diff --git a/tasks/gointegrationtest.py b/tasks/gointegrationtest.py index b4b051c13c669b..4e76d4f8bd12ca 100644 --- a/tasks/gointegrationtest.py +++ b/tasks/gointegrationtest.py @@ -41,7 +41,6 @@ class IntegrationTestsConfig: IntegrationTest(prefix="./test/integration/config_providers/..."), IntegrationTest(prefix="./test/integration/corechecks/..."), IntegrationTest(prefix="./test/integration/listeners/..."), - IntegrationTest(prefix="./test/integration/util/kubelet/..."), ], is_windows_supported=False, ) @@ -66,7 +65,6 @@ class IntegrationTestsConfig: name="Cluster Agent", go_build_tags=get_default_build_tags(build="cluster-agent") + ["docker", "test"], tests=[ - IntegrationTest(prefix="./test/integration/util/kube_apiserver"), IntegrationTest(prefix="./test/integration/util/leaderelection"), ], is_windows_supported=False, diff --git a/test/integration/util/kube_apiserver/apiserver_test.go b/test/integration/util/kube_apiserver/apiserver_test.go deleted file mode 100644 index 784fdf60724672..00000000000000 --- a/test/integration/util/kube_apiserver/apiserver_test.go +++ /dev/null @@ -1,204 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2017-present Datadog, Inc. - -//go:build docker && kubeapiserver - -package kubernetes - -import ( - "context" - "fmt" - "os" - "path/filepath" - "testing" - "time" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - log "github.com/cihub/seelog" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" - - "github.com/DataDog/datadog-agent/pkg/config/env" - configmock "github.com/DataDog/datadog-agent/pkg/config/mock" - "github.com/DataDog/datadog-agent/pkg/util/kubernetes" - "github.com/DataDog/datadog-agent/pkg/util/kubernetes/apiserver" - "github.com/DataDog/datadog-agent/pkg/util/kubernetes/clustername" -) - -const ( - setupTimeout = 10 * time.Second -) - -type testSuite struct { - suite.Suite - apiClient *apiserver.APIClient - kubeConfigPath string -} - -func TestSuiteKube(t *testing.T) { - mockConfig := configmock.New(t) - s := &testSuite{} - - // Env detection - env.SetFeatures(t, env.Kubernetes) - - // Start compose stack - compose, err := initAPIServerCompose() - require.Nil(t, err) - output, err := compose.Start() - defer compose.Stop() - t.Logf("error: %v", err) - require.Nil(t, err, string(output)) - - // Init apiclient - pwd, err := os.Getwd() - require.Nil(t, err) - s.kubeConfigPath = filepath.Join(pwd, "testdata", "kubeconfig.json") - mockConfig.SetWithoutSource("kubernetes_kubeconfig_path", s.kubeConfigPath) - _, err = os.Stat(s.kubeConfigPath) - require.Nil(t, err, fmt.Sprintf("%v", err)) - - suite.Run(t, s) -} - -func (suite *testSuite) SetupTest() { - var err error - resVer := "" - eventReadTimeout := int64(1) - lastList := time.Now() - tick := time.NewTicker(time.Millisecond * 100) - timeout := time.NewTicker(setupTimeout) - for { - select { - case <-timeout.C: - require.FailNow(suite.T(), "timeout after %s", setupTimeout.String()) - - case <-tick.C: - suite.apiClient, err = apiserver.GetAPIClient() - if err != nil { - log.Debugf("cannot init: %s", err) - continue - } - // Confirm that we can query the kube-apiserver's resources - log.Debugf("trying to get LatestEvents") - _, resVer, _, err := suite.apiClient.RunEventCollection(resVer, lastList, eventReadTimeout, 100, 300, "") - if err == nil { - log.Debugf("successfully get LatestEvents: %s", resVer) - return - } - log.Debugf("cannot get LatestEvents: %s", err) - } - } -} - -func (suite *testSuite) TestKubeEvents() { - mockConfig := configmock.New(suite.T()) - resVer := "" - eventReadTimeout := int64(1) - lastList := time.Now() - - // Init own client to write the events - mockConfig.SetWithoutSource("kubernetes_kubeconfig_path", suite.kubeConfigPath) - c, err := apiserver.GetAPIClient() - - require.NoError(suite.T(), err) - - core := c.Cl.CoreV1() - require.NotNil(suite.T(), core) - - // Ignore potential startup events - _, resVer, lastList, err = suite.apiClient.RunEventCollection(resVer, lastList, eventReadTimeout, 100, 300, "") - require.NoError(suite.T(), err) - - // Create started event - testReference := createObjectReference("default", "integration_test", "event_test") - startedEvent := createEvent("default", "test_started", "started", *testReference) - _, err = core.Events("default").Create(context.TODO(), startedEvent, v1.CreateOptions{}) - require.NoError(suite.T(), err) - - // Test we get the new started event - added, resVer, lastList, err := suite.apiClient.RunEventCollection(resVer, lastList, eventReadTimeout, 100, 300, "") - require.NoError(suite.T(), err) - assert.Len(suite.T(), added, 1) - assert.Equal(suite.T(), "started", added[0].Reason) - - // Create tick event - tickEvent := createEvent("default", "test_tick", "tick", *testReference) - _, err = core.Events("default").Create(context.TODO(), tickEvent, v1.CreateOptions{}) - require.NoError(suite.T(), err) - - // Test we get the new tick event - added, resVer, lastList, err = suite.apiClient.RunEventCollection(resVer, lastList, eventReadTimeout, 100, 300, "") - require.NoError(suite.T(), err) - assert.Len(suite.T(), added, 1) - assert.Equal(suite.T(), "tick", added[0].Reason) - - // Update tick event - pointer2 := int32(2) - tickEvent2 := added[0] - tickEvent2.Count = pointer2 - tickEvent3, err := core.Events("default").Update(context.TODO(), tickEvent2, v1.UpdateOptions{}) - require.NoError(suite.T(), err) - - // Update tick event a second time - pointer3 := int32(3) - tickEvent3.Count = pointer3 - _, err = core.Events("default").Update(context.TODO(), tickEvent3, v1.UpdateOptions{}) - require.NoError(suite.T(), err) - - // Test we get the two modified test events - added, resVer, lastList, err = suite.apiClient.RunEventCollection(resVer, lastList, eventReadTimeout, 100, 300, "") - require.NoError(suite.T(), err) - assert.Len(suite.T(), added, 2) - assert.Equal(suite.T(), "tick", added[0].Reason) - assert.EqualValues(suite.T(), 2, added[0].Count) - assert.Equal(suite.T(), "tick", added[1].Reason) - assert.EqualValues(suite.T(), 3, added[1].Count) - - // We should get nothing new now - added, resVer, lastList, err = suite.apiClient.RunEventCollection(resVer, lastList, eventReadTimeout, 100, 300, "") - require.NoError(suite.T(), err) - assert.Len(suite.T(), added, 0) -} - -func (suite *testSuite) TestHostnameProvider() { - ctx := context.Background() - mockConfig := configmock.New(suite.T()) - - // Init own client to write the events - mockConfig.SetWithoutSource("kubernetes_kubeconfig_path", suite.kubeConfigPath) - c, err := apiserver.GetAPIClient() - - require.NoError(suite.T(), err) - - core := c.Cl.CoreV1() - require.NotNil(suite.T(), core) - - // Create a dummy pod - myHostname, err := os.Hostname() - require.NoError(suite.T(), err) - dummyPod := createPodOnNode("default", myHostname, "target.host") - - // Register it in the apiserver - _, err = core.Pods("default").Create(ctx, dummyPod, v1.CreateOptions{}) - require.NoError(suite.T(), err) - defer core.Pods("default").Delete(ctx, myHostname, v1.DeleteOptions{}) - - // Hostname provider should return the expected value - foundHost, err := kubernetes.GetKubeAPIServerHostname(ctx) - assert.Equal(suite.T(), "target.host", foundHost) - - // Testing hostname when a cluster name is set - testClusterName := "laika" - mockConfig.SetWithoutSource("cluster_name", testClusterName) - clustername.ResetClusterName() - defer mockConfig.SetWithoutSource("cluster_name", "") - defer clustername.ResetClusterName() - - foundHost, err = kubernetes.GetKubeAPIServerHostname(ctx) - assert.Equal(suite.T(), "target.host-laika", foundHost) -} diff --git a/test/integration/util/kube_apiserver/common.go b/test/integration/util/kube_apiserver/common.go deleted file mode 100644 index a2384763e336b5..00000000000000 --- a/test/integration/util/kube_apiserver/common.go +++ /dev/null @@ -1,64 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2017-present Datadog, Inc. - -//go:build kubeapiserver - -package kubernetes - -import ( - apiv1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/DataDog/datadog-agent/test/integration/utils" -) - -// initAPIServerCompose returns a ComposeConf ready to launch -// with etcd and the apiserver running in the same network -// namespace as the current process. -func initAPIServerCompose() (*utils.ComposeConf, error) { - compose := &utils.ComposeConf{ - ProjectName: "kube_events", - FilePath: "testdata/apiserver-compose.yaml", - Variables: map[string]string{}, - } - return compose, nil -} - -func createObjectReference(namespace, kind, name string) *apiv1.ObjectReference { - return &apiv1.ObjectReference{ - Namespace: namespace, - Kind: kind, - Name: name, - } -} - -func createEvent(namespace, name, reason string, involvedObject apiv1.ObjectReference) *apiv1.Event { - return &apiv1.Event{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: namespace, - Name: name, - }, - InvolvedObject: involvedObject, - Reason: reason, - } -} - -func createPodOnNode(namespace, name, nodeName string) *apiv1.Pod { - return &apiv1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: namespace, - Name: name, - }, - Spec: apiv1.PodSpec{ - NodeName: nodeName, - Containers: []apiv1.Container{ - { - Name: "dummy", - Image: "dummy", - }, - }, - }, - } -} diff --git a/test/integration/util/kube_apiserver/testdata/apiserver-compose.yaml b/test/integration/util/kube_apiserver/testdata/apiserver-compose.yaml deleted file mode 100644 index 3453fa7a3c88af..00000000000000 --- a/test/integration/util/kube_apiserver/testdata/apiserver-compose.yaml +++ /dev/null @@ -1,45 +0,0 @@ -version: '2.3' -services: - etcd: - image: "datadog/docker-library:etcd_3_2_6" - network_mode: ${network_mode} - environment: - - ETCDCTL_API=3 - healthcheck: - test: ["CMD", "etcdctl", "--command-timeout=2s", "--dial-timeout=2s", "--endpoints", "http://127.0.0.1:2379", "endpoint", "health"] - interval: 5s - timeout: 5s - retries: 30 - - apiserver: - image: registry.k8s.io/hyperkube:v1.18.20 - command: "kube-apiserver - --apiserver-count=1 - --insecure-bind-address=0.0.0.0 - --insecure-port=8080 - --service-cluster-ip-range=192.168.1.1/24 - --admission-control=NamespaceLifecycle,LimitRanger,DefaultStorageClass,ResourceQuota - --authorization-mode=AlwaysAllow - --etcd-servers=http://127.0.0.1:2379" - network_mode: ${network_mode} - depends_on: - etcd: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "kubectl get cs && kubectl get ns default"] - interval: 5s - timeout: 5s - retries: 30 - - pause: - # - # This pause container is here to wait until the apiserver - # is healthy before returning. - # - image: "datadog/docker-library:pause_3_1" - depends_on: - etcd: - condition: service_healthy - apiserver: - condition: service_healthy - network_mode: none diff --git a/test/integration/util/kube_apiserver/testdata/kubeconfig.json b/test/integration/util/kube_apiserver/testdata/kubeconfig.json deleted file mode 100644 index 18bab1af6ffbb9..00000000000000 --- a/test/integration/util/kube_apiserver/testdata/kubeconfig.