...
CNF Testsuite | CNF Conformance | RA2 | RA2 | RC2 | What to do? | |
---|---|---|---|---|---|---|
increase_decrease_capacity | essential | ra2.app.038 | should | should | Add a link to CNF Testsuite. Make a must in RA2 and RC2 | |
helm_chart_published | ra2.app.011 | must | should | |||
helm_chart_valid | ra2.app.012 | must | should | |||
helm_deploy | ||||||
rollback | ||||||
rolling_update | ra2.app.013 | must | must | |||
rolling_version_change | ||||||
rolling_downgrade | ra2.app.014 | must | must | |||
cni_compatibility | ra2.app.015 | must | must | |||
alpha_k8s_apis | ra2.app.016 | must (not) | must (not) | |||
reasonable_image_size | ra2.app.039 | should (not) | should (not) | |||
reasonable_startup_time | ra2.app.040 | should (not) | should (not) | |||
single_process_type | essential | missing | misssing | It is unclear if this is a realistic requirement. There is an ongoing discussion in CNF Testsuite about this. I propose to leave this out until this is clarified. | ||
service_discovery | ||||||
shared_database | ||||||
specialized_init_systems | ||||||
node_drain | essential | ra2.app.017 | must (not) | must (not) | ||
volume_hostpath_not_found | ||||||
no_local_volume_configuration | ra2.app.025 | must (not) | must (not) | |||
elastic_volumes | ||||||
database_persistence | ||||||
pod_network_latency | ra2.app.018 | must (not) | must (not) | |||
disk_fill | ||||||
pod_delete | ra2.app.019 | must (not) | must (not) | |||
pod_memory_hog | ra2.app.020 | must (not) | must (not) | |||
pod_io_stress | ra2.app.021 | must (not) | must (not) | |||
pod_network_corruption | ra2.app.022 | must (not) | must (not) | |||
pod_network_duplication | ra2.app.023 | must (not) | must (not) | |||
pod_dns_errors | ra2.app.024 | must (not) | must (not) | |||
liveness | essential | ra2.app.026 | must | must | ||
readiness | essential | ra2.app.027 | must | must | ||
log_output | essential | ra2.app.046 | should | missing | Change it to must in RA2, add to RC2 | |
prometheus_traffic | ||||||
routed_logs | ||||||
open_metrics | ||||||
tracing | ||||||
container_sock_mounts | essential | ra2.app.028 | must (not) | must (not) | Add reference to CNF Testbed to RA2 | |
privileged_containers | essential | ra2.app.041 | should | should (not) | Change it to must RA2 and RC2. | |
external_ips | ||||||
non_root_user | ra2.app.042 | should | should (not) | Change it to must RA2 and RC2. | ||
privilege_escalation | ra2.app.043 | should | should (not) | |||
symlink_file_system | ||||||
selinux_options | essential | ra2.app.048 | must | missing | Add to RC2 | |
sysctls | ||||||
application_credentials | ra2.app.029 | must (not) | must (not) | |||
host_network | ra2.app.030 | must (not) | must (not) | |||
service_account_mapping | ||||||
ingress_egress_blocked | ||||||
insecure_capabilities | ||||||
non_root_containers | essential | ra2.app.044 | should | missingshould | Change to must in RA2, add to RC2 | |
host_pid_ipc_privileges | ra2.app.031 | must (not) | must (not) | |||
linux_hardening | ||||||
resource_policies | essential | ra2.app.032 | must | must (not) | ||
immutable_file_systems | ra2.app.033 | must | must (not) | |||
hostpath_mounts | essential | ra2.app.007 | should (not) | missing | should | Change to must in RA2, add Add to RC2 |
default_namespace | ||||||
latest_tag | essential | ra2.app.049 ra2.app.034 | should (not) must (not) | 034: must | remove ra2.app.049 | |
required_labels | ra2.app.045 | should | should | |||
versioned_tag | ||||||
nodeport_not_used | ra2.app.036 | must (not) | must (not) | |||
hostport_not_used | essential | ra2.app.047 | should (not) | missing | Add to RC2 | |
hardcoded_ip_addresses_in_k8s_runtime_configuration | essential | ra2.app.035 | must (not) | must (not) | ||
secrets_used | ||||||
immutable_configmap | ra2.app.037 | must | must | |||
ra2.app.034 | must | |||||
ra2.app.038 | should | should | ||||
ra2.app.001 | ??? | must | It is not really clear what this requirement is and it is not tested in CNF Testbed I propose to remove this. | |||
ra2.app.002 | ??? | must | It is not clear what is the requirement here. Is this about host mounts? This is not tested by CNF Testbed I propose to remove this | |||
ra2.app.003 | ??? | must | It is not clear what is the requirement here. This is not tested by CNF Testbed I propose to remove this | |||
ra2.app.004 | ??? | must | It is not clear what is the requirement here. Kubernetes sets the pod name by default. This is not tested by CNF Testbed I propose to remove this. | |||
ra2.app.005 | ??? | must | It is not really clear what this requirement is and it is not tested in CNF Testbed I propose to remove this. | |||
ra2.app.006 | must | must | ||||
ra2.app.007 | should (not) | must | ||||
ra2.app.008 | must (not) | must (not) | ||||
ra2.app.009 | must | must | ||||
ra2.app.010 | must | must | This in a littlebit of contradiction with ra2.app.016 I propose to modify it to a should. |
...