test/e2e/*: default existing tests to privileged pod security policy

This is to ensure that all existing tests don't break when defaulting
the pod security policy to restricted in the e2e test framework.
This commit is contained in:
Sergiusz Urbaniak 2022-04-04 14:00:06 +02:00
parent f578b9a40d
commit 1495c9f2cd
No known key found for this signature in database
GPG Key ID: 44E6612519E13C39
168 changed files with 351 additions and 2 deletions

View File

@ -35,6 +35,7 @@ import (
utilfeature "k8s.io/apiserver/pkg/util/feature" utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/client-go/util/workqueue" "k8s.io/client-go/util/workqueue"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
) )
func shouldCheckRemainingItem() bool { func shouldCheckRemainingItem() bool {
@ -45,6 +46,7 @@ const numberOfTotalResources = 400
var _ = SIGDescribe("Servers with support for API chunking", func() { var _ = SIGDescribe("Servers with support for API chunking", func() {
f := framework.NewDefaultFramework("chunking") f := framework.NewDefaultFramework("chunking")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
ns := f.Namespace.Name ns := f.Namespace.Name

View File

@ -44,6 +44,7 @@ import (
"k8s.io/kube-openapi/pkg/validation/spec" "k8s.io/kube-openapi/pkg/validation/spec"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/utils/crd" "k8s.io/kubernetes/test/utils/crd"
admissionapi "k8s.io/pod-security-admission/api"
) )
var ( var (
@ -52,6 +53,7 @@ var (
var _ = SIGDescribe("CustomResourcePublishOpenAPI [Privileged:ClusterAdmin]", func() { var _ = SIGDescribe("CustomResourcePublishOpenAPI [Privileged:ClusterAdmin]", func() {
f := framework.NewDefaultFramework("crd-publish-openapi") f := framework.NewDefaultFramework("crd-publish-openapi")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.16 Release: v1.16

View File

@ -32,10 +32,12 @@ import (
"k8s.io/apiserver/pkg/storage/names" "k8s.io/apiserver/pkg/storage/names"
"k8s.io/client-go/dynamic" "k8s.io/client-go/dynamic"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alpha][Feature:CustomResourceValidationExpressions]", func() { var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin][Alpha][Feature:CustomResourceValidationExpressions]", func() {
f := framework.NewDefaultFramework("crd-validation-expressions") f := framework.NewDefaultFramework("crd-validation-expressions")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var apiExtensionClient *clientset.Clientset var apiExtensionClient *clientset.Clientset
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {

View File

@ -31,6 +31,7 @@ import (
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/dynamic" "k8s.io/client-go/dynamic"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -38,6 +39,7 @@ import (
var _ = SIGDescribe("CustomResourceDefinition Watch [Privileged:ClusterAdmin]", func() { var _ = SIGDescribe("CustomResourceDefinition Watch [Privileged:ClusterAdmin]", func() {
f := framework.NewDefaultFramework("crd-watch") f := framework.NewDefaultFramework("crd-watch")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.Context("CustomResourceDefinition Watch", func() { ginkgo.Context("CustomResourceDefinition Watch", func() {
/* /*

View File

@ -39,11 +39,13 @@ import (
"k8s.io/client-go/dynamic" "k8s.io/client-go/dynamic"
"k8s.io/client-go/util/retry" "k8s.io/client-go/util/retry"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = SIGDescribe("CustomResourceDefinition resources [Privileged:ClusterAdmin]", func() { var _ = SIGDescribe("CustomResourceDefinition resources [Privileged:ClusterAdmin]", func() {
f := framework.NewDefaultFramework("custom-resource-definition") f := framework.NewDefaultFramework("custom-resource-definition")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.Context("Simple CustomResourceDefinition", func() { ginkgo.Context("Simple CustomResourceDefinition", func() {
/* /*

View File

@ -28,6 +28,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/utils/crd" "k8s.io/kubernetes/test/utils/crd"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -35,6 +36,7 @@ import (
var storageVersionServerVersion = utilversion.MustParseSemantic("v1.13.99") var storageVersionServerVersion = utilversion.MustParseSemantic("v1.13.99")
var _ = SIGDescribe("Discovery", func() { var _ = SIGDescribe("Discovery", func() {
f := framework.NewDefaultFramework("discovery") f := framework.NewDefaultFramework("discovery")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var namespaceName string var namespaceName string

View File

@ -31,6 +31,7 @@ import (
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -38,6 +39,7 @@ import (
var _ = SIGDescribe("Etcd failure [Disruptive]", func() { var _ = SIGDescribe("Etcd failure [Disruptive]", func() {
f := framework.NewDefaultFramework("etcd-failure") f := framework.NewDefaultFramework("etcd-failure")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
// This test requires: // This test requires:

View File

@ -39,6 +39,7 @@ import (
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
clientsideflowcontrol "k8s.io/client-go/util/flowcontrol" clientsideflowcontrol "k8s.io/client-go/util/flowcontrol"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -52,6 +53,7 @@ var (
var _ = SIGDescribe("API priority and fairness", func() { var _ = SIGDescribe("API priority and fairness", func() {
f := framework.NewDefaultFramework("apf") f := framework.NewDefaultFramework("apf")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should ensure that requests can be classified by adding FlowSchema and PriorityLevelConfiguration", func() { ginkgo.It("should ensure that requests can be classified by adding FlowSchema and PriorityLevelConfiguration", func() {
testingFlowSchemaName := "e2e-testing-flowschema" testingFlowSchemaName := "e2e-testing-flowschema"

View File

@ -214,6 +214,7 @@ func newTestingCronJob(name string, value string) *batchv1.CronJob {
var _ = SIGDescribe("Generated clientset", func() { var _ = SIGDescribe("Generated clientset", func() {
f := framework.NewDefaultFramework("clientset") f := framework.NewDefaultFramework("clientset")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should create v1 cronJobs, delete cronJobs, watch cronJobs", func() { ginkgo.It("should create v1 cronJobs, delete cronJobs, watch cronJobs", func() {
cronJobClient := f.ClientSet.BatchV1().CronJobs(f.Namespace.Name) cronJobClient := f.ClientSet.BatchV1().CronJobs(f.Namespace.Name)

View File

@ -27,6 +27,7 @@ import (
clientset "k8s.io/client-go/kubernetes" clientset "k8s.io/client-go/kubernetes"
restclient "k8s.io/client-go/rest" restclient "k8s.io/client-go/rest"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -116,6 +117,7 @@ func testPath(client clientset.Interface, path string, requiredChecks sets.Strin
var _ = SIGDescribe("health handlers", func() { var _ = SIGDescribe("health handlers", func() {
f := framework.NewDefaultFramework("health") f := framework.NewDefaultFramework("health")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should contain necessary checks", func() { ginkgo.It("should contain necessary checks", func() {
ginkgo.By("/health") ginkgo.By("/health")

View File

@ -29,12 +29,14 @@ import (
"k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
admissionapi "k8s.io/pod-security-admission/api"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
) )
var _ = SIGDescribe("client-go should negotiate", func() { var _ = SIGDescribe("client-go should negotiate", func() {
f := framework.NewDefaultFramework("protocol") f := framework.NewDefaultFramework("protocol")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
for _, s := range []string{ for _, s := range []string{
"application/json", "application/json",

View File

@ -24,6 +24,7 @@ import (
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -32,6 +33,7 @@ const (
var _ = SIGDescribe("Server request timeout", func() { var _ = SIGDescribe("Server request timeout", func() {
f := framework.NewDefaultFramework("request-timeout") f := framework.NewDefaultFramework("request-timeout")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should return HTTP status code 400 if the user specifies an invalid timeout in the request URL", func() { ginkgo.It("should return HTTP status code 400 if the user specifies an invalid timeout in the request URL", func() {
rt := getRoundTripper(f) rt := getRoundTripper(f)

View File

@ -21,12 +21,14 @@ import (
"k8s.io/apimachinery/pkg/version" "k8s.io/apimachinery/pkg/version"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = SIGDescribe("server version", func() { var _ = SIGDescribe("server version", func() {
f := framework.NewDefaultFramework("server-version") f := framework.NewDefaultFramework("server-version")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.19 Release: v1.19

