BobyMCbobs · February 20, 2024 01:49
diff --git a/chainsaw-knative-helloworld-test.yaml b/chainsaw-knative-helloworld-test.yaml
 # Based off of
 # https://github.com/knative/serving/blob/main/test/e2e/helloworld_test.go

 # TODO
 # - request URL and verify response

 ---
 apiVersion: chainsaw.kyverno.io/v1alpha1
 kind: Test
 metadata:
  name: helloworld
 spec:
  steps:
  - try:
    - apply:
        resource:
          apiVersion: serving.knative.dev/v1
          kind: Service
          metadata:
            name: helloworld
          spec:
            template:
              spec:
                containers:
                  - image: ghcr.io/knative/helloworld-go:latest
                    securityContext:
                      runAsNonRoot: true
                      runAsUser: 1000
                      runAsGroup: 1000
                    env:
                      - name: TARGET
                        value: World
    - assert:
        resource:
          apiVersion: serving.knative.dev/v1
          kind: Service
          metadata:
            name: helloworld
          spec:
            template:
              spec:
                containers:
                  - image: ghcr.io/knative/helloworld-go:latest
                    securityContext:
                      allowPrivilegeEscalation: false
                      capabilities:
                        drop:
                          - ALL
                      runAsNonRoot: true
                      runAsUser: 1000
                      runAsGroup: 1000
                    readinessProbe:
                      successThreshold: 1
                      tcpSocket:
                        port: 0
                    name: user-container
                    env:
                      - name: TARGET
                        value: World
          status:
            ~.(conditions[?type == 'Ready']):
              status: "True"
            ~.(conditions[?type == 'ConfigurationsReady']):
              status: "True"
            (url!=null): true
    - assert:
        resource:
          apiVersion: serving.knative.dev/v1
          kind: Revision
          metadata:
            annotations:
              serving.knative.dev/routes: helloworld
            labels:
              serving.knative.dev/configuration: helloworld
              serving.knative.dev/service: helloworld
            name: helloworld-00001
          spec:
            containers:
              - env:
                  - name: TARGET
                    value: World
                image: ghcr.io/knative/helloworld-go:latest
                securityContext:
                  runAsNonRoot: true
                  runAsUser: 1000
                  runAsGroup: 1000
                name: user-container
    - script:
        content: |
          URL="$(kubectl -n $NAMESPACE get services.serving.knative.dev helloworld -o=jsonpath='{.status.url}')"
          BODY="$(curl -sSL "$URL")"
          if [ ! "$BODY" = "Hello World!" ]; then
            echo "fail" > /dev/stderr;
            exit 1;
          fi
        check:
          # an error is expected, this will:
          # - succeed if the operation failed
          # - fail if the operation succeeded
          ($error == null): true
diff --git a/setup.sh b/setup.sh
 #!/bin/sh

 cat << EOF | kind create cluster --config -
 ---
 apiVersion: kind.x-k8s.io/v1alpha4
 kind: Cluster
 nodes:
  - role: control-plane
    image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
    extraPortMappings:
      - containerPort: 31080
        listenAddress: 0.0.0.0
        hostPort: 80
      - containerPort: 31443
        listenAddress: 0.0.0.0
        hostPort: 443
 EOF

 kubectl --context kind-kind apply -f https://github.com/knative/serving/releases/download/knative-v1.13.0/serving-crds.yaml
 kubectl --context kind-kind apply -f https://github.com/knative/serving/releases/download/knative-v1.13.0/serving-core.yaml
 kubectl --context kind-kind apply -f https://github.com/knative/net-kourier/releases/download/knative-v1.13.0/kourier.yaml
 kubectl --context kind-kind patch configmap/config-network \
  --namespace knative-serving \
  --type merge \
  --patch '{"data":{"ingress-class":"kourier.ingress.networking.knative.dev"}}'
 kubectl --context kind-kind -n knative-serving patch cm config-domain -p '{"data":{"127.0.0.1.sslip.io": ""}}'
 kubectl --context kind-kind -n kourier-system patch svc kourier -p '{"spec":{"ports":[{"name":"http2","port":80,"nodePort":31080}]}}'
 kubectl --context kind-kind apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.1/cert-manager.yaml
	# Based off of
	# https://github.com/knative/serving/blob/main/test/e2e/helloworld_test.go

