Commit Graph

29 Commits (384e5dd4c4d6e12d3e3263589144d1ae7979e2dd)

Author SHA1 Message Date
Matthew Mosesohn d487b2f927 Security best practice fixes (#1783)
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
2017-10-15 20:41:17 +01:00
Matthew Mosesohn bd272e0b3c Upgrade to kubeadm (#1667)
* Enable upgrade to kubeadm

* fix kubedns upgrade

* try upgrade route

* use init/upgrade strategy for kubeadm and ignore kubedns svc

* Use bin_dir for kubeadm

* delete more secrets

* fix waiting for terminating pods

* Manually enforce kube-proxy for kubeadm deploy

* remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 10:38:58 +01:00
Matthew Mosesohn 8e731337ba Enable HA deploy of kubeadm (#1658)
* Enable HA deploy of kubeadm

* raise delay to 60s for starting gce hosts
2017-09-15 22:28:15 +01:00
Matthew Mosesohn b294db5aed fix apply for netchecker upgrade (#1659)
* fix apply for netchecker upgrade and graceful upgrade

* Speed up daemonset upgrades. Make check wait for ds upgrades.
2017-09-15 13:19:37 +01:00
Matthew Mosesohn 0f231f0e76 Improve method to create and wait for gce instances (#1645) 2017-09-09 23:41:31 +03:00
Matthew Mosesohn 649388188b Fix netchecker update side effect (#1644)
* Fix netchecker update side effect

kubectl apply should only be used on resources created
with kubectl apply. To workaround this, we should apply
the old manifest before upgrading it.

* Update 030_check-network.yml
2017-09-09 23:38:38 +03:00
Matthew Mosesohn f29a42721f Clean up debug in check apiserver test (#1638)
* Clean up debug in check apiserver test

* Change password generation for kube_user

Special characters are not allowed in known_users.csv file
2017-09-08 15:47:13 +03:00
Matthew Mosesohn 7117614ee5 Use a generated password for kube user (#1624)
Removed unnecessary root user
2017-09-06 20:20:25 +03:00
Matthew Mosesohn fd20e0de90 Wait for container creation in check network test 2017-04-04 13:12:24 +03:00
Sergii Golovatiuk d31c040dc0 Change kube-api default port from 443 to 6443
Operator can specify any port for kube-api (6443 default) This helps in
case where some pods such as Ingress require 443 exclusively.

Closes: 820
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 15:45:35 +01:00
Antoine Legrand 08d9d24320 Add subnet var in tests 2017-02-23 15:14:28 +01:00
Matthew Mosesohn 19d0159e33 Raise timeout for get netchecker agents 2017-02-21 14:48:25 +03:00
Matthew Mosesohn ce4eefff6a Use first kube-master to check results 2017-02-18 14:11:51 +04:00
Matthew Mosesohn 82b247d1a4 Adapt advanced network checker for scale
Skip nodes not in ansible play (via --limit)
2017-02-18 14:09:57 +04:00
Matthew Mosesohn ee15f99dd7 Add CI cases for testing upgrade from v2.0.1 release
These are manual trigger jobs, but should be run if any PR
impacts upgrades.
2017-02-10 10:20:58 +04:00
crodetsky 8e29b08070 Genericize test cases and namespace create pod
This change modifies 020_check-create-pod and 030_check-network test cases to
target `kube-master[0]` instead of `node1` as these tests can be useful in
deployments that do not use the same naming convention as the basic tests.

This change also modifies 020_check-create-pod to namespace into a `test`
namespace allowing the `get pods` command to get its expected number of
running containers.

Closes #866 and #867.
2017-01-18 14:52:35 -05:00
Bogdan Dobrelya 5af2c42bde Better fix for different CoreOS os family facts
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 16:32:08 +01:00
Bogdan Dobrelya f7447837c5 Rename CoreOS fact
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 14:02:29 +01:00
Bogdan Dobrelya 79996b557b Rework ignore_errors to report no reds
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 13:00:50 +01:00
Bogdan Dobrelya d7b0ff3de6 Consider netcheck passed if agents can't report in time
Double the time to wait for the netcheck agents.
Do not fail CI build, if agents can't report in time.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-15 10:28:03 +01:00
Bogdan Dobrelya 8d7b25d4f0 Enable netchecker for CI
* Enable netchecker app for CI postinstall tests
* Rework outputs and better coverage to the ping between pods post
intall test case. With netchecker deployed, the test covers hostnet
to hostnet and standard to standrad pods ping check as well.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-14 13:42:19 +01:00
Antoine Legrand b60d5647a2 Merge pull request #635 from kubernetes-incubator/download_images
Download images as dependencies of roles
2016-11-22 14:53:12 +01:00
Bogdan Dobrelya 66f27ed1f3 Download images as dependencies of roles
Pre download all required container images as roles' deps.
Drop unused flannel-server-helper images pre download.
Improve pods creation post-install test pre downloaded busybox.
Improve logs collection script with kubectl describe, fix sudo/etcd/weave
commands.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 11:13:57 +01:00
Bogdan Dobrelya 97d126ac8b Increase wait for pods post-install test
The test deployment/rc/pods creation time
is near 2m on slow CI instances with 1 CPU/1.7G RAM.
Increase wait time to allow the post test fail less often.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-21 18:50:05 +01:00
Bogdan Dobrelya e4d240b1b7 Improve CI test matrix
For Travis CI and GCE, add a naive generator script into a markdown table.
Add GCE/Travis CI matrix docs.
Add CoreOS test cases.
Rework existing cases w/o loosing of coverage.
Rework postinstall tests to support CoreOS as well.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-15 18:17:30 +01:00
Smana 0b67c23d42 test the apiserver from the masters instead of the deployment machine 2016-07-03 16:18:04 +02:00
Smana 608e7dfab2 upgrade k8s vers, and add a script for future upgrades 2016-05-12 15:56:30 +02:00
Smana 2feac2956a change tests, full path of kubectl binary 2016-02-13 14:47:53 +01:00
ant31 caa2555b1d Add complete test integration 2016-02-10 22:58:57 +01:00