How can I verify that Bright's Kubernetes deployment passes the official CNCF conformance tests?
The CNCF (Cloud Native Computing Foundation) is a vendor neutral foundation that encourages standards in clouds. Container technologies such as Kubernetes are regarded as important building block ecosystems, and are used by many vendors. A common risk with a vendor implementation is a deviation from standards. This can often be unintentional.
Therefore, to help vendors adhere to standards, the software standards bodies nowadays typically provide conformance test suites.
The Kubernetes deployment that Bright provides to end users is checked internally via the CNCF test suite since Bright 8.2-9. End users can also verify it for themselves with something similar to the following procedure:
- Bright Cluster Manager 8.2-9 (minimum required version)
- Centos 7
- 6 compute nodes, each one with 4 cores, 8GB memory, 50GB disk
The cm-kubernetes-setup is then run on the head node. In the ncurses screens, when asked, the administrator should allocate:
- 3 masters (1 each) to: node001, node002, and node003
- 3 etcd (1 each) to: node001, node002 and node003 (this means a full HA configuration is set up)
- 3 workers (1 each) to: node004, node005 and node006
The CNCF software test suite used is called sonobuoy.
An aside on the word sonobuoy (pronounced "sono boy"). In the physical world, a sonobuoy is a sonar buoy device used to probe for submarines. The name fits in with the nautical theme of kubernetes (which itself in turn is the anglicised version of the ancient Greek word for captain/helmsman). The metaphor that is followed is thus that, like for the physical sonobuoy, the software sonobuoy is meant to discover issues hidden beneath the surface.
The latest sonobuoy software release and checksum file can be picked up from the web page at https://github.com/heptio/sonobuoy/releases :
[root@head ~]# wget https://github.com/heptio/sonobuoy/releases/download/v0.14.2/sonobuoy_0.14.2_linux_amd64.tar.gz
2019-05-08 17:27:52 (362 KB/s) - ‘sonobuoy_0.14.2_linux_amd64.tar.gz’ saved [11037258/11037258]
2019-05-08 17:27:53 (7.04 MB/s) - ‘sonobuoy_0.14.2_checksums.txt’ saved [306/306]
The checksum can be tested with:
[root@head ~]# sha256sum sonobuoy_0.14.2_linux_amd64.tar.gz
[root@head ~]# grep linux sonobuoy_0.14.2_checksums.txt
Unpacking and running the conformance test suite:
The tar.gz file can be untarred and extracted with:
[root@head ~]# tar tvzf sonobuoy_0.14.2_linux_amd64.tar.gz
-rw-rw-r-- travis/travis 11357 2019-04-29 21:24 LICENSE
-rwxrwxr-x travis/travis 34590848 2019-04-29 21:44 sonobuoy
[root@head ~]# tar xvzf sonobuoy_0.14.2_linux_amd64.tar.gz
The conformance test can be run with:
[root@head ~]# ./sonobuoy run --wait
Running plugins: e2e, systemd-logs
INFO created object name=heptio-sonobuoy namespace= resource=namespaces
INFO created object name=sonobuoy-serviceaccount namespace=heptio-sonobuoy resource=serviceaccounts
INFO created object name=sonobuoy-serviceaccount-heptio-sonobuoy namespace= resource=clusterrolebindings
Completion can take maybe 1 or 2 hours.
Checking the test results:
Once a run has been completed, the results can be checked for failures with:
[root@head ~]# ./sonobuoy e2e $(./sonobuoy retrieve)
failed tests: 0
0 failed tests means the test suite was passed successfully, and that the Bright Kubernetes deployment indeed conforms to the CNCF standards.
Cleanup of the sonobuoy files:
The files created during the test suite run can be deleted with:
[root@head ~]# ./sonobuoy delete --wait
INFO deleted kind=namespace namespace=heptio-sonobuoy
INFO deleted kind=clusterrolebindings
INFO deleted kind=clusterroles