From 6cd7f442279e6fabad5e596d9dd54ce22b9edd23 Mon Sep 17 00:00:00 2001 From: Hannes Baum Date: Wed, 19 Jun 2024 10:35:02 +0200 Subject: [PATCH 1/8] Extend implementation notes Add and extend some implementation notes derived from the findings of https://github.com/SovereignCloudStack/standards/issues/426. Signed-off-by: Hannes Baum --- ...w1-flavor-naming-implementation-testing.md | 30 +++-- ...-0101-w1-entropy-implementation-testing.md | 27 ++++- ...1-image-metadata-implementation-testing.md | 52 +++++++++ ...-standard-images-implementation-testing.md | 47 ++++++++ ...s-version-policy-implementation-testing.md | 61 ++++++++++ ...lt-storage-class-implementation-testing.md | 57 ++++++++++ ...ode-distribution-implementation-testing.md | 55 +++++++++ Tests/iaas/SCS-Spec.Images.yaml | 107 ++++++++++++++++++ 8 files changed, 418 insertions(+), 18 deletions(-) create mode 100644 Standards/scs-0102-w1-image-metadata-implementation-testing.md create mode 100644 Standards/scs-0104-w1-standard-images-implementation-testing.md create mode 100644 Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md create mode 100644 Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md create mode 100644 Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md create mode 100644 Tests/iaas/SCS-Spec.Images.yaml diff --git a/Standards/scs-0100-w1-flavor-naming-implementation-testing.md b/Standards/scs-0100-w1-flavor-naming-implementation-testing.md index 5f179d2ad..221ba40b4 100644 --- a/Standards/scs-0100-w1-flavor-naming-implementation-testing.md +++ b/Standards/scs-0100-w1-flavor-naming-implementation-testing.md @@ -15,21 +15,20 @@ The three major versions of the standard that exist so far are very similar, and Therefore, the procedures needed to implement or test them are very similar as well. Yet, this document will only cover v3, because v1 and v2 are already obsolete by the time of writing. -## Implementation Notes +## Implementation notes Every flavor whose name starts with `SCS-` must conform with the naming scheme laid down in the standard. -### Operational Tooling +### Operational tooling -#### Syntax Check +#### Syntax check The [test suite](https://github.com/SovereignCloudStack/standards/tree/main/Tests/iaas/flavor-naming) comes with a handy [command-line utility](https://github.com/SovereignCloudStack/standards/tree/main/Tests/iaas/flavor-naming/cli.py) -that can be used to validate flavor names, to -interactively construct a flavor name via a questionnaire, and to generate prose descriptions for given -flavor names. See the -[README](https://github.com/SovereignCloudStack/standards/tree/main/Tests/iaas/flavor-naming/README.md) +that can be used to validate flavor names, to interactively construct a flavor name +via a questionnaire, and to generate prose descriptions for given flavor names. +See the [README](https://github.com/SovereignCloudStack/standards/tree/main/Tests/iaas/flavor-naming/README.md) for more details. The functionality of this script is also (partially) exposed via the web page @@ -39,12 +38,19 @@ With the OpenStack tooling (`python3-openstackclient`, `OS_CLOUD`) in place, you `cli.py -v parse v3 $(openstack flavor list -f value -c Name)` to get a report on the syntax compliance of the flavor names of the cloud environment. -#### Flavor Creation +#### Flavor creation -The [OpenStack Flavor Manager](https://github.com/osism/openstack-flavor-manager) will create a whole set -of flavors in one go, given a YAML description of this set. +The [OpenStack Flavor Manager from osism](https://github.com/osism/openstack-flavor-manager) +will create a set of flavors. +The manager provides different options for flavor creation; either the standard mandatory and +possibly recommended flavors can be created or the user can set a file containing his flavors. -## Automated Tests +If a CSP wants to provide their own flavors with the `SCS` naming schema, a tool like +the ["Flavor Site"](https://flavors.scs.community) could be used to reduce time spent on creating +flavors with the correct naming. These names could then be transferred to the Openstack Flavor Manager +for easier creation. + +## Automated tests ### Errors @@ -68,6 +74,6 @@ The script [`flavor-names-openstack.py`](https://github.com/SovereignCloudStack/ talks to the OpenStack API of the cloud specified by the `OS_CLOUD` environment and queries properties and checks the names for standards compliance. -## Manual Tests +## Manual tests To be determined. diff --git a/Standards/scs-0101-w1-entropy-implementation-testing.md b/Standards/scs-0101-w1-entropy-implementation-testing.md index e770f0ab8..dfa815094 100644 --- a/Standards/scs-0101-w1-entropy-implementation-testing.md +++ b/Standards/scs-0101-w1-entropy-implementation-testing.md @@ -7,18 +7,33 @@ supplements: - scs-0101-v1-entropy.md --- -## Implementation +## Introduction + +The entropy standard mainly defines recommended flavor attributes to be available and +also requires a high enough and consistent entropy to be available for all possible flavors. +This is primarily tested with "FIPS 140-2 failures" as well as the entropy count available +under `/proc/sys/kernel/random/entropy_avail`. + +## Implementation notes We presume that almost nothing has to be done (or indeed can be done), as -long as the CPUs and VM images are reasonably recent; only the flavor and -image attributes have to be set: +long as the CPUs and VM images are reasonably recent. +The already mentioned failure testing and entropy count is available +on modern linux kernels (especially on 5.18 or higher), +but if older kernels are made available, the CSP needs to provide entropy +by offering CPU instructions that provide entropy without being filtered by the hypervisor. +All newer CPUs offer instructions for this kind of use-case (e.g. Intel introduced RDRAND +in 2014 in their Broadwell architecture) and the expectation is, +that most CSPs don't use older processors. + +Most times, only the flavor and image attributes required by the standard have to be set: - flavor: `hw_rng:allowed=True` , - image: `hw_rng_model: virtio` . -## Automated Tests +## Automated tests -### Images Sample +### Images sample Some checks need to be performed on a live instance. For these checks, it is necessary to choose a sample of VM images to test on. @@ -59,6 +74,6 @@ as ensured by the image metadata standard. The script [`entropy-check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/entropy/entropy-check.py) connects to OpenStack and performs the checks described in this section. -## Manual Tests +## Manual tests None. diff --git a/Standards/scs-0102-w1-image-metadata-implementation-testing.md b/Standards/scs-0102-w1-image-metadata-implementation-testing.md new file mode 100644 index 000000000..238287d8c --- /dev/null +++ b/Standards/scs-0102-w1-image-metadata-implementation-testing.md @@ -0,0 +1,52 @@ +--- +title: "SCS Image Metadata: Implementation and Testing Notes" +type: Supplement +track: IaaS +status: Proposal +supplements: + - scs-0102-v1-image-metadata.md +--- + +## Introduction + +The standard defines a set of metadata properties for public images, that need to be set in order +to have an SCS-compliant IaaS setup. + +## Implementation notes + +The [OpenStack Image Manager from osism](https://github.com/osism/openstack-image-manager) +will create a set of images from a file provided by the user, which can also set the required properties +for these images. Additional images with their respective properties besides the images mandatory +through the ["SCS Standard Images Standard (scs-0104-v1-standard-images)"](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0104-v1-standard-images.md) can also be defined +this way. + +The SCS project provides a [file](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/SCS-Spec.Images.yaml) derived from the [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml) with the necessary +properties. +This process also enables the easy adoption of the +["SCS Standard Images Standard (scs-0104-v1-standard-images)"](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0104-v1-standard-images.md). + +## Automated tests + +### Images sample + +Some checks need to be performed on a live instance. All publicly available images on this instance +will be checked for either only the mandatory properties or possibly also the recommended ones. +Additionally, a user can also decide to test their private images, although this isn't a necessity. + +### Errors and warnings + +The test provides increases its return value for every error found during execution. +Additionally, logs are provided to output further information: + +- Error for invalid property values or missing properties +- Warning for missing images or not recommended values +- Info for violations of recommendations + +### Implementation + +The script [`image-md-check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/image-metadata/image-md-check.py) +connects to OpenStack and performs the checks described in this section. + +## Manual tests + +None. diff --git a/Standards/scs-0104-w1-standard-images-implementation-testing.md b/Standards/scs-0104-w1-standard-images-implementation-testing.md new file mode 100644 index 000000000..979269793 --- /dev/null +++ b/Standards/scs-0104-w1-standard-images-implementation-testing.md @@ -0,0 +1,47 @@ +--- +title: "SCS Standard Images: Implementation and Testing Notes" +type: Supplement +track: IaaS +status: Proposal +supplements: + - scs-0104-v1-standard-images.md +--- + +## Introduction + +The standard defines a set of images with specified names and properties. + +## Implementation notes + +The [OpenStack Image Manager from osism](https://github.com/osism/openstack-image-manager) +will create a set of images from a file provided by the user. +The SCS project provides such a [file](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/SCS-Spec.Images.yaml) derived from the [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml), which is +defined by the standard to contain the mandatory and recommended images. +This also enables the easy adoption of the ["SCS Image Metadata Standard (scs-0102-v1-image-metadata)"](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0102-v1-image-metadata.md). + +## Automated tests + +### Images sample + +Some checks need to be performed on a live instance. For these checks, the [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml) +file is used as a default to check the images provided on the IaaS instance +against the expected set of images. + +### Errors and warnings + +The test provides a return value of up to 127, depending on the number of errors that occurred +during testing. Additionally, logs are provided to provide further information: + +- CRITICAL for problems preventing the test to complete, +- ERROR for violations of requirements, +- WARNING for violations of recommendations, +- DEBUG for background information and problems that don't hinder the test. + +### Implementation + +The script [`images-openstack.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/standard-images/images-openstack.py) +connects to OpenStack and performs the checks described in this section. + +## Manual tests + +None. diff --git a/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md b/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md new file mode 100644 index 000000000..558b77580 --- /dev/null +++ b/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md @@ -0,0 +1,61 @@ +--- +title: "SCS K8S Version Policy: Implementation and Testing Notes" +type: Supplement +track: KaaS +status: Proposal +supplements: + - scs-0210-v1-k8s-new-version-policy.md + - scs-0210-v2-k8s-version-policy.md +--- + +## Introduction + +The standard [SCS K8s version Policy](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0210-v2-k8s-version-policy.md) is in its second iteration and sets the time windows +for K8s versions to be supported in an SCS context as well as update policies for K8s clusters. + +All of this just breaks down to providing new versions in a KaaS offering in a timely fashion +(depending on versions) and also providing version support for as long as the versions +are officially supported by Kubernetes. + +## Implementation notes + +A CSP must make new versions for their KaaS offering available in a timely fashion, so that +new versions are available in a short window