Allow privilidged pods in VPA E2E
We allowed them before (it was default) but now we need to allow it explicitly: https://groups.google.com/a/kubernetes.io/g/dev/c/BZlDyz9FK1U/m/57PgQlA4BgAJ Long term I want to run pods without privilidge but it requeres: - https://github.com/kubernetes/kubernetes/pull/110779 to merge - Syncing e2e dependencies to include the merged change - Changing tests to run pods without privilidges To keep tests passing through removal of PodSecurityPolicy for 1.25 I want to merge this change first and reduce pod privilidges later
This commit is contained in:
Joachim Bartosik
parent
82ed501f16
commit
b16ab89c3c
|
|
@ -41,6 +41,7 @@ import (
|
|||
framework_rs "k8s.io/kubernetes/test/e2e/framework/replicaset"
|
||||
framework_ss "k8s.io/kubernetes/test/e2e/framework/statefulset"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -48,6 +49,7 @@ import (
|
|||
|
||||
var _ = ActuationSuiteE2eDescribe("Actuation", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("stops when pods get pending", func() {
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import (
|
|||
vpa_types "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
framework_deployment "k8s.io/kubernetes/test/e2e/framework/deployment"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -35,6 +36,7 @@ import (
|
|||
|
||||
var _ = AdmissionControllerE2eDescribe("Admission-controller", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("starts pods with new recommended request", func() {
|
||||
d := NewHamsterDeploymentWithResources(f, ParseQuantityOrDie("100m") /*cpu*/, ParseQuantityOrDie("100Mi") /*memory*/)
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import (
|
|||
vpa_types "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1"
|
||||
vpa_clientset "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/client/clientset/versioned"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -60,6 +61,7 @@ var _ = FullVpaE2eDescribe("Pods under VPA", func() {
|
|||
// This schedules AfterEach block that needs to run after the AfterEach above and
|
||||
// BeforeEach that needs to run before the BeforeEach below - thus the order of these matters.
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
@ -138,6 +140,7 @@ var _ = FullVpaE2eDescribe("Pods under VPA with default recommender explicitly c
|
|||
// This schedules AfterEach block that needs to run after the AfterEach above and
|
||||
// BeforeEach that needs to run before the BeforeEach below - thus the order of these matters.
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
@ -200,6 +203,7 @@ var _ = FullVpaE2eDescribe("Pods under VPA with non-recognized recommender expli
|
|||
// This schedules AfterEach block that needs to run after the AfterEach above and
|
||||
// BeforeEach that needs to run before the BeforeEach below - thus the order of these matters.
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
@ -254,6 +258,7 @@ var _ = FullVpaE2eDescribe("OOMing pods under VPA", func() {
|
|||
const replicas = 3
|
||||
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
|
|||
|
|
@ -30,8 +30,9 @@ import (
|
|||
vpa_clientset "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/client/clientset/versioned"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
"k8s.io/klog/v2"
|
||||
klog "k8s.io/klog/v2"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -119,6 +120,7 @@ func getVpaObserver(vpaClientSet vpa_clientset.Interface) *observer {
|
|||
|
||||
var _ = RecommenderE2eDescribe("Checkpoints", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("with missing VPA objects are garbage collected", func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
@ -147,6 +149,7 @@ var _ = RecommenderE2eDescribe("Checkpoints", func() {
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("serves recommendation for CronJob", func() {
|
||||
ginkgo.By("Setting up hamster CronJob")
|
||||
|
|
@ -171,6 +174,7 @@ var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
var (
|
||||
vpaCRD *vpa_types.VerticalPodAutoscaler
|
||||
|
|
@ -241,6 +245,7 @@ var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
var (
|
||||
vpaClientSet vpa_clientset.Interface
|
||||
|
|
@ -321,6 +326,7 @@ func createVpaCRDWithMinMaxAllowed(f *framework.Framework, minAllowed, maxAllowe
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
var vpaClientSet vpa_clientset.Interface
|
||||
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import (
|
|||
vpa_types "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1"
