From e5cbc51d29db751f074653fbbf5eeac2238834db Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 10 May 2023 15:25:50 +0200 Subject: [PATCH 1/2] e2e framework: allow setting all PSa labels at once --- test/e2e/framework/framework.go | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index ecd54705939..e29e0edf58e 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -89,6 +89,12 @@ var ( // Framework supports common operations used by e2e tests; it will keep a client & a namespace for you. // Eventual goal is to merge this with integration test framework. +// +// You can configure the pod security level for your test by setting the `NamespacePodSecurityLevel` +// which will set all three of pod security admission enforce, warn and audit labels on the namespace. +// The default pod security profile is "restricted". +// Each of the labels can be overridden by using more specific NamespacePodSecurity* attributes of this +// struct. type Framework struct { BaseName string @@ -111,6 +117,9 @@ type Framework struct { namespacesToDelete []*v1.Namespace // Some tests have more than one. NamespaceDeletionTimeout time.Duration NamespacePodSecurityEnforceLevel admissionapi.Level // The pod security enforcement level for namespaces to be applied. + NamespacePodSecurityWarnLevel admissionapi.Level // The pod security warn (client logging) level for namespaces to be applied. + NamespacePodSecurityAuditLevel admissionapi.Level // The pod security audit (server logging) level for namespaces to be applied. + NamespacePodSecurityLevel admissionapi.Level // The pod security level to be used for all of enforcement, warn and audit. Can be rewritten by more specific configuration attributes. // Flaky operation failures in an e2e test can be captured through this. flakeReport *FlakeReport @@ -448,11 +457,9 @@ func (f *Framework) CreateNamespace(ctx context.Context, baseName string, labels labels = labelsCopy } - enforceLevel := admissionapi.LevelRestricted - if f.NamespacePodSecurityEnforceLevel != "" { - enforceLevel = f.NamespacePodSecurityEnforceLevel - } - labels[admissionapi.EnforceLevelLabel] = string(enforceLevel) + labels[admissionapi.EnforceLevelLabel] = firstNonEmptyPSaLevelOrRestricted(f.NamespacePodSecurityEnforceLevel, f.NamespacePodSecurityLevel) + labels[admissionapi.WarnLevelLabel] = firstNonEmptyPSaLevelOrRestricted(f.NamespacePodSecurityWarnLevel, f.NamespacePodSecurityLevel) + labels[admissionapi.AuditLevelLabel] = firstNonEmptyPSaLevelOrRestricted(f.NamespacePodSecurityAuditLevel, f.NamespacePodSecurityLevel) ns, err := createTestingNS(ctx, baseName, f.ClientSet, labels) // check ns instead of err to see if it's nil as we may @@ -481,6 +488,15 @@ func (f *Framework) CreateNamespace(ctx context.Context, baseName string, labels return ns, err } +func firstNonEmptyPSaLevelOrRestricted(levelConfig ...admissionapi.Level) string { + for _, l := range levelConfig { + if len(l) > 0 { + return string(l) + } + } + return string(admissionapi.LevelRestricted) +} + // createSecretFromDockerConfig creates a secret using the private image registry credentials. // The credentials are provided by --e2e-docker-config-file flag. func (f *Framework) createSecretFromDockerConfig(ctx context.Context, namespace string) (*v1.Secret, error) { From 7f532891c9c42500f75939fd931596cd42b1765b Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 10 May 2023 15:38:10 +0200 Subject: [PATCH 2/2] e2e tests: set all PSa labels instead of just enforcing --- test/e2e/apimachinery/aggregator.go | 2 +- test/e2e/apimachinery/apiserver_identity.go | 2 +- test/e2e/apimachinery/apply.go | 2 +- test/e2e/apimachinery/chunking.go | 2 +- .../apimachinery/crd_conversion_webhook.go | 2 +- test/e2e/apimachinery/crd_publish_openapi.go | 2 +- test/e2e/apimachinery/crd_validation_rules.go | 2 +- test/e2e/apimachinery/crd_watch.go | 2 +- .../custom_resource_definition.go | 2 +- test/e2e/apimachinery/discovery.go | 2 +- test/e2e/apimachinery/etcd_failure.go | 2 +- test/e2e/apimachinery/field_validation.go | 2 +- test/e2e/apimachinery/flowcontrol.go | 2 +- test/e2e/apimachinery/garbage_collector.go | 2 +- test/e2e/apimachinery/health_handlers.go | 2 +- test/e2e/apimachinery/namespace.go | 2 +- test/e2e/apimachinery/openapiv3.go | 2 +- test/e2e/apimachinery/protocol.go | 2 +- test/e2e/apimachinery/request_timeout.go | 2 +- test/e2e/apimachinery/resource_quota.go | 8 ++++---- test/e2e/apimachinery/server_version.go | 2 +- test/e2e/apimachinery/storage_version.go | 2 +- test/e2e/apimachinery/table_conversion.go | 2 +- .../apimachinery/validatingadmissionpolicy.go | 2 +- test/e2e/apimachinery/watch.go | 2 +- test/e2e/apimachinery/webhook.go | 2 +- test/e2e/apps/controller_revision.go | 2 +- test/e2e/apps/cronjob.go | 2 +- test/e2e/apps/daemon_restart.go | 2 +- test/e2e/apps/daemon_set.go | 2 +- test/e2e/apps/deployment.go | 2 +- test/e2e/apps/disruption.go | 4 ++-- test/e2e/apps/job.go | 2 +- test/e2e/apps/rc.go | 2 +- test/e2e/apps/replica_set.go | 2 +- test/e2e/apps/statefulset.go | 2 +- test/e2e/apps/ttl_after_finished.go | 2 +- test/e2e/architecture/conformance.go | 2 +- test/e2e/auth/certificates.go | 2 +- test/e2e/auth/node_authn.go | 2 +- test/e2e/auth/node_authz.go | 2 +- test/e2e/auth/selfsubjectreviews.go | 2 +- test/e2e/auth/service_accounts.go | 2 +- test/e2e/autoscaling/autoscaling_timer.go | 2 +- .../cluster_autoscaler_scalability.go | 2 +- .../autoscaling/cluster_size_autoscaling.go | 2 +- .../custom_metrics_stackdriver_autoscaling.go | 2 +- test/e2e/autoscaling/dns_autoscaling.go | 2 +- .../autoscaling/horizontal_pod_autoscaling.go | 4 ++-- .../horizontal_pod_autoscaling_behavior.go | 2 +- test/e2e/cloud/gcp/addon_update.go | 2 +- test/e2e/cloud/gcp/apps/stateful_apps.go | 2 +- ..._account_admission_controller_migration.go | 2 +- test/e2e/cloud/gcp/cluster_upgrade.go | 4 ++-- test/e2e/cloud/gcp/gke_node_pools.go | 2 +- test/e2e/cloud/gcp/ha_master.go | 2 +- test/e2e/cloud/gcp/kubelet_security.go | 2 +- .../cloud/gcp/network/kube_proxy_migration.go | 2 +- test/e2e/cloud/gcp/node/gpu.go | 2 +- test/e2e/cloud/gcp/node_lease.go | 2 +- test/e2e/cloud/gcp/reboot.go | 2 +- test/e2e/cloud/gcp/recreate_node.go | 2 +- test/e2e/cloud/gcp/resize_nodes.go | 2 +- test/e2e/cloud/gcp/restart.go | 2 +- test/e2e/cloud/nodes.go | 2 +- test/e2e/common/network/networking.go | 2 +- test/e2e/common/node/configmap.go | 2 +- test/e2e/common/node/container_probe.go | 2 +- test/e2e/common/node/containers.go | 2 +- test/e2e/common/node/downwardapi.go | 4 ++-- test/e2e/common/node/ephemeral_containers.go | 2 +- test/e2e/common/node/expansion.go | 2 +- .../common/node/image_credential_provider.go | 2 +- test/e2e/common/node/init_container.go | 2 +- test/e2e/common/node/kubelet.go | 2 +- test/e2e/common/node/kubelet_etc_hosts.go | 2 +- test/e2e/common/node/lease.go | 2 +- test/e2e/common/node/lifecycle_hook.go | 2 +- test/e2e/common/node/node_lease.go | 2 +- test/e2e/common/node/pod_admission.go | 2 +- test/e2e/common/node/pods.go | 2 +- test/e2e/common/node/podtemplates.go | 2 +- test/e2e/common/node/privileged.go | 2 +- test/e2e/common/node/runtime.go | 2 +- test/e2e/common/node/runtimeclass.go | 2 +- test/e2e/common/node/secrets.go | 2 +- test/e2e/common/node/security_context.go | 2 +- test/e2e/common/node/sysctl.go | 2 +- test/e2e/common/storage/configmap_volume.go | 2 +- test/e2e/common/storage/downwardapi.go | 2 +- test/e2e/common/storage/downwardapi_volume.go | 2 +- test/e2e/common/storage/empty_dir.go | 2 +- test/e2e/common/storage/host_path.go | 2 +- test/e2e/common/storage/projected_combined.go | 2 +- .../e2e/common/storage/projected_configmap.go | 2 +- .../common/storage/projected_downwardapi.go | 2 +- test/e2e/common/storage/projected_secret.go | 2 +- test/e2e/common/storage/secrets_volume.go | 2 +- test/e2e/common/storage/volumes.go | 2 +- test/e2e/dra/dra.go | 2 +- test/e2e/instrumentation/core_events.go | 2 +- test/e2e/instrumentation/events.go | 2 +- .../instrumentation/logging/generic_soak.go | 2 +- .../instrumentation/monitoring/accelerator.go | 2 +- .../monitoring/custom_metrics_stackdriver.go | 2 +- .../monitoring/metrics_grabber.go | 2 +- .../instrumentation/monitoring/stackdriver.go | 2 +- .../monitoring/stackdriver_metadata_agent.go | 2 +- test/e2e/kubectl/kubectl.go | 2 +- test/e2e/kubectl/logs.go | 2 +- test/e2e/kubectl/portforward.go | 2 +- .../lifecycle/bootstrap/bootstrap_signer.go | 2 +- .../bootstrap/bootstrap_token_cleaner.go | 2 +- test/e2e/network/conntrack.go | 2 +- test/e2e/network/dns.go | 4 ++-- test/e2e/network/dns_common.go | 2 +- test/e2e/network/dns_scale_records.go | 2 +- test/e2e/network/dual_stack.go | 2 +- test/e2e/network/endpointslice.go | 2 +- test/e2e/network/endpointslicemirroring.go | 2 +- test/e2e/network/example_cluster_dns.go | 2 +- test/e2e/network/firewall.go | 2 +- test/e2e/network/funny_ips.go | 2 +- test/e2e/network/hostport.go | 2 +- test/e2e/network/ingress.go | 4 ++-- test/e2e/network/ingress_scale.go | 2 +- test/e2e/network/ingressclass.go | 4 ++-- test/e2e/network/kube_proxy.go | 2 +- test/e2e/network/loadbalancer.go | 4 ++-- test/e2e/network/netpol/network_legacy.go | 6 +++--- test/e2e/network/netpol/network_policy.go | 6 +++--- test/e2e/network/netpol/network_policy_api.go | 2 +- test/e2e/network/network_tiers.go | 2 +- test/e2e/network/networking.go | 2 +- test/e2e/network/networking_perf.go | 2 +- test/e2e/network/no_snat.go | 2 +- test/e2e/network/pod_lifecycle.go | 2 +- test/e2e/network/proxy.go | 2 +- test/e2e/network/service.go | 2 +- test/e2e/network/service_latency.go | 2 +- test/e2e/network/topology_hints.go | 2 +- test/e2e/node/apparmor.go | 2 +- test/e2e/node/crictl.go | 2 +- test/e2e/node/events.go | 2 +- test/e2e/node/examples.go | 2 +- test/e2e/node/kubelet.go | 2 +- test/e2e/node/kubelet_perf.go | 2 +- test/e2e/node/mount_propagation.go | 2 +- test/e2e/node/node_problem_detector.go | 2 +- test/e2e/node/pod_gc.go | 2 +- test/e2e/node/pods.go | 2 +- test/e2e/node/pre_stop.go | 2 +- test/e2e/node/runtimeclass.go | 2 +- test/e2e/node/security_context.go | 2 +- test/e2e/node/ssh.go | 2 +- test/e2e/node/taints.go | 4 ++-- test/e2e/scheduling/limit_range.go | 2 +- test/e2e/scheduling/nvidia-gpus.go | 4 ++-- test/e2e/scheduling/predicates.go | 2 +- test/e2e/scheduling/preemption.go | 6 +++--- test/e2e/scheduling/priorities.go | 2 +- test/e2e/scheduling/ubernetes_lite.go | 2 +- test/e2e/storage/csi_inline.go | 2 +- .../e2e/storage/csi_mock/csi_attach_volume.go | 2 +- .../e2e/storage/csi_mock/csi_fsgroup_mount.go | 2 +- .../storage/csi_mock/csi_fsgroup_policy.go | 2 +- .../csi_mock/csi_node_stage_error_cases.go | 2 +- .../e2e/storage/csi_mock/csi_selinux_mount.go | 4 ++-- .../csi_mock/csi_service_account_token.go | 2 +- test/e2e/storage/csi_mock/csi_snapshot.go | 2 +- .../storage/csi_mock/csi_storage_capacity.go | 2 +- .../storage/csi_mock/csi_volume_expansion.go | 2 +- test/e2e/storage/csi_mock/csi_volume_limit.go | 2 +- test/e2e/storage/csi_mock/csi_workload.go | 2 +- test/e2e/storage/csistoragecapacity.go | 2 +- test/e2e/storage/detach_mounted.go | 2 +- test/e2e/storage/empty_dir_wrapper.go | 2 +- test/e2e/storage/ephemeral_volume.go | 2 +- test/e2e/storage/flexvolume.go | 2 +- .../flexvolume_mounted_volume_resize.go | 2 +- test/e2e/storage/flexvolume_online_resize.go | 2 +- .../generic_persistent_volume-disruptive.go | 2 +- test/e2e/storage/host_path_type.go | 10 +++++----- test/e2e/storage/local_volume_resize.go | 2 +- test/e2e/storage/mounted_volume_resize.go | 2 +- .../nfs_persistent_volume-disruptive.go | 2 +- .../e2e/storage/non_graceful_node_shutdown.go | 2 +- test/e2e/storage/pd.go | 2 +- test/e2e/storage/persistent_volumes-gce.go | 2 +- test/e2e/storage/persistent_volumes-local.go | 2 +- test/e2e/storage/persistent_volumes.go | 4 ++-- test/e2e/storage/pv_protection.go | 2 +- test/e2e/storage/pvc_protection.go | 2 +- test/e2e/storage/pvc_storageclass.go | 2 +- test/e2e/storage/regional_pd.go | 2 +- test/e2e/storage/static_pods.go | 2 +- test/e2e/storage/subpath.go | 2 +- test/e2e/storage/testsuites/capacity.go | 2 +- test/e2e/storage/testsuites/disruptive.go | 2 +- test/e2e/storage/testsuites/ephemeral.go | 2 +- .../storage/testsuites/fsgroupchangepolicy.go | 2 +- test/e2e/storage/testsuites/multivolume.go | 2 +- test/e2e/storage/testsuites/provisioning.go | 2 +- .../storage/testsuites/readwriteoncepod.go | 2 +- test/e2e/storage/testsuites/snapshottable.go | 2 +- .../testsuites/snapshottable_stress.go | 2 +- test/e2e/storage/testsuites/subpath.go | 2 +- test/e2e/storage/testsuites/topology.go | 2 +- test/e2e/storage/testsuites/volume_expand.go | 2 +- test/e2e/storage/testsuites/volume_io.go | 2 +- test/e2e/storage/testsuites/volume_stress.go | 2 +- test/e2e/storage/testsuites/volumelimits.go | 2 +- test/e2e/storage/testsuites/volumemode.go | 2 +- test/e2e/storage/testsuites/volumeperf.go | 2 +- test/e2e/storage/testsuites/volumes.go | 2 +- test/e2e/storage/ubernetes_lite_volumes.go | 2 +- test/e2e/storage/volume_metrics.go | 2 +- test/e2e/storage/volume_provisioning.go | 2 +- test/e2e/storage/volumes.go | 2 +- .../vsphere/persistent_volumes-vsphere.go | 2 +- test/e2e/storage/vsphere/pv_reclaimpolicy.go | 2 +- .../e2e/storage/vsphere/pvc_label_selector.go | 2 +- test/e2e/storage/vsphere/vsphere_scale.go | 2 +- .../storage/vsphere/vsphere_statefulsets.go | 2 +- test/e2e/storage/vsphere/vsphere_stress.go | 2 +- .../vsphere/vsphere_volume_cluster_ds.go | 2 +- .../vsphere/vsphere_volume_datastore.go | 2 +- .../vsphere/vsphere_volume_diskformat.go | 2 +- .../vsphere/vsphere_volume_disksize.go | 2 +- .../storage/vsphere/vsphere_volume_fstype.go | 2 +- .../vsphere/vsphere_volume_master_restart.go | 2 +- .../vsphere/vsphere_volume_node_delete.go | 2 +- .../vsphere/vsphere_volume_node_poweroff.go | 2 +- .../vsphere/vsphere_volume_ops_storm.go | 2 +- .../storage/vsphere/vsphere_volume_perf.go | 2 +- .../vsphere/vsphere_volume_placement.go | 2 +- .../vsphere/vsphere_volume_vpxd_restart.go | 2 +- .../vsphere/vsphere_volume_vsan_policy.go | 2 +- .../storage/vsphere/vsphere_zone_support.go | 2 +- test/e2e/upgrades/upgrade_suite.go | 2 +- test/e2e/windows/cpu_limits.go | 2 +- test/e2e/windows/density.go | 2 +- test/e2e/windows/device_plugin.go | 2 +- test/e2e/windows/dns.go | 2 +- test/e2e/windows/gmsa_full.go | 2 +- test/e2e/windows/gmsa_kubelet.go | 2 +- test/e2e/windows/host_process.go | 2 +- test/e2e/windows/hybrid_network.go | 2 +- test/e2e/windows/hyperv.go | 2 +- test/e2e/windows/kubelet_stats.go | 4 ++-- test/e2e/windows/memory_limits.go | 2 +- test/e2e/windows/reboot_node.go | 2 +- test/e2e/windows/security_context.go | 2 +- test/e2e/windows/service.go | 2 +- test/e2e/windows/volumes.go | 2 +- test/e2e_kubeadm/bootstrap_signer.go | 2 +- test/e2e_kubeadm/bootstrap_token_test.go | 2 +- test/e2e_kubeadm/cluster_info_test.go | 2 +- test/e2e_kubeadm/controlplane_nodes_test.go | 2 +- test/e2e_kubeadm/dns_addon_test.go | 2 +- test/e2e_kubeadm/kubeadm_certs_test.go | 2 +- test/e2e_kubeadm/kubeadm_config_test.go | 2 +- test/e2e_kubeadm/kubelet_config_test.go | 2 +- test/e2e_kubeadm/networking_test.go | 2 +- test/e2e_kubeadm/nodes_test.go | 2 +- test/e2e_kubeadm/proxy_addon_test.go | 2 +- test/e2e_node/apparmor_test.go | 4 ++-- test/e2e_node/checkpoint_container.go | 2 +- test/e2e_node/container_lifecycle_test.go | 2 +- test/e2e_node/container_log_rotation_test.go | 2 +- test/e2e_node/container_manager_test.go | 2 +- test/e2e_node/cpu_manager_metrics_test.go | 2 +- test/e2e_node/cpu_manager_test.go | 2 +- test/e2e_node/critical_pod_test.go | 2 +- test/e2e_node/deleted_pods_test.go | 2 +- test/e2e_node/density_test.go | 2 +- test/e2e_node/device_manager_test.go | 2 +- test/e2e_node/device_plugin_test.go | 2 +- test/e2e_node/dra_test.go | 2 +- test/e2e_node/eviction_test.go | 20 +++++++++---------- test/e2e_node/garbage_collector_test.go | 2 +- test/e2e_node/hugepages_test.go | 2 +- test/e2e_node/image_id_test.go | 2 +- test/e2e_node/log_path_test.go | 2 +- test/e2e_node/memory_manager_test.go | 2 +- test/e2e_node/mirror_pod_grace_period_test.go | 2 +- test/e2e_node/mirror_pod_test.go | 2 +- test/e2e_node/node_container_manager_test.go | 2 +- test/e2e_node/node_perf_test.go | 2 +- test/e2e_node/node_problem_detector_linux.go | 2 +- test/e2e_node/node_shutdown_linux_test.go | 2 +- test/e2e_node/oomkiller_linux_test.go | 2 +- test/e2e_node/os_label_rename_test.go | 2 +- test/e2e_node/pids_test.go | 2 +- test/e2e_node/pod_conditions_test.go | 2 +- test/e2e_node/pod_hostnamefqdn_test.go | 2 +- test/e2e_node/podresources_test.go | 2 +- test/e2e_node/pods_container_manager_test.go | 2 +- .../pods_lifecycle_termination_test.go | 2 +- test/e2e_node/quota_lsci_test.go | 2 +- test/e2e_node/resource_metrics_test.go | 2 +- test/e2e_node/resource_usage_test.go | 2 +- test/e2e_node/restart_test.go | 2 +- test/e2e_node/runtime_conformance_test.go | 2 +- test/e2e_node/runtimeclass_test.go | 2 +- test/e2e_node/seccompdefault_test.go | 2 +- test/e2e_node/security_context_test.go | 2 +- test/e2e_node/standalone_test.go | 2 +- test/e2e_node/summary_test.go | 2 +- test/e2e_node/system_node_critical_test.go | 2 +- test/e2e_node/terminate_pods_test.go | 2 +- .../e2e_node/topology_manager_metrics_test.go | 2 +- test/e2e_node/topology_manager_test.go | 2 +- test/e2e_node/unknown_pods_test.go | 2 +- test/e2e_node/volume_manager_test.go | 2 +- 315 files changed, 351 insertions(+), 351 deletions(-) diff --git a/test/e2e/apimachinery/aggregator.go b/test/e2e/apimachinery/aggregator.go index 6c36d81b6d0..a1df9b736a4 100644 --- a/test/e2e/apimachinery/aggregator.go +++ b/test/e2e/apimachinery/aggregator.go @@ -69,7 +69,7 @@ var _ = SIGDescribe("Aggregator", func() { var aggrclient *aggregatorclient.Clientset f := framework.NewDefaultFramework("aggregator") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline // We want namespace initialization BeforeEach inserted by // NewDefaultFramework to happen before this, so we put this BeforeEach diff --git a/test/e2e/apimachinery/apiserver_identity.go b/test/e2e/apimachinery/apiserver_identity.go index df672030d24..9a2b0c52be4 100644 --- a/test/e2e/apimachinery/apiserver_identity.go +++ b/test/e2e/apimachinery/apiserver_identity.go @@ -81,7 +81,7 @@ func restartAPIServer(ctx context.Context, node *v1.Node) error { // This test requires that --feature-gates=APIServerIdentity=true be set on the apiserver var _ = SIGDescribe("kube-apiserver identity [Feature:APIServerIdentity]", func() { f := framework.NewDefaultFramework("kube-apiserver-identity") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("kube-apiserver identity should persist after restart [Disruptive]", func(ctx context.Context) { e2eskipper.SkipUnlessProviderIs("gce") diff --git a/test/e2e/apimachinery/apply.go b/test/e2e/apimachinery/apply.go index 86c4d74dd7b..a6bd1d8004c 100644 --- a/test/e2e/apimachinery/apply.go +++ b/test/e2e/apimachinery/apply.go @@ -46,7 +46,7 @@ import ( var _ = SIGDescribe("ServerSideApply", func() { f := framework.NewDefaultFramework("apply") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var client clientset.Interface var ns string diff --git a/test/e2e/apimachinery/chunking.go b/test/e2e/apimachinery/chunking.go index 5630887bbbd..8013d996897 100644 --- a/test/e2e/apimachinery/chunking.go +++ b/test/e2e/apimachinery/chunking.go @@ -46,7 +46,7 @@ const numberOfTotalResources = 400 var _ = SIGDescribe("Servers with support for API chunking", func() { f := framework.NewDefaultFramework("chunking") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { ns := f.Namespace.Name diff --git a/test/e2e/apimachinery/crd_conversion_webhook.go b/test/e2e/apimachinery/crd_conversion_webhook.go index 641760ef971..a579fc59780 100644 --- a/test/e2e/apimachinery/crd_conversion_webhook.go +++ b/test/e2e/apimachinery/crd_conversion_webhook.go @@ -118,7 +118,7 @@ var alternativeAPIVersions = []apiextensionsv1.CustomResourceDefinitionVersion{ var _ = SIGDescribe("CustomResourceConversionWebhook [Privileged:ClusterAdmin]", func() { var certCtx *certContext f := framework.NewDefaultFramework("crd-webhook") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline servicePort := int32(9443) containerPort := int32(9444) diff --git a/test/e2e/apimachinery/crd_publish_openapi.go b/test/e2e/apimachinery/crd_publish_openapi.go index 3bd758febb2..b2d2830106b 100644 --- a/test/e2e/apimachinery/crd_publish_openapi.go +++ b/test/e2e/apimachinery/crd_publish_openapi.go @@ -53,7 +53,7 @@ var ( var _ = SIGDescribe("CustomResourcePublishOpenAPI [Privileged:ClusterAdmin]", func() { f := framework.NewDefaultFramework("crd-publish-openapi") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.16 diff --git a/test/e2e/apimachinery/crd_validation_rules.go b/test/e2e/apimachinery/crd_validation_rules.go index aa83872b593..28a830163bb 100644 --- a/test/e2e/apimachinery/crd_validation_rules.go +++ b/test/e2e/apimachinery/crd_validation_rules.