GO-2023-2355 : Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler in knative.dev/serving
Discover Packages
knative.dev/serving
test
e2e
autotls
directory
Version:
v0.20.2
Opens a new window with list of versions in this module.
Published: May 17, 2021
License: Apache-2.0
Opens a new window with license information.
README
README
¶
This is the instruction about how to run Auto TLS E2E test under different
configurations to test different use cases. For more details about Auto TLS
feature, check out the
Auto TLS feature
documentation.
To run Auto TLS E2E test locally, run the following commands:
test case 1: testing per ksvc certificate provision with self-signed CA
kubectl label namespace serving-tests networking.internal.knative.dev/disableWildcardCert=true
kubectl delete kcert --all -n serving-tests
kubectl apply -f test/config/autotls/certmanager/selfsigned/
go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/autotls/... -run ^TestTLS
test case 2: testing per namespace certificate provision with self-signed CA
kubectl delete kcert --all -n serving-tests
kubectl apply -f test/config/autotls/certmanager/selfsigned/
Run kubectl edit namespace serving-tests
and remove the label
networking.internal.knative.dev/disableWildcardCert
go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/autotls/... -run ^TestTLS
test case 3: testing per ksvc certificate provision with HTTP challenge
kubectl label namespace serving-tests networking.internal.knative.dev/disableWildcardCert=true
kubectl delete kcert --all -n serving-tests
kubectl apply -f test/config/autotls/certmanager/http01/
export SERVICE_NAME=http01
kubectl patch cm config-domain -n knative-serving -p '{"data":{"<your-custom-domain>":""}}'
Add a DNS A record to map host http01.serving-tests.<your-custom-domain>
to the Ingress IP.
go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/autotls/... -run ^TestTLS
Expand ▾
Collapse ▴
Directories
¶
Click to show internal directories.
Click to hide internal directories.