Commit Graph

1559 Commits

Author SHA1 Message Date
Wainer dos Santos Moschetta
945482ff6e tests: make _print_instance_type() to handle "all" host type
_print_instance_type() returns the instance type of the AKS nodes, based
on the host type. Tests are grouped per host type in "small" and "normal"
sets based on the CPU requirements: "small" tests require few CPUs and
"normal" more.

There is an 3rd case: "all" host type maps to the union of "small"
and "normal" tests, which should be handled by _print_instance_type()
properly. In this case, it should return the largest instance type
possible because "normal" tests  will be executed too.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2025-04-28 12:08:31 -03:00
Wainer dos Santos Moschetta
a66aac0d77 tests/k8s: optimize nginx ingress for AKS small VM
It's used an AKS managed ingress controller which keeps two nginx pod
replicas where both request 500m of CPU. On small VMs like we've used on
CI for running the CoCo non-TEE tests, it left only a few amount of CPU
for the tests. Actually, one of these pod replicas won't even get
started. So let's patch the ingress controller to have only one replica
of nginx.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2025-04-28 12:08:31 -03:00
Wainer dos Santos Moschetta
14e74b8fc9 tests/k8s: fix kbs installation on Azure AKS
The Azure AKS addon-http-application-routing add-on is deprecated and
cannot be enabled on new clusters which has caused some CI jobs to fail.

Migrated our code to use approuting instead. Unlike
addon-http-application-routing, this add-on doesn't
configure a managed cluster DNS zone, but the created ingress has a
public IP. To avoid having to deal with DNS setup, we will be using that
address from now on. Thus, some functions no longer used are deleted.

Fixes #11156
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2025-04-28 12:08:31 -03:00
Steve Horsman
9248634baa
Merge pull request #11098 from stevenhorsman/golang-1.23.7
versions: Bump golang version
2025-04-28 13:46:11 +01:00
Aurélien Bombo
1de466fe84 temp: ci: Fix AKS cluster creation
The AKS CLI recently introduced a regression that prevents using
aks-preview extensions (Azure/azure-cli#31345), and hence create
CI clusters.

To address this, we temporarily hardcode the last known good version of
aks-preview.

Note that I removed the comment about this being a Mariner requirement,
as aks-preview is also a requirement of AKS App Routing, which will
be introduced soon in #11164.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-04-24 15:06:14 -05:00
Dan Mihai
706c2e2d68
Merge pull request #11184 from microsoft/danmihai1/retry-genpolicy
ci: retry genpolicy execution
2025-04-24 08:01:22 -07:00
Dan Mihai
517d6201f5 ci: retry genpolicy execution
genpolicy is sending more HTTPS requests than other components during
CI so it's more likely to be affected by transient network errors
similar to:

ConnectError(
  "dns error",
  Custom {
     kind: Uncategorized,
     error: "failed to lookup address information: Try again",
  },
)

Note that genpolicy is not the only component hitting network errors
during CI. Recent example from a different component:

"Message:  failed to create containerd task: failed to create shim task:
 failed to async pull blob stream HTTP status server error (502 Bad Gateway)"

This CI change might help just with the genpolicy errors.

Fixes: #11182

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-04-23 21:38:12 +00:00
stevenhorsman
1c9d7ce0eb ci: cri-containerd: Remove source from install_go.sh
If the correct version of go is already installed then
install_go.sh runs `exit`. When calling this as source from
cri-containerd/gha-run.sh it means all dependencies after
are skipped, so remove this.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-04-23 12:37:48 +01:00
stevenhorsman
c37840ce80 versions: Bump golang version
Bump golang version to the latest minor 1.23.x release
now that 1.24 has been released and 1.22.x is no longer
stable and receiving security fixes

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-04-23 12:37:48 +01:00
Xynnn007
b1c72c7094 test: add integration test for initdata
This test we will test initdata in the following logic
1. Enable image signature verification via kernel commandline
2. Set Trustee address via initdata
3. Pull an image from a banned registry
4. Check if the pulling fails with log `image security validation
failed` the initdata works.

Note that if initdata does not work, the pod still fails to launch. But
the error information is `[CDH] [ERROR]: Get Resource failed` which
internally means that the KBS URL has not been set correctly.

