diff --git a/CATALOG.md b/CATALOG.md index 92a5e7f53..daf6bb8e9 100644 --- a/CATALOG.md +++ b/CATALOG.md @@ -899,7 +899,7 @@ Tags|telco,networking Property|Description ---|--- Unique ID|networking-dual-stack-service -Description|Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the debug daemonset. +Description|Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the probe daemonset. Suggested Remediation|Configure every workload service with either a single stack ipv6 or dual stack (ipv4/ipv6) load balancer. Best Practice Reference|https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-&-ipv6 Exception Process|No exception needed for optional/extended tests. @@ -915,7 +915,7 @@ Tags|extended,networking Property|Description ---|--- Unique ID|networking-icmpv4-connectivity -Description|Checks that each workload Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. +Description|Checks that each workload Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the workload is able to communicate via the Default OpenShift network. In some rare cases, workloads may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv4 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Best Practice Reference|https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-&-ipv6 Exception Process|No exceptions - must be able to communicate on default network using IPv4 @@ -931,7 +931,7 @@ Tags|common,networking Property|Description ---|--- Unique ID|networking-icmpv4-connectivity-multus -Description|Checks that each workload Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. +Description|Checks that each workload Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the workload is able to communicate via the Multus network(s). In some rare cases, workloads may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv4 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if MULTUS is not supported. Best Practice Reference|https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-high-level-cnf-expectations Exception Process|There is no documented exception process for this. @@ -947,7 +947,7 @@ Tags|telco,networking Property|Description ---|--- Unique ID|networking-icmpv6-connectivity -Description|Checks that each workload Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. +Description|Checks that each workload Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the workload is able to communicate via the Default OpenShift network. In some rare cases, workloads may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv6 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if IPv6 is not supported. Best Practice Reference|https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-&-ipv6 Exception Process|There is no documented exception process for this. @@ -963,7 +963,7 @@ Tags|common,networking Property|Description ---|--- Unique ID|networking-icmpv6-connectivity-multus -Description|Checks that each workload Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. +Description|Checks that each workload Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the workload is able to communicate via the Multus network(s). In some rare cases, workloads may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv6 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it.The label value is trivial, only its presence. Not applicable if IPv6/MULTUS is not supported. Best Practice Reference|https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-high-level-cnf-expectations Exception Process|There is no documented exception process for this. diff --git a/cmd/certsuite/claim/compare/testdata/claim_access_control.json b/cmd/certsuite/claim/compare/testdata/claim_access_control.json index 02f70a721..d4d50644d 100644 --- a/cmd/certsuite/claim/compare/testdata/claim_access_control.json +++ b/cmd/certsuite/claim/compare/testdata/claim_access_control.json @@ -28,7 +28,7 @@ "checkDiscoveredContainerCertificationStatus": false, "collectorAppEndPoint": "http://localhost:8080", "collectorAppPassword": "test-password", - "debugDaemonSetNamespace": "custom-debugpods-ns", + "probeDaemonSetNamespace": "custom-probepods-ns", "executedBy": "default-executed-by", "managedDeployments": [ { @@ -9737,7 +9737,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-\u0026-ipv6", - "description": "Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the debug daemonset.", + "description": "Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the probe daemonset.", "exceptionProcess": "No exception needed for optional/extended tests.", "remediation": "Configure every CNF services with either a single stack ipv6 or dual stack (ipv4/ipv6) load balancer." }, @@ -9764,7 +9764,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-\u0026-ipv6", - "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "No exceptions - must be able to communicate on default network using IPv4", "remediation": "Ensure that the CNF is able to communicate via the Default OpenShift network. In some rare cases, CNFs may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv4 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence." }, @@ -9791,7 +9791,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-high-level-cnf-expectations", - "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "There is no documented exception process for this.", "remediation": "Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv4 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if MULTUS is not supported." }, @@ -9818,7 +9818,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-\u0026-ipv6", - "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "There is no documented exception process for this.", "remediation": "Ensure that the CNF is able to communicate via the Default OpenShift network. In some rare cases, CNFs may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv6 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if IPv6 is not supported." }, @@ -9845,7 +9845,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-high-level-cnf-expectations", - "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "There is no documented exception process for this.", "remediation": "Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv6 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it.The label value is trivial, only its presence. Not applicable if IPv6/MULTUS is not supported." }, diff --git a/cmd/certsuite/claim/compare/testdata/claim_observability.json b/cmd/certsuite/claim/compare/testdata/claim_observability.json index 65d897834..84ada1473 100644 --- a/cmd/certsuite/claim/compare/testdata/claim_observability.json +++ b/cmd/certsuite/claim/compare/testdata/claim_observability.json @@ -28,7 +28,7 @@ "checkDiscoveredContainerCertificationStatus": false, "collectorAppEndPoint": "http://localhost:8080", "collectorAppPassword": "test-password", - "debugDaemonSetNamespace": "custom-debugpods-ns", + "probeDaemonSetNamespace": "custom-probepods-ns", "executedBy": "default-executed-by", "managedDeployments": [ { @@ -9737,7 +9737,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-\u0026-ipv6", - "description": "Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the debug daemonset.", + "description": "Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the probe daemonset.", "exceptionProcess": "No exception needed for optional/extended tests.", "remediation": "Configure every CNF services with either a single stack ipv6 or dual stack (ipv4/ipv6) load balancer." }, @@ -9764,7 +9764,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-\u0026-ipv6", - "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "No exceptions - must be able to communicate on default network using IPv4", "remediation": "Ensure that the CNF is able to communicate via the Default OpenShift network. In some rare cases, CNFs may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv4 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence." }, @@ -9791,7 +9791,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-high-level-cnf-expectations", - "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "There is no documented exception process for this.", "remediation": "Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv4 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if MULTUS is not supported." }, @@ -9818,7 +9818,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipv4-\u0026-ipv6", - "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "There is no documented exception process for this.", "remediation": "Ensure that the CNF is able to communicate via the Default OpenShift network. In some rare cases, CNFs may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv6 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if IPv6 is not supported." }, @@ -9845,7 +9845,7 @@ "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-high-level-cnf-expectations", - "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the debug daemonset.", + "description": "Checks that each CNF Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the probe daemonset.", "exceptionProcess": "There is no documented exception process for this.", "remediation": "Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv6 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it.The label value is trivial, only its presence. Not applicable if IPv6/MULTUS is not supported." }, diff --git a/cmd/certsuite/claim/compare/testdata/diff1.txt b/cmd/certsuite/claim/compare/testdata/diff1.txt index a13d41062..e8e62384e 100644 --- a/cmd/certsuite/claim/compare/testdata/diff1.txt +++ b/cmd/certsuite/claim/compare/testdata/diff1.txt @@ -56,7 +56,7 @@ CONFIGURATIONS Cert Suite Configuration: Differences FIELD CLAIM 1 CLAIM 2 -/debugDaemonSetNamespace custom-debugpods-ns cnf-suite +/probeDaemonSetNamespace custom-probepods-ns cnf-suite Cert Suite Configuration: Only in CLAIM 1 diff --git a/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt b/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt index 398dab596..8794996f6 100644 --- a/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt +++ b/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt @@ -56,7 +56,7 @@ CONFIGURATIONS CNF Cert Suite Configuration: Differences FIELD CLAIM 1 CLAIM 2 -/debugDaemonSetNamespace cnf-suite custom-debugpods-ns +/probeDaemonSetNamespace cnf-suite custom-probepods-ns CNF Cert Suite Configuration: Only in CLAIM 1 /targetNameSpaces/1=test-ns diff --git a/cmd/certsuite/generate/config/config.go b/cmd/certsuite/generate/config/config.go index 49c3315ac..974faa938 100644 --- a/cmd/certsuite/generate/config/config.go +++ b/cmd/certsuite/generate/config/config.go @@ -309,7 +309,7 @@ func createCollectorConfiguration() { func createSettingsConfiguration() { settingsOptions := []configOption{ - {Option: debugDaemonSet, Help: debugDaemonSetHelp}, + {Option: probeDaemonSet, Help: probeDaemonSetHelp}, {Option: previousMenu, Help: backHelp}, } settingsPrompt := promptui.Select{ @@ -327,8 +327,8 @@ func createSettingsConfiguration() { return } switch settingsOptions[i].Option { - case debugDaemonSet: - loadDebugDaemonSetNamespace(getAnswer(debugDaemonSetPrompt, debugDaemonSetSyntax, debugDaemonSetExample)) + case probeDaemonSet: + loadProbeDaemonSetNamespace(getAnswer(probeDaemonSetPrompt, probeDaemonSetSyntax, probeDaemonSetExample)) case previousMenu: exit = true } @@ -467,6 +467,6 @@ func loadNonScalableStatefulSets(nonScalableStatefulSets []string) { } } -func loadDebugDaemonSetNamespace(namespace []string) { - certsuiteConfig.DebugDaemonSetNamespace = namespace[0] +func loadProbeDaemonSetNamespace(namespace []string) { + certsuiteConfig.ProbeDaemonSetNamespace = namespace[0] } diff --git a/cmd/certsuite/generate/config/const.go b/cmd/certsuite/generate/config/const.go index 888817208..968c98cd9 100644 --- a/cmd/certsuite/generate/config/const.go +++ b/cmd/certsuite/generate/config/const.go @@ -35,7 +35,7 @@ const ( partnerName = "Partner name" appPassword = "Application password" // Settings - debugDaemonSet = "Debug DaemonSet namespace" + probeDaemonSet = "Probe DaemonSet namespace" ) // Menu help @@ -109,10 +109,10 @@ StatefulSets included in this list will skip any scaling operation check. Test cases affected: lifecycle-statefulset-scaling` // Collector (TODO) // Settings - debugDaemonSetHelp = `Set the namespace where the debug DaemonSet will be deployed. + probeDaemonSetHelp = `Set the namespace where the probe DaemonSet will be deployed. The namespace will be created in case it does not exist. If not set, the default namespace is "certsuite". -This DaemonSet, called "certsuite-debug" is deployed and used internally by the Certification Suite +This DaemonSet, called "certsuite-probe" is deployed and used internally by the Certification Suite to issue some shell commands that are needed in certain test cases. Some of these test cases might fail or be skipped in case it is not deployed correctly.` ) @@ -160,9 +160,9 @@ const ( nonScalableStatefulSetsExample = "statefulset-test-test/certsuite-test" // Collector (TODO) // Settings - debugDaemonSetPrompt = "Enter the namespace in which de debug DaemonSet will be deployed." - debugDaemonSetSyntax = "ds-namespace" - debugDaemonSetExample = "certsuite-cert" + probeDaemonSetPrompt = "Enter the namespace in which de probe daemonset will be deployed." + probeDaemonSetSyntax = "ds-namespace" + probeDaemonSetExample = "certsuite-probe" ) // Internal constants diff --git a/cmd/certsuite/run/run.go b/cmd/certsuite/run/run.go index 9f54c0748..b513b5f47 100644 --- a/cmd/certsuite/run/run.go +++ b/cmd/certsuite/run/run.go @@ -40,10 +40,10 @@ func NewCommand() *cobra.Command { runCmd.PersistentFlags().Bool("enable-data-collection", false, "Allow sending test results to an external data collector") runCmd.PersistentFlags().Bool("create-xml-junit-file", false, "Create a JUnit file with the test results") runCmd.PersistentFlags().String("certsuite-probe-image", "quay.io/redhat-best-practices-for-k8s/certsuite-probe:v0.0.7", "Certsuite probe image") - runCmd.PersistentFlags().String("daemonset-cpu-req", "100m", "CPU request for the debug DaemonSet container") - runCmd.PersistentFlags().String("daemonset-cpu-lim", "100m", "CPU limit for the debug DaemonSet container") - runCmd.PersistentFlags().String("daemonset-mem-req", "100M", "Memory request for the debug DaemonSet container") - runCmd.PersistentFlags().String("daemonset-mem-lim", "100M", "Memory limit for the debug DaemonSet container") + runCmd.PersistentFlags().String("daemonset-cpu-req", "100m", "CPU request for the probe daemonset container") + runCmd.PersistentFlags().String("daemonset-cpu-lim", "100m", "CPU limit for the probe daemonset container") + runCmd.PersistentFlags().String("daemonset-mem-req", "100M", "Memory request for the probe daemonset container") + runCmd.PersistentFlags().String("daemonset-mem-lim", "100M", "Memory limit for the probe daemonset container") runCmd.PersistentFlags().Bool("sanitize-claim", false, "Sanitize the claim.json file before sending it to the collector") return runCmd diff --git a/docs/assets/images/demo-config.svg b/docs/assets/images/demo-config.svg index 07668f1a8..92270935a 100644 --- a/docs/assets/images/demo-config.svg +++ b/docs/assets/images/demo-config.svg @@ -1 +1 @@ ->>./tnf>./tnfgenerate>./tnfgenerateconfigUsethearrowkeystonavigate:CreateShowSaveExit---------Create----------CreateaconfigurationfortheCNFCertificationSuiteCNFresourcesExceptionsCollectorSettings🡸---------CNFresources----------ConfiguretheworkloadresourcesoftheCNFtobeverified.OnlytheresourcesthattheCNFusesarerequiredtobeconfigured.Therestcanbeleftempty.Usuallyabasicconfigurationincludes"Namespaces"and"Pods"atleast.Usethearrowkeystonavigate:and/togglessearchNamespacesPodsOperatorsCRDfiltersManagedDeploymentsManagedStatefulSets---------Namespaces----------ThenamespacesinwhichtheCNFundertestwillbedeployed.Enteracomma-separatedlistofthenamespacesinwhichtheCNFisdeployingitsworkload.Syntax:ns1[,<ns2>]...Example:cnf,cnf-workload>>c>cn>cnfNamespacesPods---------Pods----------ThelabelsthateachPodoftheCNFundertestmusthavetobeverifiedbytheCNFCertificationSuite.IfanewlabelisusedforthispurposemakesureitisaddedtotheCNF'sPods,ideallyinthepod'sdefinitionastheon-the-flylabelsarelostifthePodgetsrescheduled.ForPodsownbyaDeployment,thesamelabelastheonedefinedinthe"spec.selector.matchLabels"sectionoftheDeploymentcanbeused.Enteracomma-separatedlistoflabelstoidentifytheCNF'sPodsundertest.Syntax:pod-label-1[,pod-label-2]...Example:redhat-best-practices-for-k8s.com/generic:target>cnf->cnf-t>cnf-ta>cnf-tar>cnf-targ>cnf-targe>cnf-target>cnf-target->cnf-target-podjOperators---------Operators----------Thelabelsthateachoperator'sCSVoftheCNFundertestmusthavetobeverifiedIfanewlabelisusedforthispurposemakesureitisaddedtotheCNFoperator'sCSVs.Enteracomma-separatedlistoflabelstoidentifytheCNF'soperatorsundertest.Syntax:operator-label-1[,operator-label-2]...Example:redhat-best-practices-for-k8s.com/operator1:target>cnf-target-operatorCRDfilters---------CRDfilters----------TheCRDnamesuffixusedtofiltertheCNF'sCRDsamongalltheCRDspresentinthecluster.ItmustalsobespecifiediftheresourcesownbytheCRDarescalableornotinordertoavoidsomelifecycletestcases.Enteracomma-separatedlistoftheCRD'snamesuffixesthattheCNFcontains.Also,specifyiftheresourcesmanagedbythoseCRDsarescalable.Syntax:crd-name-suffix/{true|false}[,crd-name-suffix/{true|false}]...Example:group1.test.com/false>group1.test.com/falseManagedStatefulSets---------ManagedStatefulSets----------🡸---------🡸----------MovetopreviousmenuCNFresourcesExceptions---------Exceptions----------Allowaddingexceptionstoskipseveralchecksfordifferentresources.TheexceptionsmustbejustifiedinordertopasstheCNFCertification.FeedbackregardingtheexceptionsconfiguredcanbeprovidedinanHTMLpageafterloadingtheclaim.jsonfilewiththeresults.KerneltaintsHelmchartsProtocolnamesServicesNon-scalableDeploymentsNon-scalableStatefulSets---------Kerneltaints----------ThelistofkernelmodulesloadedbytheCNFthatmaketheLinuxkernelmarkitselfas"tainted"butthatshouldskipverification.Testcasesaffected:platform-alteration-tainted-node-kernel.Enteracomma-separatedlistofkerneltaints(modules)Syntax:mod1[,mod2]...Example:vboxsf,vboxguest>vboxsfKerneltaintsHelmcharts---------Helmcharts----------ThelistofHelmchartsthattheCNFuseswhosecertificationstatuswillnotbeverified.Ifnoexceptionisconfigured,thecertificationstatusforallHelmchartswillbecheckedintheOpenShiftHelmsChartsrepository(seehttps://charts.openshift.io/).Testcasesaffected:affiliated-certification-helmchart-is-certifiedProtocolnames---------Protocolnames----------Thelistofallowedprotocolnamestobeusedforcontainerportnames.Thenamefieldofacontainerportmustbeoftheform<protocol>[-<suffix>]where<protocol>mustbeallowedbydefaultoraddedtothislist.Theoptional<suffix>canbechosenbytheapplication.Protocolnamesallowedbydefault:"grpc","grpc-web","http","http2","tcp","udp".Testcasesaffected:manageability-container-port-name-format.Enteracomma-separatedlistofprotocolnamesSyntax:proto1[,proto2]...Example:http3,sctp>sctpNon-scalableDeployments---------Non-scalableDeployments----------ThelistofDeploymentsthatdonotsupportscalein/outoperations.Deploymentsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-deployment-scalingCollector---------Collector----------ParametersrequiredtosendtheCNFCertificationSuiteresultstoadatacollector.Settings---------Settings----------ConfigurevarioussettingsfortheCNFCertificationSuite.DebugDaemonSetnamespace---------DebugDaemonSetnamespace----------SetthenamespacewherethedebugDaemonSetwillbedeployed.Thenamespacewillbecreatedincaseitdoesnotexist.Ifnotset,thedefaultnamespaceis"cnf-suite".ThisDaemonSet,called"tnf-debug"isdeployedandusedinternallybytheCNFCertificationSuitetoissuesomeshellcommandsthatareneededincertaintestcases.Someofthesetestcasesmightfailorbeskippedincaseitisnotdeployedcorrectly.EnterthenamespaceinwhichdedebugDaemonSetwillbedeployed.Syntax:ds-namespaceExample:cnf-cert>cnf-testCreateShow---------Show----------ShowthecurrentconfigurationinYAMLformatSave---------Save----------SavethecurrentconfigurationtoaYAMLfile(default"certsuite_config.yaml")CNFconfigfile:certsuite_config.ymlConfigurationsaved>cat>catcertsuite_config.ymltargetNameSpaces:-name:cnfpodsUnderTestLabels:-cnf-target-podoperatorsUnderTestLabels:-cnf-target-operatortargetCrdFilters:-nameSuffix:group1.test.comscalable:falseacceptedKernelTaints:-module:vboxsfvalidProtocolNames:-sctpdebugDaemonSetNamespace:cnf-test>.