of time. +Older versions need to be supported until the end of their support window. + +Concrete implementation details can't be give here, since not every CSP does provide +their versions the same way. The best advice to give is to monitor the +[Kubernetes releases page](https://kubernetes.io/releases/) closely. + +## Automated tests + +### Notes + +The test for the [K8s Version Policy Standard](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0210-v2-k8s-version-policy.md) +can't be used like most other tests provided in the SCS standards repository. +It aims on testing a KaaS offering of a CSP with the creation of the most recent +Kubernetes version provided by the CSP. Since only this part is tested, +the test doesn't have any validity for a single cluster, since the updating and +versioning should be decided by the user, which could want to leave a server +on a version just for stability reasons. + +### Errors and warnings + +The test will return 0 precisely when it could be verified that the standard is satisfied. +Otherwise, the return code is the number of errors that occurred (up to 127 due to OS +restrictions); additionally, the following log messages can occur: + +- CRITICAL for problems preventing the test to complete, +- ERROR for violations of requirements, +- INFO for violations of recommendations, +- DEBUG for background information and problems that don't hinder the test. + +### Implementation + +The script [`k8s_version_policy.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-version-policy/k8s_version_policy.py) +connects to an existing K8s cluster and checks the version against a list of versions, that +are calculated to be inside a recency window. + +## Manual tests + +None. diff --git a/Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md b/Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md new file mode 100644 index 000000000..7c1f356a1 --- /dev/null +++ b/Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md @@ -0,0 +1,57 @@ +--- +title: "SCS KaaS default storage class: Implementation and Testing Notes" +type: Supplement +track: KaaS +status: Proposal +supplements: + - scs-0211-v1-kaas-default-storage-class.md +--- + +## Introduction + +The standard [SCS Kaas Default storage class](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0211-v1-kaas-default-storage-class.md) +wants to define the properties of a default `StorageClass` a Kubernetes cluster would rely on, +if a `PersistentVolumeClaim` doesn't provide a name for one during its creation. + +## Implementation notes + +A `StorageClass` is made default by using the `storageclass.kubernetes.io/is-default-class` +annotation; a standardized name is not given. `ReadWriteOnce` must be supported by the volume, +and it must be protected against data loss due to hardware failures. +Therefore, volumes must not be bound to the lifecycle of a Kubernetes node and, at best, +be backed by some kind of redundant storage. +Guarantees for latency, bandwidth, IOPS and so on are not given. + +The cost-intensive part of this standard would be the hardware failure protection by binding +the `StorageClass` to redundant, non-lifecycle bound storage, since this would mean that +storage needs to be provided in a higher capacity to achieve the same usable capacity. + +## Automated tests + +### Notes + +The test for the [SCS Kaas Default storage class](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0211-v1-kaas-default-storage-class.md) +checks if a default storage class is available and if this storage class can be used +to create a `PersistentVolume` from a `PersistentVolumeClaim` for a container. + +### Errors and warnings + +The test will return 0 precisely when it could be verified that the standard is satisfied. +Otherwise, different return codes are provided depending on the type of error. +These are as follows (taken from the test script): + +- 1 Not able to connect to k8s api +- 31 Default storage class has no provisioner +- 32 None or more than one default Storage Class is defined +- 41 Not able to bind PersistentVolume to PersistentVolumeClaim +- 42 ReadWriteOnce is not a supported access mode + +### Implementation + +The script [`k8s-default-storage-class-check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-default-storage-class/k8s-default-storage-class-check.py) +connects to an existing K8s cluster and checks for the availability of a default storage class. +This can also be done via Sonobuoy. + +## Manual tests + +None. diff --git a/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md new file mode 100644 index 000000000..627db846b --- /dev/null +++ b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md @@ -0,0 +1,55 @@ +--- +title: "Kubernetes Node Distribution and Availability: Implementation and Testing Notes" +type: Supplement +track: KaaS +status: Proposal +supplements: + - scs-0214-v1-k8s-node-distribution.md + - scs-0214-v2-k8s-node-distribution.md +--- + +## Introduction + +The standard [SCS K8s Node Distribution and Availability](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0214-v2-k8s-node-distribution.md) +tries to define requirements for the distribution of Kubernetes nodes in order to provide +a fault-tolerant and (highly) available Kubernetes cluster. + +## Implementation notes + +A Kubernetes clusters control plane must be distributed over multiple physical machines, as well +as different "failure zones". How these are defined is at the moment up to the CSP. +Worker nodes can also be distributed over "failure zones", but this isn't a requirement. +Distribution must be shown through labelling, so that users can access these information. + +Node distribution metadata is provided through the usage of the labels +`topology.kubernetes.io/region`, `topology.kubernetes.io/zone` and +`topology.scs.community/host-id` respectively. + +At the moment, not all labels are set automatically by most K8s cluster utilities, which incurs +additional setup and maintenance costs. + +## Automated tests + +### Notes + +The test for the [SCS K8s Node Distribution and Availability](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0214-v2-k8s-node-distribution.md) +checks if control-plane