	# TODO
	# - request URL and verify response

	---
	apiVersion: chainsaw.kyverno.io/v1alpha1
	kind: Test
	metadata:
	name: helloworld
	spec:
	steps:
	- try:
	- apply:
	resource:
	apiVersion: serving.knative.dev/v1
	kind: Service
	metadata:
	name: helloworld
	spec:
	template:
	spec:
	containers:
	- image: ghcr.io/knative/helloworld-go:latest
	securityContext:
	runAsNonRoot: true
	runAsUser: 1000
	runAsGroup: 1000
	env:
	- name: TARGET
	value: World
	- assert:
	resource:
	apiVersion: serving.knative.dev/v1
	kind: Service
	metadata:
	name: helloworld
	spec:
	template:
	spec:
	containers:
	- image: ghcr.io/knative/helloworld-go:latest
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	runAsNonRoot: true
	runAsUser: 1000
	runAsGroup: 1000
	readinessProbe:
	successThreshold: 1
	tcpSocket:
	port: 0
	name: user-container
	env:
	- name: TARGET
	value: World
	status:
	~.(conditions[?type == 'Ready']):
	status: "True"
	~.(conditions[?type == 'ConfigurationsReady']):
	status: "True"
	(url!=null): true
	- assert:
	resource:
	apiVersion: serving.knative.dev/v1
	kind: Revision
	metadata:
	annotations:
	serving.knative.dev/routes: helloworld
	labels:
	serving.knative.dev/configuration: helloworld
	serving.knative.dev/service: helloworld
	name: helloworld-00001
	spec:
	containers:
	- env:
	- name: TARGET
	value: World
	image: ghcr.io/knative/helloworld-go:latest
	securityContext:
	runAsNonRoot: true
	runAsUser: 1000
	runAsGroup: 1000
	name: user-container
	- script:
	content: \|
	URL="$(kubectl -n $NAMESPACE get services.serving.knative.dev helloworld -o=jsonpath='{.status.url}')"
	BODY="$(curl -sSL "$URL")"
	if [ ! "$BODY" = "Hello World!" ]; then
	echo "fail" > /dev/stderr;
	exit 1;
	fi
	check:
	# an error is expected, this will:
	# - succeed if the operation failed
	# - fail if the operation succeeded
	($error == null): true
	#!/bin/sh

	cat << EOF \| kind create cluster --config -
	---
	apiVersion: kind.x-k8s.io/v1alpha4
	kind: Cluster
	nodes:
	- role: control-plane
	image: kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
	extraPortMappings:
	- containerPort: 31080
	listenAddress: 0.0.0.0
	hostPort: 80
	- containerPort: 31443
	listenAddress: 0.0.0.0
	hostPort: 443
	EOF

	kubectl --context kind-kind apply -f https://github.com/knative/serving/releases/download/knative-v1.13.0/serving-crds.yaml
	kubectl --context kind-kind apply -f https://github.com/knative/serving/releases/download/knative-v1.13.0/serving-core.yaml
	kubectl --context kind-kind apply -f https://github.com/knative/net-kourier/releases/download/knative-v1.13.0/kourier.yaml
	kubectl --context kind-kind patch configmap/config-network \
	--namespace knative-serving \
	--type merge \
	--patch '{"data":{"ingress-class":"kourier.ingress.networking.knative.dev"}}'
	kubectl --context kind-kind -n knative-serving patch cm config-domain -p '{"data":{"127.0.0.1.sslip.io": ""}}'
	kubectl --context kind-kind -n kourier-system patch svc kourier -p '{"spec":{"ports":[{"name":"http2","port":80,"nodePort":31080}]}}'
	kubectl --context kind-kind apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.1/cert-manager.yaml