Add seccomp validation tests #135
Conversation
k8s-ci-robot
added
size/L
feiskyer
force-pushed
the
seccomp-validation
branch
from
5567c9e
to
a3e5a1a
Compare
|
CI failed because dockerd installed doesn't support seccomp: seccomp profiles are not supported on this daemon, you cannot specify a custom seccomp profile. |
feiskyer
force-pushed
the
seccomp-validation
branch
5 times, most recently
from
1ba74a9
to
bc15b03
Compare
feiskyer
force-pushed
the
seccomp-validation
branch
from
bc15b03
to
a8bf593
Compare
feiskyer
force-pushed
the
seccomp-validation
branch
from
a8bf593
to
253de44
Compare
| sudo apt-get -y install "docker-engine=17.03.1~ce-0~ubuntu-$(lsb_release -cs)" | ||
|
|
||
| # docker debs don't support seccomp, so we install a static version instead. | ||
| curl -sSL -o docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-17.03.1-ce.tgz |
There was a problem hiding this comment.
Cool! :) Ref moby/moby#22870
| sudo sh -c 'echo "deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main" > /etc/apt/sources.list.d/docker.list' | ||
| curl -fsSL https://apt.dockerproject.org/gpg | sudo apt-key add - | ||
| sudo apt-key fingerprint 58118E89F3A912897C070ADBF76221572C52609D | ||
| sudo apt-get update | ||
| sudo apt-get -y install "docker-engine=1.13.1-0~ubuntu-$(lsb_release -cs)" | ||
| sudo apt-get -y install "docker-engine=17.03.1~ce-0~ubuntu-$(lsb_release -cs)" |
There was a problem hiding this comment.
Do we still need this given that we are using static version now.
There was a problem hiding this comment.
this is for manage docker service, e.g. we could restart docker with service docker restart command. Or else, we need to manage service by ourself, e.g. if docker is started in first stage, we need to kill dockerd and start again in second stage.
There was a problem hiding this comment.
Another question is that why do we use docker 17.03? There is no available 1.13 static binary?
There was a problem hiding this comment.
yep, didn't found 1.13 static binary. 17.03 is the oldest one and also will be supported in kuberentes 1.8.
There was a problem hiding this comment.
@feiskyer I don't think 17.03 is supported in Kubernetes 1.8, but yeah I also checked, 17.03 is the oldest one.
I'm fine with testing it for now. We'll be setting up CRI validation in Kubernetes test infra soon, we could test against docker 1.13 then.
There was a problem hiding this comment.
I don't think 17.03 is supported in Kubernetes 1.8
There was a problem hiding this comment.
If so, it means that https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/system/types.go#L162 needs to be updated.
@yguo0905 told me that docker 1.13 is the newest version.
There was a problem hiding this comment.
Sorry, I should have mentioned that they are the same minor release. Created kubernetes/kubernetes#52666 to add 17.03 support to the spec.
|
@feiskyer LGTM with one question. |
Random-Liu
added
the
lgtm
Part of #24: Add seccomp validation tests.