mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 07:57:07 +00:00
35494bd8bb
* feat add chainsaw tests for pod security and exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: enable ProcMountType in the kind config Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> |
||
|---|---|---|
| .. | ||
| bad-pod-01.yaml | ||
| bad-pod-02.yaml | ||
| chainsaw-test.yaml | ||
| exception.yaml | ||
| good-pod.yaml | ||
| policy-assert.yaml | ||
| policy.yaml | ||
| README.md | ||
Description
This test creates an exception for the init containers to set the runAsNonRoot to false
Expected Behavior
-
Create a policy that applies the restricted profile.
-
Create an exception for the init containters to set the
runAsNonRootto false. -
Create a pod with the following characteristics:
- The pod has an init container that sets the
runAsNonRootfield tofalse. - The pod has a container that doesn't set the
runAsNonRootfield.
It is expected that the pod will be blocked with a message reporting the violation of the container. The init container is already excluded by the exception.
- The pod has an init container that sets the
-
Create a pod with the following characteristics:
- The pod has an init container that sets the
runAsNonRootfield totrue. - The pod has a container that doesn't set the
runAsNonRootfield.
It is expected that the pod will be blocked with a message reporting the violation of the container.
- The pod has an init container that sets the
-
Create a pod with the following characteristics:
- The pod has an init container that sets the
runAsNonRootfield tofalse. - The pod has a container that doesn't set the
runAsNonRootfield. runAsNonRootis set totruein the pod spec.
It is expected that the pod will be created successfully.
- The pod has an init container that sets the
Reference Issue(s)
#10581