From 5174113eafae8e54ea8ce09db08e0a3606f5c75b Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Wed, 25 Oct 2023 19:45:45 +0800
Subject: [PATCH 1/7] remove unused files

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 configs/kind/tracing.yaml      | 56 ----------------------------------
 configs/kind/vap-v1alpha1.yaml | 40 ------------------------
 configs/kind/vap-v1beta1.yaml  | 41 -------------------------
 3 files changed, 137 deletions(-)
 delete mode 100644 configs/kind/tracing.yaml
 delete mode 100644 configs/kind/vap-v1alpha1.yaml
 delete mode 100644 configs/kind/vap-v1beta1.yaml

diff --git a/configs/kind/tracing.yaml b/configs/kind/tracing.yaml
deleted file mode 100644
index 598a1af..0000000
--- a/configs/kind/tracing.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-kubeadmConfigPatches:
-  - |-
-    kind: ClusterConfiguration
-    apiServer:
-      extraVolumes:
-        - name: tracing-configuration
-          hostPath: /opt/kube-apiserver/tracing-configuration.yaml
-          mountPath: /opt/kube-apiserver/tracing-configuration.yaml
-          readOnly: true
-          pathType: File
-      extraArgs:
-        tracing-config-file: /opt/kube-apiserver/tracing-configuration.yaml
-    controllerManager:
-      extraArgs:
-        bind-address: 0.0.0.0
-    etcd:
-      local:
-        extraArgs:
-          listen-metrics-urls: http://0.0.0.0:2382
-    scheduler:
-      extraArgs:
-        bind-address: 0.0.0.0
-  - |-
-    kind: KubeProxyConfiguration
-    metricsBindAddress: 0.0.0.0
-  - |-
-    kind: KubeletConfiguration
-    featureGates:
-      KubeletTracing: true
-    tracing:
-      endpoint: localhost:4317
-      samplingRatePerMillion: 1000000
-nodes:
-  - role: control-plane
-    kubeadmConfigPatches:
-      - |-
-        kind: InitConfiguration
-        nodeRegistration:
-          kubeletExtraArgs:
-            node-labels: "ingress-ready=true"
-    extraMounts:
-      - hostPath: ./scripts/config/kube-apiserver/tracing-configuration.yaml
-        containerPath: /opt/kube-apiserver/tracing-configuration.yaml
-        readOnly: true
-    extraPortMappings:
-      - containerPort: 80
-        hostPort: 80
-        protocol: TCP
-      - containerPort: 443
-        hostPort: 443
-        protocol: TCP
-  - role: worker
-  - role: worker
-  - role: worker
diff --git a/configs/kind/vap-v1alpha1.yaml b/configs/kind/vap-v1alpha1.yaml
deleted file mode 100644
index b6d1c2a..0000000
--- a/configs/kind/vap-v1alpha1.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-featureGates:
-  ValidatingAdmissionPolicy: true
-runtimeConfig:
-  admissionregistration.k8s.io/v1alpha1: true
-kubeadmConfigPatches:
-  - |-
-    kind: ClusterConfiguration
-    controllerManager:
-      extraArgs:
-        bind-address: 0.0.0.0
-    etcd:
-      local:
-        extraArgs:
-          listen-metrics-urls: http://0.0.0.0:2382
-    scheduler:
-      extraArgs:
-        bind-address: 0.0.0.0
-  - |-
-    kind: KubeProxyConfiguration
-    metricsBindAddress: 0.0.0.0
-nodes:
-  - role: control-plane
-    kubeadmConfigPatches:
-      - |-
-        kind: InitConfiguration
-        nodeRegistration:
-          kubeletExtraArgs:
-            node-labels: "ingress-ready=true"
-    extraPortMappings:
-      - containerPort: 80
-        hostPort: 80
-        protocol: TCP
-      - containerPort: 443
-        hostPort: 443
-        protocol: TCP
-  - role: worker
-  - role: worker
-  - role: worker
diff --git a/configs/kind/vap-v1beta1.yaml b/configs/kind/vap-v1beta1.yaml
deleted file mode 100644
index 8b9b433..0000000
--- a/configs/kind/vap-v1beta1.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-featureGates:
-  ValidatingAdmissionPolicy: true
-runtimeConfig:
-  admissionregistration.k8s.io/v1beta1: true
-  admissionregistration.k8s.io/v1alpha1: true
-kubeadmConfigPatches:
-  - |-
-    kind: ClusterConfiguration
-    controllerManager:
-      extraArgs:
-        bind-address: 0.0.0.0
-    etcd:
-      local:
-        extraArgs:
-          listen-metrics-urls: http://0.0.0.0:2382
-    scheduler:
-      extraArgs:
-        bind-address: 0.0.0.0
-  - |-
-    kind: KubeProxyConfiguration
-    metricsBindAddress: 0.0.0.0
-nodes:
-  - role: control-plane
-    kubeadmConfigPatches:
-      - |-
-        kind: InitConfiguration
-        nodeRegistration:
-          kubeletExtraArgs:
-            node-labels: "ingress-ready=true"
-    extraPortMappings:
-      - containerPort: 80
-        hostPort: 80
-        protocol: TCP
-      - containerPort: 443
-        hostPort: 443
-        protocol: TCP
-  - role: worker
-  - role: worker
-  - role: worker

