GO-2023-2355 : Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler in knative.dev/serving
Discover Packages
knative.dev/serving
test
e2e
autotls
directory
Version:
v0.36.0
Opens a new window with list of versions in this module.
Published: Jan 24, 2023
License: Apache-2.0
Opens a new window with license information.
README
README
¶
This is the instruction about how to run Auto TLS E2E test under different
configurations to test different use cases. For more details about Auto TLS
feature, check out the
Auto TLS feature
documentation.
To run Auto TLS E2E test locally, run the following commands:
test case 1: testing per ksvc certificate provision with self-signed CA
Run kubectl patch cm config-network -n knative-serving -p '{"data":{"namespace-wildcard-cert-selector": ""}}'
to disable wildcards for namespaces
kubectl delete kcert --all -n serving-tests
kubectl apply -f test/config/autotls/certmanager/selfsigned/
go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/autotls/... -run ^TestTLS
test case 2: testing per namespace certificate provision with self-signed CA
kubectl delete kcert --all -n serving-tests
kubectl apply -f test/config/autotls/certmanager/selfsigned/
Run kubectl patch cm config-network -n knative-serving -p '{"data":{"namespace-wildcard-cert-selector": "{}"}}'
to enable wildcards for all namespaces
go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/autotls/... -run ^TestTLS
test case 3: testing per ksvc certificate provision with HTTP challenge
Run kubectl patch cm config-network -n knative-serving -p '{"data":{"namespace-wildcard-cert-selector": ""}}'
to disable wildcards for namespaces
kubectl delete kcert --all -n serving-tests
kubectl apply -f test/config/autotls/certmanager/http01/
export SERVICE_NAME=http01
kubectl patch cm config-domain -n knative-serving -p '{"data":{"<your-custom-domain>":""}}'
Add a DNS A record to map host http01.serving-tests.<your-custom-domain>
to the Ingress IP.
go test -v -tags=e2e -count=1 -timeout=600s ./test/e2e/autotls/... -run ^TestTLS
Expand ▾
Collapse ▴
Directories
¶
Click to show internal directories.
Click to hide internal directories.