This test now only runs on qemu-coco-dev+x86_64 and qemu-tdx

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-04-23 15:55:04 +08:00
Hui Zhu
17af28acad docs: Add how-to-use-memory-agent.md to howto
Add how-to-use-memory-agent.md (How to use mem-agent to decrease the
memory usage of Kata container) to docs to show how to use mem-agent.

Fixes: #11013

Signed-off-by: Hui Zhu <teawater@gmail.com>
2025-04-02 17:45:59 +08:00
RuoqingHe
10ceeb0930
Merge pull request #11104 from fidencio/topic/kata-deploy-create-runtimeclasses-by-default
kata-deploy: Create runtimeclasses by default
2025-04-01 10:55:44 +08:00
Zvonko Kaiser
e5c4cfb8a1
Merge pull request #11081 from BbolroC/unsealed-secret-fix
tests: Enable sealed secrets for all TEEs
2025-03-31 11:19:52 -04:00
Fabiano Fidêncio
28be53ac92 kata-deploy: Create runtimeclasses by default
Let's make the life of the users easier and create the runtimeclasses
for them by default.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-31 11:29:44 +01:00
Fabiano Fidêncio
41b536d487
Merge pull request #11059 from microsoft/danmihai1/tests-common
tests: k8s: clean-up shellcheck warnings in tests_common.sh
2025-03-27 09:51:49 +01:00
Hyounggyu Choi
0432d2fcdf
Merge pull request #11086 from BbolroC/fix-overwrite-containerd-config
tests: Make sure /etc/containerd before writing config
2025-03-27 05:57:31 +01:00
Hyounggyu Choi
1e187482d4 tests: Make sure /etc/containerd before writing config
We get the following error while writing containerd config
if a base dir `/etc/containerd` does not exist like:

```
sudo tee /etc/containerd/config.toml << EOF
...
EOF
tee: /etc/containerd/config.toml: No such file or directory
```

The commit makes sure a base directory for containerd before
writing config and drops the config file deletion because a
default behaviour of `tee` is overwriting.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-03-26 18:19:45 +01:00
Hyounggyu Choi
0aa76f7206 tests: Enable sealed secrets for TEEs
Fixes: #11011

This commit allows all TEEs to run the sealed secret test.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-03-26 17:50:41 +01:00
Hyounggyu Choi
8088064b8b tests: Set default policy before running sealed secrets tests
The test `Cannot get CDH resource when deny-all policy is set`
completes with a KBS policy set to deny-all. This affects the
future TEE test (e.g. k8s-sealed-secrets.bats) which makes a
request against KBS.
This commit introduces kbs_set_default_policy() and puts it to
the setup() in k8s-sealed-secrets.bats.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-03-26 17:44:38 +01:00
Fabiano Fidêncio
404e212102 tests: kata-deploy: Use helm_helper()
With this we switch to fully testing with helm, instead of testimg with
the kustomizations (which will soon be removed).

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-26 13:30:15 +01:00
Fabiano Fidêncio
f7976a40e4 tests: Create a helm_helper() common function
Let's use what we have in the k8s functional tests to create a common
function to deploy kata containers using our helm charts.  This will
help us immensely in the kata-deploy testing side in the near future.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-26 13:30:11 +01:00
Fabiano Fidêncio
eb884d33a8 tests: k8s: Export all the default env vars on gha-run.sh
This is not strictly needed, but it does help a lot when setting up a
cluster manually, while still relying on those scripts.

While here, let's also ensure the assignment is between quotes, to make
shellchecker happier.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-26 13:23:16 +01:00
RuoqingHe
5d68600c06
Merge pull request #11010 from stevenhorsman/metrics-containerd-debugging
metrics: Test improvements
2025-03-25 11:38:28 +08:00
Dan Mihai
835c6814d7 tests: k8s/tests_common: avoid using regex
More straightforward implementation of hard_coded_policy_tests_enabled,
that avoids ShellCheck warning:

warning: Remove quotes from right-hand side of =~ to match as a regex rather than literally. [SC2076]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 22:23:19 +00:00
Dan Mihai
d83b8349a2 tests: policy: avoid using caller's variable
Fix unintended use of caller's variable. Use the corresponding function
parameter instead. ShellCheck:

warning: policy_settings_dir is referenced but not assigned. [SC2154]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:29 +00:00
Dan Mihai
59a70a2b28 tests: k8s/tests_common: avoid masking return values
Avoid masking command return values by declaring and only then assigning.

