From 8a5ba5fb34b913b68898243de220817e6f4600c9 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 14:44:40 +0000 Subject: [PATCH 1/9] tests: k8s: allow run_kubernetes_tests.sh exec Allow everyone to directly execute run_kubernetes_tests.sh, for easier local testing. Signed-off-by: Dan Mihai --- tests/integration/kubernetes/run_kubernetes_tests.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/integration/kubernetes/run_kubernetes_tests.sh diff --git a/tests/integration/kubernetes/run_kubernetes_tests.sh b/tests/integration/kubernetes/run_kubernetes_tests.sh old mode 100644 new mode 100755 From 1b4ef672ef484105df38388f92ffc6a6fa705d4e Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 15:40:14 +0000 Subject: [PATCH 2/9] tests: k8s: reduce namespace name duplication 1. Avoid repeating "kata-containers-k8s-tests". 2. Allow users to specify a different test namespace. 3. Introduce the TEST_CLUSTER_NAMESPACE variable, that will also be useful when auto-generating the Agent Policy for these tests. Signed-off-by: Dan Mihai --- tests/gha-run-k8s-common.sh | 18 ++++++++++++++++++ tests/integration/kubernetes/gha-run.sh | 14 ++++---------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/tests/gha-run-k8s-common.sh b/tests/gha-run-k8s-common.sh index 6cc9c2636..12128e902 100644 --- a/tests/gha-run-k8s-common.sh +++ b/tests/gha-run-k8s-common.sh @@ -269,3 +269,21 @@ function deploy_k8s() { echo "::endgroup::" } + +function set_test_cluster_namespace() { + # Delete any spurious tests namespace that was left behind + kubectl delete namespace "${TEST_CLUSTER_NAMESPACE}" &> /dev/null || true + + # Create a new namespace for the tests and switch to it + kubectl apply -f "${kubernetes_dir}/runtimeclass_workloads/tests-namespace.yaml" + kubectl config set-context --current --namespace="${TEST_CLUSTER_NAMESPACE}" +} + +function set_default_cluster_namespace() { + kubectl config set-context --current --namespace=default +} + +function delete_test_cluster_namespace() { + set_default_cluster_namespace + kubectl delete namespace "${TEST_CLUSTER_NAMESPACE}" +} diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index d8e8c92cf..df5abdada 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -20,6 +20,7 @@ KATA_DEPLOY_WAIT_TIMEOUT=${KATA_DEPLOY_WAIT_TIMEOUT:-10m} KATA_HYPERVISOR=${KATA_HYPERVISOR:-qemu} KUBERNETES="${KUBERNETES:-}" SNAPSHOTTER="${SNAPSHOTTER:-}" +export TEST_CLUSTER_NAMESPACE="${TEST_CLUSTER_NAMESPACE:-kata-containers-k8s-tests}" function configure_devmapper() { sudo mkdir -p /var/lib/containerd/devmapper @@ -103,8 +104,7 @@ function deploy_kata() { [ "$platform" = "kcli" ] && \ export KUBECONFIG="$HOME/.kcli/clusters/${CLUSTER_NAME:-kata-k8s}/auth/kubeconfig" - # Ensure we're in the default namespace - kubectl config set-context --current --namespace=default + set_default_cluster_namespace sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${DOCKER_REGISTRY}/${DOCKER_REPO}:${DOCKER_TAG}|g" "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" @@ -164,12 +164,7 @@ function run_tests() { [ "$platform" = "kcli" ] && \ export KUBECONFIG="$HOME/.kcli/clusters/${CLUSTER_NAME:-kata-k8s}/auth/kubeconfig" - # Delete any spurious tests namespace that was left behind - kubectl delete namespace kata-containers-k8s-tests &> /dev/null || true - - # Create a new namespace for the tests and switch to it - kubectl apply -f "${kubernetes_dir}/runtimeclass_workloads/tests-namespace.yaml" - kubectl config set-context --current --namespace=kata-containers-k8s-tests + set_test_cluster_namespace pushd "${kubernetes_dir}" bash setup.sh @@ -199,8 +194,7 @@ function cleanup() { fi # Switch back to the default namespace and delete the tests one - kubectl config set-context --current --namespace=default - kubectl delete namespace kata-containers-k8s-tests + delete_test_cluster_namespace if [ "${KUBERNETES}" = "k3s" ]; then deploy_spec="-k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/k3s"" From bf533de31a589c915a0122aadaf30dbede99e232 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 20:36:04 +0000 Subject: [PATCH 3/9] tests: k8s: add DEBUG support for test scripts Make these scripts easier to debug. Signed-off-by: Dan Mihai --- tests/integration/kubernetes/gha-run.sh | 3 +++ tests/integration/kubernetes/setup.sh | 3 +++ 2 files changed, 6 insertions(+) diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index df5abdada..55d512c84 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -8,6 +8,9 @@ set -o errexit set -o nounset set -o pipefail +DEBUG="${DEBUG:-}" +[ -n "$DEBUG" ] && set -x + kubernetes_dir="$(dirname "$(readlink -f "$0")")" source "${kubernetes_dir}/../../gha-run-k8s-common.sh" # shellcheck disable=2154 diff --git a/tests/integration/kubernetes/setup.sh b/tests/integration/kubernetes/setup.sh index 5c2c49bd8..35566e024 100755 --- a/tests/integration/kubernetes/setup.sh +++ b/tests/integration/kubernetes/setup.sh @@ -7,6 +7,9 @@ set -o errexit set -o nounset set -o pipefail +DEBUG="${DEBUG:-}" +[ -n "$DEBUG" ] && set -x + if [ -n "${K8S_TEST_POLICY_FILES:-}" ]; then K8S_TEST_POLICY_FILES=($K8S_TEST_POLICY_FILES) else From 24a17a2e1b016da2406b75ba78b91aacc44fb74b Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 23:27:26 +0000 Subject: [PATCH 4/9] tests: k8s: output the names of test files Output the names of test files, for easier search through logs. Signed-off-by: Dan Mihai --- tests/integration/kubernetes/run_kubernetes_tests.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/integration/kubernetes/run_kubernetes_tests.sh b/tests/integration/kubernetes/run_kubernetes_tests.sh index 6df7ffc88..6959f4962 100755 --- a/tests/integration/kubernetes/run_kubernetes_tests.sh +++ b/tests/integration/kubernetes/run_kubernetes_tests.sh @@ -139,14 +139,18 @@ test_successful_actions() { for K8S_TEST_ENTRY in ${K8S_TEST_UNION[@]} do info "$(kubectl get pods --all-namespaces 2>&1)" + info "Executing ${K8S_TEST_ENTRY}" bats --show-output-of-passing-tests "${K8S_TEST_ENTRY}" done } run_policy_specific_tests() { info "$(kubectl get pods --all-namespaces 2>&1)" + info "Executing k8s-exec-rejected.bats" bats --show-output-of-passing-tests k8s-exec-rejected.bats + info "$(kubectl get pods --all-namespaces 2>&1)" + info "Executing k8s-policy-set-keys.bats" bats --show-output-of-passing-tests k8s-policy-set-keys.bats } From 8aa8b70573ad6f16f3c8ffd056c90c0ee184720c Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 20:46:34 +0000 Subject: [PATCH 5/9] tests: k8s: add policy test utilities Add script functions useful for auto-generating and testing policy. Signed-off-by: Dan Mihai --- tests/integration/kubernetes/gha-run.sh | 1 + tests/integration/kubernetes/tests_common.sh | 96 ++++++++++++++++++++ 2 files changed, 97 insertions(+) diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index 55d512c84..b5a98778c 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -24,6 +24,7 @@ KATA_HYPERVISOR=${KATA_HYPERVISOR:-qemu} KUBERNETES="${KUBERNETES:-}" SNAPSHOTTER="${SNAPSHOTTER:-}" export TEST_CLUSTER_NAMESPACE="${TEST_CLUSTER_NAMESPACE:-kata-containers-k8s-tests}" +export AUTO_GENERATE_POLICY="${AUTO_GENERATE_POLICY:-no}" function configure_devmapper() { sudo mkdir -p /var/lib/containerd/devmapper diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh index b5fef531d..31760fbfa 100644 --- a/tests/integration/kubernetes/tests_common.sh +++ b/tests/integration/kubernetes/tests_common.sh @@ -88,3 +88,99 @@ exec_host() { echo "$(echo "${output}" | head -n -1)" return ${exit_code} } + +auto_generate_policy_enabled() { + [ "${AUTO_GENERATE_POLICY}" == "yes" ] +} + +# If auto-generated policy testing is enabled, make a copy of the genpolicy settings, +# and change these settings to use Kata CI cluster's default namespace. +create_common_genpolicy_settings() { + declare -r genpolicy_settings_dir="$1" + declare -r default_genpolicy_settings_dir="/opt/kata/share/defaults/kata-containers" + + auto_generate_policy_enabled || return 0 + + cp "${default_genpolicy_settings_dir}/genpolicy-settings.json" "${genpolicy_settings_dir}" + cp "${default_genpolicy_settings_dir}/rules.rego" "${genpolicy_settings_dir}" + + # Set the default namespace of Kata CI tests in the genpolicy settings. + info "${genpolicy_settings_dir}/genpolicy-settings.json: default namespace: ${test_cluster_namespace}" + jq --arg test_cluster_namespace "${test_cluster_namespace}" \ + '.cluster_config.default_namespace |= $test_cluster_namespace' \ + "${genpolicy_settings_dir}/genpolicy-settings.json" > \ + "${genpolicy_settings_dir}/new-genpolicy-settings.json" + mv "${genpolicy_settings_dir}/new-genpolicy-settings.json" "${genpolicy_settings_dir}/genpolicy-settings.json" +} + +# If auto-generated policy testing is enabled, make a copy of the common genpolicy settings +# described above into a temporary directory that will be used by the current test case. +create_tmp_policy_settings_dir() { + declare -r common_settings_dir="$1" + + auto_generate_policy_enabled || return 0 + + tmp_settings_dir=$(mktemp -d --tmpdir="${common_settings_dir}" genpolicy.XXXXXXXXXX) + cp "${common_settings_dir}/rules.rego" "${tmp_settings_dir}" + cp "${common_settings_dir}/genpolicy-settings.json" "${tmp_settings_dir}" + + echo "${tmp_settings_dir}" +} + +# Delete a directory created by create_tmp_policy_settings_dir. +delete_tmp_policy_settings_dir() { + local settings_dir="$1" + + auto_generate_policy_enabled || return 0 + + if [ -d "${settings_dir}" ]; then + info "Deleting ${settings_dir}" + rm -rf "${settings_dir}" + fi +} + +# Execute genpolicy to auto-generate policy for a test YAML file. +auto_generate_policy() { + declare -r settings_dir="$1" + declare -r yaml_file="$2" + declare -r config_map_yaml_file="$3" + + auto_generate_policy_enabled || return 0 + + local genpolicy_command="RUST_LOG=info /opt/kata/bin/genpolicy -u -y ${yaml_file}" + genpolicy_command+=" -p ${settings_dir}/rules.rego" + genpolicy_command+=" -j ${settings_dir}/genpolicy-settings.json" + + if [ ! -z "${config_map_yaml_file}" ]; then + genpolicy_command+=" -c ${config_map_yaml_file}" + fi + + info "Executing: ${genpolicy_command}" + eval "${genpolicy_command}" +} + +# Change genpolicy settings to allow "kubectl exec" to execute a command +# and to read console output from a test pod. +add_exec_to_policy_settings() { + declare -r settings_dir="$1" + declare -r allowed_exec="$2" + + auto_generate_policy_enabled || return 0 + + # Change genpolicy settings to allow kubectl to exec the command specified by the caller. + info "${settings_dir}/genpolicy-settings.json: allowing exec: ${allowed_exec}" + jq --arg allowed_exec "${allowed_exec}" \ + '.request_defaults.ExecProcessRequest.commands |= . + [$allowed_exec]' \ + "${settings_dir}/genpolicy-settings.json" > \ + "${settings_dir}/new-genpolicy-settings.json" + mv "${settings_dir}/new-genpolicy-settings.json" \ + "${settings_dir}/genpolicy-settings.json" + + # Change genpolicy settings to allow kubectl to read the output of the command being executed. + info "${settings_dir}/genpolicy-settings.json: allowing ReadStreamRequest" + jq '.request_defaults.ReadStreamRequest |= true' \ + "${settings_dir}"/genpolicy-settings.json > \ + "${settings_dir}"/new-genpolicy-settings.json + mv "${settings_dir}"/new-genpolicy-settings.json \ + "${settings_dir}"/genpolicy-settings.json +} From 05b2e4f6061be22da8d4d98ad166ba9a304c18e8 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 21:00:15 +0000 Subject: [PATCH 6/9] tests: k8s: install genpolicy Install the genpolicy app before starting test execution. Signed-off-by: Dan Mihai --- tests/common.bash | 19 +++++++++++++++---- tests/integration/kubernetes/gha-run.sh | 8 ++------ 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/tests/common.bash b/tests/common.bash index fe95dcbbc..175ee8efc 100644 --- a/tests/common.bash +++ b/tests/common.bash @@ -371,11 +371,10 @@ log_level = "debug" EOF } -function install_kata() { - local kata_tarball="kata-static.tar.xz" - declare -r katadir="/opt/kata" +function install_kata_common() { + declare -r katadir="$1" declare -r destdir="/" - declare -r local_bin_dir="/usr/local/bin/" + declare -r kata_tarball="kata-static.tar.xz" # Removing previous kata installation sudo rm -rf "${katadir}" @@ -383,6 +382,18 @@ function install_kata() { pushd "${kata_tarball_dir}" sudo tar -xvf "${kata_tarball}" -C "${destdir}" popd +} + +function install_kata_tools() { + declare -r katadir="/opt/kata" + install_kata_common "${katadir}" +} + +function install_kata() { + declare -r katadir="/opt/kata" + declare -r local_bin_dir="/usr/local/bin/" + + install_kata_common "${katadir}" # create symbolic links to kata components for b in "${katadir}"/bin/* ; do diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index b5a98778c..11ab90d5e 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -15,6 +15,7 @@ kubernetes_dir="$(dirname "$(readlink -f "$0")")" source "${kubernetes_dir}/../../gha-run-k8s-common.sh" # shellcheck disable=2154 tools_dir="${repo_root_dir}/tools" +kata_tarball_dir="${2:-kata-artifacts}" DOCKER_REGISTRY=${DOCKER_REGISTRY:-quay.io} DOCKER_REPO=${DOCKER_REPO:-kata-containers/kata-deploy-ci} @@ -233,11 +234,6 @@ function cleanup() { kubectl delete -f "${tools_dir}/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml" } -install_kata_tools_placeholder() { - echo "Kata tools will be installed (for the genpolicy app)"\ - "after CI picks up the gha yaml changes required to test that installation." -} - function deploy_snapshotter() { echo "::group::Deploying ${SNAPSHOTTER:-}" #TODO Add the deployment logic for the snapshotter in PR https://github.com/kata-containers/kata-containers/pull/8585. @@ -265,7 +261,7 @@ function main() { setup-crio) setup_crio ;; deploy-k8s) deploy_k8s ;; install-bats) install_bats ;; - install-kata-tools) install_kata_tools_placeholder ;; + install-kata-tools) install_kata_tools ;; install-kubectl) install_kubectl ;; get-cluster-credentials) get_cluster_credentials ;; deploy-kata-aks) deploy_kata "aks" ;; From 0de407f8b73ed2caf69205b6b859fbfa45a084f2 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 21:35:18 +0000 Subject: [PATCH 7/9] tests: k8s: enable AUTO_GENERATE_POLICY Enable AUTO_GENERATE_POLICY for one of the Kata CI K8s test platforms. Additional platforms will be enabled after testing them. When AUTO_GENERATE_POLICY is enabled, create genpolicy settings that are common for all tests. Some of the tests will make temporary copies of these common settings and customize them as needed. Signed-off-by: Dan Mihai --- tests/integration/kubernetes/gha-run.sh | 5 +++++ tests/integration/kubernetes/setup.sh | 15 +++++++++++---- tests/integration/kubernetes/tests_common.sh | 6 +++--- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index 11ab90d5e..bf2b5d78f 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -169,6 +169,11 @@ function run_tests() { [ "$platform" = "kcli" ] && \ export KUBECONFIG="$HOME/.kcli/clusters/${CLUSTER_NAME:-kata-k8s}/auth/kubeconfig" + # Enable