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("CustomResourceValidationRules [Privileged:ClusterAdmin]", func() { f := framework.NewDefaultFramework("crd-validation-expressions") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var apiExtensionClient *clientset.Clientset ginkgo.BeforeEach(func() { diff --git a/test/e2e/apimachinery/crd_watch.go b/test/e2e/apimachinery/crd_watch.go index 9740a1d7046..c439544d36f 100644 --- a/test/e2e/apimachinery/crd_watch.go +++ b/test/e2e/apimachinery/crd_watch.go @@ -39,7 +39,7 @@ import ( var _ = SIGDescribe("CustomResourceDefinition Watch [Privileged:ClusterAdmin]", func() { f := framework.NewDefaultFramework("crd-watch") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("CustomResourceDefinition Watch", func() { /* diff --git a/test/e2e/apimachinery/custom_resource_definition.go b/test/e2e/apimachinery/custom_resource_definition.go index c1922ea21e0..2410a7121e7 100644 --- a/test/e2e/apimachinery/custom_resource_definition.go +++ b/test/e2e/apimachinery/custom_resource_definition.go @@ -45,7 +45,7 @@ import ( var _ = SIGDescribe("CustomResourceDefinition resources [Privileged:ClusterAdmin]", func() { f := framework.NewDefaultFramework("custom-resource-definition") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("Simple CustomResourceDefinition", func() { /* diff --git a/test/e2e/apimachinery/discovery.go b/test/e2e/apimachinery/discovery.go index 72e6807906f..eba0985ccf7 100644 --- a/test/e2e/apimachinery/discovery.go +++ b/test/e2e/apimachinery/discovery.go @@ -39,7 +39,7 @@ import ( var storageVersionServerVersion = utilversion.MustParseSemantic("v1.13.99") var _ = SIGDescribe("Discovery", func() { f := framework.NewDefaultFramework("discovery") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var namespaceName string diff --git a/test/e2e/apimachinery/etcd_failure.go b/test/e2e/apimachinery/etcd_failure.go index 34b961f34a7..bb44cb69d03 100644 --- a/test/e2e/apimachinery/etcd_failure.go +++ b/test/e2e/apimachinery/etcd_failure.go @@ -39,7 +39,7 @@ import ( var _ = SIGDescribe("Etcd failure [Disruptive]", func() { f := framework.NewDefaultFramework("etcd-failure") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { // This test requires: diff --git a/test/e2e/apimachinery/field_validation.go b/test/e2e/apimachinery/field_validation.go index 155d42c9e9c..86bc3bc7274 100644 --- a/test/e2e/apimachinery/field_validation.go +++ b/test/e2e/apimachinery/field_validation.go @@ -39,7 +39,7 @@ import ( var _ = SIGDescribe("FieldValidation", func() { f := framework.NewDefaultFramework("field-validation") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var client clientset.Interface var ns string diff --git a/test/e2e/apimachinery/flowcontrol.go b/test/e2e/apimachinery/flowcontrol.go index 835c7b9ac3f..5a1e42d246d 100644 --- a/test/e2e/apimachinery/flowcontrol.go +++ b/test/e2e/apimachinery/flowcontrol.go @@ -53,7 +53,7 @@ var ( var _ = SIGDescribe("API priority and fairness", func() { f := framework.NewDefaultFramework("apf") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should ensure that requests can be classified by adding FlowSchema and PriorityLevelConfiguration", func(ctx context.Context) { testingFlowSchemaName := "e2e-testing-flowschema" diff --git a/test/e2e/apimachinery/garbage_collector.go b/test/e2e/apimachinery/garbage_collector.go index 11b22e67e3c..0d88f3e0d1c 100644 --- a/test/e2e/apimachinery/garbage_collector.go +++ b/test/e2e/apimachinery/garbage_collector.go @@ -311,7 +311,7 @@ func getUniqLabel(labelkey, labelvalue string) map[string]string { var _ = SIGDescribe("Garbage collector", func() { f := framework.NewDefaultFramework("gc") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/apimachinery/health_handlers.go b/test/e2e/apimachinery/health_handlers.go index 71e7b281f1d..22cdbb72d9f 100644 --- a/test/e2e/apimachinery/health_handlers.go +++ b/test/e2e/apimachinery/health_handlers.go @@ -120,7 +120,7 @@ func testPath(ctx context.Context, client clientset.Interface, path string, requ var _ = SIGDescribe("health handlers", func() { f := framework.NewDefaultFramework("health") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should contain necessary checks", func(ctx context.Context) { ginkgo.By("/health") diff --git a/test/e2e/apimachinery/namespace.go b/test/e2e/apimachinery/namespace.go index 0d0fb9e71fa..8bc52bcedae 100644 --- a/test/e2e/apimachinery/namespace.go +++ b/test/e2e/apimachinery/namespace.go @@ -233,7 +233,7 @@ func ensureServicesAreRemovedWhenNamespaceIsDeleted(ctx context.Context, f *fram var _ = SIGDescribe("Namespaces [Serial]", func() { f := framework.NewDefaultFramework("namespaces") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.11 diff --git a/test/e2e/apimachinery/openapiv3.go b/test/e2e/apimachinery/openapiv3.go index 4fbadd1023f..b26c4cf86df 100644 --- a/test/e2e/apimachinery/openapiv3.go +++ b/test/e2e/apimachinery/openapiv3.go @@ -46,7 +46,7 @@ import ( var _ = SIGDescribe("OpenAPIV3", func() { f := framework.NewDefaultFramework("openapiv3") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release : v1.27 diff --git a/test/e2e/apimachinery/protocol.go b/test/e2e/apimachinery/protocol.go index 5cb0ad5b79a..7a1bdfe124d 100644 --- a/test/e2e/apimachinery/protocol.go +++ b/test/e2e/apimachinery/protocol.go @@ -36,7 +36,7 @@ import ( var _ = SIGDescribe("client-go should negotiate", func() { f := framework.NewDefaultFramework("protocol") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged for _, s := range []string{ "application/json", diff --git a/test/e2e/apimachinery/request_timeout.go b/test/e2e/apimachinery/request_timeout.go index 4a0963d3c6a..b1aec7ad805 100644 --- a/test/e2e/apimachinery/request_timeout.go +++ b/test/e2e/apimachinery/request_timeout.go @@ -34,7 +34,7 @@ const ( var _ = SIGDescribe("Server request timeout", func() { f := framework.NewDefaultFramework("request-timeout") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should return HTTP status code 400 if the user specifies an invalid timeout in the request URL", func(ctx context.Context) { rt := getRoundTripper(f) diff --git a/test/e2e/apimachinery/resource_quota.go b/test/e2e/apimachinery/resource_quota.go index 3f9fab3bddd..a72467cf30d 100644 --- a/test/e2e/apimachinery/resource_quota.go +++ b/test/e2e/apimachinery/resource_quota.go @@ -66,7 +66,7 @@ var extendedResourceName = "example.com/dongle" var _ = SIGDescribe("ResourceQuota", func() { f := framework.NewDefaultFramework("resourcequota") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.16 @@ -1204,7 +1204,7 @@ var _ = SIGDescribe("ResourceQuota", func() { var _ = SIGDescribe("ResourceQuota [Feature:ScopeSelectors]", func() { f := framework.NewDefaultFramework("scope-selectors") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("should verify ResourceQuota with best effort scope using scope-selectors.", func(ctx context.Context) { ginkgo.By("Creating a ResourceQuota with best effort scope") resourceQuotaBestEffort, err := createResourceQuota(ctx, f.ClientSet, f.Namespace.Name, newTestResourceQuotaWithScopeSelector("quota-besteffort", v1.ResourceQuotaScopeBestEffort)) @@ -1385,7 +1385,7 @@ var _ = SIGDescribe("ResourceQuota [Feature:ScopeSelectors]", func() { var _ = SIGDescribe("ResourceQuota [Feature:PodPriority]", func() { f := framework.NewDefaultFramework("resourcequota-priorityclass") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("should verify ResourceQuota's priority class scope (quota set to pod count: 1) against a pod with same priority class.", func(ctx context.Context) { @@ -1727,7 +1727,7 @@ var _ = SIGDescribe("ResourceQuota [Feature:PodPriority]", func() { var _ = SIGDescribe("ResourceQuota", func() { f := framework.NewDefaultFramework("cross-namespace-pod-affinity") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("should verify ResourceQuota with cross namespace pod affinity scope using scope-selectors.", func(ctx context.Context) { ginkgo.By("Creating a ResourceQuota with cross namespace pod affinity scope") quota, err := createResourceQuota( diff --git a/test/e2e/apimachinery/server_version.go b/test/e2e/apimachinery/server_version.go index 9df53bc8ade..e1d5a656888 100644 --- a/test/e2e/apimachinery/server_version.go +++ b/test/e2e/apimachinery/server_version.go @@ -29,7 +29,7 @@ import ( var _ = SIGDescribe("server version", func() { f := framework.NewDefaultFramework("server-version") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.19 diff --git a/test/e2e/apimachinery/storage_version.go b/test/e2e/apimachinery/storage_version.go index ac5343045e1..f4f4ee90b09 100644 --- a/test/e2e/apimachinery/storage_version.go +++ b/test/e2e/apimachinery/storage_version.go @@ -38,7 +38,7 @@ const ( // This test requires that --feature-gates=APIServerIdentity=true,StorageVersionAPI=true be set on the apiserver and the controller manager var _ = SIGDescribe("StorageVersion resources [Feature:StorageVersionAPI]", func() { f := framework.NewDefaultFramework("storage-version") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("storage version with non-existing id should be GC'ed", func(ctx context.Context) { client := f.ClientSet diff --git a/test/e2e/apimachinery/table_conversion.go b/test/e2e/apimachinery/table_conversion.go index 50e2e94b879..07065f66803 100644 --- a/test/e2e/apimachinery/table_conversion.go +++ b/test/e2e/apimachinery/table_conversion.go @@ -44,7 +44,7 @@ var serverPrintVersion = utilversion.MustParseSemantic("v1.10.0") var _ = SIGDescribe("Servers with support for Table transformation", func() { f := framework.NewDefaultFramework("tables") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func() { e2eskipper.SkipUnlessServerVersionGTE(serverPrintVersion, f.ClientSet.Discovery()) diff --git a/test/e2e/apimachinery/validatingadmissionpolicy.go b/test/e2e/apimachinery/validatingadmissionpolicy.go index 2919e29dca1..1edf8936572 100644 --- a/test/e2e/apimachinery/validatingadmissionpolicy.go +++ b/test/e2e/apimachinery/validatingadmissionpolicy.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("ValidatingAdmissionPolicy [Privileged:ClusterAdmin][Alpha][Feature:ValidatingAdmissionPolicy]", func() { f := framework.NewDefaultFramework("validating-admission-policy") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var client clientset.Interface diff --git a/test/e2e/apimachinery/watch.go b/test/e2e/apimachinery/watch.go index 9559eb809d7..735567a3729 100644 --- a/test/e2e/apimachinery/watch.go +++ b/test/e2e/apimachinery/watch.go @@ -48,7 +48,7 @@ const ( var _ = SIGDescribe("Watchers", func() { f := framework.NewDefaultFramework("watch") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.11 diff --git a/test/e2e/apimachinery/webhook.go b/test/e2e/apimachinery/webhook.go index f8cc7c12069..6f00e97e659 100644 --- a/test/e2e/apimachinery/webhook.go +++ b/test/e2e/apimachinery/webhook.go @@ -80,7 +80,7 @@ const ( var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() { var certCtx *certContext f := framework.NewDefaultFramework("webhook") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline servicePort := int32(8443) containerPort := int32(8444) diff --git a/test/e2e/apps/controller_revision.go b/test/e2e/apps/controller_revision.go index bde987f16e8..68331944f5e 100644 --- a/test/e2e/apps/controller_revision.go +++ b/test/e2e/apps/controller_revision.go @@ -82,7 +82,7 @@ var _ = SIGDescribe("ControllerRevision [Serial]", func() { }) f = framework.NewDefaultFramework("controllerrevisions") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline image := WebserverImage dsName := "e2e-" + utilrand.String(5) + "-daemon-set" diff --git a/test/e2e/apps/cronjob.go b/test/e2e/apps/cronjob.go index 04fee84b05c..d677fcc3471 100644 --- a/test/e2e/apps/cronjob.go +++ b/test/e2e/apps/cronjob.go @@ -54,7 +54,7 @@ const ( var _ = SIGDescribe("CronJob", func() { f := framework.NewDefaultFramework("cronjob") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline sleepCommand := []string{"sleep", "300"} diff --git a/test/e2e/apps/daemon_restart.go b/test/e2e/apps/daemon_restart.go index ab8d9e34f7d..9d154553103 100644 --- a/test/e2e/apps/daemon_restart.go +++ b/test/e2e/apps/daemon_restart.go @@ -208,7 +208,7 @@ func getContainerRestarts(ctx context.Context, c clientset.Interface, ns string, var _ = SIGDescribe("DaemonRestart [Disruptive]", func() { f := framework.NewDefaultFramework("daemonrestart") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged rcName := "daemonrestart" + strconv.Itoa(numPods) + "-" + string(uuid.NewUUID()) labelSelector := labels.Set(map[string]string{"name": rcName}).AsSelector() existingPods := cache.NewStore(cache.MetaNamespaceKeyFunc) diff --git a/test/e2e/apps/daemon_set.go b/test/e2e/apps/daemon_set.go index d55e991277a..d8f5b307b38 100644 --- a/test/e2e/apps/daemon_set.go +++ b/test/e2e/apps/daemon_set.go @@ -135,7 +135,7 @@ var _ = SIGDescribe("Daemon set [Serial]", func() { }) f = framework.NewDefaultFramework("daemonsets") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline image := WebserverImage dsName := "daemon-set" diff --git a/test/e2e/apps/deployment.go b/test/e2e/apps/deployment.go index 624b1aa7c4e..ad4d798c3bd 100644 --- a/test/e2e/apps/deployment.go +++ b/test/e2e/apps/deployment.go @@ -86,7 +86,7 @@ var _ = SIGDescribe("Deployment", func() { }) f := framework.NewDefaultFramework("deployment") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func() { c = f.ClientSet diff --git a/test/e2e/apps/disruption.go b/test/e2e/apps/disruption.go index 444e45cd752..b86d145691c 100644 --- a/test/e2e/apps/disruption.go +++ b/test/e2e/apps/disruption.go @@ -64,7 +64,7 @@ var defaultLabels = map[string]string{"foo": "bar"} var _ = SIGDescribe("DisruptionController", func() { f := framework.NewDefaultFramework("disruption") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ns string var cs kubernetes.Interface var dc dynamic.Interface @@ -77,7 +77,7 @@ var _ = SIGDescribe("DisruptionController", func() { ginkgo.Context("Listing PodDisruptionBudgets for all namespaces", func() { anotherFramework := framework.NewDefaultFramework("disruption-2") - anotherFramework.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + anotherFramework.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release : v1.21 diff --git a/test/e2e/apps/job.go b/test/e2e/apps/job.go index cc58dd1c8e9..a35d10e0900 100644 --- a/test/e2e/apps/job.go +++ b/test/e2e/apps/job.go @@ -69,7 +69,7 @@ type watchEventConfig struct { var _ = SIGDescribe("Job", func() { f := framework.NewDefaultFramework("job") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged parallelism := int32(2) completions := int32(4) diff --git a/test/e2e/apps/rc.go b/test/e2e/apps/rc.go index eca6483e7c8..d20e6d709c7 100644 --- a/test/e2e/apps/rc.go +++ b/test/e2e/apps/rc.go @@ -51,7 +51,7 @@ import ( var _ = SIGDescribe("ReplicationController", func() { f := framework.NewDefaultFramework("replication-controller") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var ns string var dc dynamic.Interface diff --git a/test/e2e/apps/replica_set.go b/test/e2e/apps/replica_set.go index 621df0c2d72..007f048681b 100644 --- a/test/e2e/apps/replica_set.go +++ b/test/e2e/apps/replica_set.go @@ -101,7 +101,7 @@ func newPodQuota(name, number string) *v1.ResourceQuota { var _ = SIGDescribe("ReplicaSet", func() { f := framework.NewDefaultFramework("replicaset") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/apps/statefulset.go b/test/e2e/apps/statefulset.go index d14695b6064..7f355f2433e 100644 --- a/test/e2e/apps/statefulset.go +++ b/test/e2e/apps/statefulset.go @@ -95,7 +95,7 @@ var httpProbe = &v1.Probe{ // GCE Api requirements: nodes and master need storage r/w permissions. var _ = SIGDescribe("StatefulSet", func() { f := framework.NewDefaultFramework("statefulset") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ns string var c clientset.Interface diff --git a/test/e2e/apps/ttl_after_finished.go b/test/e2e/apps/ttl_after_finished.go index 7fc97c9de28..864f6a1e9fa 100644 --- a/test/e2e/apps/ttl_after_finished.go +++ b/test/e2e/apps/ttl_after_finished.go @@ -43,7 +43,7 @@ const ( var _ = SIGDescribe("TTLAfterFinished", func() { f := framework.NewDefaultFramework("ttlafterfinished") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("job should be deleted once it finishes after TTL seconds", func(ctx context.Context) { testFinishedJob(ctx, f) diff --git a/test/e2e/architecture/conformance.go b/test/e2e/architecture/conformance.go index 67bc0bacae2..6ad55a13f0e 100644 --- a/test/e2e/architecture/conformance.go +++ b/test/e2e/architecture/conformance.go @@ -29,7 +29,7 @@ import ( var _ = SIGDescribe("Conformance Tests", func() { f := framework.NewDefaultFramework("conformance-tests") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.23 diff --git a/test/e2e/auth/certificates.go b/test/e2e/auth/certificates.go index 8f95f066a5f..36e4259f06b 100644 --- a/test/e2e/auth/certificates.go +++ b/test/e2e/auth/certificates.go @@ -47,7 +47,7 @@ import ( var _ = SIGDescribe("Certificates API [Privileged:ClusterAdmin]", func() { f := framework.NewDefaultFramework("certificates") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.19 diff --git a/test/e2e/auth/node_authn.go b/test/e2e/auth/node_authn.go index 8ac2fc3664d..232d2b0482b 100644 --- a/test/e2e/auth/node_authn.go +++ b/test/e2e/auth/node_authn.go @@ -38,7 +38,7 @@ import ( var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() { f := framework.NewDefaultFramework("node-authn") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var ns string var nodeIPs []string ginkgo.BeforeEach(func(ctx context.Context) { diff --git a/test/e2e/auth/node_authz.go b/test/e2e/auth/node_authz.go index 570d59a092e..2acccc6e170 100644 --- a/test/e2e/auth/node_authz.go +++ b/test/e2e/auth/node_authz.go @@ -43,7 +43,7 @@ const ( var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() { f := framework.NewDefaultFramework("node-authz") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline // client that will impersonate a node var c clientset.Interface var ns string diff --git a/test/e2e/auth/selfsubjectreviews.go b/test/e2e/auth/selfsubjectreviews.go index 993e7304406..c617edd9806 100644 --- a/test/e2e/auth/selfsubjectreviews.go +++ b/test/e2e/auth/selfsubjectreviews.go @@ -35,7 +35,7 @@ import ( var _ = SIGDescribe("SelfSubjectReview", func() { f := framework.NewDefaultFramework("selfsubjectreviews") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.28 diff --git a/test/e2e/auth/service_accounts.go b/test/e2e/auth/service_accounts.go index 78163e9b488..e8ef514bd1b 100644 --- a/test/e2e/auth/service_accounts.go +++ b/test/e2e/auth/service_accounts.go @@ -54,7 +54,7 @@ const rootCAConfigMapName = "kube-root-ca.crt" var _ = SIGDescribe("ServiceAccounts", func() { f := framework.NewDefaultFramework("svcaccounts") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("no secret-based service account token should be auto-generated", func(ctx context.Context) { { diff --git a/test/e2e/autoscaling/autoscaling_timer.go b/test/e2e/autoscaling/autoscaling_timer.go index c07536b0968..be4a0a6dd32 100644 --- a/test/e2e/autoscaling/autoscaling_timer.go +++ b/test/e2e/autoscaling/autoscaling_timer.go @@ -35,7 +35,7 @@ import ( var _ = SIGDescribe("[Feature:ClusterSizeAutoscalingScaleUp] [Slow] Autoscaling", func() { f := framework.NewDefaultFramework("autoscaling") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var experiment *gmeasure.Experiment ginkgo.Describe("Autoscaling a service", func() { diff --git a/test/e2e/autoscaling/cluster_autoscaler_scalability.go b/test/e2e/autoscaling/cluster_autoscaler_scalability.go index 3c30a52b2d1..88676e4377b 100644 --- a/test/e2e/autoscaling/cluster_autoscaler_scalability.go +++ b/test/e2e/autoscaling/cluster_autoscaler_scalability.go @@ -62,7 +62,7 @@ type scaleUpTestConfig struct { var _ = SIGDescribe("Cluster size autoscaler scalability [Slow]", func() { f := framework.NewDefaultFramework("autoscaling") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c clientset.Interface var nodeCount int var coresPerNode int diff --git a/test/e2e/autoscaling/cluster_size_autoscaling.go b/test/e2e/autoscaling/cluster_size_autoscaling.go index 7a9aa45851c..b1fe0db5cd2 100644 --- a/test/e2e/autoscaling/cluster_size_autoscaling.go +++ b/test/e2e/autoscaling/cluster_size_autoscaling.go @@ -95,7 +95,7 @@ const ( var _ = SIGDescribe("Cluster size autoscaling [Slow]", func() { f := framework.NewDefaultFramework("autoscaling") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c clientset.Interface var nodeCount int var memAllocatableMb int diff --git a/test/e2e/autoscaling/custom_metrics_stackdriver_autoscaling.go b/test/e2e/autoscaling/custom_metrics_stackdriver_autoscaling.go index 9accfd7cd0d..6d9d7866a09 100644 --- a/test/e2e/autoscaling/custom_metrics_stackdriver_autoscaling.go +++ b/test/e2e/autoscaling/custom_metrics_stackdriver_autoscaling.go @@ -59,7 +59,7 @@ var _ = SIGDescribe("[HPA] [Feature:CustomMetricsAutoscaling] Horizontal pod aut }) f := framework.NewDefaultFramework("horizontal-pod-autoscaling") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("with Custom Metric of type Pod from Stackdriver", func() { ginkgo.It("should scale down", func(ctx context.Context) { diff --git a/test/e2e/autoscaling/dns_autoscaling.go b/test/e2e/autoscaling/dns_autoscaling.go index a1f33db3de3..98f9945245f 100644 --- a/test/e2e/autoscaling/dns_autoscaling.go +++ b/test/e2e/autoscaling/dns_autoscaling.go @@ -48,7 +48,7 @@ const ( var _ = SIGDescribe("DNS horizontal autoscaling", func() { f := framework.NewDefaultFramework("dns-autoscaling") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c clientset.Interface var previousParams map[string]string var originDNSReplicasCount int diff --git a/test/e2e/autoscaling/horizontal_pod_autoscaling.go b/test/e2e/autoscaling/horizontal_pod_autoscaling.go index af42321fa3a..8de061322ed 100644 --- a/test/e2e/autoscaling/horizontal_pod_autoscaling.go +++ b/test/e2e/autoscaling/horizontal_pod_autoscaling.go @@ -44,7 +44,7 @@ const ( // These tests don't seem to be running properly in parallel: issue: #20338. var _ = SIGDescribe("[Feature:HPA] Horizontal pod autoscaling (scale resource: CPU)", func() { f := framework.NewDefaultFramework("horizontal-pod-autoscaling") - f.NamespacePodSecurityEnforceLevel = api.LevelBaseline + f.NamespacePodSecurityLevel = api.LevelBaseline ginkgo.Describe("[Serial] [Slow] Deployment (Pod Resource)", func() { ginkgo.It(titleUp+titleAverageUtilization, func(ctx context.Context) { @@ -149,7 +149,7 @@ var _ = SIGDescribe("[Feature:HPA] Horizontal pod autoscaling (scale resource: C var _ = SIGDescribe("[Feature:HPA] Horizontal pod autoscaling (scale resource: Memory)", func() { f := framework.NewDefaultFramework("horizontal-pod-autoscaling") - f.NamespacePodSecurityEnforceLevel = api.LevelBaseline + f.NamespacePodSecurityLevel = api.LevelBaseline ginkgo.Describe("[Serial] [Slow] Deployment (Pod Resource)", func() { ginkgo.It(titleUp+titleAverageUtilization, func(ctx context.Context) { diff --git a/test/e2e/autoscaling/horizontal_pod_autoscaling_behavior.go b/test/e2e/autoscaling/horizontal_pod_autoscaling_behavior.go index 06ea2909740..d9468e6482b 100644 --- a/test/e2e/autoscaling/horizontal_pod_autoscaling_behavior.go +++ b/test/e2e/autoscaling/horizontal_pod_autoscaling_behavior.go @@ -31,7 +31,7 @@ import ( var _ = SIGDescribe("[Feature:HPA] [Serial] [Slow] Horizontal pod autoscaling (non-default behavior)", func() { f := framework.NewDefaultFramework("horizontal-pod-autoscaling") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged hpaName := "consumer" diff --git a/test/e2e/cloud/gcp/addon_update.go b/test/e2e/cloud/gcp/addon_update.go index e505ae12789..a1874fee4a7 100644 --- a/test/e2e/cloud/gcp/addon_update.go +++ b/test/e2e/cloud/gcp/addon_update.go @@ -218,7 +218,7 @@ var _ = SIGDescribe("Addon update", func() { var dir string var sshClient *ssh.Client f := framework.NewDefaultFramework("addon-update-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { // This test requires: diff --git a/test/e2e/cloud/gcp/apps/stateful_apps.go b/test/e2e/cloud/gcp/apps/stateful_apps.go index 8d166eb7260..08e736f52ca 100644 --- a/test/e2e/cloud/gcp/apps/stateful_apps.go +++ b/test/e2e/cloud/gcp/apps/stateful_apps.go @@ -38,7 +38,7 @@ var upgradeTests = []upgrades.Test{ var _ = SIGDescribe("stateful Upgrade [Feature:StatefulUpgrade]", func() { f := framework.NewDefaultFramework("stateful-upgrade") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) ginkgo.Describe("stateful upgrade", func() { diff --git a/test/e2e/cloud/gcp/auth/service_account_admission_controller_migration.go b/test/e2e/cloud/gcp/auth/service_account_admission_controller_migration.go index f0b70665cb6..9877bbc96cd 100644 --- a/test/e2e/cloud/gcp/auth/service_account_admission_controller_migration.go +++ b/test/e2e/cloud/gcp/auth/service_account_admission_controller_migration.go @@ -35,7 +35,7 @@ var upgradeTests = []upgrades.Test{ var _ = SIGDescribe("ServiceAccount admission controller migration [Feature:BoundServiceAccountTokenVolume]", func() { f := framework.NewDefaultFramework("serviceaccount-admission-controller-migration") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) ginkgo.Describe("master upgrade", func() { diff --git a/test/e2e/cloud/gcp/cluster_upgrade.go b/test/e2e/cloud/gcp/cluster_upgrade.go index bddfa05759b..9a9caf5b406 100644 --- a/test/e2e/cloud/gcp/cluster_upgrade.go +++ b/test/e2e/cloud/gcp/cluster_upgrade.go @@ -54,7 +54,7 @@ var upgradeTests = []upgrades.Test{ var _ = SIGDescribe("Upgrade [Feature:Upgrade]", func() { f := framework.NewDefaultFramework("cluster-upgrade") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) // Create the frameworks here because we can only create them @@ -93,7 +93,7 @@ var _ = SIGDescribe("Upgrade [Feature:Upgrade]", func() { var _ = SIGDescribe("Downgrade [Feature:Downgrade]", func() { f := framework.NewDefaultFramework("cluster-downgrade") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) ginkgo.Describe("cluster downgrade", func() { diff --git a/test/e2e/cloud/gcp/gke_node_pools.go b/test/e2e/cloud/gcp/gke_node_pools.go index 9706a51131e..cd7dbbd9ced 100644 --- a/test/e2e/cloud/gcp/gke_node_pools.go +++ b/test/e2e/cloud/gcp/gke_node_pools.go @@ -32,7 +32,7 @@ import ( var _ = SIGDescribe("GKE node pools [Feature:GKENodePool]", func() { f := framework.NewDefaultFramework("node-pools") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { e2eskipper.SkipUnlessProviderIs("gke") diff --git a/test/e2e/cloud/gcp/ha_master.go b/test/e2e/cloud/gcp/ha_master.go index 017f1d5da2a..7a8349d7e92 100644 --- a/test/e2e/cloud/gcp/ha_master.go +++ b/test/e2e/cloud/gcp/ha_master.go @@ -162,7 +162,7 @@ func waitForMasters(ctx context.Context, masterPrefix string, c clientset.Interf var _ = SIGDescribe("HA-master [Feature:HAMaster]", func() { f := framework.NewDefaultFramework("ha-master") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c clientset.Interface var ns string var additionalReplicaZones []string diff --git a/test/e2e/cloud/gcp/kubelet_security.go b/test/e2e/cloud/gcp/kubelet_security.go index f106686ad1f..ea66af55f33 100644 --- a/test/e2e/cloud/gcp/kubelet_security.go +++ b/test/e2e/cloud/gcp/kubelet_security.go @@ -35,7 +35,7 @@ import ( var _ = SIGDescribe("Ports Security Check [Feature:KubeletSecurity]", func() { f := framework.NewDefaultFramework("kubelet-security") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var node *v1.Node var nodeName string diff --git a/test/e2e/cloud/gcp/network/kube_proxy_migration.go b/test/e2e/cloud/gcp/network/kube_proxy_migration.go index 5020faccc14..0a7fd727c94 100644 --- a/test/e2e/cloud/gcp/network/kube_proxy_migration.go +++ b/test/e2e/cloud/gcp/network/kube_proxy_migration.go @@ -47,7 +47,7 @@ func kubeProxyDaemonSetExtraEnvs(enableKubeProxyDaemonSet bool) []string { var _ = SIGDescribe("kube-proxy migration [Feature:KubeProxyDaemonSetMigration]", func() { f := framework.NewDefaultFramework("kube-proxy-ds-migration") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged upgradeTestFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) downgradeTestsFrameworks := upgrades.CreateUpgradeFrameworks(downgradeTests) diff --git a/test/e2e/cloud/gcp/node/gpu.go b/test/e2e/cloud/gcp/node/gpu.go index 02c77c98c60..f6e23c29f03 100644 --- a/test/e2e/cloud/gcp/node/gpu.go +++ b/test/e2e/cloud/gcp/node/gpu.go @@ -35,7 +35,7 @@ var upgradeTests = []upgrades.Test{ var _ = SIGDescribe("gpu Upgrade [Feature:GPUUpgrade]", func() { f := framework.NewDefaultFramework("gpu-upgrade") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testFrameworks := upgrades.CreateUpgradeFrameworks(upgradeTests) ginkgo.Describe("master upgrade", func() { diff --git a/test/e2e/cloud/gcp/node_lease.go b/test/e2e/cloud/gcp/node_lease.go index e3e875a68db..6fb061a432c 100644 --- a/test/e2e/cloud/gcp/node_lease.go +++ b/test/e2e/cloud/gcp/node_lease.