From 583ea17efd6b7063b1cbe265c01e9cf48b52b09a Mon Sep 17 00:00:00 2001 From: Joachim Bartosik Date: Fri, 24 Jun 2022 19:27:37 +0200 Subject: [PATCH] Add parameter to set SecurityContext for containers in tests After #106454 tests run with e2e tests run under the restricted pod security policy level by default. In order for containers to start with this security policy they must set appropriate SecurityContext. See https://groups.google.com/a/kubernetes.io/g/dev/c/BZlDyz9FK1U/m/57PgQlA4BgAJ --- test/utils/runners.go | 49 ++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/test/utils/runners.go b/test/utils/runners.go index d3d37944f7c..4fa2e41163d 100644 --- a/test/utils/runners.go +++ b/test/utils/runners.go @@ -182,8 +182,11 @@ type RCConfig struct { ServiceAccountTokenProjections int - //Additional containers to run in the pod + // Additional containers to run in the pod AdditionalContainers []v1.Container + + // Security context for created pods + SecurityContext *v1.SecurityContext } func (rc *RCConfig) RCConfigLog(fmt string, args ...interface{}) { @@ -334,11 +337,12 @@ func (config *DeploymentConfig) create() error { TerminationGracePeriodSeconds: config.getTerminationGracePeriodSeconds(nil), Containers: []v1.Container{ { - Name: config.Name, - Image: config.Image, - Command: config.Command, - Ports: []v1.ContainerPort{{ContainerPort: 80}}, - Lifecycle: config.Lifecycle, + Name: config.Name, + Image: config.Image, + Command: config.Command, + Ports: []v1.ContainerPort{{ContainerPort: 80}}, + Lifecycle: config.Lifecycle, + SecurityContext: config.SecurityContext, }, }, }, @@ -420,11 +424,12 @@ func (config *ReplicaSetConfig) create() error { TerminationGracePeriodSeconds: config.getTerminationGracePeriodSeconds(nil), Containers: []v1.Container{ { - Name: config.Name, - Image: config.Image, - Command: config.Command, - Ports: []v1.ContainerPort{{ContainerPort: 80}}, - Lifecycle: config.Lifecycle, + Name: config.Name, + Image: config.Image, + Command: config.Command, + Ports: []v1.ContainerPort{{ContainerPort: 80}}, + Lifecycle: config.Lifecycle, + SecurityContext: config.SecurityContext, }, }, }, @@ -498,10 +503,11 @@ func (config *JobConfig) create() error { TerminationGracePeriodSeconds: config.getTerminationGracePeriodSeconds(nil), Containers: []v1.Container{ { - Name: config.Name, - Image: config.Image, - Command: config.Command, - Lifecycle: config.Lifecycle, + Name: config.Name, + Image: config.Image, + Command: config.Command, + Lifecycle: config.Lifecycle, + SecurityContext: config.SecurityContext, }, }, RestartPolicy: v1.RestartPolicyOnFailure, @@ -611,12 +617,13 @@ func (config *RCConfig) create() error { Affinity: config.Affinity, Containers: []v1.Container{ { - Name: config.Name, - Image: config.Image, - Command: config.Command, - Ports: []v1.ContainerPort{{ContainerPort: 80}}, - ReadinessProbe: config.ReadinessProbe, - Lifecycle: config.Lifecycle, + Name: config.Name, + Image: config.Image, + Command: config.Command, + Ports: []v1.ContainerPort{{ContainerPort: 80}}, + ReadinessProbe: config.ReadinessProbe, + Lifecycle: config.Lifecycle, + SecurityContext: config.SecurityContext, }, }, DNSPolicy: *config.DNSPolicy,