>./>./t>./tn>./tnfg>./tnfge>./tnfgen>./tnfgene>./tnfgener>./tnfgenera>./tnfgenerat>./tnfgeneratec>./tnfgenerateco>./tnfgeneratecon>./tnfgenerateconf>./tnfgenerateconfi>cnf-target-p>cnf-target-po>cnf-target-o>cnf-target-op>cnf-target-ope>cnf-target-oper>cnf-target-opera>cnf-target-operat>cnf-target-operato>g>gr>gro>grou>group>group1>group1.>group1.t>group1.te>group1.tes>group1.test>group1.test.>group1.test.c>group1.test.co>group1.test.com>group1.test.com/>group1.test.com/f>group1.test.com/fa>group1.test.com/fal>group1.test.com/falsManagedDeployments---------ManagedDeployments---------->v>vb>vbo>vbox>vboxs>s>sc>sctServices---------Services----------ThelistofServicesthatwillskipverification.Servicesincludedinthislistwillbefilteredoutattheautodiscoverystageandwillnotbesubjecttochecksinanytestcase.Testscasesaffected:networking-dual-stack-service,access-control-service-typeNon-scalableStatefulSets---------Non-scalableStatefulSets----------ThelistofStatefulSetsthatdonotsupportscalein/outoperations.StatefulSetsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-statefulset-scaling>cnf-te>cnf-tesDebugDaemonSetnamespaceCNFconfigfile:█nf_config.ymlExit---------Exit----------Exitthetool(changesnotsavedwillbelost)>c>ca>catt>cattn>cattnf>cattnf_>cattnf_c>cattnf_co>cattnf_con>cattnf_conf>cattnf_confi>catcertsuite_config>catcertsuite_config.>catcertsuite_config.y>catcertsuite_config.ymexit \ No newline at end of file +>>./tnf>./tnfgenerate>./tnfgenerateconfigUsethearrowkeystonavigate:CreateShowSaveExit---------Create----------CreateaconfigurationfortheCNFCertificationSuiteCNFresourcesExceptionsCollectorSettings🡸---------CNFresources----------ConfiguretheworkloadresourcesoftheCNFtobeverified.OnlytheresourcesthattheCNFusesarerequiredtobeconfigured.Therestcanbeleftempty.Usuallyabasicconfigurationincludes"Namespaces"and"Pods"atleast.Usethearrowkeystonavigate:and/togglessearchNamespacesPodsOperatorsCRDfiltersManagedDeploymentsManagedStatefulSets---------Namespaces----------ThenamespacesinwhichtheCNFundertestwillbedeployed.Enteracomma-separatedlistofthenamespacesinwhichtheCNFisdeployingitsworkload.Syntax:ns1[,<ns2>]...Example:cnf,cnf-workload>>c>cn>cnfNamespacesPods---------Pods----------ThelabelsthateachPodoftheCNFundertestmusthavetobeverifiedbytheCNFCertificationSuite.IfanewlabelisusedforthispurposemakesureitisaddedtotheCNF'sPods,ideallyinthepod'sdefinitionastheon-the-flylabelsarelostifthePodgetsrescheduled.ForPodsownbyaDeployment,thesamelabelastheonedefinedinthe"spec.selector.matchLabels"sectionoftheDeploymentcanbeused.Enteracomma-separatedlistoflabelstoidentifytheCNF'sPodsundertest.Syntax:pod-label-1[,pod-label-2]...Example:redhat-best-practices-for-k8s.com/generic:target>cnf->cnf-t>cnf-ta>cnf-tar>cnf-targ>cnf-targe>cnf-target>cnf-target->cnf-target-podjOperators---------Operators----------Thelabelsthateachoperator'sCSVoftheCNFundertestmusthavetobeverifiedIfanewlabelisusedforthispurposemakesureitisaddedtotheCNFoperator'sCSVs.Enteracomma-separatedlistoflabelstoidentifytheCNF'soperatorsundertest.Syntax:operator-label-1[,operator-label-2]...Example:redhat-best-practices-for-k8s.com/operator1:target>cnf-target-operatorCRDfilters---------CRDfilters----------TheCRDnamesuffixusedtofiltertheCNF'sCRDsamongalltheCRDspresentinthecluster.ItmustalsobespecifiediftheresourcesownbytheCRDarescalableornotinordertoavoidsomelifecycletestcases.Enteracomma-separatedlistoftheCRD'snamesuffixesthattheCNFcontains.Also,specifyiftheresourcesmanagedbythoseCRDsarescalable.Syntax:crd-name-suffix/{true|false}[,crd-name-suffix/{true|false}]...Example:group1.test.com/false>group1.test.com/falseManagedStatefulSets---------ManagedStatefulSets----------🡸---------🡸----------MovetopreviousmenuCNFresourcesExceptions---------Exceptions----------Allowaddingexceptionstoskipseveralchecksfordifferentresources.TheexceptionsmustbejustifiedinordertopasstheCNFCertification.FeedbackregardingtheexceptionsconfiguredcanbeprovidedinanHTMLpageafterloadingtheclaim.jsonfilewiththeresults.KerneltaintsHelmchartsProtocolnamesServicesNon-scalableDeploymentsNon-scalableStatefulSets---------Kerneltaints----------ThelistofkernelmodulesloadedbytheCNFthatmaketheLinuxkernelmarkitselfas"tainted"butthatshouldskipverification.Testcasesaffected:platform-alteration-tainted-node-kernel.Enteracomma-separatedlistofkerneltaints(modules)Syntax:mod1[,mod2]...Example:vboxsf,vboxguest>vboxsfKerneltaintsHelmcharts---------Helmcharts----------ThelistofHelmchartsthattheCNFuseswhosecertificationstatuswillnotbeverified.Ifnoexceptionisconfigured,thecertificationstatusforallHelmchartswillbecheckedintheOpenShiftHelmsChartsrepository(seehttps://charts.openshift.io/).Testcasesaffected:affiliated-certification-helmchart-is-certifiedProtocolnames---------Protocolnames----------Thelistofallowedprotocolnamestobeusedforcontainerportnames.Thenamefieldofacontainerportmustbeoftheform<protocol>[-<suffix>]where<protocol>mustbeallowedbydefaultoraddedtothislist.Theoptional<suffix>canbechosenbytheapplication.Protocolnamesallowedbydefault:"grpc","grpc-web","http","http2","tcp","udp".Testcasesaffected:manageability-container-port-name-format.Enteracomma-separatedlistofprotocolnamesSyntax:proto1[,proto2]...Example:http3,sctp>sctpNon-scalableDeployments---------Non-scalableDeployments----------ThelistofDeploymentsthatdonotsupportscalein/outoperations.Deploymentsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-deployment-scalingCollector---------Collector----------ParametersrequiredtosendtheCNFCertificationSuiteresultstoadatacollector.Settings---------Settings----------ConfigurevarioussettingsfortheCNFCertificationSuite.DebugDaemonSetnamespace---------DebugDaemonSetnamespace----------SetthenamespacewherethedebugDaemonSetwillbedeployed.Thenamespacewillbecreatedincaseitdoesnotexist.Ifnotset,thedefaultnamespaceis"cnf-suite".ThisDaemonSet,called"tnf-debug"isdeployedandusedinternallybytheCNFCertificationSuitetoissuesomeshellcommandsthatareneededincertaintestcases.Someofthesetestcasesmightfailorbeskippedincaseitisnotdeployedcorrectly.EnterthenamespaceinwhichdedebugDaemonSetwillbedeployed.Syntax:ds-namespaceExample:cnf-cert>cnf-testCreateShow---------Show----------ShowthecurrentconfigurationinYAMLformatSave---------Save----------SavethecurrentconfigurationtoaYAMLfile(default"certsuite_config.yaml")CNFconfigfile:certsuite_config.ymlConfigurationsaved>cat>catcertsuite_config.ymltargetNameSpaces:-name:cnfpodsUnderTestLabels:-cnf-target-podoperatorsUnderTestLabels:-cnf-target-operatortargetCrdFilters:-nameSuffix:group1.test.comscalable:falseacceptedKernelTaints:-module:vboxsfvalidProtocolNames:-sctpdebugDaemonSetNamespace:cnf-test>.>./>./t>./tn>./tnfg>./tnfge>./tnfgen>./tnfgene>./tnfgener>./tnfgenera>./tnfgenerat>./tnfgeneratec>./tnfgenerateco>./tnfgeneratecon>./tnfgenerateconf>./tnfgenerateconfi>cnf-target-p>cnf-target-po>cnf-target-o>cnf-target-op>cnf-target-ope>cnf-target-oper>cnf-target-opera>cnf-target-operat>cnf-target-operato>g>gr>gro>grou>group>group1>group1.>group1.t>group1.te>group1.tes>group1.test>group1.test.>group1.test.c>group1.test.co>group1.test.com>group1.test.com/>group1.test.com/f>group1.test.com/fa>group1.test.com/fal>group1.test.com/falsManagedDeployments---------ManagedDeployments---------->v>vb>vbo>vbox>vboxs>s>sc>sctServices---------Services----------ThelistofServicesthatwillskipverification.Servicesincludedinthislistwillbefilteredoutattheautodiscoverystageandwillnotbesubjecttochecksinanytestcase.Testscasesaffected:networking-dual-stack-service,access-control-service-typeNon-scalableStatefulSets---------Non-scalableStatefulSets----------ThelistofStatefulSetsthatdonotsupportscalein/outoperations.StatefulSetsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-statefulset-scaling>cnf-te>cnf-tesDebugDaemonSetnamespaceCNFconfigfile:█nf_config.ymlExit---------Exit----------Exitthetool(changesnotsavedwillbelost)>c>ca>catt>cattn>cattnf>cattnf_>cattnf_c>cattnf_co>cattnf_con>cattnf_conf>cattnf_confi>catcertsuite_config>catcertsuite_config.>catcertsuite_config.y>catcertsuite_config.ymexit diff --git a/docs/assets/images/overview-new.svg b/docs/assets/images/overview-new.svg index 4f69ecdb1..70ecec3b9 100644 --- a/docs/assets/images/overview-new.svg +++ b/docs/assets/images/overview-new.svg @@ -1,3 +1,3 @@ -
Worker Node 2
Worker Node 2
Container1
Container1
Debug
POD2 
Debug...
Container1
Container1
Container2
Container2
Container3
Container3
CNF
POD2
CNF...
Worker Node 1
Worker Node 1
Container1
Container1
Debug
POD1 
Debug...
Container1
Container1
Container2
Container2
Container3
Container3
CNF
POD1
CNF...
Worker Node 3
Worker Node 3
Container1
Container1
Debug
POD3 
Debug...
Container1
Container1
Container2
Container2
Container3
Container3
CNF
POD3
CNF...
Master Node 2
Master Node 2
Master Node 1
Master Node 1
Default
Default
multus 1
multus 1
multus 2
multus 2
Initiate ping with nsenter
on default net
Initiate ping...
Initiate ping with nsenter on multus1 net
Initiate ping w...
TNF suite 
executable or container
TNF suite...
Running tests using kubectl of oc commands
Running tests using k...
Runs tests directly on node platform
via debug pods  
Runs tests directly on node platform...
Runs tests with replica or stateful sets, pods, containers, ... 
Runs tests with replica or stateful sets, pods, conta...
Openshift
Openshift
Viewer does not support full SVG 1.1
\ No newline at end of file +
Worker Node 2
Worker Node 2
Container1
Container1
Debug
POD2 
Debug...
Container1
Container1
Container2
Container2
Container3
Container3
CNF
POD2
CNF...
Worker Node 1
Worker Node 1
Container1
Container1
Debug
POD1 
Debug...
Container1
Container1
Container2
Container2
Container3
Container3
CNF
POD1
CNF...
Worker Node 3
Worker Node 3
Container1
Container1
Debug
POD3 
Debug...
Container1
Container1
Container2
Container2
Container3
Container3
CNF
POD3
CNF...
Master Node 2
Master Node 2
Master Node 1
Master Node 1
Default
Default
multus 1
multus 1
multus 2
multus 2
Initiate ping with nsenter
on default net
Initiate ping...
