[no-relnote] Add E2E for containerd

[ArangoGutierrez]

No description provided.

[Copilot]

Pull Request Overview

This PR adds comprehensive E2E testing for containerd runtime configuration alongside existing Docker testing infrastructure. The changes introduce a nested container testing framework that allows running tests inside containers to validate NVIDIA Container Toolkit behavior in containerized environments.

• Adds new E2E tests for containerd drop-in configuration functionality
• Introduces nvidia-cdi-refresh systemd unit testing
• Implements nested container runner infrastructure for isolated testing

Reviewed Changes

Copilot reviewed 9 out of 32 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/go.mod	Adds new dependencies for UUID generation and test utilities
tests/e2e/runner.go	Implements nested container runner with Docker installation and CTK setup
tests/e2e/nvidia-ctk_containerd_test.go	New comprehensive containerd E2E test suite
tests/e2e/nvidia-ctk_docker_test.go	Refactors to use shared runner infrastructure and fixes macOS compatibility
tests/e2e/nvidia-cdi-refresh_test.go	New systemd unit tests for CDI refresh functionality
tests/e2e/nvidia-container-cli_test.go	Refactors to use nested container runner
tests/e2e/installer.go	Adds containerd installation template and additional flags support
tests/e2e/e2e_test.go	Centralizes test runner initialization in BeforeSuite
tests/e2e/Makefile	Documents new test categories

[ArangoGutierrez]

Builds on #1235

Doesn't include #1311 tests for that should be added as a follow up

[coveralls]

Pull Request Test Coverage Report for Build 18005738357

Details

• 0 of 1 (0.0%) changed or added relevant line in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.006%) to 36.277%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/config/engine/containerd/config_drop_in.go	0	1	0.0%

Totals
Change from base Build 17981864462:	0.006%
Covered Lines:	4827
Relevant Lines:	13306

---

💛 - Coveralls

[ArangoGutierrez]

I'll mark this PR as ready for review once #1235 is merged

[ArangoGutierrez]

I'll mark this PR as ready for review once #1235 is merged

Rebased

[ArangoGutierrez]

Rebased

[elezar]

Instead of the nolint let's just drop the return values.

Suggested change

	runner.Run(fmt.Sprintf("docker rm -f %s 2>/dev/null || true", containerName)) //nolint:errcheck
	_, _, _ = runner.Run(fmt.Sprintf("docker rm -f %s 2>/dev/null || true", containerName))

Does it mak sense to at least WARN if the cleanup fails? The || true doesn't ensure that the test doesn't fail, the fact that we don't check the return value does that.

[elezar]

Why not just make a copy of the original config and restore that after / before each test?

[elezar]

Is there a way to check containerd health?

[elezar]

As I mentioned in person, we are nolonger triggering the configuration of containerd with the current installation mechanism.

[elezar]

I actually think that config dump prints that ACTUAL paths of all files processed.

[elezar]

These should definitely be VERSION specific checks.

[elezar]

Having tests that pass in multiple states are prone to be flaky. Please pick the format for the version of containerd that we have installed by default and use that. This makes the differences between SPECIFIC containerd versions more obvious when reading the tests.

[elezar]

Where do we toggle this behaviour? It is disabled by default.

[elezar]

Once again, thsi should be version-specific.

[elezar]

--set-as-default=false is not specified. It is the default.

[elezar]

Note that we don't strictly speaking need a custom runtime to test the behaviour of NOT overriding the default.

[elezar]

How are we configuring with the drop-in config in this case?

[elezar]

nit: We're not on a Kubernetes node.

[ArangoGutierrez]

edited

[elezar]

Let's definitely just use string concatenation here. I would even go so far as to say that we should just duplicate the command every time we want to run it.

[elezar]

Why are we removing and creating this folder? Does this not contradict us restoring the backups in BeforeEach?

[ArangoGutierrez]

Agreed, adopted

[elezar]

Are theses values relevant? Should we check that the applied config includes these settings for the nvidia runtime?

[elezar]

This is a very BROAD check.

[elezar]

That's not what this checks. For example the SystemdCgroups setting is not checked.

[Copilot]

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

[elezar]

There are still some unanswered questions below.

Also, the intent of this PR is to test how the merged configs are handled by different containerd versions. I don't feel as if this really achieve this since we're only ever testing the version of containerd that is included in the kind node image.

Can one parameterize the test for 1.7.x and 2.0 so that we can validate the behavior there? (I'm happy to do this as a follow-up, but it would be good to understand how we would handle the expected differences).

[elezar]

What about /etc/containerd/config.toml (if it exists)?

[ArangoGutierrez]

done

[elezar]

nit: Why reference KIND at all? We only selected the kind nodes since this was the simplest way to get containerd running in a container.

Suggested change

	When("configuring containerd on a KIND node", func() {
	When("configuring containerd", func() {

[ArangoGutierrez]

done

[elezar]

As called out a number of times, this check is too broad. We should capture the differences between different containerd versions explicitly.

[ArangoGutierrez]

we now check depending on the config version

[elezar]

This is only true for containerd versions that INCLUDE the default /etc/containerd/conf.d imports.

[elezar]

Can we please load the output config as toml and check specific values instead of checking substrings.

[ArangoGutierrez]

we now parse the TOML and run the checks from it

[elezar]

How is this a Kind setting? Does the kind node ALWAYS use systemd cgroups?

[ArangoGutierrez]

KIND comes with a preconfigured containerd config.toml file.

[elezar]

Why are we doing this? The nvidia-ctk runtime configure command should do this in cases where the imports directive does not exist.

[elezar]

Question: Does gomega have an EqualValue matcher so that we don't have to worry about the type?

(Alternatively, just update the type of env.configVersion to be int64).

[elezar]

This is a sideeffect of the config dump command and does not reflect the actual content of the config file. One question I do have is why we're using validateImports here and not for the non v2 case?

[elezar]

Why is the version relevant here?

[elezar]

Why don't we use GetPath? or Get("containerd.default_runtime_name")?

[elezar]

Under which conditions do we ever call this with anything other than a toml.Tree?

[elezar]

This seems like something that we can check quite simply at the call site -- especially since we seem to mostly call this with runtimeType == "".

[elezar]

When is this ever io.containerd.nvidia.v1? Where does this list come from?

[elezar]

We never seem to call this with expectedType == "nvidia" what is the purpose of this branch?

[elezar]

Could we use a gomega ContainsElements or ConsistsOf instead?

[elezar]

Could you please explain why this is even required? The nvidia-ctk will create this file if it does not exist. It really should not be needed to create this before the tests.

[elezar]

Why do we need this IN addition to restartContainerdAndWait? Is there a reason that we can't just call that here if required?

[elezar]

Should we REMOVE /etc/containerd/config.toml if /tmp/containerd-config.toml.backup does not exist?