diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-12 21:00:04 +0100 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-12 22:23:06 +0100 |
commit | 767cb9d833f7dfb12c16b291981ad71fa368a4d8 (patch) | |
tree | 7ca1c383d385a4b5cdf532ff16547e9844e18fdb | |
parent | 8f277a9677eaaadb904da860c5edcfec0fce8216 (diff) |
Remove Hostpath testing
It's against Security Standards as explained in [1].
"Using the hostPath volume type presents many security risks.
If you can avoid using a hostPath volume, you should."
It basically asks for the profile Privileged
"pod-security.kubernetes.io/enforce": "privileged
[1] https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
Change-Id: I89e35f11ab7917b904ac474401bf609ad9c5dd3d
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 50859e8c92a39b87ad91f14d01908a259a0602ce)
-rw-r--r-- | functest_kubernetes/rally/all-in-one.yaml | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/functest_kubernetes/rally/all-in-one.yaml b/functest_kubernetes/rally/all-in-one.yaml index db30194e..380666d9 100644 --- a/functest_kubernetes/rally/all-in-one.yaml +++ b/functest_kubernetes/rally/all-in-one.yaml @@ -166,31 +166,6 @@ subtasks: count: {{ namespaces_count }} with_serviceaccount: true - - title: >- - Run a single workload with create/read/check/delete pod with hostPath - volume - scenario: - Kubernetes.create_and_delete_pod_with_hostpath_volume: - image: {{ dockerhub_repo }}/busybox:1.28 - command: - - sleep - - "3600" - mount_path: /opt/check - check_cmd: - - ls - - /opt/check - error_regexp: No such file - volume_type: Directory - volume_path: /tmp/ - runner: - constant: - concurrency: {{ concurrency }} - times: {{ times }} - contexts: - namespaces: - count: {{ namespaces_count }} - with_serviceaccount: true - - title: Run a single workload with create/read/delete pod with configMap volume scenario: |