From fbfa4cda09f7130eac8afa5fc6fa51d926fe2b4f Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque Date: Tue, 12 Dec 2023 14:30:39 -0600 Subject: [PATCH] Revert "Rename poststart test (#1698)" This reverts commit 117a250c02a83b6479481c7ff4c073ac2e182c64. --- CATALOG.md | 20 +++++++++---------- .../identifiers/doclinks.go | 4 ++-- .../identifiers/identifiers.go | 20 +++++++++---------- .../identifiers/remediation.go | 4 ++-- cnf-certification-test/lifecycle/suite.go | 4 ++-- generated_policy.json | 4 ++-- 6 files changed, 28 insertions(+), 28 deletions(-) diff --git a/CATALOG.md b/CATALOG.md index 85751f8ba..96f3c9663 100644 --- a/CATALOG.md +++ b/CATALOG.md @@ -569,15 +569,15 @@ Tags|telco,lifecycle |Non-Telco|Optional| |Telco|Mandatory| -#### lifecycle-container-poststart +#### lifecycle-container-shutdown Property|Description ---|--- -Unique ID|lifecycle-container-poststart -Description|Ensure that the containers lifecycle postStart management feature is configured. A container must receive important events from the platform and conform/react to these events properly. For example, a container should catch SIGTERM or SIGKILL from the platform and shutdown as quickly as possible. Other typically important events from the platform are PostStart to initialize before servicing requests and PreStop to release resources cleanly before shutting down. -Suggested Remediation|PostStart is normally used to configure the container, set up dependencies, and record the new creation. You could use this event to check that a required API is available before the container’s main work begins. Kubernetes will not change the container’s state to Running until the PostStart script has executed successfully. For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. PostStart is used to configure container, set up dependencies, record new creation. It can also be used to check that a required API is available before the container’s work begins. +Unique ID|lifecycle-container-shutdown +Description|Ensure that the containers lifecycle preStop management feature is configured. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. When pods are shut down by the platform they are sent a SIGTERM signal which means that the process in the container should start shutting down, closing connections and stopping all activity. If the pod doesn’t shut down within the default 30 seconds then the platform may send a SIGKILL signal which will stop the pod immediately. This method isn’t as clean and the default time between the SIGTERM and SIGKILL messages can be modified based on the requirements of the application. Containers should respond to SIGTERM/SIGKILL with graceful shutdown. +Suggested Remediation|The preStop can be used to gracefully stop the container and clean resources (e.g., DB connection). For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. All pods must respond to SIGTERM signal and shutdown gracefully with a zero exit code. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices -Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification. +Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| |Extended|Mandatory| @@ -585,15 +585,15 @@ Tags|telco,lifecycle |Non-Telco|Optional| |Telco|Mandatory| -#### lifecycle-container-prestop +#### lifecycle-container-startup Property|Description ---|--- -Unique ID|lifecycle-container-prestop -Description|Ensure that the containers lifecycle preStop management feature is configured. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. When pods are shut down by the platform they are sent a SIGTERM signal which means that the process in the container should start shutting down, closing connections and stopping all activity. If the pod doesn’t shut down within the default 30 seconds then the platform may send a SIGKILL signal which will stop the pod immediately. This method isn’t as clean and the default time between the SIGTERM and SIGKILL messages can be modified based on the requirements of the application. Containers should respond to SIGTERM/SIGKILL with graceful shutdown. -Suggested Remediation|The preStop can be used to gracefully stop the container and clean resources (e.g., DB connection). For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. All pods must respond to SIGTERM signal and shutdown gracefully with a zero exit code. +Unique ID|lifecycle-container-startup +Description|Ensure that the containers lifecycle postStart management feature is configured. A container must receive important events from the platform and conform/react to these events properly. For example, a container should catch SIGTERM or SIGKILL from the platform and shutdown as quickly as possible. Other typically important events from the platform are PostStart to initialize before servicing requests and PreStop to release resources cleanly before shutting down. +Suggested Remediation|PostStart is normally used to configure the container, set up dependencies, and record the new creation. You could use this event to check that a required API is available before the container’s main work begins. Kubernetes will not change the container’s state to Running until the PostStart script has executed successfully. For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. PostStart is used to configure container, set up dependencies, record new creation. It can also be used to check that a required API is available before the container’s work begins. