To test a Kubernetes without access to Internet, repository mirrors needs to be
provided.
-Currently, only rally tests supports this feature.
+Currently, only rally and security tests supports this feature.
There's two ways for providing the repository mirrors:
spec:
containers:
- name: kube-hunter
- image: aquasec/kube-hunter:0.3.1
+ image: {{ dockerhub_repo }}/aquasec/kube-hunter:0.3.1
command: ["python", "kube-hunter.py"]
args: ["--pod", "--report", "json", "--statistics"]
restartPolicy: Never
import ast
import json
import logging
+import os
import time
import textwrap
import yaml
+from jinja2 import Template
from kubernetes import client
from kubernetes import config
from kubernetes import watch
# pylint: disable=too-many-instance-attributes
"""Run Security job"""
watch_timeout = 1200
+ dockerhub_repo = os.getenv("MIRROR_REPO", "docker.io")
__logger = logging.getLogger(__name__)
with open(pkg_resources.resource_filename(
"functest_kubernetes",
"security/{}.yaml".format(self.job_name))) as yfile:
- body = yaml.safe_load(yfile)
+ template = Template(yfile.read())
+ body = yaml.safe_load(template.render(
+ dockerhub_repo=os.getenv("DOCKERHUB_REPO",
+ self.dockerhub_repo)))
api_response = self.batchv1.create_namespaced_job(
body=body, namespace=self.namespace)
self.__logger.info("Job %s created", api_response.metadata.name)