View File

@ -25,6 +25,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -37,6 +38,7 @@ const (
// This test requires that --feature-gates=APIServerIdentity=true,StorageVersionAPI=true be set on the apiserver and the controller manager // This test requires that --feature-gates=APIServerIdentity=true,StorageVersionAPI=true be set on the apiserver and the controller manager
var _ = SIGDescribe("StorageVersion resources [Feature:StorageVersionAPI]", func() { var _ = SIGDescribe("StorageVersion resources [Feature:StorageVersionAPI]", func() {
f := framework.NewDefaultFramework("storage-version") f := framework.NewDefaultFramework("storage-version")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("storage version with non-existing id should be GC'ed", func() { ginkgo.It("storage version with non-existing id should be GC'ed", func() {
client := f.ClientSet client := f.ClientSet

View File

@ -31,6 +31,7 @@ import (
cachetools "k8s.io/client-go/tools/cache" cachetools "k8s.io/client-go/tools/cache"
watchtools "k8s.io/client-go/tools/watch" watchtools "k8s.io/client-go/tools/watch"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -47,6 +48,7 @@ const (
var _ = SIGDescribe("Watchers", func() { var _ = SIGDescribe("Watchers", func() {
f := framework.NewDefaultFramework("watch") f := framework.NewDefaultFramework("watch")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.11 Release: v1.11

View File

@ -41,6 +41,7 @@ import (
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -204,6 +205,7 @@ func getContainerRestarts(c clientset.Interface, ns string, labelSelector labels
var _ = SIGDescribe("DaemonRestart [Disruptive]", func() { var _ = SIGDescribe("DaemonRestart [Disruptive]", func() {
f := framework.NewDefaultFramework("daemonrestart") f := framework.NewDefaultFramework("daemonrestart")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
rcName := "daemonrestart" + strconv.Itoa(numPods) + "-" + string(uuid.NewUUID()) rcName := "daemonrestart" + strconv.Itoa(numPods) + "-" + string(uuid.NewUUID())
labelSelector := labels.Set(map[string]string{"name": rcName}).AsSelector() labelSelector := labels.Set(map[string]string{"name": rcName}).AsSelector()
existingPods := cache.NewStore(cache.MetaNamespaceKeyFunc) existingPods := cache.NewStore(cache.MetaNamespaceKeyFunc)

View File

@ -76,6 +76,7 @@ var _ = SIGDescribe("DisruptionController", func() {
ginkgo.Context("Listing PodDisruptionBudgets for all namespaces", func() { ginkgo.Context("Listing PodDisruptionBudgets for all namespaces", func() {
anotherFramework := framework.NewDefaultFramework("disruption-2") anotherFramework := framework.NewDefaultFramework("disruption-2")
anotherFramework.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release : v1.21 Release : v1.21

View File

@ -23,10 +23,12 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = SIGDescribe("Conformance Tests", func() { var _ = SIGDescribe("Conformance Tests", func() {
f := framework.NewDefaultFramework("conformance-tests") f := framework.NewDefaultFramework("conformance-tests")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.23 Release: v1.23

View File

@ -42,10 +42,12 @@ import (
"k8s.io/client-go/util/certificate/csr" "k8s.io/client-go/util/certificate/csr"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/utils" "k8s.io/kubernetes/test/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() { var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() {
f := framework.NewDefaultFramework("certificates") f := framework.NewDefaultFramework("certificates")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.19 Release: v1.19

View File

@ -36,6 +36,7 @@ import (
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
utilpointer "k8s.io/utils/pointer" utilpointer "k8s.io/utils/pointer"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
@ -45,6 +46,7 @@ const nobodyUser = int64(65534)
var _ = SIGDescribe("PodSecurityPolicy [Feature:PodSecurityPolicy]", func() { var _ = SIGDescribe("PodSecurityPolicy [Feature:PodSecurityPolicy]", func() {
f := framework.NewDefaultFramework("podsecuritypolicy") f := framework.NewDefaultFramework("podsecuritypolicy")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
f.SkipPrivilegedPSPBinding = true f.SkipPrivilegedPSPBinding = true
// Client that will impersonate the default service account, in order to run // Client that will impersonate the default service account, in order to run

View File

@ -27,12 +27,14 @@ import (
e2eautoscaling "k8s.io/kubernetes/test/e2e/framework/autoscaling" e2eautoscaling "k8s.io/kubernetes/test/e2e/framework/autoscaling"
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = SIGDescribe("[Feature:ClusterSizeAutoscalingScaleUp] [Slow] Autoscaling", func() { var _ = SIGDescribe("[Feature:ClusterSizeAutoscalingScaleUp] [Slow] Autoscaling", func() {
f := framework.NewDefaultFramework("autoscaling") f := framework.NewDefaultFramework("autoscaling")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.Describe("Autoscaling a service", func() { ginkgo.Describe("Autoscaling a service", func() {
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {

View File

@ -37,6 +37,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -61,6 +62,7 @@ type scaleUpTestConfig struct {
var _ = SIGDescribe("Cluster size autoscaler scalability [Slow]", func() { var _ = SIGDescribe("Cluster size autoscaler scalability [Slow]", func() {
f := framework.NewDefaultFramework("autoscaling") f := framework.NewDefaultFramework("autoscaling")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var c clientset.Interface var c clientset.Interface
var nodeCount int var nodeCount int
var coresPerNode int var coresPerNode int

View File

@ -53,6 +53,7 @@ import (
"k8s.io/kubernetes/test/e2e/scheduling" "k8s.io/kubernetes/test/e2e/scheduling"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -92,6 +93,7 @@ const (
var _ = SIGDescribe("Cluster size autoscaling [Slow]", func() { var _ = SIGDescribe("Cluster size autoscaling [Slow]", func() {
f := framework.NewDefaultFramework("autoscaling") f := framework.NewDefaultFramework("autoscaling")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var c clientset.Interface var c clientset.Interface
var nodeCount int var nodeCount int
var memAllocatableMb int var memAllocatableMb int

View File

@ -33,6 +33,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/instrumentation/monitoring" "k8s.io/kubernetes/test/e2e/instrumentation/monitoring"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
@ -51,6 +52,7 @@ var _ = SIGDescribe("[HPA] Horizontal pod autoscaling (scale resource: Custom Me
}) })
f := framework.NewDefaultFramework("horizontal-pod-autoscaling") f := framework.NewDefaultFramework("horizontal-pod-autoscaling")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should scale down with Custom Metric of type Pod from Stackdriver [Feature:CustomMetricsAutoscaling]", func() { ginkgo.It("should scale down with Custom Metric of type Pod from Stackdriver [Feature:CustomMetricsAutoscaling]", func() {
initialReplicas := 2 initialReplicas := 2

View File

@ -33,6 +33,7 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -47,6 +48,7 @@ const (
var _ = SIGDescribe("DNS horizontal autoscaling", func() { var _ = SIGDescribe("DNS horizontal autoscaling", func() {
f := framework.NewDefaultFramework("dns-autoscaling") f := framework.NewDefaultFramework("dns-autoscaling")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var c clientset.Interface var c clientset.Interface
var previousParams map[string]string var previousParams map[string]string
var originDNSReplicasCount int var originDNSReplicasCount int

View File

@ -21,12 +21,14 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2eautoscaling "k8s.io/kubernetes/test/e2e/framework/autoscaling" e2eautoscaling "k8s.io/kubernetes/test/e2e/framework/autoscaling"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = SIGDescribe("[Feature:HPA] [Serial] [Slow] Horizontal pod autoscaling (non-default behavior)", func() { var _ = SIGDescribe("[Feature:HPA] [Serial] [Slow] Horizontal pod autoscaling (non-default behavior)", func() {
f := framework.NewDefaultFramework("horizontal-pod-autoscaling") f := framework.NewDefaultFramework("horizontal-pod-autoscaling")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.Describe("with short downscale stabilization window", func() { ginkgo.Describe("with short downscale stabilization window", func() {
ginkgo.It("should scale down soon after the stabilization period", func() { ginkgo.It("should scale down soon after the stabilization period", func() {

View File

@ -35,6 +35,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -217,6 +218,7 @@ var _ = SIGDescribe("Addon update", func() {
var dir string var dir string
var sshClient *ssh.Client var sshClient *ssh.Client
f := framework.NewDefaultFramework("addon-update-test") f := framework.NewDefaultFramework("addon-update-test")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
// This test requires: // This test requires:

View File

@ -23,6 +23,7 @@ import (
"k8s.io/kubernetes/test/e2e/upgrades" "k8s.io/kubernetes/test/e2e/upgrades"
"k8s.io/kubernetes/test/e2e/upgrades/apps" "k8s.io/kubernetes/test/e2e/upgrades/apps"
"k8s.io/kubernetes/test/utils/junit" "k8s.io/kubernetes/test/utils/junit"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -35,6 +36,7 @@ var upgradeTests = []upgrades.Test{
var _ = SIGDescribe("stateful Upgrade [Feature:StatefulUpgrade]", func() { var _ = SIGDescribe("stateful Upgrade [Feature:StatefulUpgrade]", func() {
f := framework.NewDefaultFramework("stateful-upgrade") f := framework.NewDefaultFramework("stateful-upgrade")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests)
ginkgo.Describe("stateful upgrade", func() { ginkgo.Describe("stateful upgrade", func() {

View File

@ -22,6 +22,7 @@ import (
"k8s.io/kubernetes/test/e2e/upgrades" "k8s.io/kubernetes/test/e2e/upgrades"
"k8s.io/kubernetes/test/e2e/upgrades/auth" "k8s.io/kubernetes/test/e2e/upgrades/auth"
"k8s.io/kubernetes/test/utils/junit" "k8s.io/kubernetes/test/utils/junit"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -32,6 +33,7 @@ var upgradeTests = []upgrades.Test{
var _ = SIGDescribe("ServiceAccount admission controller migration [Feature:BoundServiceAccountTokenVolume]", func() { var _ = SIGDescribe("ServiceAccount admission controller migration [Feature:BoundServiceAccountTokenVolume]", func() {
f := framework.NewDefaultFramework("serviceaccount-admission-controller-migration") f := framework.NewDefaultFramework("serviceaccount-admission-controller-migration")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests)
ginkgo.Describe("master upgrade", func() { ginkgo.Describe("master upgrade", func() {

View File

@ -26,6 +26,7 @@ import (
"k8s.io/kubernetes/test/e2e/upgrades/node" "k8s.io/kubernetes/test/e2e/upgrades/node"
"k8s.io/kubernetes/test/e2e/upgrades/storage" "k8s.io/kubernetes/test/e2e/upgrades/storage"
"k8s.io/kubernetes/test/utils/junit" "k8s.io/kubernetes/test/utils/junit"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -50,6 +51,7 @@ var upgradeTests = []upgrades.Test{
var _ = SIGDescribe("Upgrade [Feature:Upgrade]", func() { var _ = SIGDescribe("Upgrade [Feature:Upgrade]", func() {
f := framework.NewDefaultFramework("cluster-upgrade") f := framework.NewDefaultFramework("cluster-upgrade")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests)
// Create the frameworks here because we can only create them // Create the frameworks here because we can only create them
@ -88,6 +90,7 @@ var _ = SIGDescribe("Upgrade [Feature:Upgrade]", func() {
var _ = SIGDescribe("Downgrade [Feature:Downgrade]", func() { var _ = SIGDescribe("Downgrade [Feature:Downgrade]", func() {
f := framework.NewDefaultFramework("cluster-downgrade") f := framework.NewDefaultFramework("cluster-downgrade")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests)
ginkgo.Describe("cluster downgrade", func() { ginkgo.Describe("cluster downgrade", func() {

View File

@ -23,6 +23,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -30,6 +31,7 @@ import (
var _ = SIGDescribe("GKE node pools [Feature:GKENodePool]", func() { var _ = SIGDescribe("GKE node pools [Feature:GKENodePool]", func() {
f := framework.NewDefaultFramework("node-pools") f := framework.NewDefaultFramework("node-pools")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessProviderIs("gke") e2eskipper.SkipUnlessProviderIs("gke")

View File

@ -35,6 +35,7 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
admissionapi "k8s.io/pod-security-admission/api"
) )
func addMasterReplica(zone string) error { func addMasterReplica(zone string) error {
@ -161,6 +162,7 @@ func waitForMasters(masterPrefix string, c clientset.Interface, size int, timeou
var _ = SIGDescribe("HA-master [Feature:HAMaster]", func() { var _ = SIGDescribe("HA-master [Feature:HAMaster]", func() {
f := framework.NewDefaultFramework("ha-master") f := framework.NewDefaultFramework("ha-master")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var c clientset.Interface var c clientset.Interface
var ns string var ns string
var additionalReplicaZones []string var additionalReplicaZones []string

View File

@ -27,12 +27,14 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2ekubelet "k8s.io/kubernetes/test/e2e/framework/kubelet" e2ekubelet "k8s.io/kubernetes/test/e2e/framework/kubelet"
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = SIGDescribe("Ports Security Check [Feature:KubeletSecurity]", func() { var _ = SIGDescribe("Ports Security Check [Feature:KubeletSecurity]", func() {
f := framework.NewDefaultFramework("kubelet-security") f := framework.NewDefaultFramework("kubelet-security")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var node *v1.Node var node *v1.Node
var nodeName string var nodeName string

View File

@ -25,6 +25,7 @@ import (
"k8s.io/kubernetes/test/e2e/upgrades" "k8s.io/kubernetes/test/e2e/upgrades"
"k8s.io/kubernetes/test/e2e/upgrades/network" "k8s.io/kubernetes/test/e2e/upgrades/network"
"k8s.io/kubernetes/test/utils/junit" "k8s.io/kubernetes/test/utils/junit"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -45,6 +46,7 @@ func kubeProxyDaemonSetExtraEnvs(enableKubeProxyDaemonSet bool) []string {
var _ = SIGDescribe("kube-proxy migration [Feature:KubeProxyDaemonSetMigration]", func() { var _ = SIGDescribe("kube-proxy migration [Feature:KubeProxyDaemonSetMigration]", func() {
f := framework.NewDefaultFramework("kube-proxy-ds-migration") f := framework.NewDefaultFramework("kube-proxy-ds-migration")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
upgradeTestFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) upgradeTestFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests)
downgradeTestsFrameworks := upgrades.CreateUpgradeFrameworks(downgradeTests) downgradeTestsFrameworks := upgrades.CreateUpgradeFrameworks(downgradeTests)

View File

@ -22,6 +22,7 @@ import (
"k8s.io/kubernetes/test/e2e/upgrades" "k8s.io/kubernetes/test/e2e/upgrades"
"k8s.io/kubernetes/test/e2e/upgrades/node" "k8s.io/kubernetes/test/e2e/upgrades/node"
"k8s.io/kubernetes/test/utils/junit" "k8s.io/kubernetes/test/utils/junit"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -32,6 +33,7 @@ var upgradeTests = []upgrades.Test{
var _ = SIGDescribe("gpu Upgrade [Feature:GPUUpgrade]", func() { var _ = SIGDescribe("gpu Upgrade [Feature:GPUUpgrade]", func() {
f := framework.NewDefaultFramework("gpu-upgrade") f := framework.NewDefaultFramework("gpu-upgrade")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests)
ginkgo.Describe("master upgrade", func() { ginkgo.Describe("master upgrade", func() {

View File

@ -29,6 +29,7 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"github.com/onsi/gomega" "github.com/onsi/gomega"
@ -36,6 +37,7 @@ import (
var _ = SIGDescribe("[Disruptive]NodeLease", func() { var _ = SIGDescribe("[Disruptive]NodeLease", func() {
f := framework.NewDefaultFramework("node-lease-test") f := framework.NewDefaultFramework("node-lease-test")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var systemPodsNo int32 var systemPodsNo int32
var c clientset.Interface var c clientset.Interface
var ns string var ns string

View File

@ -35,6 +35,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -91,6 +92,7 @@ var _ = SIGDescribe("Reboot [Disruptive] [Feature:Reboot]", func() {
}) })
f = framework.NewDefaultFramework("reboot") f = framework.NewDefaultFramework("reboot")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("each node by ordering clean reboot and ensure they function upon restart", func() { ginkgo.It("each node by ordering clean reboot and ensure they function upon restart", func() {
// clean shutdown and restart // clean shutdown and restart

View File

@ -33,6 +33,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework/providers/gce" "k8s.io/kubernetes/test/e2e/framework/providers/gce"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -43,6 +44,7 @@ const (
var _ = SIGDescribe("Recreate [Feature:Recreate]", func() { var _ = SIGDescribe("Recreate [Feature:Recreate]", func() {
f := framework.NewDefaultFramework("recreate") f := framework.NewDefaultFramework("recreate")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var originalNodes []v1.Node var originalNodes []v1.Node
var originalPodNames []string var originalPodNames []string
var ps *testutils.PodStore var ps *testutils.PodStore