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "apiVersion": "v1", - "kind": "Config", - "clusters": [ - { - "cluster": { - "server": "http://127.0.0.1:8080" - }, - "name": "kubernetes" - } - ], - "contexts": [ - { - "context": { - "cluster": "kubernetes", - "user": "kubelet" - }, - "name": "kubelet-to-kubernetes" - } - ], - "current-context": "kubelet-to-kubernetes", - "users": [ - { - "name": "kubelet", - "user": { - "password": "some-password", - "username": "exp" - } - } - ] -} diff --git a/test/integration/util/kubelet/common.go b/test/integration/util/kubelet/common.go deleted file mode 100644 index 8c6112ff6cc7cb..00000000000000 --- a/test/integration/util/kubelet/common.go +++ /dev/null @@ -1,72 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -//go:build kubelet - -package kubernetes - -import ( - "fmt" - "os" - "path" - "time" - - "github.com/DataDog/datadog-agent/test/integration/utils" -) - -const ( - emptyPodList = `{"kind":"PodList","apiVersion":"v1","metadata":{},"items":null} -` -) - -// initInsecureKubelet create a standalone kubelet open to http and https calls -func initInsecureKubelet() (*utils.ComposeConf, error) { - compose := &utils.ComposeConf{ - ProjectName: "insecure_kubelet", - FilePath: "testdata/insecure-kubelet-compose.yaml", - Variables: map[string]string{}, - } - return compose, nil -} - -// initSecureKubelet create an etcd, kube-apiserver and kubelet to open https authNZ calls -// auth parameter allows to switch to secure + authenticated setup -func initSecureKubelet() (*utils.ComposeConf, *utils.CertificatesConfig, error) { - cwd, err := os.Getwd() - if err != nil { - return nil, nil, err - } - - certsConfig := &utils.CertificatesConfig{ - Hosts: "127.0.0.1", - ValidFor: time.Duration(24 * time.Hour), - RsaBits: 1024, - EcdsaCurve: "", - CertFilePath: path.Join(cwd, "testdata/cert.pem"), - KeyFilePath: path.Join(cwd, "testdata/key.pem"), - } - err = utils.GenerateCertificates(certsConfig) - if err != nil { - return nil, nil, err - } - - projectName := "kubelet" - composeFile := "secure-kubelet-compose.yaml" - - compose := &utils.ComposeConf{ - ProjectName: projectName, - FilePath: fmt.Sprintf("testdata/%s", composeFile), - Variables: map[string]string{ - "certpem_path": certsConfig.CertFilePath, - "keypem_path": certsConfig.KeyFilePath, - }, - RemoveRebuildImages: true, - } - // try to remove any old staling resources, especially images - // this is because an old image can contain old certificates, key - // issued from a previous unTearDown build/test - compose.Stop() - return compose, certsConfig, nil -} diff --git a/test/integration/util/kubelet/insecurekubelet_test.go b/test/integration/util/kubelet/insecurekubelet_test.go deleted file mode 100644 index 776f7a771e7c02..00000000000000 --- a/test/integration/util/kubelet/insecurekubelet_test.go +++ /dev/null @@ -1,113 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -//go:build kubelet - -package kubernetes - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" - - "github.com/DataDog/datadog-agent/pkg/config/env" - configmock "github.com/DataDog/datadog-agent/pkg/config/mock" - "github.com/DataDog/datadog-agent/pkg/util/kubernetes/kubelet" -) - -type InsecureTestSuite struct { - suite.Suite -} - -// Make sure globalKubeUtil is deleted before each test -func (suite *InsecureTestSuite) SetupTest() { - kubelet.ResetGlobalKubeUtil() -} - -func (suite *InsecureTestSuite) TestHTTP() { - ctx := context.Background() - mockConfig := configmock.New(suite.T()) - - mockConfig.SetWithoutSource("kubernetes_http_kubelet_port", 10255) - - // Giving 10255 http port to https setting will force an intended https discovery failure - // Then it forces the http usage - mockConfig.SetWithoutSource("kubernetes_https_kubelet_port", 10255) - mockConfig.SetWithoutSource("kubelet_auth_token_path", "") - mockConfig.SetWithoutSource("kubelet_tls_verify", false) - mockConfig.SetWithoutSource("kubernetes_kubelet_host", "127.0.0.1") - - ku, err := kubelet.GetKubeUtil() - require.Nil(suite.T(), err, fmt.Sprintf("%v", err)) - b, code, err := ku.QueryKubelet(ctx, "/healthz") - require.Nil(suite.T(), err, fmt.Sprintf("%v", err)) - assert.Equal(suite.T(), 