Skip to content

Test Plan

Jump to bottom
José Guilherme Vanz (a.k.a galináceo) edited this page Sep 28, 2021 · 22 revisions

Kubewarden installation

Test based on the Quick start documentation.

Steps

  1. Run the commands to install Kubewarden using the Helm charts. See more about the command in the Quick start documentation
  2. Wait installation to finish
  3. Check if the Kubewarden is installed and the custom resource definition is configured

Expected Results

The Kubewarden stack should be installed and properly configured in the Kubernetes cluster

Uninstall Kubewarden

Test based on the Quick start documentation.

Prerequisites

A Kubernetes cluster with Kubewarden installed.

Steps

  1. Delete all ClusterAdimissionPolicy resources
  2. Wait for the for the kubewarden-controller to remove all the Kubernetes ValidatingWebhookConfiguration and the MutatingWebhookConfiguration resources it created.
  3. Uninstall the Helm chart

Expected Results

After the deinstallation process all the Kubewarden stack should be removed.

Try to create a pod violating a policy

Prerequisites

A Kubernetes cluster with Kubewarden installed.

Steps

  1. Define a ClusterAdmissionPolicy 
kubectl apply -f - <<EOF
apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
  name: privileged-pods
spec:
  module: registry://ghcr.io/kubewarden/policies/pod-privileged:v0.1.5
  rules:
  - apiGroups: [""]
    apiVersions: ["v1"]
    resources: ["pods"]
    operations:
    - CREATE
    - UPDATE
  mutating: false
EOF
  1. Wait policy to be active
  2. Try to deploy a pod which violates the policy previously defined. It should fail.
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: privileged-pod
spec:
  containers:
    - name: nginx
      image: nginx:latest
      securityContext:
          privileged: true
EOF

Expected Results

The kubectl command used to create the pod should fail.

Try to create a pod not violating a policy

Prerequisites

A Kubernetes cluster with Kubewarden installed.

Steps

  1. Define a ClusterAdmissionPolicy 
kubectl apply -f - <<EOF
apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
  name: privileged-pods
spec:
  module: registry://ghcr.io/kubewarden/policies/pod-privileged:v0.1.5
  rules:
  - apiGroups: [""]
    apiVersions: ["v1"]
    resources: ["pods"]
    operations:
    - CREATE
    - UPDATE
  mutating: false
EOF
  1. Wait policy to be active
  2. Try to deploy a pod which violates the policy previously defined. It should not fail.
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: unprivileged-pod
spec:
  containers:
    - name: nginx
      image: nginx:latest
EOF

Expected Results

The kubectl command used to create the pod should not fail and the pod should be created.

Clone this wiki locally