From 2685fcac0d2910889b5b306f145d12eea9ee3563 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Wed, 16 Oct 2024 11:17:27 +0300 Subject: [PATCH] Adds falco-exporter to the integration test (#19) falco-exporter requires falco to have grpc enabled, according to the Helm chart documentation. --- tests/integration/test_falco.py | 62 +++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/tests/integration/test_falco.py b/tests/integration/test_falco.py index 53ef7c9..e4f2421 100644 --- a/tests/integration/test_falco.py +++ b/tests/integration/test_falco.py @@ -34,6 +34,26 @@ def _get_event_generator_helm_cmd(): ) +def _get_falco_exporter_helm_cmd(instance: harness.Instance): + falco_exporter_rock = env_util.get_build_meta_info_for_rock_version( + "falco-exporter", "0.8.7", "amd64" + ) + + images = [ + k8s_util.HelmImage(falco_exporter_rock.image), + ] + + return k8s_util.get_helm_install_command( + "falco-exporter", + "falco-exporter", + namespace="falco", + repository="https://falcosecurity.github.io/charts", + images=images, + runAsUser=0, + split_image_registry=True, + ) + + def _get_falcosidekick_helm_cmd(): falcosidekick_rock = env_util.get_build_meta_info_for_rock_version( "falcosidekick", "2.29.0", "amd64" @@ -79,6 +99,10 @@ def _get_falco_helm_cmd(falco_version: str): set_configs = [ "driver.kind=modern_ebpf", + # required for the falco-exporter. + # https://github.com/falcosecurity/charts/tree/master/charts/falco-exporter#falco-exporter-helm-chart + "falco.grpc.enabled=true", + "falco.grpc_output.enabled=true", ] return k8s_util.get_helm_install_command( @@ -93,6 +117,33 @@ def _get_falco_helm_cmd(falco_version: str): ) +def _assert_falco_exporter_up(instance: harness.Instance): + # Assert that falco-exporter is responsive. The falco-exporter image is a bare image, + # so, we're using the falco Pod to curl the falco-exporter endpoint instead. + LOG.info("Checking if falco-exporter is being responsive.") + process = instance.exec( + [ + "k8s", + "kubectl", + "--namespace", + "falco", + "exec", + f"{constants.K8S_DAEMONSET}/falco", + "--", + "curl", + "-s", + "http://falco-exporter:9376/metrics", + ], + check=True, + capture_output=True, + text=True, + ) + + assert ( + "Total number of scrapes" in process.stdout + ), "Expected falco-exporter to return metrics." + + def _assert_falcosidekick_up(instance: harness.Instance): # Assert that falcosidekick is responsive. It has a ping method, to which we should get pong. # The falcosidekick image does not have curl or wget, but the falco image does. @@ -178,8 +229,14 @@ def test_integration_falco(function_instance: harness.Instance, image_version): # Deploy falcosidekick helm chart and wait for it to become active. function_instance.exec(_get_falcosidekick_helm_cmd()) - # Wait for the daemonset to become Active. - k8s_util.wait_for_daemonset(function_instance, "falco", "falco", retry_times=10) + # Deploy falco-exporter helm chart and wait for it to become active. + function_instance.exec(_get_falco_exporter_helm_cmd(function_instance)) + + # Wait for the daemonsets to become Active. + for daemonset in ["falco", "falco-exporter"]: + k8s_util.wait_for_daemonset( + function_instance, daemonset, "falco", retry_times=10 + ) # Wait for the deployments to become Active. for deployment in ["falcosidekick", "falcosidekick-ui"]: @@ -202,3 +259,4 @@ def test_integration_falco(function_instance: harness.Instance, image_version): _assert_falco_logs(function_instance) _assert_falcosidekick_up(function_instance) + _assert_falco_exporter_up(function_instance)