linode · komer3 · Mar 19, 2025 · Mar 8, 2025 · Mar 13, 2025 · Mar 13, 2025
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: csi-linode-node
+  namespace: kube-system
+status:
+  numberAvailable: ($nodes)
+  numberReady: ($nodes)
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: csi-linode-controller
+  namespace: kube-system
+status:
+  availableReplicas: 1
+  readyReplicas: 1
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: e2e-pod
+status:
+  containerStatuses:
+  - name: e2e-pod
+    ready: true
+    started: true
+  phase: Running
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: e2e-pod
+status:
+  containerStatuses:
+  - name: e2e-pod
+    ready: true
+    started: true
+  phase: Running
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-filesystem
+status:
+  capacity:
+    storage: 10Gi
+  phase: Bound
@@ -0,0 +1,173 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: pod-pvc-unexpected-reboot
+  labels:
+    all:
+    basic:
+spec:
+  concurrent: false
+  bindings:
+    - name: nodes
+      # number of nodes in cluster
+      value: (length(x_k8s_list($client, 'v1', 'Node', '').items))
+    - name: linode_url
+      value: (base64_decode(x_k8s_get($client, 'v1', 'Secret', 'kube-system', 'linode').data.apiurl || base64_encode('https://api.linode.com')))
+    - name: linode_token
+      value: (base64_decode(x_k8s_get($client, 'v1', 'Secret', 'kube-system', 'linode').data.token))
+  steps:
+    - name: Check if CSI Driver is deployed
+      try:
+        - assert:
+            file: assert-csi-driver-resources.yaml
+    - name: Create PVC and Pod
+      try:
+        - apply:
+            file: create-pvc-pod.yaml
+      catch:
+        - describe:
+            apiVersion: v1
+            kind: Pod
+        - describe:
+            apiVersion: v1
+            kind: PersistentVolumeClaim
+    - name: Check if Pod is ready and Volume is mounted
+      try:
+        - assert:
+            file: assert-pvc-pod.yaml
+      catch:
+        - describe:
+            apiVersion: v1
+            kind: PersistentVolumeClaim
+        - describe:
+            apiVersion: v1
+            kind: Pod
+    - name: Check if volume is create
+      try:
+        - script:
+            env:
+              - name: TARGET_API
+                value: ($linode_url)
+              - name: TARGET_API_VERSION
+                value: v4
+              - name: URI
+                value: volumes
+              - name: LINODE_TOKEN
+                value: ($linode_token)
+              - name: FILTER
+                value: (to_string({"tags":($namespace)}))
+            content: |
+              set -e
+              curl -s \
+                -H "Authorization: Bearer ${LINODE_TOKEN}" \
+                -H "X-Filter: $FILTER" \
+                -H "Content-Type: application/json" \
+                "${TARGET_API}/${TARGET_API_VERSION}/${URI}"
+            check:
+              ($error): ~
+              (json_parse($stdout)):
+                results: 1
+    - name: Create a file inside the pod and check it was created
+      try:
+        - script:
+            env:
+              - name: NAMESPACE
+                value: ($namespace)
+            content: |
+              kubectl exec -n $NAMESPACE e2e-pod -- sh -c "cd data && touch testfile" && \
+              kubectl exec -n $NAMESPACE e2e-pod -- sh -c "ls data"
+            check:
+              ($error): ~
+              (contains($stdout, 'testfile')): true
+
+    - name: Reboot the Node of the Pod e2e-pod
+      try:
+        - script:
+            env:
+              - name: NAMESPACE
+                value: ($namespace)
+            content: |
+              kubectl get pod e2e-pod -n $NAMESPACE -o jsonpath='{.spec.nodeName}'
+            outputs:
+              - name: nodeName
+                value: ($stdout)
+
+        # get bootid of the node
+        - script:
+            env:
+              - name: NODE_NAME
+                value: ($nodeName)
+            content: |
+              kubectl get node $NODE_NAME -o jsonpath='{.status.nodeInfo.bootID}'
+            check:
+              ($error): ~
+            outputs:
+              - name: bootId
+                value: ($stdout)
+        - script:
+            env:
+              - name: NODE_NAME
+                value: ($nodeName)
+              - name: NAMESPACE
+                value: ($namespace)
+            content: |
+              kubectl debug -n $NAMESPACE node/$NODE_NAME --profile=sysadmin --image=busybox -- chroot /host/ reboot --force
+        - assert:
+            resource:
+              apiVersion: v1
+              kind: Event
+              reason: NodeNotReady
+              source:
+                component: node-controller
+              involvedObject:
+                apiVersion: v1
+                kind: Pod
+                name: e2e-pod
+                namespace: ($namespace)
+        - wait:
+            apiVersion: v1
+            kind: Node
+            timeout: 120s
+            name: ($nodeName)
+            for:
+              condition:
+                name: Ready
+                value: "true"
+        # validate the bootid of the node changed
+        - script:
+            env:
+              - name: NODE_NAME
+                value: ($nodeName)
+            content: |
+              kubectl get node $NODE_NAME -o jsonpath='{.status.nodeInfo.bootID}'
+            check:
+              ($error): ~
+              ($stdout != ($bootId)): true
+
+    - name: Check if Pod is ready after reboot
+      try:
+        - wait:
+            apiVersion: v1
+            kind: Pod
+            name: e2e-pod
+            namespace: ($namespace)
+            timeout: 120s
+            for:
+              condition:
+                name: Ready
+                value: "true"
+        - script:
+            env:
+              - name: NAMESPACE
+                value: ($namespace)
+            content: |
+              kubectl exec -n $NAMESPACE e2e-pod -- sh -c "ls data"
+            check:
+              ($error): ~
+              (contains($stdout, 'testfile')): true
+      catch:
+        - describe:
+            apiVersion: v1
+            kind: Pod
@@ -0,0 +1,45 @@
+allowVolumeExpansion: true
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: (join('-', ['linode-block-storage', $namespace]))
+provisioner: linodebs.csi.linode.com
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+parameters:
+    linodebs.csi.linode.com/volumeTags: (to_string($namespace))
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-filesystem
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: (join('-', ['linode-block-storage', $namespace]))
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: e2e-pod
+spec:
+  containers:
+  - name: e2e-pod
+    image: ubuntu
+    command:
+    - sleep
+    - "1000000"
+    volumeMounts:
+    - mountPath: /data
+      name: csi-volume
+  tolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+  volumes:
+  - name: csi-volume
+    persistentVolumeClaim:
+      claimName: pvc-filesystem
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: csi-linode-node
+  namespace: kube-system
+status:
+  numberAvailable: ($nodes)
+  numberReady: ($nodes)
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: csi-linode-controller
+  namespace: kube-system
+status:
+  availableReplicas: 1
+  readyReplicas: 1
@@ -0,0 +1,7 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: redis-test
+status:
+  availableReplicas: 1
+  readyReplicas: 1