diff options
Diffstat (limited to 'test/shim')
| -rwxr-xr-x | test/shim/containerd-install.sh | 44 | ||||
| -rwxr-xr-x | test/shim/crictl-install.sh | 17 | ||||
| -rwxr-xr-x | test/shim/run-container.sh | 30 | ||||
| -rwxr-xr-x | test/shim/runsc-install.sh | 8 | ||||
| -rwxr-xr-x | test/shim/runtime-handler-shim-v2/install.sh | 21 | ||||
| -rwxr-xr-x | test/shim/runtime-handler-shim-v2/test.sh | 34 | ||||
| -rwxr-xr-x | test/shim/runtime-handler-shim-v2/validate.sh | 7 | ||||
| -rwxr-xr-x | test/shim/runtime-handler/install.sh | 24 | ||||
| -rwxr-xr-x | test/shim/runtime-handler/test.sh | 33 | ||||
| -rwxr-xr-x | test/shim/runtime-handler/usage.sh | 30 | ||||
| -rwxr-xr-x | test/shim/runtimeclass-install.sh | 33 | ||||
| -rwxr-xr-x | test/shim/shim-install.sh | 28 | ||||
| -rwxr-xr-x | test/shim/untrusted-workload/install.sh | 27 | ||||
| -rwxr-xr-x | test/shim/untrusted-workload/test.sh | 33 | ||||
| -rwxr-xr-x | test/shim/untrusted-workload/usage.sh | 33 | ||||
| -rwxr-xr-x | test/shim/validate.sh | 17 |
16 files changed, 0 insertions, 419 deletions
diff --git a/test/shim/containerd-install.sh b/test/shim/containerd-install.sh deleted file mode 100755 index 400819245..000000000 --- a/test/shim/containerd-install.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -# A script to install containerd and CNI plugins for e2e testing - -wget -q --https-only \ - https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz \ - https://github.com/containernetworking/plugins/releases/download/v0.7.0/cni-plugins-amd64-v0.7.0.tgz - -sudo mkdir -p /etc/containerd /etc/cni/net.d /opt/cni/bin -sudo tar -xvf cni-plugins-amd64-v0.7.0.tgz -C /opt/cni/bin/ -sudo tar -xvf containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz -C / - -cat <<EOF | sudo tee /etc/containerd/config.toml -disabled_plugins = ["restart"] -# Set to avoid port overlap on older versions of containerd where default is 10010. -[plugins.cri] - stream_server_port = "10011" -EOF - -cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conf -{ - "cniVersion": "0.3.1", - "name": "bridge", - "type": "bridge", - "bridge": "cnio0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "ranges": [ - [{"subnet": "10.200.0.0/24"}] - ], - "routes": [{"dst": "0.0.0.0/0"}] - } -} -EOF -cat <<EOF | sudo tee /etc/cni/net.d/99-loopback.conf -{ - "cniVersion": "0.3.1", - "type": "loopback" -} -EOF - -sudo PATH=$PATH containerd -log-level debug &>/tmp/containerd-cri.log & diff --git a/test/shim/crictl-install.sh b/test/shim/crictl-install.sh deleted file mode 100755 index 1d63c889b..000000000 --- a/test/shim/crictl-install.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# A sample script for installing crictl. - -set -ex - -{ # Step 1: Download crictl -wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz -tar xf crictl-v1.13.0-linux-amd64.tar.gz -sudo mv crictl /usr/local/bin -} - -{ # Step 2: Configure crictl -cat <<EOF | sudo tee /etc/crictl.yaml -runtime-endpoint: unix:///run/containerd/containerd.sock -EOF -} diff --git a/test/shim/run-container.sh b/test/shim/run-container.sh deleted file mode 100755 index 4595433c3..000000000 --- a/test/shim/run-container.