fix e2e to handle bpffs mounting

Signed-off-by: Mohamed Mahmoud <[email protected]>
netobserv · Nov 6, 2024 · 93faa21 · 93faa21
1 parent 76568aa
commit 93faa21
Show file tree

Hide file tree

Showing 10 changed files with 184 additions and 2 deletions.
diff --git a/e2e/cluster/base/04-bpffs.yml b/e2e/cluster/base/04-bpffs.yml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: bpf-mounter
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: bpf-mounter
+  template:
+    metadata:
+      labels:
+        app: bpf-mounter
+    spec:
+      hostNetwork: true
+      hostPID: true
+      tolerations:
+        - operator: Exists
+      initContainers:
+        - name: mount-bpffs
+          image: quay.io/ingressnodefirewall/alpine:3.14
+          command:
+          - /bin/sh
+          - -xc
+          - |
+            #!/bin/sh
+            if ! /bin/mount | /bin/grep -q 'bpffs on /sys/fs/bpf'; then
+              /bin/mount bpffs /sys/fs/bpf -t bpf
+            fi
+          securityContext:
+            privileged: true
+            runAsUser: 0
+            capabilities:
+              add:
+                - CAP_BPF
+                - CAP_NET_ADMIN
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - name: bpf-maps
+              mountPath: /sys/fs/bpf
+              mountPropagation: Bidirectional
+      containers:
+        - name: sleep
+          image: quay.io/ingressnodefirewall/alpine:3.14
+          command: ['sleep', 'infinity']
+      volumes:
+        - name: bpf-maps
+          hostPath:
+            path: /sys/fs/bpf
+            type: DirectoryOrCreate
diff --git a/e2e/cluster/base/04-agent.yml → e2e/cluster/base/05-agent.yml b/e2e/cluster/base/04-agent.yml → e2e/cluster/base/05-agent.yml
@@ -36,8 +36,15 @@ spec:
             - name: bpf-kernel-debug
               mountPath: /sys/kernel/debug
               mountPropagation: Bidirectional
+            - name: bpf-maps
+              mountPath: /sys/fs/bpf
+              mountPropagation: Bidirectional
       volumes:
         - name: bpf-kernel-debug
           hostPath:
             path: /sys/kernel/debug
             type: Directory
+        - name: bpf-maps
+          hostPath:
+            path: /sys/fs/bpf
+            type: DirectoryOrCreate
diff --git a/e2e/cluster/kind.go b/e2e/cluster/kind.go
@@ -69,6 +69,7 @@ const (
 	PermissionsSetup DeployID = "permissions"
 	Loki             DeployID = "loki"
 	FlowLogsPipeline DeployID = "flp"
+	BpfFS            DeployID = "bpffs"
 	Agent            DeployID = "agent"
 )
 
@@ -97,8 +98,11 @@ var defaultBaseDeployments = map[DeployID]Deployment{
 	FlowLogsPipeline: {
 		Order: NetObservServices, ManifestFile: path.Join(packageDir(), "base", "03-flp.yml"),
 	},
+	BpfFS: {
+		Order: NetObservServices, ManifestFile: path.Join(packageDir(), "base", "04-bpffs.yml"),
+	},
 	Agent: {
-		Order: WithAgent, ManifestFile: path.Join(packageDir(), "base", "04-agent.yml"),
+		Order: WithAgent, ManifestFile: path.Join(packageDir(), "base", "05-agent.yml"),
 	},
 }
 

diff --git a/e2e/cluster/kind_test.go b/e2e/cluster/kind_test.go
@@ -23,8 +23,9 @@ func TestOrderManifests(t *testing.T) {
 		{Order: Preconditions, ManifestFile: path.Join(packageDir(), "base", "01-permissions.yml")},
 		{Order: ExternalServices, ManifestFile: "sql"},
 		{Order: ExternalServices, ManifestFile: "loki"},
+		{Order: NetObservServices, ManifestFile: path.Join(packageDir(), "base", "04-bpffs.yml")},
 		{Order: NetObservServices, ManifestFile: path.Join(packageDir(), "base", "03-flp.yml")},
-		{Order: WithAgent, ManifestFile: path.Join(packageDir(), "base", "04-agent.yml")},
+		{Order: WithAgent, ManifestFile: path.Join(packageDir(), "base", "05-agent.yml")},
 		{ManifestFile: "pods.yml"},
 	}, tc.orderedManifests())
 }
diff --git a/e2e/ipfix/ipfix_test.go b/e2e/ipfix/ipfix_test.go
@@ -32,6 +32,9 @@ func TestMain(m *testing.M) {
 		cluster.Override(cluster.FlowLogsPipeline, cluster.Deployment{
 			Order: cluster.NetObservServices, ManifestFile: path.Join("manifests", "20-flp-transformer.yml"),
 		}),
+		cluster.Override(cluster.Agent, cluster.Deployment{
+			Order: cluster.WithAgent, ManifestFile: path.Join("manifests", "25-bpffs.yml"),
+		}),
 		cluster.Override(cluster.Agent, cluster.Deployment{
 			Order: cluster.WithAgent, ManifestFile: path.Join("manifests", "30-agent.yml"),
 		}),

