1612 Commits

Author SHA1 Message Date
Wainer dos Santos Moschetta
79a8b31ec5 tests/k8s: skip shared volume tests for qemu-coco-dev
This test fails with qemu-coco-dev configuration and guest-pull image pull.

Issue: #9668
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-29 18:37:24 -03:00
Wainer dos Santos Moschetta
aa1a37081e tests/k8s: skip sysctls tests for qemu-coco-dev
This test fails with qemu-coco-dev configuration and guest-pull image pull.

Issue: #9666
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-29 18:37:24 -03:00
Wainer dos Santos Moschetta
0e81ced9f1 tests/k8s: skip kill-all-process tests for qemu-coco-dev
This test fails with qemu-coco-dev configuration and guest-pull image pull.

Issue: #9664
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-29 18:37:24 -03:00
Wainer dos Santos Moschetta
18896efa3c tests/k8s: skip seccomp tests for qemu-coco-dev
This test fails with qemu-coco-dev configuration and guest-pull image pull.
Unlike other tests that I've seen failing on this scenario, k8s-seccomp.bats
fails after a couple of consecutive executions, so it's that kind of failure
that happens once in a while.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-29 18:37:24 -03:00
Wainer dos Santos Moschetta
b62ad71c43 tests/k8s: add runtime handler annotation for qemu-coco-dev
This will enable the k8s tests to leverage guest pulling when
PULL_TYPE=guest-pull for qemu-coco-dev runtimeclass.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-29 18:37:24 -03:00
Wainer dos Santos Moschetta
089c7ad84a tests/k8s: add runtime handler annotation only for guest-pull
The runtime handler annotation is required for Kubernetes <= 1.28 and
guest-pull pull type. So leverage $PULL_TYPE (which is exported by CI jobs)
to conditionally apply the annotation.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-29 18:37:24 -03:00
GabyCT
6d58fce4a9 Merge pull request #9677 from GabyCT/topic/memoryusags
metrics: Improve variable definition in memory usage script
2024-05-29 10:16:56 -06:00
Gabriela Cervantes
09c3e08f6a tests: Fix indentation in static checks script
This PR fixes the indentation in the static checks script.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2024-05-29 15:43:44 +00:00
Wainer Moschetta
9896f69827 Merge pull request #9414 from ldoktor/ci-bisection
ci.ocp: Document openshift pipeline and manual bisection
2024-05-28 11:17:09 -03:00
Fabiano Fidêncio
e81e8a4527 tests: kata-deploy: Adjust timeout
10 minutes is waay too long.  Let's give it 4 minutes only.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-27 06:23:00 +02:00
Fabiano Fidêncio
fba5793c0d tests: kata-deploy: Run the tests from "${repo_root_dir}"
Let's see if it helps with issues like:
```
error: must build at directory: not a valid directory: evalsymlink
failure on
'"/home/runner/actions-runner/_work/kata-containers/kata-containers/tests/functional/kata-deploy/../../..//tools/packaging/kata-deploy/kata-cleanup/overlays/k0s"'
: lstat
/home/runner/actions-runner/_work/kata-containers/kata-containers/tests/functional/kata-deploy/":
no such file or directory
```

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-27 06:23:00 +02:00
Fabiano Fidêncio
8a8a7ea0e5 tests: kata-deploy: Show more logs in the setup()
This will also help us to better understand possible failures with the
CI.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-27 05:05:06 +02:00
Fabiano Fidêncio
47d9589e9b tests: kata-deploy: Show output of passing tests
This will help us to debug failures and compare passing and failures
outputs.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-27 05:05:06 +02:00
Fabiano Fidêncio
dbd0d4a090 gha: Only do preventive cleanups for baremetal
This takes a few minutes that could be saved, so let's avoid doing this
on all the platforms, but simply do this when it's needed (the baremetal
use case).

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-27 05:05:06 +02:00
Fabiano Fidêncio
ee2ef0641c tests: k8s: Allow passing "all" to run all the tests
Currently only "baremetal" runs all the tests, but we could easily run
"all" locally or using the github provided runners, even when not using
a "baremetal" system.

The reason I'd like to have a differentiation between "all" and
"baremetal" is because "baremetal" may require some cleanup, which "all"
can simply skip if testing against a fresh created VM.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-27 05:05:06 +02:00
Fabiano Fidêncio
556227cb51 tests: Add the possibility to deploy k0s / rke2
For now we've only exposed the option to deploy kata-deploy for k3s and
vanilla kubernetes when using containerd.

However, I do need to also deploy k0s and rke2 for an internal CI, and
having those exposed here do not hurt, and allow us to easily expand the
CI at any time in the future.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-27 05:05:06 +02:00
Fabiano Fidêncio
44d6cb7791 Merge pull request #9698 from wainersm/k8s_tests_disable_fail_fast
tests/k8s: disable "fail-fast" behavior by default
2024-05-23 18:28:00 +02:00
Fabiano Fidêncio
d9ee950d8f Merge pull request #9696 from wainersm/skip_custom_dns_test
tests/k8s: skip custom DNS tests on confidential jobs
2024-05-22 23:57:21 +02:00
GabyCT
e08ad8d1b7 Merge pull request #9686 from GabyCT/topic/fixbootclh
metrics: Fix minvalue for boot time
2024-05-22 15:46:50 -06:00
Wainer dos Santos Moschetta
76735df427 tests/k8s: disable "fail-fast" behavior by default
The k8s test suite halts on the first failure, i.e., failing-fast. This
isn't the behavior that we used to see when running tests on Jenkins and it
seems that running the entire test suite is still the most productive way. So
this disable fail-fast by default.

However, if you still wish to run on fail-fast mode then just export
K8S_TEST_FAIL_FAST=yes in your environment.

Fixes: #9697
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-22 18:27:44 -03:00
Fabiano Fidêncio
8eb061cd5b Merge pull request #9681 from GabyCT/topic/etdx
gha: Enable install kbs and coco components for TDX, but still skip the CDH test
2024-05-22 23:18:42 +02:00
Wainer dos Santos Moschetta
43766cdb96 tests/k8s: skip custom DNS tests on confidential jobs
This test has failed in confidential runtime jobs. Skip it
until we don't have a fix.

Fixes: #9663
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2024-05-22 17:08:22 -03:00
Fabiano Fidêncio
904370ecd6 tests: attestation: tdx: Skip test for now
Skipping the test will allow us to have the TDX CI running while we
debug the test.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-22 20:04:13 +02:00
Fabiano Fidêncio
414d716eef tests: kbs: Enable cli installation also on CentOS
One of our machines is running CentOS 9 Stream, and we could easily
verify that we can build and install the kbs client there, thus we're
expanding the installation script to also support CentOS 9 Stream.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-22 20:01:57 +02:00
Fabiano Fidêncio
27d7f4c5b8 tests: kbs: Fix rust installation
`externals.coco-kbs.toolchain` is not defined, get the rust_version from
`externals.coco-trustee.toolchain` instead.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-22 20:01:57 +02:00
Fabiano Fidêncio
fa8b5c76b8 tests: kbs: Add more info for the TDX deployment
Ditto in the commit shortlog.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-22 20:01:57 +02:00
Fabiano Fidêncio
dbd1fa51cd tests: kbs: Don't assume /tmp/trustee exists in the machine
Instead, check if the directory exists before pushd'ing into it.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-22 20:01:57 +02:00
Gabriela Cervantes
f698caccc0 gha: Enable install kbs and coco components for TDX
This PR enables the installation and unistallation of the kbs client
as well as general coco components needed for the TDX GHA CI.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2024-05-22 20:01:57 +02:00
GabyCT
eaaab19763 Merge pull request #9685 from GabyCT/topic/fixic
tests: Fix indentation in confidential common script
2024-05-22 11:53:33 -06:00
Gabriela Cervantes
29a10f1373 metrics: Fix minvalue for boot time
This PR fixes the minvalue for boot time to avoid the random failures
of the GHA CI.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2024-05-22 17:52:51 +00:00
Hyounggyu Choi
92101fc61f Merge pull request #9658 from BbolroC/migrate-vfio-ap-test
CI: Migrate vfio-ap test files from tests repo
2024-05-21 20:21:09 +02:00
Gabriela Cervantes
c9e91db16f tests: Fix indentation in confidential common script
This PR fixes the indentation in the confidential common script.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2024-05-21 16:33:46 +00:00
Fabiano Fidêncio
8879e3bc45 Merge pull request #9452 from GabyCT/topic/tdxcoco
gha: Add support to install KBS to k8s TDX GHA workflow
2024-05-20 23:28:52 +02:00
Gabriela Cervantes
cfdef7ed5f tests/k8s: Use custom intel DCAP configuration
This PR adds the use of custom Intel DCAP configuration when
deploying the KBS.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2024-05-20 18:44:57 +00:00
Gabriela Cervantes
cace2fd340 metrics: Improve variable definition in memory usage script
This PR improves general format like variable definition to have
uniformity across the memory usage script.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2024-05-20 16:14:59 +00:00
Fabiano Fidêncio
94cff3f74e Merge pull request #9315 from fidencio/topic/adapt-TEEs-for-shared_fs-none
TEEs: Use `shared_fs=none` for TDX
2024-05-20 17:17:36 +02:00
Fabiano Fidêncio
25c9cf32ff Revert "ci: azure: Workaround azure cli installation script"
This reverts commit 5ff53e4d1c, as the
script was fixed by MSFT, at least according to:
https://github.com/Azure/azure-cli/issues/28984

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-20 14:38:46 +02:00
Fabiano Fidêncio
e8ebe18868 tests: k8s: tdx: Skip liveness probe test
This test doesn't fail with the guest image pulling, but it for sure
should. :-)

We can see in the bats logs, something like:
```
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  31s               default-scheduler  Successfully assigned kata-containers-k8s-tests/liveness-exec to 984fee00bd70.jf.intel.com
  Normal   Pulled     23s               kubelet            Successfully pulled image "quay.io/prometheus/busybox:latest" in 345ms (345ms including waiting)
  Normal   Started    21s               kubelet            Started container liveness
  Warning  Unhealthy  7s (x3 over 13s)  kubelet            Liveness probe failed: cat: can't open '/tmp/healthy': No such file or directory
  Normal   Killing    7s                kubelet            Container liveness failed liveness probe, will be restarted
  Normal   Pulled     7s                kubelet            Successfully pulled image "quay.io/prometheus/busybox:latest" in 389ms (389ms including waiting)
  Warning  Failed     5s                kubelet            Error: failed to create containerd task: failed to create shim task: the file /bin/sh was not found: unknown
  Normal   Pulling    5s (x3 over 23s)  kubelet            Pulling image "quay.io/prometheus/busybox:latest"
  Normal   Pulled     4s                kubelet            Successfully pulled image "quay.io/prometheus/busybox:latest" in 342ms (342ms including waiting)
  Normal   Created    4s (x3 over 23s)  kubelet            Created container liveness
  Warning  Failed     3s                kubelet            Error: failed to create containerd task: failed to create shim task: failed to mount /run/kata-containers/f0ec86fb156a578964007f7773a3ccbdaf60023106634fe030f039e2e154cd11/rootfs to /run/kata-containers/liveness/rootfs, with error: ENOENT: No such file or directory: unknown
  Warning  BackOff    1s (x3 over 3s)   kubelet            Back-off restarting failed container liveness in pod liveness-exec_kata-containers-k8s-tests(b1a980bf-a5b3-479d-97c2-ebdb45773eff)
```

Let's skip it for now as we have an issue opened to track it down:
https://github.com/kata-containers/kata-containers/issues/9665

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 21:59:29 +02:00
Fabiano Fidêncio
a2c70222a8 tests: k8s: tdx: Skip initContainerd shared vol test
This is another one that is related to initContainers not being properly
handled with the guest image pulling.

