tests: k8s: container.exec_commands policy tests

Add tests for genpolicy's handling of container.exec_commands. These are commands allowed by the policy and originating from these input K8s YAML fields: - livenessProbe - readinessProbe - startupProbe - lifecycle.postStart - lifecycle.preStop Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-09-20 08:18:24 +00:00 · 2024-07-16 23:03:18 +00:00
parent bcaf7fc3b4
commit b23ea508d5
3 changed files with 79 additions and 4 deletions
--- a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml
@@ -28,6 +28,27 @@ spec:
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
+      livenessProbe:
+        exec:
+          command:
+            - echo
+            - livenessProbe
+            - test
+        failureThreshold: 1
+        periodSeconds: 5
+        timeoutSeconds: 10
+      readinessProbe:
+        exec:
+          command:
+            - "sh"
+            - "-c"
+            - "ls -l /"
+      startupProbe:
+        exec:
+          command:
+            - echo
+            - startupProbe
+            - test
  topologySpreadConstraints:
    - maxSkew: 2
      topologyKey: kubernetes.io/hostname