Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Aqua enforcer Add On #216

Merged
merged 7 commits into from
Mar 26, 2024
Merged

Added Aqua enforcer Add On #216

merged 7 commits into from
Mar 26, 2024

Conversation

BaruchBilanski
Copy link
Contributor

Issue #, if available:

Description of changes:
Added Aqua enforcer Add On

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

elamaran11
elamaran11 requested changes Feb 26, 2024
View reviewed changes
Copy link
Contributor

@elamaran11 elamaran11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@BaruchBilanski Thankyou for the PR submission. Have minor questions but majorly, Checking the status of a pod run does not qualify for a functional test. Please check our functional job requirements for detailed requirements. You can also check our Partner submission test jobs for more reference.

eks-anywhere-common/Addons/Partner/Aqua/external-secret.yaml Show resolved Hide resolved
eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml Outdated
aqua_enforcer_pod="";
while true;
do
aqua_enforcer_pod=$(kubectl get pod -n aqua -l app=aqua-enforcer-ds --field-selector=status.phase==Running -o jsonpath="{.items[0].metadata.name}{range .items[0].status.conditions[?(@.type=='Ready')]}");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking the status of a pod run does not qualify for a functional test. Please check our functional job requirements for detailed requirements. You can also check our Partner submission test jobs for more reference.

@elamaran11 elamaran11 requested review from mikemcd3912 and Pjv93 March 5, 2024 13:52
@elamaran11
Copy link
Contributor

@BaruchBilanski Checking status of Aqua enforcer looks good to me. We will move to next step of validation.

@mikemcd3912 @Pjv93 Lets take this on priority to validate AquaSec for Conformance.

@mikemcd3912
Copy link
Contributor

mikemcd3912 commented Mar 8, 2024
edited
Loading

Based upon our testing the functional tests are failing to report status on Bottlerocket OS compute, and are unable to deploy the solution's pods successfully on ARM based compute. @BaruchBilanski Can you please confirm whether these options are currently supported and if not are there plans in your roadmap to support Bottlerocket and ARM in the future?

@mikemcd3912
Copy link
Contributor

mikemcd3912 commented Mar 14, 2024
edited
Loading

Current Behavior in our testing environments:

@mikemcd3912
Copy link
Contributor

Looks like the latest update has made some progress, but we are still experiencing issues with the ARM image pull:

  • VMware (K8s 1.28, Bottlerocket 1.15): Pods deploy and reach a ready state, tester completes successfully

  • Baremetal (K8s 1.27, Ubuntu 20.04.6 LTS): Pods deploy and reach a ready state, tester completes successfully

  • Outposts (K8s 1.27, Amazon Linux 2): Pods deploy and reach a ready state, tester completes
    successfully

  • EKS (K8s 1.28, x86 Amazon Linux 2): Pods deploy and reach a ready state, tester completes successfully

  • EKS (K8s 1.28, x86 Bottlerocket): Pods deploy and reach a ready state, tester completes successfully

  • EKS (K8s 1.28, ARM Bottlerocket 1.19): Pods do not deploy due to image pull error. Message reads "Failed to pull image "registry.aquasec.com/enforcer:2022.4.460": rpc error: code = NotFound desc = failed to pull and unpack image "registry.aquasec.com/enforcer:2022.4.460": no match for platform in manifest: not found"

@mikemcd3912
Copy link
Contributor

Thanks for the additional update! It looks like that has solved our image pull issue for ARM, but we're still getting stuck on the tester not connecting on that environmnet. All other environmnets are unaffected by the change and still run as expected:

  • VMware (K8s 1.28, Bottlerocket 1.15): Pods deploy and reach a ready state, tester completes successfully

  • Baremetal (K8s 1.27, Ubuntu 20.04.6 LTS): Pods deploy and reach a ready state, tester completes successfully

  • Outposts (K8s 1.27, Amazon Linux 2): Pods deploy and reach a ready state, tester completes successfully

  • EKS (K8s 1.28, x86 Amazon Linux 2): Pods deploy and reach a ready state, tester completes successfully

  • EKS (K8s 1.28, x86 Bottlerocket): Pods deploy and reach a ready state, tester completes successfully

  • EKS (K8s 1.28, ARM Bottlerocket 1.19): Pods deploy and report ready, Tester fails to connect to pods
    image

@mikemcd3912 mikemcd3912 merged commit 40100a1 into aws-samples:main Mar 26, 2024
1 check passed
@mikemcd3912 mikemcd3912 mentioned this pull request Mar 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikemcd3912 mikemcd3912 mikemcd3912 left review comments

@elamaran11 elamaran11 elamaran11 requested changes

@Pjv93 Pjv93 Awaiting requested review from Pjv93

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BaruchBilanski @elamaran11 @mikemcd3912