Conversation
… e2e tests and secure-container guide docs
fengcone
requested review from
Generalwin,
Pangjiping,
Spground,
hittyt,
jwx0925,
kevinlynx and
ninan-nn
as code owners
|
see issue #174 |
kubernetes/test/kind/gvisor/runsc
Outdated
There was a problem hiding this comment.
Binary files cannot be properly diffed or reviewed, may be remove binaries and add download script in Makefile is a better choice
| // runKubectl executes a kubectl command from the project root directory | ||
| func runKubectl(args ...string) (string, error) { | ||
| cmd := exec.Command("kubectl", args...) | ||
| cmd.Dir = "../../.." // 从 test/e2e_runtime/gvisor 回到项目根目录 |
There was a problem hiding this comment.
Keep the english comment style.
Navigate from test/e2e_runtime/gvisor to project root
| makeArgs = append(makeArgs, fmt.Sprintf("DOCKER_BUILD_ARGS=%s", dockerBuildArgs)) | ||
| } | ||
| cmd := exec.Command("make", makeArgs...) | ||
| cmd.Dir = "../../.." // 从 test/e2e_runtime/gvisor 回到项目根目录 |
There was a problem hiding this comment.
Comment is in Chinese issue.
There was a problem hiding this comment.
Unused Template File?
And same issue about /pool-runtimeclass.yaml?
|
|
||
| // RenderTemplate renders a YAML template file with given data | ||
| // templateFile is relative to e2e_runtime/ directory (e.g. "gvisor/testdata/pool.yaml") | ||
| func RenderTemplate(templateFile string, data map[string]interface{}) (string, error) { |
There was a problem hiding this comment.
RenderTemplate function is defined but never used?
There was a problem hiding this comment.
Indeed, I deleted it
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ddbf36c86f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| By("loading task-executor image on Kind") | ||
| // 直接使用 kind 命令加载镜像,避免 utils.GetProjectDir() 路径问题 | ||
| cmd = exec.Command("kind", "load", "docker-image", "--name", KindCluster, e2e_runtime.TaskExecutorImage) |
There was a problem hiding this comment.
test-gvisor is wired to a configurable cluster name (GVISOR_KIND_CLUSTER/KIND_CLUSTER), but the suite still hardcodes KindCluster = "gvisor-test" when running kind load docker-image. If someone overrides the cluster name (which the Makefile explicitly supports), this command targets a non-existent cluster and the suite fails before any assertions run.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed, KindCluster now comes from env
kubernetes/Makefile
Outdated
| @kubectl wait --for=condition=available --timeout=120s deployment -n sandbox-k8s-system sandbox-k8s-controller-manager || \ | ||
| kubectl describe deployment -n sandbox-k8s-system sandbox-k8s-controller-manager |
There was a problem hiding this comment.
The readiness check in install-e2e-deps uses kubectl wait ... || kubectl describe ..., which turns a timeout into a success whenever kubectl describe exits 0. That masks controller startup failures and lets the test flow continue in a broken state, producing later failures that are harder to diagnose.
Useful? React with 👍 / 👎.
- Add Makefile target to download gVisor runsc and containerd-shim-runsc-v1 binaries - Include gVisor binaries in .gitignore to avoid tracking - Modify setup-gvisor target to depend on binaries download - Update Kind cluster config file path in Makefile to use new template location - Enhance Kind cluster creation commands to use downloaded binaries - Add environment variable KIND_CLUSTER support for gVisor tests - Improve command comments and error handling in gVisor test suite - Remove unused RenderTemplate function and unnecessary imports in helpers.go - Change relative directory comments from Chinese to English in tests
3 participants
Summary
Testing
Breaking Changes
Checklist