 b0217a8ba1
			
		
	
	b0217a8ba1
	
	
	
		
			
			Add jobs in experimental pipeline to do the following:
  - install Sonobuoy
  - run CNCF Conformace Tests
  - run CIS Benchmarks Tests
Conformance tests include:
  - CNCF Compliance: uses sonobuoy end-to-end (e2e) and systemd-logs
                     plugins
  - CIS Benchmarks: utilizes the kube-bench implementation
                    of the CIS security benchmarks plugin
Pipeline can be triggered by comment
   - "check experimental"
Change-Id: I7d08ae42512dc4c83e2f550c4809ce1f8ddccc7b
Change-Id: I2e6469f5b8e229828532ce5499498da639d23fe6
		
	
		
			
				
	
	
		
			50 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			50 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| 
 | |
| # Licensed under the Apache License, Version 2.0 (the "License");
 | |
| # you may not use this file except in compliance with the License.
 | |
| # You may obtain a copy of the License at
 | |
| #
 | |
| #     http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| # Unless required by applicable law or agreed to in writing, software
 | |
| # distributed under the License is distributed on an "AS IS" BASIS,
 | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| # See the License for the specific language governing permissions and
 | |
| # limitations under the License.
 | |
| 
 | |
| set -xe
 | |
| : ${KUBECONFIG:="$HOME/.airship/kubeconfig"}
 | |
| # Available Modes: quick, certified-conformance, non-disruptive-conformance.
 | |
| # (default quick)
 | |
| : ${CONFORMANCE_MODE:="quick"}
 | |
| : ${KUBE_CONFORMANCE_IMAGE_VERSION:="v1.18.6"}
 | |
| : ${TIMEOUT:=10800}
 | |
| : ${TARGET_CLUSTER_CONTEXT:="target-cluster"}
 | |
| 
 | |
| mkdir -p /tmp/sonobuoy_snapshots/e2e
 | |
| cd /tmp/sonobuoy_snapshots/e2e
 | |
| 
 | |
| # Run aggregator, and default plugins e2e and systemd-logs
 | |
| sonobuoy run --plugin e2e --plugin systemd-logs -m ${CONFORMANCE_MODE} \
 | |
| --context "$TARGET_CLUSTER_CONTEXT" \
 | |
| --kube-conformance-image gcr.io/google-containers/conformance:${KUBE_CONFORMANCE_IMAGE_VERSION} \
 | |
| --kubeconfig ${KUBECONFIG} \
 | |
| --wait --timeout ${TIMEOUT} \
 | |
| --log_dir /tmp/sonobuoy_snapshots/e2e
 | |
| 
 | |
| # Get information on pods
 | |
| kubectl get all -n sonobuoy --kubeconfig ${KUBECONFIG} --context "$TARGET_CLUSTER_CONTEXT"
 | |
| 
 | |
| # Check sonobuoy status
 | |
| sonobuoy status --kubeconfig ${KUBECONFIG} --context "$TARGET_CLUSTER_CONTEXT"
 | |
| 
 | |
| # Get logs
 | |
| sonobuoy logs
 | |
| 
 | |
| # Store Results
 | |
| results=$(sonobuoy retrieve --kubeconfig ${KUBECONFIG} --context $TARGET_CLUSTER_CONTEXT)
 | |
| echo "Results: ${results}"
 | |
| 
 | |
| # Display Results
 | |
| sonobuoy results $results
 | |
| ls -ltr /tmp/sonobuoy_snapshots/e2e |