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# A sample script to run a container in an existing pod - -set -ex - -{ # Step 1: Create nginx container config -cat <<EOF | tee container.json -{ - "metadata": { - "name": "nginx" - }, - "image":{ - "image": "nginx" - }, - "log_path":"nginx.0.log", - "linux": { - } -} -EOF -} - -{ # Step 2: Create nginx container -CONTAINER_ID=$(sudo crictl create ${SANDBOX_ID} container.json sandbox.json) -} - -{ # Step 3: Start nginx container -sudo crictl start ${CONTAINER_ID} -} - diff --git a/test/shim/runsc-install.sh b/test/shim/runsc-install.sh deleted file mode 100755 index 420fe01e9..000000000 --- a/test/shim/runsc-install.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# Sample script to install runsc - -wget -q --https-only \ - https://storage.googleapis.com/gvisor/releases/${RUNSC_VERSION}/runsc -chmod +x runsc -sudo mv runsc /usr/local/bin/ diff --git a/test/shim/runtime-handler-shim-v2/install.sh b/test/shim/runtime-handler-shim-v2/install.sh deleted file mode 100755 index af6b5be1e..000000000 --- a/test/shim/runtime-handler-shim-v2/install.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -# A sample script for installing and configuring the gvisor-containerd-shim to -# use the containerd runtime handler. - -set -ex - -{ # Step 1: Create containerd config.toml -cat <<EOF | sudo tee /etc/containerd/config.toml -disabled_plugins = ["restart"] -[plugins.linux] - shim_debug = true -[plugins.cri.containerd.runtimes.runsc] - runtime_type = "io.containerd.runsc.v1" -EOF -} - -{ # Step 2: Restart containerd -sudo pkill containerd -sudo containerd -log-level debug &> /tmp/containerd-cri.log & -} diff --git a/test/shim/runtime-handler-shim-v2/test.sh b/test/shim/runtime-handler-shim-v2/test.sh deleted file mode 100755 index e33655ec1..000000000 --- a/test/shim/runtime-handler-shim-v2/test.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -# Runs end-to-end tests for gvisor-containerd-shim to test the use of runtime -# handler. This should work on containerd 1.2+ - -# This is meant to be run in a VM as it makes a fairly invasive install of -# containerd. - -set -ex - -# Install containerd -. ./test/e2e/containerd-install.sh - -# Install gVisor -. ./test/e2e/runsc-install.sh - -# Install gvisor-containerd-shim -. ./test/e2e/shim-install.sh - -# Test installation/configuration -. ./test/e2e/runtime-handler-shim-v2/install.sh - -# Install crictl -. ./test/e2e/crictl-install.sh - -# Test usage (the same with runtime-handler) -. ./test/e2e/runtime-handler/usage.sh - -# Run a container in the sandbox -. ./test/e2e/run-container.sh - -# Validate the pod and container -. ./test/e2e/validate.sh -. ./test/e2e/runtime-handler-shim-v2/validate.sh diff --git a/test/shim/runtime-handler-shim-v2/validate.sh b/test/shim/runtime-handler-shim-v2/validate.sh deleted file mode 100755 index b74a059ef..000000000 --- a/test/shim/runtime-handler-shim-v2/validate.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -# A sample script to validating the running containerd-shim-runsc-v1. - -set -ex - -ps aux | grep [c]ontainerd-shim-runsc-v1 diff --git a/test/shim/runtime-handler/install.sh b/test/shim/runtime-handler/install.sh deleted file mode 100755 index ebe9d3580..000000000 --- a/test/shim/runtime-handler/install.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# A sample script for installing and configuring the gvisor-containerd-shim to -# use the containerd runtime handler. - -set -ex - -{ # Step 1: Create containerd config.toml -cat <<EOF | sudo tee /etc/containerd/config.toml -disabled_plugins = ["restart"] -[plugins.linux] - shim = "/usr/local/bin/gvisor-containerd-shim" - shim_debug = true -[plugins.cri.containerd.runtimes.runsc] - runtime_type = "io.containerd.runtime.v1.linux" - runtime_engine = "/usr/local/bin/runsc" - runtime_root = "/run/containerd/runsc" -EOF -} - -{ # Step 2: Restart containerd -sudo pkill containerd -sudo containerd -log-level debug &> /tmp/containerd-cri.log & -} diff --git a/test/shim/runtime-handler/test.sh b/test/shim/runtime-handler/test.sh deleted file mode 100755 index 99f3565b6..000000000 --- a/test/shim/runtime-handler/test.