def test_create_with_empty_sc(self): ''' storageClassName is set to "" in pvc template, which means using pre-provisioned pv. ''' _clear() run('kubectl create -f persistent-volumes-hostpath.yaml') run('kubectl create -f kubia-statefulset-sc-empty.yaml') ensure_pod_phase('kubia-0', 'Running') run('kubectl get sts kubia') run('kubectl get po') run('kubectl get pvc') run('kubectl get pv') storage_class = run( """kubectl get pvc -o jsonpath='{.items[?(@.metadata.name=="data-kubia-0")].spec.storageClassName}'""", True) self.assertTrue(not storage_class) volume_name = run( """kubectl get pvc -o jsonpath='{.items[?(@.metadata.name=="data-kubia-0")].spec.volumeName}'""", True) self.assertIn(volume_name, ['pv-a', 'pv-b', 'pv-c']) phase = run( """kubectl get pv -o jsonpath='{.items[?(@.spec.claimRef.name=="data-kubia-0")].status.phase}'""", True) self.assertEqual(phase, 'Bound')
def test_labels(self): run('kubectl get po --show-labels') # only interested in certain labels run('kubectl get po -L creation_method,env') with self.subTest("Modifying labels"): # modify labels of existing pods # need to use the --overwrite option when changing existing labels. run('kubectl label po kubia-manual creation_method=manual --overwrite' ) run('kubectl label po kubia-manual-v2 env=debug --overwrite') run('kubectl get po -L creation_method,env') with self.subTest('Listing pods using a label selector'): run('kubectl get po -l creation_method=manual --show-labels') # list all pods that include the 'env' label run('kubectl get po -l env --show-labels') # list those that don’t have the 'env' label run("kubectl get po -l '!env' --show-labels") # select pods with the 'creation_method' label with any value other than 'manual' run("kubectl get po -l 'creation_method!=manual' --show-labels") # select pods with the 'env' label set to either 'debug' or 'devel' run('kubectl get po -l "env in (debug,devel)" --show-labels') # select pods with the 'env' label not set to either 'prod' or 'devel' run('kubectl get po -l "env notin (prod,devel)" --show-labels') with self.subTest('Scheduling pods to specific nodes'): run('kubectl delete pod kubia-gpu', True) # cleanup first ensure_pod_phase('kubia-gpu', 'Deleted') time.sleep(10) run('kubectl label node minikube gpu=true --overwrite') run('kubectl get node -L gpu') run('kubectl create -f kubia-gpu.yaml')
def test_exposing_services_to_external_clients_by_ingress(self): run('kubectl delete svc kubia-nodeport', True) run('kubectl create -f kubia-svc-nodeport.yaml', True) run('kubectl delete ing kubia', True) run('kubectl create -f kubia-ingress.yaml') run('kubectl get ing kubia') # When running on cloud providers, the address may take time to appear, # because the Ingress controller provisions a load balancer behind the scenes. ing_ip = get_ingress_address('kubia') pod_name = run( "kubectl get pods -l app=kubia -ojsonpath='{.items[0].metadata.name}'", True) ensure_pod_phase(pod_name) run(f'kubectl exec {pod_name} -- curl -s {ing_ip}') run(f'kubectl exec {pod_name} -- curl -s -H "Host: kubia.example.com" {ing_ip}' ) with self.subTest("Configuring Ingress to handle TLS traffic"): run('kubectl delete secret tls tls-secret', True) # prepare cert first run('openssl genrsa -out tls.key 2048', True) run( 'openssl req -new -x509 -key tls.key -out tls.cert -days 360 -subj /CN=kubia.example.com', True) run('kubectl create secret tls tls-secret --cert=tls.cert --key=tls.key' ) run('kubectl apply -f kubia-ingress-tls.yaml') run(f'kubectl exec {pod_name} -- curl -k -s -H "Host: kubia.example.com" https://{ing_ip}' )
