High level tests for core_bpf
erthalion opened this issue · 1 comments
We need to verify that everything works as expected from the stackrox perspective in regard of the new collection method:
- It's possible to create a new cluster with
core_bpfmethod via operator and helm charts. - It's possible to switch from
ebpfcollection method tocore_bpf(for both, configured via operator and helm charts). - It's possible to switch back
core_bpfcollection method toebpf(for both, configured via operator and helm charts). - Using
core_bpfcollection method it's possible to upgrade the node kernel version and simply restart Collector. - Using
core_bpfit's possible to upgrade ocp version any disruption (similar to the previous one). - Using
core_bpfit's possible to use offline installation without a support package.
Part of #1015
I verified that it is possible to run ACS in offline mode with core_bpf. I followed the following steps.
Started a GKE cluster on infra
cdrox
git checkout e42d779f6988d0981e222a26429fdd71acdd2673
Set the following environment variables
export COLLECTION_METHOD=core_bpf
export OFFLINE_MODE=true
./deploy/k8s/deploy-local.sh
ks logs collector-tw289
Defaulted container "collector" out of: collector, compliance
Collector Version: 3.14.x-61-g62b59ff17d
OS: Ubuntu 22.04.2 LTS
Kernel Version: 5.15.0-1028-gke
Starting StackRox Collector...
[INFO 2023/06/02 18:02:24] Hostname: 'gke-jouko-0602-default-pool-67f3cdd9-k8lw'
[INFO 2023/06/02 18:02:24] User configured collection-method=core_bpf
[INFO 2023/06/02 18:02:24] Afterglow is enabled
[INFO 2023/06/02 18:02:24] Sensor configured at address: sensor.stackrox.svc:443
[INFO 2023/06/02 18:02:24] Attempting to connect to Sensor
[INFO 2023/06/02 18:02:24] Successfully connected to Sensor.
[INFO 2023/06/02 18:02:24] Module version: 2.4.0
[INFO 2023/06/02 18:02:24] Config: collection_method:1, useChiselCache:1, scrape_interval:30, turn_off_scrape:0, hostname:gke-jouko-0602-default-pool-67f3cdd9-k8lw, processesListeningOnPorts:1, logLevel:INFO
[INFO 2023/06/02 18:02:24] Attempting to find eBPF probe - Candidate versions:
[INFO 2023/06/02 18:02:24] CO.RE eBPF probe
[INFO 2023/06/02 18:02:24] collector-ebpf-5.15.0-1028-gke.o
[INFO 2023/06/02 18:02:25]
[INFO 2023/06/02 18:02:25] This product uses kernel module and ebpf subcomponents licensed under the GNU
[INFO 2023/06/02 18:02:25] GENERAL PURPOSE LICENSE Version 2 outlined in the /kernel-modules/LICENSE file.
[INFO 2023/06/02 18:02:25] Source code for the kernel module and ebpf subcomponents is available at
[INFO 2023/06/02 18:02:25] https://github.com/stackrox/falcosecurity-libs/
[INFO 2023/06/02 18:02:25]
[INFO 2023/06/02 18:02:25]
[INFO 2023/06/02 18:02:25] == Collector Startup Diagnostics: ==
[INFO 2023/06/02 18:02:25] Connected to Sensor? true
[INFO 2023/06/02 18:02:25] Kernel driver candidates:
[INFO 2023/06/02 18:02:25] CO.RE eBPF probe (available)
[INFO 2023/06/02 18:02:25] Driver loaded into kernel: CO.RE eBPF probe
[INFO 2023/06/02 18:02:25] ====================================
ks describe pod central-69b7898cb8-8rn9f
...
Environment:
GOMEMLIMIT: 8589934592 (limits.memory)
GOMAXPROCS: 4 (limits.cpu)
ROX_NAMESPACE: stackrox (v1:metadata.namespace)
ROX_OFFLINE_MODE: true
ROX_DEVELOPMENT_BUILD: true
ROX_HOTRELOAD: false
ROX_MANAGED_CENTRAL: false
ROX_NETWORK_ACCESS_LOG: false
ROX_POSTGRES_DATASTORE: true
ROX_RESYNC_DISABLED: true