Skip to Content

Testing

Make sure all pre-requisites are installed as described in pre-reqs.

Unit testing

The Makefile has a target for running all the unit tests.

make test

Integration testing

There are currently three integration tests. Contributors can run them. There is also a GitHub Actions workflow (in .github/workflows/pr-test-integration.yml) that runs these tests.

These tests require you to already have etcd on your $PATH. See https://github.com/kubernetes/kubernetes/blob/v1.29.10/hack/install-etcd.sh  for an example of how to do that.

To run the tests sequentially, issue a command like the following.

CONTROLLER_TEST_NUM_OBJECTS=24 go test -v ./test/integration/controller-manager &> /tmp/test.log

If CONTROLLER_TEST_NUM_OBJECTS is not set then the number of objects will be 18. This parameterization by an environment variable is a point-in-time hack, it is expected to go away we have a test that runs reliably on a large number of objects.

To run of the individual tests, issue a command like the following example.

go test -v -timeout 60s -run ^TestCRDHandling$ ./test/integration/controller-manager

End-to-end testing

See test/e2e/ in the GitHub repository. It has a README.

Testing releases

See the release testing doc.

CI security scanning

KubeStellar uses automated security scanning workflows as part of its continuous integration (CI) pipeline to improve supply-chain security and provide early visibility into potential vulnerabilities.

OpenSSF Scorecard

An OpenSSF Scorecard workflow is used to evaluate the repository against a set of security best practices, such as branch protection, dependency management, and CI configuration.

When enabled, this workflow typically runs on a schedule and/or on changes to the main branch. The results are published to the GitHub Security tab.

Trivy image scanning

KubeStellar also uses Trivy to scan container images built in CI for known vulnerabilities (CVEs).

A Trivy-based workflow reports CRITICAL and HIGH severity findings and uploads results in SARIF format, making them visible in the GitHub Security tab.

These security scanning workflows are part of the project’s CI infrastructure and do not affect the runtime behavior of KubeStellar deployments.

Architecture