aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rw-r--r--functest_kubernetes/security/kube-bench-master.yaml2
-rw-r--r--functest_kubernetes/security/kube-bench-node.yaml2
-rw-r--r--functest_kubernetes/security/kube-hunter.yaml2
-rw-r--r--functest_kubernetes/security/security.py8
5 files changed, 11 insertions, 5 deletions
diff --git a/README.md b/README.md
index 372caf92..b0176576 100644
--- a/README.md
+++ b/README.md
@@ -123,7 +123,7 @@ sudo docker run --env-file env \
To test a Kubernetes without access to Internet, repository mirrors needs to be
provided.
-Currently, only rally tests supports this feature.
+Currently, only rally and security tests supports this feature.
There's two ways for providing the repository mirrors:
diff --git a/functest_kubernetes/security/kube-bench-master.yaml b/functest_kubernetes/security/kube-bench-master.yaml
index 755e2923..d1a13217 100644
--- a/functest_kubernetes/security/kube-bench-master.yaml
+++ b/functest_kubernetes/security/kube-bench-master.yaml
@@ -15,7 +15,7 @@ spec:
effect: NoSchedule
containers:
- name: kube-bench
- image: aquasec/kube-bench:0.3.1
+ image: {{ dockerhub_repo }}/aquasec/kube-bench:0.3.1
command: ["kube-bench", "master", "--json"]
volumeMounts:
- name: var-lib-etcd
diff --git a/functest_kubernetes/security/kube-bench-node.yaml b/functest_kubernetes/security/kube-bench-node.yaml
index 306ad600..95929774 100644
--- a/functest_kubernetes/security/kube-bench-node.yaml
+++ b/functest_kubernetes/security/kube-bench-node.yaml
@@ -9,7 +9,7 @@ spec:
hostPID: true
containers:
- name: kube-bench
- image: aquasec/kube-bench:0.3.1
+ image: {{ dockerhub_repo }}/aquasec/kube-bench:0.3.1
command: ["kube-bench", "node", "--json"]
volumeMounts:
- name: var-lib-kubelet
diff --git a/functest_kubernetes/security/kube-hunter.yaml b/functest_kubernetes/security/kube-hunter.yaml
index 6f895c01..b7d23547 100644
--- a/functest_kubernetes/security/kube-hunter.yaml
+++ b/functest_kubernetes/security/kube-hunter.yaml
@@ -7,7 +7,7 @@ spec:
spec:
containers:
- name: kube-hunter
- image: aquasec/kube-hunter:0.3.1
+ image: {{ dockerhub_repo }}/aquasec/kube-hunter:0.3.1
command: ["python", "kube-hunter.py"]
args: ["--pod", "--report", "json", "--statistics"]
restartPolicy: Never
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py
index 378b2c22..052c0ad4 100644
--- a/functest_kubernetes/security/security.py
+++ b/functest_kubernetes/security/security.py
@@ -16,10 +16,12 @@ from __future__ import division
import ast
import json
import logging
+import os
import time
import textwrap
import yaml
+from jinja2 import Template
from kubernetes import client
from kubernetes import config
from kubernetes import watch
@@ -32,6 +34,7 @@ class SecurityTesting(testcase.TestCase):
# pylint: disable=too-many-instance-attributes
"""Run Security job"""
watch_timeout = 1200
+ dockerhub_repo = os.getenv("MIRROR_REPO", "docker.io")
__logger = logging.getLogger(__name__)
@@ -63,7 +66,10 @@ class SecurityTesting(testcase.TestCase):
with open(pkg_resources.resource_filename(
"functest_kubernetes",
"security/{}.yaml".format(self.job_name))) as yfile:
- body = yaml.safe_load(yfile)
+ template = Template(yfile.read())
+ body = yaml.safe_load(template.render(
+ dockerhub_repo=os.getenv("DOCKERHUB_REPO",
+ self.dockerhub_repo)))
api_response = self.batchv1.create_namespaced_job(
body=body, namespace=self.namespace)
self.__logger.info("Job %s created", api_response.metadata.name)