def test_providing_information_on_process_terminated(self): ''' Show the reason why a container terminated in the pod's status. You do this by having the process write a termination message to a specific file in the container's filesystem. The default file the process needs to write the message to is /dev/termination-log, but it can be changed by setting the `terminationMessagePath` field in the container definition in the pod spec. ''' init_test_env(NS) with self.subTest("Terminating unsuccessfully"): run(f'kubectl create -f termination-message.yaml -n {NS}') ensure_pod_phase('pod-with-termination-message', 'Running', NS) stdout = run( f'kubectl describe po pod-with-termination-message -n {NS} | grep -C5 "Message:"' ) self.assertIn("I've had enough", stdout) with self.subTest("Terminating successfully"): run(f'kubectl create -f termination-message-success.yaml -n {NS}') ensure_pod_phase('successful-pod-with-termination-message', 'Succeeded', NS) stdout = run( f'kubectl describe po successful-pod-with-termination-message -n {NS} | grep -C5 "Message:"' ) self.assertIn("I've completed my task", stdout)
def test_creating_pod_with_resource_limited(self): init_test_env(NS) run(f'kubectl create -f limited-pod.yaml -n {NS}') ensure_pod_phase('limited-pod', 'Running', NS) cpu_period = int(run(f'kubectl exec limited-pod -n {NS} -- cat /sys/fs/cgroup/cpu/cpu.cfs_period_us')) cpu_quota = int(run(f'kubectl exec limited-pod -n {NS} -- cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us')) minikube_cpus = 2 self.assertEqual(cpu_quota/cpu_period/minikube_cpus, 0.1) # 最多能使用 10% CPU
def test_using_config_map_as_env(self): run('kubectl delete pod fortune-env-from-configmap', True) ensure_pod_phase('fortune-env-from-configmap', 'Deleted') run('kubectl create -f fortune-pod-env-configmap.yaml') ensure_pod_phase('fortune-env-from-configmap', 'Running') ret = run("kubectl exec fortune-env-from-configmap -c html-generator -- bash -c 'echo $INTERVAL'") self.assertEqual(25, int(ret))
def test_init_container(self): init_test_env(NS) run(f'kubectl create -f fortune-client.yaml -n {NS}') # The STATUS column shows that zero of one init containers have finished. run(f'kubectl get pod -n {NS}') run(f'kubectl create -f fortune-server.yaml -n {NS}') ensure_pod_phase('fortune-server', 'Running', NS) run(f'kubectl get pod fortune-client -n {NS}') ensure_pod_phase('fortune-client', 'Running', NS)
def test_accessing_api_server_with_ambassador_container(self): run('kubectl delete pod curl-with-ambassador', True) ensure_pod_phase('curl-with-ambassador', 'Deleted') run('kubectl create -f curl-with-ambassador.yaml') ensure_pod_phase('curl-with-ambassador', 'Running') run('kubectl apply -f fabric8-rbac.yaml', True) run('kubectl exec curl-with-ambassador -c main -- curl -s localhost:8001' ) run('kubectl delete -f fabric8-rbac.yaml', True)
def test_empty_dir_vol(self): run('kubectl delete pod fortune', True) ensure_pod_phase('fortune', 'Deleted') run('kubectl create -f fortune-pod.yaml') ensure_pod_phase('fortune', 'Running') p = subprocess.Popen('kubectl port-forward fortune 8888:80', shell=True) time.sleep(1) run('curl -s http://localhost:8888') p.terminate()
def test_creating_external_name_service(self): run('kubectl delete svc external-service-external-name', True) run('kubectl create -f external-service-external-name.yaml') # there should be no clusterIp run('kubectl get svc external-service-external-name') pod_name = run( "kubectl get pods -l app=kubia -ojsonpath='{.items[0].metadata.name}'", True) ensure_pod_phase(pod_name) run(f'kubectl exec {pod_name} -- curl -s -H "Host: www.baidu.com" external-service-external-name' )
