-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to GRPC sockets rather than using tcp ports #631
Switch to GRPC sockets rather than using tcp ports #631
Conversation
Codecov Report
@@ Coverage Diff @@
## master #631 +/- ##
==========================================
+ Coverage 43.76% 43.82% +0.05%
==========================================
Files 29 29
Lines 1565 1570 +5
==========================================
+ Hits 685 688 +3
- Misses 834 835 +1
- Partials 46 47 +1 |
/test pull-security-profiles-operator-test-e2e |
3c264a5
to
6456c3f
Compare
2a6f372
to
c755643
Compare
Lgtm. Is the e2e-fedora test working at all? Shall it be rekicked? |
I re-triggered the CI, let's see why it hung. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general I think it's a nice improvement, just see one inline question about permissions
f034a91
to
4249649
Compare
/test pull-security-profiles-operator-test-e2e |
4249649
to
52ebf48
Compare
/test pull-security-profiles-operator-test-e2e |
7fd255c
to
eee3589
Compare
/retest |
252ab13
to
9851e04
Compare
On Thu, Nov 04, 2021 at 06:35:26AM -0700, Sascha Grunert wrote:
@saschagrunert commented on this pull request.
> - e.logf("removing policy")
- e.kubectl("delete", "selinuxprofile", "errorlogger")
-
- e.logf("assert policy was removed")
- e.assertSelinuxPolicyIsRemoved(nodes, rawPolicyName, maxNodeIterations, sleepBetweenIterations)
This seems to block the fedora selinux e2e test and I have no idea how it is related to my code change. @jhrozek do you have any insight here?
Not off-bat, but I'll try running the tests locally in vagrant.
|
9851e04
to
081a559
Compare
/test pull-security-profiles-operator-test-e2e |
/retest |
Here's what I'm seeing running the e2e tests locally. The SPO pod restarts (still trying to figure out why) and then:
|
huh:
|
Can you try if the tests work better if you include #640 in the PR? |
oh and that PR definitely does not fix the issue related to container restart failing with address already in use, just the crash itself.. |
081a559
to
69f312d
Compare
We have to remove the socket if the file already exists. Good catch! |
69f312d
to
fc4aaca
Compare
The enricher as well as the bpf recorder require host network for cgroup determination. This means if we already serve something on the GRPC tcp ports, then the operator will fail to deploy. To work around this error-case, we now rely on unix domain sockets rather than TCP ports. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
fc4aaca
to
dd07307
Compare
/test pull-security-profiles-operator-test-e2e |
/retest |
1 similar comment
/retest |
@jhrozek tests are green now :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pjbgf, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
What type of PR is this?
/kind feature
What this PR does / why we need it:
The enricher as well as the bpf recorder require host network for cgroup
determination. This means if we already serve something on the GRPC tcp
ports, then the operator will fail to deploy.
To work around this error-case, we now rely on unix domain sockets
rather than TCP ports.
Which issue(s) this PR fixes:
None
Does this PR have test?
None
Special notes for your reviewer:
Refers to #618 (comment)
Does this PR introduce a user-facing change?