upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-06-09 08:55:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Regenerate Pod Security test fixtures for v1.36 and v1.37

Browse source 
Signed-off-by: Graham Heffern <gheffern@gmail.com>
This commit is contained in:
Graham Heffern 2026-04-14 18:34:06 -05:00
parent 6a1bb5949f
commit 4c2043c0da
296 changed files with 7270 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/apparmorprofile0.yaml vendored Executable file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/container1: unconfined
name: apparmorprofile0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

13
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/apparmorprofile1.yaml vendored Executable file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/initcontainer1: unconfined
name: apparmorprofile1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/capabilities_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/capabilities_baseline1.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/capabilities_baseline2.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/capabilities_baseline3.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline3
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostnamespaces0.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: hostnamespaces0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
hostIPC: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostnamespaces1.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: hostnamespaces1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
hostNetwork: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostnamespaces2.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: hostnamespaces2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
hostPID: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostpathvolumes0.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: hostpathvolumes0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
volumes:
- emptyDir: {}
name: volume-emptydir
- hostPath:
path: /a
name: volume-hostpath

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostpathvolumes1.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: hostpathvolumes1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
volumes:
- hostPath:
path: /a
name: volume-hostpath-a
- hostPath:
path: /b
name: volume-hostpath-b

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostports0.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
ports:
- containerPort: 12345
hostPort: 12345
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostports1.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
ports:
- containerPort: 12346
hostPort: 12346

19
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostports2.yaml vendored Executable file
View file

@ -0,0 +1,19 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
ports:
- containerPort: 12345
hostPort: 12345
- containerPort: 12347
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
ports:
- containerPort: 12346
hostPort: 12346
- containerPort: 12348

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostprobesandhostlifecycle0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle0
spec:
containers:
- image: registry.k8s.io/pause
livenessProbe:
httpGet:
host: bad.host
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostprobesandhostlifecycle1.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
readinessProbe:
tcpSocket:
host: 8.8.8.8
port: 8080
restartPolicy: Always

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostprobesandhostlifecycle2.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle2
spec:
containers:
- image: registry.k8s.io/pause
lifecycle:
postStart:
httpGet:
host: bad.host
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostprobesandhostlifecycle3.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle3
spec:
containers:
- image: registry.k8s.io/pause
livenessProbe:
httpGet:
host: 127.0.0.1
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/hostprobesandhostlifecycle4.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle4
spec:
containers:
- image: registry.k8s.io/pause
name: container1
readinessProbe:
tcpSocket:
host: ::1
port: 8080
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/privileged0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: privileged0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
privileged: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext: {}

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/privileged1.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: privileged1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
privileged: true
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/procmount0.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
procMount: Unmasked
hostUsers: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/procmount1.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
procMount: Unmasked
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/seccompprofile_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext:
seccompProfile:
type: Unconfined

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/seccompprofile_baseline1.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seccompProfile:
type: Unconfined
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/seccompprofile_baseline2.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seccompProfile:
type: Unconfined
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/selinuxoptions0.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions:
type: somevalue

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/selinuxoptions1.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions:
type: somevalue
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/selinuxoptions2.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions:
type: somevalue
securityContext:
seLinuxOptions: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/selinuxoptions3.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions3
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions:
user: somevalue

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/selinuxoptions4.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions4
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions:
role: somevalue

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/sysctls0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: sysctls0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
sysctls:
- name: othersysctl
value: other

19
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/windowshostprocess0.yaml vendored Executable file
View file

@ -0,0 +1,19 @@
apiVersion: v1
kind: Pod
metadata:
name: windowshostprocess0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
windowsOptions: {}
hostNetwork: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
windowsOptions: {}
securityContext:
windowsOptions:
hostProcess: true

20
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/fail/windowshostprocess1.yaml vendored Executable file
View file

@ -0,0 +1,20 @@
apiVersion: v1
kind: Pod
metadata:
name: windowshostprocess1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
windowsOptions:
hostProcess: true
hostNetwork: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
windowsOptions:
hostProcess: true
securityContext:
windowsOptions: {}

13
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/apparmorprofile0.yaml vendored Executable file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/container1: localhost/foo
name: apparmorprofile0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

