aboutsummaryrefslogtreecommitdiffstats
path: root/functest_kubernetes
AgeCommit message (Collapse)AuthorFilesLines
2024-01-16Enforce baseline psp for cnf_testsuiteCédric Ollivier2-2/+21
It would be better not to change the default namespace. Change-Id: I9fde052d4dd7e0e4f6551213e2028c91c0296e42 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2024-01-13Manage netperf namespace to enforce baselineCédric Ollivier1-2/+24
Change-Id: If74322d583d9f16478aad8dcda6afa2368ff5482 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2024-01-13Apply privileged pod security standard to kube-benchCédric Ollivier1-1/+3
Change-Id: I0336d73f8a9663ef259adfe4377ce20499844021 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2024-01-13Enforce baseline Pod Security StandardCédric Ollivier2-2/+4
It allows running both security and ims testcases vs clusters where PodSecurityConfiguration enforces "restricted" [1]. [1] https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/ Change-Id: I9eb420cbb695ec8fb002f25cfd3c96ab50118fcc Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2024-01-12Remove Hostpath testingCédric Ollivier1-25/+0
It's against Security Standards as explained in [1]. "Using the hostPath volume type presents many security risks. If you can avoid using a hostPath volume, you should." It basically asks for the profile Privileged "pod-security.kubernetes.io/enforce": "privileged [1] https://kubernetes.io/docs/concepts/storage/volumes/#hostpath Change-Id: I89e35f11ab7917b904ac474401bf609ad9c5dd3d Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2024-01-09Fix pylint issues in netperfCédric Ollivier1-2/+3
Change-Id: I47eac42fd30e857e2a94a7b5caa5850b3c7c9196 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-12-22Print netperf logs in console if exceptionCédric Ollivier1-2/+4
Change-Id: I7ea76aaa595ba7716d4a355f8a1f2d73c2af3ae8 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-12-21Help Debugging when e2e result parsing failsCédric Ollivier1-4/+11
Change-Id: I7f153b0ddef25b0317d8e9a8b2dad55ab580b388 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-12-21Fix CNF TestSuite's log levelCédric Ollivier1-3/+3
Change-Id: I9a7e1a9d17fd575b7e6077d8ccf5dd5d1a259717 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-12-20Exit if early failure in cnf_testsuiteCédric Ollivier1-7/+23
Change-Id: I3a6a264a73bdc73c1c90471948316d216cf6ad98 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-12-07netperf csv output dir must be writableCédric Ollivier1-6/+7
It changes working dir in a writable one. Change-Id: I358233cff30c35da0d04921ac0521645a00b2656 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-12-05k8s.gcr.io -> registry.k8s.ioCédric Ollivier1-1/+1
https://kubernetes.io/blog/2022/11/28/registry-k8s-io-faster-cheaper-ga/ https://kubernetes.io/blog/2023/03/10/image-registry-redirect/ Change-Id: Ibae7149b6da15aa18f536d9ffdf09d155b591692 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-12-01Remove now falsy true in ginkgo call.Cédric Ollivier1-1/+1
Change-Id: I02b8984a5bbd13cd89e6118b1c0cf7b5c04e0fba Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-01-23Fix letter is lowercase in repositories.ymlCédric Ollivier1-12/+12
Co-authored-by: Peter Pongracz <peter.1.pongracz@nokia.com> Change-Id: I78be8192239cad58b25449c106da3e1f558bf13b Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-21Use Path.home() instead of ~Cédric Ollivier2-2/+4
Change-Id: I5863f4e0315b67a07dab4756857dba7aa37932f0 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-21Stop hardcoding KUBECONFIGCédric Ollivier2-2/+2
Change-Id: I6ac15eb3686d6502dfa1bbe179622693b1961f45 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-17cnf conformance now returns non zero valuesCédric Ollivier1-10/+5
Change-Id: I61cb69ef48b113571f791c7ee2ef7387c7421f32 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-17Use cnf certifaction criteriaCédric Ollivier1-4/+5
Change-Id: I7362827b600914ab032ba9657ac17e7bb157bdfc Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-17Update cnf_testsuite v0.34.0Cédric Ollivier1-4/+4
It now runs cert (replacing workload) It downgrades msg to warning as cnf_testsuite now returns non 0 values. Change-Id: I0ce4f201065bf601111d7154cb4afa31e9a4666c Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 4338a2532600e659179335a5f5f71ab15f83f8d7)
