PoAn Yang created YUNIKORN-1977:
-----------------------------------
Summary: Add user info e2e test with an non kube-admin user
Key: YUNIKORN-1977
URL: https://issues.apache.org/jira/browse/YUNIKORN-1977
Project: Apache YuniKorn
Issue Type: Test
Components: test - e2e
Reporter: PoAn Yang
Assignee: PoAn Yang
Currently, we always use default kubeconfig to test it, so the user will be
`kube-admin`. It's good to add an e2e test with non kube-admin user and check
the `User` field.
1. Create a new user.
{code:java}
kubectl create serviceaccount test-user{code}
2. Create a secret token.
{code:java}
kubectl create -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: test-user-sa-token
annotations:
kubernetes.io/service-account.name: test-user
type: kubernetes.io/service-account-token
EOF{code}
3. Create a cluster role binding.
{code:java}
cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: test-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: test-user
namespace: default
EOF {code}
4. Get values.
{code:java}
export USER_TOKEN_VALUE=$(kubectl get secret/test-user-sa-token
-o=go-template='{{.data.token}}' | base64 --decode)
export CURRENT_CONTEXT=$(kubectl config current-context)
export CURRENT_CLUSTER=$(kubectl config view --raw -o=go-template='{{range
.contexts}}{{if eq .name "'''${CURRENT_CONTEXT}'''"}}{{ index .context
"cluster" }}{{end}}{{end}}')
export CLUSTER_CA=$(kubectl config view --raw -o=go-template='{{range
.clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}"{{with index .cluster
"certificate-authority-data" }}{{.}}{{end}}"{{ end }}{{ end }}')
export CLUSTER_SERVER=$(kubectl config view --raw -o=go-template='{{range
.clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}{{ .cluster.server
}}{{end}}{{ end }}') {code}
5. Create a new kubeconfig.
{code:java}
cat << EOF > test-user-config
apiVersion: v1
kind: Config
current-context: ${CURRENT_CONTEXT}
contexts:
- name: ${CURRENT_CONTEXT}
context:
cluster: ${CURRENT_CONTEXT}
user: test-user
clusters:
- name: ${CURRENT_CONTEXT}
cluster:
certificate-authority-data: ${CLUSTER_CA}
server: ${CLUSTER_SERVER}
users:
- name: test-user
user:
token: ${USER_TOKEN_VALUE}
EOF {code}
6. Create a pod.
{code:java}
cat << EOF > kubectl --kubeconfig $(pwd)/test-user-config apply -f -
apiVersion: v1
kind: Pod
metadata:
labels:
applicationId: app-sleep
name: test-sleep
spec:
containers:
- command:
- sleep
- "300"
image: alpine:latest
imagePullPolicy: IfNotPresent
name: sleepcontainer
resources:
requests:
cpu: 100m
memory: 300Mi
restartPolicy: Always
schedulerName: yunikorn
EOF{code}
7. Get the pod and check whether `test-user` is in the
`yunikorn.apache.org/user.info` annotation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