ShellCheck:

warning: Declare and assign separately to avoid masking return values. [SC2155]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:29 +00:00
Dan Mihai
b895e3b3e5 tests: k8s/tests_common.sh: add variable assignments
Pick the the values exported by other scripts. ShellCheck:

warning: AUTO_GENERATE_POLICY is referenced but not assigned. [SC2154]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:29 +00:00
Dan Mihai
0f4de1c94a tests: tests_common: remove useless assignment
ShellCheck:

warning: This assignment is only seen by the forked process. [SC2097]
warning: This expansion will not see the mentioned assignment. [SC2098]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:29 +00:00
Dan Mihai
9c0d069ac7 tests: tests_common: prevent globbing and word splitting
ShellCheck:

note: Double quote to prevent globbing and word splitting. [SC2086]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:28 +00:00
Dan Mihai
15961b03f7 tests: k8s/tests_common.sh: -n instead of ! -z
ShellCheck:

note: Use -n instead of ! -z. [SC2236]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:28 +00:00
Dan Mihai
4589dc96ef tests: k8s/tests_common.sh: add double quoting
ShellCheck:

note: Prefer double quoting even when variables don't contain special characters. [SC2248]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:28 +00:00
Dan Mihai
cc5f8d31d2 tests: k8s/tests_common.sh: add braces
ShellCheck: add braces around variable references:

note: Prefer putting braces around variable references even when not strictly required. [SC2250]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:28 +00:00
Dan Mihai
0d3f9fcee1 tests: tests_common: export variables used externally
ShellCheck: export variables used outside of tests_common.sh - e.g.,

warning: timeout appears unused. Verify use (or export if used externally). [SC2034]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:28 +00:00
Dan Mihai
5df43ffc7c tests: k8s/tests_common.sh: Prefer [[ ]] over [ ]
Replace [ ] with [[ ]] as advised by shellcheck:

note: Prefer [[ ]] over [ ] for tests in Bash/Ksh. [SC2292]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-20 19:02:28 +00:00
Dan Mihai
f79fabab24
Merge pull request #11024 from microsoft/danmihai1/empty-exec-output
tests: k8s: retry "kubectl exec" on empty output
2025-03-20 11:03:08 -07:00
Aurélien Bombo
b965fe8239 tests: Run go mod vendor
`go mod tidy` was a no-op.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-03-14 18:00:36 +00:00
Aurélien Bombo
e9f88757ba tests: Remove replace directives in go.mod
Same rationale as for runtime. With tests, the blackfriday replacement was
actually meaningful, so I refactored some imports.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-03-14 18:00:36 +00:00
Dan Mihai
dab981b0bc tests: k8s: retry "kubectl exec" on empty output
Retry "kubectl exec" a few times if it unexpectedly produced an empty
output string.

This is an attempt to work around test failures similar to:

https://github.com/kata-containers/kata-containers/actions/runs/13840930994/job/38730153687?pr=10983

not ok 1 Environment variables
(from function `grep_pod_exec_output' in file tests_common.sh, line 394,
 in test file k8s-env.bats, line 36)
`grep_pod_exec_output "${pod_name}" "HOST_IP=\([0-9]\+\(\.\|$\)\)\{4\}" "${exec_command[@]}"' failed

That test obtained correct ouput from "sh -c printenv" one time, but the
second execution of the same command returned an empty output string.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-14 17:03:03 +00:00
stevenhorsman
1022d8d260 metrics: Update range for clh tests
In ef0e8669fb we
had been seeing some significantly lower minvalues in
the jitter.Result test, so I lowered the mid-value rather
than having a very high minpercent, but it appears that the
variability of this result is very high, so we are still getting
the occasional high value, so reset the midval and just
have a bigger ranges on both sides, to try and keep the test
stable.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-14 14:54:30 +00:00
stevenhorsman
d77008b817 metrics: Further reduce repeats for boot time tests on qemu
I've seen failures on the third run, so reduce it further to
just run twice on qemu

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-14 14:53:26 +00:00
stevenhorsman
97151cce4e metrics: Improve iperf timeout
The kubectl wait has a built in timeout of 30s, so
wrapping it in waitForProcess, means we have
180/2 * 30 delay, which is much longer than intended,
so just set the timeout directly.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-14 14:53:26 +00:00
Dan Mihai
0e26dd4ce8 tests: k8s-policy-pod: safer host path volume source
Test using the host path /tmp/k8s-policy-pod-test instead of
/var/lib/kubelet/pods.

