diff --git a/charts/aws-efs-csi-driver/templates/controller-deployment.yaml b/charts/aws-efs-csi-driver/templates/controller-deployment.yaml index cc354896c..a46901023 100644 --- a/charts/aws-efs-csi-driver/templates/controller-deployment.yaml +++ b/charts/aws-efs-csi-driver/templates/controller-deployment.yaml @@ -27,7 +27,6 @@ spec: annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: - hostNetwork: true {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} diff --git a/charts/aws-efs-csi-driver/templates/node-daemonset.yaml b/charts/aws-efs-csi-driver/templates/node-daemonset.yaml index fabcffdb7..9b7cc7dc1 100644 --- a/charts/aws-efs-csi-driver/templates/node-daemonset.yaml +++ b/charts/aws-efs-csi-driver/templates/node-daemonset.yaml @@ -47,7 +47,6 @@ spec: {{- with .Values.node.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - hostNetwork: true dnsPolicy: {{ .Values.node.dnsPolicy }} {{- with .Values.node.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/deploy/kubernetes/base/controller-deployment.yaml b/deploy/kubernetes/base/controller-deployment.yaml index 49e9ec262..08ad518eb 100644 --- a/deploy/kubernetes/base/controller-deployment.yaml +++ b/deploy/kubernetes/base/controller-deployment.yaml @@ -21,7 +21,6 @@ spec: app.kubernetes.io/name: aws-efs-csi-driver app.kubernetes.io/instance: kustomize spec: - hostNetwork: true nodeSelector: kubernetes.io/os: linux serviceAccountName: efs-csi-controller-sa diff --git a/deploy/kubernetes/base/node-daemonset.yaml b/deploy/kubernetes/base/node-daemonset.yaml index de00328f7..8d5261e7b 100644 --- a/deploy/kubernetes/base/node-daemonset.yaml +++ b/deploy/kubernetes/base/node-daemonset.yaml @@ -31,7 +31,6 @@ spec: operator: NotIn values: - fargate - hostNetwork: true dnsPolicy: ClusterFirst serviceAccountName: efs-csi-node-sa priorityClassName: system-node-critical diff --git a/hack/e2e/run.sh b/hack/e2e/run.sh index 28cc74ed9..677e808dd 100755 --- a/hack/e2e/run.sh +++ b/hack/e2e/run.sh @@ -49,10 +49,10 @@ IMAGE_TAG=${IMAGE_TAG:-${TEST_ID}} # kops: must include patch version (e.g. 1.19.1) # eksctl: mustn't include patch version (e.g. 1.19) -K8S_VERSION_KOPS=${K8S_VERSION_KOPS:-${K8S_VERSION:-1.26.2}} -K8S_VERSION_EKSCTL=${K8S_VERSION_EKSCTL:-${K8S_VERSION:-1.25}} +K8S_VERSION_KOPS=${K8S_VERSION_KOPS:-${K8S_VERSION:-1.27.3}} +K8S_VERSION_EKSCTL=${K8S_VERSION_EKSCTL:-${K8S_VERSION:-1.27}} -KOPS_VERSION=${KOPS_VERSION:-1.26.2} +KOPS_VERSION=${KOPS_VERSION:-1.27.0-beta.3} KOPS_STATE_FILE=${KOPS_STATE_FILE:-s3://k8s-kops-csi-e2e} KOPS_PATCH_FILE=${KOPS_PATCH_FILE:-./hack/kops-patch.yaml} KOPS_PATCH_NODE_FILE=${KOPS_PATCH_NODE_FILE:-./hack/kops-patch-node.yaml} diff --git a/hack/kops-patch-node.yaml b/hack/kops-patch-node.yaml new file mode 100644 index 000000000..c919fc31b --- /dev/null +++ b/hack/kops-patch-node.yaml @@ -0,0 +1,4 @@ +spec: + instanceMetadata: + httpTokens: optional + httpPutResponseHopLimit: 3 \ No newline at end of file diff --git a/hack/kops-patch.yaml b/hack/kops-patch.yaml index 05c8ee5cc..a25ddfe61 100644 --- a/hack/kops-patch.yaml +++ b/hack/kops-patch.yaml @@ -8,8 +8,14 @@ spec: "elasticfilesystem:CreateAccessPoint", "elasticfilesystem:DeleteAccessPoint", "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeAccessPoints" + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeMountTargets", + "ec2:DescribeAvailabilityZones" ], "Resource": "*" } ] + + cloudConfig: + awsEBSCSIDriver: + managed: true \ No newline at end of file diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index a3d5ea3d2..b010bfbed 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -3,24 +3,23 @@ package e2e import ( "context" "fmt" - "k8s.io/apimachinery/pkg/util/rand" "os" + "strconv" + "strings" "time" + "k8s.io/apimachinery/pkg/util/rand" + "github.com/onsi/ginkgo/v2" v1 "k8s.io/api/core/v1" storagev1 "k8s.io/api/storage/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/sets" clientset "k8s.io/client-go/kubernetes" "k8s.io/kubernetes/test/e2e/framework" - e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2epod "k8s.io/kubernetes/test/e2e/framework/pod" - e2evolume "k8s.io/kubernetes/test/e2e/framework/volume" storageframework "k8s.io/kubernetes/test/e2e/storage/framework" "k8s.io/kubernetes/test/e2e/storage/testsuites" "k8s.io/kubernetes/test/e2e/storage/utils" @@ -274,56 +273,45 @@ var _ = ginkgo.Describe("[efs-csi] EFS CSI", func() { framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(f.ClientSet, pod.Name, f.Namespace.Name), "waiting for pod running") }) - ginkgo.It("should continue reading/writing without hanging after the driver pod is restarted", func() { - ginkgo.By(fmt.Sprintf("Creating efs pvc & pv")) - pvc, pv, err := createEFSPVCPV(f.ClientSet, f.Namespace.Name, f.Namespace.Name, "", map[string]string{}) - framework.ExpectNoError(err, "creating efs pvc & pv") - defer func() { - _ = f.ClientSet.CoreV1().PersistentVolumes().Delete(context.TODO(), pv.Name, metav1.DeleteOptions{}) - }() + ginkgo.It("should continue reading/writing without interruption after the driver pod is restarted", func() { + FILEPATH := "/mnt/testfile.txt" + TEST_DURATION := 30 * time.Second - node, err := e2enode.GetRandomReadySchedulableNode(f.ClientSet) - framework.ExpectNoError(err, "getting random ready schedulable node") - command := fmt.Sprintf("touch /mnt/volume1/%s-%s && trap exit TERM; while true; do sleep 1; done", f.Namespace.Name, time.Now().Format(time.RFC3339)) + ginkgo.By("Creating EFS PVC and associated PV") + pvc, pv, err := createEFSPVCPV(f.ClientSet, f.Namespace.Name, f.Namespace.Name, "", map[string]string{}) + framework.ExpectNoError(err) + defer f.ClientSet.CoreV1().PersistentVolumes().Delete(context.TODO(), pv.Name, metav1.DeleteOptions{}) - ginkgo.By(fmt.Sprintf("Creating pod on node %q to mount pvc %q and run %q", node.Name, pvc.Name, command)) - pod := e2epod.MakePod(f.Namespace.Name, nil, []*v1.PersistentVolumeClaim{pvc}, false, command) - pod.Spec.NodeName = node.Name + ginkgo.By("Deploying a pod to write data") + pod := e2epod.MakePod(f.Namespace.Name, nil, []*v1.PersistentVolumeClaim{pvc}, false, fmt.Sprintf("while true; do date +%%s >> %s; sleep 1; done", FILEPATH)) pod, err = f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(context.TODO(), pod, metav1.CreateOptions{}) - framework.ExpectNoError(err, "creating pod") - framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(f.ClientSet, pod.Name, f.Namespace.Name), "waiting for pod running") + framework.ExpectNoError(err) + framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(f.ClientSet, pod.Name, f.Namespace.Name)) + defer f.ClientSet.CoreV1().Pods(f.Namespace.Name).Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) - ginkgo.By(fmt.Sprintf("Getting driver pod on node %q", node.Name)) - labelSelector := labels.SelectorFromSet(EfsDriverLabelSelectors).String() - fieldSelector := fields.SelectorFromSet(fields.Set{"spec.nodeName": node.Name}).String() - podList, err := f.ClientSet.CoreV1().Pods(EfsDriverNamespace).List( - context.TODO(), - metav1.ListOptions{ - LabelSelector: labelSelector, - FieldSelector: fieldSelector, - }) - framework.ExpectNoError(err, "getting driver pod") - framework.ExpectEqual(len(podList.Items), 1, "expected 1 efs csi node pod but got %d", len(podList.Items)) - driverPod := podList.Items[0] - - ginkgo.By(fmt.Sprintf("Deleting driver pod %q on node %q", driverPod.Name, node.Name)) - err = e2epod.DeletePodWithWaitByName(f.ClientSet, driverPod.Name, EfsDriverNamespace) - framework.ExpectNoError(err, "deleting driver pod") - - ginkgo.By(fmt.Sprintf("Execing a write via the pod on node %q", node.Name)) - command = fmt.Sprintf("touch /mnt/volume1/%s-%s", f.Namespace.Name, time.Now().Format(time.RFC3339)) - done := make(chan bool) - go func() { - defer ginkgo.GinkgoRecover() - e2evolume.VerifyExecInPodSucceed(f, pod, command) - done <- true - }() - select { - case <-done: - framework.Logf("verified exec in pod succeeded") - case <-time.After(30 * time.Second): - framework.Failf("timed out verifying exec in pod succeeded") + ginkgo.By("Triggering a restart for the EFS CSI Node DaemonSet") + _, err = framework.RunKubectl("kube-system", "rollout", "restart", "daemonset", "efs-csi-node") + framework.ExpectNoError(err) + + time.Sleep(TEST_DURATION) + + ginkgo.By("Validating no interruption") + content, err := framework.RunKubectl(f.Namespace.Name, "exec", pod.Name, "--", "/bin/sh", "-c", fmt.Sprintf("cat %s", FILEPATH)) + framework.ExpectNoError(err) + + lines := strings.Split(strings.TrimSpace(content), "\n") + for i := 0; i < len(lines)-1; i++ { + current, errCurr := strconv.ParseInt(lines[i], 10, 64) + next, errNext := strconv.ParseInt(lines[i+1], 10, 64) + + framework.ExpectNoError(errCurr) + framework.ExpectNoError(errNext) + + if next-current > 1 { + framework.Failf("Detected an interruption. Time gap: %d seconds.", next-current) + } } + }) testEncryptInTransit := func(f *framework.Framework, encryptInTransit *bool) { diff --git a/vendor/k8s.io/kubernetes/test/e2e/testing-manifests/storage-csi/gce-pd/controller_ss.yaml b/vendor/k8s.io/kubernetes/test/e2e/testing-manifests/storage-csi/gce-pd/controller_ss.yaml index a34c8d112..488e07e1d 100644 --- a/vendor/k8s.io/kubernetes/test/e2e/testing-manifests/storage-csi/gce-pd/controller_ss.yaml +++ b/vendor/k8s.io/kubernetes/test/e2e/testing-manifests/storage-csi/gce-pd/controller_ss.yaml @@ -17,7 +17,6 @@ spec: # since it replaces GCE Metadata Server with GKE Metadata Server. Remove # this requirement when issue is resolved and before any exposure of # metrics ports - hostNetwork: true serviceAccountName: csi-gce-pd-controller-sa containers: - name: csi-snapshotter