test/e2e/windows: drop securityContext test for ProcMount

Fixes https://github.com/kubernetes/kubernetes/issues/126180 As the ProcMountType feature is disabled by default in beta and relies on the UserNamespacesSupport feature, which is also set to false in beta, running this test is unnecessary. Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
2025-07-30 06:54:01 +00:00 · 2024-07-17 19:10:54 -04:00 · 2024-07-17 19:10:54 -04:00 · c5b01a30d3
commit c5b01a30d3
parent 04cc0a1034
1 changed files with 1 additions and 25 deletions
--- a/test/e2e/windows/security_context.go
+++ b/test/e2e/windows/security_context.go
@ -136,7 +136,7 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func()
 		e2eoutput.TestContainerOutput(ctx, f, "check pod SecurityContext username", pod, 1, []string{"ContainerAdministrator"})
 	})

-	ginkgo.It("should ignore SELinux Specific SecurityContext if set", func(ctx context.Context) {
+	ginkgo.It("should ignore Linux Specific SecurityContext if set", func(ctx context.Context) {
 		ginkgo.By("Creating a pod with SELinux options")
 		// It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux
 		// security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the
@ -160,30 +160,6 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func()
 			f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name)
 	})

-	ginkgo.It("should ignore ProcMount Specific SecurityContext if set", func(ctx context.Context) {
-		ginkgo.By("Creating a pod with ProcMount options")
-		// It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux
-		// security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the
-		// pod object to not have those security contexts. However the pod coming to running state is a sufficient
-		// enough condition for us to validate since prior to https://github.com/kubernetes/kubernetes/pull/93475
-		// the pod would have failed to come up.
-		windowsPodWithSELinux := createTestPod(f, imageutils.GetE2EImage(imageutils.Agnhost), windowsOS)
-		windowsPodWithSELinux.Spec.Containers[0].Args = []string{"test-webserver-with-selinux"}
-		windowsPodWithSELinux.Spec.SecurityContext = &v1.PodSecurityContext{}
-		pmt := v1.UnmaskedProcMount
-		containerUserName := "ContainerAdministrator"
-		windowsPodWithSELinux.Spec.Containers[0].SecurityContext = &v1.SecurityContext{
-			ProcMount:      &pmt,
-			WindowsOptions: &v1.WindowsSecurityContextOptions{RunAsUserName: &containerUserName}}
-		windowsPodWithSELinux.Spec.Tolerations = []v1.Toleration{{Key: "os", Value: "Windows"}}
-		windowsPodWithSELinux, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx,
-			windowsPodWithSELinux, metav1.CreateOptions{})
-		framework.ExpectNoError(err)
-		framework.Logf("Created pod %v", windowsPodWithSELinux)
-		framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(ctx, f.ClientSet, windowsPodWithSELinux.Name,
-			f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name)
-	})
-
 	ginkgo.It("should not be able to create pods with containers running as ContainerAdministrator when runAsNonRoot is true", func(ctx context.Context) {
 		ginkgo.By("Creating a pod")