Merge pull request #1571 from snyk/chore/remove-dead-code-staging

chore: remove dead code

Author: popas90

.circleci/config.yml

@@ -26,33 +26,6 @@ jobs:
                 mode: auto
                 release-branch: master
                 open-source-additional-arguments: --exclude=test
-    aks_integration_tests:
-        docker:
-            - image: cimg/node:18.19.1
-        resource_class: large
-        steps:
-            - checkout
-            - setup_remote_docker
-            - run:
-                command: npm ci
-            - install_python_requests
-            - azure-cli/install
-            - run:
-                command: mkdir -p /tmp/logs/test/integration/aks
-                name: Create temp dir for logs
-            - run:
-                command: |
-                    export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
-                    .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:aks:yaml
-                name: Integration tests AKS
-            - run:
-                command: |
-                    ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-                name: Notify Slack on failure
-                when: on_fail
-            - store_artifacts:
-                path: /tmp/logs/test/integration/aks
-        working_directory: ~/kubernetes-monitor
     build_image:
         docker:
             - image: cimg/base:current
@@ -143,150 +116,6 @@ jobs:
                 name: Notify Slack on failure
                 when: on_fail
         working_directory: ~/kubernetes-monitor
-    deploy_to_sysdig_integration_cluster:
-        docker:
-            - image: cimg/base:stable
-        steps:
-            - checkout
-            - run:
-                command: |
-                    LATEST_KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt)
-                    curl -LO "https://dl.k8s.io/release/${LATEST_KUBECTL_VERSION}/bin/linux/amd64/kubectl"
-                    curl -LO "https://dl.k8s.io/${LATEST_KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256"
-                    echo "$(<kubectl.sha256) kubectl" | sha256sum --check
-                    sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
-                    # Ensure the kubectl command is runnable
-                    kubectl version --client
-                    # Prepare kubeconfig to point to the cluster
-                    mkdir ~/.kube || true
-                    printf "%s" "${SYSDIG_KUBECONFIG}" | base64 -d > ~/.kube/config
-                name: Install and prepare kubectl
-            - run:
-                command: |
-                    curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
-                    chmod 700 get_helm.sh
-                    ./get_helm.sh
-                    # Ensure the Helm command is runnable
-                    helm version
-                name: Install Helm
-            - run:
-                command: |
-                    LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}`
-                    LATEST_TAG=${LATEST_TAG_WITH_V:1}-approved
-                    ./scripts/slack/notify_deploy.py $LATEST_TAG sysdig-integration-cluster
-                    helm upgrade --install snyk-monitor ./snyk-monitor --namespace snyk-monitor --set image.tag=${LATEST_TAG} --set clusterName="Sysdig cluster" --set sysdig.enabled=true
-                name: Deploy to shared Sysdig cluster
-            - run:
-                command: ./scripts/slack/notify_failure.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-                name: Notify Slack on failure
-                when: on_fail
-        working_directory: ~/kubernetes-monitor
-    eks_integration_tests:
-        docker:
-            - image: cimg/node:18.19.1
-        resource_class: large
-        steps:
-            - checkout
-            - setup_remote_docker
-            - run:
-                command: npm ci
-            - install_python_requests
-            - aws-cli/install:
-                override-installed: true
-            - run:
-                command: mkdir -p /tmp/logs/test/integration/eks
-                name: Create temp dir for logs
-            - run:
-                command: |
-                    export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
-                    .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:eks:yaml
-                name: Integration tests EKS
-            - run:
-                command: |
-                    ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-                name: Notify Slack on failure
-                when: on_fail
-            - store_artifacts:
-                path: /tmp/logs/test/integration/eks
-        working_directory: ~/kubernetes-monitor
-    integration_tests:
-        docker:
-            - image: cimg/node:18.19.1
-        resource_class: large
-        steps:
-            - checkout
-            - setup_remote_docker
-            - run:
-                command: npm ci
-            - install_python_requests
-            - run:
-                command: mkdir -p /tmp/logs/test/integration/kind
-                name: create temp dir for logs
-            - run:
-                command: |
-                    export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
-                    npm run test:integration:kind:yaml
-                name: Integration tests
-            - run:
-                command: |
-                    ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-                name: Notify Slack on failure
-                when: on_fail
-            - store_artifacts:
-                path: /tmp/logs/test/integration/kind
-        working_directory: ~/kubernetes-monitor
-    integration_tests_helm:
-        docker:
-            - image: cimg/node:18.19.1
-        resource_class: large
-        steps:
-            - checkout
-            - setup_remote_docker
-            - run:
-                command: npm ci
-            - install_python_requests
-            - run:
-                command: mkdir -p /tmp/logs/test/integration/kind-helm
-                name: Create temporary directory for logs
-            - run:
-                command: |
-                    export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
-                    npm run test:integration:kind:helm
-                name: Integration tests with Helm deployment
-            - run:
-                command: |
-                    ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-                name: Notify Slack on failure
-                when: on_fail
-            - store_artifacts:
-                path: /tmp/logs/test/integration/kind-helm
-        working_directory: ~/kubernetes-monitor
-    integration_tests_proxy:
-        docker:
-            - image: cimg/node:18.19.1
-        resource_class: large
-        steps:
-            - checkout
-            - setup_remote_docker
-            - run:
-                command: npm ci
-            - install_python_requests
-            - run:
-                command: mkdir -p /tmp/logs/test/integration/proxy
-                name: Create temporary directory for logs
-            - run:
-                command: |
-                    export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=$(./scripts/circleci-jobs/setup-integration-tests.py)
-                    npm run test:integration:kind:proxy
-                name: Integration tests with proxy
-            - run:
-                command: |
-                    ./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
-                name: Notify Slack on failure
-                when: on_fail
-            - store_artifacts:
-                path: /tmp/logs/test/integration/proxy
-        working_directory: ~/kubernetes-monitor
     lint:
         docker:
             - image: cimg/node:18.19.1
@@ -479,6 +308,7 @@ workflows:
             - deploy_to_prod:
                 context:
                     - team-container-integration-circleci
+                    - kubernetes-monitor
                 filters:
                     branches:
                         only:
@@ -517,7 +347,10 @@ workflows:
                     - unit_tests
                     - system_tests
             - prepare_to_deploy:
-                context: team-container-integration
+                context: 
+                    - team-container-integration
+                    - team-container-integration-circleci
+                    - kubernetes-monitor
                 filters:
                     branches:
                         only:

