From 50b12e5f4a90eb870cd88ad4a69e40c4b2ea2f4e Mon Sep 17 00:00:00 2001 From: Cédric Ollivier Date: Sat, 13 Jan 2024 11:35:36 +0100 Subject: Enforce baseline Pod Security Standard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It allows running both security and ims testcases vs clusters where PodSecurityConfiguration enforces "restricted" [1]. [1] https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/ Change-Id: I9eb420cbb695ec8fb002f25cfd3c96ab50118fcc Signed-off-by: Cédric Ollivier (cherry picked from commit 553d57ffd4ff9c3c4f319454a4d190ac7aa4cc76) --- functest_kubernetes/security/security.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'functest_kubernetes/security') diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py index f03845a4..997a0b7a 100644 --- a/functest_kubernetes/security/security.py +++ b/functest_kubernetes/security/security.py @@ -61,7 +61,8 @@ class SecurityTesting(testcase.TestCase): assert self.job_name api_response = self.corev1.create_namespace( client.V1Namespace(metadata=client.V1ObjectMeta( - generate_name=self.ns_generate_name))) + generate_name=self.ns_generate_name, + labels={"pod-security.kubernetes.io/enforce": "baseline"}))) self.namespace = api_response.metadata.name self.__logger.debug("create_namespace: %s", api_response) with open(pkg_resources.resource_filename( -- cgit 1.2.3-korg