mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-07-16 08:26:16 +00:00
2252490a96
Auto-generate the policy and then simulate attacks from the K8s control plane by modifying the test yaml files. The policy then detects and blocks those changes. These test cases are using K8s Jobs. Additional policy failures will be injected using other types of K8s resources - e.g., using Pods and/or Replication Controllers - in future PRs. Fixes: #9406 Signed-off-by: Dan Mihai <dmihai@microsoft.com>
30 lines
606 B
YAML
30 lines
606 B
YAML
#
|
|
# Copyright (c) 2024 Microsoft
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: policy-job
|
|
spec:
|
|
template:
|
|
spec:
|
|
terminationGracePeriodSeconds: 0
|
|
runtimeClassName: kata
|
|
containers:
|
|
- name: hello
|
|
image: quay.io/prometheus/busybox:latest
|
|
command: ["/bin/sh"]
|
|
args:
|
|
- "-c"
|
|
- echo
|
|
- hello
|
|
env:
|
|
- name: var1
|
|
value: val1
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
restartPolicy: Never
|
|
backoffLimit: 4
|