nodes are distributed over different failure zones (distributed into +physical machines, zones and regions) by observing their labels defined by the standard. + +### Errors and warnings + +The test will return 0 precisely when it could be verified that the standard is satisfied. +If no distribution can be detected, a 2 will be returned instead. +The test mentions if labels are missing, which would hinder the ability to detect node distribution, +if no distribution is available on specific levels or if not enough nodes are available for +a distribution to be feasible. + +### Implementation + +The script [`k8s_node_distribution_check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py) +connects to an existing K8s cluster and checks if a distribution can be detected with the labels +set for the nodes of this cluster. + +## Manual tests + +None. diff --git a/Tests/iaas/SCS-Spec.Images.yaml b/Tests/iaas/SCS-Spec.Images.yaml new file mode 100644 index 000000000..3334707c4 --- /dev/null +++ b/Tests/iaas/SCS-Spec.Images.yaml @@ -0,0 +1,107 @@ +--- +images: + - name: Ubuntu + format: qcow2 + login: ubuntu + password: ubuntu + status: active + visibility: public + multi: false + min_disk: 8 + min_ram: 512 + tags: [] + meta: + architecture: x86_64 + hypervisor_type: qemu + hw_disk_bus: scsi + hw_rng_model: virtio + hw_scsi_model: virtio-scsi + hw_watchdog_action: reset + os_distro: ubuntu + replace_frequency: never + uuid_validity: none + provided_until: none + image_original_user: ubuntu + versions: + - version: '20.04' + os_version: '20.04' + image_description: "https://cloud-images.ubuntu.com/releases/focal/release/" + url: https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64.img + checksum: "sha256:edf43eb9f4e5ededbb3606c719c98b0e14c956278da42567e907a17d8bccb571" + build_date: 2024-03-07 + - version: '22.04' + os_version: '22.04' + image_description: "https://cloud-images.ubuntu.com/releases/jammy/release/" + url: https://cloud-images.ubuntu.com/releases/jammy/release/ubuntu-22.04-server-cloudimg-amd64.img + checksum: "sha256:304983616fcba6ee1452e9f38993d7d3b8a90e1eb65fb0054d672ce23294d812" + build_date: 2024-03-19 + - name: ubuntu-capi-image + format: qcow2 + login: ubuntu + password: ubuntu + status: active + visibility: public + multi: false + min_disk: 20 + min_ram: 512 + tags: [] + meta: + architecture: x86_64 + hypervisor_type: qemu + hw_disk_bus: virtio + hw_rng_model: virtio + hw_scsi_model: virtio-scsi + hw_watchdog_action: reset + os_distro: ubuntu + replace_frequency: never + uuid_validity: none + provided_until: none + image_original_user: ubuntu + versions: + - version: 'v1.29.3' + os_version: '22.04' + image_description: "https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/openstack-k8s-capi-images/" + url: https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/openstack-k8s-capi-images/ubuntu-2204-kube-v1.29/ubuntu-2204-kube-v1.29.3.qcow2 + checksum: "sha256:2a16b6e5f58bf1ddd3c7f4c3092aa3336905bd4eaf0cda2c8a95d704d3d98ea4" + build_date: 2024-03-07 + - name: 'Debian' + format: qcow2 + login: debian + password: debian + status: active + visibility: public + multi: false + min_disk: 8 + min_ram: 512 + tags: [] + meta: + architecture: x86_64 + hypervisor_type: qemu + hw_disk_bus: scsi + hw_rng_model: virtio + hw_scsi_model: virtio-scsi + hw_watchdog_action: reset + os_distro: debian + replace_frequency: never + uuid_validity: none + provided_until: none + image_original_user: debian + versions: + - version: '10' + os_version: '10' + image_description: "https://cloud.debian.org/images/cloud/buster/latest/" + url: https://cloud.debian.org/images/cloud/buster/latest/debian-10-generic-amd64.qcow2 + checksum: "sha512:fa242e8d35f6e3fa0af624244b1fbad6ba110afb595949fd8f283356e9e868ec23349aebffd1584051a1c6fc3099fe86bb4941426f650c3b6c168b350581ddf9" + build_date: 2024-04-30 + - version: '11' + os_version: '11' + image_description: "https://cloud.debian.org/images/cloud/bullseye/latest/" + url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 + checksum: "sha512:8bc1f39a91ede83a15248de7c5b69ad6eae2094db45c7e6c22cf3a6fb774878a37f87575b829c19358389ec1f98dc4d5f12ae996977057ce2e9c29d88b871d57" + build_date: 2024-04-29 + - version: '12' + os_version: '12' + image_description: "https://cloud.debian.org/images/cloud/bookworm/latest/" + url: https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 + checksum: "sha512:cae81bd82490bb68aaa554f4573fecd09d19b9bf5feccdcd2c42eabba7ac507cda8b7fa53983e1a843c6334bbb684142897dda2990d2fe159261bca3308c4333" + build_date: 2024-04-29 From a1317284c50f962acb66e13a2a94df7df0fbfa53 Mon Sep 17 00:00:00 2001 From: Hannes Baum Date: Wed, 26 Jun 2024 10:49:40 +0200 Subject: [PATCH 2/8] Review adjustments Adjustments made possible by the review from @mbuechse. Signed-off-by: Hannes Baum --- ...w1-flavor-naming-implementation-testing.md | 13 ++++------- ...-0101-w1-entropy-implementation-testing.md | 7 ------ ...1-image-metadata-implementation-testing.md | 22 +++---------------- ...-standard-images-implementation-testing.md | 21 +++--------------- ...s-version-policy-implementation-testing.md | 20 ----------------- ...lt-storage-class-implementation-testing.md | 18 --------------- ...ode-distribution-implementation-testing.md | 14 ------------ 7 files changed, 10 insertions(+), 105 deletions(-) diff --git a/Standards/scs-0100-w1-flavor-naming-implementation-testing.md b/Standards/scs-0100-w1-flavor-naming-implementation-testing.md index 221ba40b4..71756e07d 100644 --- a/Standards/scs-0100-w1-flavor-naming-implementation-testing.md +++ b/Standards/scs-0100-w1-flavor-naming-implementation-testing.md @@ -40,15 +40,10 @@ on the syntax compliance of the flavor names of the cloud environment. #### Flavor creation -The [OpenStack Flavor Manager from osism](https://github.com/osism/openstack-flavor-manager) -will create a set of flavors. -The manager provides different options for flavor creation; either the standard mandatory and -possibly recommended flavors can be created or the user can set a file containing his flavors. - -If a CSP wants to provide their own flavors with the `SCS` naming schema, a tool like -the ["Flavor Site"](https://flavors.scs.community) could