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("[Disruptive]NodeLease", func() { f := framework.NewDefaultFramework("node-lease-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var systemPodsNo int32 var c clientset.Interface var ns string diff --git a/test/e2e/cloud/gcp/reboot.go b/test/e2e/cloud/gcp/reboot.go index 8541d20ea5a..55fea740c74 100644 --- a/test/e2e/cloud/gcp/reboot.go +++ b/test/e2e/cloud/gcp/reboot.go @@ -92,7 +92,7 @@ var _ = SIGDescribe("Reboot [Disruptive] [Feature:Reboot]", func() { }) f = framework.NewDefaultFramework("reboot") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("each node by ordering clean reboot and ensure they function upon restart", func(ctx context.Context) { // clean shutdown and restart diff --git a/test/e2e/cloud/gcp/recreate_node.go b/test/e2e/cloud/gcp/recreate_node.go index 87bb287107f..bb5fdd05311 100644 --- a/test/e2e/cloud/gcp/recreate_node.go +++ b/test/e2e/cloud/gcp/recreate_node.go @@ -44,7 +44,7 @@ const ( var _ = SIGDescribe("Recreate [Feature:Recreate]", func() { f := framework.NewDefaultFramework("recreate") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var originalNodes []v1.Node var originalPodNames []string var ps *testutils.PodStore diff --git a/test/e2e/cloud/gcp/resize_nodes.go b/test/e2e/cloud/gcp/resize_nodes.go index 034d1876919..3010f300568 100644 --- a/test/e2e/cloud/gcp/resize_nodes.go +++ b/test/e2e/cloud/gcp/resize_nodes.go @@ -46,7 +46,7 @@ func resizeRC(ctx context.Context, c clientset.Interface, ns, name string, repli var _ = SIGDescribe("Nodes [Disruptive]", func() { f := framework.NewDefaultFramework("resize-nodes") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var systemPodsNo int32 var c clientset.Interface var ns string diff --git a/test/e2e/cloud/gcp/restart.go b/test/e2e/cloud/gcp/restart.go index b52fe8c7886..7fd5341b5ba 100644 --- a/test/e2e/cloud/gcp/restart.go +++ b/test/e2e/cloud/gcp/restart.go @@ -45,7 +45,7 @@ func nodeNames(nodes []v1.Node) []string { var _ = SIGDescribe("Restart [Disruptive]", func() { f := framework.NewDefaultFramework("restart") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ps *testutils.PodStore var originalNodes []v1.Node var originalPodNames []string diff --git a/test/e2e/cloud/nodes.go b/test/e2e/cloud/nodes.go index 68da18a6654..27304c619c8 100644 --- a/test/e2e/cloud/nodes.go +++ b/test/e2e/cloud/nodes.go @@ -34,7 +34,7 @@ import ( var _ = SIGDescribe("[Feature:CloudProvider][Disruptive] Nodes", func() { f := framework.NewDefaultFramework("cloudprovider") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c clientset.Interface ginkgo.BeforeEach(func() { diff --git a/test/e2e/common/network/networking.go b/test/e2e/common/network/networking.go index 55d84647115..b175157e55e 100644 --- a/test/e2e/common/network/networking.go +++ b/test/e2e/common/network/networking.go @@ -29,7 +29,7 @@ import ( var _ = SIGDescribe("Networking", func() { f := framework.NewDefaultFramework("pod-network-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("Granular Checks: Pods", func() { diff --git a/test/e2e/common/node/configmap.go b/test/e2e/common/node/configmap.go index d715a2d1de2..6928585a43f 100644 --- a/test/e2e/common/node/configmap.go +++ b/test/e2e/common/node/configmap.go @@ -35,7 +35,7 @@ import ( var _ = SIGDescribe("ConfigMap", func() { f := framework.NewDefaultFramework("configmap") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/node/container_probe.go b/test/e2e/common/node/container_probe.go index c537bf4440e..b8e29995b44 100644 --- a/test/e2e/common/node/container_probe.go +++ b/test/e2e/common/node/container_probe.go @@ -55,7 +55,7 @@ const ( var _ = SIGDescribe("Probing container", func() { f := framework.NewDefaultFramework("container-probe") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var podClient *e2epod.PodClient probe := webserverProbeBuilder{} diff --git a/test/e2e/common/node/containers.go b/test/e2e/common/node/containers.go index 950253346bb..33d54b128c5 100644 --- a/test/e2e/common/node/containers.go +++ b/test/e2e/common/node/containers.go @@ -31,7 +31,7 @@ import ( var _ = SIGDescribe("Containers", func() { f := framework.NewDefaultFramework("containers") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/node/downwardapi.go b/test/e2e/common/node/downwardapi.go index c1fbcf57d4f..83ae5395e43 100644 --- a/test/e2e/common/node/downwardapi.go +++ b/test/e2e/common/node/downwardapi.go @@ -35,7 +35,7 @@ import ( var _ = SIGDescribe("Downward API", func() { f := framework.NewDefaultFramework("downward-api") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.9 @@ -289,7 +289,7 @@ var _ = SIGDescribe("Downward API", func() { var _ = SIGDescribe("Downward API [Serial] [Disruptive] [NodeFeature:DownwardAPIHugePages]", func() { f := framework.NewDefaultFramework("downward-api") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("Downward API tests for hugepages", func() { ginkgo.It("should provide container's limits.hugepages- and requests.hugepages- as env vars", func(ctx context.Context) { diff --git a/test/e2e/common/node/ephemeral_containers.go b/test/e2e/common/node/ephemeral_containers.go index 452600cf1d6..563f84c58bd 100644 --- a/test/e2e/common/node/ephemeral_containers.go +++ b/test/e2e/common/node/ephemeral_containers.go @@ -39,7 +39,7 @@ import ( var _ = SIGDescribe("Ephemeral Containers [NodeConformance]", func() { f := framework.NewDefaultFramework("ephemeral-containers-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { podClient = e2epod.NewPodClient(f) diff --git a/test/e2e/common/node/expansion.go b/test/e2e/common/node/expansion.go index 07e55dfad63..f545164cb05 100644 --- a/test/e2e/common/node/expansion.go +++ b/test/e2e/common/node/expansion.go @@ -37,7 +37,7 @@ import ( // https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/expansion.md var _ = SIGDescribe("Variable Expansion", func() { f := framework.NewDefaultFramework("var-expansion") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/node/image_credential_provider.go b/test/e2e/common/node/image_credential_provider.go index 9e3655fe8a5..662f33819d0 100644 --- a/test/e2e/common/node/image_credential_provider.go +++ b/test/e2e/common/node/image_credential_provider.go @@ -32,7 +32,7 @@ import ( var _ = SIGDescribe("ImageCredentialProvider [Feature:KubeletCredentialProviders]", func() { f := framework.NewDefaultFramework("image-credential-provider") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { diff --git a/test/e2e/common/node/init_container.go b/test/e2e/common/node/init_container.go index 11ebc72a8ef..97809ba8bb3 100644 --- a/test/e2e/common/node/init_container.go +++ b/test/e2e/common/node/init_container.go @@ -161,7 +161,7 @@ func initContainersInvariants(pod *v1.Pod) error { var _ = SIGDescribe("InitContainer [NodeConformance]", func() { f := framework.NewDefaultFramework("init-container") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { podClient = e2epod.NewPodClient(f) diff --git a/test/e2e/common/node/kubelet.go b/test/e2e/common/node/kubelet.go index 818930a1bc1..acc4ef0f467 100644 --- a/test/e2e/common/node/kubelet.go +++ b/test/e2e/common/node/kubelet.go @@ -36,7 +36,7 @@ import ( var _ = SIGDescribe("Kubelet", func() { f := framework.NewDefaultFramework("kubelet-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { podClient = e2epod.NewPodClient(f) diff --git a/test/e2e/common/node/kubelet_etc_hosts.go b/test/e2e/common/node/kubelet_etc_hosts.go index 14ebba369c7..dcdf0e34496 100644 --- a/test/e2e/common/node/kubelet_etc_hosts.go +++ b/test/e2e/common/node/kubelet_etc_hosts.go @@ -47,7 +47,7 @@ type KubeletManagedHostConfig struct { var _ = SIGDescribe("KubeletManagedEtcHosts", func() { f := framework.NewDefaultFramework("e2e-kubelet-etc-hosts") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged config := &KubeletManagedHostConfig{ f: f, } diff --git a/test/e2e/common/node/lease.go b/test/e2e/common/node/lease.go index 4cc3bdc673b..a823258f462 100644 --- a/test/e2e/common/node/lease.go +++ b/test/e2e/common/node/lease.go @@ -54,7 +54,7 @@ func getPatchBytes(oldLease, newLease *coordinationv1.Lease) ([]byte, error) { var _ = SIGDescribe("Lease", func() { f := framework.NewDefaultFramework("lease-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.17 diff --git a/test/e2e/common/node/lifecycle_hook.go b/test/e2e/common/node/lifecycle_hook.go index 57774417066..6390e5ad79a 100644 --- a/test/e2e/common/node/lifecycle_hook.go +++ b/test/e2e/common/node/lifecycle_hook.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("Container Lifecycle Hook", func() { f := framework.NewDefaultFramework("container-lifecycle-hook") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var podClient *e2epod.PodClient const ( podCheckInterval = 1 * time.Second diff --git a/test/e2e/common/node/node_lease.go b/test/e2e/common/node/node_lease.go index 20fe25f26ea..fc1bd312bb6 100644 --- a/test/e2e/common/node/node_lease.go +++ b/test/e2e/common/node/node_lease.go @@ -40,7 +40,7 @@ import ( var _ = SIGDescribe("NodeLease", func() { var nodeName string f := framework.NewDefaultFramework("node-lease-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { node, err := e2enode.GetRandomReadySchedulableNode(ctx, f.ClientSet) diff --git a/test/e2e/common/node/pod_admission.go b/test/e2e/common/node/pod_admission.go index 2129ecee6f8..f8b0e5ceafb 100644 --- a/test/e2e/common/node/pod_admission.go +++ b/test/e2e/common/node/pod_admission.go @@ -34,7 +34,7 @@ import ( var _ = SIGDescribe("PodOSRejection [NodeConformance]", func() { f := framework.NewDefaultFramework("pod-os-rejection") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("Kubelet", func() { ginkgo.It("should reject pod when the node OS doesn't match pod's OS", func(ctx context.Context) { linuxNode, err := findLinuxNode(ctx, f) diff --git a/test/e2e/common/node/pods.go b/test/e2e/common/node/pods.go index f8ac287da5c..c974a8f4c40 100644 --- a/test/e2e/common/node/pods.go +++ b/test/e2e/common/node/pods.go @@ -188,7 +188,7 @@ func expectNoErrorWithRetries(fn func() error, maxRetries int, explain ...interf var _ = SIGDescribe("Pods", func() { f := framework.NewDefaultFramework("pods") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelRestricted + f.NamespacePodSecurityLevel = admissionapi.LevelRestricted var podClient *e2epod.PodClient var dc dynamic.Interface diff --git a/test/e2e/common/node/podtemplates.go b/test/e2e/common/node/podtemplates.go index dd1cd2be6ac..df518827981 100644 --- a/test/e2e/common/node/podtemplates.go +++ b/test/e2e/common/node/podtemplates.go @@ -43,7 +43,7 @@ const ( var _ = SIGDescribe("PodTemplates", func() { f := framework.NewDefaultFramework("podtemplate") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.19 Testname: PodTemplate lifecycle diff --git a/test/e2e/common/node/privileged.go b/test/e2e/common/node/privileged.go index 8212764b2e0..2e979f1c69c 100644 --- a/test/e2e/common/node/privileged.go +++ b/test/e2e/common/node/privileged.go @@ -43,7 +43,7 @@ type PrivilegedPodTestConfig struct { var _ = SIGDescribe("PrivilegedPod [NodeConformance]", func() { f := framework.NewDefaultFramework("e2e-privileged-pod") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged config := &PrivilegedPodTestConfig{ f: f, privilegedPod: "privileged-pod", diff --git a/test/e2e/common/node/runtime.go b/test/e2e/common/node/runtime.go index abce11298de..7083b09527a 100644 --- a/test/e2e/common/node/runtime.go +++ b/test/e2e/common/node/runtime.go @@ -39,7 +39,7 @@ import ( var _ = SIGDescribe("Container Runtime", func() { f := framework.NewDefaultFramework("container-runtime") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Describe("blackbox test", func() { ginkgo.Context("when starting a container that exits", func() { diff --git a/test/e2e/common/node/runtimeclass.go b/test/e2e/common/node/runtimeclass.go index 11e8faab8e1..9996d21817b 100644 --- a/test/e2e/common/node/runtimeclass.go +++ b/test/e2e/common/node/runtimeclass.go @@ -45,7 +45,7 @@ import ( var _ = SIGDescribe("RuntimeClass", func() { f := framework.NewDefaultFramework("runtimeclass") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.20 diff --git a/test/e2e/common/node/secrets.go b/test/e2e/common/node/secrets.go index fdcaf5c38a5..76b51c7c35c 100644 --- a/test/e2e/common/node/secrets.go +++ b/test/e2e/common/node/secrets.go @@ -36,7 +36,7 @@ import ( var _ = SIGDescribe("Secrets", func() { f := framework.NewDefaultFramework("secrets") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/node/security_context.go b/test/e2e/common/node/security_context.go index 4997a96b534..8a15eab60b2 100644 --- a/test/e2e/common/node/security_context.go +++ b/test/e2e/common/node/security_context.go @@ -45,7 +45,7 @@ var ( var _ = SIGDescribe("Security Context", func() { f := framework.NewDefaultFramework("security-context-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { podClient = e2epod.NewPodClient(f) diff --git a/test/e2e/common/node/sysctl.go b/test/e2e/common/node/sysctl.go index f74e891b7bc..bc4c70a5dc3 100644 --- a/test/e2e/common/node/sysctl.go +++ b/test/e2e/common/node/sysctl.go @@ -40,7 +40,7 @@ var _ = SIGDescribe("Sysctls [LinuxOnly] [NodeConformance]", func() { }) f := framework.NewDefaultFramework("sysctl") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var podClient *e2epod.PodClient testPod := func() *v1.Pod { diff --git a/test/e2e/common/storage/configmap_volume.go b/test/e2e/common/storage/configmap_volume.go index ecdd24f736f..9799f3b16f8 100644 --- a/test/e2e/common/storage/configmap_volume.go +++ b/test/e2e/common/storage/configmap_volume.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("ConfigMap", func() { f := framework.NewDefaultFramework("configmap") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/storage/downwardapi.go b/test/e2e/common/storage/downwardapi.go index 0f1616f7eaa..8919615e05c 100644 --- a/test/e2e/common/storage/downwardapi.go +++ b/test/e2e/common/storage/downwardapi.go @@ -34,7 +34,7 @@ import ( var _ = SIGDescribe("Downward API [Serial] [Disruptive] [Feature:EphemeralStorage]", func() { f := framework.NewDefaultFramework("downward-api") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("Downward API tests for local ephemeral storage", func() { ginkgo.It("should provide container's limits.ephemeral-storage and requests.ephemeral-storage as env vars", func(ctx context.Context) { diff --git a/test/e2e/common/storage/downwardapi_volume.go b/test/e2e/common/storage/downwardapi_volume.go index 6537f6e1f35..07c8a2c3b17 100644 --- a/test/e2e/common/storage/downwardapi_volume.go +++ b/test/e2e/common/storage/downwardapi_volume.go @@ -40,7 +40,7 @@ var _ = SIGDescribe("Downward API volume", func() { // How long to wait for a log pod to be displayed const podLogTimeout = 3 * time.Minute f := framework.NewDefaultFramework("downward-api") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { podClient = e2epod.NewPodClient(f) diff --git a/test/e2e/common/storage/empty_dir.go b/test/e2e/common/storage/empty_dir.go index 0989f226380..6696129a2e0 100644 --- a/test/e2e/common/storage/empty_dir.go +++ b/test/e2e/common/storage/empty_dir.go @@ -44,7 +44,7 @@ var ( var _ = SIGDescribe("EmptyDir volumes", func() { f := framework.NewDefaultFramework("emptydir") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("when FSGroup is specified [LinuxOnly] [NodeFeature:FSGroup]", func() { diff --git a/test/e2e/common/storage/host_path.go b/test/e2e/common/storage/host_path.go index e92220f1280..672ef481e3b 100644 --- a/test/e2e/common/storage/host_path.go +++ b/test/e2e/common/storage/host_path.go @@ -36,7 +36,7 @@ import ( // This will require some smart. var _ = SIGDescribe("HostPath", func() { f := framework.NewDefaultFramework("hostpath") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { // TODO permission denied cleanup failures diff --git a/test/e2e/common/storage/projected_combined.go b/test/e2e/common/storage/projected_combined.go index 31246a9af8c..fd977257f21 100644 --- a/test/e2e/common/storage/projected_combined.go +++ b/test/e2e/common/storage/projected_combined.go @@ -33,7 +33,7 @@ import ( var _ = SIGDescribe("Projected combined", func() { f := framework.NewDefaultFramework("projected") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline // Test multiple projections /* diff --git a/test/e2e/common/storage/projected_configmap.go b/test/e2e/common/storage/projected_configmap.go index 63673848c6c..fe48c8f716d 100644 --- a/test/e2e/common/storage/projected_configmap.go +++ b/test/e2e/common/storage/projected_configmap.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("Projected configMap", func() { f := framework.NewDefaultFramework("projected") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/storage/projected_downwardapi.go b/test/e2e/common/storage/projected_downwardapi.go index 3616662ba59..a08bcf76b61 100644 --- a/test/e2e/common/storage/projected_downwardapi.go +++ b/test/e2e/common/storage/projected_downwardapi.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("Projected downwardAPI", func() { f := framework.NewDefaultFramework("projected") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline // How long to wait for a log pod to be displayed const podLogTimeout = 2 * time.Minute diff --git a/test/e2e/common/storage/projected_secret.go b/test/e2e/common/storage/projected_secret.go index be906b25957..7c81ba42b4a 100644 --- a/test/e2e/common/storage/projected_secret.go +++ b/test/e2e/common/storage/projected_secret.go @@ -36,7 +36,7 @@ import ( var _ = SIGDescribe("Projected secret", func() { f := framework.NewDefaultFramework("projected") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/storage/secrets_volume.go b/test/e2e/common/storage/secrets_volume.go index 32e75b8d660..94d55eaa2c4 100644 --- a/test/e2e/common/storage/secrets_volume.go +++ b/test/e2e/common/storage/secrets_volume.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("Secrets", func() { f := framework.NewDefaultFramework("secrets") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/common/storage/volumes.go b/test/e2e/common/storage/volumes.go index 40b7dfdabaa..1581df1051b 100644 --- a/test/e2e/common/storage/volumes.go +++ b/test/e2e/common/storage/volumes.go @@ -55,7 +55,7 @@ import ( // TODO(#99468): Check if these tests are still needed. var _ = SIGDescribe("Volumes", func() { f := framework.NewDefaultFramework("volume") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // note that namespace deletion is handled by delete-namespace flag // filled in BeforeEach diff --git a/test/e2e/dra/dra.go b/test/e2e/dra/dra.go index 59dc3376da3..9af5cefa160 100644 --- a/test/e2e/dra/dra.go +++ b/test/e2e/dra/dra.go @@ -55,7 +55,7 @@ var _ = ginkgo.Describe("[sig-node] DRA [Feature:DynamicResourceAllocation]", fu // The driver containers have to run with sufficient privileges to // modify /var/lib/kubelet/plugins. - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("kubelet", func() { nodes := NewNodes(f, 1, 1) diff --git a/test/e2e/instrumentation/core_events.go b/test/e2e/instrumentation/core_events.go index 31a0c08c812..36e4b82236e 100644 --- a/test/e2e/instrumentation/core_events.go +++ b/test/e2e/instrumentation/core_events.go @@ -41,7 +41,7 @@ const ( var _ = common.SIGDescribe("Events", func() { f := framework.NewDefaultFramework("events") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.25 diff --git a/test/e2e/instrumentation/events.go b/test/e2e/instrumentation/events.go index 2c5d95f8436..749726b0d5f 100644 --- a/test/e2e/instrumentation/events.go +++ b/test/e2e/instrumentation/events.go @@ -76,7 +76,7 @@ func eventExistsInList(ctx context.Context, client typedeventsv1.EventInterface, var _ = common.SIGDescribe("Events API", func() { f := framework.NewDefaultFramework("events") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var coreClient corev1.EventInterface var client typedeventsv1.EventInterface var clientAllNamespaces typedeventsv1.EventInterface diff --git a/test/e2e/instrumentation/logging/generic_soak.go b/test/e2e/instrumentation/logging/generic_soak.go index f7a7c60bc15..b1617ae2397 100644 --- a/test/e2e/instrumentation/logging/generic_soak.go +++ b/test/e2e/instrumentation/logging/generic_soak.go @@ -45,7 +45,7 @@ var _ = e2econfig.AddOptions(&loggingSoak, "instrumentation.logging.soak") var _ = instrumentation.SIGDescribe("Logging soak [Performance] [Slow] [Disruptive]", func() { f := framework.NewDefaultFramework("logging-soak") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Not a global constant (irrelevant outside this test), also not a parameter (if you want more logs, use --scale=). kbRateInSeconds := 1 * time.Second diff --git a/test/e2e/instrumentation/monitoring/accelerator.go b/test/e2e/instrumentation/monitoring/accelerator.go index 0c0358a2eeb..037d76d824c 100644 --- a/test/e2e/instrumentation/monitoring/accelerator.go +++ b/test/e2e/instrumentation/monitoring/accelerator.go @@ -54,7 +54,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() { }) f := framework.NewDefaultFramework("stackdriver-monitoring") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should have accelerator metrics [Feature:StackdriverAcceleratorMonitoring]", func(ctx context.Context) { testStackdriverAcceleratorMonitoring(ctx, f) diff --git a/test/e2e/instrumentation/monitoring/custom_metrics_stackdriver.go b/test/e2e/instrumentation/monitoring/custom_metrics_stackdriver.go index b03dfae881d..b9d3e826ba6 100644 --- a/test/e2e/instrumentation/monitoring/custom_metrics_stackdriver.go +++ b/test/e2e/instrumentation/monitoring/custom_metrics_stackdriver.go @@ -54,7 +54,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() { }) f := framework.NewDefaultFramework("stackdriver-monitoring") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should run Custom Metrics - Stackdriver Adapter for old resource model [Feature:StackdriverCustomMetrics]", func(ctx context.Context) { kubeClient := f.ClientSet diff --git a/test/e2e/instrumentation/monitoring/metrics_grabber.go b/test/e2e/instrumentation/monitoring/metrics_grabber.go index 5540635c53d..742c0f83d5c 100644 --- a/test/e2e/instrumentation/monitoring/metrics_grabber.go +++ b/test/e2e/instrumentation/monitoring/metrics_grabber.go @@ -36,7 +36,7 @@ import ( var _ = instrumentation.SIGDescribe("MetricsGrabber", func() { f := framework.NewDefaultFramework("metrics-grabber") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c, ec clientset.Interface var grabber *e2emetrics.Grabber ginkgo.BeforeEach(func(ctx context.Context) { diff --git a/test/e2e/instrumentation/monitoring/stackdriver.go b/test/e2e/instrumentation/monitoring/stackdriver.go index b2cc0ce7505..7e8f4a9afbc 100644 --- a/test/e2e/instrumentation/monitoring/stackdriver.go +++ b/test/e2e/instrumentation/monitoring/stackdriver.go @@ -66,7 +66,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() { }) f := framework.NewDefaultFramework("stackdriver-monitoring") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should have cluster metrics [Feature:StackdriverMonitoring]", func(ctx context.Context) { testStackdriverMonitoring(ctx, f, 1, 100, 200) diff --git a/test/e2e/instrumentation/monitoring/stackdriver_metadata_agent.go b/test/e2e/instrumentation/monitoring/stackdriver_metadata_agent.go index 339fd20e344..722b9e7faf7 100644 --- a/test/e2e/instrumentation/monitoring/stackdriver_metadata_agent.go +++ b/test/e2e/instrumentation/monitoring/stackdriver_metadata_agent.go @@ -51,7 +51,7 @@ var _ = instrumentation.SIGDescribe("Stackdriver Monitoring", func() { }) f := framework.NewDefaultFramework("stackdriver-monitoring") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var kubeClient clientset.Interface ginkgo.It("should run Stackdriver Metadata Agent [Feature:StackdriverMetadataAgent]", func(ctx context.Context) { diff --git a/test/e2e/kubectl/kubectl.go b/test/e2e/kubectl/kubectl.go index 9f5bf0dc48f..74bc74b05c7 100644 --- a/test/e2e/kubectl/kubectl.go +++ b/test/e2e/kubectl/kubectl.go @@ -257,7 +257,7 @@ func runKubectlRetryOrDie(ns string, args ...string) string { var _ = SIGDescribe("Kubectl client", func() { defer ginkgo.GinkgoRecover() f := framework.NewDefaultFramework("kubectl") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline // Reusable cluster state function. This won't be adversely affected by lazy initialization of framework. clusterState := func() *framework.ClusterVerification { diff --git a/test/e2e/kubectl/logs.go b/test/e2e/kubectl/logs.go index 3db2129d921..f2092ba60c2 100644 --- a/test/e2e/kubectl/logs.go +++ b/test/e2e/kubectl/logs.go @@ -71,7 +71,7 @@ func testingPod(name, value, defaultContainerName string) v1.Pod { var _ = SIGDescribe("Kubectl logs", func() { f := framework.NewDefaultFramework("kubectl-logs") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline defer ginkgo.GinkgoRecover() var c clientset.Interface diff --git a/test/e2e/kubectl/portforward.go b/test/e2e/kubectl/portforward.go index f319db3f6ae..1271fb5d497 100644 --- a/test/e2e/kubectl/portforward.go +++ b/test/e2e/kubectl/portforward.go @@ -449,7 +449,7 @@ func doTestOverWebSockets(ctx context.Context, bindAddress string, f *framework. var _ = SIGDescribe("Kubectl Port forwarding", func() { f := framework.NewDefaultFramework("port-forwarding") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Describe("With a server listening on 0.0.0.0", func() { ginkgo.Describe("that expects a client request", func() { diff --git a/test/e2e/lifecycle/bootstrap/bootstrap_signer.go b/test/e2e/lifecycle/bootstrap/bootstrap_signer.go index 86e6bc84d05..75580bdf27a 100644 --- a/test/e2e/lifecycle/bootstrap/bootstrap_signer.go +++ b/test/e2e/lifecycle/bootstrap/bootstrap_signer.go @@ -42,7 +42,7 @@ var _ = lifecycle.SIGDescribe("[Feature:BootstrapTokens]", func() { var c clientset.Interface f := framework.NewDefaultFramework("bootstrap-signer") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.AfterEach(func(ctx context.Context) { if len(secretNeedClean) > 0 { ginkgo.By("delete the bootstrap token secret") diff --git a/test/e2e/lifecycle/bootstrap/bootstrap_token_cleaner.go b/test/e2e/lifecycle/bootstrap/bootstrap_token_cleaner.go index a397af3c070..96bde949d91 100644 --- a/test/e2e/lifecycle/bootstrap/bootstrap_token_cleaner.go +++ b/test/e2e/lifecycle/bootstrap/bootstrap_token_cleaner.go @@ -36,7 +36,7 @@ var _ = lifecycle.SIGDescribe("[Feature:BootstrapTokens]", func() { var c clientset.Interface f := framework.NewDefaultFramework("bootstrap-token-cleaner") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { c = f.ClientSet diff --git a/test/e2e/network/conntrack.go b/test/e2e/network/conntrack.go index b1961253057..473232b6109 100644 --- a/test/e2e/network/conntrack.go +++ b/test/e2e/network/conntrack.go @@ -68,7 +68,7 @@ const ( var _ = common.SIGDescribe("Conntrack", func() { fr := framework.NewDefaultFramework("conntrack") - fr.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + fr.NamespacePodSecurityLevel = admissionapi.LevelPrivileged type nodeInfo struct { name string diff --git a/test/e2e/network/dns.go b/test/e2e/network/dns.go index 53877629d23..62bcbd78e33 100644 --- a/test/e2e/network/dns.go +++ b/test/e2e/network/dns.go @@ -40,7 +40,7 @@ const dnsTestServiceName = "dns-test-service" var _ = common.SIGDescribe("DNS", func() { f := framework.NewDefaultFramework("dns") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 @@ -600,7 +600,7 @@ var _ = common.SIGDescribe("DNS", func() { var _ = common.SIGDescribe("DNS HostNetwork", func() { f := framework.NewDefaultFramework("hostnetworkdns") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should resolve DNS of partial qualified names for services on hostNetwork pods with dnsPolicy: ClusterFirstWithHostNet [LinuxOnly]", func(ctx context.Context) { // Create a test headless service. diff --git a/test/e2e/network/dns_common.go b/test/e2e/network/dns_common.go index bb815fd2bb4..a2060594964 100644 --- a/test/e2e/network/dns_common.go +++ b/test/e2e/network/dns_common.go @@ -62,7 +62,7 @@ type dnsTestCommon struct { func newDNSTestCommon() dnsTestCommon { framework := framework.NewDefaultFramework("dns-config-map") - framework.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + framework.NamespacePodSecurityLevel = admissionapi.LevelPrivileged return dnsTestCommon{ f: framework, ns: "kube-system", diff --git a/test/e2e/network/dns_scale_records.go b/test/e2e/network/dns_scale_records.go index 3aa1189d1b8..6a35b41a9db 100644 --- a/test/e2e/network/dns_scale_records.go +++ b/test/e2e/network/dns_scale_records.go @@ -44,7 +44,7 @@ const ( var _ = common.SIGDescribe("[Feature:PerformanceDNS][Serial]", func() { f := framework.NewDefaultFramework("performancedns") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { framework.ExpectNoError(e2enode.WaitForAllNodesSchedulable(ctx, f.ClientSet, f.Timeouts.NodeSchedulable)) diff --git a/test/e2e/network/dual_stack.go b/test/e2e/network/dual_stack.go index 0b77c53e745..19b9baf5a36 100644 --- a/test/e2e/network/dual_stack.go +++ b/test/e2e/network/dual_stack.go @@ -46,7 +46,7 @@ import ( // Tests for ipv4-ipv6 dual-stack feature var _ = common.SIGDescribe("[Feature:IPv6DualStack]", func() { f := framework.NewDefaultFramework("dualstack") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface var podClient *e2epod.PodClient diff --git a/test/e2e/network/endpointslice.go b/test/e2e/network/endpointslice.go index 74fd48aa374..460b3180b21 100644 --- a/test/e2e/network/endpointslice.go +++ b/test/e2e/network/endpointslice.go @@ -46,7 +46,7 @@ import ( var _ = common.SIGDescribe("EndpointSlice", func() { f := framework.NewDefaultFramework("endpointslice") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var cs clientset.Interface var podClient *e2epod.PodClient diff --git a/test/e2e/network/endpointslicemirroring.go b/test/e2e/network/endpointslicemirroring.go index 2341a7240b5..bba8a14c5df 100644 --- a/test/e2e/network/endpointslicemirroring.go +++ b/test/e2e/network/endpointslicemirroring.go @@ -36,7 +36,7 @@ import ( var _ = common.SIGDescribe("EndpointSliceMirroring", func() { f := framework.NewDefaultFramework("endpointslicemirroring") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface diff --git a/test/e2e/network/example_cluster_dns.go b/test/e2e/network/example_cluster_dns.go index c305dba91aa..ac604e606f8 100644 --- a/test/e2e/network/example_cluster_dns.go +++ b/test/e2e/network/example_cluster_dns.go @@ -60,7 +60,7 @@ except: var _ = common.SIGDescribe("ClusterDns [Feature:Example]", func() { f := framework.NewDefaultFramework("cluster-dns") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c clientset.Interface ginkgo.BeforeEach(func() { diff --git a/test/e2e/network/firewall.go b/test/e2e/network/firewall.go index 34ae4cb097d..62685092eac 100644 --- a/test/e2e/network/firewall.go +++ b/test/e2e/network/firewall.go @@ -54,7 +54,7 @@ const ( var _ = common.SIGDescribe("Firewall rule", func() { var firewallTestName = "firewall-test" f := framework.NewDefaultFramework(firewallTestName) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface var cloudConfig framework.CloudConfig diff --git a/test/e2e/network/funny_ips.go b/test/e2e/network/funny_ips.go index 8ed032edca2..113f8443a66 100644 --- a/test/e2e/network/funny_ips.go +++ b/test/e2e/network/funny_ips.go @@ -74,7 +74,7 @@ var _ = common.SIGDescribe("CVE-2021-29923", func() { ) f := framework.NewDefaultFramework("funny-ips") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func() { if framework.TestContext.ClusterIsIPv6() { diff --git a/test/e2e/network/hostport.go b/test/e2e/network/hostport.go index b8715910751..22f9033e38c 100644 --- a/test/e2e/network/hostport.go +++ b/test/e2e/network/hostport.go @@ -39,7 +39,7 @@ import ( var _ = common.SIGDescribe("HostPort", func() { f := framework.NewDefaultFramework("hostport") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( cs clientset.Interface diff --git a/test/e2e/network/ingress.go b/test/e2e/network/ingress.go index ea71d2a129d..379e498bb41 100644 --- a/test/e2e/network/ingress.go +++ b/test/e2e/network/ingress.go @@ -59,7 +59,7 @@ var _ = common.SIGDescribe("Loadbalancing: L7", func() { conformanceTests []e2eingress.ConformanceTests ) f := framework.NewDefaultFramework("ingress") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func(ctx context.Context) { jig = e2eingress.NewIngressTestJig(f.ClientSet) @@ -541,7 +541,7 @@ func detectNegAnnotation(ctx context.Context, f *framework.Framework, jig *e2ein var _ = common.SIGDescribe("Ingress API", func() { f := framework.NewDefaultFramework("ingress") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.19 Testname: Ingress API diff --git a/test/e2e/network/ingress_scale.go b/test/e2e/network/ingress_scale.go index 8d7377c8ff2..e67922c128b 100644 --- a/test/e2e/network/ingress_scale.go +++ b/test/e2e/network/ingress_scale.go @@ -34,7 +34,7 @@ var _ = common.SIGDescribe("Loadbalancing: L7 Scalability", func() { ns string ) f := framework.NewDefaultFramework("ingress-scale") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { ns = f.Namespace.Name diff --git a/test/e2e/network/ingressclass.go b/test/e2e/network/ingressclass.go index 5bfeebf5410..bd8115afc28 100644 --- a/test/e2e/network/ingressclass.go +++ b/test/e2e/network/ingressclass.go @@ -39,7 +39,7 @@ import ( var _ = common.SIGDescribe("IngressClass [Feature:Ingress]", func() { f := framework.NewDefaultFramework("ingressclass") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface ginkgo.BeforeEach(func() { cs = f.ClientSet @@ -249,7 +249,7 @@ func deleteIngressClass(ctx context.Context, cs clientset.Interface, name string var _ = common.SIGDescribe("IngressClass API", func() { f := framework.NewDefaultFramework("ingressclass") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface ginkgo.BeforeEach(func() { cs = f.ClientSet diff --git a/test/e2e/network/kube_proxy.go b/test/e2e/network/kube_proxy.go index 5d2ba059586..72a48236a2c 100644 --- a/test/e2e/network/kube_proxy.go +++ b/test/e2e/network/kube_proxy.go @@ -51,7 +51,7 @@ var _ = common.SIGDescribe("KubeProxy", func() { ) fr := framework.NewDefaultFramework("kube-proxy") - fr.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + fr.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should set TCP CLOSE_WAIT timeout [Privileged]", func(ctx context.Context) { nodes, err := e2enode.GetBoundedReadySchedulableNodes(ctx, fr.ClientSet, 2) diff --git a/test/e2e/network/loadbalancer.go b/test/e2e/network/loadbalancer.go index dc4ea3cba73..b5f4105b324 100644 --- a/test/e2e/network/loadbalancer.go +++ b/test/e2e/network/loadbalancer.go @@ -121,7 +121,7 @@ func getReadySchedulableWorkerNode(ctx context.Context, c clientset.Interface) ( var _ = common.SIGDescribe("LoadBalancers", func() { f := framework.NewDefaultFramework("loadbalancers") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface var subnetPrefix *net.IPNet @@ -1301,7 +1301,7 @@ var _ = common.SIGDescribe("LoadBalancers", func() { var _ = common.SIGDescribe("LoadBalancers ESIPP [Slow]", func() { f := framework.NewDefaultFramework("esipp") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var loadBalancerCreateTimeout time.Duration var cs clientset.Interface diff --git a/test/e2e/network/netpol/network_legacy.go b/test/e2e/network/netpol/network_legacy.go index baee0c8c0e1..551bbaf366d 100644 --- a/test/e2e/network/netpol/network_legacy.go +++ b/test/e2e/network/netpol/network_legacy.go @@ -67,7 +67,7 @@ var _ = common.SIGDescribe("NetworkPolicyLegacy [LinuxOnly]", func() { var podServer *v1.Pod var podServerLabelSelector string f := framework.NewDefaultFramework("network-policy") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { // Windows does not support network policies. @@ -1737,7 +1737,7 @@ var _ = common.SIGDescribe("NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly]" var podServer *v1.Pod var podServerLabelSelector string f := framework.NewDefaultFramework("sctp-network-policy") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { // Windows does not support network policies. @@ -2191,7 +2191,7 @@ func cleanupNetworkPolicy(ctx context.Context, f *framework.Framework, policy *n var _ = common.SIGDescribe("NetworkPolicy API", func() { f := framework.NewDefaultFramework("networkpolicies") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.20 Testname: NetworkPolicies API diff --git a/test/e2e/network/netpol/network_policy.go b/test/e2e/network/netpol/network_policy.go index 1822a7364b9..954c52f9150 100644 --- a/test/e2e/network/netpol/network_policy.go +++ b/test/e2e/network/netpol/network_policy.go @@ -111,7 +111,7 @@ and what is happening in practice: var _ = common.SIGDescribe("Netpol", func() { f := framework.NewDefaultFramework("netpol") f.SkipNamespaceCreation = true // we create our own 3 test namespaces, we don't need the default one - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("NetworkPolicy between server and client", func() { var k8s *kubeManager @@ -1247,7 +1247,7 @@ var _ = common.SIGDescribe("Netpol", func() { var _ = common.SIGDescribe("Netpol [LinuxOnly]", func() { f := framework.NewDefaultFramework("udp-network-policy") f.SkipNamespaceCreation = true - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var k8s *kubeManager ginkgo.BeforeEach(func() { // Windows does not support UDP testing via agnhost. @@ -1327,7 +1327,7 @@ var _ = common.SIGDescribe("Netpol [LinuxOnly]", func() { var _ = common.SIGDescribe("Netpol [Feature:SCTPConnectivity][LinuxOnly]", func() { f := framework.NewDefaultFramework("sctp-network-policy") f.SkipNamespaceCreation = true - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var k8s *kubeManager ginkgo.BeforeEach(func() { // Windows does not support network policies. diff --git a/test/e2e/network/netpol/network_policy_api.go b/test/e2e/network/netpol/network_policy_api.go index 8b9c1557bac..9393279d55f 100644 --- a/test/e2e/network/netpol/network_policy_api.go +++ b/test/e2e/network/netpol/network_policy_api.go @@ -36,7 +36,7 @@ import ( var _ = common.SIGDescribe("Netpol API", func() { f := framework.NewDefaultFramework("netpol") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.20 Testname: NetworkPolicies API diff --git a/test/e2e/network/network_tiers.go b/test/e2e/network/network_tiers.go index 13eede1f4a3..350cd4209d5 100644 --- a/test/e2e/network/network_tiers.go +++ b/test/e2e/network/network_tiers.go @@ -42,7 +42,7 @@ import ( var _ = common.SIGDescribe("Services GCE [Slow]", func() { f := framework.NewDefaultFramework("services") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface serviceLBNames := []string{} diff --git a/test/e2e/network/networking.go b/test/e2e/network/networking.go index 9c064608432..1bc1a5290e5 100644 --- a/test/e2e/network/networking.go +++ b/test/e2e/network/networking.go @@ -82,7 +82,7 @@ func checkConnectivityToHost(ctx context.Context, f *framework.Framework, nodeNa var _ = common.SIGDescribe("Networking", func() { var svcname = "nettest" f := framework.NewDefaultFramework(svcname) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should provide Internet connection for containers [Feature:Networking-IPv4]", func(ctx context.Context) { ginkgo.By("Running container which tries to connect to 8.8.8.8") diff --git a/test/e2e/network/networking_perf.go b/test/e2e/network/networking_perf.go index d39707a67b4..3c1fa971813 100644 --- a/test/e2e/network/networking_perf.go +++ b/test/e2e/network/networking_perf.go @@ -140,7 +140,7 @@ func iperf2ClientDaemonSet(ctx context.Context, client clientset.Interface, name var _ = common.SIGDescribe("Networking IPerf2 [Feature:Networking-Performance]", func() { // this test runs iperf2: one pod as a server, and a daemonset of clients f := framework.NewDefaultFramework("network-perf") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("should run iperf2", func(ctx context.Context) { readySchedulableNodes, err := e2enode.GetReadySchedulableNodes(ctx, f.ClientSet) diff --git a/test/e2e/network/no_snat.go b/test/e2e/network/no_snat.go index 613b5c57e3f..54cce37dd0a 100644 --- a/test/e2e/network/no_snat.go +++ b/test/e2e/network/no_snat.go @@ -64,7 +64,7 @@ var ( // We use the [Feature:NoSNAT] tag so that most jobs will skip this test by default. var _ = common.SIGDescribe("NoSNAT [Feature:NoSNAT] [Slow]", func() { f := framework.NewDefaultFramework("no-snat-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("Should be able to send traffic between Pods without SNAT", func(ctx context.Context) { cs := f.ClientSet pc := cs.CoreV1().Pods(f.Namespace.Name) diff --git a/test/e2e/network/pod_lifecycle.go b/test/e2e/network/pod_lifecycle.go index b2051144af8..837caa7b2d9 100644 --- a/test/e2e/network/pod_lifecycle.go +++ b/test/e2e/network/pod_lifecycle.go @@ -35,7 +35,7 @@ import ( var _ = common.SIGDescribe("Connectivity Pod Lifecycle", func() { fr := framework.NewDefaultFramework("podlifecycle") - fr.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + fr.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( cs clientset.Interface diff --git a/test/e2e/network/proxy.go b/test/e2e/network/proxy.go index eddac45c71d..e18abd0e900 100644 --- a/test/e2e/network/proxy.go +++ b/test/e2e/network/proxy.go @@ -76,7 +76,7 @@ var _ = common.SIGDescribe("Proxy", func() { ClientQPS: -1.0, } f := framework.NewFramework("proxy", options, nil) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline prefix := "/api/" + version /* diff --git a/test/e2e/network/service.go b/test/e2e/network/service.go index 475e78d09f5..7d76be39669 100644 --- a/test/e2e/network/service.go +++ b/test/e2e/network/service.go @@ -757,7 +757,7 @@ func getEndpointNodesWithInternalIP(ctx context.Context, jig *e2eservice.TestJig var _ = common.SIGDescribe("Services", func() { f := framework.NewDefaultFramework("services") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface diff --git a/test/e2e/network/service_latency.go b/test/e2e/network/service_latency.go index e80d394e0ee..3464611423d 100644 --- a/test/e2e/network/service_latency.go +++ b/test/e2e/network/service_latency.go @@ -49,7 +49,7 @@ func (d durations) Swap(i, j int) { d[i], d[j] = d[j], d[i] } var _ = common.SIGDescribe("Service endpoints latency", func() { f := framework.NewDefaultFramework("svc-latency") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.9 diff --git a/test/e2e/network/topology_hints.go b/test/e2e/network/topology_hints.go index 1eb3d6e1872..a9f5c5aaa41 100644 --- a/test/e2e/network/topology_hints.go +++ b/test/e2e/network/topology_hints.go @@ -42,7 +42,7 @@ import ( var _ = common.SIGDescribe("[Feature:Topology Hints]", func() { f := framework.NewDefaultFramework("topology-hints") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // filled in BeforeEach var c clientset.Interface diff --git a/test/e2e/node/apparmor.go b/test/e2e/node/apparmor.go index 8ea55ad4334..2d84d7de33a 100644 --- a/test/e2e/node/apparmor.go +++ b/test/e2e/node/apparmor.go @@ -31,7 +31,7 @@ import ( var _ = SIGDescribe("AppArmor", func() { f := framework.NewDefaultFramework("apparmor") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("load AppArmor profiles", func() { ginkgo.BeforeEach(func(ctx context.Context) { diff --git a/test/e2e/node/crictl.go b/test/e2e/node/crictl.go index 022bbe0f873..9988b98e3ae 100644 --- a/test/e2e/node/crictl.go +++ b/test/e2e/node/crictl.go @@ -31,7 +31,7 @@ import ( var _ = SIGDescribe("crictl", func() { f := framework.NewDefaultFramework("crictl") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { // `crictl` is not available on all cloud providers. diff --git a/test/e2e/node/events.go b/test/e2e/node/events.go index d9c0fc35b89..64a85be13b1 100644 --- a/test/e2e/node/events.go +++ b/test/e2e/node/events.go @@ -36,7 +36,7 @@ import ( var _ = SIGDescribe("Events", func() { f := framework.NewDefaultFramework("events") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("should be sent by kubelets and the scheduler about pods scheduling and running ", func(ctx context.Context) { diff --git a/test/e2e/node/examples.go b/test/e2e/node/examples.go index c49c9c80732..f06d09c2936 100644 --- a/test/e2e/node/examples.go +++ b/test/e2e/node/examples.go @@ -47,7 +47,7 @@ const ( var _ = SIGDescribe("[Feature:Example]", func() { f := framework.NewDefaultFramework("examples") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var c clientset.Interface var ns string diff --git a/test/e2e/node/kubelet.go b/test/e2e/node/kubelet.go index 0f46a79ff67..2df436bfd6f 100644 --- a/test/e2e/node/kubelet.go +++ b/test/e2e/node/kubelet.go @@ -272,7 +272,7 @@ var _ = SIGDescribe("kubelet", func() { ns string ) f := framework.NewDefaultFramework("kubelet") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { c = f.ClientSet diff --git a/test/e2e/node/kubelet_perf.go b/test/e2e/node/kubelet_perf.go index cb0ea5ba241..b52053563cf 100644 --- a/test/e2e/node/kubelet_perf.go +++ b/test/e2e/node/kubelet_perf.go @@ -198,7 +198,7 @@ func verifyCPULimits(expected e2ekubelet.ContainersCPUSummary, actual e2ekubelet var _ = SIGDescribe("Kubelet [Serial] [Slow]", func() { var nodeNames sets.String f := framework.NewDefaultFramework("kubelet-perf") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var om *e2ekubelet.RuntimeOperationMonitor var rm *e2ekubelet.ResourceMonitor diff --git a/test/e2e/node/mount_propagation.go b/test/e2e/node/mount_propagation.go index 9acd621ea14..eab24f374ea 100644 --- a/test/e2e/node/mount_propagation.go +++ b/test/e2e/node/mount_propagation.go @@ -82,7 +82,7 @@ func preparePod(name string, node *v1.Node, propagation *v1.MountPropagationMode var _ = SIGDescribe("Mount propagation", func() { f := framework.NewDefaultFramework("mount-propagation") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should propagate mounts within defined scopes", func(ctx context.Context) { // This test runs two pods: master and slave with respective mount diff --git a/test/e2e/node/node_problem_detector.go b/test/e2e/node/node_problem_detector.go index a07449fa267..f95f7d9cae0 100644 --- a/test/e2e/node/node_problem_detector.go +++ b/test/e2e/node/node_problem_detector.go @@ -49,7 +49,7 @@ var _ = SIGDescribe("NodeProblemDetector", func() { maxNodesToProcess = 10 ) f := framework.NewDefaultFramework("node-problem-detector") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { e2eskipper.SkipUnlessSSHKeyPresent() diff --git a/test/e2e/node/pod_gc.go b/test/e2e/node/pod_gc.go index 58bc0d04d4a..3329093a771 100644 --- a/test/e2e/node/pod_gc.go +++ b/test/e2e/node/pod_gc.go @@ -37,7 +37,7 @@ import ( // Slow by design (7 min) var _ = SIGDescribe("Pod garbage collector [Feature:PodGarbageCollector] [Slow]", func() { f := framework.NewDefaultFramework("pod-garbage-collector") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should handle the creation of 1000 pods", func(ctx context.Context) { var count int for count < 1000 { diff --git a/test/e2e/node/pods.go b/test/e2e/node/pods.go index 836340678af..e30c82988c9 100644 --- a/test/e2e/node/pods.go +++ b/test/e2e/node/pods.go @@ -54,7 +54,7 @@ import ( var _ = SIGDescribe("Pods Extended", func() { f := framework.NewDefaultFramework("pods") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Describe("Delete Grace Period", func() { var podClient *e2epod.PodClient diff --git a/test/e2e/node/pre_stop.go b/test/e2e/node/pre_stop.go index bf60d0b4c27..c01510e2ecb 100644 --- a/test/e2e/node/pre_stop.go +++ b/test/e2e/node/pre_stop.go @@ -155,7 +155,7 @@ func testPreStop(ctx context.Context, c clientset.Interface, ns string) { var _ = SIGDescribe("PreStop", func() { f := framework.NewDefaultFramework("prestop") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { podClient = e2epod.NewPodClient(f) diff --git a/test/e2e/node/runtimeclass.go b/test/e2e/node/runtimeclass.go index ac6ef1ceb64..3bdf2df6f29 100644 --- a/test/e2e/node/runtimeclass.go +++ b/test/e2e/node/runtimeclass.go @@ -41,7 +41,7 @@ import ( var _ = SIGDescribe("RuntimeClass", func() { f := framework.NewDefaultFramework("runtimeclass") - f.NamespacePodSecurityEnforceLevel = api.LevelPrivileged + f.NamespacePodSecurityLevel = api.LevelPrivileged ginkgo.It("should reject a Pod requesting a RuntimeClass with conflicting node selector", func(ctx context.Context) { labelFooName := "foo-" + string(uuid.NewUUID()) diff --git a/test/e2e/node/security_context.go b/test/e2e/node/security_context.go index 9e12d1db4bf..f6329842238 100644 --- a/test/e2e/node/security_context.go +++ b/test/e2e/node/security_context.go @@ -67,7 +67,7 @@ func scTestPod(hostIPC bool, hostPID bool) *v1.Pod { var _ = SIGDescribe("Security Context", func() { f := framework.NewDefaultFramework("security-context") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should support pod.Spec.SecurityContext.SupplementalGroups [LinuxOnly]", func(ctx context.Context) { pod := scTestPod(false, false) diff --git a/test/e2e/node/ssh.go b/test/e2e/node/ssh.go index 14d0e6820e5..3c13839d9c3 100644 --- a/test/e2e/node/ssh.go +++ b/test/e2e/node/ssh.go @@ -34,7 +34,7 @@ const maxNodes = 100 var _ = SIGDescribe("SSH", func() { f := framework.NewDefaultFramework("ssh") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { // When adding more providers here, also implement their functionality in e2essh.GetSigner(...). diff --git a/test/e2e/node/taints.go b/test/e2e/node/taints.go index 90964b068cc..8e7416fa320 100644 --- a/test/e2e/node/taints.go +++ b/test/e2e/node/taints.go @@ -165,7 +165,7 @@ var _ = SIGDescribe("NoExecuteTaintManager Single Pod [Serial]", func() { var cs clientset.Interface var ns string f := framework.NewDefaultFramework("taint-single-pod") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func(ctx context.Context) { cs = f.ClientSet @@ -374,7 +374,7 @@ var _ = SIGDescribe("NoExecuteTaintManager Multiple Pods [Serial]", func() { var cs clientset.Interface var ns string f := framework.NewDefaultFramework("taint-multiple-pods") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func(ctx context.Context) { cs = f.ClientSet diff --git a/test/e2e/scheduling/limit_range.go b/test/e2e/scheduling/limit_range.go index e90c8eb3dfd..5cceb80c89a 100644 --- a/test/e2e/scheduling/limit_range.go +++ b/test/e2e/scheduling/limit_range.go @@ -51,7 +51,7 @@ const ( var _ = SIGDescribe("LimitRange", func() { f := framework.NewDefaultFramework("limitrange") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.18 diff --git a/test/e2e/scheduling/nvidia-gpus.go b/test/e2e/scheduling/nvidia-gpus.go index 13f3b66d100..d5ea5b9c575 100644 --- a/test/e2e/scheduling/nvidia-gpus.go +++ b/test/e2e/scheduling/nvidia-gpus.go @@ -223,7 +223,7 @@ func logContainers(ctx context.Context, f *framework.Framework, pod *v1.Pod) { var _ = SIGDescribe("[Feature:GPUDevicePlugin]", func() { f := framework.NewDefaultFramework("device-plugin-gpus") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("run Nvidia GPU Device Plugin tests", func(ctx context.Context) { testNvidiaGPUs(ctx, f) }) @@ -325,7 +325,7 @@ var _ = SIGDescribe("GPUDevicePluginAcrossRecreate [Feature:Recreate]", func() { e2eskipper.SkipUnlessProviderIs("gce", "gke") }) f := framework.NewDefaultFramework("device-plugin-gpus-recreate") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("run Nvidia GPU Device Plugin tests with a recreation", func(ctx context.Context) { testNvidiaGPUsJob(ctx, f) }) diff --git a/test/e2e/scheduling/predicates.go b/test/e2e/scheduling/predicates.go index 5377f84a11b..32f5c211e8f 100644 --- a/test/e2e/scheduling/predicates.go +++ b/test/e2e/scheduling/predicates.go @@ -84,7 +84,7 @@ var _ = SIGDescribe("SchedulerPredicates [Serial]", func() { var RCName string var ns string f := framework.NewDefaultFramework("sched-pred") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.AfterEach(func(ctx context.Context) { rc, err := cs.CoreV1().ReplicationControllers(ns).Get(ctx, RCName, metav1.GetOptions{}) diff --git a/test/e2e/scheduling/preemption.go b/test/e2e/scheduling/preemption.go index 710dad679d2..137198a42b3 100644 --- a/test/e2e/scheduling/preemption.go +++ b/test/e2e/scheduling/preemption.go @@ -69,7 +69,7 @@ var _ = SIGDescribe("SchedulerPreemption [Serial]", func() { var nodeList *v1.NodeList var ns string f := framework.NewDefaultFramework("sched-preemption") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline lowPriority, mediumPriority, highPriority := int32(1), int32(100), int32(1000) lowPriorityClassName := f.BaseName + "-low-priority" @@ -542,7 +542,7 @@ var _ = SIGDescribe("SchedulerPreemption [Serial]", func() { var node *v1.Node var ns, nodeHostNameLabel string f := framework.NewDefaultFramework("sched-preemption-path") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline priorityPairs := make([]priorityPair, 0) @@ -762,7 +762,7 @@ var _ = SIGDescribe("SchedulerPreemption [Serial]", func() { ginkgo.Context("PriorityClass endpoints", func() { var cs clientset.Interface f := framework.NewDefaultFramework("sched-preemption-path") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testUUID := uuid.New().String() var pcs []*schedulingv1.PriorityClass diff --git a/test/e2e/scheduling/priorities.go b/test/e2e/scheduling/priorities.go index c5de0cef53c..63197bc67fa 100644 --- a/test/e2e/scheduling/priorities.go +++ b/test/e2e/scheduling/priorities.go @@ -91,7 +91,7 @@ var _ = SIGDescribe("SchedulerPriorities [Serial]", func() { var systemPodsNo int var ns string f := framework.NewDefaultFramework("sched-priority") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func(ctx context.Context) { cs = f.ClientSet diff --git a/test/e2e/scheduling/ubernetes_lite.go b/test/e2e/scheduling/ubernetes_lite.go index dd26cf25424..0d000a89626 100644 --- a/test/e2e/scheduling/ubernetes_lite.go +++ b/test/e2e/scheduling/ubernetes_lite.go @@ -43,7 +43,7 @@ import ( var _ = SIGDescribe("Multi-AZ Clusters", func() { f := framework.NewDefaultFramework("multi-az") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var zoneCount int var err error var zoneNames sets.Set[string] diff --git a/test/e2e/storage/csi_inline.go b/test/e2e/storage/csi_inline.go index c9244e095ff..4044a407764 100644 --- a/test/e2e/storage/csi_inline.go +++ b/test/e2e/storage/csi_inline.go @@ -39,7 +39,7 @@ import ( var _ = utils.SIGDescribe("CSIInlineVolumes", func() { f := framework.NewDefaultFramework("csiinlinevolumes") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.26 diff --git a/test/e2e/storage/csi_mock/csi_attach_volume.go b/test/e2e/storage/csi_mock/csi_attach_volume.go index 100a8a97f98..3d6de139903 100644 --- a/test/e2e/storage/csi_mock/csi_attach_volume.go +++ b/test/e2e/storage/csi_mock/csi_attach_volume.go @@ -40,7 +40,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock volume attach", func() { // The CSIDriverRegistry feature gate is needed for this test in Kubernetes 1.12. f := framework.NewDefaultFramework("csi-mock-volumes-attach") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("CSI attach test using mock driver", func() { diff --git a/test/e2e/storage/csi_mock/csi_fsgroup_mount.go b/test/e2e/storage/csi_mock/csi_fsgroup_mount.go index 837acf1ff90..7350452c652 100644 --- a/test/e2e/storage/csi_mock/csi_fsgroup_mount.go +++ b/test/e2e/storage/csi_mock/csi_fsgroup_mount.go @@ -31,7 +31,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock fsgroup as mount option", func() { f := framework.NewDefaultFramework("csi-mock-volumes-fsgroup-mount") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("Delegate FSGroup to CSI driver [LinuxOnly]", func() { diff --git a/test/e2e/storage/csi_mock/csi_fsgroup_policy.go b/test/e2e/storage/csi_mock/csi_fsgroup_policy.go index abe61e00797..a7e89b4e323 100644 --- a/test/e2e/storage/csi_mock/csi_fsgroup_policy.go +++ b/test/e2e/storage/csi_mock/csi_fsgroup_policy.go @@ -35,7 +35,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock volume fsgroup policies", func() { f := framework.NewDefaultFramework("csi-mock-volumes-fsgroup-policy") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) // These tests *only* work on a cluster which has the CSIVolumeFSGroupPolicy feature enabled. diff --git a/test/e2e/storage/csi_mock/csi_node_stage_error_cases.go b/test/e2e/storage/csi_mock/csi_node_stage_error_cases.go index d66dca33d4c..36ca8a63a69 100644 --- a/test/e2e/storage/csi_mock/csi_node_stage_error_cases.go +++ b/test/e2e/storage/csi_mock/csi_node_stage_error_cases.go @@ -36,7 +36,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock volume node stage", func() { f := framework.NewDefaultFramework("csi-mock-volumes-node-stage") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("CSI NodeStage error cases [Slow]", func() { diff --git a/test/e2e/storage/csi_mock/csi_selinux_mount.go b/test/e2e/storage/csi_mock/csi_selinux_mount.go index 31c0db3aa9e..c3109db288b 100644 --- a/test/e2e/storage/csi_mock/csi_selinux_mount.go +++ b/test/e2e/storage/csi_mock/csi_selinux_mount.go @@ -42,7 +42,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() { f := framework.NewDefaultFramework("csi-mock-volumes-selinux") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("SELinuxMount [LinuxOnly][Feature:SELinux]", func() { @@ -246,7 +246,7 @@ var _ = utils.SIGDescribe("CSI Mock selinux on mount", func() { var _ = utils.SIGDescribe("CSI Mock selinux on mount metrics", func() { f := framework.NewDefaultFramework("csi-mock-volumes-selinux-metrics") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) // [Serial]: the tests read global kube-controller-manager metrics, so no other test changes them in parallel. diff --git a/test/e2e/storage/csi_mock/csi_service_account_token.go b/test/e2e/storage/csi_mock/csi_service_account_token.go index 60e36fcbeb6..6568d6e7e36 100644 --- a/test/e2e/storage/csi_mock/csi_service_account_token.go +++ b/test/e2e/storage/csi_mock/csi_service_account_token.go @@ -31,7 +31,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock volume service account token", func() { f := framework.NewDefaultFramework("csi-mock-volumes-service-token") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("CSIServiceAccountToken", func() { diff --git a/test/e2e/storage/csi_mock/csi_snapshot.go b/test/e2e/storage/csi_mock/csi_snapshot.go index 2b720a4e4fb..f96c36932ca 100644 --- a/test/e2e/storage/csi_mock/csi_snapshot.go +++ b/test/e2e/storage/csi_mock/csi_snapshot.go @@ -42,7 +42,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock volume snapshot", func() { f := framework.NewDefaultFramework("csi-mock-volumes-snapshot") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("CSI Volume Snapshots [Feature:VolumeSnapshotDataSource]", func() { diff --git a/test/e2e/storage/csi_mock/csi_storage_capacity.go b/test/e2e/storage/csi_mock/csi_storage_capacity.go index 5a171b25198..b9df5eee345 100644 --- a/test/e2e/storage/csi_mock/csi_storage_capacity.go +++ b/test/e2e/storage/csi_mock/csi_storage_capacity.go @@ -43,7 +43,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock volume storage capacity", func() { f := framework.NewDefaultFramework("csi-mock-volumes-capacity") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("storage capacity", func() { diff --git a/test/e2e/storage/csi_mock/csi_volume_expansion.go b/test/e2e/storage/csi_mock/csi_volume_expansion.go index 9673ea75823..2159b2d5f9d 100644 --- a/test/e2e/storage/csi_mock/csi_volume_expansion.go +++ b/test/e2e/storage/csi_mock/csi_volume_expansion.go @@ -69,7 +69,7 @@ type recoveryTest struct { var _ = utils.SIGDescribe("CSI Mock volume expansion", func() { f := framework.NewDefaultFramework("csi-mock-volumes-expansion") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("CSI Volume expansion", func() { diff --git a/test/e2e/storage/csi_mock/csi_volume_limit.go b/test/e2e/storage/csi_mock/csi_volume_limit.go index c88db2e2985..e990faf6536 100644 --- a/test/e2e/storage/csi_mock/csi_volume_limit.go +++ b/test/e2e/storage/csi_mock/csi_volume_limit.go @@ -36,7 +36,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock volume limit", func() { f := framework.NewDefaultFramework("csi-mock-volumes-limit") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("CSI volume limit information using mock driver", func() { diff --git a/test/e2e/storage/csi_mock/csi_workload.go b/test/e2e/storage/csi_mock/csi_workload.go index 443b0d3b424..993196e9daa 100644 --- a/test/e2e/storage/csi_mock/csi_workload.go +++ b/test/e2e/storage/csi_mock/csi_workload.go @@ -30,7 +30,7 @@ import ( var _ = utils.SIGDescribe("CSI Mock workload info", func() { // The CSIDriverRegistry feature gate is needed for this test in Kubernetes 1.12. f := framework.NewDefaultFramework("csi-mock-volumes-workload") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged m := newMockDriverSetup(f) ginkgo.Context("CSI workload information using mock driver", func() { var ( diff --git a/test/e2e/storage/csistoragecapacity.go b/test/e2e/storage/csistoragecapacity.go index 2e352626d50..004b7fb882c 100644 --- a/test/e2e/storage/csistoragecapacity.go +++ b/test/e2e/storage/csistoragecapacity.go @@ -35,7 +35,7 @@ import ( var _ = utils.SIGDescribe("CSIStorageCapacity", func() { f := framework.NewDefaultFramework("csistoragecapacity") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Release: v1.24 diff --git a/test/e2e/storage/detach_mounted.go b/test/e2e/storage/detach_mounted.go index a6d0bc7adc6..a1cb99fa953 100644 --- a/test/e2e/storage/detach_mounted.go +++ b/test/e2e/storage/detach_mounted.go @@ -46,7 +46,7 @@ var ( var _ = utils.SIGDescribe("[Feature:Flexvolumes] Detaching volumes", func() { f := framework.NewDefaultFramework("flexvolume") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // note that namespace deletion is handled by delete-namespace flag diff --git a/test/e2e/storage/empty_dir_wrapper.go b/test/e2e/storage/empty_dir_wrapper.go index 7ff396c6970..4594f59f380 100644 --- a/test/e2e/storage/empty_dir_wrapper.go +++ b/test/e2e/storage/empty_dir_wrapper.go @@ -57,7 +57,7 @@ const ( var _ = utils.SIGDescribe("EmptyDir wrapper volumes", func() { f := framework.NewDefaultFramework("emptydir-wrapper") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.13 diff --git a/test/e2e/storage/ephemeral_volume.go b/test/e2e/storage/ephemeral_volume.go index 72e5bf92e66..b253ca0d111 100644 --- a/test/e2e/storage/ephemeral_volume.go +++ b/test/e2e/storage/ephemeral_volume.go @@ -46,7 +46,7 @@ var _ = utils.SIGDescribe("Ephemeralstorage", func() { ) f := framework.NewDefaultFramework("pv") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func() { c = f.ClientSet diff --git a/test/e2e/storage/flexvolume.go b/test/e2e/storage/flexvolume.go index ce5efba1597..258c2e6f6c2 100644 --- a/test/e2e/storage/flexvolume.go +++ b/test/e2e/storage/flexvolume.go @@ -158,7 +158,7 @@ func getHostFromHostPort(hostPort string) string { var _ = utils.SIGDescribe("Flexvolumes", func() { f := framework.NewDefaultFramework("flexvolume") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline // note that namespace deletion is handled by delete-namespace flag diff --git a/test/e2e/storage/flexvolume_mounted_volume_resize.go b/test/e2e/storage/flexvolume_mounted_volume_resize.go index af31ea5ba2c..9983cb65752 100644 --- a/test/e2e/storage/flexvolume_mounted_volume_resize.go +++ b/test/e2e/storage/flexvolume_mounted_volume_resize.go @@ -61,7 +61,7 @@ var _ = utils.SIGDescribe("[Feature:Flexvolumes] Mounted flexvolume expand[Slow] ) f := framework.NewDefaultFramework("mounted-flexvolume-expand") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { e2eskipper.SkipUnlessProviderIs("aws", "gce", "local") e2eskipper.SkipUnlessMasterOSDistroIs("debian", "ubuntu", "gci", "custom") diff --git a/test/e2e/storage/flexvolume_online_resize.go b/test/e2e/storage/flexvolume_online_resize.go index a7740e2f96b..c51c792d128 100644 --- a/test/e2e/storage/flexvolume_online_resize.go +++ b/test/e2e/storage/flexvolume_online_resize.go @@ -55,7 +55,7 @@ var _ = utils.SIGDescribe("[Feature:Flexvolumes] Mounted flexvolume volume expan ) f := framework.NewDefaultFramework("mounted-flexvolume-expand") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { e2eskipper.SkipUnlessProviderIs("aws", "gce", "local") e2eskipper.SkipUnlessMasterOSDistroIs("debian", "ubuntu", "gci", "custom") diff --git a/test/e2e/storage/generic_persistent_volume-disruptive.go b/test/e2e/storage/generic_persistent_volume-disruptive.go index b7c82a110b7..ad59a38ac74 100644 --- a/test/e2e/storage/generic_persistent_volume-disruptive.go +++ b/test/e2e/storage/generic_persistent_volume-disruptive.go @@ -35,7 +35,7 @@ import ( var _ = utils.SIGDescribe("GenericPersistentVolume[Disruptive]", func() { f := framework.NewDefaultFramework("generic-disruptive-pv") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( c clientset.Interface ns string diff --git a/test/e2e/storage/host_path_type.go b/test/e2e/storage/host_path_type.go index c2e18bff22e..772795fe811 100644 --- a/test/e2e/storage/host_path_type.go +++ b/test/e2e/storage/host_path_type.go @@ -38,7 +38,7 @@ import ( var _ = utils.SIGDescribe("HostPathType Directory [Slow]", func() { f := framework.NewDefaultFramework("host-path-type-directory") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( ns string @@ -105,7 +105,7 @@ var _ = utils.SIGDescribe("HostPathType Directory [Slow]", func() { var _ = utils.SIGDescribe("HostPathType File [Slow]", func() { f := framework.NewDefaultFramework("host-path-type-file") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( ns string @@ -174,7 +174,7 @@ var _ = utils.SIGDescribe("HostPathType File [Slow]", func() { var _ = utils.SIGDescribe("HostPathType Socket [Slow]", func() { f := framework.NewDefaultFramework("host-path-type-socket") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( ns string @@ -240,7 +240,7 @@ var _ = utils.SIGDescribe("HostPathType Socket [Slow]", func() { var _ = utils.SIGDescribe("HostPathType Character Device [Slow]", func() { f := framework.NewDefaultFramework("host-path-type-char-dev") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( ns string @@ -310,7 +310,7 @@ var _ = utils.SIGDescribe("HostPathType Character Device [Slow]", func() { var _ = utils.SIGDescribe("HostPathType Block Device [Slow]", func() { f := framework.NewDefaultFramework("host-path-type-block-dev") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( ns string diff --git a/test/e2e/storage/local_volume_resize.go b/test/e2e/storage/local_volume_resize.go index e4af821facd..9cba04ad026 100644 --- a/test/e2e/storage/local_volume_resize.go +++ b/test/e2e/storage/local_volume_resize.go @@ -45,7 +45,7 @@ const ( var _ = utils.SIGDescribe("PersistentVolumes-expansion ", func() { f := framework.NewDefaultFramework("persistent-local-volumes-expansion") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("loopback local block volume", func() { var ( config *localTestConfig diff --git a/test/e2e/storage/mounted_volume_resize.go b/test/e2e/storage/mounted_volume_resize.go index 3e3aaf875b3..d3ab84efd06 100644 --- a/test/e2e/storage/mounted_volume_resize.go +++ b/test/e2e/storage/mounted_volume_resize.go @@ -57,7 +57,7 @@ var _ = utils.SIGDescribe("Mounted volume expand [Feature:StorageProvider]", fun ) f := framework.NewDefaultFramework("mounted-volume-expand") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { e2eskipper.SkipUnlessProviderIs("aws", "gce") c = f.ClientSet diff --git a/test/e2e/storage/nfs_persistent_volume-disruptive.go b/test/e2e/storage/nfs_persistent_volume-disruptive.go index ea3cc83c425..7c2a812e4e9 100644 --- a/test/e2e/storage/nfs_persistent_volume-disruptive.go +++ b/test/e2e/storage/nfs_persistent_volume-disruptive.go @@ -78,7 +78,7 @@ func checkForControllerManagerHealthy(ctx context.Context, duration time.Duratio var _ = utils.SIGDescribe("NFSPersistentVolumes[Disruptive][Flaky]", func() { f := framework.NewDefaultFramework("disruptive-pv") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( c clientset.Interface ns string diff --git a/test/e2e/storage/non_graceful_node_shutdown.go b/test/e2e/storage/non_graceful_node_shutdown.go index 17704e27366..2563c5d7c92 100644 --- a/test/e2e/storage/non_graceful_node_shutdown.go +++ b/test/e2e/storage/non_graceful_node_shutdown.go @@ -63,7 +63,7 @@ var _ = utils.SIGDescribe("[Feature:NodeOutOfServiceVolumeDetach] [Disruptive] [ ns string ) f := framework.NewDefaultFramework("non-graceful-shutdown") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { c = f.ClientSet diff --git a/test/e2e/storage/pd.go b/test/e2e/storage/pd.go index 208f5963f7a..1f33c98b04b 100644 --- a/test/e2e/storage/pd.go +++ b/test/e2e/storage/pd.go @@ -67,7 +67,7 @@ var _ = utils.SIGDescribe("Pod Disks [Feature:StorageProvider]", func() { nodes *v1.NodeList ) f := framework.NewDefaultFramework("pod-disks") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { e2eskipper.SkipUnlessNodeCountIsAtLeast(minNodes) diff --git a/test/e2e/storage/persistent_volumes-gce.go b/test/e2e/storage/persistent_volumes-gce.go index 8af5609c107..bf90249860d 100644 --- a/test/e2e/storage/persistent_volumes-gce.go +++ b/test/e2e/storage/persistent_volumes-gce.go @@ -75,7 +75,7 @@ var _ = utils.SIGDescribe("PersistentVolumes GCEPD [Feature:StorageProvider]", f ) f := framework.NewDefaultFramework("pv") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { c = f.ClientSet ns = f.Namespace.Name diff --git a/test/e2e/storage/persistent_volumes-local.go