upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/test/e2e_node
History
Sascha Grunert a66c025dc9
test/e2e_node: Update procMount test to use Restricted PSA level 
Update the procMount test expectations to match the intentional PSA
policy relaxation introduced in commit e8bd3f629d.

As of Kubernetes 1.35+, Pod Security Admission Baseline policy
allows UnmaskedProcMount for pods with user namespaces (hostUsers:
false). This was an intentional change to support nested container
use cases while maintaining security through user namespace isolation.

The test "will fail to unmask proc mounts if not privileged" was
written before this relaxation and expected Baseline level to reject
UnmaskedProcMount. Since Baseline now allows it (for user namespace
pods), the test needs to use Restricted level instead, which
unconditionally blocks UnmaskedProcMount regardless of user namespace
settings.

Changes:
- Change PSA level from Baseline to Restricted
- Update test name to clarify it's testing Restricted level behavior
- Update framework name from "proc-mount-baseline-test" to
  "proc-mount-restricted-test"

Fixes the ci-crio-userns-e2e-serial test failure that started occurring
when runtimes began reporting user namespace support.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2025-11-14 10:17:54 +01:00
..
builder Ensure we switch to k8s root directory for dockerized builds during e2e-node ci job 2025-02-27 10:05:45 -05:00
conformance stop using deprecated klog flags 2022-09-04 21:02:43 +02:00
criproxy Remove gogo-protobuf from CRI 2025-07-04 08:55:57 +02:00
environment Merge pull request #109753 from matthyx/109577 2022-05-13 07:33:49 -07:00
jenkins Remove remants of broken stuff - nvidia/autoscaling 2024-09-23 13:17:00 +00:00
kubeletconfig use PollUntilContextTimeout to replace PollImmediateWithContext in test 2023-10-19 22:50:21 +08:00
perf/workloads e2e: use error wrapping with %w 2023-02-06 15:39:13 +01:00
perftype hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
plugins/gcp-credential-provider add e2e test with the gcp-credential-provider test plugin 2025-03-11 20:36:36 -07:00
remote node e2e: add tests for Ensure Secret Image Pulls default policy 2025-11-11 11:15:53 -05:00
runner e2e node: support running the test binary under a debugger 2024-04-16 11:46:28 +02:00
services migrate pkg/kubelet/kubeletconfig to contextual logging 2025-07-17 10:16:03 +03:00
system hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
testdeviceplugin Convert k8s.io/kubelet/pkg/apis/deviceplugin from gogo to protoc 2025-07-21 10:04:01 +02:00
testing-manifests e2e: node: remove kubevirt device plugin 2023-02-22 14:04:22 +01:00
.import-restrictions e2e: dra: move gomega matchers to dedicated package 2025-05-15 20:55:17 +03:00
apparmor_test.go Copy limited pieces of code we use from runc's apparmor and utils packages 2024-10-22 09:56:22 -04:00
benchmark_util.go e2e: adapt to moved code 2022-10-06 08:19:47 +02:00
cgroup_driver_from_cri_test.go kubelet: add metric for version CRI implementation will lose support 2025-07-24 11:42:59 -04:00
checkpoint_container.go deprecate nodefeature for feature labels 2025-01-20 17:02:59 -05:00
container_lifecycle_pod_construction.go Merge pull request #128239 from HirazawaUi/fix-e2e-tests 2025-07-21 18:08:25 -07:00
container_lifecycle_test.go add e2e tests 2025-11-01 12:55:01 +08:00
container_log_rotation_test.go Fix pod delete issues in podresize tests 2025-01-21 07:25:14 +01:00
container_manager_test.go deprecate nodefeature for feature labels 2025-01-20 17:02:59 -05:00
container_metrics_test.go adjust container_spec_memory_limit_bytes e2e to range: ppc64le is 44*1024 less 2025-04-11 16:06:30 +08:00
container_restart_test.go node_e2e: fix kubelet configuration setup 2025-09-12 09:26:17 +08:00
cpu_manager_metrics_test.go e2e: node: rewrite more compatibility tests 2025-05-09 11:07:04 +02:00
