From 2cc8563877b78fadceac9103aeb6f349719139fe Mon Sep 17 00:00:00 2001 From: Roberto Montero <108007532+robertomonteromiguel@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:33:04 +0100 Subject: [PATCH] k8s clean leftovers (#3609) --- tests/k8s_lib_injection/conftest.py | 3 - .../test_k8s_manual_inject.py | 54 -- .../k8s_datadog_kubernetes.py | 40 +- .../resources/datadog-agent-apm.yaml | 486 ------------------ 4 files changed, 1 insertion(+), 582 deletions(-) delete mode 100644 utils/k8s_lib_injection/resources/datadog-agent-apm.yaml diff --git a/tests/k8s_lib_injection/conftest.py b/tests/k8s_lib_injection/conftest.py index 41802b5366..b19b018f2f 100644 --- a/tests/k8s_lib_injection/conftest.py +++ b/tests/k8s_lib_injection/conftest.py @@ -93,9 +93,6 @@ def deploy_datadog_cluster_agent(self, use_uds=False, features=None): def deploy_test_agent(self): self.test_agent.deploy_test_agent() - def deploy_agent(self): - self.test_agent.deploy_agent() - def deploy_weblog_as_pod(self, with_admission_controller=True, use_uds=False, env=None, service_account=None): if with_admission_controller: self.test_weblog.install_weblog_pod_with_admission_controller(env=env, service_account=service_account) diff --git a/tests/k8s_lib_injection/test_k8s_manual_inject.py b/tests/k8s_lib_injection/test_k8s_manual_inject.py index 2b4b34b8d1..19b7d45c60 100644 --- a/tests/k8s_lib_injection/test_k8s_manual_inject.py +++ b/tests/k8s_lib_injection/test_k8s_manual_inject.py @@ -56,38 +56,6 @@ def test_inject_uds_without_admission_controller(self, test_k8s_instance): logger.info(f"Test test_inject_uds_without_admission_controller finished") -# TODO delete or update this scenario to use test agent -# @features.k8s_admission_controller -# @scenarios.k8s_library_injection_asm -class _TestAdmisionControllerAsm: - """Test ASM features activation with admission controller.""" - - def test_inject_asm_admission_controller(self, test_k8s_instance): - logger.info( - f"Launching test test_inject_asm_admission_controller: Weblog: [{test_k8s_instance.k8s_kind_cluster.get_weblog_port()}] Agent: [{test_k8s_instance.k8s_kind_cluster.get_agent_port()}]" - ) - - asm_features = { - "datadog.asm.iast.enabled": "true", - "datadog.asm.sca.enabled": "true", - "datadog.asm.threats.enabled": "true", - } - test_k8s_instance.deploy_datadog_cluster_agent(features=asm_features) - test_k8s_instance.deploy_agent() - - weblog_port = test_k8s_instance.k8s_kind_cluster.get_weblog_port() - weblog_host = test_k8s_instance.k8s_kind_cluster.cluster_host_name - logger.info(f"Waiting for weblog available [{weblog_host}:{weblog_port}]") - wait_for_port(weblog_port, weblog_host, 80.0) - logger.info(f"[{weblog_host}:{weblog_port}]: Weblog app is ready!") - warmup_weblog(f"http://{weblog_host}:{weblog_port}/") - logger.info(f"Making a request to weblog [{weblog_host}:{weblog_port}]") - request_uuid = make_get_request(f"http://{weblog_host}:{weblog_port}/") - - logger.info(f"Http request done with uuid: [{request_uuid}] for [{weblog_host}:{weblog_port}]") - wait_backend_trace_id(request_uuid, 120.0, profile=False, validator=backend_trace_validator) - - @features.k8s_admission_controller @scenarios.k8s_library_injection_profiling class TestAdmisionControllerProfiling: @@ -154,28 +122,6 @@ def test_profiling_override_cluster_env(self, test_k8s_instance): profiling_request_found = self._check_profiling_request_sent(test_k8s_instance.k8s_kind_cluster) assert profiling_request_found, "No profiling request found" - def _test_inject_profiling_admission_controller_real(self, test_k8s_instance): - logger.info( - f"Launching test test_inject_profiling_admission_controller: Weblog: [{test_k8s_instance.k8s_kind_cluster.get_weblog_port()}] Agent: [{test_k8s_instance.k8s_kind_cluster.get_agent_port()}]" - ) - - test_k8s_instance.deploy_datadog_cluster_agent(features={"datadog.profiling.enabled": "auto"}) - test_k8s_instance.deploy_agent() - test_k8s_instance.deploy_weblog_as_pod( - env={"DD_PROFILING_UPLOAD_PERIOD": "10", "DD_INTERNAL_PROFILING_LONG_LIVED_THRESHOLD": "1500"} - ) - weblog_port = test_k8s_instance.k8s_kind_cluster.get_weblog_port() - weblog_host = test_k8s_instance.k8s_kind_cluster.cluster_host_name - logger.info(f"Waiting for weblog available [{weblog_host}:{weblog_port}]") - wait_for_port(weblog_port, weblog_host, 80.0) - logger.info(f"[{weblog_host}:{weblog_port}]: Weblog app is ready!") - warmup_weblog(f"http://{weblog_host}:{weblog_port}/") - logger.info(f"Making a request to weblog [{weblog_host}:{weblog_port}]") - request_uuid = make_get_request(f"http://{weblog_host}:{weblog_port}/") - - logger.info(f"Http request done with uuid: [{request_uuid}] for [{weblog_host}:{weblog_port}]") - wait_backend_trace_id(request_uuid, 120.0, profile=True) - def backend_trace_validator(trace_id, trace_data): logger.info("Appsec trace validator") diff --git a/utils/k8s_lib_injection/k8s_datadog_kubernetes.py b/utils/k8s_lib_injection/k8s_datadog_kubernetes.py index 84c5d27c2e..21ba762fc1 100644 --- a/utils/k8s_lib_injection/k8s_datadog_kubernetes.py +++ b/utils/k8s_lib_injection/k8s_datadog_kubernetes.py @@ -16,7 +16,7 @@ class K8sDatadog: - def __init__(self, output_folder, test_name, api_key=None, app_key=None, real_agent_image=None): + def __init__(self, output_folder, test_name, api_key=None, app_key=None): self.k8s_kind_cluster = None self.output_folder = output_folder self.test_name = test_name @@ -24,7 +24,6 @@ def __init__(self, output_folder, test_name, api_key=None, app_key=None, real_ag self.k8s_wrapper = None self._api_key = api_key self._app_key = app_key - self.real_agent_image = real_agent_image def configure(self, k8s_kind_cluster, k8s_wrapper): self.k8s_kind_cluster = k8s_kind_cluster @@ -32,43 +31,6 @@ def configure(self, k8s_kind_cluster, k8s_wrapper): self.logger = k8s_logger(self.output_folder, self.test_name, "k8s_logger") self.logger.info(f"K8sDatadog configured with cluster: {self.k8s_kind_cluster.cluster_name}") - def deploy_agent(self): - """ Installs the real agent daemonset using previously download datadog-agent-apm template. - Following this doc: https://docs.datadoghq.com/containers/guide/kubernetes_daemonset/?tab=tcp""" - self.logger.info( - f"[Real agent] Deploying Datadog test agent on the cluster: {self.k8s_kind_cluster.cluster_name}" - ) - agent_data = "" - with open("utils/k8s_lib_injection/resources/datadog-agent-apm.yaml", "r") as file: - agent_data = file.read() - - if self.real_agent_image: - agent_data = agent_data.replace("gcr.io/datadoghq/agent:7.45.0", self.real_agent_image) - - agent_config = f"{self.output_folder}/{self.k8s_kind_cluster.cluster_name}_datadog-agent-apm.yaml" - - with open(agent_config, "w") as fp: - fp.write(agent_data) - fp.seek(0) - self.logger.info("[real agent] Creating agent") - kubectl_apply( - self.k8s_kind_cluster, - "https://raw.githubusercontent.com/DataDog/datadog-agent/master/Dockerfiles/manifests/rbac/clusterrole.yaml", - ) - kubectl_apply( - self.k8s_kind_cluster, - "https://raw.githubusercontent.com/DataDog/datadog-agent/master/Dockerfiles/manifests/rbac/serviceaccount.yaml", - ) - kubectl_apply( - self.k8s_kind_cluster, - "https://raw.githubusercontent.com/DataDog/datadog-agent/master/Dockerfiles/manifests/rbac/clusterrolebinding.yaml", - ) - - kubectl_apply(self.k8s_kind_cluster, agent_config) - self.logger.info("[real agent] Agent created. Waiting for the agent to be ready") - self.wait_for_test_agent() - self.logger.info("[real agent] Daemonset created") - def deploy_test_agent(self): """ Installs the test agent pod.""" diff --git a/utils/k8s_lib_injection/resources/datadog-agent-apm.yaml b/utils/k8s_lib_injection/resources/datadog-agent-apm.yaml deleted file mode 100644 index fdcdfea1a5..0000000000 --- a/utils/k8s_lib_injection/resources/datadog-agent-apm.yaml +++ /dev/null @@ -1,486 +0,0 @@ ---- -#DOWNLOADED FOR SYSTEM-TEST FROM https://docs.datadoghq.com/resources/yaml/datadog-agent-apm.yaml -# WARNING: IF YOU CHANGE THIS FILE, YOU NEED TO UPDATE THE REFERENCES TO THE AGENT IMAGE HERE:::::: utils/k8s_lib_injection/k8s_datadog_cluster_agent.py -#IE REFERENCES TO STRING: "gcr.io/datadoghq/agent:7.45.0" -# Source: datadog/templates/secret-api-key.yaml -apiVersion: