kata-containers / tests

Kata Containers tests, CI, and metrics
https://katacontainers.io/
Apache License 2.0
139 stars 196 forks source link

ci: test: k8s: agent_image rootfs check #5791

Closed stevenhorsman closed 1 year ago

stevenhorsman commented 1 year ago

In the kubernetes agent_image test we currently have a check:

echo "Check the image was not pulled in the host"
    local pod_id=$(kubectl get pods -o jsonpath='{.items..metadata.name}')
    retrieve_sandbox_id
    rootfs=($(find /run/kata-containers/shared/sandboxes/${sandbox_id}/shared \
        -name rootfs))
    [ ${#rootfs[@]} -eq 1 ]

to ensure that the image hasn't been pulled onto the host. The reason that the check is for a single rootfs is that we found that the pause image was always pulled on the host, presumably due to it being needed to create the pod sandbox.

With the introduction of the nydus-snapshotter code we've found that on some systems (SE and TDX) it appears to be in a different location with nydus-snapshotter, so check for 1, or 0. See an issue at https://github.com/kata-containers/tests/issues/5781 to track this.

We don't have time to understand this fully now, so we just want the tests to pass and check that we don't have both the pause and test pod container image pulled, so set the check to pass if there are 1, or 0 rootfs' found in /run/kata-containers/shared/sandboxes/

Fixes: #5790

stevenhorsman commented 1 year ago

/test

stevenhorsman commented 1 year ago

/test-tdx

fidencio commented 1 year ago

/test-tdx

Don't bother about this, I don't think we'll be luck enough to have the artefacts built. :-/ We'll have to test it on the operator side.