View File

@ -29,6 +29,7 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -45,6 +46,7 @@ func resizeRC(c clientset.Interface, ns, name string, replicas int32) error {
var _ = SIGDescribe("Nodes [Disruptive]", func() { var _ = SIGDescribe("Nodes [Disruptive]", func() {
f := framework.NewDefaultFramework("resize-nodes") f := framework.NewDefaultFramework("resize-nodes")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var systemPodsNo int32 var systemPodsNo int32
var c clientset.Interface var c clientset.Interface
var ns string var ns string

View File

@ -29,6 +29,7 @@ import (
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -43,6 +44,7 @@ func nodeNames(nodes []v1.Node) []string {
var _ = SIGDescribe("Restart [Disruptive]", func() { var _ = SIGDescribe("Restart [Disruptive]", func() {
f := framework.NewDefaultFramework("restart") f := framework.NewDefaultFramework("restart")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ps *testutils.PodStore var ps *testutils.PodStore
var originalNodes []v1.Node var originalNodes []v1.Node
var originalPodNames []string var originalPodNames []string

View File

@ -27,12 +27,14 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = SIGDescribe("[Feature:CloudProvider][Disruptive] Nodes", func() { var _ = SIGDescribe("[Feature:CloudProvider][Disruptive] Nodes", func() {
f := framework.NewDefaultFramework("cloudprovider") f := framework.NewDefaultFramework("cloudprovider")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var c clientset.Interface var c clientset.Interface
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {

View File

@ -30,6 +30,7 @@ import (
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/strategicpatch" "k8s.io/apimachinery/pkg/util/strategicpatch"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
admissionapi "k8s.io/pod-security-admission/api"
"k8s.io/utils/pointer" "k8s.io/utils/pointer"
) )
@ -51,6 +52,7 @@ func getPatchBytes(oldLease, newLease *coordinationv1.Lease) ([]byte, error) {
var _ = SIGDescribe("Lease", func() { var _ = SIGDescribe("Lease", func() {
f := framework.NewDefaultFramework("lease-test") f := framework.NewDefaultFramework("lease-test")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.17 Release: v1.17

View File

@ -31,6 +31,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"github.com/onsi/gomega" "github.com/onsi/gomega"
@ -39,6 +40,7 @@ import (
var _ = SIGDescribe("NodeLease", func() { var _ = SIGDescribe("NodeLease", func() {
var nodeName string var nodeName string
f := framework.NewDefaultFramework("node-lease-test") f := framework.NewDefaultFramework("node-lease-test")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
node, err := e2enode.GetRandomReadySchedulableNode(f.ClientSet) node, err := e2enode.GetRandomReadySchedulableNode(f.ClientSet)

View File

@ -31,6 +31,7 @@ import (
"k8s.io/client-go/util/retry" "k8s.io/client-go/util/retry"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -42,6 +43,7 @@ const (
var _ = SIGDescribe("PodTemplates", func() { var _ = SIGDescribe("PodTemplates", func() {
f := framework.NewDefaultFramework("podtemplate") f := framework.NewDefaultFramework("podtemplate")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.19 Release: v1.19
Testname: PodTemplate lifecycle Testname: PodTemplate lifecycle

View File

@ -27,12 +27,14 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = SIGDescribe("Downward API [Serial] [Disruptive] [NodeFeature:EphemeralStorage]", func() { var _ = SIGDescribe("Downward API [Serial] [Disruptive] [NodeFeature:EphemeralStorage]", func() {
f := framework.NewDefaultFramework("downward-api") f := framework.NewDefaultFramework("downward-api")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.Context("Downward API tests for local ephemeral storage", func() { ginkgo.Context("Downward API tests for local ephemeral storage", func() {
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {

View File

@ -26,6 +26,7 @@ import (
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/instrumentation/common" "k8s.io/kubernetes/test/e2e/instrumentation/common"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
@ -38,6 +39,7 @@ const (
var _ = common.SIGDescribe("Events", func() { var _ = common.SIGDescribe("Events", func() {
f := framework.NewDefaultFramework("events") f := framework.NewDefaultFramework("events")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.20 Release: v1.20

View File

@ -32,6 +32,7 @@ import (
typedeventsv1 "k8s.io/client-go/kubernetes/typed/events/v1" typedeventsv1 "k8s.io/client-go/kubernetes/typed/events/v1"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/instrumentation/common" "k8s.io/kubernetes/test/e2e/instrumentation/common"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
@ -75,6 +76,7 @@ func eventExistsInList(client typedeventsv1.EventInterface, namespace, name stri
var _ = common.SIGDescribe("Events API", func() { var _ = common.SIGDescribe("Events API", func() {
f := framework.NewDefaultFramework("events") f := framework.NewDefaultFramework("events")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var coreClient corev1.EventInterface var coreClient corev1.EventInterface
var client typedeventsv1.EventInterface var client typedeventsv1.EventInterface
var clientAllNamespaces typedeventsv1.EventInterface var clientAllNamespaces typedeventsv1.EventInterface

View File

@ -29,6 +29,7 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common" instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -42,6 +43,7 @@ var _ = e2econfig.AddOptions(&loggingSoak, "instrumentation.logging.soak")
var _ = instrumentation.SIGDescribe("Logging soak [Performance] [Slow] [Disruptive]", func() { var _ = instrumentation.SIGDescribe("Logging soak [Performance] [Slow] [Disruptive]", func() {
f := framework.NewDefaultFramework("logging-soak") f := framework.NewDefaultFramework("logging-soak")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
// Not a global constant (irrelevant outside this test), also not a parameter (if you want more logs, use --scale=). // Not a global constant (irrelevant outside this test), also not a parameter (if you want more logs, use --scale=).
kbRateInSeconds := 1 * time.Second kbRateInSeconds := 1 * time.Second

View File

@ -31,6 +31,7 @@ import (
instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common" instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common"
"k8s.io/kubernetes/test/e2e/scheduling" "k8s.io/kubernetes/test/e2e/scheduling"
"k8s.io/kubernetes/test/utils/image" "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
@ -52,6 +53,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() {
}) })
f := framework.NewDefaultFramework("stackdriver-monitoring") f := framework.NewDefaultFramework("stackdriver-monitoring")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should have accelerator metrics [Feature:StackdriverAcceleratorMonitoring]", func() { ginkgo.It("should have accelerator metrics [Feature:StackdriverAcceleratorMonitoring]", func() {
testStackdriverAcceleratorMonitoring(f) testStackdriverAcceleratorMonitoring(f)

View File

@ -35,6 +35,7 @@ import (
instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common" instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common"
customclient "k8s.io/metrics/pkg/client/custom_metrics" customclient "k8s.io/metrics/pkg/client/custom_metrics"
externalclient "k8s.io/metrics/pkg/client/external_metrics" externalclient "k8s.io/metrics/pkg/client/external_metrics"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
@ -53,6 +54,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() {
}) })
f := framework.NewDefaultFramework("stackdriver-monitoring") f := framework.NewDefaultFramework("stackdriver-monitoring")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should run Custom Metrics - Stackdriver Adapter for old resource model [Feature:StackdriverCustomMetrics]", func() { ginkgo.It("should run Custom Metrics - Stackdriver Adapter for old resource model [Feature:StackdriverCustomMetrics]", func() {
kubeClient := f.ClientSet kubeClient := f.ClientSet

View File

@ -30,10 +30,12 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common" instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = instrumentation.SIGDescribe("MetricsGrabber", func() { var _ = instrumentation.SIGDescribe("MetricsGrabber", func() {
f := framework.NewDefaultFramework("metrics-grabber") f := framework.NewDefaultFramework("metrics-grabber")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var c, ec clientset.Interface var c, ec clientset.Interface
var grabber *e2emetrics.Grabber var grabber *e2emetrics.Grabber
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {

View File

@ -28,6 +28,7 @@ import (
e2eautoscaling "k8s.io/kubernetes/test/e2e/framework/autoscaling" e2eautoscaling "k8s.io/kubernetes/test/e2e/framework/autoscaling"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common" instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
@ -65,6 +66,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() {
}) })
f := framework.NewDefaultFramework("stackdriver-monitoring") f := framework.NewDefaultFramework("stackdriver-monitoring")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should have cluster metrics [Feature:StackdriverMonitoring]", func() { ginkgo.It("should have cluster metrics [Feature:StackdriverMonitoring]", func() {
testStackdriverMonitoring(f, 1, 100, 200) testStackdriverMonitoring(f, 1, 100, 200)