v1 -kind: Secret -metadata: - name: datadog - namespace: default - labels: {} -type: Opaque -#data: -# api-key: PUT_YOUR_BASE64_ENCODED_API_KEY_HERE ---- -# Source: datadog/templates/cluster-agent-confd-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: datadog-cluster-agent-confd - namespace: default - labels: {} - annotations: {} -data: - kubernetes_state_core.yaml.default: |- - init_config: - instances: - - collectors: - - secrets - - nodes - - pods - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - - daemonsets - - deployments - - replicasets - - statefulsets - - cronjobs - - jobs - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - - ingresses - labels_as_tags: - {} - annotations_as_tags: - {} ---- -# Source: datadog/templates/install_info-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: datadog-installinfo - namespace: default - labels: {} - annotations: {} -data: - install_info: | - --- - install_method: - tool: kubernetes sample manifests - tool_version: kubernetes sample manifests - installer_version: kubernetes sample manifests ---- -# Source: datadog/templates/kube-state-metrics-core-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRole -metadata: - labels: {} - name: datadog-ksm-core -rules: - - apiGroups: - - "" - resources: - - secrets - - nodes - - pods - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - - events - verbs: - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -# Source: datadog/templates/kube-state-metrics-core-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRoleBinding -metadata: - labels: {} - name: datadog-ksm-core -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: datadog-ksm-core -subjects: - - kind: ServiceAccount - name: datadog-cluster-agent - namespace: default ---- -# Source: datadog/templates/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: datadog - namespace: default - labels: {} -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - labels: - app: datadog - name: datadog - annotations: {} - spec: - securityContext: - runAsUser: 0 - hostPID: true - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.45.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - resources: {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - # Needs to be removed when Agent N-2 is built with Golang 1.17 - - name: GODEBUG - value: x509ignoreCN=0 - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_EXPVAR_PORT - value: "6000" - #Added for testing - - name: DD_KUBELET_TLS_VERIFY - value: "false" - volumeMounts: - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - name: os-release-file - mountPath: /host/etc/os-release - mountPropagation: None - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.45.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: {} - ports: - - containerPort: 8126 - hostPort: 8126 - name: traceport - protocol: TCP - env: - # Needs to be removed when Agent N-2 is built with Golang 1.17 - - name: GODEBUG - value: x509ignoreCN=0 - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_CLUSTER_AGENT_ENABLED - value: "false" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: "8126" - - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.45.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.45.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - env: - # Needs to be removed when Agent N-2 is built with Golang 1.17 - - name: GODEBUG - value: x509ignoreCN=0 - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - name: KUBERNETES - value: "yes" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_LEADER_ELECTION - value: "true" - resources: {} - volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - - hostPath: - path: /etc/os-release - name: os-release-file - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: dsdsocket - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: apmsocket - - name: s6-run - emptyDir: {} - - hostPath: - path: /var/run - name: runtimesocketdir - tolerations: - affinity: {} - serviceAccountName: "datadog-agent" - nodeSelector: - kubernetes.io/os: linux - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate