github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-04 23:17:50 +00:00
Code Issues Projects Releases Wiki Activity

test/e2e/framework: configure pod security admission level for e2e tests

Browse Source
This commit is contained in:
Sergiusz Urbaniak
2022-01-30 13:37:24 +01:00
parent e06e6771ef
commit 373c08e0c7
123 changed files with 297 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
test/e2e/framework/pod/utils.go
View File

@@ -21,6 +21,7 @@ import (
v1 "k8s.io/api/core/v1"
imageutils "k8s.io/kubernetes/test/utils/image"
"k8s.io/utils/pointer"
)
// NodeOSDistroIs returns true if the distro is the same as `--node-os-distro`
@@ -113,3 +114,19 @@ func GetLinuxLabel() *v1.SELinuxOptions {
return &v1.SELinuxOptions{
Level: "s0:c0,c1"}
}
// GetRestrictedPodSecurityContext returns a minimal restricted pod security context.
func GetRestrictedPodSecurityContext() *v1.PodSecurityContext {
return &v1.PodSecurityContext{
RunAsNonRoot: pointer.BoolPtr(true),
SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault},
}
}
// GetRestrictedContainerSecurityContext returns a minimal restricted container security context.
func GetRestrictedContainerSecurityContext() *v1.SecurityContext {
return &v1.SecurityContext{
AllowPrivilegeEscalation: pointer.BoolPtr(false),
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
}
}