200, code) - assert.Equal(suite.T(), "ok", string(b)) - - b, code, err = ku.QueryKubelet(ctx, "/pods") - assert.Equal(suite.T(), 200, code) - require.NoError(suite.T(), err) - assert.Equal(suite.T(), emptyPodList, string(b)) - - podList, err := ku.GetLocalPodList(ctx) - // we don't consider null podlist as valid - require.Error(suite.T(), err) - assert.Nil(suite.T(), podList) - - require.EqualValues(suite.T(), - map[string]string{ - "url": "http://127.0.0.1:10255", - }, ku.GetRawConnectionInfo()) -} - -func (suite *InsecureTestSuite) TestInsecureHTTPS() { - ctx := context.Background() - mockConfig := configmock.New(suite.T()) - - mockConfig.SetWithoutSource("kubernetes_http_kubelet_port", 10255) - mockConfig.SetWithoutSource("kubernetes_https_kubelet_port", 10250) - mockConfig.SetWithoutSource("kubelet_auth_token_path", "") - mockConfig.SetWithoutSource("kubelet_tls_verify", false) - mockConfig.SetWithoutSource("kubernetes_kubelet_host", "127.0.0.1") - - ku, err := kubelet.GetKubeUtil() - require.NoError(suite.T(), err) - b, code, err := ku.QueryKubelet(ctx, "/healthz") - assert.Equal(suite.T(), 200, code) - require.NoError(suite.T(), err) - assert.Equal(suite.T(), "ok", string(b)) - - b, code, err = ku.QueryKubelet(ctx, "/pods") - assert.Equal(suite.T(), 200, code) - require.NoError(suite.T(), err) - assert.Equal(suite.T(), emptyPodList, string(b)) - - podList, err := ku.GetLocalPodList(ctx) - // we don't consider null podlist as valid - require.Error(suite.T(), err) - assert.Nil(suite.T(), podList) - - require.EqualValues(suite.T(), - map[string]string{ - "url": "https://127.0.0.1:10250", - "verify_tls": "false", - }, ku.GetRawConnectionInfo()) -} - -func TestInsecureKubeletSuite(t *testing.T) { - env.SetFeatures(t, env.Kubernetes) - - compose, err := initInsecureKubelet() - require.Nil(t, err) - output, err := compose.Start() - defer compose.Stop() - require.Nil(t, err, string(output)) - - suite.Run(t, new(InsecureTestSuite)) -} diff --git a/test/integration/util/kubelet/securekubelet_test.go b/test/integration/util/kubelet/securekubelet_test.go deleted file mode 100644 index 90124ac5e4282d..00000000000000 --- a/test/integration/util/kubelet/securekubelet_test.go +++ /dev/null @@ -1,158 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -//go:build kubelet - -package kubernetes - -import ( - "context" - "fmt" - "os" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" - - "github.com/DataDog/datadog-agent/pkg/config/env" - configmock "github.com/DataDog/datadog-agent/pkg/config/mock" - "github.com/DataDog/datadog-agent/pkg/util/kubernetes/kubelet" - "github.com/DataDog/datadog-agent/test/integration/utils" -) - -type SecureTestSuite struct { - suite.Suite - certsConfig *utils.CertificatesConfig -} - -// Make sure globalKubeUtil is deleted before each test -func (suite *SecureTestSuite) SetupTest() { - kubelet.ResetGlobalKubeUtil() -} - -// TestSecureHTTPSKubelet with: -// - https -// - tls_verify -// - cacert -func (suite *SecureTestSuite) TestWithTLSCA() { - ctx := context.Background() - mockConfig := configmock.New(suite.T()) - - mockConfig.SetWithoutSource("kubernetes_https_kubelet_port", 10250) - mockConfig.SetWithoutSource("kubernetes_http_kubelet_port", 10255) - mockConfig.SetWithoutSource("kubelet_auth_token_path", "") - mockConfig.SetWithoutSource("kubelet_tls_verify", true) - mockConfig.SetWithoutSource("kubelet_client_ca", suite.certsConfig.CertFilePath) - mockConfig.SetWithoutSource("kubernetes_kubelet_host", "127.0.0.1") - - ku, err := kubelet.GetKubeUtil() - require.NoError(suite.T(), err) - b, code, err := ku.QueryKubelet(ctx, "/healthz") - require.NoError(suite.T(), err) - assert.Equal(suite.T(), 200, code) - assert.Equal(suite.T(), "ok", string(b)) - - b, code, err = ku.QueryKubelet(ctx, "/pods") - require.NoError(suite.T(), err) - assert.Equal(suite.T(), 200, code) - assert.Equal(suite.T(), emptyPodList, string(b)) - - podList, err := ku.GetLocalPodList(ctx) - // we don't consider null podlist as valid - require.Error(suite.T(), err) - assert.Nil(suite.T(), podList) - - require.EqualValues(suite.T(), - map[string]string{ - "url": "https://127.0.0.1:10250", - "verify_tls": "true", - "ca_cert": suite.certsConfig.CertFilePath, - }, ku.GetRawConnectionInfo()) -} - -// TestSecureUnknownAuthHTTPSKubelet with: -// - https -// - tls_verify -// - WITHOUT cacert (expecting failure) -func (suite *SecureTestSuite) TestTLSWithoutCA() { - mockConfig := configmock.New(suite.T()) - - mockConfig.SetWithoutSource("kubernetes_https_kubelet_port", 10250) - mockConfig.SetWithoutSource("kubernetes_http_kubelet_port", 10255) - mockConfig.SetWithoutSource("kubelet_auth_token_path", "") - mockConfig.SetWithoutSource("kubelet_client_crt", "") - mockConfig.SetWithoutSource("kubelet_client_key", "") - mockConfig.SetWithoutSource("kubelet_tls_verify", true) - mockConfig.SetWithoutSource("kubelet_client_ca", "") - mockConfig.SetWithoutSource("kubernetes_kubelet_host", "127.0.0.1") - - _, err := kubelet.GetKubeUtil() - require.NotNil(suite.T(), err) - assert.Contains(suite.T(), err.Error(), "impossible to reach Kubelet with host: 127.0.0.1. Please check if your setup requires kubelet_tls_verify = false") -} - -// TestTLSWithCACertificate with: -// - https -// - tls_verify -// - cacert -// - certificate -func (suite *SecureTestSuite) TestTLSWithCACertificate() { - ctx := context.Background() - mockConfig := configmock.New(suite.T()) - - mockConfig.SetWithoutSource("kubernetes_https_kubelet_port", 10250) - mockConfig.SetWithoutSource("kubernetes_http_kubelet_port", 10255) - mockConfig.SetWithoutSource("kubelet_auth_token_path", "") - mockConfig.SetWithoutSource("kubelet_tls_verify", true) - mockConfig.SetWithoutSource("kubelet_client_crt", suite.certsConfig.CertFilePath) - mockConfig.SetWithoutSource("kubelet_client_key", suite.certsConfig.KeyFilePath) - mockConfig.SetWithoutSource("kubelet_client_ca", suite.certsConfig.CertFilePath) - mockConfig.SetWithoutSource("kubernetes_kubelet_host", "127.0.0.1") - - ku, err := kubelet.GetKubeUtil() - require.NoError(suite.T(), err) - b, code, err := ku.QueryKubelet(ctx, "/healthz") - require.NoError(suite.T(), err) - assert.Equal(suite.T(), 200, code) - assert.Equal(suite.T(), "ok", string(b)) - - b, code, err = ku.QueryKubelet(ctx, "/pods") - require.NoError(suite.T(), err) - assert.Equal(suite.T(), 200, code) - assert.Equal(suite.T(), emptyPodList, string(b)) - - podList, err := ku.GetLocalPodList(ctx) - // we don't consider null podlist as valid - require.Error(suite.T(), err) - assert.Nil(suite.T(), podList) - - require.EqualValues(suite.T(), - map[string]string{ - "url": "https://127.0.0.1:10250", - "verify_tls": "true", - "client_crt": suite.certsConfig.CertFilePath, - "client_key": suite.certsConfig.KeyFilePath, - "ca_cert": suite.certsConfig.CertFilePath, - }, ku.GetRawConnectionInfo()) -} - -func TestSecureKubeletSuite(t *testing.T) { - env.SetFeatures(t, env.Kubernetes) - - compose, certsConfig, err := initSecureKubelet() - defer os.Remove(certsConfig.CertFilePath) - defer os.Remove(certsConfig.KeyFilePath) - require.Nil(t, err, fmt.Sprintf("%v", err)) - - output, err := compose.Start() - defer compose.Stop() - require.Nil(t, err, string(output)) - - sqt := &SecureTestSuite{ - certsConfig: certsConfig, - } - suite.Run(t, sqt) -} diff --git a/test/integration/util/kubelet/testdata/Dockerfile b/test/integration/util/kubelet/testdata/Dockerfile deleted file mode 100644 index f3e788e1c46a58..00000000000000 --- a/test/integration/util/kubelet/testdata/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM datadog/docker-library:kubelet_1.25 - -COPY cert.pem /etc/secrets/cert.pem -COPY key.pem /etc/secrets/key.pem diff --git a/test/integration/util/kubelet/testdata/Dockerfile.base b/test/integration/util/kubelet/testdata/Dockerfile.base deleted file mode 100644 index a795e4ee9c3cae..00000000000000 --- a/test/integration/util/kubelet/testdata/Dockerfile.base +++ /dev/null @@ -1,14 +0,0 @@ -# This file is used to build datadog/docker-library:kubelet_1.25 manually -# From this folder: docker build -f Dockerfile.base -t datadog/docker-library:kubelet_1.25 . -FROM psdn/kubelet:v1.25.0 - -ENV DEBIAN_FRONTEND=noninteractive - -RUN apt update && \ - apt install curl -y && \ - curl -L -o cri-docker.deb https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.5/cri-dockerd_0.2.5.3-0.debian-bullseye_amd64.deb && \ - apt install -y ./cri-docker.deb - -COPY entrypoint.sh /entrypoint.sh - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/test/integration/util/kubelet/testdata/entrypoint.sh b/test/integration/util/kubelet/testdata/entrypoint.sh deleted file mode 100755 index 08bc4dd424ed85..00000000000000 --- a/test/integration/util/kubelet/testdata/entrypoint.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -# Need to symlink /dev/kmsg -ln -s /dev/console /dev/kmsg - -(trap 'kill 0' SIGINT; cri-dockerd & sleep 3; kubelet "$@") diff --git a/test/integration/util/kubelet/testdata/insecure-kubelet-compose.yaml b/test/integration/util/kubelet/testdata/insecure-kubelet-compose.yaml deleted file mode 100644 index 46df8133d54910..00000000000000 --- a/test/integration/util/kubelet/testdata/insecure-kubelet-compose.yaml +++ /dev/null @@ -1,35 +0,0 @@ -version: '2.3' -services: - kubelet: - image: "datadog/docker-library:kubelet_1.25" - command: "--cloud-provider='' - --fail-swap-on=false - --make-iptables-util-chains=false - --hairpin-mode=none - --container-runtime-endpoint=unix:///run/cri-dockerd.sock - --pod-manifest-path=/opt" - network_mode: ${network_mode} - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /sys:/sys - - vardata:/var - tty: true - privileged: true - healthcheck: - test: ["CMD", "/bin/ls", "/var/lib/kubelet/pki/kubelet.crt"] - interval: 1s - timeout: 1s - retries: 10 - - pause: - # - # This pause container is here to wait until the apiserver - # is healthy before returning. - # - image: "datadog/docker-library:pause_3_1" - depends_on: - kubelet: - condition: service_healthy - network_mode: none -volumes: - vardata: diff --git a/test/integration/util/kubelet/testdata/secure-kubelet-compose.yaml b/test/integration/util/kubelet/testdata/secure-kubelet-compose.yaml deleted file mode 100644 index 6292b2017d2bd6..00000000000000 --- a/test/integration/util/kubelet/testdata/secure-kubelet-compose.yaml +++ /dev/null @@ -1,42 +0,0 @@ -version: '2.3' -services: - kubelet: - build: ./ - command: "--cloud-provider='' - --hostname-override=localhost - --fail-swap-on=false - --make-iptables-util-chains=false - --hairpin-mode=none - --container-runtime-endpoint=unix:///run/cri-dockerd.sock - --read-only-port 0 - --anonymous-auth=true - --tls-cert-file=/etc/secrets/cert.pem - --tls-private-key-file=/etc/secrets/key.pem - --pod-manifest-path=/opt" - # Removed --client-ca-file=/etc/secrets/cert.pem as it - # depends on an apiserver running to verify the username - network_mode: ${network_mode} - healthcheck: - test: ["CMD", "/bin/ls", "/var/lib/kubelet"] - interval: 1s - timeout: 1s - retries: 10 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /sys:/sys - - vardata:/var - tty: true - privileged: true - - pause: - # - # This pause container is here to wait until the apiserver - # is healthy before returning. - # - image: "datadog/docker-library:pause_3_1" - depends_on: - kubelet: - condition: service_healthy - network_mode: none -volumes: - vardata: