Table of Contents
Introduction
KNI PAE is tested against 3 platforms: libvirt, aws and baremetal. A typical test consist on:
...
This is performed through Akraino Blueprint Validation project framework.
However the tests are currently launched manually after a cluster is deployed, integration with the CI is still pending, as we are hitting issues with the framework itself:
https://jira.akraino.org/projects/VAL/issues/VAL-108
https://jira.akraino.org/projects/VAL/issues/VAL-109
https://jira.akraino.org/projects/VAL/issues/VAL-110
As we use OpenShift, we cannot use the standard k8s conformance tests, because they are aimed for upstream Kubernetes and not for OpenShift.
As an alternative, we can run the openshift test validation suite: https://github.com/openshift/origin/blob/master/test/extended/conformance-k8s.sh
This is similar as the sonobuoy one, launching a set of e2e tests to validate that the cluster is deployed and works at a functional level. Those are the collected results:
https://logs.akraino.org/redhat-kni/bluval_results/blueprint-pae/2020050420200505-082903/out.log104443/out.log
Security Test
kube-hunter test was applied on the cluster:
https://logs.akraino.org/redhat-kni/bluval_results/blueprint-pae/20200423-071856/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter/cluster.log → In OpenShift we expose our version and we do not have control in configuration level for hiding it
https://logs.akraino.org/redhat-kni/bluval_results/blueprint-pae/20200423-071856/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter/pod.log → CAP_RAW is enabled by default in OpenShift, and same with the other Access Errors. It will need some advanced configuration to bypass these errors but by default the clusters will deploy with these security warnings.
Test Dashboards
https://jenkins.akraino.org/view/kni
...