feat(kubetest2): Add support for Bottlerocket

aws · Jan 13, 2025 · bdb931e · bdb931e
1 parent e022ac3
commit bdb931e
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 8 deletions.
diff --git a/internal/deployers/eksapi/templates/templates.go b/internal/deployers/eksapi/templates/templates.go
@@ -54,10 +54,11 @@ var (
 )
 
 type UserDataTemplateData struct {
-	Name                 string
-	CertificateAuthority string
-	CIDR                 string
-	APIServerEndpoint    string
+	Name                               string
+	CertificateAuthority               string
+	CIDR                               string
+	APIServerEndpoint                  string
+	DeviceOwnershipFromSecurityContext string
 }
 
 var (

diff --git a/internal/deployers/eksapi/templates/userdata_bottlerocket.toml.template b/internal/deployers/eksapi/templates/userdata_bottlerocket.toml.template
@@ -2,6 +2,7 @@
 "cluster-name" = "{{.Name}}"
 "api-server" = "{{.APIServerEndpoint}}"
 "cluster-certificate" = "{{.CertificateAuthority}}"
+device-ownership-from-security-context = {{.DeviceOwnershipFromSecurityContext}}
 
 [settings.host-containers.admin]
 "enabled" = true
diff --git a/internal/deployers/eksapi/userdata.go b/internal/deployers/eksapi/userdata.go
@@ -10,6 +10,7 @@ import (
 
 func generateUserData(format string, cluster *Cluster) (string, bool, error) {
 	userDataIsMimePart := true
+	deviceOwnershipFromSecurityContext := "false"
 	var t *template.Template
 	switch format {
 	case "bootstrap.sh":
@@ -20,15 +21,17 @@ func generateUserData(format string, cluster *Cluster) (string, bool, error) {
 	case "bottlerocket":
 		t = templates.UserDataBottlerocket
 		userDataIsMimePart = false
+		deviceOwnershipFromSecurityContext = "true"
 	default:
 		return "", false, fmt.Errorf("uknown user data format: '%s'", format)
 	}
 	buf := bytes.Buffer{}
 	if err := t.Execute(&buf, templates.UserDataTemplateData{
-		APIServerEndpoint:    cluster.endpoint,
-		CertificateAuthority: cluster.certificateAuthorityData,
-		CIDR:                 cluster.cidr,
-		Name:                 cluster.name,
+		APIServerEndpoint:                  cluster.endpoint,
+		CertificateAuthority:               cluster.certificateAuthorityData,
+		CIDR:                               cluster.cidr,
+		Name:                               cluster.name,
+		DeviceOwnershipFromSecurityContext: deviceOwnershipFromSecurityContext,
 	}); err != nil {
 		return "", false, err
 	}

diff --git a/test/cases/neuron/manifests/multi-node-test-neuron.yaml b/test/cases/neuron/manifests/multi-node-test-neuron.yaml
@@ -84,6 +84,10 @@ spec:
       replicas: {{.WorkerNodeCount}}
       template:
         spec:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 2000
+            fsGroup: 3000
           containers:
           - image: {{.NeuronTestImage}}
             ports:

diff --git a/test/cases/neuron/manifests/single-node-test-neuronx.yaml b/test/cases/neuron/manifests/single-node-test-neuronx.yaml
@@ -27,4 +27,8 @@ spec:
             memory: 1Gi
             aws.amazon.com/neuron: "1"
       restartPolicy: Never
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 2000
+        fsGroup: 3000
   backoffLimit: 4