Merge pull request #9678 from AdithyaKrishnan/main

TEEs: Skip a few CI tests for SEV/SNP
2025-08-31 16:36:38 +00:00 · 2024-06-04 23:42:51 +02:00
parent ba30f0804a 72dc823059
commit 138ef2c55f
9 changed files with 17 additions and 12 deletions
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -247,8 +247,8 @@ DEFSHAREDFS_QEMU_VIRTIOFS := virtio-fs
 DEFSHAREDFS_QEMU_COCO_DEV_VIRTIOFS := virtio-9p
 DEFSHAREDFS_STRATOVIRT_VIRTIOFS := virtio-fs
 DEFSHAREDFS_QEMU_TDX_VIRTIOFS := none
-DEFSHAREDFS_QEMU_SEV_VIRTIOFS := virtio-9p
-DEFSHAREDFS_QEMU_SNP_VIRTIOFS := virtio-9p
+DEFSHAREDFS_QEMU_SEV_VIRTIOFS := none
+DEFSHAREDFS_QEMU_SNP_VIRTIOFS := none
 DEFVIRTIOFSDAEMON := $(LIBEXECDIR)/virtiofsd
 DEFVALIDVIRTIOFSDAEMONPATHS := [\"$(DEFVIRTIOFSDAEMON)\"]
 # Default DAX mapping cache size in MiB
--- a/tests/integration/kubernetes/gha-run.sh
+++ b/tests/integration/kubernetes/gha-run.sh
@@ -444,7 +444,7 @@ function cleanup() {
 	fi

 	# Switch back to the default namespace and delete the tests one
-	delete_test_cluster_namespace
+	delete_test_cluster_namespace || true

 	cleanup_kata_deploy
 }
--- a/tests/integration/kubernetes/k8s-kill-all-process-in-container.bats
+++ b/tests/integration/kubernetes/k8s-kill-all-process-in-container.bats
@@ -9,7 +9,8 @@ load "${BATS_TEST_DIRNAME}/../../common.bash"
 load "${BATS_TEST_DIRNAME}/tests_common.sh"

 setup() {
-	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" ]] && \
+	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" || \
+		"${KATA_HYPERVISOR}" = "qemu-sev" || "${KATA_HYPERVISOR}" = "qemu-snp" ]] && \
 		skip "See: https://github.com/kata-containers/kata-containers/issues/9664"

 	pod_name="busybox"
@@ -42,7 +43,8 @@ setup() {
 }

 teardown() {
-	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" ]] && \
+	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" || \
+		"${KATA_HYPERVISOR}" = "qemu-sev" || "${KATA_HYPERVISOR}" = "qemu-snp" ]] && \
 		skip "See: https://github.com/kata-containers/kata-containers/issues/9664"

 	# Debugging information
--- a/tests/integration/kubernetes/k8s-shared-volume.bats
+++ b/tests/integration/kubernetes/k8s-shared-volume.bats
@@ -42,7 +42,8 @@ setup() {
 }

@test "initContainer with shared volume" {
-	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" ]] && \
+	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" || \
+		"${KATA_HYPERVISOR}" = "qemu-sev" || "${KATA_HYPERVISOR}" = "qemu-snp" ]] && \
 		skip "See: https://github.com/kata-containers/kata-containers/issues/9668"

 	pod_name="initcontainer-shared-volume"
--- a/tests/integration/kubernetes/k8s-sysctls.bats
+++ b/tests/integration/kubernetes/k8s-sysctls.bats
@@ -9,7 +9,8 @@ load "${BATS_TEST_DIRNAME}/../../common.bash"
 load "${BATS_TEST_DIRNAME}/tests_common.sh"

 setup() {
-	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" ]] && \
+	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" || \
+		"${KATA_HYPERVISOR}" = "qemu-sev" || "${KATA_HYPERVISOR}" = "qemu-snp" ]] && \
 		skip "See: https://github.com/kata-containers/kata-containers/issues/9666"

 	pod_name="sysctl-test"
@@ -33,7 +34,8 @@ setup() {
 }

 teardown() {
-	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" ]] && \
+	[[ "${KATA_HYPERVISOR}" = "qemu-tdx" || "${KATA_HYPERVISOR}" = "qemu-coco-dev" || \
+		"${KATA_HYPERVISOR}" = "qemu-sev" || "${KATA_HYPERVISOR}" = "qemu-snp" ]] && \
 		skip "See: https://github.com/kata-containers/kata-containers/issues/9666"

 	# Debugging information
--- a/tests/integration/kubernetes/runtimeclass_workloads/pod-file-volume.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/pod-file-volume.yaml
@@ -19,7 +19,7 @@ spec:
      type: File
  containers:
  - name: busybox-file-volume-container
-    image: busybox
+    image: quay.io/prometheus/busybox:latest
    volumeMounts:
    - name: shared-file
      mountPath: MOUNT_PATH
--- a/tests/integration/kubernetes/runtimeclass_workloads/pod-readonly-volume.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/pod-readonly-volume.yaml
@@ -18,7 +18,7 @@ spec:
      type: Directory
  containers:
  - name: busybox-ro-volume-container
-    image: busybox
+    image: quay.io/prometheus/busybox:latest
    volumeMounts:
    - name: shared-data
      mountPath: /tmp
--- a/tests/integration/kubernetes/setup.sh
+++ b/tests/integration/kubernetes/setup.sh
@@ -115,7 +115,7 @@ add_runtime_handler_annotations() {
 	fi

 	case "${KATA_HYPERVISOR}" in
-		qemu-tdx|qemu-coco-dev)
+		qemu-coco-dev | qemu-sev | qemu-snp | qemu-tdx)
 			info "Add runtime handler annotations for ${KATA_HYPERVISOR}"
 			local handler_value="kata-${KATA_HYPERVISOR}"
 			for K8S_TEST_YAML in runtimeclass_workloads_work/*.yaml
--- a/tests/integration/kubernetes/tests_common.sh
+++ b/tests/integration/kubernetes/tests_common.sh
@@ -111,7 +111,7 @@ exec_host() {
 	# [bats-exec-test:38] INFO: k8s configured to use runtimeclass
 	# bash: line 1: $'\r': command not found
 	# ```
-	output="$(kubectl debug -qit "node/${node}" --image=alpine:latest -- chroot /host bash -c "${command}" | tr -d '\r')"
+	output="$(kubectl debug -qit "node/${node}" --image=ghcr.io/linuxcontainers/alpine:latest -- chroot /host bash -c "${command}" | tr -d '\r')"

 	# Get the updated list of debugger pods.
 	declare -a new_debugger_pods=( $(kubectl get pods -o name | grep node-debugger) )