-
Notifications
You must be signed in to change notification settings - Fork 46
Test Plan
Test based on the Quick start documentation.
Kubernetes cluster up and running
- Run the commands to install Kubewarden using the Helm charts.
helm repo add kubewarden https://charts.kubewarden.io
helm install --namespace kubewarden --create-namespace kubewarden-controller kubewarden/kubewarden-controller- Wait installation to finish
- Check if the Kubewarden controller pod running
kubectl get pods- Check if the
ClusterAdmissionPolicycustom resource definition is installed
kubectl get crdsThe Kubewarden stack should be installed and properly configured in the Kubernetes cluster
A Kubernetes cluster with Kubewarden installed.
- Define a
ClusterAdimissionPolicy
kubectl apply -f - <<EOF
apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
name: privileged-pods
spec:
module: registry://ghcr.io/kubewarden/policies/pod-privileged:v0.1.5
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
operations:
- CREATE
- UPDATE
mutating: false
EOF- Check if the policy is listed as a
ClusterAdimissionPolicy
kubectl get clusteradmissionpolicy.policies.kubewarden.io- Check if the policy server is up and running
kubectl get podsThe policy should be installed in the cluster and active
A Kubernetes cluster with Kubewarden installed.
- Define a
ClusterAdmissionPolicy
kubectl apply -f - <<EOF
apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
name: privileged-pods
spec:
module: registry://ghcr.io/kubewarden/policies/pod-privileged:v0.1.5
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
operations:
- CREATE
- UPDATE
mutating: false
EOF- Wait policy to be active
- Try to deploy a pod which violates the policy previously defined. It should fail.
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: privileged-pod
spec:
containers:
- name: nginx
image: nginx:latest
securityContext:
privileged: true
EOFThe kubectl command used to create the pod should fail.
A Kubernetes cluster with Kubewarden installed.
- Define a
ClusterAdmissionPolicy
kubectl apply -f - <<EOF
apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
name: privileged-pods
spec:
module: registry://ghcr.io/kubewarden/policies/pod-privileged:v0.1.5
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
operations:
- CREATE
- UPDATE
mutating: false
EOF- Wait policy to be active
- Try to deploy a pod which violates the policy previously defined. It should not fail.
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
name: unprivileged-pod
spec:
containers:
- name: nginx
image: nginx:latest
EOFThe kubectl command used to create the pod should not fail and the pod should be created.
A Kubernetes cluster with Kubewarden installed and a policy defined.
- Delete the policy defined in the cluster
kubectl delete -f "privileged-policy.yaml" - Check if the policy is not listed as a
ClusterAdimissionPolicy
kubectl get clusteradmissionpolicy.policies.kubewarden.io- Check if the policy server is up and running
kubectl get podsThe policy should be removed from the cluster
Test based on the Quick start documentation.
A Kubernetes cluster with Kubewarden installed.
- Delete all
ClusterAdimissionPolicyresources - Wait for the for the kubewarden-controller to remove all the Kubernetes
ValidatingWebhookConfigurationand theMutatingWebhookConfigurationresources it created. - Uninstall the Helm chart
After the deinstallation process all the Kubewarden stack should be removed.