diff --git a/tests/integration/kubernetes/k8s-confidential-attestation.bats b/tests/integration/kubernetes/k8s-confidential-attestation.bats index 88764ae5f5..6a1ca34a5a 100644 --- a/tests/integration/kubernetes/k8s-confidential-attestation.bats +++ b/tests/integration/kubernetes/k8s-confidential-attestation.bats @@ -90,11 +90,5 @@ teardown() { skip "Test skipped as KBS not setup" fi - [ -n "${pod_name:-}" ] && kubectl describe "pod/${pod_name}" || true - [ -n "${pod_config_dir:-}" ] && kubectl delete -f "${K8S_TEST_YAML}" || true - - if [[ -n "${node_start_time:-}" && -z "$BATS_TEST_COMPLETED" ]]; then - echo "DEBUG: system logs of node '$node' since test start time ($node_start_time)" - exec_host "${node}" journalctl -x -t "kata" --since '"'$node_start_time'"' || true - fi + teardown_common "${node}" "${node_start_time:-}" } diff --git a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats index ff1c50cc1a..c26bac30c7 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image-authenticated.bats @@ -110,13 +110,6 @@ teardown() { [ "${SNAPSHOTTER:-}" = "nydus" ] || skip "None snapshotter was found but this test requires one" + teardown_common "${node}" "${node_start_time:-}" kubectl delete secret cococred --ignore-not-found - - kubectl describe pods - k8s_delete_all_pods_if_any_exists || true - - if [[ -n "${node_start_time:-}" && -z "$BATS_TEST_COMPLETED" ]]; then - echo "DEBUG: system logs of node '$node' since test start time ($node_start_time)" - exec_host "${node}" journalctl -x -t "kata" --since '"'$node_start_time'"' || true - fi } diff --git a/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats b/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats index 5ecff42570..7b12eada91 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image-encrypted.bats @@ -95,11 +95,5 @@ teardown() { [ "${SNAPSHOTTER:-}" = "nydus" ] || skip "None snapshotter was found but this test requires one" - kubectl describe pods - k8s_delete_all_pods_if_any_exists || true - - if [[ -n "${node_start_time:-}" && -z "$BATS_TEST_COMPLETED" ]]; then - echo "DEBUG: system logs of node '$node' since test start time ($node_start_time)" - exec_host "${node}" journalctl -x -t "kata" --since '"'$node_start_time'"' || true - fi + teardown_common "${node}" "${node_start_time:-}" } diff --git a/tests/integration/kubernetes/k8s-guest-pull-image-signature.bats b/tests/integration/kubernetes/k8s-guest-pull-image-signature.bats index 69a2909152..542ca6394e 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image-signature.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image-signature.bats @@ -146,11 +146,5 @@ teardown() { [ "${SNAPSHOTTER:-}" = "nydus" ] || skip "None snapshotter was found but this test requires one" - kubectl describe pods - k8s_delete_all_pods_if_any_exists || true - - if [[ -n "${node_start_time:-}" && -z "$BATS_TEST_COMPLETED" ]]; then - echo "DEBUG: system logs of node '$node' since test start time ($node_start_time)" - exec_host "${node}" journalctl -x -t "kata" --since '"'$node_start_time'"' || true - fi + teardown_common "${node}" "${node_start_time:-}" } diff --git a/tests/integration/kubernetes/k8s-guest-pull-image.bats b/tests/integration/kubernetes/k8s-guest-pull-image.bats index 4b2a896523..cb91158566 100644 --- a/tests/integration/kubernetes/k8s-guest-pull-image.bats +++ b/tests/integration/kubernetes/k8s-guest-pull-image.bats @@ -230,8 +230,7 @@ teardown() { [ "${SNAPSHOTTER:-}" = "nydus" ] || skip "None snapshotter was found but this test requires one" - kubectl describe pods - k8s_delete_all_pods_if_any_exists || true + teardown_common "${node}" "${node_start_time:-}" kubectl delete --ignore-not-found pvc trusted-pvc kubectl delete --ignore-not-found pv trusted-block-pv kubectl delete --ignore-not-found storageclass local-storage diff --git a/tests/integration/kubernetes/k8s-liveness-probes.bats b/tests/integration/kubernetes/k8s-liveness-probes.bats