2022-10-14By default just print all vulnerabilitiesCédric Ollivier1-10/+5
It's the behavior expected by RA2. Please change it via testcases.yaml if needed. Change-Id: I84b02fa273f63ea1930bd356739243756032533d Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-10Uninstall falco and cri_tools after testingCédric Ollivier1-4/+6
Functest runs several clusters in the same server. It quickly failes if falco is still running (dkms tries to unload the module which is in-use). Change-Id: I13b596a78ac40064cbed1aead8c785cc1cfc8626 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-06Update kube bench test cases to latest devCédric Ollivier4-8/+121
Change-Id: I6edcfcced84d46a06933f4a5dc1702cfa90e3f9a Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-10-06Update hube-hunterCédric Ollivier1-2/+2
Change-Id: I41e9a4a95a53bf51286951db2911475a8d2dd3a9 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2022-09-30Replace -noColor by --no-colorCédric Ollivier1-1/+1
--noColor is deprecated, use --no-color instead Learn more at: https://onsi.github.io/ginkgo/MIGRATING_TO_V2#changed-command-line-flags Change-Id: I31d17fda3138a59bba65c1ad8155c07d6b05a828 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-11-15Update linters and fix all new issuesCédric Ollivier4-37/+33
It mostly adds encoding in open calls and leverages f-strings. It removes ansible-lint as it now asks for ansible, roles and collections. Change-Id: I3ef729f44b2c721b14d19df27805938298aa2c67 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-10-05Set defaut provider to local backCédric Ollivier1-2/+3
It apply the same rules as sonuoboy. Any user is free to set skeleton or something else via testcases.yml. Change-Id: Id999dfd5fbcf9bde9430e0f35c63c41e80c8044f Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-09-11Set encoding utf-8 when opening fileCédric Ollivier5-9/+16
Change-Id: I4e756552173247499ba882bfee4fbe8738fbae3d Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-09-10Fallback to item calculationCédric Ollivier1-0/+8
There is no final result if simple tag is called. Change-Id: If86c5115e917e5790799fac4308cf08d57e87905 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-08-18Update to Alpine 3.14Cédric Ollivier6-18/+19
It also disabled wrong order check as it fails vs kubernetes amongst others. [1] https://github.com/PyCQA/pylint/issues/2175 Change-Id: I3d641c213067428848212a148d25d78051c5674f Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-07-07Print cnf_testsuite console on exceptionsCédric Ollivier1-0/+4
Change-Id: I3c20993e1cbb644546ac89a8b4b7d1cfd98b0a80 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-06-20Allow passing extra opts to e2e.testCédric Ollivier1-0/+12
E2E_TEST_OPTS now allows setting runtime opts. For instance, Functest K8s gates ask for -container-runtime containerd Change-Id: I4f6e1caf57590b16d0c01324dadb040f67f3cee4 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-05-25Update cnf_testsuite to v0.11.2Cédric Ollivier1-22/+11
https://github.com/cncf/cnf-testsuite/releases/tag/v0.11.2 Change-Id: Id3a5ea98260859f7fe5aba6ecf02d09905610dda Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-05-09Benchmark Kubernetes Networking PerformanceCédric Ollivier2-0/+66
https://github.com/kubernetes/perf-tests/tree/master/network/benchmarks/netperf Change-Id: I6facd567f1c52c5949b53484a1fb107dcf34d622 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-05-03Fix cnf-conformance results filenameCédric Ollivier1-1/+1
It also decreases criteria to 1 due to massive changes (dockerd). Change-Id: Ic420139e6355debae183a77d6b0c574801b05076 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-05-03Update cnf-conformance to cnf-testsuiteCédric Ollivier1-10/+10
https://github.com/cncf/cnf-conformance https://github.com/cncf/cnf-testsuite Change-Id: I77983e0f04781a92b34afcf82f21366384782964 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-04-21Mock os.makedirsCédric Ollivier1-2/+7
Change-Id: I5f9fd24421727cea474715f502670ae6f2c80b76 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-04-03Fix etcd image repository in etcd-depl.yamlCédric Ollivier1-1/+1
Change-Id: I4447b4030b141b691b3a2cdf05c97c79de9eb72a Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-04-02Fix name in chronos-depl.yamlCédric Ollivier1-1/+1
