Adds falco-exporter to the integration test

falco-exporter requires falco to have grpc enabled, according to the Helm chart documentation.
canonical · Oct 15, 2024 · 0c2336e · 0c2336e
1 parent ad978cb
commit 0c2336e
Showing 1 changed file with 89 additions and 2 deletions.
diff --git a/tests/integration/test_falco.py b/tests/integration/test_falco.py
@@ -4,7 +4,9 @@
 #
 
 import logging
+import os
 import time
+import uuid
 
 import pytest
 from k8s_test_harness import harness
@@ -34,6 +36,53 @@ def _get_event_generator_helm_cmd():
     )
 
 
+def _get_falco_exporter_helm_cmd(instance: harness.Instance):
+    falco_exporter_rock = env_util.get_build_meta_info_for_rock_version(
+        "falco-exporter", "0.8.7", "amd64"
+    )
+
+    images = [
+        k8s_util.HelmImage(falco_exporter_rock.image),
+    ]
+
+    clone_path = os.path.join("/tmp", f"falcosecurity-charts-{str(uuid.uuid4())}")
+    clone_command = [
+        "git",
+        "clone",
+        "https://github.com/falcosecurity/charts",
+        "--branch",
+        "falco-exporter-0.12.1",
+        "--depth",
+        "1",
+        clone_path,
+    ]
+    instance.exec(clone_command)
+
+    # The Helm chart deploys the CSI components with readOnlyRootFilesystem: true, not allowing
+    # Pebble to run properly.
+    # The Helm chart deploys a daemonset with a /readiness readiness probe. However, the
+    # /readiness endpoint returns a 404 status code, but the /liveness endpoint does not.
+    # We're updating the readiness probe to point to the /liveness endpoint.
+    chart_path = os.path.join(clone_path, "charts/falco-exporter")
+    daemonset_path = os.path.join(chart_path, "templates/daemonset.yaml")
+    replace_cmd = [
+        "sed",
+        "-i",
+        "-e",
+        "s|/readiness|/liveness|g",
+        daemonset_path,
+    ]
+    instance.exec(replace_cmd)
+
+    return k8s_util.get_helm_install_command(
+        "falco-exporter",
+        chart_path,
+        namespace="falco",
+        images=images,
+        split_image_registry=True,
+    )
+
+
 def _get_falcosidekick_helm_cmd():
     falcosidekick_rock = env_util.get_build_meta_info_for_rock_version(
         "falcosidekick", "2.29.0", "amd64"
@@ -79,6 +128,10 @@ def _get_falco_helm_cmd(falco_version: str):
 
     set_configs = [
         "driver.kind=modern_ebpf",
+        # required for the falco-exporter.
+        # https://github.com/falcosecurity/charts/tree/master/charts/falco-exporter#falco-exporter-helm-chart
+        "falco.grpc.enabled=true",
+        "falco.grpc_output.enabled=true",
     ]
 
     return k8s_util.get_helm_install_command(
@@ -93,6 +146,33 @@ def _get_falco_helm_cmd(falco_version: str):
     )
 
 
+def _assert_falco_exporter_up(instance: harness.Instance):
+    # Assert that falco-exporter is responsive. The falco-exporter image is a bare image,
+    # so, we're using the falco Pod to curl the falco-exporter endpoint instead.
+    LOG.info("Checking if falco-exporter is being responsive.")
+    process = instance.exec(
+        [
+            "k8s",
+            "kubectl",
+            "--namespace",
+            "falco",
+            "exec",
+            f"{constants.K8S_DAEMONSET}/falco",
+            "--",
+            "curl",
+            "-s",
+            "http://falco-exporter:9376/metrics",
+        ],
+        check=True,
+        capture_output=True,
+        text=True,
+    )
+
+    assert (
+        "Total number of scrapes" in process.stdout
+    ), "Expected falco-exporter to return metrics."
+
+
 def _assert_falcosidekick_up(instance: harness.Instance):
     # Assert that falcosidekick is responsive. It has a ping method, to which we should get pong.
     # The falcosidekick image does not have curl or wget, but the falco image does.
@@ -178,8 +258,14 @@ def test_integration_falco(function_instance: harness.Instance, image_version):
     # Deploy falcosidekick helm chart and wait for it to become active.
     function_instance.exec(_get_falcosidekick_helm_cmd())
 
-    # Wait for the daemonset to become Active.
-    k8s_util.wait_for_daemonset(function_instance, "falco", "falco", retry_times=10)
+    # Deploy falco-exporter helm chart and wait for it to become active.
+    function_instance.exec(_get_falco_exporter_helm_cmd(function_instance))
+
+    # Wait for the daemonsets to become Active.
+    for daemonset in ["falco", "falco-exporter"]:
+        k8s_util.wait_for_daemonset(
+            function_instance, daemonset, "falco", retry_times=10
+        )
 
     # Wait for the deployments to become Active.
     for deployment in ["falcosidekick", "falcosidekick-ui"]:
@@ -202,3 +288,4 @@ def test_integration_falco(function_instance: harness.Instance, image_version):
 
     _assert_falco_logs(function_instance)
     _assert_falcosidekick_up(function_instance)
+    _assert_falco_exporter_up(function_instance)