tests/e2e: introduce rthooks e2e test#4937
Open
3u13r wants to merge 5 commits into
Open
Conversation
3u13r
force-pushed
the
pr/3u13r/rthook-e2e-test
branch
from
d5ebc6b to
07e0032
Compare
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
3u13r
force-pushed
the
pr/3u13r/rthook-e2e-test
branch
from
07e0032 to
a295917
Compare
Contributor
Author
|
The new CI pipeline is here. The rthook e2e test can only be run in minikube. Therefore, we skip it when we don't detect the A solution I came up with is to change the folder structure so that we have |
To make booth troubleshooting and e2e testing easier, expose the rthooks logs in the daemonset that installs the hooks. Signed-off-by: Leonard Cohnen <leonard.cohnen@gmail.com>
The agent exposes its gRPC server on a UNIX domain socket (UDS) by default. We had to override this for the e2e tests, since the test binary needs to talk to this server. It uses Kubernetes port forwarding features to expose ports from various pods. Since UDSs cannot be natively forwarded, the e2e test adds a daemonset that mounts the UDS and exposes it via a port again. Then we forward that port again via the port forwarding mechanism. Signed-off-by: Leonard Cohnen <leonard.cohnen@gmail.com>
The existing rthook testing in tetragon-rthook-pr.yaml has the drawback that it doesn't test the integration with the tetragon agent. This integration recently broke, so we want a CI test that checks that we don't regress again. Signed-off-by: Leonard Cohnen <leonard.cohnen@gmail.com>
Testing rthooks doesn't seem to (easily) work in KinD. Therefore, we used to have bash scripts which setup a minikube test environment and tested only the rthooks without Tetragon installed in the cluster. Remove this bash script test in favor of a more holistic e2e test. Note that we stop testing the kins-hook-setup.sh script for containerd versions <2.0. This should be fine as the last containerd versions <2.0 will be EOL Sep 2026, see https://containerd.io/releases/#current-state-of-containerd-releases. Moreover, the script assumes a demo single-node KinD setup and is therefore not relevant to production. Signed-off-by: Leonard Cohnen <leonard.cohnen@gmail.com>
Signed-off-by: Leonard Cohnen <leonard.cohnen@gmail.com>
3u13r
force-pushed
the
pr/3u13r/rthook-e2e-test
branch
from
a295917 to
b14a20d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
We recently regressed in the integration between the rthooks and Tetragon agent (see here).
This PR replaces the existing rthook test, that didn't cover the integration between hook and agent, with a new e2e test. As the replaced test, this e2e test runs inside minikube.
In an effort to make this error more debuggable, this PR also adds a log container to the rthooks daemonset that tails the logfile of the hook binary.