/var/lib/kubelet/pods might happen to contain files that CopyFileRequest
would try to send to the Guest before CreateContainerRequest. Such
CopyFileRequest was an unintended side effect of this test.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-13 18:56:57 +00:00
Dan Mihai
4f41989a6a
Merge pull request #11009 from mythi/e2e-skip-flaky-tests
tests: k8s: skip trusted storage tests for qemu-tdx
2025-03-11 12:13:35 -07:00
Dan Mihai
e40251d9f8
Merge pull request #11006 from ryansavino/fix-confidential-ssh-dockerfile
tests: fix confidential ssh Dockerfile
2025-03-11 11:22:23 -07:00
Mikko Ylinen
71531a82f4 tests: k8s: skip trusted storage tests for qemu-tdx
follow other TEEs to skip trusted storage tests due to #10838.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2025-03-11 15:14:03 +02:00
Ryan Savino
1dbe3fb8bc tests: fix confidential ssh Dockerfile
Need to set correct permissions for ssh directories and files

Fixes: #11005

Signed-Off-By: Ryan Savino <ryan.savino@amd.com>
2025-03-10 18:31:05 -05:00
Dan Mihai
e8405590c1 ci: temporarily avoid using the Mariner Host image
Disable the Mariner host during CI, while investigating test failures
with new Cloud Hypervisor v43.0.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-10 20:15:09 +00:00
Dan Mihai
509e6da965 tests: k8s-env.bats: log exec output
Log the "kubectl exec" ouput, just in case it helps investigate sporadic
test errors like:

https://github.com/kata-containers/kata-containers/actions/runs/13724022494/job/38387329321?pr=10973

not ok 1 Environment variables
(in test file k8s-env.bats, line 37)
 `grep "HOST_IP=\([0-9]\+\(\.\|$\)\)\{4\}"' failed

It appears that the first exec from this test case produced the expected
output:

MY_POD_NAME=test-env

but the second exec produced something else - that will be logged after
this change.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-07 19:37:20 +00:00
Dan Mihai
95d47e4d05 tests: k8s-configmap.bats: log exec output
Log the "kubectl exec" ouput, just in case it helps investigate sporadic
test errors like:

https://github.com/kata-containers/kata-containers/actions/runs/13724022494/job/38387329268?pr=10973

not ok 1 ConfigMap for a pod
(in test file k8s-configmap.bats, line 44)
`kubectl exec $pod_name -- "${exec_command[@]}" | grep "KUBE_CONFIG_2=value-2"' failed

It appears that the first exec from this test case produced the expected
output:

KUBE_CONFIG_1=value-1

but the second exec produced something else - that will be logged after
this change.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-07 19:35:45 +00:00
Dan Mihai
caee12c796 tests: k8s: add function to log exec output
grep_pod_exec_output invokes "kubectl exec", logs its output, and checks
that a grep pattern is present in the output.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-07 19:34:57 +00:00
Dan Mihai
7b63f256e5 gha: fix git-helper issues reported by shellcheck
./tests/git-helper.sh:20:5: note: Prefer [[ ]] over [ ] for tests in Bash/Ksh. [SC2292]
./tests/git-helper.sh:22:26: note: Double quote to prevent globbing and word splitting. [SC2086]
./tests/git-helper.sh:23:7: note: Prefer [[ ]] over [ ] for tests in Bash/Ksh. [SC2292]

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-06 20:28:41 +00:00
Dan Mihai
04adcdace6 gha: always delete workspace on rebase error
The workplace was already being deleted on non-x86_64 platforms, but
x86_64 can be affected by the same problem too. That might have been
the case with the SNP and TDX test runs from:

https://github.com/kata-containers/kata-containers/actions/runs/13687511270/job/38313758751?pr=10973
https://github.com/kata-containers/kata-containers/actions/runs/13687511270/job/38313760086?pr=10973

Rebase worked fine for the same patch/PR on other platforms.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-03-06 20:24:09 +00:00
Xuewei Niu
644af52968
Merge pull request #10876 from lifupan/fupan_containerd
ci: cri-containerd: upgrade the LTS / Active versions for containerd
2025-03-06 17:08:40 +08:00
Hyounggyu Choi
bf41618a84
Merge pull request #10862 from BbolroC/enable-ibm-se-for-qemu-runtime-rs
runtime-rs: Enable IBM SE for QEMU
2025-03-06 05:38:13 +01:00
Fabiano Fidêncio
545780a83a shellcheck: tests: k8s: Fix gha-run.sh warnings
As we'll touch this file during this series, let's already make sure we
solve all the needed warnings.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-05 19:44:27 +01:00
Fabiano Fidêncio
50f765b19c shellcheck: tests: Fix gha-run-k8s-common.sh warnings
Let's fix all the warnings caught in this file, as we're already
touching it.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-05 19:44:27 +01:00
Fabiano Fidêncio
219db60071 tests: kata-deploy: microk8s: Re-work installation
So we can ensure that the user has enough permissions to access
microk8s.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-05 19:44:27 +01:00
Fabiano Fidêncio
c337a21a4e shellcheck: kata-deploy: Fix warnings
He were fixing the few warnings we found in the files present in the
functional tests for kata-deploy.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-03-05 19:44:27 +01:00
Fupan Li
7024d3c600 CI: cri-containerd: upgrade the LTS / Active versions for containerd
As we're testing against the LTS and the Active versions of
containers, let's upgrade the lts version from 1.6 to 1.7 and
active version from 1.7 to 2.0 to cover the sandboxapi tests.

Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>
2025-03-05 23:09:24 +08:00
Hyounggyu Choi
4ea7d274c4 runtime-rs: Add new runtimeClass qemu-se-runtime-rs
When `KATA_HYPERVISOR` is set to `qemu-se-runtime-rs`,
a configuration file is properly referenced and a runtime class
should be created via kata-deploy.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-03-05 13:50:38 +01:00
Zvonko Kaiser
4bb0eb4590
Merge pull request #10954 from kata-containers/topic/metrics-kata-deploy
Rework and fix metrics issues
2025-03-04 20:22:53 -05:00
stevenhorsman
02a2f6a9c1 tests: Sanitize K8S_TEST_ENTRY
Now we've added the double quotes around
`${K8S_TEST_UNION[@]}`, so platforms are
failing with:
```
Error: Test file "/home/ubuntu/runner/_layout/_work/kata-containers/kata-containers/tests/integration/kubernetes/k8s-nginx-connectivity.bats
" does not exist
```
due to the line continuation, so sanitise the value
to try and fix this.

Co-authored-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:39:10 +00:00
stevenhorsman
9a9e88a38d test: vfio: Attempt to fix logic
This was checking that a literal string was non-zero.
I'm assume it instead wanted to check if the file exists

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:39:10 +00:00
stevenhorsman
b220cca253 shellcheck: Fix shellcheck SC2066
> Since you double-quoted this, it will not word split, and the loop will only run once.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:39:10 +00:00
stevenhorsman
b8cfdd06fb shellcheck: Fix shellcheck SC2071
> > is for string comparisons. Use -gt instead.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:39:10 +00:00
stevenhorsman
eb90b93e3f shellcheck: Fix shellcheck SC2104
> In functions, use return instead of break.
> rationale: break or continue are used to abort or
continue a loop, and are not the right way to exit
a function. Use return instead.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:39:10 +00:00
stevenhorsman
dbba6b056b shellcheck: Fix shellcheck SC2148
> Tips depend on target shell and yours is unknown. Add a shebang.

Add
```
#!/usr/bin/env bash
```

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:35:46 +00:00
stevenhorsman
c5ff513e0b shellcheck: Fix shellcheck SC2068
> Double quote array expansions to avoid re-splitting elements

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:35:46 +00:00
stevenhorsman
58672068ff shellcheck: Fix shellcheck SC2145
> Argument mixes string and array. Use * or separate argument.