.circleci/do-exclusively

@@ -17,10 +17,10 @@ RUN --mount=type=secret,id=gh_token,required=true \
 FROM --platform=linux/amd64 node:18-alpine3.20
 
 LABEL name="Snyk Controller" \
-      maintainer="[email protected]" \
-      vendor="Snyk Ltd" \
-      summary="Snyk integration for Kubernetes" \
-      description="Snyk Controller enables you to import and test your running workloads and identify vulnerabilities in their associated images and configurations that might make those workloads less secure."
+    maintainer="[email protected]" \
+    vendor="Snyk Ltd" \
+    summary="Snyk integration for Kubernetes" \
+    description="Snyk Controller enables you to import and test your running workloads and identify vulnerabilities in their associated images and configurations that might make those workloads less secure."
 
 COPY LICENSE /licenses/LICENSE
 

Dockerfile

@@ -1,29 +1,64 @@
+# Testing the Kubernetes-Monitor
 
-[![Known Vulnerabilities](https://snyk.io/test/github/snyk/kubernetes-monitor/badge.svg)](https://snyk.io/test/github/snyk/kubernetes-monitor)
+- [Testing the Kubernetes-Monitor](#testing-the-kubernetes-monitor)
+  - [Unit Tests](#unit-tests)
+  - [System Tests](#system-tests)
+  - [Debugging with Tilt](#debugging-with-tilt)
+    - [Start a debugging session](#start-a-debugging-session)
+    - [Errors with read-only file system](#errors-with-read-only-file-system)
+    - [Cleaning up](#cleaning-up)
 
-# snyk/kubernetes-monitor #
+The Kubernetes-Monitor has different testing suites, each with different purposes and requirements.
+All our tests prefer a blackbox approach whenever possible.
 
