Skip to content

Container Testing & FIPS Readiness

Important Note

For the latest details on functional testing and FIPS testing, check out the ironbank-pipeline README.

Overview

The ironbank-pipeline has improved its functional testing job. Now, it can run on FIPS-enabled hosts.

To use the functional-testing or functional-testing-fips job, you need:
1. A testing_manifest.yaml file in your repository.
2. An environment variable set to enable testing.

You can find an example testing_manifest.yaml at the bottom of this page.

Functional Testing Breakdown

This job has two optional test types:
1. Container Testing
2. Kubernetes Testing

1. Container Testing

This test runs shell commands inside the built container using Podman.

  • If the testing_manifest.yaml file includes "container," "docker," or "podman," this test runs.
  • Commands are executed inside the container. The first word in the command is the entrypoint.
  • If an expected_output field is set, the test will check if the command’s output matches it.
  • If the output is different or the command takes too long, the test fails.

2. Kubernetes Testing

This test checks if the container works inside a Kubernetes cluster.

  • If "kubernetes" is found in testing_manifest.yaml, this test runs.
  • The test creates a pod manifest and applies it to a KIND cluster.
  • The pod must reach the "Completed" or "Running" state.
  • If the pod runs into errors like CrashLoopBackOff or ImagePullBackOff, the test fails.
  • If it doesn’t reach "Running" or "Completed" within initialDelaySeconds (if set) plus 180 seconds, the test fails.

Example testing_manifest.yaml

container|podman|docker:
  - name: Minio Version
    description: Check Minio version
    commands:
      - command: minio --version
        timeout_seconds: 30
        expected_output: "1.7.3"
  - name: Check Base OS
    description: Show the base OS of the container
    commands:
      - command: cat /etc/os-release
        timeout_seconds: 90
kubernetes:
  livenessProbe:
    tcpSocket:
      port: 9000
    initialDelaySeconds: 5
    periodSeconds: 5
  readinessProbe:
    exec:
      command:
        - cat
        - /tmp/healthy
    initialDelaySeconds: 30
    timeoutSeconds: 6
    periodSeconds: 5
    failureThreshold: 3
  command: ["minio"]
  args: ["--version"]