github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

PodSecurity: allowPrivilegeEscalation: regenerate files

Browse Source
This commit is contained in:
Jordan Liggitt 2021-07-07 13:54:22 -04:00
parent 1e2886341a
commit 8291f8490b
45 changed files with 29 additions and 519 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.11/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.12/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.13/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.14/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.15/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.16/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.17/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.18/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,12 +6,11 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
seccompProfile:

17
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

17
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.19/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,12 +6,11 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
seccompProfile:

17
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

17
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.20/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,12 +6,11 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
seccompProfile:

17
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

17
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.21/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

6
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,15 +6,11 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL

20
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,20 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

20
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.22/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,20 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.8/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true

5
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/allowprivilegeescalation3.yaml vendored
View File

@ -6,11 +6,10 @@ spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext: {}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/allowprivilegeescalation4.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true

15
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.9/fail/allowprivilegeescalation5.yaml vendored
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
runAsNonRoot: true