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# Runs end-to-end tests for gvisor-containerd-shim to test the use of runtime -# handler. This should work on containerd 1.2+ - -# This is meant to be run in a VM as it makes a fairly invasive install of -# containerd. - -set -ex - -# Install containerd -. ./test/e2e/containerd-install.sh - -# Install gVisor -. ./test/e2e/runsc-install.sh - -# Install gvisor-containerd-shim -. ./test/e2e/shim-install.sh - -# Test installation/configuration -. ./test/e2e/runtime-handler/install.sh - -# Install crictl -. ./test/e2e/crictl-install.sh - -# Test usage -. ./test/e2e/runtime-handler/usage.sh - -# Run a container in the sandbox -. ./test/e2e/run-container.sh - -# Validate the pod and container -. ./test/e2e/validate.sh diff --git a/test/shim/runtime-handler/usage.sh b/test/shim/runtime-handler/usage.sh deleted file mode 100755 index 350c720c2..000000000 --- a/test/shim/runtime-handler/usage.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# A sample script for testing the gvisor-containerd-shim -# using runtime handler. - -set -ex - -{ # Step 1: Pull the nginx image -sudo crictl pull nginx -} - -{ # Step 2: Create sandbox.json -cat <<EOF | tee sandbox.json -{ - "metadata": { - "name": "nginx-sandbox", - "namespace": "default", - "attempt": 1, - "uid": "hdishd83djaidwnduwk28bcsb" - }, - "linux": { - }, - "log_directory": "/tmp" -} -EOF -} - -{ # Step 3: Create the sandbox -SANDBOX_ID=$(sudo crictl runp --runtime runsc sandbox.json) -} diff --git a/test/shim/runtimeclass-install.sh b/test/shim/runtimeclass-install.sh deleted file mode 100755 index 28abbcd00..000000000 --- a/test/shim/runtimeclass-install.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# A sample script to test installing a RuntimeClass - -set -ex - -{ # Step 1: Install a RuntimeClass -cat <<EOF | kubectl apply -f - -apiVersion: node.k8s.io/v1beta1 -kind: RuntimeClass -metadata: - name: gvisor -handler: runsc -EOF -} - -{ # Step 2: Create a pod -cat <<EOF | kubectl apply -f - -apiVersion: v1 -kind: Pod -metadata: - name: nginx-gvisor -spec: - runtimeClassName: gvisor - containers: - - name: nginx - image: nginx -EOF -} - -{ # Step 3: Get the pod -kubectl get pod nginx-gvisor -o wide -} diff --git a/test/shim/shim-install.sh b/test/shim/shim-install.sh deleted file mode 100755 index f98455d46..000000000 --- a/test/shim/shim-install.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -# A sample script to install gvisor-containerd-shim - -set -ex - -# Build gvisor-containerd-shim -if [ "${INSTALL_LATEST}" == "1" ]; then -{ # Step 1(release): Install gvisor-containerd-shim -LATEST_RELEASE=$(wget -qO - https://api.github.com/repos/google/gvisor-containerd-shim/releases | grep -oP '(?<="browser_download_url": ")https://[^"]*gvisor-containerd-shim.linux-amd64' | head -1) -wget -O gvisor-containerd-shim ${LATEST_RELEASE} -chmod +x gvisor-containerd-shim -sudo mv gvisor-containerd-shim /usr/local/bin/gvisor-containerd-shim -} -else -{ # Step 1(dev): Build and install gvisor-containerd-shim and containerd-shim-runsc-v1 - make - sudo make install -} -fi - -{ # Step 2: Create the gvisor-containerd-shim.toml -cat <<EOF | sudo tee /etc/containerd/gvisor-containerd-shim.toml -# This is the path to the default runc containerd-shim. -runc_shim = "/usr/local/bin/containerd-shim" -EOF -} - diff --git a/test/shim/untrusted-workload/install.sh b/test/shim/untrusted-workload/install.sh deleted file mode 100755 index c4538aed1..000000000 --- a/test/shim/untrusted-workload/install.