inovex · maxbischoff · Aug 13, 2020 · Aug 3, 2020 · Aug 3, 2020 · Aug 3, 2020
diff --git a/.travis.yml b/.travis.yml
@@ -19,8 +19,8 @@ jobs:
  - gem install mdl
  script: mdl -r "~MD013" .
 
- - stage: "Test"
- name: "test:lint"
+ - stage: "Check"
+ name: "Lint python files"
  language: python
  cache: pip
  python: "3.8"
@@ -39,33 +39,29 @@ jobs:
  after_success:
  - codecov
 
- - stage: e2e
+ - stage: "Test"
  name: "docker - calico e2e Tests"
  language: python
  cache: pip
  python: "3.8"
  env:
  - KUBECONFIG="$HOME/.kube/config"
- # TODO upgrade to v1.18.6 or newer
- - KUBERNETES_VERSION=v1.15.3
- # TODO update to v1.12.1 or newer
- - MINIKUBE_VERSION=v1.3.1
+ # stable version in minikube v1.12.2
+ - KUBERNETES_VERSION=v1.18.3
+ - MINIKUBE_VERSION=v1.12.2
  - CHANGE_MINIKUBE_NONE_USER=true
  - MINIKUBE_WANTUPDATENOTIFICATION=false
  - MINIKUBE_WANTREPORTERRORPROMPT=false
  - MINIKUBE_HOME=$HOME
 
- before_install:
- - sudo apt-get update && sudo apt-get install -y conntrack
-
  before_script:
  # install dependent binaries
  - curl --fail -Lo kubectl "https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
  - curl --fail -Lo minikube "https://storage.googleapis.com/minikube/releases/${MINIKUBE_VERSION}/minikube-linux-amd64" && chmod +x minikube && sudo mv minikube /usr/local/bin/
  - mkdir -p $HOME/.kube $HOME/.minikube
  - touch $KUBECONFIG
- - minikube config set vm-driver none
- - sudo -H -E ./local_dev/start_docker.sh
+ - minikube config set driver docker
+ - ./local_dev/start_docker.sh
  - pip install -r requirements.txt
  - pip install codecov
  - python setup.py install
@@ -77,38 +73,29 @@ jobs:
  after_success:
  - codecov
 
- - stage: e2e
+ - stage: "Test"
  name: "containerd - calico e2e Tests"
  language: python
  cache: pip
  python: "3.8"
  env:
  - KUBECONFIG="$HOME/.kube/config"
- - CONTAINERD_VERSION=1.3.4
- # TODO upgrade to v1.18.6 or newer
- - KUBERNETES_VERSION=v1.15.3
- # TODO update to v1.12.1 or newer
- - MINIKUBE_VERSION=v1.3.1
+ # stable version in minikube v1.12.2
+ - KUBERNETES_VERSION=v1.18.3
+ - MINIKUBE_VERSION=v1.12.2
  - CHANGE_MINIKUBE_NONE_USER=true
  - MINIKUBE_WANTUPDATENOTIFICATION=false
  - MINIKUBE_WANTREPORTERRORPROMPT=false
  - MINIKUBE_HOME=$HOME
 
- before_install:
- # See: https:/containerd/cri/blob/master/docs/installation.md
- - sudo apt-get update && sudo apt-get install -y libseccomp2 conntrack
- - curl --fail -sLO "https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz"
- - sudo tar --no-overwrite-dir -C / -xzf cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
-
  before_script:
  # install dependent binaries
  - curl --fail -Lo kubectl "https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
  - curl --fail -Lo minikube "https://storage.googleapis.com/minikube/releases/${MINIKUBE_VERSION}/minikube-linux-amd64" && chmod +x minikube && sudo mv minikube /usr/local/bin/
  - mkdir -p $HOME/.kube $HOME/.minikube
  - touch $KUBECONFIG
- # todo switch to kind !
- - minikube config set vm-driver none
- - sudo -H -E ./local_dev/start_containerd.sh
+ - minikube config set driver docker
+ - ./local_dev/start_containerd.sh
  - pip install -r requirements.txt
  - pip install codecov
  - python setup.py install

diff --git a/local_dev/docker-registry.yml b/local_dev/docker-registry.yml
diff --git a/local_dev/run_e2e_tests.sh b/local_dev/run_e2e_tests.sh
@@ -3,8 +3,15 @@
 # Abort if any of the following commands fails or variables are undefined
 set -eu
 
-DOCKER_REGISTRY=${DOCKER_REGISTRY:-"localhost"}
-ILLUMINATIO_IMAGE="${DOCKER_REGISTRY}:5000/illuminatio-runner:dev"
+# default DOCKER_REGISTRY to the docker bind address and port if using docker driver
+if [ "$(minikube config get driver)" = "docker" ]; then
+ DOCKER_REGISTRY="${DOCKER_REGISTRY:-$(docker port minikube 5000)}"
+else
+ # otherwise default to the minikube IP and port 5000
+ DOCKER_REGISTRY="${DOCKER_REGISTRY:-"$(minikube ip):5000"}"
+fi
+
+ILLUMINATIO_IMAGE="${DOCKER_REGISTRY}/illuminatio-runner:dev"
 
 docker build -t "${ILLUMINATIO_IMAGE}" .
 
