tests: k8s: inject agent policy failures (part2)

Auto-generate the policy and then simulate attacks from the K8s control plane by modifying the test yaml files. The policy then detects and blocks those changes. These test cases are using K8s Replication Controllers. Additional policy failures will be injected using other types of K8s resources - e.g., using Pods and/or Jobs - in separate PRs. Fixes: #9463 Signed-off-by: Dan Mihai <dmihai@microsoft.com>
2025-09-21 16:57:08 +00:00 · 2024-04-11 21:08:53 +00:00
parent 6b2d655857
commit e51cbdcff9
3 changed files with 211 additions and 0 deletions
--- a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-rc.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-rc.yaml
@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2024 Microsoft
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: policy-rc-test
+spec:
+  replicas: 1
+  selector:
+    app: policy-nginx-rc
+  template:
+    metadata:
+      name: nginx
+      labels:
+        app: policy-nginx-rc
+    spec:
+      terminationGracePeriodSeconds: 0
+      runtimeClassName: kata
+      containers:
+      - name: nginxtest
+        image: quay.io/sjenning/${nginx_version}
+        ports:
+        - containerPort: 80
+        volumeMounts:
+          - name: host-empty-vol
+            mountPath: "/host/cache"
+      volumes:
+      - name: host-empty-vol
+        emptyDir: {}