mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-21 02:41:25 +00:00
test/e2e/framework: configure pod security admission level for e2e tests
This commit is contained in:
Sergiusz Urbaniak
parent
e06e6771ef
commit
373c08e0c7
@ -46,6 +46,7 @@ import (
|
||||
e2edeployment "k8s.io/kubernetes/test/e2e/framework/deployment"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
samplev1alpha1 "k8s.io/sample-apiserver/pkg/apis/wardle/v1alpha1"
|
||||
"k8s.io/utils/pointer"
|
||||
|
||||
@ -70,6 +71,7 @@ var _ = SIGDescribe("Aggregator", func() {
|
||||
})
|
||||
|
||||
f := framework.NewDefaultFramework("aggregator")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
// We want namespace initialization BeforeEach inserted by
|
||||
// NewDefaultFramework to happen before this, so we put this BeforeEach
|
||||
|
||||
@ -36,6 +36,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2edeployment "k8s.io/kubernetes/test/e2e/framework/deployment"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
||||
@ -45,6 +46,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("ServerSideApply", func() {
|
||||
f := framework.NewDefaultFramework("apply")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
var client clientset.Interface
|
||||
var ns string
|
||||
|
||||
@ -38,6 +38,7 @@ import (
|
||||
e2edeployment "k8s.io/kubernetes/test/e2e/framework/deployment"
|
||||
"k8s.io/kubernetes/test/utils/crd"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
"k8s.io/utils/pointer"
|
||||
|
||||
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
@ -117,6 +118,7 @@ var alternativeAPIVersions = []apiextensionsv1.CustomResourceDefinitionVersion{
|
||||
var _ = SIGDescribe("CustomResourceConversionWebhook [Privileged:ClusterAdmin]", func() {
|
||||
var certCtx *certContext
|
||||
f := framework.NewDefaultFramework("crd-webhook")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
servicePort := int32(9443)
|
||||
containerPort := int32(9444)
|
||||
|
||||
|
||||
@ -43,6 +43,7 @@ import (
|
||||
e2emetrics "k8s.io/kubernetes/test/e2e/framework/metrics"
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
@ -301,6 +302,7 @@ func getUniqLabel(labelkey, labelvalue string) map[string]string {
|
||||
|
||||
var _ = SIGDescribe("Garbage collector", func() {
|
||||
f := framework.NewDefaultFramework("gc")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -31,6 +31,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
@ -100,6 +101,7 @@ func observerUpdate(w watch.Interface, expectedUpdate func(runtime.Object) bool)
|
||||
|
||||
var _ = SIGDescribe("Generated clientset", func() {
|
||||
f := framework.NewDefaultFramework("clientset")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
ginkgo.It("should create pods, set the deletionTimestamp and deletionGracePeriodSeconds of the pod", func() {
|
||||
podClient := f.ClientSet.CoreV1().Pods(f.Namespace.Name)
|
||||
ginkgo.By("constructing the pod")
|
||||
|
||||
@ -33,6 +33,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
@ -226,6 +227,7 @@ func ensureServicesAreRemovedWhenNamespaceIsDeleted(f *framework.Framework) {
|
||||
var _ = SIGDescribe("Namespaces [Serial]", func() {
|
||||
|
||||
f := framework.NewDefaultFramework("namespaces")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.11
|
||||
|
||||
@ -36,6 +36,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
"k8s.io/kubernetes/test/utils/crd"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -51,6 +52,7 @@ var extendedResourceName = "example.com/dongle"
|
||||
|
||||
var _ = SIGDescribe("ResourceQuota", func() {
|
||||
f := framework.NewDefaultFramework("resourcequota")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.16
|
||||
@ -917,6 +919,7 @@ var _ = SIGDescribe("ResourceQuota", func() {
|
||||
|
||||
var _ = SIGDescribe("ResourceQuota [Feature:ScopeSelectors]", func() {
|
||||
f := framework.NewDefaultFramework("scope-selectors")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
ginkgo.It("should verify ResourceQuota with best effort scope using scope-selectors.", func() {
|
||||
ginkgo.By("Creating a ResourceQuota with best effort scope")
|
||||
resourceQuotaBestEffort, err := createResourceQuota(f.ClientSet, f.Namespace.Name, newTestResourceQuotaWithScopeSelector("quota-besteffort", v1.ResourceQuotaScopeBestEffort))
|
||||
@ -1097,6 +1100,7 @@ var _ = SIGDescribe("ResourceQuota [Feature:ScopeSelectors]", func() {
|
||||
|
||||
var _ = SIGDescribe("ResourceQuota [Feature:PodPriority]", func() {
|
||||
f := framework.NewDefaultFramework("resourcequota-priorityclass")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.It("should verify ResourceQuota's priority class scope (quota set to pod count: 1) against a pod with same priority class.", func() {
|
||||
|
||||
@ -1438,6 +1442,7 @@ var _ = SIGDescribe("ResourceQuota [Feature:PodPriority]", func() {
|
||||
|
||||
var _ = SIGDescribe("ResourceQuota", func() {
|
||||
f := framework.NewDefaultFramework("cross-namespace-pod-affinity")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
ginkgo.It("should verify ResourceQuota with cross namespace pod affinity scope using scope-selectors.", func() {
|
||||
ginkgo.By("Creating a ResourceQuota with cross namespace pod affinity scope")
|
||||
quota, err := createResourceQuota(
|
||||
|
||||
@ -31,6 +31,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1"
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
utilversion "k8s.io/apimachinery/pkg/util/version"
|
||||
"k8s.io/cli-runtime/pkg/printers"
|
||||
@ -43,6 +44,7 @@ var serverPrintVersion = utilversion.MustParseSemantic("v1.10.0")
|
||||
|
||||
var _ = SIGDescribe("Servers with support for Table transformation", func() {
|
||||
f := framework.NewDefaultFramework("tables")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
e2eskipper.SkipUnlessServerVersionGTE(serverPrintVersion, f.ClientSet.Discovery())
|
||||
|
||||
@ -47,6 +47,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
"k8s.io/kubernetes/test/utils/crd"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
||||
@ -78,6 +79,7 @@ const (
|
||||
var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() {
|
||||
var certCtx *certContext
|
||||
f := framework.NewDefaultFramework("webhook")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
servicePort := int32(8443)
|
||||
containerPort := int32(8444)
|
||||
|
||||
@ -1155,6 +1157,8 @@ func testWebhook(f *framework.Framework) {
|
||||
Labels: map[string]string{
|
||||
skipNamespaceLabelKey: skipNamespaceLabelValue,
|
||||
f.UniqueName: "true",
|
||||
// TODO(https://github.com/kubernetes/kubernetes/issues/108298): route namespace creation via framework.Framework.CreateNamespace in 1.24
|
||||
admissionapi.EnforceLevelLabel: string(admissionapi.LevelRestricted),
