test: add e2e cases for alternateReportStorage

.github/workflows/build.yaml

@@ -149,6 +149,7 @@ jobs:
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
+          config: tests/kind-config.yaml
 
       - name: Test connection to Kubernetes cluster
         run: |
@@ -215,6 +216,7 @@ jobs:
         with:
           version: ${{ env.KIND_VERSION }}
           image: kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865   # Using outdated version of k8s to test the cluster vulnerability reports
+          config: tests/kind-config.yaml
 
       - name: Test connection to Kubernetes cluster
         run: |
@@ -288,6 +290,13 @@ jobs:
 
           ./bin/kuttl test --start-kind=false --namespace e2e-test --config tests/e2e/config/fs-sbom.yaml
 
+          ./tests/resources-cleanup.sh > /dev/null 2>&1
+      - name: Alternate report storage (PVC-backed)
+        run: |
+          kubectl create namespace e2e-test
+
+          ./bin/kuttl test --start-kind=false --namespace e2e-test --config tests/e2e/config/alt-report-storage.yaml
+
           ./tests/resources-cleanup.sh > /dev/null 2>&1
       - name: Node scan producing cluster infraassessment report
         run: >

.github/workflows/chart-testing.yaml

@@ -49,6 +49,7 @@ jobs:
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
+          config: tests/kind-config.yaml
 
       - name: Test connection to Kubernetes cluster
         run: |

.github/workflows/private-registries.yaml

@@ -59,6 +59,7 @@ jobs:
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
+          config: tests/kind-config.yaml
 
       - name: Test connection to Kubernetes cluster
         run: |

.github/workflows/publish-helm-chart.yaml

@@ -50,6 +50,7 @@ jobs:
         with:
           version: ${{ env.KIND_VERSION }}
           node_image: ${{ env.KIND_IMAGE }}
+          config: tests/kind-config.yaml
 
       - name: Run chart-testing
         run: ct lint-and-install --validate-maintainers=false --charts deploy/helm

.github/workflows/release.yaml

@@ -65,6 +65,7 @@ jobs:
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
+          config: tests/kind-config.yaml
       - name: Test connection to Kubernetes cluster
         run: |
           kubectl cluster-info

CONTRIBUTING.md

@@ -70,10 +70,10 @@ Each commit message doesn't have to follow conventions as long as it is clear an
    ```
 
 3. Access to a Kubernetes cluster. We assume that you're using a [KIND][kind] cluster. To create a single-node KIND
-   cluster, run:
+   cluster with the same settings used in CI (including a hostPath mount for local-path-provisioner), run:
 
    ```
-   kind create cluster
+   kind create cluster --config tests/kind-config.yaml
    ```
 
 Note: Some of our tests performs integration testing by starting a local

tests/e2e/alt-report-storage/workload/00-pod.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+  namespace: e2e-test
+  labels:
+    app.kubernetes.io/name: wordpress
+    app: nginx
+spec:
+  containers:
+    - image: nginx:1.14.2
+      name: app

tests/e2e/alt-report-storage/workload/01-assert-pvc.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: trivy-operator-pvc
+  namespace: trivy-system
+status:
+  phase: Bound

tests/e2e/alt-report-storage/workload/02-assert-configmap.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: trivy-operator-config
+  namespace: trivy-system
+data:
+  trivy.reportDir: "/var/local-path-provisioner"

tests/e2e/alt-report-storage/workload/03-assert-files.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestAssert
+timeout: 180
+commands:
+  - script: |
+      set -euo pipefail
+      # get operator pod
+      POD=$(kubectl -n trivy-system get pods -l app.kubernetes.io/name=trivy-operator -o jsonpath='{.items[0].metadata.name}')
+      echo "Operator pod: $POD"
+      # wait for vulnerability report file to be written in alternate storage
+      for i in $(seq 1 36); do
+        if kubectl -n trivy-system exec "$POD" -- sh -c '[ -f /var/local-path-provisioner/vulnerability_reports/Pod-my-pod-app.json ]'; then
+          echo "Found alternate vulnerability report file"
+          exit 0
+        fi
+        echo "Waiting for report file... ($i)"
+        sleep 5
+      done
+      echo "Alternate report file not found in time" >&2
+      kubectl -n trivy-system exec "$POD" -- sh -c 'ls -la /var/local-path-provisioner/vulnerability_reports || true'
+      exit 1

tests/e2e/config/alt-report-storage.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestSuite
+commands:
+  - command: helm install trivy-operator ./deploy/helm --namespace trivy-system \
+      --create-namespace \
+      --set="image.tag=e2e" \
+      --set="targetNamespaces=e2e-test" \
+      --set="operator.sbomGenerationEnabled=true" \
+      --set="alternateReportStorage.enabled=true" \
+      --set="alternateReportStorage.mountPath=/var/local-path-provisioner" \
+      --set="alternateReportStorage.volumeName=trivy-operator-pvc" \
+      --set="alternateReportStorage.storage=10Gi"
+testDirs:
+  - tests/e2e/alt-report-storage
+timeout: 300
+kindNodeCache: true

tests/kind-config.yaml

@@ -0,0 +1,8 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: kind-test
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /tmp/data
+        containerPath: /var/local-path-provisioner