mirror of
https://github.com/siderolabs/talos.git
synced 2025-08-27 09:31:14 +02:00
eea33a2254
This PR will run through the kube-bench tests as part of our nightly conformance runs Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
25 lines
1.1 KiB
Bash
Executable File
25 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
set -eou pipefail
|
|
|
|
source ./hack/test/e2e-runner.sh
|
|
|
|
## Run CIS conformance
|
|
echo "Master CIS Conformance:"
|
|
e2e_run "export KUBECONFIG=${KUBECONFIG}-${PLATFORM}-capi
|
|
kubectl apply -f /e2emanifests/cis-kube-bench-master.yaml
|
|
kubectl wait --timeout=60s --for=condition=complete job/kube-bench-master > /dev/null
|
|
kubectl logs job/kube-bench-master"
|
|
|
|
echo "Worker CIS Conformance:"
|
|
e2e_run "export KUBECONFIG=${KUBECONFIG}-${PLATFORM}-capi
|
|
kubectl apply -f /e2emanifests/cis-kube-bench-node.yaml
|
|
kubectl wait --timeout=60s --for=condition=complete job/kube-bench-node > /dev/null
|
|
kubectl logs job/kube-bench-node"
|
|
|
|
# Download sonobuoy and run kubernetes conformance
|
|
e2e_run "apt-get update && apt-get install wget
|
|
wget --quiet -O /tmp/sonobuoy.tar.gz ${SONOBUOY_URL}
|
|
tar -xf /tmp/sonobuoy.tar.gz -C /usr/local/bin
|
|
sonobuoy run --kubeconfig ${KUBECONFIG}-${PLATFORM}-capi --wait --skip-preflight --plugin e2e
|
|
results=\$(sonobuoy retrieve --kubeconfig ${KUBECONFIG}-${PLATFORM}-capi)
|
|
sonobuoy e2e --kubeconfig ${KUBECONFIG}-${PLATFORM}-capi \$results" |