|
||||
},
|
||||
}})
|
||||
framework.ExpectNoError(err, "creating namespace %q", skippedNamespaceName)
|
||||
@ -2369,8 +2373,12 @@ func newMutateConfigMapWebhookFixture(f *framework.Framework, certCtx *certConte
|
||||
func createWebhookConfigurationReadyNamespace(f *framework.Framework) {
|
||||
ns, err := f.ClientSet.CoreV1().Namespaces().Create(context.TODO(), &v1.Namespace{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: f.Namespace.Name + "-markers",
|
||||
Labels: map[string]string{f.UniqueName + "-markers": "true"},
|
||||
Name: f.Namespace.Name + "-markers",
|
||||
Labels: map[string]string{
|
||||
f.UniqueName + "-markers": "true",
|
||||
// TODO(https://github.com/kubernetes/kubernetes/issues/108298): route namespace creation via framework.Framework.CreateNamespace in 1.24
|
||||
admissionapi.EnforceLevelLabel: string(admissionapi.LevelRestricted),
|
||||
},
|
||||
},
|
||||
}, metav1.CreateOptions{})
|
||||
framework.ExpectNoError(err, "creating namespace for webhook configuration ready markers")
|
||||
|
||||
@ -43,6 +43,7 @@ import (
|
||||
e2ejob "k8s.io/kubernetes/test/e2e/framework/job"
|
||||
e2eresource "k8s.io/kubernetes/test/e2e/framework/resource"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -52,6 +53,7 @@ const (
|
||||
|
||||
var _ = SIGDescribe("CronJob", func() {
|
||||
f := framework.NewDefaultFramework("cronjob")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
sleepCommand := []string{"sleep", "300"}
|
||||
|
||||
|
||||
@ -55,6 +55,7 @@ import (
|
||||
e2edaemonset "k8s.io/kubernetes/test/e2e/framework/daemonset"
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
e2eresource "k8s.io/kubernetes/test/e2e/framework/resource"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -133,6 +134,7 @@ var _ = SIGDescribe("Daemon set [Serial]", func() {
|
||||
})
|
||||
|
||||
f = framework.NewDefaultFramework("daemonsets")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
image := WebserverImage
|
||||
dsName := "daemon-set"
|
||||
|
||||
@ -61,6 +61,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
testutil "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
utilpointer "k8s.io/utils/pointer"
|
||||
)
|
||||
|
||||
@ -85,6 +86,7 @@ var _ = SIGDescribe("Deployment", func() {
|
||||
})
|
||||
|
||||
f := framework.NewDefaultFramework("deployment")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
c = f.ClientSet
|
||||
|
||||
@ -46,6 +46,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
// schedulingTimeout is longer specifically because sometimes we need to wait
|
||||
@ -62,6 +63,7 @@ var defaultLabels = map[string]string{"foo": "bar"}
|
||||
|
||||
var _ = SIGDescribe("DisruptionController", func() {
|
||||
f := framework.NewDefaultFramework("disruption")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
var ns string
|
||||
var cs kubernetes.Interface
|
||||
var dc dynamic.Interface
|
||||
|
||||
@ -47,6 +47,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eresource "k8s.io/kubernetes/test/e2e/framework/resource"
|
||||
"k8s.io/kubernetes/test/e2e/scheduling"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
"k8s.io/utils/pointer"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
@ -67,6 +68,7 @@ type watchEventConfig struct {
|
||||
|
||||
var _ = SIGDescribe("Job", func() {
|
||||
f := framework.NewDefaultFramework("job")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
parallelism := int32(2)
|
||||
completions := int32(4)
|
||||
|
||||
|
||||
@ -41,12 +41,14 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("ReplicationController", func() {
|
||||
f := framework.NewDefaultFramework("replication-controller")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
var ns string
|
||||
var dc dynamic.Interface
|
||||
|
||||
@ -45,6 +45,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2ereplicaset "k8s.io/kubernetes/test/e2e/framework/replicaset"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
@ -100,6 +101,7 @@ func newPodQuota(name, number string) *v1.ResourceQuota {
|
||||
|
||||
var _ = SIGDescribe("ReplicaSet", func() {
|
||||
f := framework.NewDefaultFramework("replicaset")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -51,6 +51,7 @@ import (
|
||||
e2eservice "k8s.io/kubernetes/test/e2e/framework/service"
|
||||
e2estatefulset "k8s.io/kubernetes/test/e2e/framework/statefulset"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -88,6 +89,7 @@ var httpProbe = &v1.Probe{
|
||||
// GCE Api requirements: nodes and master need storage r/w permissions.
|
||||
var _ = SIGDescribe("StatefulSet", func() {
|
||||
f := framework.NewDefaultFramework("statefulset")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
var ns string
|
||||
var c clientset.Interface
|
||||
|
||||
|
||||
@ -29,6 +29,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/util/slice"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2ejob "k8s.io/kubernetes/test/e2e/framework/job"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -42,6 +43,7 @@ const (
|
||||
|
||||
var _ = SIGDescribe("TTLAfterFinished", func() {
|
||||
f := framework.NewDefaultFramework("ttlafterfinished")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.It("job should be deleted once it finishes after TTL seconds", func() {
|
||||
testFinishedJob(f)
|
||||
|
||||
@ -26,6 +26,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/kubernetes/pkg/cluster/ports"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -36,6 +37,7 @@ import (
|
||||
var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
|
||||
|
||||
f := framework.NewDefaultFramework("node-authn")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var ns string
|
||||
var nodeIPs []string
|
||||
ginkgo.BeforeEach(func() {
|
||||
|
||||
@ -29,6 +29,7 @@ import (
|
||||
restclient "k8s.io/client-go/rest"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -41,6 +42,7 @@ const (
|
||||
var _ = SIGDescribe("[Feature:NodeAuthorizer]", func() {
|
||||
|
||||
f := framework.NewDefaultFramework("node-authz")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
// client that will impersonate a node
|
||||
var c clientset.Interface
|
||||
var ns string
|
||||
|
||||
@ -41,6 +41,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
utilptr "k8s.io/utils/pointer"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
@ -50,6 +51,7 @@ const rootCAConfigMapName = "kube-root-ca.crt"
|
||||
|
||||
var _ = SIGDescribe("ServiceAccounts", func() {
|
||||
f := framework.NewDefaultFramework("svcaccounts")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.It("no secret-based service account token should be auto-generated", func() {
|
||||
{
|
||||
|
||||
@ -17,6 +17,7 @@ limitations under the License.