index 42557be8bc..d5500e7fe4 100644 --- a/tests/integration/kubernetes/k8s-liveness-probes.bats +++ b/tests/integration/kubernetes/k8s-liveness-probes.bats @@ -93,14 +93,7 @@ setup() { teardown() { # Debugging information - kubectl describe "pod/$pod_name" - - kubectl delete pod "$pod_name" - rm -f "${yaml_file}" - if [[ -n "${node_start_time:-}" && -z "$BATS_TEST_COMPLETED" ]]; then - echo "DEBUG: system logs of node '$node' since test start time ($node_start_time)" - exec_host "${node}" journalctl -x -t "kata" --since '"'$node_start_time'"' || true - fi + teardown_common "${node}" "${node_start_time:-}" } diff --git a/tests/integration/kubernetes/k8s-measured-rootfs.bats b/tests/integration/kubernetes/k8s-measured-rootfs.bats index 47355d0d6e..a33c457530 100644 --- a/tests/integration/kubernetes/k8s-measured-rootfs.bats +++ b/tests/integration/kubernetes/k8s-measured-rootfs.bats @@ -22,13 +22,6 @@ setup() { setup_common } -teardown() { - check_and_skip - - kubectl describe -f "${pod_config}" || true - kubectl delete -f "${pod_config}" || true -} - @test "Test cannnot launch pod with measured boot enabled and incorrect hash" { pod_config="$(new_pod_config nginx "kata-${KATA_HYPERVISOR}")" @@ -57,3 +50,9 @@ teardown() { assert_logs_contain "$node" kata "$node_start_time" \ 'verity: .* metadata block .* is corrupted' } + +teardown() { + check_and_skip + + teardown_common "${node}" "${node_start_time:-}" +} diff --git a/tests/integration/kubernetes/k8s-sealed-secret.bats b/tests/integration/kubernetes/k8s-sealed-secret.bats index bdcd56066a..88a833e268 100644 --- a/tests/integration/kubernetes/k8s-sealed-secret.bats +++ b/tests/integration/kubernetes/k8s-sealed-secret.bats @@ -107,14 +107,7 @@ teardown() { skip "Test skipped as KBS not setup" fi - [ -n "${pod_name:-}" ] && kubectl describe "pod/${pod_name}" || true - [ -n "${pod_config_dir:-}" ] && kubectl delete -f "${K8S_TEST_YAML}" || true - + teardown_common "${node}" "${node_start_time:-}" kubectl delete secret sealed-secret --ignore-not-found kubectl delete secret not-sealed-secret --ignore-not-found - - if [[ -n "${node_start_time:-}" && -z "$BATS_TEST_COMPLETED" ]]; then - echo "DEBUG: system logs of node '$node' since test start time ($node_start_time)" - exec_host "${node}" journalctl -x -t "kata" --since '"'$node_start_time'"' || true - fi } diff --git a/tests/integration/kubernetes/lib.sh b/tests/integration/kubernetes/lib.sh index 56713e950b..9c2297f0f5 100644 --- a/tests/integration/kubernetes/lib.sh +++ b/tests/integration/kubernetes/lib.sh @@ -71,6 +71,10 @@ k8s_create_pod() { # exec_host() { local node="$1" + # Validate the node + if ! kubectl get node "${node}" > /dev/null 2>&1; then + die "A given node ${node} is not valid" + fi # `kubectl debug` always returns 0, so we hack it to return the right exit code. local command="${@:2}" # Make 7 character hash from the node name diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh index 5339c64f07..3885de06f6 100644 --- a/tests/integration/kubernetes/tests_common.sh +++ b/tests/integration/kubernetes/tests_common.sh @@ -359,3 +359,23 @@ pod_exec_blocked_command() { (echo "${exec_output}" | grep "ExecProcessRequest is blocked by policy" > /dev/null) || die "exec was not blocked by policy!" } + +# Common teardown for tests. +# +# Parameters: +# $1 - node name where kata is installed +# $2 - start time at the node for the sake of fetching logs +# +teardown_common() { + local node="$1" + local node_start_time="$2" + + kubectl describe pods + k8s_delete_all_pods_if_any_exists || true + + # Print the node journal since the test start time if a bats test is not completed + if [[ -n "${node_start_time}" && -z "$BATS_TEST_COMPLETED" ]]; then + echo "DEBUG: system logs of node '$node' since test start time ($node_start_time)" + exec_host "${node}" journalctl -x -t "kata" --since '"'$node_start_time'"' || true + fi +}