diff --git a/deploy/addons/gvisor/gvisor-pod.yaml b/deploy/addons/gvisor/gvisor-pod.yaml index 50a54bb69336..8cb0d3321977 100644 --- a/deploy/addons/gvisor/gvisor-pod.yaml +++ b/deploy/addons/gvisor/gvisor-pod.yaml @@ -69,4 +69,4 @@ spec: - name: gvisor hostPath: path: /tmp/gvisor - restartPolicy: Never + restartPolicy: Always diff --git a/test/integration/addons_test.go b/test/integration/addons_test.go index 7d65b970222a..748894f2e0ba 100644 --- a/test/integration/addons_test.go +++ b/test/integration/addons_test.go @@ -30,6 +30,7 @@ import ( "testing" "time" + "github.com/docker/machine/libmachine/state" "k8s.io/apimachinery/pkg/labels" pkgutil "k8s.io/minikube/pkg/util" "k8s.io/minikube/test/integration/util" @@ -186,7 +187,6 @@ func testServicesList(t *testing.T) { func testGvisor(t *testing.T) { minikubeRunner := NewMinikubeRunner(t) - kubectlRunner := util.NewKubectlRunner(t) minikubeRunner.RunCommand("addons enable gvisor", true) t.Log("waiting for gvisor controller to come up") @@ -194,11 +194,7 @@ func testGvisor(t *testing.T) { t.Fatalf("waiting for gvisor controller to be up: %v", err) } - untrustedPath, _ := filepath.Abs("testdata/nginx-untrusted.yaml") - t.Log("creating pod with untrusted workload annotation") - if _, err := kubectlRunner.RunCommand([]string{"create", "-f", untrustedPath}); err != nil { - t.Fatalf("creating untrusted nginx resource: %v", err) - } + createUntrustedWorkload(t) t.Log("making sure untrusted workload is Running") if err := util.WaitForUntrustedNginxRunning(); err != nil { @@ -212,16 +208,56 @@ func testGvisor(t *testing.T) { t.Fatalf("waiting for gvisor controller to be deleted: %v", err) } - t.Log("recreating untrusted workload pod") - if _, err := kubectlRunner.RunCommand([]string{"replace", "-f", untrustedPath, "--force"}); err != nil { - t.Fatalf("replacing untrusted nginx resource: %v", err) - } + createUntrustedWorkload(t) t.Log("waiting for FailedCreatePodSandBox event") if err := util.WaitForFailedCreatePodSandBoxEvent(); err != nil { t.Fatalf("waiting for FailedCreatePodSandBox event: %v", err) } + deleteUntrustedWorkload(t) +} + +func testGvisorRestart(t *testing.T) { + minikubeRunner := NewMinikubeRunner(t) + minikubeRunner.EnsureRunning() + minikubeRunner.RunCommand("addons enable gvisor", true) + + t.Log("waiting for gvisor controller to come up") + if err := util.WaitForGvisorControllerRunning(t); err != nil { + t.Fatalf("waiting for gvisor controller to be up: %v", err) + } + + // TODO: @priyawadhwa to add test for stop as well + minikubeRunner.RunCommand("delete", false) + minikubeRunner.CheckStatus(state.None.String()) + minikubeRunner.Start() + minikubeRunner.CheckStatus(state.Running.String()) + + t.Log("waiting for gvisor controller to come up") + if err := util.WaitForGvisorControllerRunning(t); err != nil { + t.Fatalf("waiting for gvisor controller to be up: %v", err) + } + + createUntrustedWorkload(t) + t.Log("making sure untrusted workload is Running") + if err := util.WaitForUntrustedNginxRunning(); err != nil { + t.Fatalf("waiting for nginx to be up: %v", err) + } + deleteUntrustedWorkload(t) +} +func createUntrustedWorkload(t *testing.T) { + kubectlRunner := util.NewKubectlRunner(t) + untrustedPath, _ := filepath.Abs("testdata/nginx-untrusted.yaml") + t.Log("creating pod with untrusted workload annotation") + if _, err := kubectlRunner.RunCommand([]string{"replace", "-f", untrustedPath, "--force"}); err != nil { + t.Fatalf("creating untrusted nginx resource: %v", err) + } +} + +func deleteUntrustedWorkload(t *testing.T) { + kubectlRunner := util.NewKubectlRunner(t) + untrustedPath, _ := filepath.Abs("testdata/nginx-untrusted.yaml") if _, err := kubectlRunner.RunCommand([]string{"delete", "-f", untrustedPath}); err != nil { t.Logf("error deleting untrusted nginx resource: %v", err) } diff --git a/test/integration/functional_test.go b/test/integration/functional_test.go index 08ca9e171b8c..42cbdd5ec851 100644 --- a/test/integration/functional_test.go +++ b/test/integration/functional_test.go @@ -65,6 +65,7 @@ func TestFunctionalContainerd(t *testing.T) { minikubeRunner.EnsureRunning() t.Run("Gvisor", testGvisor) + t.Run("GvisorRestart", testGvisorRestart) minikubeRunner.RunCommand("delete", true) } diff --git a/test/integration/util/util.go b/test/integration/util/util.go index 5faf473c89bc..a4b4a8d5b19b 100644 --- a/test/integration/util/util.go +++ b/test/integration/util/util.go @@ -126,8 +126,7 @@ func (m *MinikubeRunner) SSH(command string) (string, error) { func (m *MinikubeRunner) Start() { switch r := m.Runtime; r { case constants.ContainerdRuntime: - // TODO: priyawadhwa@ remove iso url once updated iso is being used in integration tests - containerdFlags := "--container-runtime=containerd --network-plugin=cni --docker-opt containerd=/var/run/containerd/containerd.sock --iso-url=https://storage.googleapis.com/k8s-minikube/gvisor-preview.iso" + containerdFlags := "--container-runtime=containerd --network-plugin=cni --docker-opt containerd=/var/run/containerd/containerd.sock" m.RunCommand(fmt.Sprintf("start %s %s %s", m.StartArgs, m.Args, containerdFlags), true) default: m.RunCommand(fmt.Sprintf("start %s %s", m.StartArgs, m.Args), true)