Initiate ping with nsenter on multus1 net
Initiate ping w...
TNF suite 
executable or container
TNF suite...
Running tests using kubectl of oc commands
Running tests using k...
Runs tests directly on node platform
via probe pods  
Runs tests directly on node platform...
Runs tests with replica or stateful sets, pods, containers, ... 
Runs tests with replica or stateful sets, pods, conta...
Openshift
Openshift
Viewer does not support full SVG 1.1
\ No newline at end of file diff --git a/docs/configuration.md b/docs/configuration.md index b147fb9a3..7c05af0f4 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -199,15 +199,15 @@ skipScalingTestStatefulSetNames: ### Red Hat Best Practices Test Suite settings -#### debugDaemonSetNamespace +#### probeDaemonSetNamespace This is an optional field with the name of the namespace where a privileged DaemonSet will be deployed. The namespace will be created in case it does not exist. In case this field is not set, the default namespace for this DaemonSet is _cnf-suite_. ``` { .yaml .annotate } -debugDaemonSetNamespace: cnf-cert +probeDaemonSetNamespace: cnf-cert ``` -This DaemonSet, called _tnf-debug_ is deployed and used internally by the Test Suite tool to issue some shell commands that are needed in certain test cases. Some of these test cases might fail or be skipped in case it wasn't deployed correctly. +This DaemonSet, called _certsuite-probe_ is deployed and used internally by the Test Suite tool to issue some shell commands that are needed in certain test cases. Some of these test cases might fail or be skipped in case it wasn't deployed correctly. ### Other settings diff --git a/docs/index.md b/docs/index.md index c5c9c5a8e..3e005fcfc 100644 --- a/docs/index.md +++ b/docs/index.md @@ -34,4 +34,4 @@ There are 3 building blocks in the above framework. * the `Certification container/exec` is the Test Suite running on the platform or in a container. The executable verifies the workload under test configuration and its interactions with OpenShift -* the `Debug` pods are part of a Kubernetes daemonset responsible to run various **privileged commands** on Kubernetes nodes. Debug pods are useful to run platform tests and test commands (e.g. ping) in container namespaces without changing the container image content. The debug daemonset is instantiated via the [privileged-daemonset](https://github.com/redhat-best-practices-for-k8s/privileged-daemonset) repository. +* the `Debug` pods are part of a Kubernetes daemonset responsible to run various **privileged commands** on Kubernetes nodes. Debug pods are useful to run platform tests and test commands (e.g. ping) in container namespaces without changing the container image content. The probe daemonset is instantiated via the [privileged-daemonset](https://github.com/redhat-best-practices-for-k8s/privileged-daemonset) repository. diff --git a/docs/runtime-env.md b/docs/runtime-env.md index 996389328..9a3435a78 100644 --- a/docs/runtime-env.md +++ b/docs/runtime-env.md @@ -62,5 +62,5 @@ See more about this variable [here](https://github.com/redhat-openshift-ecosyste `CERTSUITE_ALLOW_PREFLIGHT_INSECURE` (default: false) is required set to `true` if you are running against a private container registry that has self-signed certificates. -Note that you can also specify the debug pod image to use with `SUPPORT_IMAGE` +Note that you can also specify the probe pod image to use with `SUPPORT_IMAGE` environment variable, default to `certsuite-probe:v0.0.7`. diff --git a/docs/test-run.md b/docs/test-run.md index 515455a66..89bb0ce8e 100644 --- a/docs/test-run.md +++ b/docs/test-run.md @@ -6,7 +6,7 @@ The Test Suite can be run using the Certsuite tool directly or through a contain To run the Test Suite direct use: ```shell -./certsuite run -l -c -k -o [] +./certsuite run -l -c -k -o [] ``` If the _kubeconfig_ is not provided the value of the `KUBECONFIG` environment variable will be taken by default. diff --git a/internal/crclient/crclient.go b/internal/crclient/crclient.go index 3fdfc1712..e454d4491 100644 --- a/internal/crclient/crclient.go +++ b/internal/crclient/crclient.go @@ -43,16 +43,16 @@ func (p *Process) String() string { return fmt.Sprintf("cmd: %s, pid: %d, ppid: %d, pidNs: %d", p.Args, p.Pid, p.PPid, p.PidNs) } -// Helper function to create the clientsholder.Context of the first container of the debug pod +// Helper function to create the clientsholder.Context of the first container of the probe pod // that runs in the give node. This context is usually needed to run shell commands that get // information from a node where a pod/container under test is running. -func GetNodeDebugPodContext(node string, env *provider.TestEnvironment) (clientsholder.Context, error) { - debugPod := env.DebugPods[node] - if debugPod == nil { - return clientsholder.Context{}, fmt.Errorf("debug pod not found on node %s", node) +func GetNodeProbePodContext(node string, env *provider.TestEnvironment) (clientsholder.Context, error) { + probePod := env.ProbePods[node] + if probePod == nil { + return clientsholder.Context{}, fmt.Errorf("probe pod not found on node %s", node) } - return clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name), nil + return clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name), nil } func GetPidFromContainer(cut *provider.Container, ctx clientsholder.Context) (int, error) { @@ -85,9 +85,9 @@ func GetPidFromContainer(cut *provider.Container, ctx clientsholder.Context) (in // To get the pid namespace of the container func GetContainerPidNamespace(testContainer *provider.Container, env *provider.TestEnvironment) (string, error) { // Get the container pid - ocpContext, err := GetNodeDebugPodContext(testContainer.NodeName, env) + ocpContext, err := GetNodeProbePodContext(testContainer.NodeName, env) if err != nil { - return "", fmt.Errorf("failed to get debug pod's context for container %s: %v", testContainer, err) + return "", fmt.Errorf("failed to get probe pod's context for container %s: %v", testContainer, err) } pid, err := GetPidFromContainer(testContainer, ocpContext) @@ -118,9 +118,9 @@ func GetContainerProcesses(container *provider.Container, env *provider.TestEnvi func ExecCommandContainerNSEnter(command string, aContainer *provider.Container) (outStr, errStr string, err error) { env := provider.GetTestEnvironment() - ctx, err := GetNodeDebugPodContext(aContainer.NodeName, &env) + ctx, err := GetNodeProbePodContext(aContainer.NodeName, &env) if err != nil { - return "", "", fmt.Errorf("failed to get debug pod's context for container %s: %v", aContainer, err) + return "", "", fmt.Errorf("failed to get probe pod's context for container %s: %v", aContainer, err) } ch := clientsholder.GetClientsHolder() @@ -134,7 +134,7 @@ func ExecCommandContainerNSEnter(command string, // Add the container PID and the specific command to run with nsenter nsenterCommand := "nsenter -t " + strconv.Itoa(containerPid) + " -n " + command - // Run the nsenter command on the debug pod + // Run the nsenter command on the probe pod outStr, errStr, err = ch.ExecCommandContainer(ctx, nsenterCommand) if err != nil { return "", "", fmt.Errorf("cannot execute command: \" %s \" on %s err:%s", command, aContainer, err) @@ -146,14 +146,14 @@ func ExecCommandContainerNSEnter(command string, func GetPidsFromPidNamespace(pidNamespace string, container *provider.Container) (p []*Process, err error) { const command = "trap \"\" SIGURG ; ps -e -o pidns,pid,ppid,args" env := provider.GetTestEnvironment() - ctx, err := GetNodeDebugPodContext(container.NodeName, &env) + ctx, err := GetNodeProbePodContext(container.NodeName, &env) if err != nil { - return nil, fmt.Errorf("failed to get debug pod's context for container %s: %v", container, err) + return nil, fmt.Errorf("failed to get probe pod's context for container %s: %v", container, err) } stdout, stderr, err := clientsholder.GetClientsHolder().ExecCommandContainer(ctx, command) if err != nil || stderr != "" { - return nil, fmt.Errorf("command %q failed to run in debug pod=%s (node=%s): %v", command, ctx.GetPodName(), container.NodeName, err) + return nil, fmt.Errorf("command %q failed to run in probe pod=%s (node=%s): %v", command, ctx.GetPodName(), container.NodeName, err) } re := regexp.MustCompile(PsRegex) diff --git a/pkg/autodiscover/autodiscover.go b/pkg/autodiscover/autodiscover.go index b764666cc..cbaea1edf 100644 --- a/pkg/autodiscover/autodiscover.go +++ b/pkg/autodiscover/autodiscover.go @@ -58,7 +58,7 @@ type DiscoveredTestData struct { Env configuration.TestParameters Pods []corev1.Pod AllPods []corev1.Pod - DebugPods []corev1.Pod + ProbePods []corev1.Pod CSVToPodListMap map[string][]*corev1.Pod ResourceQuotaItems []corev1.ResourceQuota PodDisruptionBudgets []policyv1.PodDisruptionBudget @@ -160,9 +160,9 @@ func DoAutoDiscover(config *configuration.TestConfiguration) DiscoveredTestData data.Namespaces = namespacesListToStringList(config.TargetNameSpaces) data.Pods, data.AllPods = findPodsByLabels(oc.K8sClient.CoreV1(), podsUnderTestLabelsObjects, data.Namespaces) data.AbnormalEvents = findAbnormalEvents(oc.K8sClient.CoreV1(), data.Namespaces) - debugLabels := []labelObject{{LabelKey: debugHelperPodsLabelName, LabelValue: debugHelperPodsLabelValue}} - debugNS := []string{config.DebugDaemonSetNamespace} - data.DebugPods, _ = findPodsByLabels(oc.K8sClient.CoreV1(), debugLabels, debugNS) + probeLabels := []labelObject{{LabelKey: probeHelperPodsLabelName, LabelValue: probeHelperPodsLabelValue}} + probeNS := []string{config.ProbeDaemonSetNamespace} + data.ProbePods, _ = findPodsByLabels(oc.K8sClient.CoreV1(), probeLabels, probeNS) data.ResourceQuotaItems, err = getResourceQuotas(oc.K8sClient.CoreV1()) if err != nil { log.Fatal("Cannot get resource quotas, err: %v", err) diff --git a/pkg/autodiscover/constants.go b/pkg/autodiscover/constants.go index 324a14150..641f34698 100644 --- a/pkg/autodiscover/constants.go +++ b/pkg/autodiscover/constants.go @@ -16,7 +16,7 @@ package autodiscover const ( - debugHelperPodsLabelName = "redhat-best-practices-for-k8s.com/app" - debugHelperPodsLabelValue = "tnf-debug" + probeHelperPodsLabelName = "redhat-best-practices-for-k8s.com/app" + probeHelperPodsLabelValue = "certsuite-probe" csvNameWithNamespaceFormatStr = "%s, ns=%s" ) diff --git a/pkg/configuration/configuration.go b/pkg/configuration/configuration.go index 0af76def6..ee449c003 100644 --- a/pkg/configuration/configuration.go +++ b/pkg/configuration/configuration.go @@ -19,7 +19,7 @@ package configuration import "time" const ( - defaultDebugDaemonSetNamespace = "cnf-suite" + defaultProbeDaemonSetNamespace = "cnf-suite" ) type SkipHelmChartList struct { @@ -86,7 +86,7 @@ type TestConfiguration struct { SkipScalingTestStatefulSets []SkipScalingTestStatefulSetsInfo `yaml:"skipScalingTestStatefulSets,omitempty" json:"skipScalingTestStatefulSets,omitempty"` ValidProtocolNames []string `yaml:"validProtocolNames,omitempty" json:"validProtocolNames,omitempty"` ServicesIgnoreList []string `yaml:"servicesignorelist,omitempty" json:"servicesignorelist,omitempty"` - DebugDaemonSetNamespace string `yaml:"debugDaemonSetNamespace,omitempty" json:"debugDaemonSetNamespace,omitempty"` + ProbeDaemonSetNamespace string `yaml:"probeDaemonSetNamespace,omitempty" json:"probeDaemonSetNamespace,omitempty"` // Collector's parameters ExecutedBy string `yaml:"executedBy,omitempty" json:"executedBy,omitempty"` PartnerName string `yaml:"partnerName,omitempty" json:"partnerName,omitempty"` diff --git a/pkg/configuration/utils.go b/pkg/configuration/utils.go index 99aa888e0..7c9ef2bb8 100644 --- a/pkg/configuration/utils.go +++ b/pkg/configuration/utils.go @@ -48,12 +48,12 @@ func LoadConfiguration(filePath string) (TestConfiguration, error) { return configuration, err } - // Set default namespace for the debug daemonset pods, in case it was not set. - if configuration.DebugDaemonSetNamespace == "" { - log.Warn("No namespace configured for the debug DaemonSet. Defaulting to namespace %q", defaultDebugDaemonSetNamespace) - configuration.DebugDaemonSetNamespace = defaultDebugDaemonSetNamespace + // Set default namespace for the probe daemonset pods, in case it was not set. + if configuration.ProbeDaemonSetNamespace == "" { + log.Warn("No namespace configured for the probe daemonset. Defaulting to namespace %q", defaultProbeDaemonSetNamespace) + configuration.ProbeDaemonSetNamespace = defaultProbeDaemonSetNamespace } else { - log.Info("Namespace for debug DaemonSet: %s", configuration.DebugDaemonSetNamespace) + log.Info("Namespace for probe daemonset: %s", configuration.ProbeDaemonSetNamespace) } confLoaded = true diff --git a/pkg/diagnostics/diagnostics.go b/pkg/diagnostics/diagnostics.go index 496be6d91..507e3d249 100644 --- a/pkg/diagnostics/diagnostics.go +++ b/pkg/diagnostics/diagnostics.go @@ -58,11 +58,11 @@ func GetCniPlugins() (out map[string][]interface{}) { env := provider.GetTestEnvironment() o := clientsholder.GetClientsHolder() out = make(map[string][]interface{}) - for _, debugPod := range env.DebugPods { - ctx := clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name) + for _, probePod := range env.ProbePods { + ctx := clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name) outStr, errStr, err := o.ExecCommandContainer(ctx, cniPluginsCommand) if err != nil || errStr != "" { - log.Error("Failed to execute command %s in debug pod %s", cniPluginsCommand, debugPod.String()) + log.Error("Failed to execute command %s in probe pod %s", cniPluginsCommand, probePod.String()) continue } decoded := []interface{}{} @@ -71,7 +71,7 @@ func GetCniPlugins() (out map[string][]interface{}) { log.Error("could not decode json file because of: %s", err) continue } - out[debugPod.Spec.NodeName] = decoded + out[probePod.Spec.NodeName] = decoded } return out } @@ -81,40 +81,40 @@ func GetHwInfoAllNodes() (out map[string]NodeHwInfo) { env := provider.GetTestEnvironment() o := clientsholder.GetClientsHolder() out = make(map[string]NodeHwInfo) - for _, debugPod := range env.DebugPods { + for _, probePod := range env.ProbePods { hw := NodeHwInfo{} - lscpu, err := getHWJsonOutput(debugPod, o, lscpuCommand) + lscpu, err := getHWJsonOutput(probePod, o, lscpuCommand) if err != nil { - log.Error("problem getting lscpu for node %s", debugPod.Spec.NodeName) + log.Error("problem getting lscpu for node %s", probePod.Spec.NodeName) } else { var ok bool temp, ok := lscpu.(map[string]interface{}) if !ok { - log.Error("problem casting lscpu field for node %s, lscpu=%v", debugPod.Spec.NodeName, lscpu) + log.Error("problem casting lscpu field for node %s, lscpu=%v", probePod.Spec.NodeName, lscpu) } else { hw.Lscpu = temp["lscpu"] } } - hw.IPconfig, err = getHWJsonOutput(debugPod, o, ipCommand) + hw.IPconfig, err = getHWJsonOutput(probePod, o, ipCommand) if err != nil { - log.Error("problem getting ip config for node %s", debugPod.Spec.NodeName) + log.Error("problem getting ip config for node %s", probePod.Spec.NodeName) } - hw.Lsblk, err = getHWJsonOutput(debugPod, o, lsblkCommand) + hw.Lsblk, err = getHWJsonOutput(probePod, o, lsblkCommand) if err != nil { - log.Error("problem getting lsblk for node %s", debugPod.Spec.NodeName) + log.Error("problem getting lsblk for node %s", probePod.Spec.NodeName) } - hw.Lspci, err = getHWTextOutput(debugPod, o, lspciCommand) + hw.Lspci, err = getHWTextOutput(probePod, o, lspciCommand) if err != nil { - log.Error("problem getting lspci for node %s", debugPod.Spec.NodeName) + log.Error("problem getting lspci for node %s", probePod.Spec.NodeName) } - out[debugPod.Spec.NodeName] = hw + out[probePod.Spec.NodeName] = hw } return out } -// getHWJsonOutput performs a query via debug pod and returns the JSON blob -func getHWJsonOutput(debugPod *corev1.Pod, o clientsholder.Command, cmd string) (out interface{}, err error) { - ctx := clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name) +// getHWJsonOutput performs a query via probe pod and returns the JSON blob +func getHWJsonOutput(probePod *corev1.Pod, o clientsholder.Command, cmd string) (out interface{}, err error) { + ctx := clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name) outStr, errStr, err := o.ExecCommandContainer(ctx, cmd) if err != nil || errStr != "" { return out, fmt.Errorf("command %s failed with error err: %v, stderr: %s", cmd, err, errStr) @@ -127,8 +127,8 @@ func getHWJsonOutput(debugPod *corev1.Pod, o clientsholder.Command, cmd string) } // getHWTextOutput performs a query via debug and returns plaintext lines -func getHWTextOutput(debugPod *corev1.Pod, o clientsholder.Command, cmd string) (out []string, err error) { - ctx := clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name) +func getHWTextOutput(probePod *corev1.Pod, o clientsholder.Command, cmd string) (out []string, err error) { + ctx := clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name) outStr, errStr, err := o.ExecCommandContainer(ctx, cmd) if err != nil || errStr != "" { return out, fmt.Errorf("command %s failed with error err: %v, stderr: %s", lspciCommand, err, errStr) diff --git a/pkg/provider/filters.go b/pkg/provider/filters.go index b36859b1b..4d53999d5 100644 --- a/pkg/provider/filters.go +++ b/pkg/provider/filters.go @@ -145,7 +145,7 @@ func filterDPDKRunningPods(pods []*Pod) []*Pod { findCommand := fmt.Sprintf("%s '%s'", findDeviceSubCommand, pod.MultusPCIs[0]) outStr, errStr, err := o.ExecCommandContainer(ctx, findCommand) if err != nil || errStr != "" { - log.Error("Failed to execute command %s in debug %s, errStr: %s, err: %v", findCommand, pod.String(), errStr, err) + log.Error("Failed to execute command %s in probe %s, errStr: %s, err: %v", findCommand, pod.String(), errStr, err) continue } if strings.Contains(outStr, dpdkDriver) { diff --git a/pkg/provider/nodes.go b/pkg/provider/nodes.go index 49e1fb39d..d5f291b60 100644 --- a/pkg/provider/nodes.go +++ b/pkg/provider/nodes.go @@ -126,10 +126,10 @@ const ( func (node *Node) IsHyperThreadNode(env *TestEnvironment) (bool, error) { o := clientsholder.GetClientsHolder() nodeName := node.Data.Name - ctx := clientsholder.NewContext(env.DebugPods[nodeName].Namespace, env.DebugPods[nodeName].Name, env.DebugPods[nodeName].Spec.Containers[0].Name) + ctx := clientsholder.NewContext(env.ProbePods[nodeName].Namespace, env.ProbePods[nodeName].Name, env.ProbePods[nodeName].Spec.Containers[0].Name) cmdValue, errStr, err := o.ExecCommandContainer(ctx, isHyperThreadCommand) if err != nil || errStr != "" { - return false, fmt.Errorf("cannot execute %s on debug pod %s, err=%s, stderr=%s", isHyperThreadCommand, env.DebugPods[nodeName], err, errStr) + return false, fmt.Errorf("cannot execute %s on probe pod %s, err=%s, stderr=%s", isHyperThreadCommand, env.ProbePods[nodeName], err, errStr) } re := regexp.MustCompile(`Thread\(s\) per core:\s+(\d+)`) match := re.FindStringSubmatch(cmdValue) diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index a45a67f08..b2cfaac45 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -50,8 +50,8 @@ import ( const ( AffinityRequiredKey = "AffinityRequired" containerName = "container-00" - DaemonSetName = "tnf-debug" - debugPodsTimeout = 5 * time.Minute + DaemonSetName = "certsuite-probe" + probePodsTimeout = 5 * time.Minute CniNetworksStatusKey = "k8s.v1.cni.cncf.io/network-status" skipConnectivityTestsLabel = "redhat-best-practices-for-k8s.com/skip_connectivity_tests" skipMultusConnectivityTestsLabel = "redhat-best-practices-for-k8s.com/skip_multus_connectivity_tests" @@ -73,7 +73,7 @@ type TestEnvironment struct { // rename this with testTarget // Pod Groupings Pods []*Pod `json:"testPods"` - DebugPods map[string]*corev1.Pod // map from nodename to debugPod + ProbePods map[string]*corev1.Pod // map from nodename to probePod AllPods []*Pod `json:"AllPods"` CSVToPodListMap map[string][]*Pod `json:"CSVToPodListMap"` @@ -189,7 +189,7 @@ func deployDaemonSet(namespace string) error { matchLabels := make(map[string]string) matchLabels["name"] = DaemonSetName matchLabels["redhat-best-practices-for-k8s.com/app"] = DaemonSetName - _, err := k8sPrivilegedDs.CreateDaemonSet(DaemonSetName, namespace, containerName, dsImage, matchLabels, debugPodsTimeout, + _, err := k8sPrivilegedDs.CreateDaemonSet(DaemonSetName, namespace, containerName, dsImage, matchLabels, probePodsTimeout, configuration.GetTestParameters().DaemonsetCPUReq, configuration.GetTestParameters().DaemonsetCPULim, configuration.GetTestParameters().DaemonsetMemReq, @@ -198,7 +198,7 @@ func deployDaemonSet(namespace string) error { if err != nil { return fmt.Errorf("could not deploy certsuite daemonset, err=%v", err) } - err = k8sPrivilegedDs.WaitDaemonsetReady(namespace, DaemonSetName, debugPodsTimeout) + err = k8sPrivilegedDs.WaitDaemonsetReady(namespace, DaemonSetName, probePodsTimeout) if err != nil { return fmt.Errorf("timed out waiting for certsuite daemonset, err=%v", err) } @@ -217,11 +217,11 @@ func buildTestEnvironment() { //nolint:funlen } log.Debug("CERTSUITE configuration: %+v", config) - // Wait for the debug pods to be ready before the autodiscovery starts. - if err := deployDaemonSet(config.DebugDaemonSetNamespace); err != nil { + // Wait for the probe pods to be ready before the autodiscovery starts. + if err := deployDaemonSet(config.ProbeDaemonSetNamespace); err != nil { log.Error("The TNF daemonset could not be deployed, err: %v", err) // Because of this failure, we are only able to run a certain amount of tests that do not rely - // on the existence of the daemonset debug pods. + // on the existence of the daemonset probe pods. env.DaemonsetFailedToSpawn = true } @@ -266,10 +266,10 @@ func buildTestEnvironment() { //nolint:funlen aNewPod.AllServiceAccountsMap = &env.AllServiceAccountsMap env.AllPods = append(env.AllPods, &aNewPod) } - env.DebugPods = make(map[string]*corev1.Pod) - for i := 0; i < len(data.DebugPods); i++ { - nodeName := data.DebugPods[i].Spec.NodeName - env.DebugPods[nodeName] = &data.DebugPods[i] + env.ProbePods = make(map[string]*corev1.Pod) + for i := 0; i < len(data.ProbePods); i++ { + nodeName := data.ProbePods[i].Spec.NodeName + env.ProbePods[nodeName] = &data.ProbePods[i] } env.CSVToPodListMap = make(map[string][]*Pod) diff --git a/pkg/scheduling/scheduling.go b/pkg/scheduling/scheduling.go index ec5c6c595..5748b131c 100644 --- a/pkg/scheduling/scheduling.go +++ b/pkg/scheduling/scheduling.go @@ -122,16 +122,16 @@ func GetProcessCPUScheduling(pid int, testContainer *provider.Container) (schedu command := fmt.Sprintf("chrt -p %d", pid) env := provider.GetTestEnvironment() - ctx, err := crclient.GetNodeDebugPodContext(testContainer.NodeName, &env) + ctx, err := crclient.GetNodeProbePodContext(testContainer.NodeName, &env) if err != nil { - return "", 0, fmt.Errorf("failed to get debug pod's context for container %s: %v", testContainer, err) + return "", 0, fmt.Errorf("failed to get probe pod's context for container %s: %v", testContainer, err) } ch := clientsholder.GetClientsHolder() stdout, stderr, err := ch.ExecCommandContainer(ctx, command) if err != nil || stderr != "" { - return schedulePolicy, InvalidPriority, fmt.Errorf("command %q failed to run in debug pod %s (node %s): %v (stderr: %v)", + return schedulePolicy, InvalidPriority, fmt.Errorf("command %q failed to run in probe pod %s (node %s): %v (stderr: %v)", command, ctx.GetPodName(), testContainer.NodeName, err, stderr) } diff --git a/pkg/testhelper/testhelper.go b/pkg/testhelper/testhelper.go index 551b17f13..21c4842d7 100644 --- a/pkg/testhelper/testhelper.go +++ b/pkg/testhelper/testhelper.go @@ -151,7 +151,7 @@ const ( SysctlKey = "Sysctl Key" SysctlValue = "Sysctl Value" OSImage = "OS Image" - DebugPodName = "Debug Pod Name" + ProbePodName = "Probe Pod Name" // ICMP tests NetworkName = "Network Name" diff --git a/tests/accesscontrol/suite.go b/tests/accesscontrol/suite.go index 788bf33f3..ba5a0ced5 100644 --- a/tests/accesscontrol/suite.go +++ b/tests/accesscontrol/suite.go @@ -756,12 +756,12 @@ func testOneProcessPerContainer(check *checksdb.Check, env *provider.TestEnviron check.LogInfo("Skipping \"istio-proxy\" container") continue } - debugPod := env.DebugPods[cut.NodeName] - if debugPod == nil { + probePod := env.ProbePods[cut.NodeName] + if probePod == nil { check.LogError("Debug pod not found for node %q", cut.NodeName) return } - ocpContext := clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name) + ocpContext := clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name) pid, err := crclient.GetPidFromContainer(cut, ocpContext) if err != nil { check.LogError("Could not get PID for Container %q, error: %v", cut, err) diff --git a/tests/identifiers/identifiers.go b/tests/identifiers/identifiers.go index f4b912d94..58af39565 100644 --- a/tests/identifiers/identifiers.go +++ b/tests/identifiers/identifiers.go @@ -725,7 +725,7 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { TestICMPv4ConnectivityIdentifier = AddCatalogEntry( "icmpv4-connectivity", common.NetworkingTestKey, - `Checks that each workload Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll + `Checks that each workload Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll `Ensure that the workload is able to communicate via the Default OpenShift network. In some rare cases, workloads may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv4 connectivity tests, add the redhat-best-practices-for-k8s.com/skip_connectivity_tests label to it. The label value is trivial, only its presence.`, //nolint:lll `No exceptions - must be able to communicate on default network using IPv4`, TestICMPv4ConnectivityIdentifierDocLink, @@ -741,7 +741,7 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { TestICMPv6ConnectivityIdentifier = AddCatalogEntry( "icmpv6-connectivity", common.NetworkingTestKey, - `Checks that each workload Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll + `Checks that each workload Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll ICMPv6ConnectivityRemediation, NoDocumentedProcess, TestICMPv6ConnectivityIdentifierDocLink, @@ -757,7 +757,7 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { TestICMPv4ConnectivityMultusIdentifier = AddCatalogEntry( "icmpv4-connectivity-multus", common.NetworkingTestKey, - `Checks that each workload Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll + `Checks that each workload Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll ICMPv4ConnectivityMultusRemediation, NoDocumentedProcess, TestICMPv4ConnectivityMultusIdentifierDocLink, @@ -773,7 +773,7 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { TestICMPv6ConnectivityMultusIdentifier = AddCatalogEntry( "icmpv6-connectivity-multus", common.NetworkingTestKey, - `Checks that each workload Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll + `Checks that each workload Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the probe daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped.`, //nolint:lll ICMPv6ConnectivityMultusRemediation+` Not applicable if IPv6/MULTUS is not supported.`, NoDocumentedProcess, TestICMPv6ConnectivityMultusIdentifierDocLink, @@ -789,7 +789,7 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { TestServiceDualStackIdentifier = AddCatalogEntry( "dual-stack-service", common.NetworkingTestKey, - `Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the debug daemonset.`, + `Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the probe daemonset.