Add first tests for cluster hardening standard

Signed-off-by: michal.gubricky <[email protected]>

Tests/kaas/k8s-cluster-hardening/Dockerfile

@@ -0,0 +1,21 @@
+FROM golang:1.23
+
+# Install kubectl
+# Note: Latest version may be found on:
+# https://aur.archlinux.org/packages/kubectl-bin/
+RUN wget https://storage.googleapis.com/kubernetes-release/release/v1.30.4/bin/linux/amd64/kubectl -O /usr/bin/kubectl && \
+    chmod +x /usr/bin/kubectl && \
+    apt-get update && \
+    apt-get install -y jq
+
+COPY . /src/
+WORKDIR /src
+COPY go.* /src/
+ENV CGO_ENABLED=0
+RUN go mod download
+
+#see: https://docs.docker.com/build/guide/mounts/
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    go test -c -o custom.test ./...
+
+CMD ["bash", "-c", "go tool test2json ./custom.test -test.v"]

Tests/kaas/k8s-cluster-hardening/Makefile

@@ -0,0 +1,114 @@
+# Makefile
+# This makefile is for development purpose
+
+SHELL = /bin/bash
+#SED ?= sed
+
+DOCKERFILE="Dockerfile"
+IMAGE_REGISTRY="ghcr.io/sovereigncloudstack/standards"
+IMAGE_NAME="test"
+#IMAGE_VERSION_TAG ="v0.1.2"
+
+KIND_CLUSTER ="testcluster"
+
+#PLUGIN_NAME="k8s-default-storage-class-plugin-go"
+PLUGIN_NAME="plugin"
+PLUGIN_FILE="${PLUGIN_NAME}.yaml"
+
+#~ SONO_WAIT    = 1
+#~ SONO_TIMEOUT = 60
+
+KUBERNETES_SERVICE_HOST=127.0.0.1
+KUBERNETES_SERVICE_PORT=34743
+
+
+###############################################################################
+## Helpers:  							                                                   ##
+###############################################################################
+
+ifeq ($(IMAGE_VERSION_TAG),)
+	export TAG=dev
+else
+	export TAG=${IMAGE_VERSION_TAG}
+endif
+
+SONOBUOY_IMAGE = "${IMAGE_REGISTRY}/${IMAGE_NAME}:${TAG}"
+
+container-init:
+	@echo ""
+	@echo "[ContainerImageName]   ${SONOBUOY_IMAGE}"
+	@echo "[SonobuoyPluginFile]   ${PLUGIN_FILE}"
+	@echo ""
+
+
+kind-init:
+	@echo ""
+	@echo "[KindCluster]   ${KIND_CLUSTER}"
+	@echo ""
+
+
+###############################################################################
+## For develpoment usage:                                                    ##
+###############################################################################
+
+dev-prerequests:
+	@echo "[check-test-setup]"
+	@kind version
+	@docker version
+	@sonobuoy version --short
+	@go version
+
+
+dev-setup: kind-init
+	kind create cluster --name ${KIND_CLUSTER}
+
+
+dev-build: container-init
+	@echo "[build]"
+	DOCKER_BUILDKIT=1 docker build . -f ${DOCKERFILE} -t ${SONOBUOY_IMAGE}
+	kind load docker-image --name ${KIND_CLUSTER} ${SONOBUOY_IMAGE}
+
+
+dev-go:
+	@echo "[go]"
+	@echo "[KubernetesService]   ${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}"
+	@rm -rf ./build || true
+	@mkdir ./build
+	go test -c -o ./build ./...
+#	go test -c -o ./build ./... --args --skip-labels="type=pod-list"
+#	go tool test2json ./build -test.v
+
+
+dev-run:
+	@echo "[run-test]"
+	@echo "sonobuoy run --plugin ${PLUGIN_FILE} --wait=${SONO_WAIT} --timeout=${SONO_TIMEOUT}"
+#~ 	@sonobuoy run --plugin ${PLUGIN_FILE} --wait=${SONO_WAIT} --timeout=${SONO_TIMEOUT}
+	@sonobuoy run --plugin ${PLUGIN_FILE} 
+	@sonobuoy status
+
+
+dev-result:
+	@echo "[result]"
+	#outfile=$(sonobuoy retrieve) && mkdir results && tar -xf ${outfile} -C results
+	sonobuoy retrieve
+	sonobuoy results *.tar.gz
+	mkdir results
+	tar -xf *.tar.gz -C results
+
+
+dev-clean:
+	@echo "[clean]"
+	@sonobuoy delete --all --wait || true
+	@sonobuoy status || true
+	@rm -rf *.tar.gz || true
+	@rm -rf results || true
+
+
+
+dev-purge: kind-init dev-clean
+	@echo "[purge]"
+	kind delete cluster --name ${KIND_CLUSTER} || true
+	docker rmi ${SONOBUOY_IMAGE} || true
+
+
+PHONY: dev-prerequests dev-build dev-run dev-result dev-clean dev-clean dev-purge

Tests/kaas/k8s-cluster-hardening/go.mod

@@ -0,0 +1,50 @@
+module kaas/kaas-sonobuoy-go-example-2
+
+go 1.17
+
+require (
+	github.com/vmware-tanzu/sonobuoy-plugins/plugin-helper v0.0.0-20211029183731-1d6848b67eec
+	k8s.io/api v0.21.3
+	sigs.k8s.io/e2e-framework v0.0.4-0.20211103134658-ebed03226136
+)
+
+require (
+	github.com/c2h5oh/datasize v0.0.0-20171227191756-4eba002a5eae // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/evanphx/json-patch v4.11.0+incompatible // indirect
+	github.com/go-logr/logr v0.4.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.5 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/googleapis/gnostic v0.5.5 // indirect
+	github.com/hashicorp/go-version v1.2.0 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b // indirect
+	github.com/sirupsen/logrus v1.7.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/vmware-tanzu/sonobuoy v1.11.5-prerelease.1.0.20211004145628-b633b4fefcdc // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0 // indirect
+	k8s.io/apimachinery v0.21.3 // indirect
+	k8s.io/client-go v0.21.3 // indirect
+	k8s.io/klog/v2 v2.9.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
+	k8s.io/utils v0.0.0-20210527160623-6fdb442a123b // indirect
+	sigs.k8s.io/controller-runtime v0.9.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
+)