|
||||
package autoscaling
|
||||
|
||||
import (
|
||||
"k8s.io/pod-security-admission/api"
|
||||
"time"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
@ -30,6 +31,7 @@ import (
|
||||
//
|
||||
var _ = SIGDescribe("[Feature:HPA] Horizontal pod autoscaling (scale resource: CPU)", func() {
|
||||
f := framework.NewDefaultFramework("horizontal-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = api.LevelBaseline
|
||||
|
||||
titleUp := "Should scale from 1 pod to 3 pods and from 3 to 5"
|
||||
titleDown := "Should scale from 5 pods to 3 pods and from 3 to 1"
|
||||
|
||||
@ -22,10 +22,12 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2enetwork "k8s.io/kubernetes/test/e2e/framework/network"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("Networking", func() {
|
||||
f := framework.NewDefaultFramework("pod-network-test")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.Describe("Granular Checks: Pods", func() {
|
||||
|
||||
|
||||
@ -27,12 +27,14 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/uuid"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("ConfigMap", func() {
|
||||
f := framework.NewDefaultFramework("configmap")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -37,6 +37,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -50,6 +51,7 @@ const (
|
||||
|
||||
var _ = SIGDescribe("Probing container", func() {
|
||||
f := framework.NewDefaultFramework("container-probe")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
probe := webserverProbeBuilder{}
|
||||
|
||||
|
||||
@ -23,10 +23,12 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/uuid"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("Containers", func() {
|
||||
f := framework.NewDefaultFramework("containers")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -28,12 +28,14 @@ import (
|
||||
e2enetwork "k8s.io/kubernetes/test/e2e/framework/network"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("Downward API", func() {
|
||||
f := framework.NewDefaultFramework("downward-api")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
@ -287,6 +289,7 @@ var _ = SIGDescribe("Downward API", func() {
|
||||
|
||||
var _ = SIGDescribe("Downward API [Serial] [Disruptive] [NodeFeature:DownwardAPIHugePages]", func() {
|
||||
f := framework.NewDefaultFramework("downward-api")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.Context("Downward API tests for hugepages", func() {
|
||||
ginkgo.BeforeEach(func() {
|
||||
|
||||
@ -27,6 +27,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -34,6 +35,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Ephemeral Containers [NodeFeature:EphemeralContainers]", func() {
|
||||
f := framework.NewDefaultFramework("ephemeral-containers-test")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
ginkgo.BeforeEach(func() {
|
||||
podClient = f.PodClient()
|
||||
|
||||
@ -23,6 +23,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -32,6 +33,7 @@ import (
|
||||
// https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/expansion.md
|
||||
var _ = SIGDescribe("Variable Expansion", func() {
|
||||
f := framework.NewDefaultFramework("var-expansion")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -40,6 +40,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/client/conditions"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
func recordEvents(events []watch.Event, f func(watch.Event) (bool, error)) func(watch.Event) (bool, error) {
|
||||
@ -158,6 +159,7 @@ func initContainersInvariants(pod *v1.Pod) error {
|
||||
|
||||
var _ = SIGDescribe("InitContainer [NodeConformance]", func() {
|
||||
f := framework.NewDefaultFramework("init-container")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
ginkgo.BeforeEach(func() {
|
||||
podClient = f.PodClient()
|
||||
|
||||
@ -27,6 +27,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/uuid"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -34,6 +35,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Kubelet", func() {
|
||||
f := framework.NewDefaultFramework("kubelet-test")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
ginkgo.BeforeEach(func() {
|
||||
podClient = f.PodClient()
|
||||
|
||||
@ -26,6 +26,7 @@ import (
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -45,6 +46,7 @@ type KubeletManagedHostConfig struct {
|
||||
|
||||
var _ = SIGDescribe("KubeletManagedEtcHosts", func() {
|
||||
f := framework.NewDefaultFramework("e2e-kubelet-etc-hosts")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
config := &KubeletManagedHostConfig{
|
||||
f: f,
|
||||
}
|
||||
|
||||
@ -28,6 +28,7 @@ import (
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -35,6 +36,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Container Lifecycle Hook", func() {
|
||||
f := framework.NewDefaultFramework("container-lifecycle-hook")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
const (
|
||||
podCheckInterval = 1 * time.Second
|
||||
|
||||
@ -28,10 +28,12 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("PodOSRejection [NodeConformance]", func() {
|
||||
f := framework.NewDefaultFramework("pod-os-rejection")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
ginkgo.Context("Kubelet", func() {
|
||||
ginkgo.It("should reject pod when the node OS doesn't match pod's OS", func() {
|
||||
linuxNode, err := findLinuxNode(f)
|
||||
|
||||
@ -52,6 +52,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2ewebsocket "k8s.io/kubernetes/test/e2e/framework/websocket"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -183,6 +184,7 @@ func expectNoErrorWithRetries(fn func() error, maxRetries int, explain ...interf
|
||||
|
||||
var _ = SIGDescribe("Pods", func() {
|
||||
f := framework.NewDefaultFramework("pods")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
var dc dynamic.Interface
|
||||
|
||||
|
||||
@ -24,6 +24,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
// PrivilegedPodTestConfig is configuration struct for privileged pod test
|
||||
@ -39,8 +40,10 @@ type PrivilegedPodTestConfig struct {
|
||||
}
|
||||
|
||||
var _ = SIGDescribe("PrivilegedPod [NodeConformance]", func() {
|
||||
f := framework.NewDefaultFramework("e2e-privileged-pod")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
config := &PrivilegedPodTestConfig{
|
||||
f: framework.NewDefaultFramework("e2e-privileged-pod"),
|
||||
f: f,
|
||||
privilegedPod: "privileged-pod",
|
||||
privilegedContainer: "privileged-container",
|
||||
notPrivilegedContainer: "not-privileged-container",
|
||||
|
||||
