kubernetes

upstream/kubernetes

Fork 0

mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00

Commit graph

Author	SHA1	Message	Date
Sascha Grunert	1abe2c4860	Fix credential test by setting AlwaysVerify policy The test expects unauthorized pods to be blocked from accessing cached private images, but the default policy (NeverVerifyPreloadedImages) allows access to any image previously pulled by the kubelet. Configure the kubelet to use AlwaysVerify policy for this test, which enforces credential checks for all images regardless of pull history. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>	2026-01-13 13:52:43 +01:00
Sascha Grunert	cb011623c8	test: Fix image credential pulls test for CRI-O digest handling This commit fixes the image credential pulls test by ensuring GetImageRef and PullImage return the same digest reference format for credential validation. The test was failing because: 1. PullImage returns a digest reference (e.g., localhost:5000/pause@sha256:abc...) 2. Pull records were stored under this digest 3. GetImageRef returned Image.Id (config hash) instead of a digest reference 4. Credential validation failed due to the lookup mismatch Signed-off-by: Sascha Grunert <sgrunert@redhat.com>	2025-12-11 16:10:06 +01:00
Stanislav Láznička	805eb885e3	node e2e: add tests for Ensure Secret Image Pulls default policy Signed-off-by: Stanislav Láznička <slznika@microsoft.com> Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2025-11-11 11:15:53 -05:00

Author

SHA1

Message

Date

Sascha Grunert

1abe2c4860

Fix credential test by setting AlwaysVerify policy

The test expects unauthorized pods to be blocked from accessing cached
private images, but the default policy (NeverVerifyPreloadedImages)
allows access to any image previously pulled by the kubelet.

Configure the kubelet to use AlwaysVerify policy for this test, which
enforces credential checks for all images regardless of pull history.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

2026-01-13 13:52:43 +01:00

Sascha Grunert

cb011623c8

test: Fix image credential pulls test for CRI-O digest handling

This commit fixes the image credential pulls test by ensuring GetImageRef
and PullImage return the same digest reference format for credential validation.

The test was failing because:
1. PullImage returns a digest reference (e.g., localhost:5000/pause@sha256:abc...)
2. Pull records were stored under this digest
3. GetImageRef returned Image.Id (config hash) instead of a digest reference
4. Credential validation failed due to the lookup mismatch

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

2025-12-11 16:10:06 +01:00

Stanislav Láznička

805eb885e3

node e2e: add tests for Ensure Secret Image Pulls default policy

Signed-off-by: Stanislav Láznička <slznika@microsoft.com>

Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com>

2025-11-11 11:15:53 -05:00

3 commits