diff --git a/tests/integration/kubernetes/confidential_common.sh b/tests/integration/kubernetes/confidential_common.sh index 648d544151..2ae6a978f4 100644 --- a/tests/integration/kubernetes/confidential_common.sh +++ b/tests/integration/kubernetes/confidential_common.sh @@ -206,4 +206,17 @@ function create_coco_pod_yaml_with_annotations() { if [ -n "$node" ]; then set_node "${kata_pod}" "$node" fi -} \ No newline at end of file +} + +confidential_teardown_common() { + local node="$1" + local node_start_time="$2" + + # Run common teardown + teardown_common "${node}" ${node_start_time} + + # Also try and print the kbs logs on failure + if [[ -n "${node_start_time}" && -z "${BATS_TEST_COMPLETED}" ]]; then + kbs_k8s_print_logs "${node_start_time}" + fi +} diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh index d0d9c2f6b8..178e881c03 100644 --- a/tests/integration/kubernetes/confidential_kbs.sh +++ b/tests/integration/kubernetes/confidential_kbs.sh @@ -328,7 +328,7 @@ function kbs_k8s_deploy() { # ITA/ITTS specific configuration sed -i -e "s/tBfd5kKX2x9ahbodKV1.../${ITA_KEY}/g" kbs-config.toml popd - + if [ -n "${HTTPS_PROXY}" ]; then # Ideally this should be something kustomizable on trustee side. # @@ -337,7 +337,7 @@ function kbs_k8s_deploy() { # solved. pushd "${COCO_KBS_DIR}/config/kubernetes/base/" ensure_yq - + yq e ".spec.template.spec.containers[0].env += [{\"name\": \"https_proxy\", \"value\": \"$HTTPS_PROXY\"}]" -i deployment.yaml popd fi @@ -463,6 +463,18 @@ kbs_k8s_svc_http_addr() { echo "http://${host}:${port}" } +kbs_k8s_print_logs() { + local start_time="$1" + + # Convert to iso time for kubectl + local iso_start_time + iso_start_time=$(date -d "${start_time}" --iso-8601=seconds) + + echo "::group::DEBUG - kbs logs since ${start_time}" + kubectl -n "${KBS_NS}" logs -l app=kbs --since-time="${iso_start_time}" --timestamps=true || true + echo "::endgroup::" +} + # Ensure rust is installed in the host. # # It won't install rust if it's already present, however, if the current diff --git a/tests/integration/kubernetes/k8s-confidential-attestation.bats b/tests/integration/kubernetes/k8s-confidential-attestation.bats index 6a1ca34a5a..5072e37a0f 100644 --- a/tests/integration/kubernetes/k8s-confidential-attestation.bats +++ b/tests/integration/kubernetes/k8s-confidential-attestation.bats @@ -90,5 +90,5 @@ teardown() { skip "Test skipped as KBS not setup" fi - teardown_common "${node}" "${node_start_time:-}" + confidential_teardown_common "${node}" "${node_start_time:-}" } diff --git a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats index 1ab7aff6f4..1bb94ae5fb 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats @@ -110,6 +110,6 @@ teardown() { [ "${SNAPSHOTTER:-}" = "nydus" ] || skip "None snapshotter was found but this test requires one" - teardown_common "${node}" "${node_start_time:-}" + confidential_teardown_common "${node}" "${node_start_time:-}" kubectl delete secret cococred --ignore-not-found } diff --git a/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats b/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats index d64723057a..58720fec87 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats @@ -95,5 +95,5 @@ teardown() { [ "${SNAPSHOTTER:-}" = "nydus" ] || skip "None snapshotter was found but this test requires one" - teardown_common "${node}" "${node_start_time:-}" + confidential_teardown_common "${node}" "${node_start_time:-}" } diff --git a/tests/integration/kubernetes/k8s-sealed-secret.bats b/tests/integration/kubernetes/k8s-sealed-secret.bats index c5644c4d77..b903aec7db 100644 --- a/tests/integration/kubernetes/k8s-sealed-secret.bats +++ b/tests/integration/kubernetes/k8s-sealed-secret.bats @@ -115,7 +115,7 @@ teardown() { skip "Test skipped as KBS not setup" fi - teardown_common "${node}" "${node_start_time:-}" + confidential_teardown_common "${node}" "${node_start_time:-}" kubectl delete secret sealed-secret --ignore-not-found kubectl delete secret not-sealed-secret --ignore-not-found }