Runtime environment variables

To run the test suite, some runtime environment variables are to be set.

OCP >=4.12 Labels

The following labels need to be added to your default namespace in your cluster if you are running OCP >=4.12:

pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/enforce-version: latest

You can manually label the namespace with:

oc label namespace/default pod-security.kubernetes.io/enforce=privileged
oc label namespace/default pod-security.kubernetes.io/enforce-version=latest

Preflight Integration

When running the preflight suite of tests, there are a few environment variables that will need to be set:

PFLT_DOCKERCONFIG is a required variable for running the preflight test suite. This provides credentials to the underlying preflight library for being able to pull/manipulate images and image bundles for testing.

When running as a container, the docker config is mounted to the container via volume mount.

When running as a standalone binary, the environment variables are consumed directly from your local machine.

See more about this variable in the Preflight configuration documentation.

CERTSUITE_ALLOW_PREFLIGHT_INSECURE (default: false) is required set to true if you are running against a private container registry that has self-signed certificates.

Note that you can also specify the probe pod image to use with SUPPORT_IMAGE environment variable, default to certsuite-probe:v0.0.40.

Client Timeout

CERTSUITE_CLIENT_TIMEOUT (default: 10s) sets the timeout for Kubernetes API client operations such as resource discovery and API group listing. Increase this value when running against remote or high-latency clusters where the default 10-second timeout causes failures during startup.

export CERTSUITE_CLIENT_TIMEOUT=30s

Accepts any valid Go duration string (e.g., 15s, 1m, 90s).