This page collects the CNF requirements in RA2, RC2 and in CNCF CNF Conformance / CNF Testbed.
The original analyzis page for introducing the CNF requirements in RA2: Analyzis of CNCF CNF Testsuite tests for RA2
pr-s
| CNF Testsuite | CNF Conformance | RA2 | RA2 | RC2 | What to do? |
|---|---|---|---|---|---|
increase_decrease_capacity | essential | ra2.app.038 | should → must (3352) | should | Add a link to CNF Testsuite. Make a must in RA2 and RC2 |
helm_chart_published | ra2.app.011 | must | should | ||
helm_chart_valid | ra2.app.012 | must | should | ||
helm_deploy | |||||
rollback | |||||
rolling_update | ra2.app.013 | must | must | ||
rolling_version_change | |||||
rolling_downgrade | ra2.app.014 | must | must | ||
cni_compatibility | ra2.app.015 | must | must | ||
alpha_k8s_apis | ra2.app.016 | must (not) | must (not) | ||
reasonable_image_size | ra2.app.039 | should (not) | should (not) | ||
reasonable_startup_time | ra2.app.040 | should (not) | should (not) | ||
single_process_type | essential | missing | misssing | It is unclear if this is a realistic requirement. There is an ongoing discussion in CNF Testsuite about this. I propose to leave this out until this is clarified. | |
service_discovery | |||||
shared_database | |||||
specialized_init_systems | |||||
node_drain | essential | ra2.app.017 | must (not) | must (not) | |
volume_hostpath_not_found | |||||
no_local_volume_configuration | ra2.app.025 | must (not) | must (not) | ||
elastic_volumes | |||||
database_persistence | |||||
pod_network_latency | ra2.app.018 | must (not) | must (not) | ||
disk_fill | |||||
pod_delete | ra2.app.019 | must (not) | must (not) | ||
pod_memory_hog | ra2.app.020 | must (not) | must (not) | ||
pod_io_stress | ra2.app.021 | must (not) | must (not) | ||
pod_network_corruption | ra2.app.022 | must (not) | must (not) | ||
pod_network_duplication | ra2.app.023 | must (not) | must (not) | ||
pod_dns_errors | ra2.app.024 | must (not) | must (not) | ||
liveness | essential | ra2.app.026 | must | must | |
readiness | essential | ra2.app.027 | must | must | |
log_output | essential | ra2.app.046 | should → must (3352) | missing | Change it to must in RA2, add to RC2 |
prometheus_traffic | |||||
routed_logs | |||||
open_metrics | |||||
tracing | |||||
container_sock_mounts | essential | ra2.app.028 | must (not) | must (not) | Add reference to CNF Testbed to RA2 |
privileged_containers | essential | ra2.app.041 | should → must (3352) | should (not) | Change it to must RA2 and RC2. |
external_ips | |||||
non_root_user | ra2.app.042 | should | should (not) | Change it to must RA2 and RC2. | |
privilege_escalation | ra2.app.043 | should | should (not) | ||
symlink_file_system | |||||
selinux_options | essential | ra2.app.048 | must | missing | Add to RC2 |
sysctls | |||||
application_credentials | ra2.app.029 | must (not) | must (not) | ||
host_network | ra2.app.030 | must (not) | must (not) | ||
service_account_mapping | |||||
ingress_egress_blocked | |||||
insecure_capabilities | |||||
non_root_containers | essential | ra2.app.044 | should → must (3352) | should | Change to must in RA2, add to RC2 |
host_pid_ipc_privileges | ra2.app.031 | must (not) | must (not) | ||
linux_hardening | |||||
resource_policies | essential | ra2.app.032 | must | must (not) | |
immutable_file_systems | ra2.app.033 | must | must (not) | ||
hostpath_mounts | essential | ra2.app.007 | should (not) | should | Change to must in RA2, add to RC2 |
default_namespace | |||||
latest_tag | essential | ra2.app.049 ra2.app.034 | should (not) must (not) | 034: must | remove ra2.app.049 |
required_labels | ra2.app.045 | should | should | ||
versioned_tag | |||||
nodeport_not_used | ra2.app.036 | must (not) | must (not) | ||
hostport_not_used | essential | ra2.app.047 | should (not) → must (3352) | missing | Make it must in RA2, add to RC2 |
hardcoded_ip_addresses_in_k8s_runtime_configuration | essential | ra2.app.035 | must (not) | must (not) | |
secrets_used | |||||
immutable_configmap | ra2.app.037 | must | must | ||
| ra2.app.034 | must | ||||
| ra2.app.038 | should | should | |||
| ra2.app.001 | ??? → remove (3352) | must | It is not really clear what this requirement is and it is not tested in CNF Testbed I propose to remove this. | ||
| ra2.app.002 | ??? → remove (3352) | must | It is not clear what is the requirement here. Is this about host mounts? This is not tested by CNF Testbed I propose to remove this | ||
| ra2.app.003 | ??? → remove (3352) | must | It is not clear what is the requirement here. This is not tested by CNF Testbed I propose to remove this | ||
| ra2.app.004 | ??? → remove (3352) | must | It is not clear what is the requirement here. Kubernetes sets the pod name by default. This is not tested by CNF Testbed I propose to remove this. | ||
| ra2.app.005 | ??? → remove (3352) | must | It is not really clear what this requirement is and it is not tested in CNF Testbed I propose to remove this. | ||
| ra2.app.006 | must | must | |||
| ra2.app.007 | should (not) | must | |||
| ra2.app.008 | must (not) | must (not) | |||
| ra2.app.009 | must | must | |||
| ra2.app.010 | must | must | This in a littlebit of contradiction with ra2.app.016 I propose to modify it to a should. |