b/test/e2e/storage/persistent_volumes-local.go index c59e89c2225..1a40f9fd91f 100644 --- a/test/e2e/storage/persistent_volumes-local.go +++ b/test/e2e/storage/persistent_volumes-local.go @@ -152,7 +152,7 @@ var ( var _ = utils.SIGDescribe("PersistentVolumes-local ", func() { f := framework.NewDefaultFramework("persistent-local-volumes-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( config *localTestConfig diff --git a/test/e2e/storage/persistent_volumes.go b/test/e2e/storage/persistent_volumes.go index 5b6119416b4..a29ed8ef11a 100644 --- a/test/e2e/storage/persistent_volumes.go +++ b/test/e2e/storage/persistent_volumes.go @@ -98,7 +98,7 @@ var _ = utils.SIGDescribe("PersistentVolumes", func() { // global vars for the ginkgo.Context()s and ginkgo.It()'s below f := framework.NewDefaultFramework("pv") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( c clientset.Interface ns string @@ -110,7 +110,7 @@ var _ = utils.SIGDescribe("PersistentVolumes", func() { pvc *v1.PersistentVolumeClaim err error ) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { c = f.ClientSet diff --git a/test/e2e/storage/pv_protection.go b/test/e2e/storage/pv_protection.go index af0ed44251b..295d57a0f50 100644 --- a/test/e2e/storage/pv_protection.go +++ b/test/e2e/storage/pv_protection.go @@ -50,7 +50,7 @@ var _ = utils.SIGDescribe("PV Protection", func() { ) f := framework.NewDefaultFramework("pv-protection") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { client = f.ClientSet nameSpace = f.Namespace.Name diff --git a/test/e2e/storage/pvc_protection.go b/test/e2e/storage/pvc_protection.go index 65bacf8ecc2..88414ec8f98 100644 --- a/test/e2e/storage/pvc_protection.go +++ b/test/e2e/storage/pvc_protection.go @@ -71,7 +71,7 @@ var _ = utils.SIGDescribe("PVC Protection", func() { ) f := framework.NewDefaultFramework("pvc-protection") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func(ctx context.Context) { client = f.ClientSet nameSpace = f.Namespace.Name diff --git a/test/e2e/storage/pvc_storageclass.go b/test/e2e/storage/pvc_storageclass.go index 6345cfb8260..12bd6ab9207 100644 --- a/test/e2e/storage/pvc_storageclass.go +++ b/test/e2e/storage/pvc_storageclass.go @@ -37,7 +37,7 @@ import ( var _ = utils.SIGDescribe("Persistent Volume Claim and StorageClass", func() { f := framework.NewDefaultFramework("pvc-retroactive-storageclass") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var ( client clientset.Interface diff --git a/test/e2e/storage/regional_pd.go b/test/e2e/storage/regional_pd.go index 228a30d2f9b..315b3619f9b 100644 --- a/test/e2e/storage/regional_pd.go +++ b/test/e2e/storage/regional_pd.go @@ -61,7 +61,7 @@ const ( var _ = utils.SIGDescribe("Regional PD", func() { f := framework.NewDefaultFramework("regional-pd") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // filled in BeforeEach var c clientset.Interface diff --git a/test/e2e/storage/static_pods.go b/test/e2e/storage/static_pods.go index 89c6d641134..badc9033dcc 100644 --- a/test/e2e/storage/static_pods.go +++ b/test/e2e/storage/static_pods.go @@ -44,7 +44,7 @@ import ( // to test kubelet starting without the API server. var _ = utils.SIGDescribe("StaticPods [Feature:Kind]", func() { f := framework.NewDefaultFramework("static-pods-csi") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // global vars for the ginkgo.BeforeEach() / It()'s below var ( diff --git a/test/e2e/storage/subpath.go b/test/e2e/storage/subpath.go index 3045384370a..85f42430ba1 100644 --- a/test/e2e/storage/subpath.go +++ b/test/e2e/storage/subpath.go @@ -31,7 +31,7 @@ import ( var _ = utils.SIGDescribe("Subpath", func() { f := framework.NewDefaultFramework("subpath") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("Atomic writer volumes", func() { var err error diff --git a/test/e2e/storage/testsuites/capacity.go b/test/e2e/storage/testsuites/capacity.go index 74c79030552..ca5aa2b8ddf 100644 --- a/test/e2e/storage/testsuites/capacity.go +++ b/test/e2e/storage/testsuites/capacity.go @@ -88,7 +88,7 @@ func (p *capacityTestSuite) DefineTests(driver storageframework.TestDriver, patt // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("capacity", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { dDriver, _ = driver.(storageframework.DynamicPVTestDriver) diff --git a/test/e2e/storage/testsuites/disruptive.go b/test/e2e/storage/testsuites/disruptive.go index c925973826f..518ab45063f 100644 --- a/test/e2e/storage/testsuites/disruptive.go +++ b/test/e2e/storage/testsuites/disruptive.go @@ -90,7 +90,7 @@ func (s *disruptiveTestSuite) DefineTests(driver storageframework.TestDriver, pa // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("disruptive", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context, accessModes []v1.PersistentVolumeAccessMode) { l = local{} diff --git a/test/e2e/storage/testsuites/ephemeral.go b/test/e2e/storage/testsuites/ephemeral.go index 89166bd3b62..eaa7c19895e 100644 --- a/test/e2e/storage/testsuites/ephemeral.go +++ b/test/e2e/storage/testsuites/ephemeral.go @@ -117,7 +117,7 @@ func (p *ephemeralTestSuite) DefineTests(driver storageframework.TestDriver, pat // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("ephemeral", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { if pattern.VolType == storageframework.CSIInlineVolume { diff --git a/test/e2e/storage/testsuites/fsgroupchangepolicy.go b/test/e2e/storage/testsuites/fsgroupchangepolicy.go index 72e621f378b..a8ca90c3288 100644 --- a/test/e2e/storage/testsuites/fsgroupchangepolicy.go +++ b/test/e2e/storage/testsuites/fsgroupchangepolicy.go @@ -106,7 +106,7 @@ func (s *fsGroupChangePolicyTestSuite) DefineTests(driver storageframework.TestD // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("fsgroupchangepolicy", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { e2eskipper.SkipIfNodeOSDistroIs("windows") diff --git a/test/e2e/storage/testsuites/multivolume.go b/test/e2e/storage/testsuites/multivolume.go index eef3d31a549..e820c190742 100644 --- a/test/e2e/storage/testsuites/multivolume.go +++ b/test/e2e/storage/testsuites/multivolume.go @@ -104,7 +104,7 @@ func (t *multiVolumeTestSuite) DefineTests(driver storageframework.TestDriver, p // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("multivolume", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = local{} diff --git a/test/e2e/storage/testsuites/provisioning.go b/test/e2e/storage/testsuites/provisioning.go index 66bf890d2c8..d319c202bd3 100644 --- a/test/e2e/storage/testsuites/provisioning.go +++ b/test/e2e/storage/testsuites/provisioning.go @@ -136,7 +136,7 @@ func (p *provisioningTestSuite) DefineTests(driver storageframework.TestDriver, // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("provisioning", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = local{} diff --git a/test/e2e/storage/testsuites/readwriteoncepod.go b/test/e2e/storage/testsuites/readwriteoncepod.go index cbcd8340784..4e95460a495 100644 --- a/test/e2e/storage/testsuites/readwriteoncepod.go +++ b/test/e2e/storage/testsuites/readwriteoncepod.go @@ -93,7 +93,7 @@ func (t *readWriteOncePodTestSuite) DefineTests(driver storageframework.TestDriv // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("read-write-once-pod", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = readWriteOncePodTest{} diff --git a/test/e2e/storage/testsuites/snapshottable.go b/test/e2e/storage/testsuites/snapshottable.go index 8c1cba0886d..82927428759 100644 --- a/test/e2e/storage/testsuites/snapshottable.go +++ b/test/e2e/storage/testsuites/snapshottable.go @@ -108,7 +108,7 @@ func (s *snapshottableTestSuite) DefineTests(driver storageframework.TestDriver, // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewDefaultFramework("snapshotting") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("volume snapshot controller", func() { var ( diff --git a/test/e2e/storage/testsuites/snapshottable_stress.go b/test/e2e/storage/testsuites/snapshottable_stress.go index ba2986dd37b..a90171c767d 100644 --- a/test/e2e/storage/testsuites/snapshottable_stress.go +++ b/test/e2e/storage/testsuites/snapshottable_stress.go @@ -120,7 +120,7 @@ func (t *snapshottableStressTestSuite) DefineTests(driver storageframework.TestD // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewDefaultFramework("snapshottable-stress") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { driverInfo = driver.GetDriverInfo() diff --git a/test/e2e/storage/testsuites/subpath.go b/test/e2e/storage/testsuites/subpath.go index c8c2b787d81..22d863847d3 100644 --- a/test/e2e/storage/testsuites/subpath.go +++ b/test/e2e/storage/testsuites/subpath.go @@ -117,7 +117,7 @@ func (s *subPathTestSuite) DefineTests(driver storageframework.TestDriver, patte // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("provisioning", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = local{} diff --git a/test/e2e/storage/testsuites/topology.go b/test/e2e/storage/testsuites/topology.go index f045dc63166..097bb21f783 100644 --- a/test/e2e/storage/testsuites/topology.go +++ b/test/e2e/storage/testsuites/topology.go @@ -102,7 +102,7 @@ func (t *topologyTestSuite) DefineTests(driver storageframework.TestDriver, patt // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("topology", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) *topologyTest { dDriver, _ = driver.(storageframework.DynamicPVTestDriver) diff --git a/test/e2e/storage/testsuites/volume_expand.go b/test/e2e/storage/testsuites/volume_expand.go index fad331b9441..e76ac7ba1e1 100644 --- a/test/e2e/storage/testsuites/volume_expand.go +++ b/test/e2e/storage/testsuites/volume_expand.go @@ -114,7 +114,7 @@ func (v *volumeExpandTestSuite) DefineTests(driver storageframework.TestDriver, // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("volume-expand", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = local{} diff --git a/test/e2e/storage/testsuites/volume_io.go b/test/e2e/storage/testsuites/volume_io.go index bc5e7c16ced..e0d0eb5d8f8 100644 --- a/test/e2e/storage/testsuites/volume_io.go +++ b/test/e2e/storage/testsuites/volume_io.go @@ -111,7 +111,7 @@ func (t *volumeIOTestSuite) DefineTests(driver storageframework.TestDriver, patt // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("volumeio", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = local{} diff --git a/test/e2e/storage/testsuites/volume_stress.go b/test/e2e/storage/testsuites/volume_stress.go index c9b0328ec00..82cb7e8631d 100644 --- a/test/e2e/storage/testsuites/volume_stress.go +++ b/test/e2e/storage/testsuites/volume_stress.go @@ -110,7 +110,7 @@ func (t *volumeStressTestSuite) DefineTests(driver storageframework.TestDriver, // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("stress", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { cs = f.ClientSet diff --git a/test/e2e/storage/testsuites/volumelimits.go b/test/e2e/storage/testsuites/volumelimits.go index 6c46e1bdf1b..12a4bfc0c7a 100644 --- a/test/e2e/storage/testsuites/volumelimits.go +++ b/test/e2e/storage/testsuites/volumelimits.go @@ -113,7 +113,7 @@ func (t *volumeLimitsTestSuite) DefineTests(driver storageframework.TestDriver, // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("volumelimits", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // This checks that CSIMaxVolumeLimitChecker works as expected. // A randomly chosen node should be able to handle as many CSI volumes as diff --git a/test/e2e/storage/testsuites/volumemode.go b/test/e2e/storage/testsuites/volumemode.go index 765e2027c54..be43dc4bef8 100644 --- a/test/e2e/storage/testsuites/volumemode.go +++ b/test/e2e/storage/testsuites/volumemode.go @@ -108,7 +108,7 @@ func (t *volumeModeTestSuite) DefineTests(driver storageframework.TestDriver, pa // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("volumemode", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = local{} diff --git a/test/e2e/storage/testsuites/volumeperf.go b/test/e2e/storage/testsuites/volumeperf.go index 81365a3c58b..d152df864ce 100644 --- a/test/e2e/storage/testsuites/volumeperf.go +++ b/test/e2e/storage/testsuites/volumeperf.go @@ -126,7 +126,7 @@ func (t *volumePerformanceTestSuite) DefineTests(driver storageframework.TestDri ClientBurst: 400, } f := framework.NewFramework("volume-lifecycle-performance", frameworkOptions, nil) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.AfterEach(func(ctx context.Context) { if l != nil { diff --git a/test/e2e/storage/testsuites/volumes.go b/test/e2e/storage/testsuites/volumes.go index 131a9f77da0..c8d868d7b00 100644 --- a/test/e2e/storage/testsuites/volumes.go +++ b/test/e2e/storage/testsuites/volumes.go @@ -127,7 +127,7 @@ func (t *volumesTestSuite) DefineTests(driver storageframework.TestDriver, patte // Beware that it also registers an AfterEach which renders f unusable. Any code using // f must run inside an It or Context callback. f := framework.NewFrameworkWithCustomTimeouts("volume", storageframework.GetDriverTimeouts(driver)) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged init := func(ctx context.Context) { l = local{} diff --git a/test/e2e/storage/ubernetes_lite_volumes.go b/test/e2e/storage/ubernetes_lite_volumes.go index 02caf42a25a..56c81bc252e 100644 --- a/test/e2e/storage/ubernetes_lite_volumes.go +++ b/test/e2e/storage/ubernetes_lite_volumes.go @@ -38,7 +38,7 @@ import ( var _ = utils.SIGDescribe("Multi-AZ Cluster Volumes", func() { f := framework.NewDefaultFramework("multi-az") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var zoneCount int var err error image := framework.ServeHostnameImage diff --git a/test/e2e/storage/volume_metrics.go b/test/e2e/storage/volume_metrics.go index e64882f6a06..621ae07f805 100644 --- a/test/e2e/storage/volume_metrics.go +++ b/test/e2e/storage/volume_metrics.go @@ -57,7 +57,7 @@ var _ = utils.SIGDescribe("[Serial] Volume metrics", func() { err error ) f := framework.NewDefaultFramework("pv") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.BeforeEach(func(ctx context.Context) { c = f.ClientSet diff --git a/test/e2e/storage/volume_provisioning.go b/test/e2e/storage/volume_provisioning.go index e589a646684..b15c6d2be08 100644 --- a/test/e2e/storage/volume_provisioning.go +++ b/test/e2e/storage/volume_provisioning.go @@ -73,7 +73,7 @@ func checkGCEPD(volume *v1.PersistentVolume, volumeType string) error { var _ = utils.SIGDescribe("Dynamic Provisioning", func() { f := framework.NewDefaultFramework("volume-provisioning") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // filled in BeforeEach var c clientset.Interface diff --git a/test/e2e/storage/volumes.go b/test/e2e/storage/volumes.go index 40170fe9f21..116952a9814 100644 --- a/test/e2e/storage/volumes.go +++ b/test/e2e/storage/volumes.go @@ -34,7 +34,7 @@ import ( // These tests need privileged containers, which are disabled by default. var _ = utils.SIGDescribe("Volumes", func() { f := framework.NewDefaultFramework("volume") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline // note that namespace deletion is handled by delete-namespace flag // filled inside BeforeEach diff --git a/test/e2e/storage/vsphere/persistent_volumes-vsphere.go b/test/e2e/storage/vsphere/persistent_volumes-vsphere.go index cb7eb9963ee..2c5d51514ff 100644 --- a/test/e2e/storage/vsphere/persistent_volumes-vsphere.go +++ b/test/e2e/storage/vsphere/persistent_volumes-vsphere.go @@ -52,7 +52,7 @@ var _ = utils.SIGDescribe("PersistentVolumes:vsphere [Feature:vsphere]", func() ) f := framework.NewDefaultFramework("pv") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged /* Test Setup diff --git a/test/e2e/storage/vsphere/pv_reclaimpolicy.go b/test/e2e/storage/vsphere/pv_reclaimpolicy.go index 61c066adc66..7755d5424bb 100644 --- a/test/e2e/storage/vsphere/pv_reclaimpolicy.go +++ b/test/e2e/storage/vsphere/pv_reclaimpolicy.go @@ -37,7 +37,7 @@ import ( var _ = utils.SIGDescribe("PersistentVolumes [Feature:vsphere][Feature:ReclaimPolicy]", func() { f := framework.NewDefaultFramework("persistentvolumereclaim") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( c clientset.Interface ns string diff --git a/test/e2e/storage/vsphere/pvc_label_selector.go b/test/e2e/storage/vsphere/pvc_label_selector.go index 8a1e05d80db..a7c1f33fc12 100644 --- a/test/e2e/storage/vsphere/pvc_label_selector.go +++ b/test/e2e/storage/vsphere/pvc_label_selector.go @@ -50,7 +50,7 @@ Test Steps */ var _ = utils.SIGDescribe("PersistentVolumes [Feature:vsphere][Feature:LabelSelector]", func() { f := framework.NewDefaultFramework("pvclabelselector") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( c clientset.Interface ns string diff --git a/test/e2e/storage/vsphere/vsphere_scale.go b/test/e2e/storage/vsphere/vsphere_scale.go index 5ab29b8c2a4..d5e860b6a98 100644 --- a/test/e2e/storage/vsphere/vsphere_scale.go +++ b/test/e2e/storage/vsphere/vsphere_scale.go @@ -58,7 +58,7 @@ type NodeSelector struct { var _ = utils.SIGDescribe("vcp at scale [Feature:vsphere] ", func() { f := framework.NewDefaultFramework("vcp-at-scale") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface diff --git a/test/e2e/storage/vsphere/vsphere_statefulsets.go b/test/e2e/storage/vsphere/vsphere_statefulsets.go index f87f220c930..f1b31797813 100644 --- a/test/e2e/storage/vsphere/vsphere_statefulsets.go +++ b/test/e2e/storage/vsphere/vsphere_statefulsets.go @@ -57,7 +57,7 @@ const ( var _ = utils.SIGDescribe("vsphere statefulset [Feature:vsphere]", func() { f := framework.NewDefaultFramework("vsphere-statefulset") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( namespace string client clientset.Interface diff --git a/test/e2e/storage/vsphere/vsphere_stress.go b/test/e2e/storage/vsphere/vsphere_stress.go index 323bb37515f..4d240d7d0f0 100644 --- a/test/e2e/storage/vsphere/vsphere_stress.go +++ b/test/e2e/storage/vsphere/vsphere_stress.go @@ -48,7 +48,7 @@ The following actions will be performed as part of this test. */ var _ = utils.SIGDescribe("vsphere cloud provider stress [Feature:vsphere]", func() { f := framework.NewDefaultFramework("vcp-stress") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/storage/vsphere/vsphere_volume_cluster_ds.go b/test/e2e/storage/vsphere/vsphere_volume_cluster_ds.go index 87b25c45076..43aebbab2f7 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_cluster_ds.go +++ b/test/e2e/storage/vsphere/vsphere_volume_cluster_ds.go @@ -42,7 +42,7 @@ This test reads env */ var _ = utils.SIGDescribe("Volume Provisioning On Clustered Datastore [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-provision") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface diff --git a/test/e2e/storage/vsphere/vsphere_volume_datastore.go b/test/e2e/storage/vsphere/vsphere_volume_datastore.go index fda2d86db53..467b88a0e95 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_datastore.go +++ b/test/e2e/storage/vsphere/vsphere_volume_datastore.go @@ -52,7 +52,7 @@ const ( var _ = utils.SIGDescribe("Volume Provisioning on Datastore [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-datastore") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/storage/vsphere/vsphere_volume_diskformat.go b/test/e2e/storage/vsphere/vsphere_volume_diskformat.go index 91b626c8b27..45d91e54e6e 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_diskformat.go +++ b/test/e2e/storage/vsphere/vsphere_volume_diskformat.go @@ -58,7 +58,7 @@ import ( var _ = utils.SIGDescribe("Volume Disk Format [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-disk-format") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged const ( NodeLabelKey = "vsphere_e2e_label_volume_diskformat" ) diff --git a/test/e2e/storage/vsphere/vsphere_volume_disksize.go b/test/e2e/storage/vsphere/vsphere_volume_disksize.go index a99b93406cf..13b2ea84173 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_disksize.go +++ b/test/e2e/storage/vsphere/vsphere_volume_disksize.go @@ -47,7 +47,7 @@ const ( var _ = utils.SIGDescribe("Volume Disk Size [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-disksize") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/storage/vsphere/vsphere_volume_fstype.go b/test/e2e/storage/vsphere/vsphere_volume_fstype.go index 04de536496f..5f2a4edd7a5 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_fstype.go +++ b/test/e2e/storage/vsphere/vsphere_volume_fstype.go @@ -70,7 +70,7 @@ const ( var _ = utils.SIGDescribe("Volume FStype [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-fstype") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/storage/vsphere/vsphere_volume_master_restart.go b/test/e2e/storage/vsphere/vsphere_volume_master_restart.go index ec3cf8d23eb..3313de5e4b3 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_master_restart.go +++ b/test/e2e/storage/vsphere/vsphere_volume_master_restart.go @@ -102,7 +102,7 @@ For the number of schedulable nodes, */ var _ = utils.SIGDescribe("Volume Attach Verify [Feature:vsphere][Serial][Disruptive]", func() { f := framework.NewDefaultFramework("restart-master") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged const labelKey = "vsphere_e2e_label" var ( diff --git a/test/e2e/storage/vsphere/vsphere_volume_node_delete.go b/test/e2e/storage/vsphere/vsphere_volume_node_delete.go index 8d6f4567e41..e92de31b2b5 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_node_delete.go +++ b/test/e2e/storage/vsphere/vsphere_volume_node_delete.go @@ -33,7 +33,7 @@ import ( var _ = utils.SIGDescribe("Node Unregister [Feature:vsphere] [Slow] [Disruptive]", func() { f := framework.NewDefaultFramework("node-unregister") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/storage/vsphere/vsphere_volume_node_poweroff.go b/test/e2e/storage/vsphere/vsphere_volume_node_poweroff.go index b505f2aa06d..d216bfe7f1c 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_node_poweroff.go +++ b/test/e2e/storage/vsphere/vsphere_volume_node_poweroff.go @@ -47,7 +47,7 @@ Test to verify volume status after node power off: */ var _ = utils.SIGDescribe("Node Poweroff [Feature:vsphere] [Slow] [Disruptive]", func() { f := framework.NewDefaultFramework("node-poweroff") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/storage/vsphere/vsphere_volume_ops_storm.go b/test/e2e/storage/vsphere/vsphere_volume_ops_storm.go index 7bd5385aea9..148a5277322 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_ops_storm.go +++ b/test/e2e/storage/vsphere/vsphere_volume_ops_storm.go @@ -54,7 +54,7 @@ import ( var _ = utils.SIGDescribe("Volume Operations Storm [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-ops-storm") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged const defaultVolumeOpsScale = 30 var ( client clientset.Interface diff --git a/test/e2e/storage/vsphere/vsphere_volume_perf.go b/test/e2e/storage/vsphere/vsphere_volume_perf.go index 005327dddf0..4c4f4d7c40c 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_perf.go +++ b/test/e2e/storage/vsphere/vsphere_volume_perf.go @@ -57,7 +57,7 @@ const ( var _ = utils.SIGDescribe("vcp-performance [Feature:vsphere]", func() { f := framework.NewDefaultFramework("vcp-performance") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface diff --git a/test/e2e/storage/vsphere/vsphere_volume_placement.go b/test/e2e/storage/vsphere/vsphere_volume_placement.go index f8ee5686d47..2de65f694a1 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_placement.go +++ b/test/e2e/storage/vsphere/vsphere_volume_placement.go @@ -39,7 +39,7 @@ import ( var _ = utils.SIGDescribe("Volume Placement [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-placement") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged const ( NodeLabelKey = "vsphere_e2e_label_volume_placement" ) diff --git a/test/e2e/storage/vsphere/vsphere_volume_vpxd_restart.go b/test/e2e/storage/vsphere/vsphere_volume_vpxd_restart.go index 878b0890487..6015675a398 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_vpxd_restart.go +++ b/test/e2e/storage/vsphere/vsphere_volume_vpxd_restart.go @@ -54,7 +54,7 @@ For the number of schedulable nodes: */ var _ = utils.SIGDescribe("Verify Volume Attach Through vpxd Restart [Feature:vsphere][Serial][Disruptive]", func() { f := framework.NewDefaultFramework("restart-vpxd") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged type node struct { name string diff --git a/test/e2e/storage/vsphere/vsphere_volume_vsan_policy.go b/test/e2e/storage/vsphere/vsphere_volume_vsan_policy.go index 3d3c485923b..a31c36a3a38 100644 --- a/test/e2e/storage/vsphere/vsphere_volume_vsan_policy.go +++ b/test/e2e/storage/vsphere/vsphere_volume_vsan_policy.go @@ -77,7 +77,7 @@ const ( var _ = utils.SIGDescribe("Storage Policy Based Volume Provisioning [Feature:vsphere]", func() { f := framework.NewDefaultFramework("volume-vsan-policy") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/storage/vsphere/vsphere_zone_support.go b/test/e2e/storage/vsphere/vsphere_zone_support.go index 27863631b7b..b7f4bef9fd6 100644 --- a/test/e2e/storage/vsphere/vsphere_zone_support.go +++ b/test/e2e/storage/vsphere/vsphere_zone_support.go @@ -88,7 +88,7 @@ import ( var _ = utils.SIGDescribe("Zone Support [Feature:vsphere]", func() { f := framework.NewDefaultFramework("zone-support") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( client clientset.Interface namespace string diff --git a/test/e2e/upgrades/upgrade_suite.go b/test/e2e/upgrades/upgrade_suite.go index 6692fbdcd08..81de42347e7 100644 --- a/test/e2e/upgrades/upgrade_suite.go +++ b/test/e2e/upgrades/upgrade_suite.go @@ -68,7 +68,7 @@ func CreateUpgradeFrameworks(tests []Test) map[string]*framework.Framework { ns := nsFilter.ReplaceAllString(t.Name(), "-") // and replace with a single hyphen ns = strings.Trim(ns, "-") f := framework.NewDefaultFramework(ns) - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testFrameworks[t.Name()] = f } return testFrameworks diff --git a/test/e2e/windows/cpu_limits.go b/test/e2e/windows/cpu_limits.go index dc1795c90f3..3e7003c4018 100644 --- a/test/e2e/windows/cpu_limits.go +++ b/test/e2e/windows/cpu_limits.