View File

@ -31,6 +31,7 @@ import (
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common" instrumentation "k8s.io/kubernetes/test/e2e/instrumentation/common"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
@ -50,6 +51,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() {
}) })
f := framework.NewDefaultFramework("stackdriver-monitoring") f := framework.NewDefaultFramework("stackdriver-monitoring")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var kubeClient clientset.Interface var kubeClient clientset.Interface
ginkgo.It("should run Stackdriver Metadata Agent [Feature:StackdriverMetadataAgent]", func() { ginkgo.It("should run Stackdriver Metadata Agent [Feature:StackdriverMetadataAgent]", func() {

View File

@ -26,6 +26,7 @@ import (
bootstrapapi "k8s.io/cluster-bootstrap/token/api" bootstrapapi "k8s.io/cluster-bootstrap/token/api"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/lifecycle" "k8s.io/kubernetes/test/e2e/lifecycle"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -41,6 +42,7 @@ var _ = lifecycle.SIGDescribe("[Feature:BootstrapTokens]", func() {
var c clientset.Interface var c clientset.Interface
f := framework.NewDefaultFramework("bootstrap-signer") f := framework.NewDefaultFramework("bootstrap-signer")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.AfterEach(func() { ginkgo.AfterEach(func() {
if len(secretNeedClean) > 0 { if len(secretNeedClean) > 0 {
ginkgo.By("delete the bootstrap token secret") ginkgo.By("delete the bootstrap token secret")

View File

@ -27,6 +27,7 @@ import (
bootstrapapi "k8s.io/cluster-bootstrap/token/api" bootstrapapi "k8s.io/cluster-bootstrap/token/api"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/lifecycle" "k8s.io/kubernetes/test/e2e/lifecycle"
admissionapi "k8s.io/pod-security-admission/api"
) )
var secretNeedClean string var secretNeedClean string
@ -35,6 +36,7 @@ var _ = lifecycle.SIGDescribe("[Feature:BootstrapTokens]", func() {
var c clientset.Interface var c clientset.Interface
f := framework.NewDefaultFramework("bootstrap-token-cleaner") f := framework.NewDefaultFramework("bootstrap-token-cleaner")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
c = f.ClientSet c = f.ClientSet

View File

@ -36,6 +36,7 @@ import (
e2epod "k8s.io/kubernetes/test/e2e/framework/pod" e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
dnsclient "k8s.io/kubernetes/third_party/forked/golang/net" dnsclient "k8s.io/kubernetes/third_party/forked/golang/net"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"github.com/onsi/gomega" "github.com/onsi/gomega"
@ -59,8 +60,10 @@ type dnsTestCommon struct {
} }
func newDNSTestCommon() dnsTestCommon { func newDNSTestCommon() dnsTestCommon {
framework := framework.NewDefaultFramework("dns-config-map")
framework.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
return dnsTestCommon{ return dnsTestCommon{
f: framework.NewDefaultFramework("dns-config-map"), f: framework,
ns: "kube-system", ns: "kube-system",
} }
} }

View File

@ -30,6 +30,7 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -43,6 +44,7 @@ const (
var _ = common.SIGDescribe("[Feature:PerformanceDNS][Serial]", func() { var _ = common.SIGDescribe("[Feature:PerformanceDNS][Serial]", func() {
f := framework.NewDefaultFramework("performancedns") f := framework.NewDefaultFramework("performancedns")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
framework.ExpectNoError(framework.WaitForAllNodesSchedulable(f.ClientSet, framework.TestContext.NodeSchedulableTimeout)) framework.ExpectNoError(framework.WaitForAllNodesSchedulable(f.ClientSet, framework.TestContext.NodeSchedulableTimeout))

View File

@ -38,12 +38,14 @@ import (
e2eservice "k8s.io/kubernetes/test/e2e/framework/service" e2eservice "k8s.io/kubernetes/test/e2e/framework/service"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
netutils "k8s.io/utils/net" netutils "k8s.io/utils/net"
) )
// Tests for ipv4-ipv6 dual-stack feature // Tests for ipv4-ipv6 dual-stack feature
var _ = common.SIGDescribe("[Feature:IPv6DualStack]", func() { var _ = common.SIGDescribe("[Feature:IPv6DualStack]", func() {
f := framework.NewDefaultFramework("dualstack") f := framework.NewDefaultFramework("dualstack")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var cs clientset.Interface var cs clientset.Interface
var podClient *framework.PodClient var podClient *framework.PodClient

View File

@ -29,10 +29,12 @@ import (
clientset "k8s.io/client-go/kubernetes" clientset "k8s.io/client-go/kubernetes"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = common.SIGDescribe("EndpointSliceMirroring", func() { var _ = common.SIGDescribe("EndpointSliceMirroring", func() {
f := framework.NewDefaultFramework("endpointslicemirroring") f := framework.NewDefaultFramework("endpointslicemirroring")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var cs clientset.Interface var cs clientset.Interface

View File

@ -38,6 +38,7 @@ import (
e2eservice "k8s.io/kubernetes/test/e2e/framework/service" e2eservice "k8s.io/kubernetes/test/e2e/framework/service"
e2etestfiles "k8s.io/kubernetes/test/e2e/framework/testfiles" e2etestfiles "k8s.io/kubernetes/test/e2e/framework/testfiles"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -57,6 +58,7 @@ except:
var _ = common.SIGDescribe("ClusterDns [Feature:Example]", func() { var _ = common.SIGDescribe("ClusterDns [Feature:Example]", func() {
f := framework.NewDefaultFramework("cluster-dns") f := framework.NewDefaultFramework("cluster-dns")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var c clientset.Interface var c clientset.Interface
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {

View File

@ -39,6 +39,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
gcecloud "k8s.io/legacy-cloud-providers/gce" gcecloud "k8s.io/legacy-cloud-providers/gce"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -53,6 +54,7 @@ const (
var _ = common.SIGDescribe("Firewall rule", func() { var _ = common.SIGDescribe("Firewall rule", func() {
var firewallTestName = "firewall-test" var firewallTestName = "firewall-test"
f := framework.NewDefaultFramework(firewallTestName) f := framework.NewDefaultFramework(firewallTestName)
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var cs clientset.Interface var cs clientset.Interface
var cloudConfig framework.CloudConfig var cloudConfig framework.CloudConfig

View File

@ -537,6 +537,7 @@ func detectNegAnnotation(f *framework.Framework, jig *e2eingress.TestJig, gceCon
var _ = common.SIGDescribe("Ingress API", func() { var _ = common.SIGDescribe("Ingress API", func() {
f := framework.NewDefaultFramework("ingress") f := framework.NewDefaultFramework("ingress")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.19 Release: v1.19
Testname: Ingress API Testname: Ingress API

View File

@ -21,6 +21,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
"k8s.io/kubernetes/test/e2e/network/scale" "k8s.io/kubernetes/test/e2e/network/scale"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -31,6 +32,7 @@ var _ = common.SIGDescribe("Loadbalancing: L7 Scalability", func() {
ns string ns string
) )
f := framework.NewDefaultFramework("ingress-scale") f := framework.NewDefaultFramework("ingress-scale")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
ns = f.Namespace.Name ns = f.Namespace.Name

View File

@ -31,6 +31,7 @@ import (
clientset "k8s.io/client-go/kubernetes" clientset "k8s.io/client-go/kubernetes"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
admissionapi "k8s.io/pod-security-admission/api"
utilpointer "k8s.io/utils/pointer" utilpointer "k8s.io/utils/pointer"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
@ -38,6 +39,7 @@ import (
var _ = common.SIGDescribe("IngressClass [Feature:Ingress]", func() { var _ = common.SIGDescribe("IngressClass [Feature:Ingress]", func() {
f := framework.NewDefaultFramework("ingressclass") f := framework.NewDefaultFramework("ingressclass")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var cs clientset.Interface var cs clientset.Interface
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
cs = f.ClientSet cs = f.ClientSet
@ -181,6 +183,7 @@ func deleteIngressClass(cs clientset.Interface, name string) {
var _ = common.SIGDescribe("IngressClass API", func() { var _ = common.SIGDescribe("IngressClass API", func() {
f := framework.NewDefaultFramework("ingressclass") f := framework.NewDefaultFramework("ingressclass")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var cs clientset.Interface var cs clientset.Interface
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
cs = f.ClientSet cs = f.ClientSet

