github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-16 23:29:21 +00:00
Code Issues Projects Releases Wiki Activity

feat: versioning --update #125234

Browse Source 
Signed-off-by: nikzayn <nikhilvaidyar1997@gmail.com>
This commit is contained in:
nikzayn 2024-06-02 11:58:00 +05:30 committed by Paco Xu
parent ab87218cf1
commit 97108d5b21
3 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
staging/src/k8s.io/pod-security-admission/policy/check_sysctls.go
View File

@ -74,6 +74,10 @@ func CheckSysctls() Check {
MinimumVersion: api.MajorMinorVersion(1, 29), MinimumVersion: api.MajorMinorVersion(1, 29),
CheckPod: sysctlsV1Dot29, CheckPod: sysctlsV1Dot29,
}, },
{
MinimumVersion: api.MajorMinorVersion(1, 32),
CheckPod: sysctlsV1Dot32,
},
}, },
} }
} }
@ -106,7 +110,7 @@ var (
"net.ipv4.tcp_keepalive_intvl", "net.ipv4.tcp_keepalive_intvl",
"net.ipv4.tcp_keepalive_probes", "net.ipv4.tcp_keepalive_probes",
) )
sysctlsAllowedV1Dot30 = sets.NewString( sysctlsAllowedV1Dot32 = sets.NewString(
"net.ipv4.tcp_rmem", "net.ipv4.tcp_rmem",
"net.ipv4.tcp_wmem", "net.ipv4.tcp_wmem",
) )
@ -124,8 +128,8 @@ func sysctlsV1Dot29(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) Che
return sysctls(podMetadata, podSpec, sysctlsAllowedV1Dot29) return sysctls(podMetadata, podSpec, sysctlsAllowedV1Dot29)
} }
func sysctlsV1Dot30(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult { func sysctlsV1Dot32(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
return sysctls(podMetadata, podSpec, sysctlsAllowedV1Dot30) return sysctls(podMetadata, podSpec, sysctlsAllowedV1Dot32)
} }
func sysctls(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec, sysctls_allowed_set sets.String) CheckResult { func sysctls(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec, sysctls_allowed_set sets.String) CheckResult {

4
staging/src/k8s.io/pod-security-admission/policy/check_sysctls_test.go
View File

@ -267,7 +267,7 @@ func TestSysctls_1_29(t *testing.T) {
} }
} }
func TestSysctls_1_30(t *testing.T) { func TestSysctls_1_32(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
pod *corev1.Pod pod *corev1.Pod
@ -308,7 +308,7 @@ func TestSysctls_1_30(t *testing.T) {
for _, tc := range tests { for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
result := sysctlsV1Dot30(&tc.pod.ObjectMeta, &tc.pod.Spec) result := sysctlsV1Dot32(&tc.pod.ObjectMeta, &tc.pod.Spec)
if !tc.allowed { if !tc.allowed {
if result.Allowed { if result.Allowed {
t.Fatal("expected disallowed") t.Fatal("expected disallowed")

6
staging/src/k8s.io/pod-security-admission/test/fixtures_sysctls.go
View File

@ -157,7 +157,7 @@ func init() {
fixtureDataV1Dot29, fixtureDataV1Dot29,
) )
fixtureDataV1Dot30 := fixtureGenerator{ fixtureDataV1Dot32 := fixtureGenerator{
expectErrorSubstring: "forbidden sysctl", expectErrorSubstring: "forbidden sysctl",
generatePass: func(p *corev1.Pod) []*corev1.Pod { generatePass: func(p *corev1.Pod) []*corev1.Pod {
if p.Spec.SecurityContext == nil { if p.Spec.SecurityContext == nil {
@ -188,7 +188,7 @@ func init() {
}, },
} }
registerFixtureGenerator( registerFixtureGenerator(
fixtureKey{level: api.LevelBaseline, version: api.MajorMinorVersion(1, 29), check: "sysctls"}, fixtureKey{level: api.LevelBaseline, version: api.MajorMinorVersion(1, 32), check: "sysctls"},
fixtureDataV1Dot30, fixtureDataV1Dot32,
) )
} }