@@ -15,8 +22,6 @@ docker push "${ILLUMINATIO_IMAGE}"
 if [[ -n "${CI:-}" ]];
 then
  echo "Prepull: ${ILLUMINATIO_IMAGE} to ensure image is available"
- # If crictl is not installed e.g. only Docker
- sudo crictl pull "${ILLUMINATIO_IMAGE}" || true
  sudo docker pull "${ILLUMINATIO_IMAGE}"
 fi
 

diff --git a/local_dev/start_containerd.sh b/local_dev/start_containerd.sh
@@ -2,55 +2,31 @@
 # abort if any of the following commands fails or variables are undefined
 set -eu
 
-KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.15.0}"
-CALICO_VERSION="${CALICO_VERSION:-v3.8}"
+KUBERNETES_VERSION="${KUBERNETES_VERSION:-stable}"
 
-# Setup minikube
+# Setup minikube, requires minikube >= 1.12.1
 minikube delete
 minikube config set embed-certs true
 minikube start \
- --memory 4096 \
- --cpus 4 \
- --network-plugin=cni \
+ --cni=calico \
  --container-runtime=containerd \
- --extra-config=kubelet.network-plugin=cni \
- --extra-config=kubelet.pod-cidr=192.168.0.0/16 \
- --extra-config=controller-manager.allocate-node-cidrs=true \
- --extra-config=controller-manager.cluster-cidr=192.168.0.0/16 \
- --bootstrapper=kubeadm \
  --host-only-cidr=172.17.17.1/24 \
- --insecure-registry=localhost:5000 \
  --kubernetes-version="${KUBERNETES_VERSION}"
 
-# Setup the minikube docker registry and calico
 minikube addons enable registry
 
 if [[ -n "${CI:-}" ]];
 then
  sudo chown -R travis: /home/travis/.minikube/
 fi
 
-kubectl apply -f "https://docs.projectcalico.org/${CALICO_VERSION}/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml"
-kubectl apply -f local_dev/docker-registry.yml
-
 # Configure containerd to use the local registry
-if [[ -n "${CI:-}" ]];
-then
- sudo mkdir -p /etc/containerd
- sudo tee /etc/containerd/config.toml <<EOF
-[plugins.cri.registry.mirrors]
- [plugins.cri.registry.mirrors."localhost"]
- endpoint = ["http://localhost:5000"]
-EOF
-
-else
- minikube ssh <<EOF
+minikube ssh <<EOF
 # the following commands are executed inside the minikube vm
 # Add the following lines -> see https:/kubernetes/minikube/issues/3444
 sudo sed -i '56i\ endpoint = ["http://localhost:5000"]' /etc/containerd/config.toml
-sudo sed -i '56i\ [plugins.cri.registry.mirrors."localhost"]' /etc/containerd/config.toml
+sudo sed -i '56i\  [plugins.cri.registry.mirrors."localhost:5000"]' /etc/containerd/config.toml
 # Finally restart the containerd service
 sudo systemctl restart containerd
 exit
 EOF
-fi
diff --git a/local_dev/start_docker.sh b/local_dev/start_docker.sh
@@ -2,32 +2,21 @@
 # Abort if any of the following commands fails or variables are undefined
 set -eu
 
-KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.15.0}"
-CALICO_VERSION="${CALICO_VERSION:-v3.8}"
+KUBERNETES_VERSION="${KUBERNETES_VERSION:-stable}"
 
-# Setup minikube
+# Setup minikube, requires minikube >= 1.12.1
 minikube delete
 minikube config set embed-certs true
 minikube start \
- --memory 4096 \
- --cpus 4 \
- --network-plugin=cni \
+ --cni=calico \
  --container-runtime=docker \
- --extra-config=kubelet.network-plugin=cni \
- --extra-config=kubelet.pod-cidr=192.168.0.0/16 \
- --extra-config=controller-manager.allocate-node-cidrs=true \
- --extra-config=controller-manager.cluster-cidr=192.168.0.0/16 \
- --bootstrapper=kubeadm \
  --host-only-cidr=172.17.17.1/24 \
  --kubernetes-version="${KUBERNETES_VERSION}"
 
-# Setup the minikube docker registry and calico
+# Setup the minikube docker registry
 minikube addons enable registry
 
 if [[ -n "${CI:-}" ]];
 then
  sudo chown -R travis: /home/travis/.minikube/
 fi
-
-kubectl apply -f "https://docs.projectcalico.org/${CALICO_VERSION}/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml"
-kubectl apply -f local_dev/docker-registry.yml
diff --git a/src/illuminatio/test_orchestrator.py b/src/illuminatio/test_orchestrator.py
@@ -539,7 +539,7 @@ def create_daemonset_manifest(
  runtime = "docker"
  elif container_runtime.startswith("containerd"):
  if cri_socket is None:
- cri_socket = "/var/run/dockershim.sock"
+ cri_socket = "/run/containerd/containerd.sock"
  runtime = "containerd"
  else:
  raise NotImplementedError(

diff --git a/tests/assets/containerd.yaml b/tests/assets/containerd.yaml
@@ -39,7 +39,7 @@ spec:
  - name: CONTAINER_RUNTIME_NAME
  value: containerd
  - name: CONTAINER_RUNTIME_ENDPOINT
- value: /var/run/dockershim.sock
+ value: /run/containerd/containerd.sock
  command:
  - illuminatio-runner
  args:
@@ -57,7 +57,7 @@ spec:
  volumeMounts:
  - mountPath: /etc/config/
  name: cases-volume
- - mountPath: /var/run/dockershim.sock
+ - mountPath: /run/containerd/containerd.sock
  name: cri-socket
  readOnly: true
  - mountPath: /var/run/netns
@@ -74,7 +74,7 @@ spec:
  name: illuminatio-cases-cfgmap
  - name: cri-socket
  hostPath:
- path: /var/run/dockershim.sock
+ path: /run/containerd/containerd.sock
  type: Socket
  - name: net-ns
  hostPath: