The image "gcr.io/authenticated-image-pulling/windows-nanoserver:v1" is not a
manifest list, and it is only useful for Windows Server 1809, which means that the
test "should be able to pull from private registry with secret" will fail for
environments with Windows Server 1903, 1909, or any other future version we might
want to test.
This commit adds the the ability to have an alternative private image to pull by
using a configurable docker config file which contains the necessary credentials
needed to pull the image.
We've added the WindowsRunAsUserName feature some time ago, and it was
promoted to Beta for v1.17. We can now remove the [LinuxOnly] tag for
a few tests.
Depends On: #83058
Depends On: #84882
Since we've added support for RunAsUserName, we can now run some new
tests. However, the [LinuxOnly] tag will have to remain until the
WindowsRunAsUserName feature becomes enabled by default.
Additionally, Containerd supports file mounting on Windows, and some
tests will be able to pass on Windows with Containerd instead of Docker.
Melds the "pull image from gcr.io" and "pull image from docker hub" tests
into a single test that pulls the agnhost image from the configured
e2eRegistry.
This also removes the need to maintain and update the image
"gcr.io/kubernetes-e2e-test-images/windows-nanoserver:v1". It should have been
a manifest list that also includes future Windows releases, like Windows Server 1903.
Additionally, the image has ~300 MB, meaning that with this change, it won't have to
wait as much to spawn a pod.
Removes "should not be able to pull non-existing image from gcr.io", since
the test "should not be able to pull image from invalid registry" test already
exists, and both of them test the same effect: cannot spawn a pod with an
image that does not exist.
Because Linux images cannot run on Windows and vice-versa, separate
tests were added for both OSes, only separated by a [LinuxOnly] tag
in their names.
Based on the given --node-os-distro, we can select which image to
use when spawning the pod.
This is part of the transition to using framework/log instead
of the Logf inside the framework package. This will help with
import size/cycles when importing the framework or subpackages.
It has been suggested to replace the "e2eteam/busybox:1.29" image
used in the test "should be able to pull image from docker hub [NodeConformance]"
with a nanoserver image manifest list.
Adds a TODO for it.
Adds the test "should be able to pull from private registry with secret [NodeConformance]"
which will pull the image "gcr.io/authenticated-image-pulling/windows-nanoserver:v1".
The mentioned image is a manifest list, and it works for both
Windows Server 1803 and Windows Server 2019. The manifest list
will have to be amended when a new Windows Server is released.
Adds the test "should be able to pull image from gcr.io [NodeConformance]",
which will pull the the image "gcr.io/kubernetes-e2e-test-images/windows-nanoserver:v1".
The mentioned image is a manifest list, and it works for both
Windows Server 1803 and Windows Server 2019. The manifest list
will have to be amended when a new Windows Server is released.
The command passed to the Windows Container has been changed to
"ping -t localhost", which will keep the container in the Running state,
which is required and checked by the test.
Adds the test "should be able to pull image from docker hub [WindowsOnly]",
which will pull a Windows busybox image from dockerhub. Since it is busybox,
the same command will also work for this image.
The busybox image is currently used in other E2E tests, so the image should
already be prepulled on the nodes. Additionally, the image has a manifest list
for Windows Server 1803 and Windows Server 2019, and future versions will be
added to it.
Some of the tests cannot pass using Windows nodes due to various reasons:
- seLinuxOptions are not supported on Windows.
- Running as an UID / GID is not supported on Windows.
- file permissions work differently on Windows, and they cannot be set in
the same manner as on Linux.
- individual files cannot be mounted in Windows Containers.
- Cannot create container using Linux image (e.g.: alpine) on Windows.
Because of this, it has been decided to use the "[LinuxOnly]" tag for the
tests which cannot run on Windows because of the mentioned reasons. This way,
when running tests using Windows nodes, those tests can simply be skipped by
adding the "[LinuxOnly]" tag to the ginkgo.skip argument.
The test "should run with the expected status" passes with and without
the set SELinuxOptions, but removing it will ensure that the test will
be able to run and pass on Windows nodes as well.
