair 0
669 k8s.io/kubernetes/pkg/kubelet/server/streaming caesarxuchao 1
670 k8s.io/kubernetes/pkg/kubelet/status mwielgus 1