@ -29,6 +29,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/kubelet/images"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -37,6 +38,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Container Runtime", func() {
|
||||
f := framework.NewDefaultFramework("container-runtime")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.Describe("blackbox test", func() {
|
||||
ginkgo.Context("when starting a container that exits", func() {
|
||||
|
||||
@ -38,12 +38,14 @@ import (
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("RuntimeClass", func() {
|
||||
f := framework.NewDefaultFramework("runtimeclass")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.20
|
||||
|
||||
@ -30,10 +30,12 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/uuid"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("Secrets", func() {
|
||||
f := framework.NewDefaultFramework("secrets")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -29,6 +29,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
"k8s.io/utils/pointer"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
@ -42,6 +43,7 @@ var (
|
||||
|
||||
var _ = SIGDescribe("Security Context", func() {
|
||||
f := framework.NewDefaultFramework("security-context-test")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
var podClient *framework.PodClient
|
||||
ginkgo.BeforeEach(func() {
|
||||
podClient = f.PodClient()
|
||||
|
||||
@ -26,6 +26,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -39,6 +40,7 @@ var _ = SIGDescribe("Sysctls [LinuxOnly] [NodeConformance]", func() {
|
||||
})
|
||||
|
||||
f := framework.NewDefaultFramework("sysctl")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
var podClient *framework.PodClient
|
||||
|
||||
testPod := func() *v1.Pod {
|
||||
|
||||
@ -31,10 +31,12 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("ConfigMap", func() {
|
||||
f := framework.NewDefaultFramework("configmap")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -28,6 +28,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -37,6 +38,7 @@ var _ = SIGDescribe("Downward API volume", func() {
|
||||
// How long to wait for a log pod to be displayed
|
||||
const podLogTimeout = 3 * time.Minute
|
||||
f := framework.NewDefaultFramework("downward-api")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
ginkgo.BeforeEach(func() {
|
||||
podClient = f.PodClient()
|
||||
|
||||
@ -31,6 +31,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -43,6 +44,7 @@ var (
|
||||
|
||||
var _ = SIGDescribe("EmptyDir volumes", func() {
|
||||
f := framework.NewDefaultFramework("emptydir")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.Context("when FSGroup is specified [LinuxOnly] [NodeFeature:FSGroup]", func() {
|
||||
|
||||
|
||||
@ -25,6 +25,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -33,6 +34,7 @@ import (
|
||||
//This will require some smart.
|
||||
var _ = SIGDescribe("HostPath", func() {
|
||||
f := framework.NewDefaultFramework("hostpath")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
// TODO permission denied cleanup failures
|
||||
|
||||
@ -25,12 +25,14 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/uuid"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("Projected combined", func() {
|
||||
f := framework.NewDefaultFramework("projected")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
// Test multiple projections
|
||||
/*
|
||||
|
||||
@ -28,6 +28,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -35,6 +36,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Projected configMap", func() {
|
||||
f := framework.NewDefaultFramework("projected")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -27,6 +27,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -34,6 +35,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Projected downwardAPI", func() {
|
||||
f := framework.NewDefaultFramework("projected")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
// How long to wait for a log pod to be displayed
|
||||
const podLogTimeout = 2 * time.Minute
|
||||
|
||||
@ -27,6 +27,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -34,6 +35,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Projected secret", func() {
|
||||
f := framework.NewDefaultFramework("projected")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -28,6 +28,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -35,6 +36,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Secrets", func() {
|
||||
f := framework.NewDefaultFramework("secrets")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -52,6 +52,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -59,6 +60,7 @@ import (
|
||||
// TODO(#99468): Check if these tests are still needed.
|
||||
var _ = SIGDescribe("Volumes", func() {
|
||||
f := framework.NewDefaultFramework("volume")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
// note that namespace deletion is handled by delete-namespace flag
|
||||
// filled in BeforeEach
|
||||
|
||||
@ -21,6 +21,7 @@ import (
|
||||
|
||||
v1 "k8s.io/api/core/v1"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
"k8s.io/utils/pointer"
|
||||
)
|
||||
|
||||
// NodeOSDistroIs returns true if the distro is the same as `--node-os-distro`
|
||||
@ -113,3 +114,19 @@ func GetLinuxLabel() *v1.SELinuxOptions {
|
||||
return &v1.SELinuxOptions{
|
||||
Level: "s0:c0,c1"}
|
||||
}
|
||||
|
||||
// GetRestrictedPodSecurityContext returns a minimal restricted pod security context.
|
||||
func GetRestrictedPodSecurityContext() *v1.PodSecurityContext {
|
||||
return &v1.PodSecurityContext{
|
||||
RunAsNonRoot: pointer.BoolPtr(true),
|
||||
SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeRuntimeDefault},
|
||||
}
|
||||
}
|
||||
|
||||
// GetRestrictedContainerSecurityContext returns a minimal restricted container security context.
|
||||
func GetRestrictedContainerSecurityContext() *v1.SecurityContext {
|
||||
return &v1.SecurityContext{
|
||||
AllowPrivilegeEscalation: pointer.BoolPtr(false),
|
||||
Capabilities: &v1.Capabilities{Drop: []v1.Capability{"ALL"}},
|
||||
}
|
||||
}
|
||||
|
||||
@ -74,6 +74,7 @@ import (
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
"k8s.io/kubernetes/test/utils/crd"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
uexec "k8s.io/utils/exec"
|
||||
"k8s.io/utils/pointer"
|
||||
|
||||
@ -225,6 +226,7 @@ func runKubectlRetryOrDie(ns string, args ...string) string {
|
||||
var _ = SIGDescribe("Kubectl client", func() {
|
||||
defer ginkgo.GinkgoRecover()
|
||||
f := framework.NewDefaultFramework("kubectl")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
// Reusable cluster state function. This won't be adversely affected by lazy initialization of framework.
