constellation/conformance/README.md

# Reproducing Conformance Test Results

## Prerequisites

[Install & configure `gcloud` CLI](https://cloud.google.com/sdk/gcloud) for access to GCP.

[Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) for working with Kubernetes

For more information [follow our documentation.](https://docs.edgeless.systems/constellation/getting-started/install)

Additionally, [Sonobuoy CLI is required.](https://github.com/vmware-tanzu/sonobuoy/releases)
These tests results were produced using Sonobuoy v0.56.4.

## Provision Constellation Cluster

```sh
constellation create gcp 1 2 n2d-standard-4 -y
constellation init
export KUBECONFIG="$PWD/constellation-admin.conf"
```

## Run Conformance Tests

```sh
# Runs for ~2 hours.
sonobuoy run --mode certified-conformance
# Once status shows tests have completed...
sonobuoy status
# ... download & display results.
outfile=$(sonobuoy retrieve)
sonobuoy results $outfile
```

## Fetch Test Log & Report

The provided `e2e.log` & `junit_01.xml` were fetched like this:

```sh
tar -xvf $outfile
cat plugins/e2e/results/global/e2e.log
cat plugins/e2e/results/global/junit_01.xml
```

## Cleanup

```sh
# Remove test deployments
sonobuoy delete --wait
# Or, shutdown cluster
./constellation terminate
rm constellation-mastersecret.base64
```

## Run CIS Benchmark Tests

```sh
# Runs for <1 min.
sonobuoy run --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml --wait
# ... download & display results.
outfile=$(sonobuoy retrieve)
sonobuoy results $outfiles
```
Feat/conformity test (#79) * Added files required to request conformance with kubernetes * Extended firewall implementation to allow port ranges * Added default nodeport range to vpc network config 2022-04-26 11:09:03 -04:00			`# Reproducing Conformance Test Results`

			`## Prerequisites`

			[Install & configure `gcloud` CLI](https://cloud.google.com/sdk/gcloud) for access to GCP.

			`[Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/) for working with Kubernetes`

Update references to docs (#36) 2022-09-01 03:27:25 -04:00			`For more information [follow our documentation.](https://docs.edgeless.systems/constellation/getting-started/install)`
Feat/conformity test (#79) * Added files required to request conformance with kubernetes * Extended firewall implementation to allow port ranges * Added default nodeport range to vpc network config 2022-04-26 11:09:03 -04:00
			`Additionally, [Sonobuoy CLI is required.](https://github.com/vmware-tanzu/sonobuoy/releases)`
			`These tests results were produced using Sonobuoy v0.56.4.`

			`## Provision Constellation Cluster`

			```sh
Use 4 vCPU instances by default (#24) * Use 4 vcpu instances by default * Remove 2 vcpu instance type option Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-31 04:33:33 -04:00			`constellation create gcp 1 2 n2d-standard-4 -y`
Feat/conformity test (#79) * Added files required to request conformance with kubernetes * Extended firewall implementation to allow port ranges * Added default nodeport range to vpc network config 2022-04-26 11:09:03 -04:00			`constellation init`
			`export KUBECONFIG="$PWD/constellation-admin.conf"`
			```

			`## Run Conformance Tests`

			```sh
			`# Runs for ~2 hours.`
			`sonobuoy run --mode certified-conformance`
			`# Once status shows tests have completed...`
			`sonobuoy status`
			`# ... download & display results.`
			`outfile=$(sonobuoy retrieve)`
			`sonobuoy results $outfile`
			```

			`## Fetch Test Log & Report`

			The provided `e2e.log` & `junit_01.xml` were fetched like this:

			```sh
			`tar -xvf $outfile`
			`cat plugins/e2e/results/global/e2e.log`
			`cat plugins/e2e/results/global/junit_01.xml`
			```

			`## Cleanup`

			```sh
			`# Remove test deployments`
			`sonobuoy delete --wait`
			`# Or, shutdown cluster`
			`./constellation terminate`
			`rm constellation-mastersecret.base64`
			```
Add cis benchmark to conformance test (#165) * Add cis benchmark to conformance docs * Update e2e workflow to include cis benchmarks 2022-05-19 08:57:21 -04:00
			`## Run CIS Benchmark Tests`

			```sh
			`# Runs for <1 min.`
			`sonobuoy run --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml --wait`
			`# ... download & display results.`
			`outfile=$(sonobuoy retrieve)`
			`sonobuoy results $outfiles`
			```