From c591765f70f486712af3390cb4eef816346b04bf Mon Sep 17 00:00:00 2001 From: Robert Brennan Date: Tue, 25 Feb 2020 21:05:32 +0000 Subject: [PATCH] add more webhook test cases, remove cronjob case --- .../failing_test.cronjob.v2alpha1.yaml | 24 -------- .../passing_test.daemonset.v1beta2.yaml | 48 ++++++++++++++++ .../passing_test.deployment.v1beta1.yaml | 29 ++++++++++ .../passing_test.deployment.v1beta2.yaml | 29 ++++++++++ .../passing_test.statefulset.v1beta1.yaml | 56 +++++++++++++++++++ .../passing_test.statefulset.v1beta2.yaml | 56 +++++++++++++++++++ 6 files changed, 218 insertions(+), 24 deletions(-) delete mode 100644 test/webhook_cases/failing_test.cronjob.v2alpha1.yaml create mode 100644 test/webhook_cases/passing_test.daemonset.v1beta2.yaml create mode 100644 test/webhook_cases/passing_test.deployment.v1beta1.yaml create mode 100644 test/webhook_cases/passing_test.deployment.v1beta2.yaml create mode 100644 test/webhook_cases/passing_test.statefulset.v1beta1.yaml create mode 100644 test/webhook_cases/passing_test.statefulset.v1beta2.yaml diff --git a/test/webhook_cases/failing_test.cronjob.v2alpha1.yaml b/test/webhook_cases/failing_test.cronjob.v2alpha1.yaml deleted file mode 100644 index e4919d22..00000000 --- a/test/webhook_cases/failing_test.cronjob.v2alpha1.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: test -spec: - schedule: "*/1 * * * *" - jobTemplate: - spec: - template: - spec: - containers: - - name: test - image: busybox:uclibc - args: - - whoami - securityContext: - allowPrivilegeEscalation: true - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - restartPolicy: OnFailure \ No newline at end of file diff --git a/test/webhook_cases/passing_test.daemonset.v1beta2.yaml b/test/webhook_cases/passing_test.daemonset.v1beta2.yaml new file mode 100644 index 00000000..c6d4b380 --- /dev/null +++ b/test/webhook_cases/passing_test.daemonset.v1beta2.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: fluentd-elasticsearch + namespace: kube-system + labels: + k8s-app: fluentd-logging +spec: + selector: + matchLabels: + name: fluentd-elasticsearch + template: + metadata: + labels: + name: fluentd-elasticsearch + spec: + tolerations: + - key: node-role.kubernetes.io/master + effect: + containers: + - name: fluentd-elasticsearch + image: gcr.io/fluentd-elasticsearch/fluentd:v2.5.1 + resources: + requests: + cpu: 100m + volumeMounts: + - name: varlog + mountPath: /var/log + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + terminationGracePeriodSeconds: 30 + volumes: + - name: varlog + hostPath: + path: /var/log + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + diff --git a/test/webhook_cases/passing_test.deployment.v1beta1.yaml b/test/webhook_cases/passing_test.deployment.v1beta1.yaml new file mode 100644 index 00000000..48f1cd86 --- /dev/null +++ b/test/webhook_cases/passing_test.deployment.v1beta1.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx +spec: + replicas: 3 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.7.9 + ports: + - containerPort: 80 + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL diff --git a/test/webhook_cases/passing_test.deployment.v1beta2.yaml b/test/webhook_cases/passing_test.deployment.v1beta2.yaml new file mode 100644 index 00000000..55cfd08f --- /dev/null +++ b/test/webhook_cases/passing_test.deployment.v1beta2.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx +spec: + replicas: 3 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.7.9 + ports: + - containerPort: 80 + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL diff --git a/test/webhook_cases/passing_test.statefulset.v1beta1.yaml b/test/webhook_cases/passing_test.statefulset.v1beta1.yaml new file mode 100644 index 00000000..4ae94853 --- /dev/null +++ b/test/webhook_cases/passing_test.statefulset.v1beta1.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + app: nginx +spec: + ports: + - port: 80 + name: web + clusterIP: None + selector: + app: nginx +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: web +spec: + selector: + matchLabels: + app: nginx # has to match .spec.template.metadata.labels + serviceName: "nginx" + replicas: 3 # by default is 1 + template: + metadata: + labels: + app: nginx # has to match .spec.selector.matchLabels + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: nginx + image: k8s.gcr.io/nginx-slim:0.8 + ports: + - containerPort: 80 + name: web + volumeMounts: + - name: www + mountPath: /usr/share/nginx/html + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + volumeClaimTemplates: + - metadata: + name: www + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "my-storage-class" + resources: + requests: + storage: 1Gi diff --git a/test/webhook_cases/passing_test.statefulset.v1beta2.yaml b/test/webhook_cases/passing_test.statefulset.v1beta2.yaml new file mode 100644 index 00000000..604a5dc0 --- /dev/null +++ b/test/webhook_cases/passing_test.statefulset.v1beta2.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + app: nginx +spec: + ports: + - port: 80 + name: web + clusterIP: None + selector: + app: nginx +--- +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: web +spec: + selector: + matchLabels: + app: nginx # has to match .spec.template.metadata.labels + serviceName: "nginx" + replicas: 3 # by default is 1 + template: + metadata: + labels: + app: nginx # has to match .spec.selector.matchLabels + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: nginx + image: k8s.gcr.io/nginx-slim:0.8 + ports: + - containerPort: 80 + name: web + volumeMounts: + - name: www + mountPath: /usr/share/nginx/html + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + volumeClaimTemplates: + - metadata: + name: www + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "my-storage-class" + resources: + requests: + storage: 1Gi