cpu_manager_test.go oopsie missed two, should fix failing tests 2025-10-28 01:26:32 +00:00
criproxy_test.go Skip test if cri proxy is disabled or undefined 2025-03-06 19:10:09 +01:00
critical_pod_test.go E2E tests for pod level resources Kubelet Preemption 2025-07-24 17:08:13 +00:00
deleted_pods_test.go Make e2e node tests more resiliant by ensuring the SIGTERM trap is registered 2024-04-19 09:05:36 +02:00
density_test.go remove node special feature typos 2024-12-20 16:33:45 -05:00
device_manager_test.go Merge pull request #129168 from kannon92/drop-node-features 2025-01-23 12:07:29 -08:00
device_plugin_failures_pod_status_test.go test: Standardize labels for ResourceHealthStatus e2e tests 2025-08-07 21:40:57 +00:00
device_plugin_failures_test.go Convert k8s.io/kubelet/pkg/apis/deviceplugin from gogo to protoc 2025-07-21 10:04:01 +02:00
device_plugin_test.go Merge pull request #134918 from mariafromano-25/cleanup-sidecar-feature 2025-10-28 15:22:08 -07:00
doc.go remove import doc comments 2024-12-02 16:59:34 +01:00
dra_test.go [DRA] Add ShareID to kubelet plugin API 2025-11-06 03:28:35 +09:00
e2e_node_suite_test.go e2e: node: split kubeletconfig utilities 2025-08-11 14:46:02 +02:00
eviction_test.go Merge pull request #129240 from KevinTMtz/evict-terminated-pods-on-disk-pressure 2025-09-10 11:47:57 -07:00
framework.go e2e: enhance SIGDescribe 2023-10-10 18:15:49 +02:00
garbage_collector_test.go test: move kubelet GC tests to node conformance 2025-10-17 13:32:46 -04:00
gubernator.sh fix test/e2e_node/gubernator.sh shellcheck failures 2019-06-23 17:01:54 -07:00
hugepages_test.go Returning early if podResources is nil to avoid nil pointer dereferencing 2025-07-28 19:31:08 +00:00
image_credential_pulls.go node e2e: add tests for Ensure Secret Image Pulls default policy 2025-11-11 11:15:53 -05:00
image_gc_test.go Merge pull request #134736 from haircommander/4210-ga 2025-11-06 12:43:07 -08:00
image_id_test.go deprecate nodefeature for feature labels 2025-01-20 17:02:59 -05:00
image_list.go Update NPD to v1.34.0 2025-09-27 19:57:47 +03:00
image_pull_test.go ci: remove httpd usage while using agnhost instead 2025-09-01 20:11:18 +08:00
image_volume.go KEP 4639: Move ImageVolume to on by default beta 2025-11-06 16:26:27 -05:00
kubelet_config_dir_test.go node_e2e: fix kubelet configuration setup 2025-09-12 09:26:17 +08:00
lock_contention_linux_test.go drop NodeSpecialFeature and NodeAlphaFeature from e2e-node 2024-12-16 09:29:04 -05:00
log_path_test.go e2e: use framework labels 2023-11-01 15:17:34 +01:00
memory_manager_metrics_test.go node: memory manager: fix the mm metrics test 2024-06-17 08:51:44 +02:00
memory_manager_test.go WIP: fix e2e tests 2025-07-29 20:20:08 +02:00
mirror_pod_grace_period_test.go Increase time out for verifying metrics 2025-10-09 15:22:16 +05:30
mirror_pod_test.go Fix e2e test cases for EnvFiles 2025-11-08 10:14:00 +08:00
mount_rro_linux_test.go KEP-3857: Recursive Read-only (RRO) mounts: promote to GA 2025-02-13 20:43:35 +09:00
node_container_manager_test.go Address review comments 2025-10-31 17:41:34 +00:00
node_perf_test.go Fix pod delete issues in podresize tests 2025-01-21 07:25:14 +01:00
node_problem_detector_linux.go deprecate nodefeature for feature labels 2025-01-20 17:02:59 -05:00
node_shutdown_linux_test.go node_e2e: fix kubelet configuration setup 2025-09-12 09:26:17 +08:00
numa_alignment.go Depend on k8s.io/utils cpuset 2023-05-03 16:26:09 +00:00
oomkiller_linux_test.go update to latest cadvisor @ v0.52.0 2025-03-05 06:36:39 -05:00
os_label_rename_test.go e2e_node: refactor stopping and restarting kubelet 2024-11-06 11:34:48 +02:00
OWNERS Add ffromani as approver for kubelet resource managers and their tests 2025-01-14 13:18:40 +01:00
pids_test.go wait for pod to be ready before continuing with the test 2024-07-22 05:26:59 +00:00
