[
https://issues.apache.org/jira/browse/YUNIKORN-1977?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Bacsko updated YUNIKORN-1977:
-----------------------------------
Target Version: 1.7.0 (was: 1.6.0)
> Add user info e2e test with an non kube-admin user
> --------------------------------------------------
>
> Key: YUNIKORN-1977
> URL: https://issues.apache.org/jira/browse/YUNIKORN-1977
> Project: Apache YuniKorn
> Issue Type: Test
> Components: test - e2e
> Reporter: PoAn Yang
> Assignee: PoAn Yang
> Priority: Minor
>
> Currently, we always use default kubeconfig to test user info, so the user
> will be `kube-admin`. It's good to add an e2e test with non kube-admin user
> and check the `User` field.
>
> 1. Create a new user.
>
> {code:java}
> kubectl create serviceaccount test-user{code}
>
> 2. Create a secret token.
> {code:java}
> kubectl create -f - <<EOF
> apiVersion: v1
> kind: Secret
> metadata:
> name: test-user-sa-token
> annotations:
> kubernetes.io/service-account.name: test-user
> type: kubernetes.io/service-account-token
> EOF{code}
> 3. Create a cluster role binding.
> {code:java}
> cat << EOF | kubectl apply -f -
> apiVersion: rbac.authorization.k8s.io/v1
> kind: ClusterRoleBinding
> metadata:
> name: test-user
> roleRef:
> apiGroup: rbac.authorization.k8s.io
> kind: ClusterRole
> name: cluster-admin
> subjects:
> - kind: ServiceAccount
> name: test-user
> namespace: default
> EOF {code}
> 4. Get values.
> {code:java}
> export USER_TOKEN_VALUE=$(kubectl get secret/test-user-sa-token
> -o=go-template='{{.data.token}}' | base64 --decode)
> export CURRENT_CONTEXT=$(kubectl config current-context)
> export CURRENT_CLUSTER=$(kubectl config view --raw -o=go-template='{{range
> .contexts}}{{if eq .name "'''${CURRENT_CONTEXT}'''"}}{{ index .context
> "cluster" }}{{end}}{{end}}')
> export CLUSTER_CA=$(kubectl config view --raw -o=go-template='{{range
> .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}"{{with index .cluster
> "certificate-authority-data" }}{{.}}{{end}}"{{ end }}{{ end }}')
> export CLUSTER_SERVER=$(kubectl config view --raw -o=go-template='{{range
> .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}{{ .cluster.server
> }}{{end}}{{ end }}') {code}
> 5. Create a new kubeconfig.
> {code:java}
> cat << EOF > test-user-config
> apiVersion: v1
> kind: Config
> current-context: ${CURRENT_CONTEXT}
> contexts:
> - name: ${CURRENT_CONTEXT}
> context:
> cluster: ${CURRENT_CONTEXT}
> user: test-user
> clusters:
> - name: ${CURRENT_CONTEXT}
> cluster:
> certificate-authority-data: ${CLUSTER_CA}
> server: ${CLUSTER_SERVER}
> users:
> - name: test-user
> user:
> token: ${USER_TOKEN_VALUE}
> EOF {code}
> 6. Create a pod.
> {code:java}
> cat << EOF > kubectl --kubeconfig $(pwd)/test-user-config apply -f -
> apiVersion: v1
> kind: Pod
> metadata:
> labels:
> applicationId: app-sleep
> name: test-sleep
> spec:
> containers:
> - command:
> - sleep
> - "300"
> image: alpine:latest
> imagePullPolicy: IfNotPresent
> name: sleepcontainer
> resources:
> requests:
> cpu: 100m
> memory: 300Mi
> restartPolicy: Always
> schedulerName: yunikorn
> EOF{code}
> 7. Get the pod and check whether `test-user` is in the
> `yunikorn.apache.org/user.info` annotation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