- Swap echos for printfs and improve formatting
- Replace $@ with $*
- Split arrays into separate arguments

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-04 09:35:46 +00:00
stevenhorsman
c69509be1c metrics: Reduce repeats for boot time tests on qemu
On qemu the run seems to error after ~4-7 runs, so try
a cut down version of repetitions to see if this helps us
get results in a stable way.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-02 08:42:00 +00:00
stevenhorsman
0962cd95bc metrics: Increase minpercent range for qemu iperf test
We have a new metrics machine and environment
and the iperf jitter result failed as it finished too quickly,
so increase the minpercent to try and get it stable

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-02 08:32:26 +00:00
stevenhorsman
ef0e8669fb metrics: Increase minpercent range for clh tests
We have a new metrics machine and environment
and the fio write.bw and iperf3 parallel.Results
tests failed for clh, as below
the minimum range, so increase the
minpercent to try and get it stable

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-02 08:32:26 +00:00
stevenhorsman
f81c85e73d metrics: Increase maxpercent range for clh boot times
We have a new metrics machine and environment
and the boot time test failed for clh, so increase the
maxpercent to try and get it stable

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-01 17:50:05 +00:00
stevenhorsman
435ee86fdd metrics: Update iperf affinity
The iperf deployment is quite a lot out of date
and uses `master` for it's affinity and toleration,
so update this to control-plane, so it can run on
newer Kubernetes clusters

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-01 17:50:05 +00:00
stevenhorsman
85bbc0e969 metrics: Increase wait time
The new metrics runner seems slower, so we are
seeing errors like:
The iperf3 tests are failing with:
```
pod rejected: RuntimeClass "kata" not found
```
so give more time for it to succeed

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-01 17:50:05 +00:00
stevenhorsman
4ce94c2d1b Revert "metrics: Add init_env function to latency test"
This reverts commit 9ac29b8d38.
to remove the duplicate `init_env` call

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-01 17:50:05 +00:00
stevenhorsman
658a5e032b metrics: Increase containerd start timeout
- Move `kill_kata_components` from common.bash
into the metrics code base as the only user of it
- Increase the timeout on the start of containerd as
the last 10 nightlies metric tests have failed with:
```
223478 Killed                  sudo timeout -s SIGKILL "${TIMEOUT}" systemctl start containerd
```

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-01 17:50:05 +00:00
stevenhorsman
3fab7944a3 workflows: Improve metrics jobs
- As the metrics tests are largely independent
then allow subsequent tests to run even if previous
ones failed. The results might not be perfect if
clean-up is required, but we can work on that later.
- Move the test results check out of the latency
test that seems arbitrary and into it's own job step
- Add timeouts to steps that might fail/hang if there
are containerd/K8s issues

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-01 17:50:05 +00:00
stevenhorsman
6f918d71f5 workflows: Update metrics jobs
Currently the run-metrics job runs a manual install
and does this in a separate job before the metrics
tests run. This doesn't make sense as if we have multiple
CI runs in parallel (like we often do), there is a high chance
that the setup for another PR runs between the metrics
setup and the runs, meaning it's not testing the correct
version of code. We want to remove this from happening,
so install (and delete to cleanup) kata as part of the metrics
test jobs.

Also switch to kata-deploy rather than manual install for
simplicity and in order to test what we recommend to users.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-03-01 17:50:05 +00:00
Stephane Talbot
f80e7370d5 test: Verify deployement of kata-deploy on microk8s
Enable fonctional test to verify deployment of kata-deploy on a Microk8s cluster

Signed-off-by: Stephane Talbot <Stephane.Talbot@univ-savoie.fr>
2025-02-28 10:10:29 +01:00
Zvonko Kaiser
33460386b9
Merge pull request #10803 from ryansavino/update-confidential-initrd-22.04
versions: update confidential initrd to 22.04
2025-02-27 09:29:36 -05:00
stevenhorsman
d08787774f ci: k8s: Use pinned k0s version
Update the code to install the version of k0s
that we have in our versions.yaml, rather than
just installing the latest, to help our CI being
less stable and prone to breaking due to things
we don't control.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-02-27 11:33:23 +00:00
Ryan Savino
ceafa82f2e tests: skip trusted storage tests for qemu-snp
skip tests for trusted storage until #10838 is resolved.

Signed-Off-By: Ryan Savino <ryan.savino@amd.com>
2025-02-26 14:23:57 -06:00
Ruoqing He
ed50e31625 build: Reorganize target selection
Architectures here with `musl` available are minority, which is more
suitable for enumeration.