|
||||
clusterState := func() *framework.ClusterVerification {
|
||||
|
||||
@ -42,6 +42,7 @@ import (
|
||||
e2ewebsocket "k8s.io/kubernetes/test/e2e/framework/websocket"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -448,6 +449,7 @@ func doTestOverWebSockets(bindAddress string, f *framework.Framework) {
|
||||
|
||||
var _ = SIGDescribe("Kubectl Port forwarding", func() {
|
||||
f := framework.NewDefaultFramework("port-forwarding")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.Describe("With a server listening on 0.0.0.0", func() {
|
||||
ginkgo.Describe("that expects a client request", func() {
|
||||
|
||||
@ -35,6 +35,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -67,6 +68,7 @@ const (
|
||||
var _ = common.SIGDescribe("Conntrack", func() {
|
||||
|
||||
fr := framework.NewDefaultFramework("conntrack")
|
||||
fr.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
type nodeInfo struct {
|
||||
name string
|
||||
|
||||
@ -30,6 +30,7 @@ import (
|
||||
e2eservice "k8s.io/kubernetes/test/e2e/framework/service"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -39,6 +40,7 @@ const dnsTestServiceName = "dns-test-service"
|
||||
|
||||
var _ = common.SIGDescribe("DNS", func() {
|
||||
f := framework.NewDefaultFramework("dns")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -36,12 +36,14 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = common.SIGDescribe("EndpointSlice", func() {
|
||||
f := framework.NewDefaultFramework("endpointslice")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
var cs clientset.Interface
|
||||
var podClient *framework.PodClient
|
||||
|
||||
@ -36,6 +36,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
@ -72,6 +73,7 @@ var _ = common.SIGDescribe("CVE-2021-29923", func() {
|
||||
)
|
||||
|
||||
f := framework.NewDefaultFramework("funny-ips")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
if framework.TestContext.ClusterIsIPv6() {
|
||||
|
||||
@ -33,11 +33,13 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = common.SIGDescribe("HostPort", func() {
|
||||
|
||||
f := framework.NewDefaultFramework("hostport")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var (
|
||||
cs clientset.Interface
|
||||
|
||||
@ -42,6 +42,7 @@ import (
|
||||
e2eservice "k8s.io/kubernetes/test/e2e/framework/service"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -58,6 +59,7 @@ var _ = common.SIGDescribe("Loadbalancing: L7", func() {
|
||||
conformanceTests []e2eingress.ConformanceTests
|
||||
)
|
||||
f := framework.NewDefaultFramework("ingress")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
jig = e2eingress.NewIngressTestJig(f.ClientSet)
|
||||
|
||||
@ -34,6 +34,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
netutils "k8s.io/utils/net"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
@ -48,6 +49,7 @@ var _ = common.SIGDescribe("KubeProxy", func() {
|
||||
)
|
||||
|
||||
fr := framework.NewDefaultFramework("kube-proxy")
|
||||
fr.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.It("should set TCP CLOSE_WAIT timeout [Privileged]", func() {
|
||||
nodes, err := e2enode.GetBoundedReadySchedulableNodes(fr.ClientSet, 2)
|
||||
|
||||
@ -44,6 +44,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
gcecloud "k8s.io/legacy-cloud-providers/gce"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
utilpointer "k8s.io/utils/pointer"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
@ -52,6 +53,7 @@ import (
|
||||
|
||||
var _ = common.SIGDescribe("LoadBalancers", func() {
|
||||
f := framework.NewDefaultFramework("loadbalancers")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var cs clientset.Interface
|
||||
serviceLBNames := []string{}
|
||||
@ -980,6 +982,7 @@ var _ = common.SIGDescribe("LoadBalancers", func() {
|
||||
|
||||
var _ = common.SIGDescribe("LoadBalancers ESIPP [Slow]", func() {
|
||||
f := framework.NewDefaultFramework("esipp")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var loadBalancerCreateTimeout time.Duration
|
||||
|
||||
var cs clientset.Interface
|
||||
|
||||
@ -31,6 +31,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
// probeConnectivityArgs is set of arguments for a probeConnectivity
|
||||
@ -175,6 +176,7 @@ func (k *kubeManager) executeRemoteCommand(namespace string, pod string, contain
|
||||
|
||||
// createNamespace is a convenience function for namespace setup.
|
||||
func (k *kubeManager) createNamespace(ns *v1.Namespace) (*v1.Namespace, error) {
|
||||
enforcePodSecurityBaseline(ns)
|
||||
createdNamespace, err := k.clientSet.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to update namespace %s: %w", ns.Name, err)
|
||||
@ -263,6 +265,7 @@ func (k *kubeManager) setNamespaceLabels(ns string, labels map[string]string) er
|
||||
return err
|
||||
}
|
||||
selectedNameSpace.ObjectMeta.Labels = labels
|
||||
enforcePodSecurityBaseline(selectedNameSpace)
|
||||
_, err = k.clientSet.CoreV1().Namespaces().Update(context.TODO(), selectedNameSpace, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to update namespace %s: %w", ns, err)
|
||||
@ -280,3 +283,11 @@ func (k *kubeManager) deleteNamespaces(namespaces []string) error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func enforcePodSecurityBaseline(ns *v1.Namespace) {
|
||||
if len(ns.ObjectMeta.Labels) == 0 {
|
||||
ns.ObjectMeta.Labels = make(map[string]string)
|
||||
}
|
||||
// TODO(https://github.com/kubernetes/kubernetes/issues/108298): route namespace creation via framework.Framework.CreateNamespace
|
||||
ns.ObjectMeta.Labels[admissionapi.EnforceLevelLabel] = string(admissionapi.LevelBaseline)
|
||||
}
|
||||
|
||||
@ -167,7 +167,9 @@ func (ns *Namespace) Spec() *v1.Namespace {
|
||||
// LabelSelector returns the default labels that should be placed on a namespace
|
||||
// in order for it to be uniquely selectable by label selectors
|
||||
func (ns *Namespace) LabelSelector() map[string]string {
|
||||
return map[string]string{"ns": ns.Name}
|
||||
return map[string]string{
|
||||
"ns": ns.Name,
|
||||
}
|
||||
}
|
||||
|
||||
// Pod is the abstract representation of what matters to network policy tests for
|
||||
|
||||
@ -43,6 +43,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
netutils "k8s.io/utils/net"
|
||||
)
|
||||
|
||||
@ -65,6 +66,7 @@ var _ = common.SIGDescribe("NetworkPolicyLegacy [LinuxOnly]", func() {
|
||||
var podServer *v1.Pod
|
||||
var podServerLabelSelector string
|
||||
f := framework.NewDefaultFramework("network-policy")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
// Windows does not support network policies.