diff --git a/e2e/ipfix/manifests/25-bpffs.yaml b/e2e/ipfix/manifests/25-bpffs.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: bpf-mounter
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: bpf-mounter
+  template:
+    metadata:
+      labels:
+        app: bpf-mounter
+    spec:
+      hostNetwork: true
+      hostPID: true
+      tolerations:
+        - operator: Exists
+      initContainers:
+        - name: mount-bpffs
+          image: quay.io/ingressnodefirewall/alpine:3.14
+          command:
+          - /bin/sh
+          - -xc
+          - |
+            #!/bin/sh
+            if ! /bin/mount | /bin/grep -q 'bpffs on /sys/fs/bpf'; then
+              /bin/mount bpffs /sys/fs/bpf -t bpf
+            fi
+          securityContext:
+            privileged: true
+            runAsUser: 0
+            capabilities:
+              add:
+                - CAP_BPF
+                - CAP_NET_ADMIN
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - name: bpf-maps
+              mountPath: /sys/fs/bpf
+              mountPropagation: Bidirectional
+      containers:
+        - name: sleep
+          image: quay.io/ingressnodefirewall/alpine:3.14
+          command: ['sleep', 'infinity']
+      volumes:
+        - name: bpf-maps
+          hostPath:
+            path: /sys/fs/bpf
+            type: DirectoryOrCreate
diff --git a/e2e/ipfix/manifests/30-agent.yml b/e2e/ipfix/manifests/30-agent.yml
@@ -38,8 +38,15 @@ spec:
             - name: bpf-kernel-debug
               mountPath: /sys/kernel/debug
               mountPropagation: Bidirectional
+            - name: bpf-maps
+              mountPath: /sys/fs/bpf
+              mountPropagation: Bidirectional
       volumes:
         - name: bpf-kernel-debug
           hostPath:
             path: /sys/kernel/debug
             type: Directory
+        - name: bpf-maps
+          hostPath:
+            path: /sys/fs/bpf
+            type: DirectoryOrCreate
diff --git a/e2e/kafka/kafka_test.go b/e2e/kafka/kafka_test.go
@@ -54,6 +54,9 @@ func TestMain(m *testing.M) {
 		cluster.Override(cluster.FlowLogsPipeline, cluster.Deployment{
 			Order: cluster.NetObservServices, ManifestFile: path.Join("manifests", "20-flp-transformer.yml"),
 		}),
+		cluster.Override(cluster.Agent, cluster.Deployment{
+			Order: cluster.WithAgent, ManifestFile: path.Join("manifests", "25-bpffs.yml"),
+		}),
 		cluster.Override(cluster.Agent, cluster.Deployment{
 			Order: cluster.WithAgent, ManifestFile: path.Join("manifests", "30-agent.yml"),
 		}),

diff --git a/e2e/kafka/manifests/25-bpffs.yaml b/e2e/kafka/manifests/25-bpffs.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: bpf-mounter
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: bpf-mounter
+  template:
+    metadata:
+      labels:
+        app: bpf-mounter
+    spec:
+      hostNetwork: true
+      hostPID: true
+      tolerations:
+        - operator: Exists
+      initContainers:
+        - name: mount-bpffs
+          image: quay.io/ingressnodefirewall/alpine:3.14
+          command:
+          - /bin/sh
+          - -xc
+          - |
+            #!/bin/sh
+            if ! /bin/mount | /bin/grep -q 'bpffs on /sys/fs/bpf'; then
+              /bin/mount bpffs /sys/fs/bpf -t bpf
+            fi
+          securityContext:
+            privileged: true
+            runAsUser: 0
+            capabilities:
+              add:
+                - CAP_BPF
+                - CAP_NET_ADMIN
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - name: bpf-maps
+              mountPath: /sys/fs/bpf
+              mountPropagation: Bidirectional
+      containers:
+        - name: sleep
+          image: quay.io/ingressnodefirewall/alpine:3.14
+          command: ['sleep', 'infinity']
+      volumes:
+        - name: bpf-maps
+          hostPath:
+            path: /sys/fs/bpf
+            type: DirectoryOrCreate
diff --git a/e2e/kafka/manifests/30-agent.yml b/e2e/kafka/manifests/30-agent.yml
@@ -34,8 +34,15 @@ spec:
             - name: bpf-kernel-debug
               mountPath: /sys/kernel/debug
               mountPropagation: Bidirectional
+            - name: bpf-maps
+              mountPath: /sys/fs/bpf
+              mountPropagation: Bidirectional
       volumes:
         - name: bpf-kernel-debug
           hostPath:
             path: /sys/kernel/debug
             type: Directory
+        - name: bpf-maps
+          hostPath:
+            path: /sys/fs/bpf
+            type: DirectoryOrCreate