Let's skip it for now as we have
https://github.com/kata-containers/kata-containers/issues/9668 to track
it down.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 20:58:45 +02:00
Fabiano Fidêncio
9d56145499 tests: k8s: tdx: Skip volume related tests
Similarly to firecracker, which doesn't have support for virtio-fs /
virtio-9p, TDX used with `shared_fs=none` will face the very same
limitations.

The tests affected are:
* k8s-credentials-secrets.bats
* k8s-file-volume.bats
* k8s-inotify.bats
* k8s-nested-configmap-secret.bats
* k8s-projected-volume.bats
* k8s-volume.bats

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 19:38:49 +02:00
Fabiano Fidêncio
606a62a0a7 tests: k8s: tdx: Skip "Setting sysctl" test
This test fails when using `shared_fs=none` with the nydus-snapshotter,
and we're tracking the issue here:
https://github.com/kata-containers/kata-containers/issues/9666

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 19:38:38 +02:00
Fabiano Fidêncio
937b2d5806 tests: k8s: tdx: Skip "Kill all processes in container" test
This test fails when using `shared_fs=none` with the nydus snapshotter,
and we're tracking the issue here:
https://github.com/kata-containers/kata-containers/issues/9664

For now, let's have it skipped.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 18:51:14 +02:00
Fabiano Fidêncio
03ce41b743 tests: k8s: tdx: Skip "Check custom dns" test
The test has been failing on TDX for a while, and an issue has been
created to track it down, see:
https://github.com/kata-containers/kata-containers/issues/9663

For now, let's have it skipped.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 18:51:14 +02:00
Fabiano Fidêncio
1a8a4d046d tests: k8s: setup: Improve / Fix logs
Let's make sure the logs will print the correct annotation and its
value, instead of always mentioning "kernel" and "initrd".

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 18:51:14 +02:00
Fabiano Fidêncio
3f38309c39 tests: k8s: tdx: Stop running k8s-guest-pull-image.bats
We're doing that as all tests are going to be running with
`shared_fs=none`, meaning that we don't need any specific test for this
case anymore.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 18:51:00 +02:00
Fabiano Fidêncio
e84619d54b tests: k8s: tdx: Add add_runtime_handler_annotations function
This function will set the needed annotation for enforcing that the
image pull will be handled by the snapshotter set for the runtime
handler, instead of using the default one.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-19 18:49:07 +02:00
Fabiano Fidêncio
5b257685d9 Merge pull request #9662 from dborquez/fix_launchtimes_timestamp_generation
Fix launch times timestamp generation.
2024-05-18 21:11:09 +02:00
David Esparza
938d3dc430 metrics: fix timestamps generation from launch times test.
Use `eval` to process the `date` command along with its parameters,
thus avoiding misinterpreting the parameters as commands.

Fixes: #9661

Signed-off-by: David Esparza <david.esparza.borquez@intel.com>
2024-05-17 14:44:41 -06:00
David Esparza
bae377b42a metrics: determine the realpath of kata-shim component.
Determine the realpath of kata-shim avoiding the check fails
in case the kata-shim is not a symlink, as was happening prior
to this commit.

Signed-off-by: David Esparza <david.esparza.borquez@intel.com>
2024-05-17 14:40:02 -06:00
Fabiano Fidêncio
5ff53e4d1c ci: azure: Workaround azure cli installation script
This is done in order to work around
https://github.com/Azure/azure-cli/issues/28984, following a suggestion
on the very same issue.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2024-05-17 20:28:24 +02:00