Move to debian-base non-root image

2025-07-30 06:54:01 +00:00 · 2019-05-24 11:57:43 -07:00 · 2019-05-24 11:57:43 -07:00 · c851c480d3
commit c851c480d3
parent 6e78c5bdde
5 changed files with 6 additions and 11 deletions
--- a/test/e2e/common/security_context.go
+++ b/test/e2e/common/security_context.go
@ -97,7 +97,7 @@ var _ = framework.KubeDescribe("Security Context", func() {

 	Context("When creating a container with runAsNonRoot", func() {
 		rootImage := imageutils.GetE2EImage(imageutils.BusyBox)
-		nonRootImage := imageutils.GetE2EImage(imageutils.BusyBoxUser)
+		nonRootImage := imageutils.GetE2EImage(imageutils.NonRoot)
 		makeNonRootPod := func(podName, image string, userid *int64) *v1.Pod {
 			return &v1.Pod{
 				ObjectMeta: metav1.ObjectMeta{
--- a/test/images/busybox-user/BASEIMAGE
+++ b/test/images/busybox-user/BASEIMAGE
@ -1,5 +0,0 @@
-amd64=busybox
-arm=arm32v6/busybox
-arm64=arm64v8/busybox
-ppc64le=ppc64le/busybox
-s390x=s390x/busybox
--- a/test/images/busybox-user/Dockerfile
+++ b/test/images/busybox-user/Dockerfile
@ -1,4 +1,4 @@
-# Copyright 2016 The Kubernetes Authors.
+# Copyright 2019 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -12,6 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-FROM BASEIMAGE
+FROM k8s.gcr.io/debian-base:v1.0.0

 USER 1234
--- a/test/images/busybox-user/VERSION
+++ b/test/images/busybox-user/VERSION
--- a/test/utils/image/manifest.go
+++ b/test/utils/image/manifest.go
@ -108,8 +108,6 @@ const (
 	AuditProxy
 	// BusyBox image
 	BusyBox
-	// BusyBox image with default user 1234
-	BusyBoxUser
 	// CheckMetadataConcealment image
 	CheckMetadataConcealment
 	// CudaVectorAdd image
@ -164,6 +162,8 @@ const (
 	NginxNew
 	// Nonewprivs image
 	Nonewprivs
+	// NonRoot runs with a default user of 1234
+	NonRoot
 	// NoSnatTest image
 	NoSnatTest
 	// NoSnatTestProxy image
@ -204,7 +204,6 @@ func initImageConfigs() map[int]Config {
 	configs[AppArmorLoader] = Config{e2eRegistry, "apparmor-loader", "1.0"}
 	configs[AuditProxy] = Config{e2eRegistry, "audit-proxy", "1.0"}
 	configs[BusyBox] = Config{dockerLibraryRegistry, "busybox", "1.29"}
-	configs[BusyBoxUser] = Config{e2eRegistry, "busybox-user", "1.0"}
 	configs[CheckMetadataConcealment] = Config{e2eRegistry, "metadata-concealment", "1.2"}
 	configs[CudaVectorAdd] = Config{e2eRegistry, "cuda-vector-add", "1.0"}
 	configs[CudaVectorAdd2] = Config{e2eRegistry, "cuda-vector-add", "2.0"}
@ -232,6 +231,7 @@ func initImageConfigs() map[int]Config {
 	configs[Nginx] = Config{dockerLibraryRegistry, "nginx", "1.14-alpine"}
 	configs[NginxNew] = Config{dockerLibraryRegistry, "nginx", "1.15-alpine"}
 	configs[Nonewprivs] = Config{e2eRegistry, "nonewprivs", "1.0"}
+	configs[NonRoot] = Config{e2eRegistry, "nonroot", "1.0"}
 	configs[NoSnatTest] = Config{e2eRegistry, "no-snat-test", "1.0"}
 	configs[NoSnatTestProxy] = Config{e2eRegistry, "no-snat-test-proxy", "1.0"}
 	// Pause - when these values are updated, also update cmd/kubelet/app/options/container_runtime.go