Change-Id: Ia6972a216daaa9d807058b34b55615cab2c09b64 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-04-02Properly manage e2e parallel testingCédric Ollivier1-5/+7
It sets nodes=25 to run all tests in parallel. It also beautifies all testcases.yml Change-Id: I3ecd8899e957c0efbef34ab0409c2b4d557c9425 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-04-02Rather use skeleton instead of localCédric Ollivier1-1/+1
“skeleton”: cluster is accessed via the Kubernetes API and nothing else. https://kubernetes.io/blog/2019/03/22/kubernetes-end-to-end-testing-for-everyone/ Change-Id: Iea8b65b2ac55d40572c0078b7a9a956d1c54d62a Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-03-25 Provide support for air gapped env for e2eSylvain Desbureaux1-0/+35
Sometimes, tested Kubernetes doesn't have direct access to Internet but access through repository mirrors. This patch handles this case for e2e test case. Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iaa2960ad03aae1fff859d41bcd6ddf3176658f8e
2021-03-25Provide support for air gapped env for imsSylvain Desbureaux24-65/+80
Sometimes, tested Kubernetes doesn't have direct access to Internet but access through repository mirrors. This patch handles this case for ims test cases. Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I3b5e78fcf43ca7af6bcfd2d87fa4bb0705373697
2021-03-24Provide support for air gapped env for securitySylvain Desbureaux4-4/+10
Sometimes, tested Kubernetes doesn't have direct access to Internet but access through repository mirrors. This patch handles this case for security test cases. Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I699d065ee691596c4a5ccf06c22ea76ef00fe497
2021-03-19Provide support for air gapped env for rallySylvain Desbureaux4-79/+82
Sometimes, tested Kubernetes doesn't have direct access to Internet but access through repository mirrors. This patch handles this case for rally test case. There's two ways for providing the repository mirrors: - Give an environment variable (`MIRROR_REPO`) which gives a repository mirro with all needed images. - Gives an environment variable per needed repo: - `DOCKERHUB_REPO` for DockerHub repository (`docker.io`) - `GCR_REPO` for Google Cloud repository (`gcr.io`) - `K8S_GCR_REPO` for Kubernetes repository (`k8s.gcr.io`) Needed images list has also been extracted so Kubernetes administrator can easily upload these images to the mirror if the mirror also doesn't have access to Internet. Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2ea6622b79f7e3c3c63c1441c4dab48e9bc4fb1a
2021-03-15Fix k8s.gcr.io/etcd tag (3.4.13-0)Cédric Ollivier1-1/+1
Change-Id: Idbc520f1b196fd9d66dc57d32a543a6af7b73598 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-01-25Export GINKGO_PARALLEL=yCédric Ollivier1-1/+3
It would speedup the testing. Change-Id: I084bcf0d44a060f65eb9549eab8dcbbf5a4cc9d5 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2021-01-10Update cnf-conformance to v0.9.19Cédric Ollivier1-0/+6
It also adds configs needed by resilience. https://github.com/cncf/cnf-conformance/releases/tag/v0.9.19 Change-Id: I94b1efc47c5ceef96bc8879a6c71f92db1f63bd2 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2020-11-22Allow offline testing via xrally_kubernetesCédric Ollivier1-0/+1
It locally patches xrally_kubernetes before [1] is merged upstream. It adds docker.io/appropriate/curl:edge in download_images.sh too. [1] https://github.com/xrally/xrally-kubernetes/pull/51 Co-Authored-By: Tamas Lendvay <tamas.lendvay@nokia.com> Change-Id: I82ea2c777cd4d8f24c38dbf32d66081846e3e9af Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2020-11-21Update cnf_conformance to v0.9.4Cédric Ollivier1-25/+19
It removes all hacks bypassing a few former bugs (e.g. [1]) and adapts to the new cnf-conformance result output logic. It runs all workload tests as it's now proposed (k8s conformance is already part of smoke) and select the latest coredns cnf-conformance.yml taking latest helm repo changes into account. It sets criteria 95 as all steps are considered as passed and a overall result 100/105. [1] https://github.com/cncf/cnf-conformance/issues/388 Change-Id: I95b7889b21b86961e7a1d0c84b13e0ae367cae44 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2020-09-22Stop hardcoding ims- as generate_nameCédric Ollivier2-2/+10
Change-Id: I3ea22a4050ff1eb609cffb61edc41c49fab44366 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>