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -# A sample script for installing and configuring the gvisor-containerd-shim to -# use the untrusted workload extension. - -set -ex - -{ # Step 1: Create containerd config.toml -cat <<EOF | sudo tee /etc/containerd/config.toml -disabled_plugins = ["restart"] -[plugins.linux] - shim = "/usr/local/bin/gvisor-containerd-shim" - shim_debug = true -# Set to avoid port overlap on older versions of containerd where default is 10010. -[plugins.cri] - stream_server_port = "10011" -[plugins.cri.containerd.untrusted_workload_runtime] - runtime_type = "io.containerd.runtime.v1.linux" - runtime_engine = "/usr/local/bin/runsc" - runtime_root = "/run/containerd/runsc" -EOF -} - -{ # Step 2: Restart containerd -sudo pkill containerd -sudo containerd -log-level debug &>/tmp/containerd-cri.log & -} diff --git a/test/shim/untrusted-workload/test.sh b/test/shim/untrusted-workload/test.sh deleted file mode 100755 index 6e312cf6d..000000000 --- a/test/shim/untrusted-workload/test.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# Runs end-to-end tests for gvisor-containerd-shim to test using the -# untrusted workload extension. This should work on containerd 1.1+ - -# This is meant to be run in a VM as it makes a fairly invasive install of -# containerd. - -set -ex - -# Install containerd -. ./test/e2e/containerd-install.sh - -# Install gVisor -. ./test/e2e/runsc-install.sh - -# Install gvisor-containerd-shim -. ./test/e2e/shim-install.sh - -# Test installation/configuration -. ./test/e2e/untrusted-workload/install.sh - -# Install crictl -. ./test/e2e/crictl-install.sh - -# Test usage -. ./test/e2e/untrusted-workload/usage.sh - -# Run a container in the sandbox -. ./test/e2e/run-container.sh - -# Validate the pod and container -. ./test/e2e/validate.sh diff --git a/test/shim/untrusted-workload/usage.sh b/test/shim/untrusted-workload/usage.sh deleted file mode 100755 index db8206964..000000000 --- a/test/shim/untrusted-workload/usage.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# A sample script for testing the gvisor-containerd-shim # using untrusted -# workload extension. - -set -ex - -{ # Step 1: Pull the nginx image -sudo crictl pull nginx -} - -{ # Step 2: Create sandbox.json -cat <<EOF | tee sandbox.json -{ - "metadata": { - "name": "nginx-sandbox", - "namespace": "default", - "attempt": 1, - "uid": "hdishd83djaidwnduwk28bcsb" - }, - "annotations": { - "io.kubernetes.cri.untrusted-workload": "true" - }, - "linux": { - }, - "log_directory": "/tmp" -} -EOF -} - -{ # Step 3: Create the sandbox -SANDBOX_ID=$(sudo crictl runp sandbox.json) -} diff --git a/test/shim/validate.sh b/test/shim/validate.sh deleted file mode 100755 index b56b79d2a..000000000 --- a/test/shim/validate.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# A sample script to validate a running nginx container. - -set -ex - -{ # Step 1: Inspect the pod -sudo crictl inspectp ${SANDBOX_ID} -} - -{ # Step 2: Inspect the container -sudo crictl inspect ${CONTAINER_ID} -} - -{ # Step 3: Check dmesg -sudo crictl exec ${CONTAINER_ID} dmesg | grep -i gvisor -} |