View File

@ -1733,6 +1733,7 @@ var _ = common.SIGDescribe("NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly][
var podServer *v1.Pod var podServer *v1.Pod
var podServerLabelSelector string var podServerLabelSelector string
f := framework.NewDefaultFramework("sctp-network-policy") f := framework.NewDefaultFramework("sctp-network-policy")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
// Windows does not support network policies. // Windows does not support network policies.
@ -2186,6 +2187,7 @@ func cleanupNetworkPolicy(f *framework.Framework, policy *networkingv1.NetworkPo
var _ = common.SIGDescribe("NetworkPolicy API", func() { var _ = common.SIGDescribe("NetworkPolicy API", func() {
f := framework.NewDefaultFramework("networkpolicies") f := framework.NewDefaultFramework("networkpolicies")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.20 Release: v1.20
Testname: NetworkPolicies API Testname: NetworkPolicies API

View File

@ -33,6 +33,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
admissionapi "k8s.io/pod-security-admission/api"
utilnet "k8s.io/utils/net" utilnet "k8s.io/utils/net"
) )
@ -116,6 +117,7 @@ and what is happening in practice:
var _ = common.SIGDescribe("Netpol", func() { var _ = common.SIGDescribe("Netpol", func() {
f := framework.NewDefaultFramework("netpol") f := framework.NewDefaultFramework("netpol")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var model *Model var model *Model
ginkgo.Context("NetworkPolicy between server and client", func() { ginkgo.Context("NetworkPolicy between server and client", func() {
@ -1254,6 +1256,7 @@ var _ = common.SIGDescribe("Netpol", func() {
var _ = common.SIGDescribe("Netpol [LinuxOnly]", func() { var _ = common.SIGDescribe("Netpol [LinuxOnly]", func() {
f := framework.NewDefaultFramework("udp-network-policy") f := framework.NewDefaultFramework("udp-network-policy")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var model *Model var model *Model
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
// Windows does not support UDP testing via agnhost. // Windows does not support UDP testing via agnhost.
@ -1339,6 +1342,7 @@ var _ = common.SIGDescribe("Netpol [LinuxOnly]", func() {
var _ = common.SIGDescribe("Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive]", func() { var _ = common.SIGDescribe("Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive]", func() {
f := framework.NewDefaultFramework("sctp-network-policy") f := framework.NewDefaultFramework("sctp-network-policy")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var model *Model var model *Model
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
// Windows does not support network policies. // Windows does not support network policies.

View File

@ -25,6 +25,7 @@ import (
"k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
networkingv1 "k8s.io/api/networking/v1" networkingv1 "k8s.io/api/networking/v1"
@ -35,6 +36,7 @@ import (
var _ = common.SIGDescribe("Netpol API", func() { var _ = common.SIGDescribe("Netpol API", func() {
f := framework.NewDefaultFramework("netpol") f := framework.NewDefaultFramework("netpol")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.20 Release: v1.20
Testname: NetworkPolicies API Testname: NetworkPolicies API

View File

@ -34,12 +34,14 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
gcecloud "k8s.io/legacy-cloud-providers/gce" gcecloud "k8s.io/legacy-cloud-providers/gce"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = common.SIGDescribe("Services GCE [Slow]", func() { var _ = common.SIGDescribe("Services GCE [Slow]", func() {
f := framework.NewDefaultFramework("services") f := framework.NewDefaultFramework("services")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var cs clientset.Interface var cs clientset.Interface
serviceLBNames := []string{} serviceLBNames := []string{}

View File

@ -26,6 +26,7 @@ import (
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
admissionapi "k8s.io/pod-security-admission/api"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
@ -63,6 +64,7 @@ var (
// We use the [Feature:NoSNAT] tag so that most jobs will skip this test by default. // We use the [Feature:NoSNAT] tag so that most jobs will skip this test by default.
var _ = common.SIGDescribe("NoSNAT [Feature:NoSNAT] [Slow]", func() { var _ = common.SIGDescribe("NoSNAT [Feature:NoSNAT] [Slow]", func() {
f := framework.NewDefaultFramework("no-snat-test") f := framework.NewDefaultFramework("no-snat-test")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("Should be able to send traffic between Pods without SNAT", func() { ginkgo.It("Should be able to send traffic between Pods without SNAT", func() {
cs := f.ClientSet cs := f.ClientSet
pc := cs.CoreV1().Pods(f.Namespace.Name) pc := cs.CoreV1().Pods(f.Namespace.Name)

View File

@ -37,10 +37,12 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/network/common" "k8s.io/kubernetes/test/e2e/network/common"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = common.SIGDescribe("[Feature:Topology Hints]", func() { var _ = common.SIGDescribe("[Feature:Topology Hints]", func() {
f := framework.NewDefaultFramework("topology-hints") f := framework.NewDefaultFramework("topology-hints")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
// filled in BeforeEach // filled in BeforeEach
var c clientset.Interface var c clientset.Interface

View File

@ -33,6 +33,7 @@ import (
"k8s.io/kubernetes/test/e2e/perftype" "k8s.io/kubernetes/test/e2e/perftype"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -196,6 +197,7 @@ func verifyCPULimits(expected e2ekubelet.ContainersCPUSummary, actual e2ekubelet
var _ = SIGDescribe("Kubelet [Serial] [Slow]", func() { var _ = SIGDescribe("Kubelet [Serial] [Slow]", func() {
var nodeNames sets.String var nodeNames sets.String
f := framework.NewDefaultFramework("kubelet-perf") f := framework.NewDefaultFramework("kubelet-perf")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var om *e2ekubelet.RuntimeOperationMonitor var om *e2ekubelet.RuntimeOperationMonitor
var rm *e2ekubelet.ResourceMonitor var rm *e2ekubelet.ResourceMonitor

View File

@ -34,6 +34,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
testutils "k8s.io/kubernetes/test/utils" testutils "k8s.io/kubernetes/test/utils"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"github.com/onsi/gomega" "github.com/onsi/gomega"
@ -48,6 +49,7 @@ var _ = SIGDescribe("NodeProblemDetector", func() {
maxNodesToProcess = 10 maxNodesToProcess = 10
) )
f := framework.NewDefaultFramework("node-problem-detector") f := framework.NewDefaultFramework("node-problem-detector")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessSSHKeyPresent() e2eskipper.SkipUnlessSSHKeyPresent()

View File

@ -29,6 +29,7 @@ import (
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
) )
// This test requires that --terminated-pod-gc-threshold=100 be set on the controller manager // This test requires that --terminated-pod-gc-threshold=100 be set on the controller manager
@ -36,6 +37,7 @@ import (
// Slow by design (7 min) // Slow by design (7 min)
var _ = SIGDescribe("Pod garbage collector [Feature:PodGarbageCollector] [Slow]", func() { var _ = SIGDescribe("Pod garbage collector [Feature:PodGarbageCollector] [Slow]", func() {
f := framework.NewDefaultFramework("pod-garbage-collector") f := framework.NewDefaultFramework("pod-garbage-collector")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("should handle the creation of 1000 pods", func() { ginkgo.It("should handle the creation of 1000 pods", func() {
var count int var count int
for count < 1000 { for count < 1000 {

View File

@ -23,6 +23,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -32,6 +33,7 @@ const maxNodes = 100
var _ = SIGDescribe("SSH", func() { var _ = SIGDescribe("SSH", func() {
f := framework.NewDefaultFramework("ssh") f := framework.NewDefaultFramework("ssh")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
// When adding more providers here, also implement their functionality in e2essh.GetSigner(...). // When adding more providers here, also implement their functionality in e2essh.GetSigner(...).