def test_headless_svc(self): run('kubectl delete svc kubia-headless', True) if get_pod_phase('dnsutils') is None: run( 'kubectl run dnsutils --image=tutum/dnsutils --generator=run-pod/v1 --command -- sleep infinity', True) ensure_pod_phase('dnsutils') run('kubectl create -f kubia-svc-headless.yaml') run('kubectl exec dnsutils nslookup kubia-headless') run('kubectl get ep kubia-headless')
def test_resource_quota(self): init_test_env(NS) run(f'kubectl create -f quota-cpu-memory.yaml -n {NS}') run(f'kubectl describe quota -n {NS}') # when creating a ResourceQuota is that you will also want to create a LimitRange object alongside it. stdout = run(f'kubectl create -f kubia-manual.yaml -n {NS} 2>&1; true') self.assertIn('must specify limits.cpu,limits.memory,requests.cpu,requests.memory', stdout) run(f'kubectl create -f limits.yaml -n {NS}') run(f'kubectl create -f kubia-manual.yaml -n {NS}') # So having a LimitRange with defaults for those resources can make life a bit easier for people creating pods. ensure_pod_phase('kubia-manual', 'Running', NS)
def test_using_config_map_as_volume(self): run('kubectl delete cm fortune-config', True) run('kubectl delete pod fortune-configmap-volume', True) ensure_pod_phase('fortune-configmap-volume', 'Deleted') # 1, Create cm run('kubectl create configmap fortune-config --from-file=configmap-files') run('kubectl get configmap fortune-config -o yaml') # 2, Create pod run('kubectl create -f fortune-pod-configmap-volume.yaml') ensure_pod_phase('fortune-configmap-volume', 'Running') # 3, Verify p = subprocess.Popen('kubectl port-forward fortune-configmap-volume 8888:80', shell=True) time.sleep(1) run('curl -s -H "Accept-Encoding: gzip" -I localhost:8888') p.terminate() run('kubectl exec fortune-configmap-volume -c web-server ls /etc/nginx/conf.d') run("kubectl exec fortune-configmap-volume -c html-generator -- bash -c 'echo $INTERVAL'") with self.subTest("Exposing Certain ConfigMap Entries in the Volume"): run('kubectl delete pod fortune-configmap-volume-with-items', True) ensure_pod_phase('fortune-configmap-volume-with-items', 'Deleted') run('kubectl create -f fortune-pod-configmap-volume-with-items.yaml') ensure_pod_phase('fortune-configmap-volume-with-items', 'Running') run('kubectl exec fortune-configmap-volume-with-items -c web-server ls /etc/nginx/conf.d') # only one file
def test_dp_pv_vol(self): ''' Dynamical Provision ''' run('kubectl delete pod mongodb', True) ensure_pod_phase('mongodb', 'Deleted') run('kubectl delete pvc mongodb-pvc', True) run('kubectl delete sc fast', True) # 1, Define StroageClass run('kubectl create -f storageclass-fast-hostpath.yaml') run('kubectl get sc') # 2, Requesting the storage class in a PersistentVolumeClaim run('kubectl create -f mongodb-pvc-dp.yaml') run('kubectl get pvc mongodb-pvc') run('kubectl get pv') # Its reclaim policy is Delete, which means the PersistentVolume will be deleted when the PVC is deleted. # 3, Create pod using pvc run('kubectl create -f mongodb-pod-pvc.yaml') ensure_pod_phase('mongodb', 'Running') # 4, Verify now = str(datetime.datetime.now()) run(f"""kubectl exec mongodb -- mongo --quiet localhost/mystore --eval 'db.foo.insert({{time: "{now}"}})'""") run('kubectl delete pod mongodb') ensure_pod_phase('mongodb', 'Deleted') run('kubectl create -f mongodb-pod-pvc.yaml') ensure_pod_phase('mongodb', 'Running') ret = run("""kubectl exec mongodb -- mongo localhost/mystore --quiet --eval 'db.foo.find({}, {_id: 0}).sort({time: -1}).limit(1)'""") self.assertEqual(now, json.loads(ret)['time'])
