|
| 1 | +# Testing the Kubernetes-Monitor # |
| 2 | + |
| 3 | +The Kubernetes-Monitor has different testing suites, each with different purposes and requirements. |
| 4 | +All our tests prefer a blackbox approach whenever possible. |
| 5 | + |
| 6 | +## Unit Tests ## |
| 7 | + |
| 8 | +These tests aim to check a single function, class or module. |
| 9 | +Our unit tests aren't thoroughly mocked, resulting in some tests' code reaching the Kubernetes client library we're using, adding noise and/or failures to some unit tests. |
| 10 | +Until this is fixed, one workaround is setting one's KUBECONFIG environment variable to a valid kubeconfig file. |
| 11 | + |
| 12 | +## System Tests ## |
| 13 | + |
| 14 | +We don't have this kind of tests yet, but if we did, they would focus on the Kubeneretes-Monitor running as-is, just without its reliance on the Upstream service for validation (That is, assert outgoing requests, mock incoming responses). |
| 15 | + |
| 16 | +## Integration Tests ## |
| 17 | + |
| 18 | +These tests assert the Kubernetes-Monitor's behaviour mostly through its affect on our Upstream service's state. |
| 19 | + |
| 20 | +As part of these tests, we attempt pulling and scanning an image hosted on a private GCR registry. For this test case to work, one has to define the following environment variables: `GCR_IO_SERVICE_ACCOUNT`, `GCR_IO_DOCKERCFG`. |
| 21 | + |
| 22 | +Our integration tests may use different Kubernetes platforms to host the Kubernetes-Monitor. These platforms may use an existing cluster, or create a new one. Both decisions are based on the environment variables: |
| 23 | +* `TEST_PLATFORM` (`kind`, `eks`) |
| 24 | +* `CREATE_CLUSTER` (`true`, `false`). |
| 25 | + |
| 26 | +All integration tests determine the image to be tested based on the environment variable called `KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG`, and fallback to `snyk/kubernetes-monitor:local`, meaning one has to make sure the image desired to be tested is properly named and tagged. |
| 27 | + |
| 28 | +### KinD ### |
| 29 | + |
| 30 | +KinD is a Kubernetes-inside-Docker project mostly used for simple, light-weight conformance testing against the Kubernetes API. |
| 31 | +https://github.com/kubernetes-sigs/kind |
| 32 | + |
| 33 | +Our KinD integration test creates a new KinD cluster locally and deploys the Kubernetes-Monitor there. |
| 34 | + |
| 35 | +This test runs whenever we commit to any branch. |
| 36 | + |
| 37 | +### EKS ### |
| 38 | + |
| 39 | +EKS is Amazon's Kubernetes platform and helps us ensure we support not only the generic Kubernetes API, but also specificly EKS. |
| 40 | + |
| 41 | +This test uses an existing Amazon account with an existing EKS cluster, and as such has a few more prerequisites: |
| 42 | +- `pip` is used to ensure the `aws` CLI is installed and up to date. `aws` is then used to generate a `kubeconfig` file to access the EKS cluster, as well as credentials to ECR. |
| 43 | +- AWS environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION` are used to authenticate against the Amazon account. |
| 44 | +- `docker` is used to push the Kubernetes-Monitor's image to ECR. |
| 45 | + |
| 46 | +This test runs whenever we commit to our `staging` branch, and at the moment may only run once concurrently since it uses the same cluster. |
| 47 | + |
| 48 | +### Package Managers ### |
| 49 | + |
| 50 | +These tests attempt to provide some more thorough coverage for our scans of specific package manager: APK, APT and RPM. |
| 51 | + |
| 52 | +These tests run whenever we commit to any branch. |
0 commit comments