View File

@ -39,6 +39,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
e2etestfiles "k8s.io/kubernetes/test/e2e/framework/testfiles" e2etestfiles "k8s.io/kubernetes/test/e2e/framework/testfiles"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
"github.com/onsi/gomega" "github.com/onsi/gomega"
@ -221,6 +222,7 @@ func logContainers(f *framework.Framework, pod *v1.Pod) {
var _ = SIGDescribe("[Feature:GPUDevicePlugin]", func() { var _ = SIGDescribe("[Feature:GPUDevicePlugin]", func() {
f := framework.NewDefaultFramework("device-plugin-gpus") f := framework.NewDefaultFramework("device-plugin-gpus")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("run Nvidia GPU Device Plugin tests", func() { ginkgo.It("run Nvidia GPU Device Plugin tests", func() {
testNvidiaGPUs(f) testNvidiaGPUs(f)
}) })
@ -322,6 +324,7 @@ var _ = SIGDescribe("GPUDevicePluginAcrossRecreate [Feature:Recreate]", func() {
e2eskipper.SkipUnlessProviderIs("gce", "gke") e2eskipper.SkipUnlessProviderIs("gce", "gke")
}) })
f := framework.NewDefaultFramework("device-plugin-gpus-recreate") f := framework.NewDefaultFramework("device-plugin-gpus-recreate")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.It("run Nvidia GPU Device Plugin tests with a recreation", func() { ginkgo.It("run Nvidia GPU Device Plugin tests with a recreation", func() {
testNvidiaGPUsJob(f) testNvidiaGPUsJob(f)
}) })

View File

@ -683,6 +683,7 @@ var _ = SIGDescribe("SchedulerPreemption [Serial]", func() {
ginkgo.Context("PriorityClass endpoints", func() { ginkgo.Context("PriorityClass endpoints", func() {
var cs clientset.Interface var cs clientset.Interface
f := framework.NewDefaultFramework("sched-preemption-path") f := framework.NewDefaultFramework("sched-preemption-path")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
testUUID := uuid.New().String() testUUID := uuid.New().String()
var pcs []*schedulingv1.PriorityClass var pcs []*schedulingv1.PriorityClass

View File

@ -28,12 +28,14 @@ import (
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
var _ = utils.SIGDescribe("CSIStorageCapacity", func() { var _ = utils.SIGDescribe("CSIStorageCapacity", func() {
f := framework.NewDefaultFramework("csistoragecapacity") f := framework.NewDefaultFramework("csistoragecapacity")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Release: v1.24 Release: v1.24

View File

@ -33,6 +33,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -45,6 +46,7 @@ var (
var _ = utils.SIGDescribe("[Feature:Flexvolumes] Detaching volumes", func() { var _ = utils.SIGDescribe("[Feature:Flexvolumes] Detaching volumes", func() {
f := framework.NewDefaultFramework("flexvolume") f := framework.NewDefaultFramework("flexvolume")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
// note that namespace deletion is handled by delete-namespace flag // note that namespace deletion is handled by delete-namespace flag

View File

@ -38,6 +38,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/testsuites" "k8s.io/kubernetes/test/e2e/storage/testsuites"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -61,6 +62,7 @@ var _ = utils.SIGDescribe("[Feature:Flexvolumes] Mounted flexvolume expand[Slow]
) )
f := framework.NewDefaultFramework("mounted-flexvolume-expand") f := framework.NewDefaultFramework("mounted-flexvolume-expand")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessProviderIs("aws", "gce", "local") e2eskipper.SkipUnlessProviderIs("aws", "gce", "local")
e2eskipper.SkipUnlessMasterOSDistroIs("debian", "ubuntu", "gci", "custom") e2eskipper.SkipUnlessMasterOSDistroIs("debian", "ubuntu", "gci", "custom")

View File

@ -37,6 +37,7 @@ import (
"k8s.io/kubernetes/test/e2e/storage/testsuites" "k8s.io/kubernetes/test/e2e/storage/testsuites"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = utils.SIGDescribe("[Feature:Flexvolumes] Mounted flexvolume volume expand [Slow]", func() { var _ = utils.SIGDescribe("[Feature:Flexvolumes] Mounted flexvolume volume expand [Slow]", func() {
@ -55,6 +56,7 @@ var _ = utils.SIGDescribe("[Feature:Flexvolumes] Mounted flexvolume volume expan
) )
f := framework.NewDefaultFramework("mounted-flexvolume-expand") f := framework.NewDefaultFramework("mounted-flexvolume-expand")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessProviderIs("aws", "gce", "local") e2eskipper.SkipUnlessProviderIs("aws", "gce", "local")
e2eskipper.SkipUnlessMasterOSDistroIs("debian", "ubuntu", "gci", "custom") e2eskipper.SkipUnlessMasterOSDistroIs("debian", "ubuntu", "gci", "custom")

View File

@ -30,10 +30,12 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/testsuites" "k8s.io/kubernetes/test/e2e/storage/testsuites"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = utils.SIGDescribe("GenericPersistentVolume[Disruptive]", func() { var _ = utils.SIGDescribe("GenericPersistentVolume[Disruptive]", func() {
f := framework.NewDefaultFramework("generic-disruptive-pv") f := framework.NewDefaultFramework("generic-disruptive-pv")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
c clientset.Interface c clientset.Interface
ns string ns string

View File

@ -26,6 +26,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
) )
@ -33,6 +34,7 @@ import (
var _ = utils.SIGDescribe("GKE local SSD [Feature:GKELocalSSD]", func() { var _ = utils.SIGDescribe("GKE local SSD [Feature:GKELocalSSD]", func() {
f := framework.NewDefaultFramework("localssd") f := framework.NewDefaultFramework("localssd")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessProviderIs("gke") e2eskipper.SkipUnlessProviderIs("gke")

View File

@ -28,6 +28,7 @@ import (
storagev1 "k8s.io/api/storage/v1" storagev1 "k8s.io/api/storage/v1"
"k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
admissionapi "k8s.io/pod-security-admission/api"
utilerrors "k8s.io/apimachinery/pkg/util/errors" utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
@ -58,6 +59,7 @@ var _ = utils.SIGDescribe("Mounted volume expand [Feature:StorageProvider]", fun
) )
f := framework.NewDefaultFramework("mounted-volume-expand") f := framework.NewDefaultFramework("mounted-volume-expand")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessProviderIs("aws", "gce") e2eskipper.SkipUnlessProviderIs("aws", "gce")
c = f.ClientSet c = f.ClientSet

View File

@ -39,6 +39,7 @@ import (
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume" e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
type testBody func(c clientset.Interface, f *framework.Framework, clientPod *v1.Pod) type testBody func(c clientset.Interface, f *framework.Framework, clientPod *v1.Pod)
@ -77,6 +78,7 @@ func checkForControllerManagerHealthy(duration time.Duration) error {
var _ = utils.SIGDescribe("NFSPersistentVolumes[Disruptive][Flaky]", func() { var _ = utils.SIGDescribe("NFSPersistentVolumes[Disruptive][Flaky]", func() {
f := framework.NewDefaultFramework("disruptive-pv") f := framework.NewDefaultFramework("disruptive-pv")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
c clientset.Interface c clientset.Interface
ns string ns string

View File

@ -48,6 +48,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -70,6 +71,7 @@ var _ = utils.SIGDescribe("Pod Disks [Feature:StorageProvider]", func() {
nodes *v1.NodeList nodes *v1.NodeList
) )
f := framework.NewDefaultFramework("pod-disks") f := framework.NewDefaultFramework("pod-disks")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessNodeCountIsAtLeast(minNodes) e2eskipper.SkipUnlessNodeCountIsAtLeast(minNodes)

View File

@ -32,6 +32,7 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
// verifyGCEDiskAttached performs a sanity check to verify the PD attached to the node // verifyGCEDiskAttached performs a sanity check to verify the PD attached to the node
@ -74,6 +75,7 @@ var _ = utils.SIGDescribe("PersistentVolumes GCEPD [Feature:StorageProvider]", f
) )
f := framework.NewDefaultFramework("pv") f := framework.NewDefaultFramework("pv")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
c = f.ClientSet c = f.ClientSet
ns = f.Namespace.Name ns = f.Namespace.Name

View File

@ -97,6 +97,7 @@ var _ = utils.SIGDescribe("PersistentVolumes", func() {
// global vars for the ginkgo.Context()s and ginkgo.It()'s below // global vars for the ginkgo.Context()s and ginkgo.It()'s below
f := framework.NewDefaultFramework("pv") f := framework.NewDefaultFramework("pv")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
c clientset.Interface c clientset.Interface
ns string ns string

View File

@ -32,6 +32,7 @@ import (
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = utils.SIGDescribe("PV Protection", func() { var _ = utils.SIGDescribe("PV Protection", func() {
@ -48,6 +49,7 @@ var _ = utils.SIGDescribe("PV Protection", func() {
) )
f := framework.NewDefaultFramework("pv-protection") f := framework.NewDefaultFramework("pv-protection")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
client = f.ClientSet client = f.ClientSet
nameSpace = f.Namespace.Name nameSpace = f.Namespace.Name

