This is the final set of functional tests.

Test One:
Confirming the encryption of data at rest using the encryption key that was created earlier in the exercises.
A kubernetes secret is created from the command line, and then the contents of the stored secret (in etcd) are checked. If all is working correctly, the secret contents should be encrypted, and this is confirmed by finding the encryption header in etcd output:

Prefix should be: k8s:enc:aescbc:v1:key1


Test Two:
NGINX Deployment
A single pod nginx deployment is created and is then made available to the client workstation be using the kubectl port-forward function. This exposes the nginx port 80 to the local client on port 8080 and can be tested via a web browser or a utulity like curl or wget.

Test Three:
The logs from the nginx pod are diplayed on the screen using the kubectl command.

Test Four:
A command is executed inside the running pod - the version of nginx is displayed through the nginx -v command.

Test Five:
The nginx instance is exposed via a NodePort service and a firewall rule created to allow the outside world to communicate with the exposed service. Note to self: Shouldn't this be exposed through the GCE load balancer rather than a NodePort?

Future: Add in the untrusted workload via gVisor ... needs runsc installed on the worker nodes.