-## Summary ##
+Different tests have different requirements in terms of software and environment variables. Requirements specific to one test suite will be described in each section, but the requirements shared by all of them are:
 
-A containerized application that is deployed with Helm. Monitors the security of a Kubernetes cluster by analyzing container images.
+1. npm
+2. Node (v10 or higher)
 
-## Prerequisites ##
+In order to run the Kubernetes-Monitor's tests, please run
+`npm test`.
 
-* 50 GiB of storage in the form of [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) or a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/).
-* External internet access from the Kubernetes cluster to `api.snyk.io`.
-* 1 CPU, 2 GiB RAM
-* 1 Kubernetes worker node of type `linux/amd64` - supported and tested only on the AMD64 CPU architecture
+## Unit Tests
 
-Supported Kubernetes distributions:
+These tests aim to check a single function, class or module.
+Our unit tests aren't thoroughly mocked, resulting in some tests' code reaching the Kubernetes client library we're using, adding noise and/or failures to some unit tests.
+Until this is fixed, one workaround is setting one's KUBECONFIG environment variable to a valid kubeconfig file.
 
-* Any *Generally Available* Kubernetes Certified distribution, for example: GKE, AKS, EKS, OCP.
+Run with `npm run test:unit`.
 
-Tested with the following [Security Context Constraint](scc.txt) on OCP.
+## System Tests
 
-## Installation with Helm ##
+System tests are supposed to test the Kubernetes-Monitor as a stand-alone component with as little external dependencies as possible. They are also supposed to completely cover the core functionality, so mocking or ignoring the Kubernetes API is out of the question.
+The resulting infrastructure is comprised of a local KinD cluster (like our integration tests) but does not install the Kubernetes-Monitor inside it. Rather, it runs the Kubernetes-Monitor's code as part of the test, and configures it against the KinD cluster.
+This means we're not running in the real runtime environment we expect to run (a Kubernetes cluster), but it's much easier to test the Monitor's outgoing requests or even internal state if we choose to, instead of relying on the Upstream service's state and API.
 
-Please refer to the [Helm chart installation instructions](./snyk-monitor/README.md).
+This test requires Skopeo for MacOS machines, but will install it for Linux machines that don't have it.
 
-## Documentation ##
+Run with `npm run test:system`.
 
-For detailed documentation and support, please refer to the [Snyk Kubernetes integration documentation](https://docs.snyk.io/products/snyk-container/kubernetes-workload-and-image-scanning).
+## Debugging with Tilt
+
+Tilt allows you to run and debug the snyk-monitor while it is running in a container. Tilt deploys the snyk-monitor using the same Helm chart that we publish to users.
+
+You can download Tilt from the [Tilt GitHub repository](https://github.com/tilt-dev/tilt#install-tilt).
+
+### Start a debugging session
+
+First, ensure you have the snyk-monitor namespace set up and the snyk-monitor Secret with your integration ID and dockercfg (as per the prerequisites for installing snyk-monitor).
+
+Finally, put breakpoints in the code and run `tilt up`.
+
+### Errors with read-only file system
+
+If you see an error like the following...
+
+```shell
+Error: EROFS: read-only file system, mkdir '/srv/app/.npm/_npx'
+```
+
+... it means that the `readOnlyRootFilesystem` protection on the snyk-monitor Helm Deployment causes issues with Tilt. This can be fixed by removing the `readOnlyRootFilesystem: true` value from the Helm chart located in `snyk-monitor/templates/deployment.yaml`.
+
+### Cleaning up
+
+Run `tilt down` to tear down the debugging session.