`, TestServiceDualStackRemediation, NoExceptionProcessForExtendedTests, TestServiceDualStackIdentifierDocLink, diff --git a/tests/platform/bootparams/bootparams.go b/tests/platform/bootparams/bootparams.go index dcdee6497..46644d886 100644 --- a/tests/platform/bootparams/bootparams.go +++ b/tests/platform/bootparams/bootparams.go @@ -32,9 +32,9 @@ const ( ) func TestBootParamsHelper(env *provider.TestEnvironment, cut *provider.Container, logger *log.Logger) error { - debugPod := env.DebugPods[cut.NodeName] - if debugPod == nil { - return fmt.Errorf("debug pod for container %s not found on node %s", cut, cut.NodeName) + probePod := env.ProbePods[cut.NodeName] + if probePod == nil { + return fmt.Errorf("probe pod for container %s not found on node %s", cut, cut.NodeName) } mcKernelArgumentsMap := GetMcKernelArguments(env, cut.NodeName) currentKernelArgsMap, err := getCurrentKernelCmdlineArgs(env, cut.NodeName) @@ -73,10 +73,10 @@ func GetMcKernelArguments(env *provider.TestEnvironment, nodeName string) (aMap func getGrubKernelArgs(env *provider.TestEnvironment, nodeName string) (aMap map[string]string, err error) { o := clientsholder.GetClientsHolder() - ctx := clientsholder.NewContext(env.DebugPods[nodeName].Namespace, env.DebugPods[nodeName].Name, env.DebugPods[nodeName].Spec.Containers[0].Name) + ctx := clientsholder.NewContext(env.ProbePods[nodeName].Namespace, env.ProbePods[nodeName].Name, env.ProbePods[nodeName].Spec.Containers[0].Name) bootConfig, errStr, err := o.ExecCommandContainer(ctx, grubKernelArgsCommand) if err != nil || errStr != "" { - return aMap, fmt.Errorf("cannot execute %s on debug pod %s, err=%s, stderr=%s", grubKernelArgsCommand, env.DebugPods[nodeName], err, errStr) + return aMap, fmt.Errorf("cannot execute %s on probe pod %s, err=%s, stderr=%s", grubKernelArgsCommand, env.ProbePods[nodeName], err, errStr) } splitBootConfig := strings.Split(bootConfig, "\n") @@ -94,10 +94,10 @@ func getGrubKernelArgs(env *provider.TestEnvironment, nodeName string) (aMap map func getCurrentKernelCmdlineArgs(env *provider.TestEnvironment, nodeName string) (aMap map[string]string, err error) { o := clientsholder.GetClientsHolder() - ctx := clientsholder.NewContext(env.DebugPods[nodeName].Namespace, env.DebugPods[nodeName].Name, env.DebugPods[nodeName].Spec.Containers[0].Name) + ctx := clientsholder.NewContext(env.ProbePods[nodeName].Namespace, env.ProbePods[nodeName].Name, env.ProbePods[nodeName].Spec.Containers[0].Name) currentKernelCmdlineArgs, errStr, err := o.ExecCommandContainer(ctx, kernelArgscommand) if err != nil || errStr != "" { - return aMap, fmt.Errorf("cannot execute %s on debug pod container %s, err=%s, stderr=%s", grubKernelArgsCommand, env.DebugPods[nodeName].Name, err, errStr) + return aMap, fmt.Errorf("cannot execute %s on probe pod container %s, err=%s, stderr=%s", grubKernelArgsCommand, env.ProbePods[nodeName].Name, err, errStr) } currentSplitKernelCmdlineArgs := strings.Split(strings.TrimSuffix(currentKernelCmdlineArgs, "\n"), " ") return arrayhelper.ArgListToMap(currentSplitKernelCmdlineArgs), nil diff --git a/tests/platform/cnffsdiff/fsdiff.go b/tests/platform/cnffsdiff/fsdiff.go index ac820ead2..cc53a03aa 100644 --- a/tests/platform/cnffsdiff/fsdiff.go +++ b/tests/platform/cnffsdiff/fsdiff.go @@ -96,7 +96,7 @@ func NewFsDiffTester(check *checksdb.Check, client clientsholder.Command, ctxt c } // Helper function that is used to check whether we should use the podman that comes preinstalled -// on each ocp node or the one that we've (custom) precompiled inside the debug pods that can only work in +// on each ocp node or the one that we've (custom) precompiled inside the probe pods that can only work in // RHEL 8.x based ocp versions (4.12.z and lower). For ocp >= 4.13.0 this workaround should not be // necessary. func shouldUseCustomPodman(check *checksdb.Check, ocpVersion string) bool { @@ -195,7 +195,7 @@ func (f *FsDiff) GetResults() int { return f.result } -// Generic helper function to execute a command inside the corresponding debug pod of the +// Generic helper function to execute a command inside the corresponding probe pod of the // container under test. Whatever output in stdout or stderr is considered a failure, so it will // return the concatenation of the given errorStr with those stdout, stderr and the error string. func (f *FsDiff) execCommandContainer(cmd, errorStr string) error { @@ -217,12 +217,12 @@ func (f *FsDiff) deleteNodeFolder() error { fmt.Sprintf("failed or unexpected output when deleting folder %s.", nodeTmpMountFolder)) } -func (f *FsDiff) mountDebugPartnerPodmanFolder() error { +func (f *FsDiff) mountProbePodmanFolder() error { return f.execCommandContainer(fmt.Sprintf("mount --bind %s %s", partnerPodmanFolder, nodeTmpMountFolder), fmt.Sprintf("failed or unexpected output when mounting %s into %s.", partnerPodmanFolder, nodeTmpMountFolder)) } -func (f *FsDiff) unmountDebugPartnerPodmanFolder() error { +func (f *FsDiff) unmountProbePodmanFolder() error { return f.execCommandContainer(fmt.Sprintf("umount %s", nodeTmpMountFolder), fmt.Sprintf("failed or unexpected output when unmounting %s.", nodeTmpMountFolder)) } @@ -234,9 +234,9 @@ func (f *FsDiff) installCustomPodman() error { return err } - // Mount podman from partner debug pod into /host/tmp/... + // Mount podman from partner probe pod into /host/tmp/... f.check.LogInfo("Mounting %s into %s", partnerPodmanFolder, nodeTmpMountFolder) - if mountErr := f.mountDebugPartnerPodmanFolder(); mountErr != nil { + if mountErr := f.mountProbePodmanFolder(); mountErr != nil { // We need to delete the temp folder previously created as mount point. if deleteErr := f.deleteNodeFolder(); deleteErr != nil { return fmt.Errorf("failed to mount folder %s: %s, failed to delete %s: %s", @@ -252,7 +252,7 @@ func (f *FsDiff) installCustomPodman() error { func (f *FsDiff) unmountCustomPodman() { // Unmount podman folder from host. f.check.LogInfo("Unmounting folder %s", nodeTmpMountFolder) - if err := f.unmountDebugPartnerPodmanFolder(); err != nil { + if err := f.unmountProbePodmanFolder(); err != nil { // Here, there's no point on trying to remove the temp folder used as mount point, as // that probably will not work either. f.Error = err diff --git a/tests/platform/hugepages/hugepages.go b/tests/platform/hugepages/hugepages.go index 8239c1b4f..49faa569b 100644 --- a/tests/platform/hugepages/hugepages.go +++ b/tests/platform/hugepages/hugepages.go @@ -76,11 +76,11 @@ func hugepageSizeToInt(s string) int { return num } -func NewTester(node *provider.Node, debugPod *corev1.Pod, commander clientsholder.Command) (*Tester, error) { +func NewTester(node *provider.Node, probePod *corev1.Pod, commander clientsholder.Command) (*Tester, error) { tester := &Tester{ node: node, commander: commander, - context: clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name), + context: clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name), } log.Info("Getting node %s numa's hugepages values.", node.Data.Name) @@ -209,7 +209,7 @@ func (tester *Tester) TestNodeHugepagesWithKernelArgs() (bool, error) { // getNodeNumaHugePages gets the actual node's hugepages config based on /sys/devices/system/node/nodeX files. func (tester *Tester) getNodeNumaHugePages() (hugepages hugepagesByNuma, err error) { - // This command must run inside the node, so we'll need the node's context to run commands inside the debug daemonset pod. + // This command must run inside the node, so we'll need the node's context to run commands inside the probe daemonset pod. stdout, stderr, err := tester.commander.ExecCommandContainer(tester.context, cmd) log.Debug("getNodeNumaHugePages stdout: %s, stderr: %s", stdout, stderr) if err != nil { diff --git a/tests/platform/hugepages/hugepages_test.go b/tests/platform/hugepages/hugepages_test.go index e2432f28d..b9410fe8a 100644 --- a/tests/platform/hugepages/hugepages_test.go +++ b/tests/platform/hugepages/hugepages_test.go @@ -149,7 +149,7 @@ func (client *fakeK8sClient) ExecCommandContainer(_ clientsholder.Context, _ str func TestPositiveMachineConfigSystemdHugepages(t *testing.T) { // helper pod, so the hugepages struct does not crash when accessing the debug container. - fakeDebugPod := &corev1.Pod{ + fakeProbePod := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{Name: "pod1", Namespace: "ns1"}, Spec: corev1.PodSpec{Containers: []corev1.Container{{Name: "container1"}}}, } @@ -305,7 +305,7 @@ func TestPositiveMachineConfigSystemdHugepages(t *testing.T) { Data: &corev1.Node{ObjectMeta: metav1.ObjectMeta{Name: "node1", Namespace: "ns1"}}, Mc: getMcFromUnits(tc.mcUnits), }, - fakeDebugPod, + fakeProbePod, &client, ) @@ -315,7 +315,7 @@ func TestPositiveMachineConfigSystemdHugepages(t *testing.T) { func TestNegativeMachineConfigSystemdHugepages(t *testing.T) { // helper pod, so the hugepages struct does not crash when accessing the debug container. - fakeDebugPod := &corev1.Pod{ + fakeProbePod := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{Name: "pod1", Namespace: "ns1"}, Spec: corev1.PodSpec{Containers: []corev1.Container{{Name: "container1"}}}, } @@ -476,7 +476,7 @@ func TestNegativeMachineConfigSystemdHugepages(t *testing.T) { Data: &corev1.Node{ObjectMeta: metav1.ObjectMeta{Name: "node1", Namespace: "ns1"}}, Mc: getMcFromUnits(tc.mcUnits), }, - fakeDebugPod, + fakeProbePod, &client, ) @@ -486,7 +486,7 @@ func TestNegativeMachineConfigSystemdHugepages(t *testing.T) { func TestPositiveMachineConfigKernelArgsHugepages(t *testing.T) { // helper pod, so the hugepages test will not crash when accessing the debug container. - fakeDebugPod := &corev1.Pod{ + fakeProbePod := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{Name: "pod1", Namespace: "ns1"}, Spec: corev1.PodSpec{Containers: []corev1.Container{{Name: "container1"}}}, } @@ -598,7 +598,7 @@ func TestPositiveMachineConfigKernelArgsHugepages(t *testing.T) { &provider.Node{ Data: &corev1.Node{ObjectMeta: metav1.ObjectMeta{Name: "node1", Namespace: "ns1"}}, Mc: getMcFromKernelArgs(tc.mcKernelArgs)}, - fakeDebugPod, + fakeProbePod, &client, ) @@ -608,7 +608,7 @@ func TestPositiveMachineConfigKernelArgsHugepages(t *testing.T) { func TestNegativeMachineConfigKernelArgsHugepages(t *testing.T) { // helper pod, so the hugepages test will not crash when accessing the debug container. - fakeDebugPod := &corev1.Pod{ + fakeProbePod := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{Name: "pod1", Namespace: "ns1"}, Spec: corev1.PodSpec{Containers: []corev1.Container{{Name: "container1"}}}, } @@ -695,7 +695,7 @@ func TestNegativeMachineConfigKernelArgsHugepages(t *testing.T) { &provider.Node{ Data: &corev1.Node{ObjectMeta: metav1.ObjectMeta{Name: "node1", Namespace: "ns1"}}, Mc: getMcFromKernelArgs(tc.mcKernelArgs)}, - fakeDebugPod, + fakeProbePod, &client, ) diff --git a/tests/platform/suite.go b/tests/platform/suite.go index f87d31e74..d52877564 100644 --- a/tests/platform/suite.go +++ b/tests/platform/suite.go @@ -219,9 +219,9 @@ func testContainersFsDiff(check *checksdb.Check, env *provider.TestEnvironment) var nonCompliantObjects []*testhelper.ReportObject for _, cut := range env.Containers { check.LogInfo("Testing Container %q", cut) - debugPod := env.DebugPods[cut.NodeName] + probePod := env.ProbePods[cut.NodeName] - ctxt := clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name) + ctxt := clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name) fsDiffTester := cnffsdiff.NewFsDiffTester(check, clientsholder.GetClientsHolder(), ctxt, env.OpenshiftVersion) fsDiffTester.RunTest(cut.UID) switch fsDiffTester.GetResults() { @@ -269,7 +269,7 @@ func testTainted(check *checksdb.Check, env *provider.TestEnvironment) { allowListedModules[module.Module] = true } - // Loop through the debug pods that are tied to each node. + // Loop through the probe pods that are tied to each node. for _, n := range env.Nodes { nodeName := n.Data.Name check.LogInfo("Testing node %q", nodeName) @@ -280,7 +280,7 @@ func testTainted(check *checksdb.Check, env *provider.TestEnvironment) { continue } - dp := env.DebugPods[nodeName] + dp := env.ProbePods[nodeName] ocpContext := clientsholder.NewContext(dp.Namespace, dp.Name, dp.Spec.Containers[0].Name) tf := nodetainted.NewNodeTaintedTester(&ocpContext, nodeName) @@ -412,22 +412,22 @@ func testIsSELinuxEnforcing(check *checksdb.Check, env *provider.TestEnvironment o := clientsholder.GetClientsHolder() nodesFailed := 0 nodesError := 0 - for _, debugPod := range env.DebugPods { - ctx := clientsholder.NewContext(debugPod.Namespace, debugPod.Name, debugPod.Spec.Containers[0].Name) + for _, probePod := range env.ProbePods { + ctx := clientsholder.NewContext(probePod.Namespace, probePod.Name, probePod.Spec.Containers[0].Name) outStr, errStr, err := o.ExecCommandContainer(ctx, getenforceCommand) if err != nil || errStr != "" { - check.LogError("Could not execute command %q in Debug Pod %q, errStr: %q, err: %v", getenforceCommand, debugPod, errStr, err) - nonCompliantObjects = append(nonCompliantObjects, testhelper.NewPodReportObject(debugPod.Namespace, debugPod.Name, "Failed to execute command", false)) + check.LogError("Could not execute command %q in Probe Pod %q, errStr: %q, err: %v", getenforceCommand, probePod, errStr, err) + nonCompliantObjects = append(nonCompliantObjects, testhelper.NewPodReportObject(probePod.Namespace, probePod.Name, "Failed to execute command", false)) nodesError++ continue } if outStr != enforcingString { - check.LogError("Node %q is not running SELinux, %s command returned: %s", debugPod.Spec.NodeName, getenforceCommand, outStr) - nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(debugPod.Spec.NodeName, "SELinux is not enforced", false)) + check.LogError("Node %q is not running SELinux, %s command returned: %s", probePod.Spec.NodeName, getenforceCommand, outStr) + nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(probePod.Spec.NodeName, "SELinux is not enforced", false)) nodesFailed++ } else { - check.LogInfo("Node %q is running SELinux", debugPod.Spec.NodeName) - compliantObjects = append(compliantObjects, testhelper.NewNodeReportObject(debugPod.Spec.NodeName, "SELinux is enforced", true)) + check.LogInfo("Node %q is running SELinux", probePod.Spec.NodeName) + compliantObjects = append(compliantObjects, testhelper.NewNodeReportObject(probePod.Spec.NodeName, "SELinux is enforced", true)) } } @@ -447,14 +447,14 @@ func testHugepages(check *checksdb.Check, env *provider.TestEnvironment) { continue } - debugPod, exist := env.DebugPods[nodeName] + probePod, exist := env.ProbePods[nodeName] if !exist { - check.LogError("Could not find a Debug Pod in node %q.", nodeName) - nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(nodeName, "tnf debug pod not found", false)) + check.LogError("Could not find a Probe Pod in node %q.", nodeName) + nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(nodeName, "tnf probe pod not found", false)) continue } - hpTester, err := hugepages.NewTester(&node, debugPod, clientsholder.GetClientsHolder()) + hpTester, err := hugepages.NewTester(&node, probePod, clientsholder.GetClientsHolder()) if err != nil { check.LogError("Unable to get node hugepages tester for node %q, err: %v", nodeName, err) nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(nodeName, "Unable to get node hugepages tester", false)) @@ -488,11 +488,11 @@ func testUnalteredBootParams(check *checksdb.Check, env *provider.TestEnvironmen if err != nil { check.LogError("Node %q failed the boot params check", cut.NodeName) nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(cut.NodeName, "Failed the boot params check", false). - AddField(testhelper.DebugPodName, env.DebugPods[cut.NodeName].Name)) + AddField(testhelper.ProbePodName, env.ProbePods[cut.NodeName].Name)) } else { check.LogInfo("Node %q passed the boot params check", cut.NodeName) compliantObjects = append(compliantObjects, testhelper.NewNodeReportObject(cut.NodeName, "Passed the boot params check", true). - AddField(testhelper.DebugPodName, env.DebugPods[cut.NodeName].Name)) + AddField(testhelper.ProbePodName, env.ProbePods[cut.NodeName].Name)) } } @@ -510,10 +510,10 @@ func testSysctlConfigs(check *checksdb.Check, env *provider.TestEnvironment) { continue } alreadyCheckedNodes[cut.NodeName] = true - debugPod := env.DebugPods[cut.NodeName] - if debugPod == nil { - check.LogError("Debug Pod not found for node %q", cut.NodeName) - nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(cut.NodeName, "tnf debug pod not found", false)) + probePod := env.ProbePods[cut.NodeName] + if probePod == nil { + check.LogError("Probe Pod not found for node %q", cut.NodeName) + nonCompliantObjects = append(nonCompliantObjects, testhelper.NewNodeReportObject(cut.NodeName, "tnf probe pod not found", false)) continue } diff --git a/tests/platform/sysctlconfig/sysctlconfig.go b/tests/platform/sysctlconfig/sysctlconfig.go index e46e0cfc6..ed122530f 100644 --- a/tests/platform/sysctlconfig/sysctlconfig.go +++ b/tests/platform/sysctlconfig/sysctlconfig.go @@ -52,12 +52,12 @@ func GetSysctlSettings(env *provider.TestEnvironment, nodeName string) (map[stri ) o := clientsholder.GetClientsHolder() - ctx := clientsholder.NewContext(env.DebugPods[nodeName].Namespace, env.DebugPods[nodeName].Name, env.DebugPods[nodeName].Spec.Containers[0].Name) + ctx := clientsholder.NewContext(env.ProbePods[nodeName].Namespace, env.ProbePods[nodeName].Name, env.ProbePods[nodeName].Spec.Containers[0].Name) outStr, errStr, err := o.ExecCommandContainer(ctx, sysctlCommand) if err != nil || errStr != "" { - return nil, fmt.Errorf("failed to execute command %s in debug pod %s, err=%s, stderr=%s", sysctlCommand, - env.DebugPods[nodeName], err, errStr) + return nil, fmt.Errorf("failed to execute command %s in probe pod %s, err=%s, stderr=%s", sysctlCommand, + env.ProbePods[nodeName], err, errStr) } return parseSysctlSystemOutput(outStr), nil diff --git a/webserver/index.html b/webserver/index.html index 3934e2bd7..3a2f71892 100644 --- a/webserver/index.html +++ b/webserver/index.html @@ -287,8 +287,8 @@

CNF Certification Test

Add ValidProtocolNames
Remove ValidProtocolNames - - + + diff --git a/webserver/index.js b/webserver/index.js index 01f3706b8..07c4640c6 100644 --- a/webserver/index.js +++ b/webserver/index.js @@ -168,10 +168,10 @@ function renderResults() { fillData(yamlGlobal.skipScalingTestDeployments, '#skipScalingTestDeploymentsadd', 'skipScalingTestDeployments', 'name', 'namespace') fillData(yamlGlobal.skipScalingTestStatefulsets, '#skipScalingTestStatefulsetsadd', 'skipScalingTestStatefulsets', 'name', 'namespace') fillData(yamlGlobal.targetCrdFilters, '#targetCrdFiltersadd', 'targetCrdFilters', 'nameSuffix', 'scalable') - if (yamlGlobal.DebugDaemonSetNamespace) { - document.getElementById('DebugDaemonSetNamespace').value = yamlGlobal.DebugDaemonSetNamespace; + if (yamlGlobal.ProbeDaemonSetNamespace) { + document.getElementById('ProbeDaemonSetNamespace').value = yamlGlobal.ProbeDaemonSetNamespace; } - if (yamlGlobal.DebugDaemonSetNamespace) { + if (yamlGlobal.ProbeDaemonSetNamespace) { document.getElementById('CollectorAppEndPoint').value = yamlGlobal.collectorAppEndPoint; } if (yamlGlobal.executedBy) { diff --git a/webserver/webserver.go b/webserver/webserver.go index 47367739f..12c321541 100644 --- a/webserver/webserver.go +++ b/webserver/webserver.go @@ -111,7 +111,7 @@ type RequestedData struct { SkipHelmChartList []string `json:"skipHelmChartList"` Servicesignorelist []string `json:"servicesignorelist"` ValidProtocolNames []string `json:"ValidProtocolNames"` - DebugDaemonSetNamespace []string `json:"DebugDaemonSetNamespace"` + ProbeDaemonSetNamespace []string `json:"ProbeDaemonSetNamespace"` CollectorAppEndPoint []string `json:"CollectorAppEndPoint"` ExecutedBy []string `json:"executedBy"` CollectorAppPassword []string `json:"CollectorAppPassword"` @@ -400,8 +400,8 @@ func updateTnf(tnfConfig []byte, data *RequestedData) []byte { if len(data.PartnerName) > 0 { config.PartnerName = data.PartnerName[0] } - if len(data.DebugDaemonSetNamespace) > 0 { - config.DebugDaemonSetNamespace = data.DebugDaemonSetNamespace[0] + if len(data.ProbeDaemonSetNamespace) > 0 { + config.ProbeDaemonSetNamespace = data.ProbeDaemonSetNamespace[0] } // Serialize the modified config back to YAML format