View File

@ -48,6 +48,7 @@ import (
"k8s.io/kubernetes/test/e2e/storage/testsuites" "k8s.io/kubernetes/test/e2e/storage/testsuites"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
imageutils "k8s.io/kubernetes/test/utils/image" imageutils "k8s.io/kubernetes/test/utils/image"
admissionapi "k8s.io/pod-security-admission/api"
) )
const ( const (
@ -60,6 +61,7 @@ const (
var _ = utils.SIGDescribe("Regional PD", func() { var _ = utils.SIGDescribe("Regional PD", func() {
f := framework.NewDefaultFramework("regional-pd") f := framework.NewDefaultFramework("regional-pd")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
// filled in BeforeEach // filled in BeforeEach
var c clientset.Interface var c clientset.Interface

View File

@ -34,6 +34,7 @@ import (
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume" e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
storageframework "k8s.io/kubernetes/test/e2e/storage/framework" storageframework "k8s.io/kubernetes/test/e2e/storage/framework"
storageutils "k8s.io/kubernetes/test/e2e/storage/utils" storageutils "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
type capacityTestSuite struct { type capacityTestSuite struct {
@ -89,6 +90,7 @@ func (p *capacityTestSuite) DefineTests(driver storageframework.TestDriver, patt
// Beware that it also registers an AfterEach which renders f unusable. Any code using // Beware that it also registers an AfterEach which renders f unusable. Any code using
// f must run inside an It or Context callback. // f must run inside an It or Context callback.
f := framework.NewFrameworkWithCustomTimeouts("capacity", storageframework.GetDriverTimeouts(driver)) f := framework.NewFrameworkWithCustomTimeouts("capacity", storageframework.GetDriverTimeouts(driver))
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
init := func() { init := func() {
dDriver, _ = driver.(storageframework.DynamicPVTestDriver) dDriver, _ = driver.(storageframework.DynamicPVTestDriver)

View File

@ -34,6 +34,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
storageframework "k8s.io/kubernetes/test/e2e/storage/framework" storageframework "k8s.io/kubernetes/test/e2e/storage/framework"
storageutils "k8s.io/kubernetes/test/e2e/storage/utils" storageutils "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
type volumeStressTestSuite struct { type volumeStressTestSuite struct {
@ -113,6 +114,7 @@ func (t *volumeStressTestSuite) DefineTests(driver storageframework.TestDriver,
// Beware that it also registers an AfterEach which renders f unusable. Any code using // Beware that it also registers an AfterEach which renders f unusable. Any code using
// f must run inside an It or Context callback. // f must run inside an It or Context callback.
f := framework.NewFrameworkWithCustomTimeouts("stress", storageframework.GetDriverTimeouts(driver)) f := framework.NewFrameworkWithCustomTimeouts("stress", storageframework.GetDriverTimeouts(driver))
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
init := func() { init := func() {
cs = f.ClientSet cs = f.ClientSet

View File

@ -37,6 +37,7 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
storageframework "k8s.io/kubernetes/test/e2e/storage/framework" storageframework "k8s.io/kubernetes/test/e2e/storage/framework"
admissionapi "k8s.io/pod-security-admission/api"
) )
type volumePerformanceTestSuite struct { type volumePerformanceTestSuite struct {
@ -126,6 +127,7 @@ func (t *volumePerformanceTestSuite) DefineTests(driver storageframework.TestDri
ClientBurst: 400, ClientBurst: 400,
} }
f := framework.NewFramework("volume-lifecycle-performance", frameworkOptions, nil) f := framework.NewFramework("volume-lifecycle-performance", frameworkOptions, nil)
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
f.AddAfterEach("cleanup", func(f *framework.Framework, failed bool) { f.AddAfterEach("cleanup", func(f *framework.Framework, failed bool) {
ginkgo.By("Closing informer channel") ginkgo.By("Closing informer channel")
close(l.stopCh) close(l.stopCh)

View File

@ -30,10 +30,12 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = utils.SIGDescribe("Multi-AZ Cluster Volumes", func() { var _ = utils.SIGDescribe("Multi-AZ Cluster Volumes", func() {
f := framework.NewDefaultFramework("multi-az") f := framework.NewDefaultFramework("multi-az")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var zoneCount int var zoneCount int
var err error var err error
image := framework.ServeHostnameImage image := framework.ServeHostnameImage

View File

@ -26,6 +26,7 @@ import (
e2enode "k8s.io/kubernetes/test/e2e/framework/node" e2enode "k8s.io/kubernetes/test/e2e/framework/node"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = utils.SIGDescribe("Volume limits", func() { var _ = utils.SIGDescribe("Volume limits", func() {
@ -33,6 +34,7 @@ var _ = utils.SIGDescribe("Volume limits", func() {
c clientset.Interface c clientset.Interface
) )
f := framework.NewDefaultFramework("volume-limits-on-node") f := framework.NewDefaultFramework("volume-limits-on-node")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
e2eskipper.SkipUnlessProviderIs("aws", "gce", "gke") e2eskipper.SkipUnlessProviderIs("aws", "gce", "gke")
// If CSIMigration is enabled, then the limits should be on CSINodes, not Nodes, and another test checks this // If CSIMigration is enabled, then the limits should be on CSINodes, not Nodes, and another test checks this

View File

@ -30,6 +30,7 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
// Testing configurations of single a PV/PVC pair attached to a vSphere Disk // Testing configurations of single a PV/PVC pair attached to a vSphere Disk
@ -51,6 +52,7 @@ var _ = utils.SIGDescribe("PersistentVolumes:vsphere [Feature:vsphere]", func()
) )
f := framework.NewDefaultFramework("pv") f := framework.NewDefaultFramework("pv")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
/* /*
Test Setup Test Setup

View File

@ -31,10 +31,12 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
var _ = utils.SIGDescribe("PersistentVolumes [Feature:vsphere][Feature:ReclaimPolicy]", func() { var _ = utils.SIGDescribe("PersistentVolumes [Feature:vsphere][Feature:ReclaimPolicy]", func() {
f := framework.NewDefaultFramework("persistentvolumereclaim") f := framework.NewDefaultFramework("persistentvolumereclaim")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
c clientset.Interface c clientset.Interface
ns string ns string

View File

@ -28,6 +28,7 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
/* /*
@ -49,6 +50,7 @@ import (
*/ */
var _ = utils.SIGDescribe("PersistentVolumes [Feature:vsphere][Feature:LabelSelector]", func() { var _ = utils.SIGDescribe("PersistentVolumes [Feature:vsphere][Feature:LabelSelector]", func() {
f := framework.NewDefaultFramework("pvclabelselector") f := framework.NewDefaultFramework("pvclabelselector")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
c clientset.Interface c clientset.Interface
ns string ns string

View File

@ -33,6 +33,7 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
/* /*
@ -57,6 +58,7 @@ type NodeSelector struct {
var _ = utils.SIGDescribe("vcp at scale [Feature:vsphere] ", func() { var _ = utils.SIGDescribe("vcp at scale [Feature:vsphere] ", func() {
f := framework.NewDefaultFramework("vcp-at-scale") f := framework.NewDefaultFramework("vcp-at-scale")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
client clientset.Interface client clientset.Interface

View File

@ -30,6 +30,7 @@ import (
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
e2estatefulset "k8s.io/kubernetes/test/e2e/framework/statefulset" e2estatefulset "k8s.io/kubernetes/test/e2e/framework/statefulset"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
/* /*
@ -56,6 +57,7 @@ const (
var _ = utils.SIGDescribe("vsphere statefulset [Feature:vsphere]", func() { var _ = utils.SIGDescribe("vsphere statefulset [Feature:vsphere]", func() {
f := framework.NewDefaultFramework("vsphere-statefulset") f := framework.NewDefaultFramework("vsphere-statefulset")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
namespace string namespace string
client clientset.Interface client clientset.Interface

View File

@ -33,6 +33,7 @@ import (
e2epv "k8s.io/kubernetes/test/e2e/framework/pv" e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
"k8s.io/kubernetes/test/e2e/storage/utils" "k8s.io/kubernetes/test/e2e/storage/utils"
admissionapi "k8s.io/pod-security-admission/api"
) )
/* /*
@ -47,6 +48,7 @@ import (
*/ */
var _ = utils.SIGDescribe("vsphere cloud provider stress [Feature:vsphere]", func() { var _ = utils.SIGDescribe("vsphere cloud provider stress [Feature:vsphere]", func() {
f := framework.NewDefaultFramework("vcp-stress") f := framework.NewDefaultFramework("vcp-stress")
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
var ( var (
client clientset.Interface client clientset.Interface
namespace string namespace string

Some files were not shown because too many files have changed in this diff Show More