From dd602b0992de561a26d353483f389052f73a4226 Mon Sep 17 00:00:00 2001 From: Anastasios Papagiannis Date: Fri, 14 Jun 2024 10:20:05 +0000 Subject: [PATCH] [ci/e2e] Uninstall Tetragon after each e2e test In the case of Kind e2e tests we create a new kind cluster for each test (which is inside docker), install cilium, tetragon, and tracing policies. At the end of each test, we used to just destroy the kind cluster. But the issue here is that eBPF programs are not removed from the host. This commit uninstalls tetragon explicitly to remove all eBPF programs and avoid interference between e2e tests. This does not seem to be an issue when creating a kind cluster locally, installing Tetragon and then deleting the kind cluster without unistalling Tetragon. In that case, all programs seems to be removed. This seems to be only an issue related to kind + lvh + e2e framework and not on real production clusters. Signed-off-by: Anastasios Papagiannis --- tests/e2e/install/tetragon/tetragon.go | 45 ++++++++++++++++++++++++++ tests/e2e/runners/runners.go | 6 ++++ 2 files changed, 51 insertions(+) diff --git a/tests/e2e/install/tetragon/tetragon.go b/tests/e2e/install/tetragon/tetragon.go index abd3412874b..77425b9aec3 100644 --- a/tests/e2e/install/tetragon/tetragon.go +++ b/tests/e2e/install/tetragon/tetragon.go @@ -87,6 +87,49 @@ func processOpts(opts ...Option) *flags.HelmOptions { return &defaultOpts } +func Uninstall(opts ...Option) env.Func { + return func(ctx context.Context, cfg *envconf.Config) (context.Context, error) { + o := processOpts(opts...) + klog.InfoS("Uninstalling Tetragon...", "opts", o) + + manager := helm.New(cfg.KubeconfigFile()) + + klog.InfoS("Uninstalling Tetragon...", "namespace", o.Namespace, "daemonset", o.DaemonSetName) + + helmOpts := []helm.Option{ + helm.WithName(o.DaemonSetName), + helm.WithNamespace(o.Namespace), + helm.WithWait(), + } + + if err := manager.RunUninstall(helmOpts...); err != nil { + return ctx, fmt.Errorf("failed to uninstall via helm chart: %w", err) + } + + if o.Wait { + client, err := cfg.NewClient() + if err != nil { + return ctx, err + } + r := client.Resources(o.Namespace) + + ds := v1.DaemonSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: o.DaemonSetName, + Namespace: o.Namespace, + }, + } + + // Wait for Tetragon daemon set to be ready + klog.Info("Waiting for Tetragon DaemonSet to be removed...") + wait.For(conditions.New(r).ResourceDeleted(&ds)) + klog.Info("Tetragon DaemonSet is removed!") + } + + return context.WithValue(ctx, state.InstallOpts, o), nil + } +} + func Install(opts ...Option) env.Func { return func(ctx context.Context, cfg *envconf.Config) (context.Context, error) { o := processOpts(opts...) @@ -170,6 +213,8 @@ func Install(opts ...Option) env.Func { helmArgs.WriteString(" --install") + klog.InfoS("Installing Tetragon...", "namespace", o.Namespace, "daemonset", o.DaemonSetName) + helmOpts := []helm.Option{ helm.WithName(o.DaemonSetName), helm.WithNamespace(o.Namespace), diff --git a/tests/e2e/runners/runners.go b/tests/e2e/runners/runners.go index 411b26e0ae7..1a2c77e3f8f 100644 --- a/tests/e2e/runners/runners.go +++ b/tests/e2e/runners/runners.go @@ -38,6 +38,7 @@ type Runner struct { setupCluster SetupClusterFunc installCilium env.Func installTetragon env.Func + uninstallTetragon env.Func tetragonPortForward PortForwardFunc hasCalledInit bool keepExportFiles bool @@ -65,6 +66,7 @@ var DefaultRunner = Runner{ "tetragon.exportAllowList": "", "tetragon.enablePolicyFilter": "true", })), + uninstallTetragon: tetragon.Uninstall(tetragon.WithHelmOptions(map[string]string{})), tetragonPortForward: func(testenv env.Environment) env.Func { return helpers.PortForwardTetragonPods(testenv) }, @@ -205,6 +207,10 @@ func (r *Runner) Init() *Runner { r.Setup(r.tetragonPortForward(r.Environment)) } + if r.uninstallTetragon != nil { + r.Finish(r.uninstallTetragon) + } + return r }