Merge pull request #32986 from Random-Liu/add-image-white-list
Automatic merge from submit-queue Node E2E: Add image white list This is part of #29081. Fixes #29155. As is discussed with @yujuhong in #29155, it is difficult to maintain the prepull image list if it is not enforced. This PR added an image white list in the test framework, only images in the white list could be used in the test. If the image is not in the white list, the test will fail with reason: ``` Image "XXX" is not in the white list, consider adding it to CommonImageWhiteList in test/e2e/common/util.go or NodeImageWhiteList in test/e2e_node/image_list.go ``` Notice that if image pull policy is `PullAlways`, the image is not necessary to be in the white list or prepulled, because the test expects the image to be pulled during the test. Currently, the image white list is only enabled in node e2e, because the image puller in e2e test is not integrated with the image white list yet. /cc @kubernetes/sig-node
This commit is contained in:
Kubernetes Submit Queue
@@ -45,7 +45,7 @@ var _ = framework.KubeDescribe("Container Runtime Conformance Test", func() {
|
||||
restartCountVolumeName := "restart-count"
|
||||
restartCountVolumePath := "/restart-count"
|
||||
testContainer := api.Container{
|
||||
Image: ImageRegistry[busyBoxImage],
|
||||
Image: "gcr.io/google_containers/busybox:1.24",
|
||||
VolumeMounts: []api.VolumeMount{
|
||||
{
|
||||
MountPath: restartCountVolumePath,
|
||||
@@ -136,7 +136,7 @@ while true; do sleep 1; done
|
||||
c := ConformanceContainer{
|
||||
PodClient: f.PodClient(),
|
||||
Container: api.Container{
|
||||
Image: ImageRegistry[busyBoxImage],
|
||||
Image: "gcr.io/google_containers/busybox:1.24",
|
||||
Name: name,
|
||||
Command: []string{"/bin/sh", "-c"},
|
||||
Args: []string{fmt.Sprintf("/bin/echo -n %s > %s", terminationMessage, terminationMessagePath)},
|
||||
@@ -185,6 +185,9 @@ while true; do sleep 1; done
|
||||
Data: map[string][]byte{api.DockerConfigJsonKey: []byte(auth)},
|
||||
Type: api.SecretTypeDockerConfigJson,
|
||||
}
|
||||
// The following images are not added into NodeImageWhiteList, because this test is
|
||||
// testing image pulling, these images don't need to be prepulled. The ImagePullPolicy
|
||||
// is api.PullAlways, so it won't be blocked by framework image white list check.
|
||||
for _, testCase := range []struct {
|
||||
description string
|
||||
image string
|
||||
@@ -206,25 +209,25 @@ while true; do sleep 1; done
|
||||
},
|
||||
{
|
||||
description: "should be able to pull image from gcr.io",
|
||||
image: NoPullImageRegistry[pullTestAlpineWithBash],
|
||||
image: "gcr.io/google_containers/alpine-with-bash:1.0",
|
||||
phase: api.PodRunning,
|
||||
waiting: false,
|
||||
},
|
||||
{
|
||||
description: "should be able to pull image from docker hub",
|
||||
image: NoPullImageRegistry[pullTestAlpine],
|
||||
image: "alpine:3.1",
|
||||
phase: api.PodRunning,
|
||||
waiting: false,
|
||||
},
|
||||
{
|
||||
description: "should not be able to pull from private registry without secret",
|
||||
image: NoPullImageRegistry[pullTestAuthenticatedAlpine],
|
||||
image: "gcr.io/authenticated-image-pulling/alpine:3.1",
|
||||
phase: api.PodPending,
|
||||
waiting: true,
|
||||
},
|
||||
{
|
||||
description: "should be able to pull from private registry with secret",
|
||||
image: NoPullImageRegistry[pullTestAuthenticatedAlpine],
|
||||
image: "gcr.io/authenticated-image-pulling/alpine:3.1",
|
||||
secret: true,
|
||||
phase: api.PodRunning,
|
||||
waiting: false,
|
||||
|
||||
Reference in New Issue
Block a user