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("[Feature:Windows] Cpu Resources [Serial]", func() { f := framework.NewDefaultFramework("cpu-resources-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // The Windows 'BusyBox' image is PowerShell plus a collection of scripts and utilities to mimic common busybox commands powershellImage := imageutils.GetConfig(imageutils.BusyBox) diff --git a/test/e2e/windows/density.go b/test/e2e/windows/density.go index e0ab84ae10f..b344b663e34 100644 --- a/test/e2e/windows/density.go +++ b/test/e2e/windows/density.go @@ -42,7 +42,7 @@ import ( var _ = SIGDescribe("[Feature:Windows] Density [Serial] [Slow]", func() { f := framework.NewDefaultFramework("density-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("create a batch of pods", func() { // TODO(coufon): the values are generous, set more precise limits with benchmark data diff --git a/test/e2e/windows/device_plugin.go b/test/e2e/windows/device_plugin.go index 29ac3ef640b..dfcaa0babb1 100644 --- a/test/e2e/windows/device_plugin.go +++ b/test/e2e/windows/device_plugin.go @@ -41,7 +41,7 @@ const ( var _ = SIGDescribe("[Feature:GPUDevicePlugin] Device Plugin", func() { f := framework.NewDefaultFramework("device-plugin") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface diff --git a/test/e2e/windows/dns.go b/test/e2e/windows/dns.go index 1817934c582..bb2dcaadc3b 100644 --- a/test/e2e/windows/dns.go +++ b/test/e2e/windows/dns.go @@ -38,7 +38,7 @@ var _ = SIGDescribe("[Feature:Windows] DNS", func() { }) f := framework.NewDefaultFramework("dns") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should support configurable pod DNS servers", func(ctx context.Context) { ginkgo.By("Getting the IP address of the internal Kubernetes service") diff --git a/test/e2e/windows/gmsa_full.go b/test/e2e/windows/gmsa_full.go index 636cc24e385..100c0dde0d2 100644 --- a/test/e2e/windows/gmsa_full.go +++ b/test/e2e/windows/gmsa_full.go @@ -92,7 +92,7 @@ const ( var _ = SIGDescribe("[Feature:Windows] GMSA Full [Serial] [Slow]", func() { f := framework.NewDefaultFramework("gmsa-full-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("GMSA support", func() { ginkgo.It("works end to end", func(ctx context.Context) { diff --git a/test/e2e/windows/gmsa_kubelet.go b/test/e2e/windows/gmsa_kubelet.go index 50277d08718..e6fe25c14f6 100644 --- a/test/e2e/windows/gmsa_kubelet.go +++ b/test/e2e/windows/gmsa_kubelet.go @@ -41,7 +41,7 @@ import ( var _ = SIGDescribe("[Feature:Windows] GMSA Kubelet [Slow]", func() { f := framework.NewDefaultFramework("gmsa-kubelet-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("kubelet GMSA support", func() { ginkgo.Context("when creating a pod with correct GMSA credential specs", func() { diff --git a/test/e2e/windows/host_process.go b/test/e2e/windows/host_process.go index cb9eba004ee..2b667847e07 100644 --- a/test/e2e/windows/host_process.go +++ b/test/e2e/windows/host_process.go @@ -91,7 +91,7 @@ var _ = SIGDescribe("[Feature:WindowsHostProcessContainers] [MinimumKubeletVersi }) f := framework.NewDefaultFramework("host-process-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should run as a process on the host/node", func(ctx context.Context) { diff --git a/test/e2e/windows/hybrid_network.go b/test/e2e/windows/hybrid_network.go index 6db7516c3c1..20a3ef6d32a 100644 --- a/test/e2e/windows/hybrid_network.go +++ b/test/e2e/windows/hybrid_network.go @@ -46,7 +46,7 @@ var ( var _ = SIGDescribe("Hybrid cluster network", func() { f := framework.NewDefaultFramework("hybrid-network") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { e2eskipper.SkipUnlessNodeOSDistroIs("windows") diff --git a/test/e2e/windows/hyperv.go b/test/e2e/windows/hyperv.go index 27bfe55e18f..9f370b75ff9 100644 --- a/test/e2e/windows/hyperv.go +++ b/test/e2e/windows/hyperv.go @@ -40,7 +40,7 @@ var _ = SIGDescribe("[Feature:WindowsHyperVContainers] HyperV containers", func( }) f := framework.NewDefaultFramework("windows-hyperv-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should start a hyperv isolated container", func(ctx context.Context) { diff --git a/test/e2e/windows/kubelet_stats.go b/test/e2e/windows/kubelet_stats.go index 7b1c766fd1a..b8ce353bf4b 100644 --- a/test/e2e/windows/kubelet_stats.go +++ b/test/e2e/windows/kubelet_stats.go @@ -38,7 +38,7 @@ import ( var _ = SIGDescribe("[Feature:Windows] Kubelet-Stats [Serial]", func() { f := framework.NewDefaultFramework("kubelet-stats-test-windows-serial") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("Kubelet stats collection for Windows nodes", func() { @@ -115,7 +115,7 @@ var _ = SIGDescribe("[Feature:Windows] Kubelet-Stats [Serial]", func() { }) var _ = SIGDescribe("[Feature:Windows] Kubelet-Stats", func() { f := framework.NewDefaultFramework("kubelet-stats-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("Kubelet stats collection for Windows nodes", func() { diff --git a/test/e2e/windows/memory_limits.go b/test/e2e/windows/memory_limits.go index 7773e79b679..d32a4cfd707 100644 --- a/test/e2e/windows/memory_limits.go +++ b/test/e2e/windows/memory_limits.go @@ -42,7 +42,7 @@ import ( var _ = SIGDescribe("[Feature:Windows] Memory Limits [Serial] [Slow]", func() { f := framework.NewDefaultFramework("memory-limit-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func() { // NOTE(vyta): these tests are Windows specific diff --git a/test/e2e/windows/reboot_node.go b/test/e2e/windows/reboot_node.go index 086383d9800..51226e377de 100644 --- a/test/e2e/windows/reboot_node.go +++ b/test/e2e/windows/reboot_node.go @@ -40,7 +40,7 @@ var _ = SIGDescribe("[Feature:Windows] [Excluded:WindowsDocker] [MinimumKubeletV }) f := framework.NewDefaultFramework("reboot-host-test-windows") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should run as a reboot process on the host/node", func(ctx context.Context) { diff --git a/test/e2e/windows/security_context.go b/test/e2e/windows/security_context.go index 91b4cc38785..14a3a54bd10 100644 --- a/test/e2e/windows/security_context.go +++ b/test/e2e/windows/security_context.go @@ -42,7 +42,7 @@ const runAsUserNameContainerName = "run-as-username-container" var _ = SIGDescribe("[Feature:Windows] SecurityContext", func() { f := framework.NewDefaultFramework("windows-run-as-username") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should be able create pods and run containers with a given username", func(ctx context.Context) { ginkgo.By("Creating 2 pods: 1 with the default user, and one with a custom one.") diff --git a/test/e2e/windows/service.go b/test/e2e/windows/service.go index e207e8b813d..657c2bc516e 100644 --- a/test/e2e/windows/service.go +++ b/test/e2e/windows/service.go @@ -38,7 +38,7 @@ import ( var _ = SIGDescribe("Services", func() { f := framework.NewDefaultFramework("services") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var cs clientset.Interface diff --git a/test/e2e/windows/volumes.go b/test/e2e/windows/volumes.go index 83019b2d978..34e796a25fc 100644 --- a/test/e2e/windows/volumes.go +++ b/test/e2e/windows/volumes.go @@ -46,7 +46,7 @@ var ( var _ = SIGDescribe("[Feature:Windows] Windows volume mounts ", func() { f := framework.NewDefaultFramework("windows-volumes") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( emptyDirSource = v1.VolumeSource{ EmptyDir: &v1.EmptyDirVolumeSource{ diff --git a/test/e2e_kubeadm/bootstrap_signer.go b/test/e2e_kubeadm/bootstrap_signer.go index 25e8325264f..c8b411723c5 100644 --- a/test/e2e_kubeadm/bootstrap_signer.go +++ b/test/e2e_kubeadm/bootstrap_signer.go @@ -35,7 +35,7 @@ var _ = Describe("bootstrap signer", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("bootstrap token") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/bootstrap_token_test.go b/test/e2e_kubeadm/bootstrap_token_test.go index ae2137128fd..32325737c00 100644 --- a/test/e2e_kubeadm/bootstrap_token_test.go +++ b/test/e2e_kubeadm/bootstrap_token_test.go @@ -45,7 +45,7 @@ var _ = Describe("bootstrap token", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("bootstrap token") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/cluster_info_test.go b/test/e2e_kubeadm/cluster_info_test.go index 52fcfbcc92b..4d5a0841e90 100644 --- a/test/e2e_kubeadm/cluster_info_test.go +++ b/test/e2e_kubeadm/cluster_info_test.go @@ -51,7 +51,7 @@ var _ = Describe("cluster-info ConfigMap", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("cluster-info") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/controlplane_nodes_test.go b/test/e2e_kubeadm/controlplane_nodes_test.go index 8eec9a12bbd..28f1cd0dca0 100644 --- a/test/e2e_kubeadm/controlplane_nodes_test.go +++ b/test/e2e_kubeadm/controlplane_nodes_test.go @@ -41,7 +41,7 @@ var _ = Describe("control-plane node", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("control-plane node") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/dns_addon_test.go b/test/e2e_kubeadm/dns_addon_test.go index b0f10851793..2e380500c54 100644 --- a/test/e2e_kubeadm/dns_addon_test.go +++ b/test/e2e_kubeadm/dns_addon_test.go @@ -51,7 +51,7 @@ var _ = Describe("DNS addon", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("DNS") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/kubeadm_certs_test.go b/test/e2e_kubeadm/kubeadm_certs_test.go index 9bc78b3bba3..1f72b0e5ac6 100644 --- a/test/e2e_kubeadm/kubeadm_certs_test.go +++ b/test/e2e_kubeadm/kubeadm_certs_test.go @@ -56,7 +56,7 @@ var _ = Describe("kubeadm-certs [copy-certs]", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("kubeadm-certs") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/kubeadm_config_test.go b/test/e2e_kubeadm/kubeadm_config_test.go index d3045d3d9fa..88b01d12e4b 100644 --- a/test/e2e_kubeadm/kubeadm_config_test.go +++ b/test/e2e_kubeadm/kubeadm_config_test.go @@ -53,7 +53,7 @@ var _ = Describe("kubeadm-config ConfigMap", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("kubeadm-config") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/kubelet_config_test.go b/test/e2e_kubeadm/kubelet_config_test.go index 4b9a18661f7..d6255c8e810 100644 --- a/test/e2e_kubeadm/kubelet_config_test.go +++ b/test/e2e_kubeadm/kubelet_config_test.go @@ -44,7 +44,7 @@ var _ = Describe("kubelet-config ConfigMap", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("kubelet-config") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/networking_test.go b/test/e2e_kubeadm/networking_test.go index a48399441a0..f466f6a248d 100644 --- a/test/e2e_kubeadm/networking_test.go +++ b/test/e2e_kubeadm/networking_test.go @@ -42,7 +42,7 @@ var _ = Describe("networking [setup-networking]", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("networking") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/nodes_test.go b/test/e2e_kubeadm/nodes_test.go index 736c453a1b6..21c5d793267 100644 --- a/test/e2e_kubeadm/nodes_test.go +++ b/test/e2e_kubeadm/nodes_test.go @@ -41,7 +41,7 @@ var _ = Describe("nodes", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("nodes") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_kubeadm/proxy_addon_test.go b/test/e2e_kubeadm/proxy_addon_test.go index 2b9b2631a93..7e415ebf543 100644 --- a/test/e2e_kubeadm/proxy_addon_test.go +++ b/test/e2e_kubeadm/proxy_addon_test.go @@ -55,7 +55,7 @@ var _ = Describe("proxy addon", func() { // Get an instance of the k8s test framework f := framework.NewDefaultFramework("proxy") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // Tests in this container are not expected to create new objects in the cluster // so we are disabling the creation of a namespace in order to get a faster execution diff --git a/test/e2e_node/apparmor_test.go b/test/e2e_node/apparmor_test.go index 286236efa1f..7a81db91d30 100644 --- a/test/e2e_node/apparmor_test.go +++ b/test/e2e_node/apparmor_test.go @@ -55,7 +55,7 @@ var _ = SIGDescribe("AppArmor [Feature:AppArmor][NodeFeature:AppArmor]", func() }) ginkgo.Context("when running with AppArmor", func() { f := framework.NewDefaultFramework("apparmor-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should reject an unloaded profile", func(ctx context.Context) { status := runAppArmorTest(ctx, f, false, v1.AppArmorBetaProfileNamePrefix+"non-existent-profile") @@ -86,7 +86,7 @@ var _ = SIGDescribe("AppArmor [Feature:AppArmor][NodeFeature:AppArmor]", func() } else { ginkgo.Context("when running without AppArmor", func() { f := framework.NewDefaultFramework("apparmor-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should reject a pod with an AppArmor profile", func(ctx context.Context) { status := runAppArmorTest(ctx, f, false, v1.AppArmorBetaProfileRuntimeDefault) diff --git a/test/e2e_node/checkpoint_container.go b/test/e2e_node/checkpoint_container.go index a86c02ad52a..bdccc80207f 100644 --- a/test/e2e_node/checkpoint_container.go +++ b/test/e2e_node/checkpoint_container.go @@ -76,7 +76,7 @@ func proxyPostRequest(ctx context.Context, c clientset.Interface, node, endpoint var _ = SIGDescribe("Checkpoint Container [NodeFeature:CheckpointContainer]", func() { f := framework.NewDefaultFramework("checkpoint-container-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("will checkpoint a container out of a pod", func(ctx context.Context) { ginkgo.By("creating a target pod") podClient := e2epod.NewPodClient(f) diff --git a/test/e2e_node/container_lifecycle_test.go b/test/e2e_node/container_lifecycle_test.go index f0668d499a1..8134092ac7e 100644 --- a/test/e2e_node/container_lifecycle_test.go +++ b/test/e2e_node/container_lifecycle_test.go @@ -41,7 +41,7 @@ func prefixedName(namePrefix string, name string) string { var _ = SIGDescribe("[NodeConformance] Containers Lifecycle ", func() { f := framework.NewDefaultFramework("containers-lifecycle-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should launch init container serially before a regular container", func() { diff --git a/test/e2e_node/container_log_rotation_test.go b/test/e2e_node/container_log_rotation_test.go index 48384be8218..54bdfa15fc9 100644 --- a/test/e2e_node/container_log_rotation_test.go +++ b/test/e2e_node/container_log_rotation_test.go @@ -43,7 +43,7 @@ const ( var _ = SIGDescribe("ContainerLogRotation [Slow] [Serial] [Disruptive]", func() { f := framework.NewDefaultFramework("container-log-rotation-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("when a container generates a lot of log", func() { tempSetCurrentKubeletConfig(f, func(ctx context.Context, initialConfig *kubeletconfig.KubeletConfiguration) { initialConfig.ContainerLogMaxFiles = testContainerLogMaxFiles diff --git a/test/e2e_node/container_manager_test.go b/test/e2e_node/container_manager_test.go index 6cac7c861c3..3b0ede643af 100644 --- a/test/e2e_node/container_manager_test.go +++ b/test/e2e_node/container_manager_test.go @@ -79,7 +79,7 @@ func validateOOMScoreAdjSettingIsInRange(pid int, expectedMinOOMScoreAdj, expect var _ = SIGDescribe("Container Manager Misc [Serial]", func() { f := framework.NewDefaultFramework("kubelet-container-manager") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("Validate OOM score adjustments [NodeFeature:OOMScoreAdj]", func() { ginkgo.Context("once the node is setup", func() { ginkgo.It("container runtime's oom-score-adj should be -999", func(ctx context.Context) { diff --git a/test/e2e_node/cpu_manager_metrics_test.go b/test/e2e_node/cpu_manager_metrics_test.go index 20f9b50e74f..097a354fd11 100644 --- a/test/e2e_node/cpu_manager_metrics_test.go +++ b/test/e2e_node/cpu_manager_metrics_test.go @@ -41,7 +41,7 @@ import ( var _ = SIGDescribe("CPU Manager Metrics [Serial][Feature:CPUManager]", func() { f := framework.NewDefaultFramework("cpumanager-metrics") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("when querying /metrics", func() { var oldCfg *kubeletconfig.KubeletConfiguration diff --git a/test/e2e_node/cpu_manager_test.go b/test/e2e_node/cpu_manager_test.go index 070705b984c..0b3fb3039b3 100644 --- a/test/e2e_node/cpu_manager_test.go +++ b/test/e2e_node/cpu_manager_test.go @@ -754,7 +754,7 @@ func isSMTAlignmentError(pod *v1.Pod) bool { // Serial because the test updates kubelet configuration. var _ = SIGDescribe("CPU Manager [Serial] [Feature:CPUManager]", func() { f := framework.NewDefaultFramework("cpu-manager-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("With kubeconfig updated with static CPU Manager policy run the CPU Manager tests", func() { runCPUManagerTests(f) diff --git a/test/e2e_node/critical_pod_test.go b/test/e2e_node/critical_pod_test.go index 088640117ac..a6b5cec039c 100644 --- a/test/e2e_node/critical_pod_test.go +++ b/test/e2e_node/critical_pod_test.go @@ -44,7 +44,7 @@ const ( var _ = SIGDescribe("CriticalPod [Serial] [Disruptive] [NodeFeature:CriticalPod]", func() { f := framework.NewDefaultFramework("critical-pod-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("when we need to admit a critical pod", func() { ginkgo.It("[Flaky] should be able to create and delete a critical pod", func(ctx context.Context) { // because adminssion Priority enable, If the priority class is not found, the Pod is rejected. diff --git a/test/e2e_node/deleted_pods_test.go b/test/e2e_node/deleted_pods_test.go index d90629efb9e..a30a7535203 100644 --- a/test/e2e_node/deleted_pods_test.go +++ b/test/e2e_node/deleted_pods_test.go @@ -40,7 +40,7 @@ const ( var _ = SIGDescribe("Deleted pods handling [NodeConformance]", func() { f := framework.NewDefaultFramework("deleted-pods-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("Should transition to Failed phase a pod which is deleted while pending", func(ctx context.Context) { podName := "deleted-pending-" + string(uuid.NewUUID()) diff --git a/test/e2e_node/density_test.go b/test/e2e_node/density_test.go index 8361a297be7..90e79a46fe2 100644 --- a/test/e2e_node/density_test.go +++ b/test/e2e_node/density_test.go @@ -66,7 +66,7 @@ var _ = SIGDescribe("Density [Serial] [Slow]", func() { ) f := framework.NewDefaultFramework("density-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { // Start a standalone cadvisor pod using 'createSync', the pod is running when it returns diff --git a/test/e2e_node/device_manager_test.go b/test/e2e_node/device_manager_test.go index 95434849d34..a8114f19a0d 100644 --- a/test/e2e_node/device_manager_test.go +++ b/test/e2e_node/device_manager_test.go @@ -62,7 +62,7 @@ const ( var _ = SIGDescribe("Device Manager [Serial] [Feature:DeviceManager][NodeFeature:DeviceManager]", func() { checkpointFullPath := filepath.Join(devicePluginDir, checkpointName) f := framework.NewDefaultFramework("devicemanager-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("With SRIOV devices in the system", func() { // this test wants to reproduce what happened in https://github.com/kubernetes/kubernetes/issues/102880 diff --git a/test/e2e_node/device_plugin_test.go b/test/e2e_node/device_plugin_test.go index 5b3d9c750ed..93c161c3e6b 100644 --- a/test/e2e_node/device_plugin_test.go +++ b/test/e2e_node/device_plugin_test.go @@ -58,7 +58,7 @@ var ( // Serial because the test restarts Kubelet var _ = SIGDescribe("Device Plugin [Feature:DevicePluginProbe][NodeFeature:DevicePluginProbe][Serial]", func() { f := framework.NewDefaultFramework("device-plugin-errors") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testDevicePlugin(f, kubeletdevicepluginv1beta1.DevicePluginPath) testDevicePluginNodeReboot(f, kubeletdevicepluginv1beta1.DevicePluginPath) }) diff --git a/test/e2e_node/dra_test.go b/test/e2e_node/dra_test.go index fb3da210bf2..c654fa04f3b 100644 --- a/test/e2e_node/dra_test.go +++ b/test/e2e_node/dra_test.go @@ -61,7 +61,7 @@ const ( var _ = ginkgo.Describe("[sig-node] DRA [Feature:DynamicResourceAllocation][NodeAlphaFeature:DynamicResourceAllocation]", func() { f := framework.NewDefaultFramework("dra-node") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline var kubeletPlugin *testdriver.ExamplePlugin diff --git a/test/e2e_node/eviction_test.go b/test/e2e_node/eviction_test.go index 0623848d5be..386665bb4dc 100644 --- a/test/e2e_node/eviction_test.go +++ b/test/e2e_node/eviction_test.go @@ -71,7 +71,7 @@ const ( // Node disk pressure is induced by consuming all inodes on the node. var _ = SIGDescribe("InodeEviction [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("inode-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged expectedNodeCondition := v1.NodeDiskPressure expectedStarvedResource := resourceInodes pressureTimeout := 15 * time.Minute @@ -108,7 +108,7 @@ var _ = SIGDescribe("InodeEviction [Slow] [Serial] [Disruptive][NodeFeature:Evic // Disk pressure is induced by pulling large images var _ = SIGDescribe("ImageGCNoEviction [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("image-gc-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged pressureTimeout := 10 * time.Minute expectedNodeCondition := v1.NodeDiskPressure expectedStarvedResource := resourceInodes @@ -139,7 +139,7 @@ var _ = SIGDescribe("ImageGCNoEviction [Slow] [Serial] [Disruptive][NodeFeature: // Node memory pressure is only encountered because we reserve the majority of the node's capacity via kube-reserved. var _ = SIGDescribe("MemoryAllocatableEviction [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("memory-allocatable-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged expectedNodeCondition := v1.NodeMemoryPressure expectedStarvedResource := v1.ResourceMemory pressureTimeout := 10 * time.Minute @@ -173,7 +173,7 @@ var _ = SIGDescribe("MemoryAllocatableEviction [Slow] [Serial] [Disruptive][Node // Disk pressure is induced by running pods which consume disk space. var _ = SIGDescribe("LocalStorageEviction [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("localstorage-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged pressureTimeout := 15 * time.Minute expectedNodeCondition := v1.NodeDiskPressure expectedStarvedResource := v1.ResourceEphemeralStorage @@ -212,7 +212,7 @@ var _ = SIGDescribe("LocalStorageEviction [Slow] [Serial] [Disruptive][NodeFeatu // Note: This test's purpose is to test Soft Evictions. Local storage was chosen since it is the least costly to run. var _ = SIGDescribe("LocalStorageSoftEviction [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("localstorage-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged pressureTimeout := 10 * time.Minute expectedNodeCondition := v1.NodeDiskPressure expectedStarvedResource := v1.ResourceEphemeralStorage @@ -251,7 +251,7 @@ var _ = SIGDescribe("LocalStorageSoftEviction [Slow] [Serial] [Disruptive][NodeF // not possible to exhaust the quota. var _ = SIGDescribe("LocalStorageCapacityIsolationMemoryBackedVolumeEviction [Slow] [Serial] [Disruptive] [Feature:LocalStorageCapacityIsolation][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("localstorage-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged evictionTestTimeout := 7 * time.Minute ginkgo.Context(fmt.Sprintf(testContextFmt, "evictions due to pod local storage violations"), func() { tempSetCurrentKubeletConfig(f, func(ctx context.Context, initialConfig *kubeletconfig.KubeletConfiguration) { @@ -294,7 +294,7 @@ var _ = SIGDescribe("LocalStorageCapacityIsolationMemoryBackedVolumeEviction [Sl // LocalStorageCapacityIsolationEviction tests that container and volume local storage limits are enforced through evictions var _ = SIGDescribe("LocalStorageCapacityIsolationEviction [Slow] [Serial] [Disruptive] [Feature:LocalStorageCapacityIsolation][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("localstorage-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged evictionTestTimeout := 10 * time.Minute ginkgo.Context(fmt.Sprintf(testContextFmt, "evictions due to pod local storage violations"), func() { tempSetCurrentKubeletConfig(f, func(ctx context.Context, initialConfig *kubeletconfig.KubeletConfiguration) { @@ -347,7 +347,7 @@ var _ = SIGDescribe("LocalStorageCapacityIsolationEviction [Slow] [Serial] [Disr // the higher priority pod. var _ = SIGDescribe("PriorityMemoryEvictionOrdering [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("priority-memory-eviction-ordering-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged expectedNodeCondition := v1.NodeMemoryPressure expectedStarvedResource := v1.ResourceMemory pressureTimeout := 10 * time.Minute @@ -405,7 +405,7 @@ var _ = SIGDescribe("PriorityMemoryEvictionOrdering [Slow] [Serial] [Disruptive] // the higher priority pod. var _ = SIGDescribe("PriorityLocalStorageEvictionOrdering [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("priority-disk-eviction-ordering-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged expectedNodeCondition := v1.NodeDiskPressure expectedStarvedResource := v1.ResourceEphemeralStorage pressureTimeout := 15 * time.Minute @@ -462,7 +462,7 @@ var _ = SIGDescribe("PriorityLocalStorageEvictionOrdering [Slow] [Serial] [Disru // PriorityPidEvictionOrdering tests that the node emits pid pressure in response to a fork bomb, and evicts pods by priority var _ = SIGDescribe("PriorityPidEvictionOrdering [Slow] [Serial] [Disruptive][NodeFeature:Eviction]", func() { f := framework.NewDefaultFramework("pidpressure-eviction-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged pressureTimeout := 2 * time.Minute expectedNodeCondition := v1.NodePIDPressure expectedStarvedResource := noStarvedResource diff --git a/test/e2e_node/garbage_collector_test.go b/test/e2e_node/garbage_collector_test.go index 5f531a9cb0c..6c69fefa1e9 100644 --- a/test/e2e_node/garbage_collector_test.go +++ b/test/e2e_node/garbage_collector_test.go @@ -74,7 +74,7 @@ type testRun struct { // http://kubernetes.io/docs/admin/garbage-collection/ var _ = SIGDescribe("GarbageCollect [Serial][NodeFeature:GarbageCollect]", func() { f := framework.NewDefaultFramework("garbage-collect-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged containerNamePrefix := "gc-test-container-" podNamePrefix := "gc-test-pod-" diff --git a/test/e2e_node/hugepages_test.go b/test/e2e_node/hugepages_test.go index 29e74b526b4..fdd2a0c67af 100644 --- a/test/e2e_node/hugepages_test.go +++ b/test/e2e_node/hugepages_test.go @@ -202,7 +202,7 @@ func getHugepagesTestPod(f *framework.Framework, limits v1.ResourceList, mounts // Serial because the test updates kubelet configuration. var _ = SIGDescribe("HugePages [Serial] [Feature:HugePages][NodeSpecialFeature:HugePages]", func() { f := framework.NewDefaultFramework("hugepages-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should remove resources for huge page sizes no longer supported", func(ctx context.Context) { ginkgo.By("mimicking support for 9Mi of 3Mi huge page memory by patching the node status") diff --git a/test/e2e_node/image_id_test.go b/test/e2e_node/image_id_test.go index b36baeacf6f..ec85101e8e9 100644 --- a/test/e2e_node/image_id_test.go +++ b/test/e2e_node/image_id_test.go @@ -35,7 +35,7 @@ var _ = SIGDescribe("ImageID [NodeFeature: ImageID]", func() { busyBoxImage := "registry.k8s.io/busybox@sha256:4bdd623e848417d96127e16037743f0cd8b528c026e9175e22a84f639eca58ff" f := framework.NewDefaultFramework("image-id-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.It("should be set to the manifest digest (from RepoDigests) when available", func(ctx context.Context) { podDesc := &v1.Pod{ diff --git a/test/e2e_node/log_path_test.go b/test/e2e_node/log_path_test.go index e5e66717a15..68f2cf544aa 100644 --- a/test/e2e_node/log_path_test.go +++ b/test/e2e_node/log_path_test.go @@ -38,7 +38,7 @@ const ( var _ = SIGDescribe("ContainerLogPath [NodeConformance]", func() { f := framework.NewDefaultFramework("kubelet-container-log-path") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var podClient *e2epod.PodClient ginkgo.Describe("Pod with a container", func() { diff --git a/test/e2e_node/memory_manager_test.go b/test/e2e_node/memory_manager_test.go index 0e584d85ecf..b82c3d3e21d 100644 --- a/test/e2e_node/memory_manager_test.go +++ b/test/e2e_node/memory_manager_test.go @@ -254,7 +254,7 @@ var _ = SIGDescribe("Memory Manager [Disruptive] [Serial] [Feature:MemoryManager ) f := framework.NewDefaultFramework("memory-manager-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged memoryQuantity := resource.MustParse("1100Mi") defaultKubeParams := &kubeletParams{ diff --git a/test/e2e_node/mirror_pod_grace_period_test.go b/test/e2e_node/mirror_pod_grace_period_test.go index 76e08e6f777..1eb420339c0 100644 --- a/test/e2e_node/mirror_pod_grace_period_test.go +++ b/test/e2e_node/mirror_pod_grace_period_test.go @@ -40,7 +40,7 @@ import ( var _ = SIGDescribe("MirrorPodWithGracePeriod", func() { f := framework.NewDefaultFramework("mirror-pod-with-grace-period") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("when create a mirror pod ", func() { var ns, podPath, staticPodName, mirrorPodName string ginkgo.BeforeEach(func(ctx context.Context) { diff --git a/test/e2e_node/mirror_pod_test.go b/test/e2e_node/mirror_pod_test.go index cc28b750df2..3f8d0110d19 100644 --- a/test/e2e_node/mirror_pod_test.go +++ b/test/e2e_node/mirror_pod_test.go @@ -45,7 +45,7 @@ import ( var _ = SIGDescribe("MirrorPod", func() { f := framework.NewDefaultFramework("mirror-pod") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("when create a mirror pod ", func() { var ns, podPath, staticPodName, mirrorPodName string ginkgo.BeforeEach(func(ctx context.Context) { diff --git a/test/e2e_node/node_container_manager_test.go b/test/e2e_node/node_container_manager_test.go index db36ee3544d..ae57fa75e30 100644 --- a/test/e2e_node/node_container_manager_test.go +++ b/test/e2e_node/node_container_manager_test.go @@ -65,7 +65,7 @@ func setDesiredConfiguration(initialConfig *kubeletconfig.KubeletConfiguration) var _ = SIGDescribe("Node Container Manager [Serial]", func() { f := framework.NewDefaultFramework("node-container-manager") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("Validate Node Allocatable [NodeFeature:NodeAllocatable]", func() { ginkgo.It("sets up the node and runs the test", func(ctx context.Context) { framework.ExpectNoError(runTest(ctx, f)) diff --git a/test/e2e_node/node_perf_test.go b/test/e2e_node/node_perf_test.go index b5ba5c00969..e37a9ef9f3e 100644 --- a/test/e2e_node/node_perf_test.go +++ b/test/e2e_node/node_perf_test.go @@ -82,7 +82,7 @@ func setKubeletConfig(ctx context.Context, f *framework.Framework, cfg *kubeletc // Slow by design. var _ = SIGDescribe("Node Performance Testing [Serial] [Slow]", func() { f := framework.NewDefaultFramework("node-performance-testing") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var ( wl workloads.NodePerfWorkload oldCfg *kubeletconfig.KubeletConfiguration diff --git a/test/e2e_node/node_problem_detector_linux.go b/test/e2e_node/node_problem_detector_linux.go index 39d25e9765c..fda353579d7 100644 --- a/test/e2e_node/node_problem_detector_linux.go +++ b/test/e2e_node/node_problem_detector_linux.go @@ -50,7 +50,7 @@ var _ = SIGDescribe("NodeProblemDetector [NodeFeature:NodeProblemDetector] [Seri pollTimeout = 1 * time.Minute ) f := framework.NewDefaultFramework("node-problem-detector") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var c clientset.Interface var uid string var ns, name, configName, eventNamespace string diff --git a/test/e2e_node/node_shutdown_linux_test.go b/test/e2e_node/node_shutdown_linux_test.go index 58d2693ab07..ed556f94767 100644 --- a/test/e2e_node/node_shutdown_linux_test.go +++ b/test/e2e_node/node_shutdown_linux_test.go @@ -55,7 +55,7 @@ import ( var _ = SIGDescribe("GracefulNodeShutdown [Serial] [NodeFeature:GracefulNodeShutdown] [NodeFeature:GracefulNodeShutdownBasedOnPodPriority]", func() { f := framework.NewDefaultFramework("graceful-node-shutdown") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("graceful node shutdown when PodDisruptionConditions are enabled [NodeFeature:PodDisruptionConditions]", func() { diff --git a/test/e2e_node/oomkiller_linux_test.go b/test/e2e_node/oomkiller_linux_test.go index fb92133d2f2..43ccabc8033 100644 --- a/test/e2e_node/oomkiller_linux_test.go +++ b/test/e2e_node/oomkiller_linux_test.go @@ -39,7 +39,7 @@ type testCase struct { var _ = SIGDescribe("OOMKiller [LinuxOnly] [NodeConformance]", func() { f := framework.NewDefaultFramework("oomkiller-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged testCases := []testCase{{ name: "single process container", diff --git a/test/e2e_node/os_label_rename_test.go b/test/e2e_node/os_label_rename_test.go index 2adc8c58a49..f13d08e9f4a 100644 --- a/test/e2e_node/os_label_rename_test.go +++ b/test/e2e_node/os_label_rename_test.go @@ -40,7 +40,7 @@ import ( var _ = SIGDescribe("OSArchLabelReconciliation [Serial] [Slow] [Disruptive]", func() { f := framework.NewDefaultFramework("node-label-reconciliation") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("Kubelet", func() { ginkgo.It("should reconcile the OS and Arch labels when restarted", func(ctx context.Context) { node := getLocalNode(ctx, f) diff --git a/test/e2e_node/pids_test.go b/test/e2e_node/pids_test.go index bd65280eec4..a942eceb379 100644 --- a/test/e2e_node/pids_test.go +++ b/test/e2e_node/pids_test.go @@ -122,7 +122,7 @@ func runPodPidsLimitTests(f *framework.Framework) { // Serial because the test updates kubelet configuration. var _ = SIGDescribe("PodPidsLimit [Serial]", func() { f := framework.NewDefaultFramework("pids-limit-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("With config updated with pids limits", func() { tempSetCurrentKubeletConfig(f, func(ctx context.Context, initialConfig *kubeletconfig.KubeletConfiguration) { initialConfig.PodPidsLimit = int64(1024) diff --git a/test/e2e_node/pod_conditions_test.go b/test/e2e_node/pod_conditions_test.go index d4039fc4073..87599230b62 100644 --- a/test/e2e_node/pod_conditions_test.go +++ b/test/e2e_node/pod_conditions_test.go @@ -45,7 +45,7 @@ import ( var _ = SIGDescribe("Pod conditions managed by Kubelet", func() { f := framework.NewDefaultFramework("pod-conditions") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("including PodReadyToStartContainers condition [Serial] [Feature:PodReadyToStartContainersCondition]", func() { tempSetCurrentKubeletConfig(f, func(ctx context.Context, initialConfig *kubeletconfig.KubeletConfiguration) { diff --git a/test/e2e_node/pod_hostnamefqdn_test.go b/test/e2e_node/pod_hostnamefqdn_test.go index 6c8e7314af7..55e23620404 100644 --- a/test/e2e_node/pod_hostnamefqdn_test.go +++ b/test/e2e_node/pod_hostnamefqdn_test.go @@ -74,7 +74,7 @@ func testPod(podnamebase string) *v1.Pod { var _ = SIGDescribe("Hostname of Pod [NodeConformance]", func() { f := framework.NewDefaultFramework("hostfqdn") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline /* Release: v1.19 Testname: Create Pod without fully qualified domain name (FQDN) diff --git a/test/e2e_node/podresources_test.go b/test/e2e_node/podresources_test.go index 24c60e0aac3..a769488ada6 100644 --- a/test/e2e_node/podresources_test.go +++ b/test/e2e_node/podresources_test.go @@ -571,7 +571,7 @@ func podresourcesGetAllocatableResourcesTests(ctx context.Context, cli kubeletpo // Serial because the test updates kubelet configuration. var _ = SIGDescribe("POD Resources [Serial] [Feature:PodResources][NodeFeature:PodResources]", func() { f := framework.NewDefaultFramework("podresources-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged reservedSystemCPUs := cpuset.New(1) diff --git a/test/e2e_node/pods_container_manager_test.go b/test/e2e_node/pods_container_manager_test.go index 35b4918a668..a9a09455e77 100644 --- a/test/e2e_node/pods_container_manager_test.go +++ b/test/e2e_node/pods_container_manager_test.go @@ -166,7 +166,7 @@ func makePodToVerifyCgroupRemoved(baseName string) *v1.Pod { var _ = SIGDescribe("Kubelet Cgroup Manager", func() { f := framework.NewDefaultFramework("kubelet-cgroup-manager") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("QOS containers", func() { ginkgo.Context("On enabling QOS cgroup hierarchy", func() { diff --git a/test/e2e_node/pods_lifecycle_termination_test.go b/test/e2e_node/pods_lifecycle_termination_test.go index 5fdf7beef50..69976e98896 100644 --- a/test/e2e_node/pods_lifecycle_termination_test.go +++ b/test/e2e_node/pods_lifecycle_termination_test.go @@ -37,7 +37,7 @@ import ( // exit code is 137 and the exit reason is `Error` var _ = SIGDescribe("Pod SIGKILL [LinuxOnly] [NodeConformance]", func() { f := framework.NewDefaultFramework("sigkill-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline podName := "sigkill-pod-" + string(uuid.NewUUID()) containerName := "sigkill-target-container" diff --git a/test/e2e_node/quota_lsci_test.go b/test/e2e_node/quota_lsci_test.go index ce7fc9a27da..0b198a8f2f2 100644 --- a/test/e2e_node/quota_lsci_test.go +++ b/test/e2e_node/quota_lsci_test.go @@ -98,7 +98,7 @@ func runOneQuotaTest(f *framework.Framework, quotasRequested bool) { // file; if du is used to monitor, it will not detect this. var _ = SIGDescribe("LocalStorageCapacityIsolationFSQuotaMonitoring [Slow] [Serial] [Disruptive] [Feature:LocalStorageCapacityIsolationQuota][NodeFeature:LSCIQuotaMonitoring]", func() { f := framework.NewDefaultFramework("localstorage-quota-monitoring-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged runOneQuotaTest(f, true) runOneQuotaTest(f, false) }) diff --git a/test/e2e_node/resource_metrics_test.go b/test/e2e_node/resource_metrics_test.go index 4cdb74b4c6c..ed64ae7137e 100644 --- a/test/e2e_node/resource_metrics_test.go +++ b/test/e2e_node/resource_metrics_test.go @@ -45,7 +45,7 @@ const ( var _ = SIGDescribe("ResourceMetricsAPI [NodeFeature:ResourceMetrics]", func() { f := framework.NewDefaultFramework("resource-metrics") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("when querying /resource/metrics", func() { ginkgo.BeforeEach(func(ctx context.Context) { ginkgo.By("Creating test pods to measure their resource usage") diff --git a/test/e2e_node/resource_usage_test.go b/test/e2e_node/resource_usage_test.go index 71432389c03..ca0b743bf75 100644 --- a/test/e2e_node/resource_usage_test.go +++ b/test/e2e_node/resource_usage_test.go @@ -49,7 +49,7 @@ var _ = SIGDescribe("Resource-usage [Serial] [Slow]", func() { ) f := framework.NewDefaultFramework("resource-usage") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.BeforeEach(func(ctx context.Context) { om = e2ekubelet.NewRuntimeOperationMonitor(ctx, f.ClientSet) diff --git a/test/e2e_node/restart_test.go b/test/e2e_node/restart_test.go index 9157e3e69e3..95e4e89ad76 100644 --- a/test/e2e_node/restart_test.go +++ b/test/e2e_node/restart_test.go @@ -90,7 +90,7 @@ var _ = SIGDescribe("Restart [Serial] [Slow] [Disruptive]", func() { ) f := framework.NewDefaultFramework("restart-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("Container Runtime", func() { ginkgo.Context("Network", func() { ginkgo.It("should recover from ip leak", func(ctx context.Context) { diff --git a/test/e2e_node/runtime_conformance_test.go b/test/e2e_node/runtime_conformance_test.go index 5ee12bd0d9f..70566764f5e 100644 --- a/test/e2e_node/runtime_conformance_test.go +++ b/test/e2e_node/runtime_conformance_test.go @@ -36,7 +36,7 @@ import ( var _ = SIGDescribe("Container Runtime Conformance Test", func() { f := framework.NewDefaultFramework("runtime-conformance") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Describe("container runtime conformance blackbox test", func() { diff --git a/test/e2e_node/runtimeclass_test.go b/test/e2e_node/runtimeclass_test.go index ee8b01db305..8505bc04d6e 100644 --- a/test/e2e_node/runtimeclass_test.go +++ b/test/e2e_node/runtimeclass_test.go @@ -92,7 +92,7 @@ func makePodToVerifyCgroupSize(cgroupNames []string, expectedCPU string, expecte var _ = SIGDescribe("Kubelet PodOverhead handling [LinuxOnly]", func() { f := framework.NewDefaultFramework("podoverhead-handling") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("PodOverhead cgroup accounting", func() { ginkgo.Context("On running pod with PodOverhead defined", func() { ginkgo.It("Pod cgroup should be sum of overhead and resource limits", func(ctx context.Context) { diff --git a/test/e2e_node/seccompdefault_test.go b/test/e2e_node/seccompdefault_test.go index 32d237aafd9..e60a25e9e82 100644 --- a/test/e2e_node/seccompdefault_test.go +++ b/test/e2e_node/seccompdefault_test.go @@ -36,7 +36,7 @@ import ( // Serial because the test updates kubelet configuration. var _ = SIGDescribe("SeccompDefault [Serial] [Feature:SeccompDefault] [LinuxOnly]", func() { f := framework.NewDefaultFramework("seccompdefault-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("with SeccompDefault enabled", func() { tempSetCurrentKubeletConfig(f, func(ctx context.Context, cfg *kubeletconfig.KubeletConfiguration) { diff --git a/test/e2e_node/security_context_test.go b/test/e2e_node/security_context_test.go index 9aff03ab852..ef0de379057 100644 --- a/test/e2e_node/security_context_test.go +++ b/test/e2e_node/security_context_test.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("Security Context", func() { f := framework.NewDefaultFramework("security-context-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged var podClient *e2epod.PodClient ginkgo.BeforeEach(func() { podClient = e2epod.NewPodClient(f) diff --git a/test/e2e_node/standalone_test.go b/test/e2e_node/standalone_test.go index 241eb078054..89add918313 100644 --- a/test/e2e_node/standalone_test.go +++ b/test/e2e_node/standalone_test.go @@ -46,7 +46,7 @@ import ( var _ = SIGDescribe("[Feature:StandaloneMode] ", func() { f := framework.NewDefaultFramework("static-pod") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("when creating a static pod", func() { var ns, podPath, staticPodName string diff --git a/test/e2e_node/summary_test.go b/test/e2e_node/summary_test.go index 20ca73e3105..0ad04a2369d 100644 --- a/test/e2e_node/summary_test.go +++ b/test/e2e_node/summary_test.go @@ -42,7 +42,7 @@ import ( var _ = SIGDescribe("Summary API [NodeConformance]", func() { f := framework.NewDefaultFramework("summary-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("when querying /stats/summary", func() { ginkgo.AfterEach(func(ctx context.Context) { if !ginkgo.CurrentSpecReport().Failed() { diff --git a/test/e2e_node/system_node_critical_test.go b/test/e2e_node/system_node_critical_test.go index 503b95b5797..253c892877c 100644 --- a/test/e2e_node/system_node_critical_test.go +++ b/test/e2e_node/system_node_critical_test.go @@ -37,7 +37,7 @@ import ( var _ = SIGDescribe("SystemNodeCriticalPod [Slow] [Serial] [Disruptive] [NodeFeature:SystemNodeCriticalPod]", func() { f := framework.NewDefaultFramework("system-node-critical-pod-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged // this test only manipulates pods in kube-system f.SkipNamespaceCreation = true diff --git a/test/e2e_node/terminate_pods_test.go b/test/e2e_node/terminate_pods_test.go index 7feec2df153..e7a4d0502da 100644 --- a/test/e2e_node/terminate_pods_test.go +++ b/test/e2e_node/terminate_pods_test.go @@ -34,7 +34,7 @@ import ( var _ = SIGDescribe("Terminate Pods", func() { f := framework.NewDefaultFramework("terminate-pods") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.It("should not hang when terminating pods mounting non-existent volumes", func(ctx context.Context) { pod := &v1.Pod{ diff --git a/test/e2e_node/topology_manager_metrics_test.go b/test/e2e_node/topology_manager_metrics_test.go index f62aef1cb30..20a147e2a8c 100644 --- a/test/e2e_node/topology_manager_metrics_test.go +++ b/test/e2e_node/topology_manager_metrics_test.go @@ -36,7 +36,7 @@ import ( var _ = SIGDescribe("Topology Manager Metrics [Serial][NodeFeature:TopologyManager]", func() { f := framework.NewDefaultFramework("topologymanager-metrics") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("when querying /metrics", func() { var oldCfg *kubeletconfig.KubeletConfiguration diff --git a/test/e2e_node/topology_manager_test.go b/test/e2e_node/topology_manager_test.go index 7b45b6378a0..ab1a91d439c 100644 --- a/test/e2e_node/topology_manager_test.go +++ b/test/e2e_node/topology_manager_test.go @@ -946,7 +946,7 @@ func hostPrecheck() (int, int) { // Serial because the test updates kubelet configuration. var _ = SIGDescribe("Topology Manager [Serial] [NodeFeature:TopologyManager]", func() { f := framework.NewDefaultFramework("topology-manager-test") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Context("With kubeconfig updated to static CPU Manager policy run the Topology Manager tests", func() { runTopologyManagerTests(f) diff --git a/test/e2e_node/unknown_pods_test.go b/test/e2e_node/unknown_pods_test.go index 75d2f21393d..301cb57fd0d 100644 --- a/test/e2e_node/unknown_pods_test.go +++ b/test/e2e_node/unknown_pods_test.go @@ -46,7 +46,7 @@ import ( */ var _ = SIGDescribe("Unknown Pods [Serial] [Disruptive]", func() { f := framework.NewDefaultFramework("unknown-pods") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline ginkgo.Context("when creating a mirror pod", func() { var ns, podPath, staticPodName, mirrorPodName string diff --git a/test/e2e_node/volume_manager_test.go b/test/e2e_node/volume_manager_test.go index 98fc90f9006..9c98bfcf78f 100644 --- a/test/e2e_node/volume_manager_test.go +++ b/test/e2e_node/volume_manager_test.go @@ -34,7 +34,7 @@ import ( var _ = SIGDescribe("Kubelet Volume Manager", func() { f := framework.NewDefaultFramework("kubelet-volume-manager") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged ginkgo.Describe("Volume Manager", func() { ginkgo.Context("On termination of pod with memory backed volume", func() { ginkgo.It("should remove the volume from the node [NodeConformance]", func(ctx context.Context) {