Cédric Ollivier
Cédric Ollivier
A simple way to setup an hardened cluster as described in https://kubernetes.io/docs/tutorials/security/cluster-level-pss/ ``` $ cat kind.v1.29.yaml kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane image: kindest/node:v1.29.0 kubeadmConfigPatches: - | kind:...
Credits to - Anass Toub [[email protected]](mailto:[email protected]) - Yassine Remil [[email protected]](mailto:[email protected])
Credits to - Anass Toub [[email protected]](mailto:[email protected]) - Yassine Remil [[email protected]](mailto:[email protected])
Credits to - Anass Toub [[email protected]](mailto:[email protected]) - Yassine Remil [[email protected]](mailto:[email protected])
Credits to - Anass Toub [[email protected]](mailto:[email protected]) - Yassine Remil [[email protected]](mailto:[email protected])
Credits to - Anass Toub - Yassine Remil
By applying the patch, and testing via coredns all pass except - non_root_containers - specialized_init_system - zombie_handled - sig_term_handled
[BUG] CNF Test Suite cannot run today vs Clusters where Pod Security Standard restricted is enforced
A simple way to setup an hardened cluster as described in https://kubernetes.io/docs/tutorials/security/cluster-level-pss/ ``` $ cat kind.v1.29.yaml kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane image: kindest/node:v1.29.0 kubeadmConfigPatches: - | kind:...
It's ok by adding an extra call to uninstall_all (waiting for 1.4.1) https://gerrit.opnfv.org/gerrit/c/functest-kubernetes/+/74723
Please note that pulling the helm chart first and then leveraging helm_dirs works as a workaround ``` $ helm pull oci://registry-1.docker.io/bitnamicharts/apache --version 11.3.8 --untar $ cat cnf-testsuite.yml --- config_version: "v2"...