mirror of
https://github.com/k3s-io/kubernetes.git
synced 2026-02-22 07:03:28 +00:00
Add new fixture testData for 1.34 PSA
This commit adds the fixture tests for the new .host field restrictions on probe and lifecycle handlers. ran UPDATE_POD_SECURITY_FIXTURE_DATA=true go test -v ./test/... -run TestFixtures Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit is contained in:
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle0
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: bad.host
|
||||
port: 8080
|
||||
name: container1
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
@@ -0,0 +1,16 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle1
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
host: 8.8.8.8
|
||||
port: 8080
|
||||
restartPolicy: Always
|
||||
@@ -0,0 +1,16 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle2
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
lifecycle:
|
||||
postStart:
|
||||
httpGet:
|
||||
host: bad.host
|
||||
port: 8080
|
||||
name: container1
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.34/fail/hostprobesandhostlifecycle3.yaml
vendored
Executable file
15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.34/fail/hostprobesandhostlifecycle3.yaml
vendored
Executable file
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle3
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
port: 8080
|
||||
name: container1
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.34/fail/hostprobesandhostlifecycle4.yaml
vendored
Executable file
15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.34/fail/hostprobesandhostlifecycle4.yaml
vendored
Executable file
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle4
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
host: ::1
|
||||
port: 8080
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
@@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle0
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
@@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle1
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
port: 8080
|
||||
name: container1
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
@@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle2
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 8080
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
29
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle0.yaml
vendored
Executable file
29
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle0.yaml
vendored
Executable file
@@ -0,0 +1,29 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle0
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: bad.host
|
||||
port: 8080
|
||||
name: container1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
30
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle1.yaml
vendored
Executable file
30
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle1.yaml
vendored
Executable file
@@ -0,0 +1,30 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle1
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
host: 8.8.8.8
|
||||
port: 8080
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
30
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle2.yaml
vendored
Executable file
30
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle2.yaml
vendored
Executable file
@@ -0,0 +1,30 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle2
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
lifecycle:
|
||||
postStart:
|
||||
httpGet:
|
||||
host: bad.host
|
||||
port: 8080
|
||||
name: container1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
29
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle3.yaml
vendored
Executable file
29
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle3.yaml
vendored
Executable file
@@ -0,0 +1,29 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle3
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
port: 8080
|
||||
name: container1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
29
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle4.yaml
vendored
Executable file
29
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/fail/hostprobesandhostlifecycle4.yaml
vendored
Executable file
@@ -0,0 +1,29 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle4
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
host: ::1
|
||||
port: 8080
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
25
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/pass/hostprobesandhostlifecycle0.yaml
vendored
Executable file
25
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/pass/hostprobesandhostlifecycle0.yaml
vendored
Executable file
@@ -0,0 +1,25 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle0
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
28
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/pass/hostprobesandhostlifecycle1.yaml
vendored
Executable file
28
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/pass/hostprobesandhostlifecycle1.yaml
vendored
Executable file
@@ -0,0 +1,28 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle1
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
port: 8080
|
||||
name: container1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
28
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/pass/hostprobesandhostlifecycle2.yaml
vendored
Executable file
28
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.34/pass/hostprobesandhostlifecycle2.yaml
vendored
Executable file
@@ -0,0 +1,28 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: hostprobesandhostlifecycle2
|
||||
spec:
|
||||
containers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: container1
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 8080
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
initContainers:
|
||||
- image: registry.k8s.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
Reference in New Issue
Block a user