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices -Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification. +Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| |Extended|Mandatory| diff --git a/cnf-certification-test/identifiers/doclinks.go b/cnf-certification-test/identifiers/doclinks.go index d90220bf8..d647adeb6 100644 --- a/cnf-certification-test/identifiers/doclinks.go +++ b/cnf-certification-test/identifiers/doclinks.go @@ -74,8 +74,8 @@ const ( // Lifecycle Suite TestAffinityRequiredPodsDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" TestStorageProvisionerDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-local-storage" - TestContainerPostStartIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" - TestContainerPrestopIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" + TestStartupIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" + TestShutdownIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" TestPodNodeSelectorAndAffinityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" TestPodHighAvailabilityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" TestPodDeploymentBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-no-naked-pods" diff --git a/cnf-certification-test/identifiers/identifiers.go b/cnf-certification-test/identifiers/identifiers.go index a0e5805e1..29e166136 100644 --- a/cnf-certification-test/identifiers/identifiers.go +++ b/cnf-certification-test/identifiers/identifiers.go @@ -86,8 +86,8 @@ var ( TestHyperThreadEnable claim.Identifier TestReservedExtendedPartnerPorts claim.Identifier TestAffinityRequiredPods claim.Identifier - TestContainerPostStartIdentifier claim.Identifier - TestContainerPrestopIdentifier claim.Identifier + TestStartupIdentifier claim.Identifier + TestShutdownIdentifier claim.Identifier TestDpdkCPUPinningExecProbe claim.Identifier TestSysAdminIdentifier claim.Identifier TestNetAdminIdentifier claim.Identifier @@ -346,13 +346,13 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { }, TagCommon) - TestContainerPostStartIdentifier = AddCatalogEntry( - "container-poststart", + TestStartupIdentifier = AddCatalogEntry( + "container-startup", common.LifecycleTestKey, `Ensure that the containers lifecycle postStart management feature is configured. A container must receive important events from the platform and conform/react to these events properly. For example, a container should catch SIGTERM or SIGKILL from the platform and shutdown as quickly as possible. Other typically important events from the platform are PostStart to initialize before servicing requests and PreStop to release resources cleanly before shutting down.`, //nolint:lll `PostStart is normally used to configure the container, set up dependencies, and record the new creation. You could use this event to check that a required API is available before the container’s main work begins. Kubernetes will not change the container’s state to Running until the PostStart script has executed successfully. For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. PostStart is used to configure container, set up dependencies, record new creation. It can also be used to check that a required API is available before the container’s work begins.`, //nolint:lll - ContainerPostStartIdentifierRemediation, - TestContainerPostStartIdentifierDocLink, + StartupIdentifierRemediation, + TestStartupIdentifierDocLink, true, map[string]string{ FarEdge: Mandatory, @@ -362,13 +362,13 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { }, TagTelco) - TestContainerPrestopIdentifier = AddCatalogEntry( - "container-prestop", + TestShutdownIdentifier = AddCatalogEntry( + "container-shutdown", common.LifecycleTestKey, `Ensure that the containers lifecycle preStop management feature is configured. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. When pods are shut down by the platform they are sent a SIGTERM signal which means that the process in the container should start shutting down, closing connections and stopping all activity. If the pod doesn’t shut down within the default 30 seconds then the platform may send a SIGKILL signal which will stop the pod immediately. This method isn’t as clean and the default time between the SIGTERM and SIGKILL messages can be modified based on the requirements of the application. Containers should respond to SIGTERM/SIGKILL with graceful shutdown.`, //nolint:lll `The preStop can be used to gracefully stop the container and clean resources (e.g., DB connection). For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. All pods must respond to SIGTERM signal and shutdown gracefully with a zero exit code.`, //nolint:lll - ContainerPrestopIdentifierRemediation, - TestContainerPrestopIdentifierDocLink, + ShutdownIdentifierRemediation, + TestShutdownIdentifierDocLink, true, map[string]string{ FarEdge: Mandatory, diff --git a/cnf-certification-test/identifiers/remediation.go b/cnf-certification-test/identifiers/remediation.go index 03c3c9a9b..aafe41de9 100644 --- a/cnf-certification-test/identifiers/remediation.go +++ b/cnf-certification-test/identifiers/remediation.go @@ -184,7 +184,7 @@ const ( HyperThreadEnable = "Check that baremetal workers have hyperthreading enabled" - ContainerPostStartIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification.` + StartupIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification.` - ContainerPrestopIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification.` + ShutdownIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification.` ) diff --git a/cnf-certification-test/lifecycle/suite.go b/cnf-certification-test/lifecycle/suite.go index a2e8de295..bdbb0c807 100644 --- a/cnf-certification-test/lifecycle/suite.go +++ b/cnf-certification-test/lifecycle/suite.go @@ -73,7 +73,7 @@ func LoadChecks() { WithBeforeEachFn(beforeEachFn) // Prestop test - testID, tags := identifiers.GetGinkgoTestIDAndLabels(identifiers.TestContainerPrestopIdentifier) + testID, tags := identifiers.GetGinkgoTestIDAndLabels(identifiers.TestShutdownIdentifier) checksGroup.Add(checksdb.NewCheck(testID, tags). WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)). WithCheckFn(func(c *checksdb.Check) error { @@ -95,7 +95,7 @@ func LoadChecks() { })) // Poststart test - testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestContainerPostStartIdentifier) + testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestStartupIdentifier) checksGroup.Add(checksdb.NewCheck(testID, tags). WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)). WithCheckFn(func(c *checksdb.Check) error { diff --git a/generated_policy.json b/generated_policy.json index 0045d4840..c96b32077 100644 --- a/generated_policy.json +++ b/generated_policy.json @@ -127,12 +127,12 @@ "tags": "common" }, { - "id": "lifecycle-container-prestop", + "id": "lifecycle-container-shutdown", "suite": "lifecycle", "tags": "telco" }, { - "id": "lifecycle-container-poststart", + "id": "lifecycle-container-startup", "suite": "lifecycle", "tags": "telco" },