auto-generated policy for CI images that support policy. + # + # TODO: enable testing auto-generated policy for other types of hosts too. + [ "${KATA_HOST_OS}" = "cbl-mariner" ] && export AUTO_GENERATE_POLICY="yes" + set_test_cluster_namespace pushd "${kubernetes_dir}" diff --git a/tests/integration/kubernetes/setup.sh b/tests/integration/kubernetes/setup.sh index 35566e024..5bf9ac649 100755 --- a/tests/integration/kubernetes/setup.sh +++ b/tests/integration/kubernetes/setup.sh @@ -19,22 +19,29 @@ else ) fi -kubernetes_dir=$(dirname "$(readlink -f "$0")") +declare -r kubernetes_dir=$(dirname "$(readlink -f "$0")") source "${kubernetes_dir}/../../common.bash" +source "${kubernetes_dir}/tests_common.sh" reset_workloads_work_dir() { rm -rf ${kubernetes_dir}/runtimeclass_workloads_work cp -R ${kubernetes_dir}/runtimeclass_workloads ${kubernetes_dir}/runtimeclass_workloads_work - copy_test_policy_files + setup_policy_files } -copy_test_policy_files() { - local kata_opa_dir="${kubernetes_dir}/../../../src/kata-opa" +setup_policy_files() { + declare -r kata_opa_dir="${kubernetes_dir}/../../../src/kata-opa" + declare -r workloads_work_dir="${kubernetes_dir}/runtimeclass_workloads_work" + # Copy hard-coded policy files used for basic policy testing. for policy_file in ${K8S_TEST_POLICY_FILES[@]} do cp "${kata_opa_dir}/${policy_file}" ${kubernetes_dir}/runtimeclass_workloads_work/ done + + # For testing more sophisticated policies, create genpolicy settings that are common for all tests. + # Some of the tests will make temporary copies of these common settings and customize them as needed. + create_common_genpolicy_settings "${workloads_work_dir}" } add_kernel_initrd_annotations_to_yaml() { diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh index 31760fbfa..a7e3397cc 100644 --- a/tests/integration/kubernetes/tests_common.sh +++ b/tests/integration/kubernetes/tests_common.sh @@ -105,9 +105,9 @@ create_common_genpolicy_settings() { cp "${default_genpolicy_settings_dir}/rules.rego" "${genpolicy_settings_dir}" # Set the default namespace of Kata CI tests in the genpolicy settings. - info "${genpolicy_settings_dir}/genpolicy-settings.json: default namespace: ${test_cluster_namespace}" - jq --arg test_cluster_namespace "${test_cluster_namespace}" \ - '.cluster_config.default_namespace |= $test_cluster_namespace' \ + info "${genpolicy_settings_dir}/genpolicy-settings.json: default namespace: ${TEST_CLUSTER_NAMESPACE}" + jq --arg TEST_CLUSTER_NAMESPACE "${TEST_CLUSTER_NAMESPACE}" \ + '.cluster_config.default_namespace |= $TEST_CLUSTER_NAMESPACE' \ "${genpolicy_settings_dir}/genpolicy-settings.json" > \ "${genpolicy_settings_dir}/new-genpolicy-settings.json" mv "${genpolicy_settings_dir}/new-genpolicy-settings.json" "${genpolicy_settings_dir}/genpolicy-settings.json" From dd16bc393f10fd8fe3b2007b3b22deefa4ea8185 Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Thu, 1 Feb 2024 21:42:23 +0000 Subject: [PATCH 8/9] tests: k8s: k8s-attach-handlers generated policy Automatically generate the test policy for k8s-attach-handlers.bats, if AUTO_GENERATE_POLICY is enabled. Steps: - Create a temporary directory for the current test and copy the common genpolicy settings into this new directory. - Change genpolicy settings in the temp directory to allow the "kubectl exec" command that this test needs. (For CoCo, exec is blocked by the default policy settings) - Auto-generate the policy for the test YAML file. - Test as usual, using the YAML file. - Clean-up the temporary settings described above. Fixes: #8921 Signed-off-by: Dan Mihai --- .../kubernetes/k8s-attach-handlers.bats | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/tests/integration/kubernetes/k8s-attach-handlers.bats