1
#!/usr/bin/env bats -*- bats -*-
9
capabilities='{"drop":["CAP_FOWNER","CAP_SETFCAP"]}'
13
python3 -c 'import yaml
16
json.dump(yaml.safe_load(sys.stdin), sys.stdout)'
22
@test "podman kube generate - usage message" {
23
run_podman kube generate --help
24
is "$output" ".*podman.* kube generate \[options\] {CONTAINER...|POD...|VOLUME...}"
25
run_podman generate kube --help
26
is "$output" ".*podman.* generate kube \[options\] {CONTAINER...|POD...|VOLUME...}"
29
@test "podman kube generate - container" {
30
cname=c$(random_string 15)
31
run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname $IMAGE top
32
run_podman kube generate $cname
35
assert "$output" !~ "Kubernetes only allows 63 characters"
37
json=$(yaml2json <<<"$output")
55
metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
56
metadata.labels.app | = | ${cname}-pod
57
metadata.name | = | ${cname}-pod
59
spec.containers[0].command | = | [\"top\"]
60
spec.containers[0].image | = | $IMAGE
61
spec.containers[0].name | = | $cname
63
spec.containers[0].securityContext.capabilities | = | $capabilities
69
while read key op expect; do
70
actual=$(jq -r -c ".$key" <<<"$json")
71
assert "$actual" $op "$expect" ".$key"
72
done < <(parse_table "$expect")
77
@test "podman kube generate unmasked" {
78
KUBE=$PODMAN_TMPDIR/kube.yaml
79
run_podman create --name test --security-opt unmask=all $IMAGE
80
run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test
81
is "$output" "[unmask=all]" "Inspect should see unmask all"
82
run_podman kube generate test -f $KUBE
83
assert "$(< $KUBE)" =~ "procMount: Unmasked" "Generated kube yaml should have procMount unmasked"
84
run_podman kube play $KUBE
85
run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test-pod-test
86
is "$output" "[unmask=all]" "Inspect kube play container should see unmask all"
87
run_podman kube down $KUBE
90
run_podman rmi $(pause_image)
93
@test "podman kube generate - pod" {
94
local pname=p$(random_string 15)
95
local cname1=c1$(random_string 15)
96
local cname2=c2$(random_string 15)
98
run_podman pod create --name $pname --publish 9999:8888
104
run_podman 125 kube generate $pname
105
assert "$output" =~ "Error: .* only has an infra container"
107
run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname1 --pod $pname $IMAGE top
108
run_podman container create --name $cname2 --pod $pname $IMAGE bottom
109
run_podman kube generate $pname
111
json=$(yaml2json <<<"$output")
119
metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
120
metadata.labels.app | = | ${pname}
121
metadata.name | = | ${pname}
123
spec.hostname | = | null
125
spec.containers[0].command | = | [\"top\"]
126
spec.containers[0].image | = | $IMAGE
127
spec.containers[0].name | = | $cname1
128
spec.containers[0].ports[0].containerPort | = | 8888
129
spec.containers[0].ports[0].hostPort | = | 9999
130
spec.containers[0].resources | = | null
132
spec.containers[1].command | = | [\"bottom\"]
133
spec.containers[1].image | = | $IMAGE
134
spec.containers[1].name | = | $cname2
135
spec.containers[1].ports | = | null
136
spec.containers[1].resources | = | null
138
spec.containers[0].securityContext.capabilities | = | $capabilities
143
while read key op expect; do
144
actual=$(jq -r -c ".$key" <<<"$json")
145
assert "$actual" $op "$expect" ".$key"
146
done < <(parse_table "$expect")
148
run_podman rm $cname1 $cname2
149
run_podman pod rm $pname
150
run_podman rmi $(pause_image)
153
@test "podman kube generate - deployment" {
154
skip_if_remote "containersconf needs to be set on server side"
155
local pname=p$(random_string 15)
156
local cname1=c1$(random_string 15)
157
local cname2=c2$(random_string 15)
159
run_podman pod create --name $pname
160
run_podman container create --name $cname1 --pod $pname $IMAGE top
161
run_podman container create --name $cname2 --pod $pname $IMAGE bottom
163
containersconf=$PODMAN_TMPDIR/containers.conf
164
cat >$containersconf <<EOF
166
kube_generate_type="deployment"
168
CONTAINERS_CONF_OVERRIDE=$containersconf run_podman kube generate $pname
170
json=$(yaml2json <<<"$output")
176
apiVersion | = | apps/v1
179
metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
180
metadata.labels.app | = | ${pname}
181
metadata.name | = | ${pname}-deployment
184
while read key op expect; do
185
actual=$(jq -r -c ".$key" <<<"$json")
186
assert "$actual" $op "$expect" ".$key"
187
done < <(parse_table "$expect")
189
run_podman rm $cname1 $cname2
190
run_podman pod rm $pname
191
run_podman rmi $(pause_image)