|
||||
"k8s.io/autoscaler/vertical-pod-autoscaler/pkg/utils/status"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -34,6 +35,7 @@ import (
|
|||
|
||||
var _ = UpdaterE2eDescribe("Updater", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("evicts pods when Admission Controller status available", func() {
|
||||
const statusUpdateInterval = 10 * time.Second
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ import (
|
|||
framework_rs "k8s.io/kubernetes/test/e2e/framework/replicaset"
|
||||
framework_ss "k8s.io/kubernetes/test/e2e/framework/statefulset"
|
||||
testutils "k8s.io/kubernetes/test/utils"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -48,6 +49,7 @@ import (
|
|||
|
||||
var _ = ActuationSuiteE2eDescribe("Actuation", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("stops when pods get pending", func() {
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import (
|
|||
vpa_types "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1beta2"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
framework_deployment "k8s.io/kubernetes/test/e2e/framework/deployment"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -35,6 +36,7 @@ import (
|
|||
|
||||
var _ = AdmissionControllerE2eDescribe("Admission-controller", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("starts pods with new recommended request", func() {
|
||||
d := NewHamsterDeploymentWithResources(f, ParseQuantityOrDie("100m") /*cpu*/, ParseQuantityOrDie("100Mi") /*memory*/)
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import (
|
|||
vpa_types "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1beta2"
|
||||
vpa_clientset "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/client/clientset/versioned"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -60,6 +61,7 @@ var _ = FullVpaE2eDescribe("Pods under VPA", func() {
|
|||
// This schedules AfterEach block that needs to run after the AfterEach above and
|
||||
// BeforeEach that needs to run before the BeforeEach below - thus the order of these matters.
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
@ -131,6 +133,7 @@ var _ = FullVpaE2eDescribe("OOMing pods under VPA", func() {
|
|||
const replicas = 3
|
||||
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.BeforeEach(func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
|
|||
|
|
@ -30,8 +30,9 @@ import (
|
|||
vpa_clientset "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/client/clientset/versioned"
|
||||
clientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
"k8s.io/klog/v2"
|
||||
klog "k8s.io/klog/v2"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -119,6 +120,7 @@ func getVpaObserver(vpaClientSet vpa_clientset.Interface) *observer {
|
|||
|
||||
var _ = RecommenderE2eDescribe("Checkpoints", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("with missing VPA objects are garbage collected", func() {
|
||||
ns := f.Namespace.Name
|
||||
|
|
@ -147,6 +149,7 @@ var _ = RecommenderE2eDescribe("Checkpoints", func() {
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("serves recommendation for CronJob", func() {
|
||||
ginkgo.By("Setting up hamster CronJob")
|
||||
|
|
@ -171,6 +174,7 @@ var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
var (
|
||||
vpaCRD *vpa_types.VerticalPodAutoscaler
|
||||
|
|
@ -241,6 +245,7 @@ var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
var (
|
||||
vpaClientSet vpa_clientset.Interface
|
||||
|
|
@ -322,6 +327,7 @@ func createVpaCRDWithMinMaxAllowed(f *framework.Framework, minAllowed, maxAllowe
|
|||
|
||||
var _ = RecommenderE2eDescribe("VPA CRD object", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
var vpaClientSet vpa_clientset.Interface
|
||||
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import (
|
|||
vpa_types "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1beta2"
|
||||
"k8s.io/autoscaler/vertical-pod-autoscaler/pkg/utils/status"
|
||||
"k8s.io/kubernetes/test/e2e/framework"
|
||||
podsecurity "k8s.io/pod-security-admission/api"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
"github.com/onsi/gomega"
|
||||
|
|
@ -34,6 +35,7 @@ import (
|
|||
|
||||
var _ = UpdaterE2eDescribe("Updater", func() {
|
||||
f := framework.NewDefaultFramework("vertical-pod-autoscaling")
|
||||
f.NamespacePodSecurityEnforceLevel = podsecurity.LevelBaseline
|
||||
|
||||
ginkgo.It("evicts pods when Admission Controller status available", func() {
|
||||
const statusUpdateInterval = 10 * time.Second
|
||||
|
|
|
|||
Loading…
Reference in New Issue