b/tests/integration/kubernetes/k8s-attach-handlers.bats index 10a7a0f19..fa38534ed 100644 --- a/tests/integration/kubernetes/k8s-attach-handlers.bats +++ b/tests/integration/kubernetes/k8s-attach-handlers.bats @@ -15,28 +15,39 @@ setup() { pod_name="handlers" get_pod_config_dir + yaml_file="${pod_config_dir}/test-lifecycle-events.yaml" + + # Create yaml + sed -e "s/\${nginx_version}/${nginx_image}/" \ + "${pod_config_dir}/lifecycle-events.yaml" > "${yaml_file}" + + # Add policy to yaml + policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")" + display_message="cat /usr/share/message" + exec_command="sh -c ${display_message}" + add_exec_to_policy_settings "${policy_settings_dir}" "${exec_command}" + auto_generate_policy "${policy_settings_dir}" "${yaml_file}" } @test "Running with postStart and preStop handlers" { - # Create yaml - sed -e "s/\${nginx_version}/${nginx_image}/" \ - "${pod_config_dir}/lifecycle-events.yaml" > "${pod_config_dir}/test-lifecycle-events.yaml" - # Create the pod with postStart and preStop handlers - kubectl create -f "${pod_config_dir}/test-lifecycle-events.yaml" + kubectl create -f "${yaml_file}" # Check pod creation kubectl wait --for=condition=Ready --timeout=$timeout pod $pod_name # Check postStart message - display_message="cat /usr/share/message" - check_postStart=$(kubectl exec $pod_name -- sh -c "$display_message" | grep "Hello from the postStart handler") + check_postStart=$(kubectl exec $pod_name -- sh -c "$display_message") + echo "check_postStart=$check_postStart" + echo "$check_postStart" | grep "Hello from the postStart handler" } teardown(){ # Debugging information kubectl describe "pod/$pod_name" - rm -f "${pod_config_dir}/test-lifecycle-events.yaml" + rm -f "${yaml_file}" kubectl delete pod "$pod_name" + + delete_tmp_policy_settings_dir "${policy_settings_dir}" } From 6b5e57f7c7e554ee9dfc454e3191badabf2bfd0d Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Tue, 6 Feb 2024 20:32:41 +0000 Subject: [PATCH 9/9] tests: k8s: address PR review feedback 1. Rename install_kata_common to install_kata_core. 2. Add TODO for better way to install the Kata tools. Signed-off-by: Dan Mihai --- tests/common.bash | 8 +++++--- tests/integration/kubernetes/gha-run.sh | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/common.bash b/tests/common.bash index 175ee8efc..812d2227a 100644 --- a/tests/common.bash +++ b/tests/common.bash @@ -371,7 +371,7 @@ log_level = "debug" EOF } -function install_kata_common() { +function install_kata_core() { declare -r katadir="$1" declare -r destdir="/" declare -r kata_tarball="kata-static.tar.xz" @@ -386,14 +386,16 @@ function install_kata_common() { function install_kata_tools() { declare -r katadir="/opt/kata" - install_kata_common "${katadir}" + + # TODO: implement a better way to install the tools - see issue #8864. + install_kata_core "${katadir}" } function install_kata() { declare -r katadir="/opt/kata" declare -r local_bin_dir="/usr/local/bin/" - install_kata_common "${katadir}" + install_kata_core "${katadir}" # create symbolic links to kata components for b in "${katadir}"/bin/* ; do diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index bf2b5d78f..92599418d 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -24,8 +24,8 @@ KATA_DEPLOY_WAIT_TIMEOUT=${KATA_DEPLOY_WAIT_TIMEOUT:-10m} KATA_HYPERVISOR=${KATA_HYPERVISOR:-qemu} KUBERNETES="${KUBERNETES:-}" SNAPSHOTTER="${SNAPSHOTTER:-}" -export TEST_CLUSTER_NAMESPACE="${TEST_CLUSTER_NAMESPACE:-kata-containers-k8s-tests}" export AUTO_GENERATE_POLICY="${AUTO_GENERATE_POLICY:-no}" +export TEST_CLUSTER_NAMESPACE="${TEST_CLUSTER_NAMESPACE:-kata-containers-k8s-tests}" function configure_devmapper() { sudo mkdir -p /var/lib/containerd/devmapper