Age | Commit message (Collapse) | Author | Files | Lines |
|
Sometimes, tested Kubernetes doesn't have direct access to Internet but
access through repository mirrors.
This patch handles this case for security test cases.
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I699d065ee691596c4a5ccf06c22ea76ef00fe497
|
|
Sometimes, tested Kubernetes doesn't have direct access to Internet but
access through repository mirrors.
This patch handles this case for rally test case.
There's two ways for providing the repository mirrors:
- Give an environment variable (`MIRROR_REPO`) which gives a repository
mirro with all needed images.
- Gives an environment variable per needed repo:
- `DOCKERHUB_REPO` for DockerHub repository (`docker.io`)
- `GCR_REPO` for Google Cloud repository (`gcr.io`)
- `K8S_GCR_REPO` for Kubernetes repository (`k8s.gcr.io`)
Needed images list has also been extracted so Kubernetes administrator can
easily upload these images to the mirror if the mirror also doesn't have
access to Internet.
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I2ea6622b79f7e3c3c63c1441c4dab48e9bc4fb1a
|
|
Change-Id: Idbc520f1b196fd9d66dc57d32a543a6af7b73598
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It would speedup the testing.
Change-Id: I084bcf0d44a060f65eb9549eab8dcbbf5a4cc9d5
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It also adds configs needed by resilience.
https://github.com/cncf/cnf-conformance/releases/tag/v0.9.19
Change-Id: I94b1efc47c5ceef96bc8879a6c71f92db1f63bd2
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It locally patches xrally_kubernetes before [1] is merged upstream.
It adds docker.io/appropriate/curl:edge in download_images.sh too.
[1] https://github.com/xrally/xrally-kubernetes/pull/51
Co-Authored-By: Tamas Lendvay <tamas.lendvay@nokia.com>
Change-Id: I82ea2c777cd4d8f24c38dbf32d66081846e3e9af
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It removes all hacks bypassing a few former bugs (e.g. [1]) and adapts
to the new cnf-conformance result output logic.
It runs all workload tests as it's now proposed (k8s conformance
is already part of smoke) and select the latest coredns
cnf-conformance.yml taking latest helm repo changes into account.
It sets criteria 95 as all steps are considered as passed and a
overall result 100/105.
[1] https://github.com/cncf/cnf-conformance/issues/388
Change-Id: I95b7889b21b86961e7a1d0c84b13e0ae367cae44
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I3ea22a4050ff1eb609cffb61edc41c49fab44366
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Helm fails when detecting arch if qemu.
time="2020-09-17T16:25:15Z" level=error msg="failure getting variant" error="getCPUInfo for pattern: Cpu architecture: not found"
https://build.opnfv.org/ci/job/functest-kubernetes-opnfv-functest-kubernetes-cnf-arm64-latest-helm_vims-run/1/console
Change-Id: Ida37062a780f9e2acf60035bf2d41fb8fbb61173
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It leverages helm rather than kubectl as proposed by k8s_vims.
A new abstract class Vims is added to factorize code between both
testcases.
Change-Id: Ie5de8d62e25e74f73f8e32167228a08e82989abd
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It depends on bandwidth.
30 minutes should be enough in all scenarios
Change-Id: Ieaad053c8f8a270e5da08275de217b15fdf17f44
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I52cb8303950269946774546cf8e413166c70a33c
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
The former deployment asked for all-in-one.
Change-Id: I12e470cec9e82b82c6f3ea5ff2431087f5deb9be
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I4f65a9eeb7eda471371668db9abfa49e2875c5b0
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It also fills self.details.
Change-Id: Ie73215ebcbd34de9d457fd364de4ab9cbdf64319
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It fills self.details and checks if the test case passes according
to criteria (severity = high by default)
Change-Id: Ib20779b4b5dca078c65b546c8703bc99856c6f41
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: Id7642e47ec2cc438c5fe3a0ec9447f72b358adab
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I0709e83f32261af232c20f94c1edef7423e05527
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It now works on minikube in addition to Functest gates.
Change-Id: I314989516f81dcddb3e615fe23480135f1d8cf9a
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I8132769ea23a376b2cae8b93beed27f5e66b9207
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I4b5da162dcb1efff810514498a20250c05afb3ba
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It eases offline testing.
The default command leverages kind as in-use in Functest.
Change-Id: I66a20ede5e857f80cf49b9b708843034bc3b9904
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It allows offline testing via xrally_kubernetes, k8s_vims, kube_bench
and kube_hunter.
Change-Id: I3084abec19f06a894d0083ecb3ed61882eddd785
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
The Kubernetes default pull policy is IfNotPresent unless the image tag
is :latest in which case the default policy is Always. IfNotPresent
causes the Kubelet to skip pulling an image if it already exists [1]
[1] https://kind.sigs.k8s.io/docs/user/quick-start/
Change-Id: I83dac6165d2bbef165ca852dd03e5b76a5356f2f
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It forbids offline testing.
Change-Id: I6790f64fd1382671300374b339ae038ef015cfab
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
https://build.opnfv.org/ci/job/functest-kubernetes-opnfv-functest-kubernetes-cnf-latest-cnf_conformance-run/7/console
Change-Id: Ia6845525e62274f7792b4cb1909f36204fb51418
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I51b013056bb5b88ef2e1de31e9171129e8ce4475
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
cnf-conformance doesn't support this architectures.
It also improve cleaning to publish artifacts [1].
[1] https://build.opnfv.org/ci/job/functest-kubernetes-opnfv-functest-kubernetes-cnf-latest-cnf_conformance-run/2/console
Change-Id: Ie64e4a1b8b496a050a1798eaf4e5ef6397c011d0
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It selects cnf-conformance v0.7.2-beta1 (current latest release) and
the default CNF as proposed by [1].
The end user is free to override the default yml files on purpose (e.g.
docker volumes). Tag (default: all) could be modified too via
testcases.yaml
[1] https://hackmd.io/@vulk/SkY54QnsU
Change-Id: Iec2a830c441e523e067f6eb114ecb205c49c6b93
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
homestead-prov sometimes fails reaching cassandra
30-08-2020 10:33:44.064 UTC ERROR base.py:327: Translating internal <class 'telephus.cassandra.ttypes.TimedOutException'> error into a 503 status code
30-08-2020 10:34:32.257 UTC ERROR base.py:327: Translating internal <class 'telephus.cassandra.ttypes.TimedOutException'> error into a 503 status code
Change-Id: I48566e39dca3dc9644733a76140a76300bbfd84e
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It raises 413 Client Error: Request Entity Too Large for url [1]
[1] https://build.opnfv.org/ci/job/functest-kubernetes-pi-ollivier-functest-kubernetes-benchmarking-latest-xrally_kubernetes_full-run/1/console
Change-Id: I165f7aec53d8ce1e567491a5b5559f00b1fe4a4c
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
https://build.opnfv.org/ci/job/functest-kubernetes-pi-ollivier-functest-kubernetes-benchmarking-latest-xrally_kubernetes_full-run/1/console
Change-Id: I13685d74ce9e286520af6f1e5cd6ce9dafc3d5ea
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
https://github.com/aquasecurity/kube-hunter/commit/3e06647b4c09257cb994bbdd174ee621e2af5406
Change-Id: Idf470f0161aaeb7a326a3e2a4e680445d9f00eac
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: Ib2b7bb6de8cd6524fcc52baf48ebf5c4835c396b
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It iterates 10 times all operations run by xrally_kubernetes.
Now times, concurrenty and count can be set via testcases.yaml.
It creates a new containers functest-kubernetes-benchamrking as
Functest.
Change-Id: Ibfd493b987a359a3f16c2d8db0aef6b8e90b7e92
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
|
|
Change-Id: I63c6af9d0e20aab426e7f875cdb4f86d206f49aa
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
https://build.opnfv.org/ci/job/functest-kubernetes-pi-ollivier-functest-kubernetes-healthcheck-arm-latest-k8s_smoke-run/2/console
Change-Id: I57f3ae0051fb55c8c80de81e79168e61c06d85bb
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
|
|
It eases creating specific CNTT test cases based on K8s E2E testing.
Change-Id: I304960fda760ffc47d763d53511898699f63e356
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It now creates a namespace to allow running the test cases twice in
parallel. It also overprotects clean operations to force a full delete.
Change-Id: Ie0becd8ea9126328e7280591bacc0d88e14dd031
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It now creates a namespace to allow running the test case twice in
parallel (see DNS requests).
Change-Id: Ib47b3fb2d753f8259d9224cb79168cde68d8e854
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: If61a36020f3dfa5ba0a9858df769138257f9ec94
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It seems fixing the last side effects.
Change-Id: Iee8506c2f0048f7c2619b772aea815288a40145e
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I6647d9acfabd2ce2d12ff2f30393c2de8f6165ff
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: Id8b042fd38399f0cf1868f67b5a3f4f1b4f2ef0d
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Else it waits 20 minutes for nothing [1]
[1] https://build.opnfv.org/ci/job/functest-kubernetes-opnfv-functest-kubernetes-cnf-latest-k8s_vims-run/5/console
Change-Id: I6427f28975b465ef503f9a3f2868b878fa92b55e
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Else Xtesting publishes the default xtesting.log [1]
[1] https://build.opnfv.org/ci/job/functest-kubernetes-opnfv-functest-kubernetes-security-latest-kube_hunter-run/2/console
Change-Id: I0b9b9eda04762771d4e10f0d124b4d5f2975a4da
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
run kube-hunter and kube-bench cases dealing with security in kubernetes (check
vulnerabilities) [1][2]
It's the first step only printing the output.
[1]: https://github.com/aquasecurity/kube-bench
[2]: https://github.com/aquasecurity/kube-hunter
Co-Authored-By: Cédric Ollivier <cedric.ollivier@orange.com>
Change-Id: I3bd9bda80046ef7a0c494d51dfb0b8cbfea02bb0
Signed-off-by: mrichomme <morgan.richomme@orange.com>
|
|
The new testcase "k8s_vims" deploys and tests Clearwater IMS using
Kubernetes. It follows the procedures proposed by clearwater-docker [1].
[1] https://github.com/Metaswitch/clearwater-docker
Change-Id: I2fe3cd03a5dedfc61fbab294c53b4bc0b0fa70be
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|