be used to reduce time spent on creating -flavors with the correct naming. These names could then be transferred to the Openstack Flavor Manager -for easier creation. +The [OpenStack Flavor Manager from OSISM](https://github.com/osism/openstack-flavor-manager) +will create a whole set of flavors in one go. +To that end, it provides different options: either the standard mandatory and +possibly recommended flavors can be created, or the user can set a file containing his flavors. ## Automated tests diff --git a/Standards/scs-0101-w1-entropy-implementation-testing.md b/Standards/scs-0101-w1-entropy-implementation-testing.md index dfa815094..cb76473fd 100644 --- a/Standards/scs-0101-w1-entropy-implementation-testing.md +++ b/Standards/scs-0101-w1-entropy-implementation-testing.md @@ -7,13 +7,6 @@ supplements: - scs-0101-v1-entropy.md --- -## Introduction - -The entropy standard mainly defines recommended flavor attributes to be available and -also requires a high enough and consistent entropy to be available for all possible flavors. -This is primarily tested with "FIPS 140-2 failures" as well as the entropy count available -under `/proc/sys/kernel/random/entropy_avail`. - ## Implementation notes We presume that almost nothing has to be done (or indeed can be done), as diff --git a/Standards/scs-0102-w1-image-metadata-implementation-testing.md b/Standards/scs-0102-w1-image-metadata-implementation-testing.md index 238287d8c..c7089afa7 100644 --- a/Standards/scs-0102-w1-image-metadata-implementation-testing.md +++ b/Standards/scs-0102-w1-image-metadata-implementation-testing.md @@ -14,16 +14,9 @@ to have an SCS-compliant IaaS setup. ## Implementation notes -The [OpenStack Image Manager from osism](https://github.com/osism/openstack-image-manager) -will create a set of images from a file provided by the user, which can also set the required properties -for these images. Additional images with their respective properties besides the images mandatory -through the ["SCS Standard Images Standard (scs-0104-v1-standard-images)"](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0104-v1-standard-images.md) can also be defined -this way. - -The SCS project provides a [file](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/SCS-Spec.Images.yaml) derived from the [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml) with the necessary -properties. -This process also enables the easy adoption of the -["SCS Standard Images Standard (scs-0104-v1-standard-images)"](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0104-v1-standard-images.md). +The [OpenStack Image Manager from OSISM](https://github.com/osism/openstack-image-manager) +will create a set of images from a "spec file" provided by the user, which can also set the required properties +for these images. ## Automated tests @@ -33,15 +26,6 @@ Some checks need to be performed on a live instance. All publicly available imag will be checked for either only the mandatory properties or possibly also the recommended ones. Additionally, a user can also decide to test their private images, although this isn't a necessity. -### Errors and warnings - -The test provides increases its return value for every error found during execution. -Additionally, logs are provided to output further information: - -- Error for invalid property values or missing properties -- Warning for missing images or not recommended values -- Info for violations of recommendations - ### Implementation The script [`image-md-check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/image-metadata/image-md-check.py) diff --git a/Standards/scs-0104-w1-standard-images-implementation-testing.md b/Standards/scs-0104-w1-standard-images-implementation-testing.md index 979269793..59a338564 100644 --- a/Standards/scs-0104-w1-standard-images-implementation-testing.md +++ b/Standards/scs-0104-w1-standard-images-implementation-testing.md @@ -7,17 +7,12 @@ supplements: - scs-0104-v1-standard-images.md --- -## Introduction - -The standard defines a set of images with specified names and properties. - ## Implementation notes -The [OpenStack Image Manager from osism](https://github.com/osism/openstack-image-manager) -will create a set of images from a file provided by the user. -The SCS project provides such a [file](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/SCS-Spec.Images.yaml) derived from the [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml), which is +The [OpenStack Image Manager from OSISM](https://github.com/osism/openstack-image-manager) +will create a set of images from a "spec file" provided by the user. +The SCS project provides such a [spec file](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/SCS-Spec.Images.yaml) derived from [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml), which is defined by the standard to contain the mandatory and recommended images. -This also enables the easy adoption of the ["SCS Image Metadata Standard (scs-0102-v1-image-metadata)"](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0102-v1-image-metadata.md). ## Automated tests @@ -27,16 +22,6 @@ Some checks need to be performed on a live instance. For these checks, the [`scs file is used as a default to check the images provided on the IaaS instance against the expected set of images. -### Errors and warnings - -The test provides a return value of up to 127, depending on the number of errors that occurred -during testing. Additionally, logs are provided to provide further information: - -- CRITICAL for problems preventing the test to complete, -- ERROR for violations of requirements, -- WARNING for violations of recommendations, -- DEBUG for background information and problems that don't hinder the test. - ### Implementation The script [`images-openstack.