11
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/base.yaml vendored Executable file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Pod
metadata:
name: base
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/capabilities_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,44 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/hostports0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
ports:
- containerPort: 12345
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
ports:
- containerPort: 12346

11
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/hostprobesandhostlifecycle0.yaml vendored Executable file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/hostprobesandhostlifecycle1.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle1
spec:
containers:
- image: registry.k8s.io/pause
livenessProbe:
httpGet:
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/hostprobesandhostlifecycle2.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
readinessProbe:
tcpSocket:
port: 8080
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/privileged0.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: privileged0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
privileged: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
privileged: false
securityContext: {}

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/procmount0.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
procMount: Default
securityContext: {}

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/procmount1.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
procMount: Unmasked
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/seccompprofile_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seccompProfile:
type: RuntimeDefault
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext:
seccompProfile:
type: RuntimeDefault

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/selinuxoptions0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext: {}

21
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/selinuxoptions1.yaml vendored Executable file
View file

@ -0,0 +1,21 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions:
level: somevalue
type: container_init_t
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions:
type: container_kvm_t
securityContext:
seLinuxOptions:
type: container_t

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/sysctls0.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: sysctls0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.36/pass/sysctls1.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: sysctls1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
sysctls:
- name: net.ipv4.tcp_rmem
value: 4096 87380 16777216
- name: net.ipv4.tcp_wmem
value: 4096 65536 16777216

13
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/apparmorprofile0.yaml vendored Executable file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/container1: unconfined
name: apparmorprofile0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

13
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/apparmorprofile1.yaml vendored Executable file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/initcontainer1: unconfined
name: apparmorprofile1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/capabilities_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- NET_RAW
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/capabilities_baseline1.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- NET_RAW
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/capabilities_baseline2.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- chown
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/capabilities_baseline3.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline3
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- CAP_CHOWN
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities: {}
securityContext: {}

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostnamespaces0.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: hostnamespaces0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
hostIPC: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostnamespaces1.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: hostnamespaces1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
hostNetwork: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostnamespaces2.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: hostnamespaces2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
hostPID: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostpathvolumes0.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: hostpathvolumes0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
volumes:
- emptyDir: {}
name: volume-emptydir
- hostPath:
path: /a
name: volume-hostpath

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostpathvolumes1.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: hostpathvolumes1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
volumes:
- hostPath:
path: /a
name: volume-hostpath-a
- hostPath:
path: /b
name: volume-hostpath-b

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostports0.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
ports:
- containerPort: 12345
hostPort: 12345
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostports1.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
ports:
- containerPort: 12346
hostPort: 12346

19
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostports2.yaml vendored Executable file
View file

@ -0,0 +1,19 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
ports:
- containerPort: 12345
hostPort: 12345
- containerPort: 12347
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
ports:
- containerPort: 12346
hostPort: 12346
- containerPort: 12348

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostprobesandhostlifecycle0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle0
spec:
containers:
- image: registry.k8s.io/pause
livenessProbe:
httpGet:
host: bad.host
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostprobesandhostlifecycle1.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
readinessProbe:
tcpSocket:
host: 8.8.8.8
port: 8080
restartPolicy: Always

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostprobesandhostlifecycle2.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle2
spec:
containers:
- image: registry.k8s.io/pause
lifecycle:
postStart:
httpGet:
host: bad.host
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostprobesandhostlifecycle3.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle3
spec:
containers:
- image: registry.k8s.io/pause
livenessProbe:
httpGet:
host: 127.0.0.1
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/hostprobesandhostlifecycle4.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle4
spec:
containers:
- image: registry.k8s.io/pause
name: container1
readinessProbe:
tcpSocket:
host: ::1
port: 8080
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/privileged0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: privileged0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
privileged: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext: {}

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/privileged1.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: privileged1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
privileged: true
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/procmount0.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
procMount: Unmasked
hostUsers: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/procmount1.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
procMount: Unmasked
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/seccompprofile_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext:
seccompProfile:
type: Unconfined

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/seccompprofile_baseline1.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seccompProfile:
type: Unconfined
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext: {}

