diff --git a/CATALOG.md b/CATALOG.md index 96f3c9663..85751f8ba 100644 --- a/CATALOG.md +++ b/CATALOG.md @@ -569,15 +569,15 @@ Tags|telco,lifecycle |Non-Telco|Optional| |Telco|Mandatory| -#### lifecycle-container-shutdown +#### lifecycle-container-poststart Property|Description ---|--- -Unique ID|lifecycle-container-shutdown -Description|Ensure that the containers lifecycle preStop management feature is configured. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. When pods are shut down by the platform they are sent a SIGTERM signal which means that the process in the container should start shutting down, closing connections and stopping all activity. If the pod doesn’t shut down within the default 30 seconds then the platform may send a SIGKILL signal which will stop the pod immediately. This method isn’t as clean and the default time between the SIGTERM and SIGKILL messages can be modified based on the requirements of the application. Containers should respond to SIGTERM/SIGKILL with graceful shutdown. -Suggested Remediation|The preStop can be used to gracefully stop the container and clean resources (e.g., DB connection). For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. All pods must respond to SIGTERM signal and shutdown gracefully with a zero exit code. +Unique ID|lifecycle-container-poststart +Description|Ensure that the containers lifecycle postStart management feature is configured. A container must receive important events from the platform and conform/react to these events properly. For example, a container should catch SIGTERM or SIGKILL from the platform and shutdown as quickly as possible. Other typically important events from the platform are PostStart to initialize before servicing requests and PreStop to release resources cleanly before shutting down. +Suggested Remediation|PostStart is normally used to configure the container, set up dependencies, and record the new creation. You could use this event to check that a required API is available before the container’s main work begins. Kubernetes will not change the container’s state to Running until the PostStart script has executed successfully. For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. PostStart is used to configure container, set up dependencies, record new creation. It can also be used to check that a required API is available before the container’s work begins. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices -Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification. +Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| |Extended|Mandatory| @@ -585,15 +585,15 @@ Tags|telco,lifecycle |Non-Telco|Optional| |Telco|Mandatory| -#### lifecycle-container-startup +#### lifecycle-container-prestop Property|Description ---|--- -Unique ID|lifecycle-container-startup -Description|Ensure that the containers lifecycle postStart management feature is configured. A container must receive important events from the platform and conform/react to these events properly. For example, a container should catch SIGTERM or SIGKILL from the platform and shutdown as quickly as possible. Other typically important events from the platform are PostStart to initialize before servicing requests and PreStop to release resources cleanly before shutting down. -Suggested Remediation|PostStart is normally used to configure the container, set up dependencies, and record the new creation. You could use this event to check that a required API is available before the container’s main work begins. Kubernetes will not change the container’s state to Running until the PostStart script has executed successfully. For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. PostStart is used to configure container, set up dependencies, record new creation. It can also be used to check that a required API is available before the container’s work begins. +Unique ID|lifecycle-container-prestop +Description|Ensure that the containers lifecycle preStop management feature is configured. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. When pods are shut down by the platform they are sent a SIGTERM signal which means that the process in the container should start shutting down, closing connections and stopping all activity. If the pod doesn’t shut down within the default 30 seconds then the platform may send a SIGKILL signal which will stop the pod immediately. This method isn’t as clean and the default time between the SIGTERM and SIGKILL messages can be modified based on the requirements of the application. Containers should respond to SIGTERM/SIGKILL with graceful shutdown. +Suggested Remediation|The preStop can be used to gracefully stop the container and clean resources (e.g., DB connection). For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. All pods must respond to SIGTERM signal and shutdown gracefully with a zero exit code. Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices -Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification. +Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| |Extended|Mandatory| diff --git a/cnf-certification-test/identifiers/doclinks.go b/cnf-certification-test/identifiers/doclinks.go index d647adeb6..d90220bf8 100644 --- a/cnf-certification-test/identifiers/doclinks.go +++ b/cnf-certification-test/identifiers/doclinks.go @@ -74,8 +74,8 @@ const ( // Lifecycle Suite TestAffinityRequiredPodsDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" TestStorageProvisionerDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-local-storage" - TestStartupIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" - TestShutdownIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" + TestContainerPostStartIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" + TestContainerPrestopIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" TestPodNodeSelectorAndAffinityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" TestPodHighAvailabilityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" TestPodDeploymentBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-no-naked-pods" diff --git a/cnf-certification-test/identifiers/identifiers.go b/cnf-certification-test/identifiers/identifiers.go index 29e166136..a0e5805e1 100644 --- a/cnf-certification-test/identifiers/identifiers.go +++ b/cnf-certification-test/identifiers/identifiers.go @@ -86,8 +86,8 @@ var ( TestHyperThreadEnable claim.Identifier TestReservedExtendedPartnerPorts claim.Identifier TestAffinityRequiredPods claim.Identifier - TestStartupIdentifier claim.Identifier - TestShutdownIdentifier claim.Identifier + TestContainerPostStartIdentifier claim.Identifier + TestContainerPrestopIdentifier claim.Identifier TestDpdkCPUPinningExecProbe claim.Identifier TestSysAdminIdentifier claim.Identifier TestNetAdminIdentifier claim.Identifier @@ -346,13 +346,13 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { }, TagCommon) - TestStartupIdentifier = AddCatalogEntry( - "container-startup", + TestContainerPostStartIdentifier = AddCatalogEntry( + "container-poststart", common.LifecycleTestKey, `Ensure that the containers lifecycle postStart management feature is configured. A container must receive important events from the platform and conform/react to these events properly. For example, a container should catch SIGTERM or SIGKILL from the platform and shutdown as quickly as possible. Other typically important events from the platform are PostStart to initialize before servicing requests and PreStop to release resources cleanly before shutting down.`, //nolint:lll `PostStart is normally used to configure the container, set up dependencies, and record the new creation. You could use this event to check that a required API is available before the container’s main work begins. Kubernetes will not change the container’s state to Running until the PostStart script has executed successfully. For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. PostStart is used to configure container, set up dependencies, record new creation. It can also be used to check that a required API is available before the container’s work begins.`, //nolint:lll - StartupIdentifierRemediation, - TestStartupIdentifierDocLink, + ContainerPostStartIdentifierRemediation, + TestContainerPostStartIdentifierDocLink, true, map[string]string{ FarEdge: Mandatory, @@ -362,13 +362,13 @@ func InitCatalog() map[claim.Identifier]claim.TestCaseDescription { }, TagTelco) - TestShutdownIdentifier = AddCatalogEntry( - "container-shutdown", + TestContainerPrestopIdentifier = AddCatalogEntry( + "container-prestop", common.LifecycleTestKey, `Ensure that the containers lifecycle preStop management feature is configured. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. When pods are shut down by the platform they are sent a SIGTERM signal which means that the process in the container should start shutting down, closing connections and stopping all activity. If the pod doesn’t shut down within the default 30 seconds then the platform may send a SIGKILL signal which will stop the pod immediately. This method isn’t as clean and the default time between the SIGTERM and SIGKILL messages can be modified based on the requirements of the application. Containers should respond to SIGTERM/SIGKILL with graceful shutdown.`, //nolint:lll `The preStop can be used to gracefully stop the container and clean resources (e.g., DB connection). For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. All pods must respond to SIGTERM signal and shutdown gracefully with a zero exit code.`, //nolint:lll - ShutdownIdentifierRemediation, - TestShutdownIdentifierDocLink, + ContainerPrestopIdentifierRemediation, + TestContainerPrestopIdentifierDocLink, true, map[string]string{ FarEdge: Mandatory, diff --git a/cnf-certification-test/identifiers/remediation.go b/cnf-certification-test/identifiers/remediation.go index aafe41de9..03c3c9a9b 100644 --- a/cnf-certification-test/identifiers/remediation.go +++ b/cnf-certification-test/identifiers/remediation.go @@ -184,7 +184,7 @@ const ( HyperThreadEnable = "Check that baremetal workers have hyperthreading enabled" - StartupIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification.` + ContainerPostStartIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification.` - ShutdownIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification.` + ContainerPrestopIdentifierRemediation = `Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification.` ) diff --git a/cnf-certification-test/lifecycle/suite.go b/cnf-certification-test/lifecycle/suite.go index a1bde5b33..9bbbcadab 100644 --- a/cnf-certification-test/lifecycle/suite.go +++ b/cnf-certification-test/lifecycle/suite.go @@ -73,7 +73,7 @@ func LoadChecks() { WithBeforeEachFn(beforeEachFn) // Prestop test - testID, tags := identifiers.GetGinkgoTestIDAndLabels(identifiers.TestShutdownIdentifier) + testID, tags := identifiers.GetGinkgoTestIDAndLabels(identifiers.TestContainerPrestopIdentifier) checksGroup.Add(checksdb.NewCheck(testID, tags). WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)). WithCheckFn(func(c *checksdb.Check) error { @@ -95,7 +95,7 @@ func LoadChecks() { })) // Poststart test - testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestStartupIdentifier) + testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestContainerPostStartIdentifier) checksGroup.Add(checksdb.NewCheck(testID, tags). WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)). WithCheckFn(func(c *checksdb.Check) error { diff --git a/generated_policy.json b/generated_policy.json index c96b32077..0045d4840 100644 --- a/generated_policy.json +++ b/generated_policy.json @@ -127,12 +127,12 @@ "tags": "common" }, { - "id": "lifecycle-container-shutdown", + "id": "lifecycle-container-prestop", "suite": "lifecycle", "tags": "telco" }, { - "id": "lifecycle-container-startup", + "id": "lifecycle-container-poststart", "suite": "lifecycle", "tags": "telco" },