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/standard-images/images-openstack.py) diff --git a/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md b/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md index 558b77580..8ee34003c 100644 --- a/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md +++ b/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md @@ -8,15 +8,6 @@ supplements: - scs-0210-v2-k8s-version-policy.md --- -## Introduction - -The standard [SCS K8s version Policy](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0210-v2-k8s-version-policy.md) is in its second iteration and sets the time windows -for K8s versions to be supported in an SCS context as well as update policies for K8s clusters. - -All of this just breaks down to providing new versions in a KaaS offering in a timely fashion -(depending on versions) and also providing version support for as long as the versions -are officially supported by Kubernetes. - ## Implementation notes A CSP must make new versions for their KaaS offering available in a timely fashion, so that @@ -39,17 +30,6 @@ the test doesn't have any validity for a single cluster, since the updating and versioning should be decided by the user, which could want to leave a server on a version just for stability reasons. -### Errors and warnings - -The test will return 0 precisely when it could be verified that the standard is satisfied. -Otherwise, the return code is the number of errors that occurred (up to 127 due to OS -restrictions); additionally, the following log messages can occur: - -- CRITICAL for problems preventing the test to complete, -- ERROR for violations of requirements, -- INFO for violations of recommendations, -- DEBUG for background information and problems that don't hinder the test. - ### Implementation The script [`k8s_version_policy.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-version-policy/k8s_version_policy.py) diff --git a/Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md b/Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md index 7c1f356a1..d8112f299 100644 --- a/Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md +++ b/Standards/scs-0211-w1-kaas-default-storage-class-implementation-testing.md @@ -7,12 +7,6 @@ supplements: - scs-0211-v1-kaas-default-storage-class.md --- -## Introduction - -The standard [SCS Kaas Default storage class](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0211-v1-kaas-default-storage-class.md) -wants to define the properties of a default `StorageClass` a Kubernetes cluster would rely on, -if a `PersistentVolumeClaim` doesn't provide a name for one during its creation. - ## Implementation notes A `StorageClass` is made default by using the `storageclass.kubernetes.io/is-default-class` @@ -34,18 +28,6 @@ The test for the [SCS Kaas Default storage class](https://github.com/SovereignCl checks if a default storage class is available and if this storage class can be used to create a `PersistentVolume` from a `PersistentVolumeClaim` for a container. -### Errors and warnings - -The test will return 0 precisely when it could be verified that the standard is satisfied. -Otherwise, different return codes are provided depending on the type of error. -These are as follows (taken from the test script): - -- 1 Not able to connect to k8s api -- 31 Default storage class has no provisioner -- 32 None or more than one default Storage Class is defined -- 41 Not able to bind PersistentVolume to PersistentVolumeClaim -- 42 ReadWriteOnce is not a supported access mode - ### Implementation The script [`k8s-default-storage-class-check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-default-storage-class/k8s-default-storage-class-check.py) diff --git a/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md index 627db846b..79282fbd7 100644 --- a/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md +++ b/Standards/scs-0214-w1-k8s-node-distribution-implementation-testing.md @@ -8,12 +8,6 @@ supplements: - scs-0214-v2-k8s-node-distribution.md --- -## Introduction - -The standard [SCS K8s Node Distribution and Availability](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0214-v2-k8s-node-distribution.md) -tries to define requirements for the distribution of Kubernetes nodes in order to provide -a fault-tolerant and (highly) available Kubernetes cluster. - ## Implementation notes A Kubernetes clusters control plane must be distributed over multiple physical machines, as well @@ -36,14 +30,6 @@ The test for the [SCS K8s Node Distribution and Availability](https://github.com checks if control-plane nodes are distributed over different failure zones (distributed into physical machines, zones and regions) by observing their labels defined by the standard. -### Errors and warnings - -The test will return 0 precisely when it could be verified that the standard is satisfied. -If no distribution can be detected, a 2 will be returned instead. -The test mentions if labels are missing, which would hinder the ability to detect node distribution, -if no distribution is available on specific levels or if not enough nodes are available for -a distribution to be feasible. - ### Implementation The script [`k8s_node_distribution_check.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-node-distribution/k8s_node_distribution_check.py) From a6ddbf3148348c9c09291fd70724b23d3c873f89 Mon Sep 17 00:00:00 2001 From: Martin Morgenstern Date: Wed, 17 Jul 2024 16:33:51 +0200 Subject: [PATCH 3/8] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matthias Büchse Signed-off-by: Martin Morgenstern --- .../scs-0101-w1-entropy-implementation-testing.md | 12 ++---------- ...-0102-w1-image-metadata-implementation-testing.md | 4 ---- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/Standards/scs-0101-w1-entropy-implementation-testing.md b/Standards/scs-0101-w1-entropy-implementation-testing.md index cb76473fd..35cfbe670 100644 --- a/Standards/scs-0101-w1-entropy-implementation-testing.md +++ b/Standards/scs-0101-w1-entropy-implementation-testing.md @@ -10,16 +10,8 @@ supplements: ## Implementation notes We presume that almost nothing has to be done (or indeed can be done), as -long as the CPUs and VM images are reasonably recent. -The already mentioned failure testing and entropy count is available -on modern linux kernels (especially on 5.18 or higher), -but if older kernels are made available, the CSP needs to provide entropy -by offering CPU instructions that provide entropy without being filtered by the hypervisor. -All newer CPUs offer instructions for this kind of use-case (e.g. Intel introduced RDRAND -in 2014 in their Broadwell architecture) and the expectation is, -that most CSPs don't use older processors. - -Most times, only the flavor and image attributes required by the standard have to be set: +long as the CPUs and VM images are reasonably recent; only the flavor and +image attributes required by the standard have to be set: - flavor: `hw_rng:allowed=True` , - image: `hw_rng_model: virtio` . diff --git a/Standards/scs-0102-w1-image-metadata-implementation-testing.md b/Standards/scs-0102-w1-image-metadata-implementation-testing.md index c7089afa7..05fb05831 100644 --- a/Standards/scs-0102-w1-image-metadata-implementation-testing.md +++ b/Standards/scs-0102-w1-image-metadata-implementation-testing.md @@ -7,10 +7,6 @@ supplements: - scs-0102-v1-image-metadata.md --- -## Introduction - -The standard defines a set of metadata properties for public images, that need to be set in order -to have an SCS-compliant IaaS setup. ## Implementation notes From bc5edea1833894686196abeb10faeef4decfa4b1 Mon Sep 17 00:00:00 2001 From: Martin Morgenstern Date: Wed, 17 Jul 2024 16:37:49 +0200 Subject: [PATCH 4/8] Remove impl note which became redundant after merging main Signed-off-by: Martin Morgenstern --- ...-standard-images-implementation-testing.md | 32 ------------------- 1 file changed, 32 deletions(-) delete mode 100644 Standards/scs-0104-w1-standard-images-implementation-testing.md diff --git a/Standards/scs-0104-w1-standard-images-implementation-testing.md b/Standards/scs-0104-w1-standard-images-implementation-testing.md deleted file mode 100644 index 59a338564..000000000 --- a/Standards/scs-0104-w1-standard-images-implementation-testing.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: "SCS Standard Images: Implementation and Testing Notes" -type: Supplement -track: IaaS -status: Proposal -supplements: - - scs-0104-v1-standard-images.md ---- - -## Implementation notes - -The [OpenStack Image Manager from OSISM](https://github.com/osism/openstack-image-manager) -will create a set of images from a "spec file" provided by the user. -The SCS project provides such a [spec file](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/SCS-Spec.Images.yaml) derived from [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml), which is -defined by the standard to contain the mandatory and recommended images. - -## Automated tests - -### Images sample - -Some checks need to be performed on a live instance. For these checks, the [`scs-0104-v1-images.yaml`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/scs-0104-v1-images.yaml) -file is used as a default to check the images provided on the IaaS instance -against the expected set of images. - -### Implementation - -The script [`images-openstack.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/iaas/standard-images/images-openstack.py) -connects to OpenStack and performs the checks described in this section. - -## Manual tests - -None. From 43268b3c93bac21cdff2ae7f9d055efb49cd7d83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Thu, 5 Sep 2024 10:58:47 +0200 Subject: [PATCH 5/8] Remove outdated, wrong file SCS-Spec.Images.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- Tests/iaas/SCS-Spec.Images.yaml | 107 -------------------------------- 1 file changed, 107 deletions(-) delete mode 100644 Tests/iaas/SCS-Spec.Images.yaml diff --git a/Tests/iaas/SCS-Spec.Images.yaml b/Tests/iaas/SCS-Spec.Images.yaml deleted file mode 100644 index 3334707c4..000000000 --- a/Tests/iaas/SCS-Spec.Images.yaml +++ /dev/null @@ -1,107 +0,0 @@ ---- -images: - - name: Ubuntu - format: qcow2 - login: ubuntu - password: ubuntu - status: active - visibility: public - multi: false - min_disk: 8 - min_ram: 512 - tags: [] - meta: - architecture: x86_64 - hypervisor_type: qemu - hw_disk_bus: scsi - hw_rng_model: virtio - hw_scsi_model: virtio-scsi - hw_watchdog_action: reset - os_distro: ubuntu - replace_frequency: never - uuid_validity: none - provided_until: none - image_original_user: ubuntu - versions: - - version: '20.04' - os_version: '20.04' - image_description: "https://cloud-images.ubuntu.com/releases/focal/release/" - url: https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64.img - checksum: "sha256:edf43eb9f4e5ededbb3606c719c98b0e14c956278da42567e907a17d8bccb571" - build_date: 2024-03-07 - - version: '22.04' - os_version: '22.04' - image_description: "https://cloud-images.ubuntu.com/releases/jammy/release/" - url: https://cloud-images.ubuntu.com/releases/jammy/release/ubuntu-22.04-server-cloudimg-amd64.img - checksum: "sha256:304983616fcba6ee1452e9f38993d7d3b8a90e1eb65fb0054d672ce23294d812" - build_date: 2024-03-19 - - name: ubuntu-capi-image - format: qcow2 - login: ubuntu - password: ubuntu - status: active - visibility: public - multi: false - min_disk: 20 - min_ram: 512 - tags: [] - meta: - architecture: x86_64 - hypervisor_type: qemu - hw_disk_bus: virtio - hw_rng_model: virtio - hw_scsi_model: virtio-scsi - hw_watchdog_action: reset - os_distro: ubuntu - replace_frequency: never - uuid_validity: none - provided_until: none - image_original_user: ubuntu - versions: - - version: 'v1.29.3' - os_version: '22.04' - image_description: "https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/openstack-k8s-capi-images/" - url: https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/openstack-k8s-capi-images/ubuntu-2204-kube-v1.29/ubuntu-2204-kube-v1.29.3.qcow2 - checksum: "sha256:2a16b6e5f58bf1ddd3c7f4c3092aa3336905bd4eaf0cda2c8a95d704d3d98ea4" - build_date: 2024-03-07 - - name: 'Debian' - format: qcow2 - login: debian - password: debian - status: active - visibility: public - multi: false - min_disk: 8 - min_ram: 512 - tags: [] - meta: - architecture: x86_64 - hypervisor_type: qemu - hw_disk_bus: scsi - hw_rng_model: virtio - hw_scsi_model: virtio-scsi - hw_watchdog_action: reset - os_distro: debian - replace_frequency: never - uuid_validity: none - provided_until: none - image_original_user: debian - versions: - - version: '10' - os_version: '10' - image_description: "https://cloud.debian.org/images/cloud/buster/latest/" - url: https://cloud.debian.org/images/cloud/buster/latest/debian-10-generic-amd64.qcow2 - checksum: "sha512:fa242e8d35f6e3fa0af624244b1fbad6ba110afb595949fd8f283356e9e868ec23349aebffd1584051a1c6fc3099fe86bb4941426f650c3b6c168b350581ddf9" - build_date: 2024-04-30 - - version: '11' - os_version: '11' - image_description: "https://cloud.debian.org/images/cloud/bullseye/latest/" - url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 - checksum: "sha512:8bc1f39a91ede83a15248de7c5b69ad6eae2094db45c7e6c22cf3a6fb774878a37f87575b829c19358389ec1f98dc4d5f12ae996977057ce2e9c29d88b871d57" - build_date: 2024-04-29 - - version: '12' - os_version: '12' - image_description: "https://cloud.debian.org/images/cloud/bookworm/latest/" - url: https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 - checksum: "sha512:cae81bd82490bb68aaa554f4573fecd09d19b9bf5feccdcd2c42eabba7ac507cda8b7fa53983e1a843c6334bbb684142897dda2990d2fe159261bca3308c4333" - build_date: 2024-04-29 From 65edea5720ccce61b0d37414e114e2848ffb7d33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Thu, 5 Sep 2024 11:26:48 +0200 Subject: [PATCH 6/8] Make implementation notes more concrete MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- .../scs-0101-w1-entropy-implementation-testing.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Standards/scs-0101-w1-entropy-implementation-testing.md b/Standards/scs-0101-w1-entropy-implementation-testing.md index 35cfbe670..48a8c26b9 100644 --- a/Standards/scs-0101-w1-entropy-implementation-testing.md +++ b/Standards/scs-0101-w1-entropy-implementation-testing.md @@ -9,12 +9,14 @@ supplements: ## Implementation notes -We presume that almost nothing has to be done (or indeed can be done), as -long as the CPUs and VM images are reasonably recent; only the flavor and -image attributes required by the standard have to be set: +With reasonably recent hardware -- x86 CPU with RDRAND/RDSEED (Intel from 2012, +AMD from 2015) or ARM CPU with FEAT_RNG or FEAT_RNG_TRAP -- and recent VM image +-- Linux kernel 5.18 or higher --, there is (almost) nothing to be done. -- flavor: `hw_rng:allowed=True` , -- image: `hw_rng_model: virtio` . +Only the flavor and image attributes required by the standard have to be set: + +- flavor extra_spec: `hw_rng:allowed=True` , +- image property: `hw_rng_model: virtio` . ## Automated tests From c2a860a7cccd5684bbfea0b69fbbf6b26e0e6bae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Thu, 5 Sep 2024 11:34:04 +0200 Subject: [PATCH 7/8] Update Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- ...s-version-policy-implementation-testing.md | 22 +++++++------------ 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md b/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md index 8ee34003c..9b36063bb 100644 --- a/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md +++ b/Standards/scs-0210-w1-k8s-version-policy-implementation-testing.md @@ -2,40 +2,34 @@ title: "SCS K8S Version Policy: Implementation and Testing Notes" type: Supplement track: KaaS -status: Proposal +status: Draft supplements: - - scs-0210-v1-k8s-new-version-policy.md - scs-0210-v2-k8s-version-policy.md --- ## Implementation notes -A CSP must make new versions for their KaaS offering available in a timely fashion, so that +The standard is quite concise about [the regulations](https://docs.scs.community/standards/scs-0210-v2-k8s-version-policy#decision), +so they are not restated here. Suffice it to say that a +CSP must make new versions for their KaaS offering available in a timely fashion, so that new versions are available in a short window of time. Older versions need to be supported until the end of their support window. -Concrete implementation details can't be give here, since not every CSP does provide +Concrete implementation details can't be given here, since not every CSP does provide their versions the same way. The best advice to give is to monitor the [Kubernetes releases page](https://kubernetes.io/releases/) closely. ## Automated tests -### Notes - -The test for the [K8s Version Policy Standard](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0210-v2-k8s-version-policy.md) -can't be used like most other tests provided in the SCS standards repository. -It aims on testing a KaaS offering of a CSP with the creation of the most recent -Kubernetes version provided by the CSP. Since only this part is tested, -the test doesn't have any validity for a single cluster, since the updating and -versioning should be decided by the user, which could want to leave a server -on a version just for stability reasons. - ### Implementation The script [`k8s_version_policy.py`](https://github.com/SovereignCloudStack/standards/blob/main/Tests/kaas/k8s-version-policy/k8s_version_policy.py) connects to an existing K8s cluster and checks the version against a list of versions, that are calculated to be inside a recency window. +Note that this implementation is subject to change, because testing an existing cluster is not +sufficient to guarantee that all active k8s branches are supported and kept up to date. + ## Manual tests None. From e9dacd7c77bd667c91653eb4b4a10fd8c27f19a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BCchse?= Date: Thu, 5 Sep 2024 11:35:04 +0200 Subject: [PATCH 8/8] Appease markdown-lint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matthias Büchse --- Standards/scs-0101-w1-entropy-implementation-testing.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Standards/scs-0101-w1-entropy-implementation-testing.md b/Standards/scs-0101-w1-entropy-implementation-testing.md index 48a8c26b9..432a25fec 100644 --- a/Standards/scs-0101-w1-entropy-implementation-testing.md +++ b/Standards/scs-0101-w1-entropy-implementation-testing.md @@ -9,9 +9,9 @@ supplements: ## Implementation notes -With reasonably recent hardware -- x86 CPU with RDRAND/RDSEED (Intel from 2012, -AMD from 2015) or ARM CPU with FEAT_RNG or FEAT_RNG_TRAP -- and recent VM image --- Linux kernel 5.18 or higher --, there is (almost) nothing to be done. +With reasonably recent hardware—x86 CPU with RDRAND/RDSEED (Intel from 2012, +AMD from 2015) or ARM CPU with FEAT_RNG or FEAT_RNG_TRAP—and recent VM image—Linux +kernel 5.18 or higher—, there is (almost) nothing to be done. Only the flavor and image attributes required by the standard have to be set: