github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 18:54:06 +00:00
Code Issues Projects Releases Wiki Activity

PodSecurity: baseline capabilities: regenerate files

Browse Source
This commit is contained in:
Jordan Liggitt 2021-07-07 13:06:19 -04:00
parent 809abf4f5b
commit bd4dc42a72
622 changed files with 4229 additions and 8577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities0 name: capabilities_baseline0
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities1 name: capabilities_baseline1
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities2.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities2 name: capabilities_baseline2
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities6.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/capabilities_baseline3.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities6 name: capabilities_baseline3
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/capabilities_baseline0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities0 name: capabilities_baseline0
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
@ -26,5 +26,19 @@ spec:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {} securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities0 name: capabilities_baseline0
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline1.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities1 name: capabilities_baseline1
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

10
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline2.yaml vendored
View File

@ -1,18 +1,18 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities3 name: capabilities_baseline2
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: container1 name: container1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- chown
initContainers: initContainers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1
securityContext: securityContext:
capabilities: capabilities: {}
add:
- chown
securityContext: {} securityContext: {}

10
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities7.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/capabilities_baseline3.yaml vendored
View File

@ -1,18 +1,18 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities7 name: capabilities_baseline3
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: container1 name: container1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- CAP_CHOWN
initContainers: initContainers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1
securityContext: securityContext:
capabilities: capabilities: {}
add:
- CAP_CHOWN
securityContext: {} securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/addcapabilities1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/capabilities_baseline0.yaml vendored
View File

@ -1,13 +1,27 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities1 name: capabilities_baseline0
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: container1 name: container1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers: initContainers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities0.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities1.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities2.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities3.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- chown
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities6.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities6
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/addcapabilities7.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities7
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- CAP_CHOWN
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline1.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities2.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline2.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities2 name: capabilities_baseline2
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

2
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities6.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline3.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities6 name: capabilities_baseline3
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities0.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/addcapabilities1.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities0.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/capabilities_baseline0.yaml vendored
View File

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities0 name: capabilities_baseline0
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
@ -26,5 +26,19 @@ spec:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {} securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities0.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities1.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities2.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities3.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- chown
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities6.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities6
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/addcapabilities7.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities7
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- CAP_CHOWN
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline1.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

10
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/addcapabilities3.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline2.yaml vendored
View File

@ -1,18 +1,18 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities3 name: capabilities_baseline2
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: container1 name: container1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- chown
initContainers: initContainers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1
securityContext: securityContext:
capabilities: capabilities: {}
add:
- chown
securityContext: {} securityContext: {}

10
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/addcapabilities7.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline3.yaml vendored
View File

@ -1,18 +1,18 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities7 name: capabilities_baseline3
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: container1 name: container1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- CAP_CHOWN
initContainers: initContainers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1
securityContext: securityContext:
capabilities: capabilities: {}
add:
- CAP_CHOWN
securityContext: {} securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities0.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/addcapabilities1.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/addcapabilities1.yaml → staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/capabilities_baseline0.yaml vendored
View File

@ -1,13 +1,27 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: addcapabilities1 name: capabilities_baseline0
spec: spec:
containers: containers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: container1 name: container1
securityContext: securityContext:
capabilities: {} capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers: initContainers:
- image: k8s.gcr.io/pause - image: k8s.gcr.io/pause
name: initcontainer1 name: initcontainer1

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities0.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities1.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities2.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities3.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- chown
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities6.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities6
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/addcapabilities7.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities7
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- CAP_CHOWN
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline1.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline2.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline3.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities0.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/addcapabilities1.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,44 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities0.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities1.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities2.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities3.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- chown
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities6.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities6
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/addcapabilities7.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities7
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- CAP_CHOWN
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline1.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline2.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline3.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities0.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/addcapabilities1.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,44 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities0.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities1.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities2.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities3.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- chown
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities6.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities6
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/addcapabilities7.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities7
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- CAP_CHOWN
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline1.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline2.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline3.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities0.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

30
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/addcapabilities1.yaml vendored
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,44 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities0.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities1.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities2.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities3.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities3
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- chown
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities4.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities4
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- bogus
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities5.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities5
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- bogus
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities6.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities6
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/addcapabilities7.yaml vendored
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: addcapabilities7
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- CAP_CHOWN
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline0.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline1.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline2.yaml vendored Executable file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline2
spec:
containers:
- image: k8s.gcr.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: k8s.gcr.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

Some files were not shown because too many files have changed in this diff Show More