def test_pre_stop_hook(self): init_test_env(NS) with self.subTest("Using an command hook handler"): run(f'kubectl create -f pre-stop-hook-command.yaml -n {NS}') ensure_pod_phase('pod-with-prestop-hook', 'Running', NS) time.sleep(60) run(f'kubectl describe pod pod-with-prestop-hook -n {NS}') run(f'kubectl get pod pod-with-prestop-hook -n {NS}') with self.subTest("Using an HTTP GET hook handler"): run(f'kubectl create -f pre-stop-hook-httpget.yaml -n {NS}') ensure_pod_phase('pod-with-prestop-http-hook', 'Running', NS) time.sleep(60) run(f'kubectl describe pod pod-with-prestop-http-hook -n {NS}') run(f'kubectl get pod pod-with-prestop-http-hook -n {NS}')
def test_create_without_pv_predefined(self): _clear() run('kubectl create -f kubia-statefulset.yaml') ensure_pod_phase('kubia-0', 'Running') run('kubectl get sts kubia') run('kubectl get po') run('kubectl get pvc') run('kubectl get pv') storage_class = run( """kubectl get pvc -o jsonpath='{.items[?(@.metadata.name=="data-kubia-0")].spec.storageClassName}'""", True) self.assertEqual(storage_class, 'standard') phase = run( """kubectl get pv -o jsonpath='{.items[?(@.spec.claimRef.name=="data-kubia-0")].status.phase}'""", True) self.assertEqual(phase, 'Bound')
def test_node_affinity(self): ''' Run this testcase under EKS with at least 2 worker nodes ''' init_test_env(NS) nodes = run( f"kubectl get node -o jsonpath='{{.items[*].metadata.name}}'", True).split() for node in nodes: run(f'kubectl label node {node} gpu-', True) # delete label first run(f'kubectl label node {node} availability-zone-', True) run(f'kubectl label node {node} share-type-', True) with self.subTest("Specifying hard node affinity rules"): node = random.choice(nodes) run(f'kubectl label node {node} gpu=true') run(f'kubectl create -f kubia-gpu-nodeaffinity.yaml -n {NS}') ensure_pod_phase('kubia-gpu', 'Running', NS) stdout = run(f'kubectl get pod kubia-gpu -o wide -n {NS}') self.assertIn(node, stdout) with self.subTest("Prioritizing nodes when scheduling a pod"): node1 = nodes[0] node2 = nodes[1] run(f'kubectl label node {node1} availability-zone=zone1', True) run(f'kubectl label node {node1} share-type=dedicated', True) run(f'kubectl label node {node2} availability-zone=zone2', True) run(f'kubectl label node {node2} share-type=shared', True) run(f'kubectl get node -L availability-zone -L share-type') run(f'kubectl create -f preferred-deployment.yaml -n {NS}') ensure_deploy_ready('pref', NS) # Nodes whose 'availability-zone' and 'share-type' labels match the pod's node affinity are ranked the highest. # Next come the 'shared' nodes in 'zone1', then come the 'dedicated' nodes in the other zones, # and at the lowest priority are all the other nodes. run(f'kubectl get po -l app=pref -o wide -n {NS}') node1_num = int( run( f'kubectl get po -l app=pref -o wide -n {NS} | grep {node1} | wc -l', True)) node2_num = int( run( f'kubectl get po -l app=pref -o wide -n {NS} | grep {node2} | wc -l', True)) self.assertGreater(node1_num, node2_num)
def test_discovering_service(self): run('kubectl delete po -l app=kubia', True) # in order to regenerate pod pod_name = run( "kubectl get pods -l app=kubia -ojsonpath='{.items[0].metadata.name}'", True) ensure_pod_phase(pod_name) with self.subTest("Discovering through env"): run(f'kubectl exec {pod_name} -- env') run(f"kubectl exec {pod_name} -- bash -c 'curl -s http://$KUBIA_SERVICE_HOST:$KUBIA_SERVICE_PORT'" ) with self.subTest("Discovering through DNS"): run(f'kubectl exec {pod_name} -- curl -s http://kubia.default.svc.cluster.local' ) run(f'kubectl exec {pod_name} -- curl -s http://kubia.default.svc.cluster.local' ) run(f'kubectl exec {pod_name} -- curl -s http://kubia.default') run(f'kubectl exec {pod_name} -- curl -s http://kubia')