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/seccompprofile_baseline2.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seccompProfile:
type: Unconfined
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/selinuxoptions0.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions:
type: somevalue

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/selinuxoptions1.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions:
type: somevalue
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/selinuxoptions2.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions:
type: somevalue
securityContext:
seLinuxOptions: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/selinuxoptions3.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions3
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions:
user: somevalue

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/selinuxoptions4.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions4
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext:
seLinuxOptions:
role: somevalue

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/sysctls0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: sysctls0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
sysctls:
- name: othersysctl
value: other

19
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/windowshostprocess0.yaml vendored Executable file
View file

@ -0,0 +1,19 @@
apiVersion: v1
kind: Pod
metadata:
name: windowshostprocess0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
windowsOptions: {}
hostNetwork: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
windowsOptions: {}
securityContext:
windowsOptions:
hostProcess: true

20
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/fail/windowshostprocess1.yaml vendored Executable file
View file

@ -0,0 +1,20 @@
apiVersion: v1
kind: Pod
metadata:
name: windowshostprocess1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
windowsOptions:
hostProcess: true
hostNetwork: true
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
windowsOptions:
hostProcess: true
securityContext:
windowsOptions: {}

13
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/apparmorprofile0.yaml vendored Executable file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
annotations:
container.apparmor.security.beta.kubernetes.io/container1: localhost/foo
name: apparmorprofile0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

11
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/base.yaml vendored Executable file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Pod
metadata:
name: base
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/capabilities_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,44 @@
apiVersion: v1
kind: Pod
metadata:
name: capabilities_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
capabilities:
add:
- AUDIT_WRITE
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- MKNOD
- NET_BIND_SERVICE
- SETFCAP
- SETGID
- SETPCAP
- SETUID
- SYS_CHROOT
securityContext: {}

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/hostports0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: hostports0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
ports:
- containerPort: 12345
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
ports:
- containerPort: 12346

11
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/hostprobesandhostlifecycle0.yaml vendored Executable file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/hostprobesandhostlifecycle1.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle1
spec:
containers:
- image: registry.k8s.io/pause
livenessProbe:
httpGet:
port: 8080
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

14
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/hostprobesandhostlifecycle2.yaml vendored Executable file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: hostprobesandhostlifecycle2
spec:
containers:
- image: registry.k8s.io/pause
name: container1
readinessProbe:
tcpSocket:
port: 8080
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

16
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/privileged0.yaml vendored Executable file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
metadata:
name: privileged0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
privileged: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
privileged: false
securityContext: {}

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/procmount0.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
procMount: Default
securityContext: {}

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/procmount1.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: procmount1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
procMount: Unmasked
securityContext: {}

18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/seccompprofile_baseline0.yaml vendored Executable file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: Pod
metadata:
name: seccompprofile_baseline0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seccompProfile:
type: RuntimeDefault
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}
securityContext:
seccompProfile:
type: RuntimeDefault

15
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/selinuxoptions0.yaml vendored Executable file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions: {}
securityContext: {}

21
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/selinuxoptions1.yaml vendored Executable file
View file

@ -0,0 +1,21 @@
apiVersion: v1
kind: Pod
metadata:
name: selinuxoptions1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
seLinuxOptions:
level: somevalue
type: container_init_t
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
seLinuxOptions:
type: container_kvm_t
securityContext:
seLinuxOptions:
type: container_t

12
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/sysctls0.yaml vendored Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: sysctls0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext: {}

17
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.37/pass/sysctls1.yaml vendored Executable file
View file

@ -0,0 +1,17 @@
apiVersion: v1
kind: Pod
metadata:
name: sysctls1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
sysctls:
- name: net.ipv4.tcp_slow_start_after_idle
value: "0"
- name: net.ipv4.tcp_notsent_lowat
value: "16384"

25
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.36/fail/allowprivilegeescalation0.yaml vendored Executable file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation0
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

25
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.36/fail/allowprivilegeescalation1.yaml vendored Executable file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: Pod
metadata:
name: allowprivilegeescalation1
spec:
containers:
- image: registry.k8s.io/pause
name: container1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

Some files were not shown because too many files have changed in this diff Show more