From 47c90b943c4a45324a08feb56075ccbea65ab189 Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Fri, 27 Oct 2023 18:32:25 +0800
Subject: [PATCH 2/7] fix typo

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 49c11ba..4ae0ad0 100644
--- a/Makefile
+++ b/Makefile
@@ -62,7 +62,7 @@ SCRIPT       ?= "kyverno-pss.js"
 
 .PHONY: kyverno-pss-block
 kyverno-pss-block:
-	cd k6 \
+	cd k6 && \
 	./start.sh ./tests/${SCRIPT} ${VUS} ${ITERATIONS}
 
 .PHONY: check-error

From 6ca54fda5d48431a2b9eb5a7eb271509784a917d Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Fri, 27 Oct 2023 18:34:18 +0800
Subject: [PATCH 3/7] fix indent

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 4ae0ad0..0f747cf 100644
--- a/Makefile
+++ b/Makefile
@@ -67,4 +67,4 @@ kyverno-pss-block:
 
 .PHONY: check-error
 check-error:
-    @grep -q "level=error" "${SCRIPT}-${VUS}vu-${ITERATIONS}it-logs.txt" || (echo "Error found in the file."; exit 1)
\ No newline at end of file
+	@grep -q "level=error" "${SCRIPT}-${VUS}vu-${ITERATIONS}it-logs.txt" || (echo "Error found in the file."; exit 1)
\ No newline at end of file

From 8038764c555c1f9c31d7cff5276647161e99ca5c Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Fri, 27 Oct 2023 18:37:26 +0800
Subject: [PATCH 4/7] fix format

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 0f747cf..fb5d41e 100644
--- a/Makefile
+++ b/Makefile
@@ -58,7 +58,7 @@ kind-deploy-kyverno: helm-add-repo helm-install-kyverno ## Deploy kyverno helm c
 
 VUS          ?= 10 
 ITERATIONS   ?= 1000
-SCRIPT       ?= "kyverno-pss.js"
+SCRIPT       ?= kyverno-pss.js
 
 .PHONY: kyverno-pss-block
 kyverno-pss-block:

From 0f4860d76ebfac479cb13b5d983fd5b167ba5b11 Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Fri, 27 Oct 2023 18:51:05 +0800
Subject: [PATCH 5/7] fix excluded namespace

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 k6/pss-values.yml | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/k6/pss-values.yml b/k6/pss-values.yml
index 295e02e..0176880 100644
--- a/k6/pss-values.yml
+++ b/k6/pss-values.yml
@@ -5,101 +5,101 @@ policyExclude:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   adding-capabilities-strict:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-host-namespaces:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-host-path:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-host-ports:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-host-process:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-privilege-escalation:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-privileged-containers:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-proc-mount:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   disallow-selinux:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   require-run-as-non-root-user:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   require-run-as-nonroot:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   restrict-apparmor-profiles:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   restrict-seccomp:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   restrict-seccomp-strict:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   restrict-sysctls:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
   restrict-volume-types:
     any:
     - resources:
         namespaces:
-        - load-tests
+        - load-test
         name: load-test*
\ No newline at end of file

From 4acee8b9b8f5a875214589da243d1e69721bd57a Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Fri, 27 Oct 2023 18:53:39 +0800
Subject: [PATCH 6/7] bump k6

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 k6/job.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/k6/job.yaml b/k6/job.yaml
index 23741b5..11c01aa 100644
--- a/k6/job.yaml
+++ b/k6/job.yaml
@@ -7,12 +7,11 @@ spec:
     spec:
       serviceAccountName: load-test
       containers:
-        - image: grafana/k6:0.45.0
+        - image: grafana/k6:0.47.0
           resources: {}
           name: k6
           securityContext:
             allowPrivilegeEscalation: false
-            runAsNonRoot: true
             seccompProfile:
               type: RuntimeDefault
             capabilities:

From b10511f6e8fa2134ed9ba5d29b3e485fb9f5bdb8 Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Fri, 27 Oct 2023 19:01:33 +0800
Subject: [PATCH 7/7] typo

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 .github/workflows/load-test.yaml | 2 +-
 Makefile                         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/load-test.yaml b/.github/workflows/load-test.yaml
index eca1194..755b22a 100644
--- a/.github/workflows/load-test.yaml
+++ b/.github/workflows/load-test.yaml
@@ -46,7 +46,7 @@ jobs:
           export SCRIPT=${{ join(matrix.scripts.values, ',') }}
           make kyverno-pss-block
           cat ${SCRIPT}-${VUS}vu-${ITERATIONS}it-logs.txt
-      - name: Check errors:
+      - name: Check errors
         shell: bash
         run: |
           make check-error
diff --git a/Makefile b/Makefile
index fb5d41e..72c11fd 100644
--- a/Makefile
+++ b/Makefile
@@ -67,4 +67,4 @@ kyverno-pss-block:
 
 .PHONY: check-error
 check-error:
-	@grep -q "level=error" "${SCRIPT}-${VUS}vu-${ITERATIONS}it-logs.txt" || (echo "Error found in the file."; exit 1)
\ No newline at end of file
+	@grep -q "level=error" "${SCRIPT}-${VUS}vu-${ITERATIONS}it-logs.txt" || (echo "Unexpected behavior during load testing, please check results."; exit 1)
\ No newline at end of file