def test_session_affinity(self): run('kubectl delete svc kubia', True) run('kubectl delete svc kubia-session-affinity', True) run('kubectl create -f kubia-session-affinity-svc.yaml') run('kubectl get svc kubia-session-affinity') run('kubectl describe svc kubia-session-affinity') pod_name = run( "kubectl get pods -l app=kubia -ojsonpath='{.items[0].metadata.name}'", True) ensure_pod_phase(pod_name) clusterIp = run( "kubectl get svc kubia -o=jsonpath='{.spec.clusterIP}'", True) pods = set() for i in range(10): pods.add( run(f"kubectl exec {pod_name} -- curl -s http://{clusterIp}", True)) self.assertEqual(len(pods), 1)
def test_pv_vol(self): # run test_host_path_vol first to inflate data to MongoDB run('kubectl delete pvc mongodb-pvc', True) run('kubectl delete pv mongodb-pv', True) run('kubectl delete pod mongodb', True) ensure_pod_phase('mongodb', 'Deleted') # create pv first run('kubectl create -f mongodb-pv-hostpath.yaml') run('kubectl get pv') # then create pvc run('kubectl create -f mongodb-pvc.yaml') run('kubectl get pvc') # then create pod using pvc run('kubectl create -f mongodb-pod-pvc.yaml') ensure_pod_phase('mongodb', 'Running') run("""kubectl exec mongodb -- mongo localhost/mystore --quiet --eval 'db.foo.find({})'""")
def test_creating_pod_with_resource_requested(self): init_test_env(NS) run(f'kubectl create -f requests-pod.yaml -n {NS}') ensure_pod_phase('requests-pod', 'Running', NS) # The Minikube VM, which is where this example is running, has two CPU cores allotted to it. # That's why the process is shown consuming 50% of the whole CPU. run(f'kubectl exec requests-pod -n {NS} -- top -bn1') with self.subTest("Creating a pod that doesn't fit on any node"): run(f"kubectl run requests-pod-2 --image=busybox --restart Never --requests='cpu=800m,memory=20Mi' -n {NS} -- dd if=/dev/zero of=/dev/null") ensure_pod_phase('requests-pod-2', 'Running', NS) time.sleep(5) run(f"kubectl run requests-pod-3 --image=busybox --restart Never --requests='cpu=1,memory=20Mi' -n {NS} -- dd if=/dev/zero of=/dev/null") ensure_pod_phase('requests-pod-3', 'Pending', NS) stdout = run(f"kubectl get po requests-pod-3 -n {NS} -o jsonpath='{{.status.conditions[0].message}}'") self.assertIn("Insufficient cpu", stdout) run(f'kubectl delete po requests-pod-2 -n {NS}') ensure_pod_phase('requests-pod-2', 'Deleted', NS) ensure_pod_phase('requests-pod-3', 'Running', NS)
def test_create(self): if not is_rc_ready('kubia'): run('kubectl create -f kubia-rc.yaml') ensure_rc_ready('kubia') run('kubectl delete svc kubia', True) run('kubectl create -f kubia-svc.yaml') run('kubectl get svc kubia') pod_name = run( "kubectl get pods -l app=kubia -ojsonpath='{.items[0].metadata.name}'", True) ensure_pod_phase(pod_name) clusterIp = run("kubectl get svc kubia -ojsonpath='{.spec.clusterIP}'", True) run(f"kubectl exec {pod_name} -- curl -s http://{clusterIp}") pods = set() for i in range(10): pods.add( run(f"kubectl exec {pod_name} -- curl -s http://{clusterIp}", True)) self.assertGreater(len(pods), 1)
def test_using_secret_by_vol(self): run("kubectl delete pod fortune-https", True) ensure_pod_phase('fortune-https', 'Deleted') run('kubectl delete cm fortune-config', True) # 1, create cm needed run('kubectl create configmap fortune-config --from-file=configmap-https-files' ) # 2, create pod run('kubectl create -f fortune-pod-https.yaml') ensure_pod_phase('fortune-https', 'Running') # verify p = subprocess.Popen('kubectl port-forward fortune-https 8443:443', shell=True) time.sleep(1) run('curl -v -s -k https://localhost:8443') p.terminate() # The secret volume uses an in-memory filesystem (tmpfs) for the Secret files. run("kubectl exec fortune-https -c web-server -- mount | grep certs")
def test_create(self): ''' storageClassName is not set in pvc template, which means using dynamically provisioning pv. ''' _clear() run('kubectl create -f persistent-volumes-hostpath.yaml') run('kubectl create -f kubia-statefulset.yaml') ensure_pod_phase('kubia-0', 'Running') run('kubectl get sts kubia') run('kubectl get po') run('kubectl get pvc') run('kubectl get pv') storage_class = run( """kubectl get pvc -o jsonpath='{.items[?(@.metadata.name=="data-kubia-0")].spec.storageClassName}'""", True) self.assertEqual(storage_class, 'standard') phase = run( """kubectl get pv -o jsonpath='{.items[?(@.spec.claimRef.name=="data-kubia-0")].status.phase}'""", True) self.assertEqual(phase, 'Bound')
def test_using_host_node_namespaces(self): init_test_env(NAME_SPACE) with self.subTest("Using node network namespace"): run(f'kubectl create -f pod-with-host-network.yaml -n {NAME_SPACE}' ) ensure_pod_phase('pod-with-host-network', 'Running', NAME_SPACE) stdout = run( f'kubectl exec pod-with-host-network -n {NAME_SPACE} -- ifconfig' ) self.assertIn('docker0', stdout) with self.subTest( "Binding host port without using host network namespace"): run(f'kubectl create -f kubia-hostport.yaml -n {NAME_SPACE}') ensure_pod_phase('kubia-hostport', "Running", NAME_SPACE) minikube_ip = run('minikube ip', True) run(f'curl -s http://{minikube_ip}:9000/') with self.subTest("Using node PID and IPC namespaces"): run(f'kubectl create -f pod-with-host-pid-and-ipc.yaml -n {NAME_SPACE}' ) ensure_pod_phase('pod-with-host-pid-and-ipc', 'Running', NAME_SPACE) run(f'kubectl exec pod-with-host-pid-and-ipc -n {NAME_SPACE} -- ps aux' )
def test_limit_range(self): init_test_env(NS) with self.subTest("Enforcing limits"): run(f'kubectl create -f limits.yaml -n {NS}') stdout = run(f'kubectl create -f limits-pod-too-big.yaml -n {NS} 2>&1; true') self.assertIn('must be less than or equal to cpu limit', stdout) with self.subTest("Applying default resource requests and limits"): run(f'kubectl create -f kubia-manual.yaml -n {NS}') ensure_pod_phase('kubia-manual', 'Running', NS) default_cpu_request = run(f"kubectl get po kubia-manual -n {NS} -o jsonpath='{{.spec.containers[0].resources.requests.cpu}}'") default_cpu_limit = run(f"kubectl get po kubia-manual -n {NS} -o jsonpath='{{.spec.containers[0].resources.limits.cpu}}'") default_mem_request = run(f"kubectl get po kubia-manual -n {NS} -o jsonpath='{{.spec.containers[0].resources.requests.memory}}'") default_mem_limit = run(f"kubectl get po kubia-manual -n {NS} -o jsonpath='{{.spec.containers[0].resources.limits.memory}}'") with open('limits.yaml', 'rb') as fp: definition = yaml.load(fp, Loader=yaml.Loader) container_limits = [limit for limit in definition['spec']['limits'] if limit['type'] == 'Container'][0] self.assertEqual(default_cpu_request, container_limits['defaultRequest']['cpu']) self.assertEqual(default_cpu_limit, container_limits['default']['cpu']) self.assertEqual(default_mem_request, container_limits['defaultRequest']['memory']) self.assertEqual(default_mem_limit, container_limits['default']['memory'])
