tests · 1cc0f3c8c9e43a2e40d668516816b51d473c11ac · Mirror / Kubespray · GitLab

Snippets Groups Projects

Use agnhost instead of busybox for network test (#9390)

Kenichi Omichi authored 2 years ago

busybox container requires a root permission for ping.
For testing hardening method at CI, we need to switch to another image
which doesn't require the root permission for network testing.
On kubernetes/kubernetes repo, we are using agnhost which doesn't
require it. So this makes the test use aghhost image.

In addition, this updates the test manifest to specify securityContext
without any privilege.

72b45eec

72b45eec 2 years ago

Name	Last commit	Last update
..
cloud_playbooks
common
files
local_inventory
scripts
support
templates
testcases
Makefile
README.md
ansible.cfg
requirements-2.11.txt
requirements-2.12.txt
requirements.txt
run-tests.sh
shebang-unit

Kubespray cloud deployment tests
Amazon Web Service

Calico
Flannel
Weave

Debian Jessie

Ubuntu Trusty

RHEL 7.2

CentOS 7

Test environment variables
Common

Variable
Description
Required
Default

TEST_ID
A unique execution ID for this test
Yes

KUBE_NETWORK_PLUGIN
The network plugin (calico or flannel)
Yes

PRIVATE_KEY_FILE
The path to the SSH private key file
No

AWS Tests

Variable
Description
Required
Default

AWS_ACCESS_KEY
The Amazon Access Key ID
Yes

AWS_SECRET_KEY
The Amazon Secret Access Key
Yes

AWS_AMI_ID
The AMI ID to deploy
Yes

AWS_KEY_PAIR_NAME
The name of the EC2 key pair to use
Yes

AWS_SECURITY_GROUP
The EC2 Security Group to use
No
default

AWS_REGION
The EC2 region
No
eu-central-1

Use private ssh key
Key
openssl pkcs12 -in gce-secure.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out gce-secure.pem
cat gce-secure.pem |base64 -w0 > GCE_PEM_FILE`