diff --git a/pkg/kwok/server/debugging_logs.go b/pkg/kwok/server/debugging_logs.go index 4413b56f3..2a70c0202 100644 --- a/pkg/kwok/server/debugging_logs.go +++ b/pkg/kwok/server/debugging_logs.go @@ -51,7 +51,6 @@ func (s *Server) GetContainerLogs(ctx context.Context, podName, podNamespace, co } if m := log.Mapping; m != nil { - logOptions.Container = m.Container return s.logsMappingToContainer(ctx, m.Namespace, m.Name, logOptions, stdout) } diff --git a/test/e2e/attach_mapping.go b/test/e2e/attach_mapping.go index 17af90685..08cc24d14 100644 --- a/test/e2e/attach_mapping.go +++ b/test/e2e/attach_mapping.go @@ -22,6 +22,7 @@ import ( "testing" corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/e2e-framework/klient/k8s/resources" "sigs.k8s.io/e2e-framework/pkg/envconf" @@ -40,7 +41,37 @@ func CaseAttachMapping(nodeName, namespace string) *features.FeatureBuilder { WithNamespace(namespace). WithNodeName(nodeName). Build() - + role := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-attach-role", + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"pods/attach"}, + Verbs: []string{"get", "watch", "create"}, + }, + }, + } + roleBinding := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-attach-role-binding", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: "kwok-controller", + Namespace: "kube-system", + }, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "Role", + Name: "kwok-controller-attach-role", + }, + } return features.New("Pod Attach Mapping"). Setup(helper.CreateNode(node)). Setup(helper.CreatePod(pod0)). @@ -89,6 +120,18 @@ func CaseAttachMapping(nodeName, namespace string) *features.FeatureBuilder { _ = client.Delete(ctx, ca) }() + err = client.Create(ctx, role) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, role) + + err = client.Create(ctx, roleBinding) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, roleBinding) + buf := bytes.NewBuffer(nil) cmd, err := exec.Command(exec.WithAllWriteTo(exec.WithFork(ctx, true), buf), "kubectl", "attach", "-n", namespace, "pod0") if err != nil { diff --git a/test/e2e/exec_mapping.go b/test/e2e/exec_mapping.go index d397b2b30..3be45e1ff 100644 --- a/test/e2e/exec_mapping.go +++ b/test/e2e/exec_mapping.go @@ -22,6 +22,7 @@ import ( "testing" corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/e2e-framework/klient/k8s/resources" "sigs.k8s.io/e2e-framework/pkg/envconf" @@ -41,6 +42,38 @@ func CaseExecMapping(nodeName, namespace string) *features.FeatureBuilder { WithNodeName(nodeName). Build() + role := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-exec-role", + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"pods/exec"}, + Verbs: []string{"get", "watch", "create"}, + }, + }, + } + roleBinding := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-exec-role-binding", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: "kwok-controller", + Namespace: "kube-system", + }, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "Role", + Name: "kwok-controller-exec-role", + }, + } + return features.New("Pod Exec Mapping"). Setup(helper.CreateNode(node)). Setup(helper.CreatePod(pod0)). @@ -89,6 +122,18 @@ func CaseExecMapping(nodeName, namespace string) *features.FeatureBuilder { _ = client.Delete(ctx, ce) }() + err = client.Create(ctx, role) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, role) + + err = client.Create(ctx, roleBinding) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, roleBinding) + buf := bytes.NewBuffer(nil) cmd, err := exec.Command(exec.WithAllWriteTo(exec.WithFork(ctx, true), buf), "kubectl", "exec", "-n", namespace, "pod0", "--", "env") if err != nil { diff --git a/test/e2e/logs_mapping.go b/test/e2e/logs_mapping.go index 92a5f8d3d..3a4978d94 100644 --- a/test/e2e/logs_mapping.go +++ b/test/e2e/logs_mapping.go @@ -27,6 +27,7 @@ import ( "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/features" + rbacv1 "k8s.io/api/rbac/v1" "sigs.k8s.io/kwok/pkg/apis/v1alpha1" "sigs.k8s.io/kwok/pkg/utils/exec" "sigs.k8s.io/kwok/test/e2e/helper" @@ -40,7 +41,37 @@ func CaseLogsMapping(nodeName, namespace string) *features.FeatureBuilder { WithNamespace(namespace). WithNodeName(nodeName). Build() - + role := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-log-role", + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"pods/log"}, + Verbs: []string{"get", "watch", "list"}, + }, + }, + } + roleBinding := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-log-rolebinding", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: "kwok-controller", + Namespace: "kube-system", + }, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "Role", + Name: "kwok-controller-log-role", + APIGroup: "rbac.authorization.k8s.io", + }, + } return features.New("Pod Logs Mapping"). Setup(helper.CreateNode(node)). Setup(helper.CreatePod(pod0)). @@ -89,8 +120,19 @@ func CaseLogsMapping(nodeName, namespace string) *features.FeatureBuilder { _ = client.Delete(ctx, cl) }() - buf := bytes.NewBuffer(nil) + err = client.Create(ctx, role) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, role) + err = client.Create(ctx, roleBinding) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, roleBinding) + + buf := bytes.NewBuffer(nil) cmd, err := exec.Command(exec.WithAllWriteTo(exec.WithFork(ctx, true), buf), "kubectl", "logs", "-f", "-n", namespace, "pod0") if err != nil { t.Fatal(err) diff --git a/test/e2e/port_forward_mapping.go b/test/e2e/port_forward_mapping.go index eaeb0ae41..cc7b803ca 100644 --- a/test/e2e/port_forward_mapping.go +++ b/test/e2e/port_forward_mapping.go @@ -24,6 +24,7 @@ import ( "time" corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/e2e-framework/klient/k8s/resources" "sigs.k8s.io/e2e-framework/pkg/envconf" @@ -42,7 +43,30 @@ func CasePortForwardMapping(nodeName, namespace string) *features.FeatureBuilder WithNamespace(namespace). WithNodeName(nodeName). Build() - + role := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-port-forward-role", + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"pods/portforward"}, + Verbs: []string{"get", "watch", "create"}, + }, + }, + } + roleBinding := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-system", + Name: "kwok-controller-port-forward-role-binding", + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "Role", + Name: "kwok-controller-port-forward-role", + }, + } return features.New("Pod Port Forward Mapping"). Setup(helper.CreateNode(node)). Setup(helper.CreatePod(pod0)). @@ -91,6 +115,18 @@ func CasePortForwardMapping(nodeName, namespace string) *features.FeatureBuilder _ = client.Delete(ctx, cl) }() + err = client.Create(ctx, role) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, role) + + err = client.Create(ctx, roleBinding) + if err != nil { + t.Fatal(err) + } + defer client.Delete(ctx, roleBinding) + cmd, err := exec.Command(exec.WithFork(ctx, true), "kubectl", "port-forward", "-n", namespace, "pod0", "8080:8080") if err != nil { t.Fatal(err)