diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-13 12:15:54 +0100 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2024-01-13 12:15:54 +0100 |
commit | 1bd69d63994d66582f4e7967e4a1f703dc247c69 (patch) | |
tree | 0cf0eaaf3c71fb49cd4a235aec92ed25a940e2b0 /functest_kubernetes/security | |
parent | 553d57ffd4ff9c3c4f319454a4d190ac7aa4cc76 (diff) |
Apply privileged pod security standard to kube-bench
Change-Id: I0336d73f8a9663ef259adfe4377ce20499844021
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Diffstat (limited to 'functest_kubernetes/security')
-rw-r--r-- | functest_kubernetes/security/security.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py index 997a0b7a..2cd345cd 100644 --- a/functest_kubernetes/security/security.py +++ b/functest_kubernetes/security/security.py @@ -51,6 +51,7 @@ class SecurityTesting(testcase.TestCase): self.output_debug_log_name = 'functest-kubernetes.debug.log' self.namespace = "" self.ns_generate_name = "security-" + self.pss = "baseline" def deploy_job(self): """Run Security job @@ -62,7 +63,7 @@ class SecurityTesting(testcase.TestCase): api_response = self.corev1.create_namespace( client.V1Namespace(metadata=client.V1ObjectMeta( generate_name=self.ns_generate_name, - labels={"pod-security.kubernetes.io/enforce": "baseline"}))) + labels={"pod-security.kubernetes.io/enforce": self.pss}))) self.namespace = api_response.metadata.name self.__logger.debug("create_namespace: %s", api_response) with open(pkg_resources.resource_filename( @@ -201,6 +202,7 @@ class KubeBench(SecurityTesting): super().__init__(**kwargs) self.job_name = "kube-bench" self.ns_generate_name = "kube-bench-" + self.pss = "privileged" def run(self, **kwargs): self.job_name = f'kube-bench-{kwargs.get("target", "node")}' |