def test_consistent_state(self): now1 = str(datetime.datetime.now()) time.sleep(1) now2 = str(datetime.datetime.now()) p = subprocess.Popen('kubectl proxy --port=48001', shell=True) time.sleep(1) run(f'curl -s -X POST -d "{now1}" localhost:48001/api/v1/namespaces/default/pods/kubia-0/proxy/' ) run('curl -s localhost:48001/api/v1/namespaces/default/pods/kubia-0/proxy/' ) run('kubectl delete po kubia-0') ensure_pod_phase('kubia-0', 'Running') output = run( 'curl -s localhost:48001/api/v1/namespaces/default/pods/kubia-0/proxy/' ) body = output.split('\n')[1] index = body.index(':') self.assertEqual(now1, body[index + 2:]) p.terminate() p.wait()
def test_assigning_sa_to_pod(self): with open(os.devnull, 'w') as f: with redirect_stdout(f), redirect_stderr(f): self.test_create() run('kubectl delete po curl-custom-sa', True) ensure_pod_phase('curl-custom-sa', 'Deleted') run('kubectl create -f curl-custom-sa.yaml') ensure_pod_phase('curl-custom-sa', 'Running') sec = run("kubectl get sa foo -o jsonpath='{.secrets[0].name}'", True) sec_token = run( f"kubectl get secret {sec} -o jsonpath='{{.data.token}}' | base64 -D" ) pod_token = run( "kubectl exec curl-custom-sa -c main -- cat /var/run/secrets/kubernetes.io/serviceaccount/token" ) self.assertEqual(sec_token, pod_token) # If the response is Success, this may be because your cluster doesn’t use the RBAC authorization plugin, # or you gave all ServiceAccounts full permissions, like: # `kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --group=system:serviceaccounts` run("kubectl exec curl-custom-sa -c main -- curl -s localhost:8001/api/v1/pods" )
def test_auto_scaling_based_on_cpu(self): init_test_env(NS) # create deployment first run(f'kubectl create -f deployment.yaml -n {NS}') ensure_deploy_ready('kubia', NS) ensure_replicas('kubia', 3, 'deploy', NS) # create HPA (have to enable Heapster and metrics-server:) # minikube addons enable heapster # minikube addons enable metrics-server run(f'kubectl autoscale deployment kubia --cpu-percent=30 --min=1 --max=5 -n {NS}' ) # show HPA run(f'kubectl get hpa kubia -o yaml -n {NS}') # Because you're running three pods that are currently receiving no requests, # which means their CPU usage should be close to zero, # you should expect the Autoscaler to scale them down to a single pod. ensure_replicas('kubia', 1, 'deploy', NS) # expose pod to service run(f'kubectl expose deployment kubia --port=80 --target-port=8080 -n {NS}' ) # create loadgenerator pod run(f'kubectl run --restart=Never loadgenerator --image=busybox -n {NS} -- sh -c "while true; do wget -O - -q http://kubia.{NS}; done"' ) ensure_pod_phase('loadgenerator', 'Running', NS) # autoscaler increase the number of replicas. ensure_replicas('kubia', 4, 'deploy', NS) run(f'kubectl top pod -n {NS}') run(f'kubectl get hpa -n {NS}') cpu_util_percent = int( run(f"kubectl get hpa kubia -n {NS} -o jsonpath='{{.status.currentCPUUtilizationPercentage}}'" )) self.assertLessEqual(cpu_util_percent / 4, 30)
def test_host_path_vol(self): run('kubectl delete pod mongodb', True) ensure_pod_phase('mongodb', 'Deleted') run('kubectl create -f mongodb-pod-hostpath.yaml') ensure_pod_phase('mongodb', 'Running') now = str(datetime.datetime.now()) run(f"""kubectl exec mongodb -- mongo --quiet localhost/mystore --eval 'db.foo.insert({{time: "{now}"}})'""") run('kubectl delete pod mongodb', True) ensure_pod_phase('mongodb', 'Deleted') run('kubectl create -f mongodb-pod-hostpath.yaml') ensure_pod_phase('mongodb', 'Running') ret = run("""kubectl exec mongodb -- mongo localhost/mystore --quiet --eval 'db.foo.find({}, {_id: 0}).sort({time: -1}).limit(1)'""") self.assertEqual(now, json.loads(ret)['time'])