github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-22 01:56:16 +00:00
Code Issues Projects Releases Wiki Activity

PodSecurity: seccompProfile_restricted: regenerate files

Browse Source
This commit is contained in:
Jordan Liggitt 2021-07-07 23:50:23 -04:00
parent 88a1241299
commit 2af08d1a5a
42 changed files with 76 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccomp_restricted2.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccompprofile_restricted2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccomp_restricted3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccompprofile_restricted3.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
name: seccompprofile_restricted3
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccomp_restricted4.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccompprofile_restricted4.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted4
name: seccompprofile_restricted4
spec:
containers:
- image: k8s.gcr.io/pause

21
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/seccomp_restricted2.yaml vendored
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/seccomp_restricted3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/seccompprofile_restricted2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
@ -9,8 +9,7 @@ spec:
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
localhostProfile: testing
type: Localhost
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1

21
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccomp_restricted4.yaml vendored
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: Unconfined
securityContext:
runAsNonRoot: true

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccomp_restricted2.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccompprofile_restricted2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccomp_restricted3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccompprofile_restricted3.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
name: seccompprofile_restricted3
spec:
containers:
- image: k8s.gcr.io/pause

6
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/seccomp_restricted5.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccompprofile_restricted4.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted5
name: seccompprofile_restricted4
spec:
containers:
- image: k8s.gcr.io/pause
@ -9,13 +9,13 @@ spec:
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: Unconfined
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
type: Unconfined
securityContext:
runAsNonRoot: true

21
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/seccomp_restricted2.yaml vendored
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/seccomp_restricted3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/seccompprofile_restricted2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
@ -9,8 +9,7 @@ spec:
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
localhostProfile: testing
type: Localhost
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1

19
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccomp_restricted2.yaml vendored
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

19
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccomp_restricted3.yaml vendored
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

21
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccomp_restricted4.yaml vendored
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: Unconfined
securityContext:
runAsNonRoot: true

21
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccomp_restricted5.yaml vendored
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: Unconfined
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

19
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccompprofile_restricted2.yaml vendored Executable file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

19
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccompprofile_restricted3.yaml vendored Executable file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_restricted3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

6
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/seccomp_restricted5.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/seccompprofile_restricted4.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted5
name: seccompprofile_restricted4
spec:
containers:
- image: k8s.gcr.io/pause
@ -9,13 +9,13 @@ spec:
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: Unconfined
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
type: Unconfined
securityContext:
runAsNonRoot: true

21
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/seccomp_restricted2.yaml vendored
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/pass/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/pass/seccomp_restricted3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/pass/seccompprofile_restricted2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
@ -9,8 +9,7 @@ spec:
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
localhostProfile: testing
type: Localhost
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1

27
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccomp_restricted5.yaml vendored
View File

@ -1,27 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: Unconfined
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccomp_restricted2.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccompprofile_restricted2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccomp_restricted3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccompprofile_restricted3.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
name: seccompprofile_restricted3
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccomp_restricted4.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/seccompprofile_restricted4.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted4
name: seccompprofile_restricted4
spec:
containers:
- image: k8s.gcr.io/pause

27
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/seccomp_restricted2.yaml vendored
View File

@ -1,27 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
securityContext:
runAsNonRoot: true

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/seccomp_restricted0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/seccompprofile_restricted0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted0
name: seccompprofile_restricted0
spec:
containers:
- image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/seccomp_restricted1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/seccompprofile_restricted1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted1
name: seccompprofile_restricted1
spec:
containers:
- image: k8s.gcr.io/pause

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/seccomp_restricted3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/pass/seccompprofile_restricted2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: seccomp_restricted3
name: seccompprofile_restricted2
spec:
containers:
- image: k8s.gcr.io/pause
@ -12,8 +12,7 @@ spec:
drop:
- ALL
seccompProfile:
localhostProfile: testing
type: Localhost
type: RuntimeDefault
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1