pod_conditions_test.go node_e2e: fix kubelet configuration setup 2025-09-12 09:26:17 +08:00
pod_host_ips.go Remove PodHostIPs feature gates. 2024-11-06 23:10:36 -08:00
pod_hostnamefqdn_test.go /test: use a different image for hostname override e2e tests 2025-10-22 15:07:01 +02:00
pod_ips.go Fix that PodIP field is not set for terminal pod 2024-07-12 21:36:12 +02:00
pod_status_test.go fix: fix the issue of losing the pending phase after a node restart. 2024-11-07 21:10:11 +08:00
podresources_test.go updating sidecar feature to node conformance 2025-10-27 23:43:43 +00:00
pods_container_manager_test.go e2e: use framework labels 2023-11-01 15:17:34 +01:00
pods_lifecycle_termination_test.go e2e: use framework labels 2023-11-01 15:17:34 +01:00
proc_mount_test.go test/e2e_node: Update procMount test to use Restricted PSA level 2025-11-14 10:17:54 +01:00
quota_lsci_test.go e2e: find and fix reuse of test names 2025-10-17 20:19:52 +02:00
README.md Removed broken link to Analytics 2020-08-13 16:03:37 -04:00
resource_collector.go update to latest cadvisor @ v0.52.0 2025-03-05 06:36:39 -05:00
resource_metrics_test.go e2e test: Add a container_swap_limit_bytes metric 2025-07-08 12:38:18 +03:00
resource_usage_test.go e2e: use framework labels 2023-11-01 15:17:34 +01:00
restart_all_containers_test.go Keep pod in running state and prune past container status from runtime 2025-11-11 06:37:49 +00:00
restart_test.go e2e_node: refactor stopping and restarting kubelet 2024-11-06 11:34:48 +02:00
runtime_conformance_test.go node e2e: add tests for Ensure Secret Image Pulls default policy 2025-11-11 11:15:53 -05:00
runtimeclass_test.go e2e tests: set all PSa labels instead of just enforcing 2023-06-21 15:05:13 +02:00
seccompdefault_test.go e2e: use framework labels 2023-11-01 15:17:34 +01:00
security_context_test.go deprecate nodefeature for feature labels 2025-01-20 17:02:59 -05:00
split_disk_test.go Remove sleepAfterExecuting param from diskConsumingPod 2025-08-27 18:24:18 +00:00
standalone_test.go add disruptive tests 2025-11-10 09:41:02 +00:00
summary_test.go Add WithNodeConformance to KubeletPSI test context 2025-10-25 20:22:59 +09:00
swap_test.go disable in-place vertical pod scaling for non-restartable swappable containers 2025-03-20 20:43:18 +00:00
system_node_critical_test.go deprecate nodefeature for feature labels 2025-01-20 17:02:59 -05:00
terminate_pods_test.go Fix incorrect error messages 2025-10-06 00:42:21 +08:00
topology_manager_metrics_test.go e2e: node: rewrite more compatibility tests 2025-05-09 11:07:04 +02:00
topology_manager_test.go e2e: node: linter fix 2025-08-11 15:14:46 +02:00
unknown_pods_test.go e2e_node: refactor stopping and restarting kubelet 2024-11-06 11:34:48 +02:00
user_namespaces_test.go Merge pull request #134695 from kannon92/procmount-usernamespace 2025-10-17 21:56:40 -07:00
util.go KEP-5471: Extend tolerations operators (#134665) 2025-11-10 12:42:54 -08:00
util_criproxy_linux.go e2e: node: trivial rename 2025-08-11 14:46:07 +02:00
util_kubeletconfig.go Remove getLocalNode to fix GracefulNodeShutdown e2e. 2025-09-08 12:20:55 +00:00
util_machineinfo_linux.go e2e: node: address linter errors 2025-08-28 13:24:02 +02:00
util_machineinfo_unsupported.go e2e: node: address linter errors 2025-08-28 13:24:02 +02:00
util_sampledevice.go test: Fix path to e2e node sample device plugin 2023-03-02 19:22:59 -08:00
util_sriov.go Fix Go vet errors for master golang 2024-09-20 12:36:38 +05:30
util_sriov_linux.go e2e: TM: add option to fail instead of skip 2021-09-13 13:23:36 +02:00
util_sriov_unsupported.go e2e: TM: add option to fail instead of skip 2021-09-13 13:23:36 +02:00
util_xfs_linux.go generated: Run hack/update-gofmt.sh 2021-08-24 15:47:49 -04:00
util_xfs_unsupported.go generated: Run hack/update-gofmt.sh 2021-08-24 15:47:49 -04:00
volume_manager_test.go e2e: use framework labels 2023-11-01 15:17:34 +01:00

README.md

See e2e-node-tests