diff options
-rw-r--r-- | docker/cnf/Dockerfile | 10 | ||||
-rw-r--r-- | docker/core/Dockerfile | 7 | ||||
-rw-r--r-- | docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch | 39 | ||||
-rw-r--r-- | docker/healthcheck/Dockerfile | 2 |
4 files changed, 8 insertions, 50 deletions
diff --git a/docker/cnf/Dockerfile b/docker/cnf/Dockerfile index 9c9553e7..8c2e6e0a 100644 --- a/docker/cnf/Dockerfile +++ b/docker/cnf/Dockerfile @@ -1,11 +1,11 @@ FROM opnfv/functest-kubernetes-core -ARG CNF_TESTSUITE_TAG=v0.45.0 +ARG CNF_TESTSUITE_TAG=v1.0.0 ARG HELM_TAG=v3.3.1 USER root RUN apk --no-cache add --update wget curl libc6-compat ncurses && \ - tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest-1.29.txt) && \ + tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest-1.30.txt) && \ case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \ curl https://storage.googleapis.com/kubernetes-release/release/$tag/bin/linux/$arch/kubectl \ --output /usr/local/bin/kubectl && \ @@ -16,14 +16,14 @@ RUN apk --no-cache add --update wget curl libc6-compat ncurses && \ chmod +x /usr/local/bin/kubectl /usr/local/bin/helm && \ rm -r /src/helm-$HELM_TAG-linux-$arch.tar.gz /src/linux-$arch && \ case $(uname -m) in x86_64) \ - curl https://github.com/cncf/cnf-testsuite/releases/download/$CNF_TESTSUITE_TAG/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz \ + curl https://github.com/cnti-testcatalog/testsuite/releases/download/$CNF_TESTSUITE_TAG/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz \ -L --output /src/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz && \ - tar zxf /src/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz ./cnf-testsuite -C /usr/local/bin && \ + tar zxf /src/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz cnf-testsuite -C /usr/local/bin && \ chmod +x /usr/local/bin/cnf-testsuite && \ mkdir /src/cnf-testsuite && \ git init /src/cnf-testsuite && \ (cd /src/cnf-testsuite && \ - git fetch --tags https://github.com/cncf/cnf-testsuite.git $CNF_TESTSUITE_TAG && \ + git fetch --tags https://github.com/cnti-testcatalog/testsuite.git $CNF_TESTSUITE_TAG && \ git checkout FETCH_HEAD) && \ chown -R xtesting: /src/cnf-testsuite && \ ln -s /src/cnf-testsuite/example-cnfs/coredns/cnf-testsuite.yml /src/cnf-testsuite/cnf-testsuite.yml && \ diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile index e935d426..b6507da1 100644 --- a/docker/core/Dockerfile +++ b/docker/core/Dockerfile @@ -6,7 +6,6 @@ ARG OPNFV_TAG=master COPY Try-a-quick-fix-vs-asynchronuous-issues.patch /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch COPY Switch-to-threading.Thread-for-Rally-tasks.patch /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch -COPY Enforce-baseline-Pod-Security-Standard-with-namespac.patch /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch RUN apk -U upgrade && \ apk --no-cache add --update python3 py3-pip py3-wheel bash git grep libffi openssl mailcap \ libxml2 libxslt gcompat && \ @@ -36,16 +35,14 @@ RUN apk -U upgrade && \ /src/functest-kubernetes && \ (cd /src/rally && patch -p1 < /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch) && \ (cd /usr/lib/python3.10/site-packages/xrally_kubernetes/ && \ - patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \ - patch -p2 < /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch) && \ + patch -p2 < /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch) && \ rm -rf /src/functest-kubernetes /tmp/Switch-to-threading.Thread-for-Rally-tasks.patch && \ bash -c "mkdir -p /var/lib/xtesting /home/opnfv" && \ ln -s /var/lib/xtesting /home/opnfv/functest && \ mkdir -p /etc/rally && \ printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \ mkdir -p /var/lib/rally/database && rally db create && \ - rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch \ - /tmp/Enforce-baseline-Pod-Security-Standard-with-namespac.patch && \ + rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \ addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \ mkdir -p /etc/xtesting && chown -R xtesting: /etc/xtesting /etc/rally && \ mkdir -p /var/lib/xtesting/results && chown -R xtesting: /var/lib/xtesting /var/lib/rally && \ diff --git a/docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch b/docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch deleted file mode 100644 index 1a4cc1d0..00000000 --- a/docker/core/Enforce-baseline-Pod-Security-Standard-with-namespac.patch +++ /dev/null @@ -1,39 +0,0 @@ -From cf7998dc92bd9d0bcc99ee2c9a21b6c41d1b2750 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Ollivier?= <cedric.ollivier@orange.com> -Date: Fri, 12 Jan 2024 21:16:54 +0100 -Subject: [PATCH] Enforce baseline Pod Security Standard with namespace labels -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It allows running the xrally_kubernetes testcases vs clusters where -PodSecurityConfiguration enforces "restricted" [1]. - -Please note that Kubernetes.create_and_delete_pod_with_hostpath_volume -even requests for privileged [2]. - -[1] https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/ -[2] https://kubernetes.io/docs/concepts/storage/volumes/#hostpath - -Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> ---- - xrally_kubernetes/service.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/xrally_kubernetes/service.py b/xrally_kubernetes/service.py -index d38f84b..4f97550 100644 ---- a/xrally_kubernetes/service.py -+++ b/xrally_kubernetes/service.py -@@ -238,7 +238,8 @@ class Kubernetes(service.Service): - "metadata": { - "name": name, - "labels": { -- "role": name -+ "role": name, -+ "pod-security.kubernetes.io/enforce": "baseline" - } - } - } --- -2.43.0 - diff --git a/docker/healthcheck/Dockerfile b/docker/healthcheck/Dockerfile index dce2966d..b8970d98 100644 --- a/docker/healthcheck/Dockerfile +++ b/docker/healthcheck/Dockerfile @@ -2,7 +2,7 @@ FROM opnfv/functest-kubernetes-core USER root RUN apk --no-cache add --update curl libc6-compat && \ - tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest-1.29.txt) && \ + tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest-1.30.txt) && \ case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \ curl https://storage.googleapis.com/kubernetes-release/release/$tag/bin/linux/$arch/kubectl \ -s --output /usr/local/bin/kubectl && \ |