|
||||
|
||||
@ -33,6 +33,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -79,6 +80,7 @@ func checkConnectivityToHost(f *framework.Framework, nodeName, podName, host str
|
||||
var _ = common.SIGDescribe("Networking", func() {
|
||||
var svcname = "nettest"
|
||||
f := framework.NewDefaultFramework(svcname)
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.It("should provide Internet connection for containers [Feature:Networking-IPv4]", func() {
|
||||
ginkgo.By("Running container which tries to connect to 8.8.8.8")
|
||||
|
||||
@ -35,6 +35,7 @@ import (
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -137,6 +138,7 @@ func iperf2ClientDaemonSet(client clientset.Interface, namespace string) (*appsv
|
||||
var _ = common.SIGDescribe("Networking IPerf2 [Feature:Networking-Performance]", func() {
|
||||
// this test runs iperf2: one pod as a server, and a daemonset of clients
|
||||
f := framework.NewDefaultFramework("network-perf")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.It(fmt.Sprintf("should run iperf2"), func() {
|
||||
readySchedulableNodes, err := e2enode.GetReadySchedulableNodes(f.ClientSet)
|
||||
|
||||
@ -44,6 +44,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -75,6 +76,7 @@ var _ = common.SIGDescribe("Proxy", func() {
|
||||
ClientQPS: -1.0,
|
||||
}
|
||||
f := framework.NewFramework("proxy", options, nil)
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
prefix := "/api/" + version
|
||||
|
||||
/*
|
||||
|
||||
@ -37,6 +37,7 @@ import (
|
||||
e2eingress "k8s.io/kubernetes/test/e2e/framework/ingress"
|
||||
"k8s.io/kubernetes/test/e2e/framework/providers/gce"
|
||||
"k8s.io/kubernetes/test/e2e/network/scale"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -133,6 +134,10 @@ func main() {
|
||||
ns := &v1.Namespace{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: testNamespace,
|
||||
Labels: map[string]string{
|
||||
// TODO(https://github.com/kubernetes/kubernetes/issues/108298): route namespace creation via framework.Framework.CreateNamespace in 1.24
|
||||
admissionapi.EnforceLevelLabel: string(admissionapi.LevelPrivileged),
|
||||
},
|
||||
},
|
||||
}
|
||||
klog.Infof("Creating namespace %s...", ns.Name)
|
||||
|
||||
@ -43,6 +43,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
watch "k8s.io/apimachinery/pkg/watch"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
@ -746,6 +747,7 @@ func getEndpointNodesWithInternalIP(jig *e2eservice.TestJig) (map[string]string,
|
||||
|
||||
var _ = common.SIGDescribe("Services", func() {
|
||||
f := framework.NewDefaultFramework("services")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var cs clientset.Interface
|
||||
serviceLBNames := []string{}
|
||||
@ -3255,6 +3257,7 @@ func restartComponent(cs clientset.Interface, cName, ns string, matchLabels map[
|
||||
|
||||
var _ = common.SIGDescribe("SCTP [LinuxOnly]", func() {
|
||||
f := framework.NewDefaultFramework("sctp")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var cs clientset.Interface
|
||||
|
||||
|
||||
@ -36,6 +36,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/network/common"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -48,6 +49,7 @@ func (d durations) Swap(i, j int) { d[i], d[j] = d[j], d[i] }
|
||||
|
||||
var _ = common.SIGDescribe("Service endpoints latency", func() {
|
||||
f := framework.NewDefaultFramework("svc-latency")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.9
|
||||
|
||||
@ -21,12 +21,14 @@ import (
|
||||
e2ekubectl "k8s.io/kubernetes/test/e2e/framework/kubectl"
|
||||
e2esecurity "k8s.io/kubernetes/test/e2e/framework/security"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("AppArmor", func() {
|
||||
f := framework.NewDefaultFramework("apparmor")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.Context("load AppArmor profiles", func() {
|
||||
ginkgo.BeforeEach(func() {
|
||||
|
||||
@ -23,12 +23,14 @@ import (
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("crictl", func() {
|
||||
f := framework.NewDefaultFramework("crictl")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
// `crictl` is not available on all cloud providers.
|
||||
|
||||
@ -29,12 +29,14 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("Events", func() {
|
||||
f := framework.NewDefaultFramework("events")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.It("should be sent by kubelets and the scheduler about pods scheduling and running ", func() {
|
||||
|
||||
|
||||
@ -34,6 +34,7 @@ import (
|
||||
e2eauth "k8s.io/kubernetes/test/e2e/framework/auth"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2etestfiles "k8s.io/kubernetes/test/e2e/framework/testfiles"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -44,6 +45,7 @@ const (
|
||||
|
||||
var _ = SIGDescribe("[Feature:Example]", func() {
|
||||
f := framework.NewDefaultFramework("examples")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
var c clientset.Interface
|
||||
var ns string
|
||||
|
||||
@ -39,6 +39,7 @@ import (
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -270,6 +271,7 @@ var _ = SIGDescribe("kubelet", func() {
|
||||
ns string
|
||||
)
|
||||
f := framework.NewDefaultFramework("kubelet")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
c = f.ClientSet
|
||||
|
||||
@ -27,6 +27,7 @@ import (
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -79,6 +80,7 @@ func preparePod(name string, node *v1.Node, propagation *v1.MountPropagationMode
|
||||
|
||||
var _ = SIGDescribe("Mount propagation", func() {
|
||||
f := framework.NewDefaultFramework("mount-propagation")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.It("should propagate mounts within defined scopes", func() {
|
||||
// This test runs two pods: master and slave with respective mount
|
||||
|
||||
@ -43,6 +43,7 @@ import (
|
||||
e2ekubelet "k8s.io/kubernetes/test/e2e/framework/kubelet"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
@ -51,6 +52,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("Pods Extended", func() {
|
||||
f := framework.NewDefaultFramework("pods")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.Describe("Delete Grace Period", func() {
|
||||
var podClient *framework.PodClient
|
||||
|
||||
@ -33,6 +33,7 @@ import (
|
||||
e2ekubelet "k8s.io/kubernetes/test/e2e/framework/kubelet"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -153,6 +154,7 @@ func testPreStop(c clientset.Interface, ns string) {
|
||||
|
||||
var _ = SIGDescribe("PreStop", func() {
|
||||
f := framework.NewDefaultFramework("prestop")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var podClient *framework.PodClient
|
||||
ginkgo.BeforeEach(func() {
|
||||
podClient = f.PodClient()
|
||||
|
||||
@ -19,6 +19,7 @@ package node
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"k8s.io/pod-security-admission/api"
|
||||
|
||||
v1 "k8s.io/api/core/v1"
|
||||
nodev1 "k8s.io/api/node/v1"
|
||||
@ -38,6 +39,7 @@ import (
|
||||
|
||||
var _ = SIGDescribe("RuntimeClass", func() {
|
||||
f := framework.NewDefaultFramework("runtimeclass")
|
||||
f.NamespacePodSecurityEnforceLevel = api.LevelBaseline
|
||||
|
||||
ginkgo.It("should reject a Pod requesting a RuntimeClass with conflicting node selector", func() {
|
||||
labelFooName := "foo-" + string(uuid.NewUUID())
|
||||
|
||||
@ -33,6 +33,7 @@ import (
|
||||
e2ekubectl "k8s.io/kubernetes/test/e2e/framework/kubectl"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -65,6 +66,7 @@ func scTestPod(hostIPC bool, hostPID bool) *v1.Pod {
|
||||
|
||||
var _ = SIGDescribe("Security Context", func() {
|
||||
f := framework.NewDefaultFramework("security-context")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.It("should support pod.Spec.SecurityContext.SupplementalGroups [LinuxOnly]", func() {
|
||||
pod := scTestPod(false, false)
|
||||
|
||||
@ -32,6 +32,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
// ensure libs have a chance to initialize
|
||||
@ -160,6 +161,7 @@ var _ = SIGDescribe("NoExecuteTaintManager Single Pod [Serial]", func() {
|
||||
var cs clientset.Interface
|
||||
var ns string
|
||||
f := framework.NewDefaultFramework("taint-single-pod")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
cs = f.ClientSet
|
||||
@ -341,6 +343,7 @@ var _ = SIGDescribe("NoExecuteTaintManager Multiple Pods [Serial]", func() {
|
||||
var cs clientset.Interface
|
||||
var ns string
|
||||
f := framework.NewDefaultFramework("taint-multiple-pods")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
cs = f.ClientSet
|
||||
|
||||
@ -36,6 +36,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
e2eservice "k8s.io/kubernetes/test/e2e/framework/service"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -46,6 +47,7 @@ const (
|
||||
|
||||
var _ = SIGDescribe("LimitRange", func() {
|
||||
f := framework.NewDefaultFramework("limitrange")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.18
|
||||
|
||||
@ -38,6 +38,7 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
||||
@ -77,6 +78,7 @@ var _ = SIGDescribe("SchedulerPredicates [Serial]", func() {
|
||||
var RCName string
|
||||
var ns string
|
||||
f := framework.NewDefaultFramework("sched-pred")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.AfterEach(func() {
|
||||
rc, err := cs.CoreV1().ReplicationControllers(ns).Get(context.TODO(), RCName, metav1.GetOptions{})
|
||||
|
||||
@ -44,6 +44,7 @@ import (
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2ereplicaset "k8s.io/kubernetes/test/e2e/framework/replicaset"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
@ -64,6 +65,7 @@ var _ = SIGDescribe("SchedulerPreemption [Serial]", func() {
|
||||
var nodeList *v1.NodeList
|
||||
var ns string
|
||||
f := framework.NewDefaultFramework("sched-preemption")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
lowPriority, mediumPriority, highPriority := int32(1), int32(100), int32(1000)
|
||||
lowPriorityClassName := f.BaseName + "-low-priority"
|
||||
@ -461,6 +463,7 @@ var _ = SIGDescribe("SchedulerPreemption [Serial]", func() {
|
||||
var node *v1.Node
|
||||
var ns, nodeHostNameLabel string
|
||||
f := framework.NewDefaultFramework("sched-preemption-path")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
priorityPairs := make([]priorityPair, 0)
|
||||
|
||||
|
||||
@ -43,6 +43,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
// Resource is a collection of compute resource.
|
||||
@ -90,6 +91,7 @@ var _ = SIGDescribe("SchedulerPriorities [Serial]", func() {
|
||||
var systemPodsNo int
|
||||
var ns string
|
||||
f := framework.NewDefaultFramework("sched-priority")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.AfterEach(func() {
|
||||
})
|
||||
|
||||
@ -37,10 +37,12 @@ import (
|
||||
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = SIGDescribe("Multi-AZ Clusters", func() {
|
||||
f := framework.NewDefaultFramework("multi-az")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
var zoneCount int
|
||||
var err error
|
||||
var cleanUp func()
|
||||
|
||||
@ -56,6 +56,7 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/storage/testsuites"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
utilptr "k8s.io/utils/pointer"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
@ -129,6 +130,7 @@ var _ = utils.SIGDescribe("CSI mock volume", func() {
|
||||
var m mockDriverSetup
|
||||
|
||||
f := framework.NewDefaultFramework("csi-mock-volumes")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
init := func(tp testParameters) {
|
||||
m = mockDriverSetup{
|
||||
|
||||
@ -31,6 +31,7 @@ import (
|
||||
e2erc "k8s.io/kubernetes/test/e2e/framework/rc"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -56,6 +57,7 @@ const (
|
||||
|
||||
var _ = utils.SIGDescribe("EmptyDir wrapper volumes", func() {
|
||||
f := framework.NewDefaultFramework("emptydir-wrapper")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
/*
|
||||
Release: v1.13
|
||||
|
||||
@ -30,6 +30,7 @@ import (
|
||||
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
@ -45,6 +46,7 @@ var _ = utils.SIGDescribe("Ephemeralstorage", func() {
|
||||
)
|
||||
|
||||
f := framework.NewDefaultFramework("pv")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
c = f.ClientSet
|
||||
|
||||
@ -35,6 +35,7 @@ import (
|
||||
e2etestfiles "k8s.io/kubernetes/test/e2e/framework/testfiles"
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -157,6 +158,7 @@ func getHostFromHostPort(hostPort string) string {
|
||||
|
||||
var _ = utils.SIGDescribe("Flexvolumes", func() {
|
||||
f := framework.NewDefaultFramework("flexvolume")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
// note that namespace deletion is handled by delete-namespace flag
|
||||
|
||||
|
||||
@ -31,12 +31,14 @@ import (
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
)
|
||||
|
||||
var _ = utils.SIGDescribe("HostPathType Directory [Slow]", func() {
|
||||
f := framework.NewDefaultFramework("host-path-type-directory")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var (
|
||||
ns string
|
||||
@ -103,6 +105,7 @@ var _ = utils.SIGDescribe("HostPathType Directory [Slow]", func() {
|
||||
|
||||
var _ = utils.SIGDescribe("HostPathType File [Slow]", func() {
|
||||
f := framework.NewDefaultFramework("host-path-type-file")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var (
|
||||
ns string
|
||||
@ -171,6 +174,7 @@ var _ = utils.SIGDescribe("HostPathType File [Slow]", func() {
|
||||
|
||||
var _ = utils.SIGDescribe("HostPathType Socket [Slow]", func() {
|
||||
f := framework.NewDefaultFramework("host-path-type-socket")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var (
|
||||
ns string
|
||||
@ -236,6 +240,7 @@ var _ = utils.SIGDescribe("HostPathType Socket [Slow]", func() {
|
||||
|
||||
var _ = utils.SIGDescribe("HostPathType Character Device [Slow]", func() {
|
||||
f := framework.NewDefaultFramework("host-path-type-char-dev")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var (
|
||||
ns string
|
||||
@ -305,6 +310,7 @@ var _ = utils.SIGDescribe("HostPathType Character Device [Slow]", func() {
|
||||
|
||||
var _ = utils.SIGDescribe("HostPathType Block Device [Slow]", func() {
|
||||
f := framework.NewDefaultFramework("host-path-type-block-dev")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var (
|
||||
ns string
|
||||
|
||||
@ -36,10 +36,12 @@ import (
|
||||
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
||||
"k8s.io/kubernetes/test/e2e/storage/testsuites"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = utils.SIGDescribe("PersistentVolumes-expansion ", func() {
|
||||
f := framework.NewDefaultFramework("persistent-local-volumes-expansion")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
ginkgo.Context("loopback local block volume", func() {
|
||||
var (
|
||||
config *localTestConfig
|
||||
|
||||
@ -49,6 +49,7 @@ import (
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
type localTestConfig struct {
|
||||
@ -149,6 +150,7 @@ var (
|
||||
|
||||
var _ = utils.SIGDescribe("PersistentVolumes-local ", func() {
|
||||
f := framework.NewDefaultFramework("persistent-local-volumes-test")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
var (
|
||||
config *localTestConfig
|
||||
|
||||
@ -36,6 +36,7 @@ import (
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
imageutils "k8s.io/kubernetes/test/utils/image"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
// Validate PV/PVC, create and verify writer pod, delete the PVC, and validate the PV's
|
||||
@ -107,6 +108,7 @@ var _ = utils.SIGDescribe("PersistentVolumes", func() {
|
||||
pvc *v1.PersistentVolumeClaim
|
||||
err error
|
||||
)
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
c = f.ClientSet
|
||||
|
||||
@ -35,6 +35,7 @@ import (
|
||||
e2epv "k8s.io/kubernetes/test/e2e/framework/pv"
|
||||
"k8s.io/kubernetes/test/e2e/storage/testsuites"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -69,6 +70,7 @@ var _ = utils.SIGDescribe("PVC Protection", func() {
|
||||
)
|
||||
|
||||
f := framework.NewDefaultFramework("pvc-protection")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
ginkgo.BeforeEach(func() {
|
||||
client = f.ClientSet
|
||||
nameSpace = f.Namespace.Name
|
||||
|
||||
@ -26,10 +26,12 @@ import (
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
"k8s.io/kubernetes/test/e2e/storage/testsuites"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
var _ = utils.SIGDescribe("Subpath", func() {
|
||||
f := framework.NewDefaultFramework("subpath")
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelBaseline
|
||||
|
||||
ginkgo.Context("Atomic writer volumes", func() {
|
||||
var err error
|
||||
|
||||
@ -29,6 +29,7 @@ import (
|
||||
storageframework "k8s.io/kubernetes/test/e2e/storage/framework"
|
||||
"k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
storageutils "k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
type disruptiveTestSuite struct {
|
||||
@ -89,6 +90,7 @@ func (s *disruptiveTestSuite) DefineTests(driver storageframework.TestDriver, pa
|
||||
// Beware that it also registers an AfterEach which renders f unusable. Any code using
|
||||
// f must run inside an It or Context callback.
|
||||
f := framework.NewFrameworkWithCustomTimeouts("disruptive", storageframework.GetDriverTimeouts(driver))
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
init := func() {
|
||||
l = local{}
|
||||
|
||||
@ -36,6 +36,7 @@ import (
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
storageframework "k8s.io/kubernetes/test/e2e/storage/framework"
|
||||
storageutils "k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
)
|
||||
|
||||
type ephemeralTestSuite struct {
|
||||
@ -117,6 +118,7 @@ func (p *ephemeralTestSuite) DefineTests(driver storageframework.TestDriver, pat
|
||||
// Beware that it also registers an AfterEach which renders f unusable. Any code using
|
||||
// f must run inside an It or Context callback.
|
||||
f := framework.NewFrameworkWithCustomTimeouts("ephemeral", storageframework.GetDriverTimeouts(driver))
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
init := func() {
|
||||
if pattern.VolType == storageframework.CSIInlineVolume {
|
||||
|
||||
@ -29,6 +29,7 @@ import (
|
||||
e2evolume "k8s.io/kubernetes/test/e2e/framework/volume"
|
||||
storageframework "k8s.io/kubernetes/test/e2e/storage/framework"
|
||||
storageutils "k8s.io/kubernetes/test/e2e/storage/utils"
|
||||
admissionapi "k8s.io/pod-security-admission/api"
|
||||
utilpointer "k8s.io/utils/pointer"
|
||||
)
|
||||
|
||||
@ -105,6 +106,7 @@ func (s *fsGroupChangePolicyTestSuite) DefineTests(driver storageframework.TestD
|
||||
// Beware that it also registers an AfterEach which renders f unusable. Any code using
|
||||
// f must run inside an It or Context callback.
|
||||
f := framework.NewFrameworkWithCustomTimeouts("fsgroupchangepolicy", storageframework.GetDriverTimeouts(driver))
|
||||
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
||||
|
||||
init := func() {
|
||||
e2eskipper.SkipIfNodeOSDistroIs("windows")
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user