Merge pull request #1632 from PrimalPimmy/CI

fix(CI): Change latest release CI to containerd runtime

.github/workflows/ci-latest-release.yml

@@ -71,20 +71,38 @@ jobs:
           else
             echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
           fi
-          RUNTIME=docker ./contribution/k3s/install_k3s.sh
+          RUNTIME=containerd ./contribution/k3s/install_k3s.sh
 
       - name: Generate KubeArmor artifacts
         run: GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh ${{ steps.vars.outputs.tag }}
 
-      - name: Deploy KubeArmor into Kubernetes
+      - name: Build Kubearmor-Operator
+        working-directory: pkg/KubeArmorOperator
         run: |
-          helm upgrade --install kubearmor ./deployments/helm/KubeArmor \
-          --values ./KubeArmor/build/kubearmor-helm-test-values.yaml \
-          --set kubearmor.image.tag=${{ steps.vars.outputs.tag }} \
-          --set kubearmorInit.image.tag=${{ steps.vars.outputs.tag }} \
-          -n kubearmor --create-namespace;
+          make docker-build TAG=${{ steps.vars.outputs.tag }}
 
-          kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app
+      - name: deploy pre existing pod 
+        run: |
+          kubectl apply -f ./tests/k8s_env/ksp/pre-run-pod.yaml
+          sleep 60
+          kubectl get pods -A
+
+      - name: Run KubeArmor
+        run: |
+          docker save kubearmor/kubearmor-init:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+          docker save kubearmor/kubearmor:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+          docker save kubearmor/kubearmor-operator:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+          docker save kubearmor/kubearmor-snitch:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
+        
+          helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace
+          kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator
+          kubectl get pods -A
+          if [[ ${{ steps.vars.outputs.tag }} == v* ]]; then
+            sed -i '/image: kubearmor\/kubearmor-controller:latest/!{/image: kubearmor\/kubearmor-relay-server:latest/!s/latest/${{ steps.vars.outputs.tag }}/g}' pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
+          fi
+          kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
+          kubectl wait -n kubearmor --timeout=5m --for=jsonpath='{.status.phase}'=Running kubearmorconfigs/kubearmorconfig-test
+          kubectl wait --timeout=5m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor
           kubectl get pods -A
 
       - name: Test KubeArmor using Ginkgo

.github/workflows/ci-test-ginkgo.yml

@@ -87,7 +87,7 @@ jobs:
           kubectl get pods -A
           kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
           kubectl wait -n kubearmor --timeout=5m --for=jsonpath='{.status.phase}'=Running kubearmorconfigs/kubearmorconfig-test
-          kubectl wait --timeout=5m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor
+          kubectl wait --timeout=7m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor
           kubectl get pods -A
 
       - name: Test KubeArmor using Ginkgo

KubeArmor/monitor/systemMonitor.go

@@ -617,7 +617,7 @@ func (mon *SystemMonitor) TraceSyscall() {
 
 			now := time.Now()
 			if now.After(time.Unix(int64(ctx.Ts), 0).Add(10 * time.Second)) {
-				mon.Logger.Warn("Event dropped due to replay timeout")
+				mon.Logger.Debug("Event dropped due to replay timeout")
 				continue
 			}
 
@@ -644,7 +644,7 @@ func (mon *SystemMonitor) TraceSyscall() {
 					}
 
 				}
-				mon.Logger.Warn("Event dropped due to replay timeout")
+				mon.Logger.Debug("Event dropped due to replay timeout")
 			}()
 		}
 	}()

tests/k8s_env/Makefile

@@ -10,4 +10,4 @@ build:
 	@ginkgo -r --vv --flake-attempts=10 --timeout=30m --skip-package "syscalls"
 .PHONY: test
 test:
-	@ginkgo -r
+	@ginkgo -r -v

tests/k8s_env/block/block_test.go → tests/k8s_env/blockposture/block_test.go

@@ -69,10 +69,10 @@ var _ = Describe("Posture", func() {
 			err = KarmorLogStart("policy", "wordpress-mysql", "Network", wp)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "curl google.com"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
-			Expect(sout).To(MatchRegexp("curl.*Could not resolve host: google.com"))
+			AssertCommand(
+				wp, "wordpress-mysql", []string{"bash", "-c", "curl google.com"},
+				MatchRegexp("curl.*Could not resolve host: google.com"), true,
+			)
 
 			out, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "curl 142.250.193.46"})
 			Expect(err).To(BeNil())