With this change, we are implicitly choosing gnu target for `ppc64le`,
`riscv64` and `s390x`.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2025-02-26 00:56:54 +08:00
Ruoqing He
562911e170 build: Add riscv mapping for common.bash
While installing Rust and Golang in our CI workflow, `arch_to_golang`
and `arch_to_rust` are needed for inferring the correct arch string for
riscv64 architecture.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2025-02-26 00:56:54 +08:00
Fabiano Fidêncio
a6186b6244 ci: k8s: arm: Skip "Check the number vcpus are ..." test
See https://github.com/kata-containers/kata-containers/issues/10928

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-02-24 18:43:24 +01:00
Fabiano Fidêncio
1798804c32 ci: k8s: arm: Skip "Pod quota" test
See https://github.com/kata-containers/kata-containers/issues/10927

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-02-24 18:43:24 +01:00
Fabiano Fidêncio
053827cacc ci: k8s: arm: Skip "Running within memory constraints" test
See https://github.com/kata-containers/kata-containers/issues/10926

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-02-24 18:43:24 +01:00
Aurélien Bombo
1f8c15fa48 Revert "tests: Skip k8s job test on qemu-coco-dev"
This reverts commit a8ccd9a2ac.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-02-21 17:52:17 -06:00
Aurélien Bombo
7542dbffb8 Revert "tests: disable k8s-policy-job.bats on coco-dev"
This reverts commit 47ce5dad9d.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-02-21 17:52:17 -06:00
Xuewei Niu
cdb29a4fd1
Merge pull request #10780 from RuoqingHe/setup-dragonball-workspace
dragonball: Appease clippy, setup workspace and centralize RustVMM
2025-02-21 14:04:19 +08:00
Aurélien Bombo
601c403603
Merge pull request #10818 from burgerdev/plumbing
agent: clear log pipes if denied by policy
2025-02-19 16:28:58 -06:00
Aurélien Bombo
cb3467535c tests: Add policy test for ReadStreamRequest
This test verifies that, when ReadStreamRequest is blocked by the
policy, the logs are empty and the container does not deadlock.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2025-02-19 14:03:41 -06:00
Hyounggyu Choi
a8363c28ca tests: Support systemd unit files in /usr/lib as well as /lib
On Ubuntu 24.04, due to the /usr merge, system-provided unit files
now reside in `/usr/lib/systemd/system/` instead of `/lib/systemd/system/`.
For example, the command below now returns a different path:

```
$ systemctl show containerd.service -p FragmentPath
/usr/lib/systemd/system/containerd.service
```

Previously, on Ubuntu 22.04 and earlier, it returned:

```
/lib/systemd/system/containerd.service
```

The current pattern `if [[ $unit_file == /lib* ]]` fails to match the new path.
To ensure compatibility across versions, we update the pattern to match both
`/lib` and `/usr/lib` like:

```
if [[ $unit_file =~ ^/(usr/)?lib/ ]]
```

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-02-19 14:34:59 +01:00
Ruoqing He
6bb193bbc0 spell: Update dictionary for dbs crates
Add entries for dbs_* crates' README.md to pass `kata-spell-check.sh`
spell checking.

Changed British terms to American terms in README of `dbs_pci` to pass
`hunspell` check.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2025-02-19 21:20:30 +08:00
Ruoqing He
d23284a0dc header_check: Check header for changed text files
We are running `header_check` for non-text files like binary files,
symbolic link files, image files (pictures) and etc., which does not
make sense.

Filter out non-text files and run `header_check` only for text files
changed.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2025-02-18 22:39:53 +08:00
Ruoqing He
7e49e83779 spell: Add missing entries for kata-spell-check
`kata-dictionary.dic` changes after running `kata-spell-check.sh
make-dict`. This is due to someone forgot to first update entries in
data and run `make-dict`, but directly updated `kata-dictionary.dic`
instead.

Add mssing entries to data and re-run `make-dict` to generate correct
`kata-dictionary.dic`.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2025-02-18 19:06:34 +08:00
Fabiano Fidêncio
64ceb0832a
Merge pull request #10851 from fidencio/topic/bump-image-rs-to-bring-in-ttrpc-0.8.4
agent: Bump image-rs to 514c561d93
2025-02-14 18:21:56 +01:00
stevenhorsman
56fb2a9482 tests: Skip block volume test on fc, stratovirt
The block volume test has failed on 10/10 nightlies
and all the PRs I've seen, so skip it until it can be assessed.

See #10873

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-02-13 11:50:35 +00:00
stevenhorsman
2d266df846 test: Update expected error in signed image tests
We are seeing a different error in the new version of image-rs,
so update our tests to match.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-02-13 11:44:51 +00:00