Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix Security Context should run with an image specified user ID #82817

Merged
merged 1 commit into from
Oct 18, 2019
Merged

fix Security Context should run with an image specified user ID #82817

merged 1 commit into from
Oct 18, 2019

Conversation

zouyee
Copy link
Member

@zouyee zouyee commented Sep 18, 2019
edited

What type of PR is this?
/kind failing-test

What this PR does / why we need it:
Add "gcr.io/kubernetes-e2e-test-images/nonroot:1.0" into the white list

Which issue(s) this PR fixes:

Fixes #82816

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

/cc @odinuge @alejandrox1 @oomichi @tallclair

@k8s-ci-robot k8s-ci-robot added the release-note-none Denotes a PR that doesn't merit a release note. label Sep 18, 2019
@k8s-ci-robot k8s-ci-robot added kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/test sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 18, 2019
odinuge
odinuge reviewed Sep 18, 2019
View reviewed changes
Copy link
Member

@odinuge odinuge left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for looking into this!

This looks good to me, but there is also another PR https://github.com/kubernetes/kubernetes/pull/82155/files adding it to the image list test/e2e/common/util.go. Both approaches should work, and I am not sure what the best approach is. Defering that to someone from sig-testing.

/cc @oomichi

@oomichi
Copy link
Member

oomichi commented Sep 23, 2019

One of example of the failures is https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/ci-kubernetes-node-kubelet-orphans/1176059029915439107
The error message is

[k8s.io] Security Context When creating a container with runAsNonRoot should run with an image specified user ID expand_less
/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/common/security_context.go:145 Image "gcr.io/kubernetes-e2e-test-images/nonroot:1.0" is not in the white list, consider adding it to CommonImageWhiteList in test/e2e/common/util.go or NodeImageWhiteList in test/e2e_node/image_list.go Expected     <bool>: false to be true /go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/test/e2e/framework/pods.go:210

And the corresponding issue of this PR is for fixing [Failing Test] Security Context should run with an image specified user ID which is in test/e2e/common/security_context.go not e2e node test.
So I guess CommonImageWhiteList in test/e2e/common/util.go is good place to fix the issue.

fix Security Context should run with an image specified user ID
5165348 
Signed-off-by: Zou Nengren <zouyee1989@gmail.com>
@zouyee
Copy link
Member Author

zouyee commented Sep 24, 2019

/retest

@oomichi
Copy link
Member

oomichi commented Sep 24, 2019

Thanks for updating

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 24, 2019
@zouyee
Copy link
Member Author

zouyee commented Sep 29, 2019

/priority important-soon

@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 29, 2019
@zouyee
Copy link
Member Author

zouyee commented Oct 8, 2019

/cc @liggitt

@liggitt
Copy link
Member

liggitt commented Oct 8, 2019

this looks identical to #82155

/assign @Random-Liu

@oomichi
Copy link
Member

oomichi commented Oct 18, 2019

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: oomichi, zouyee

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 18, 2019
@k8s-ci-robot k8s-ci-robot merged commit b5c74a3 into kubernetes:master Oct 18, 2019
@k8s-ci-robot k8s-ci-robot added this to the v1.17 milestone Oct 18, 2019
@zouyee zouyee deleted the scpq branch October 19, 2019 00:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@odinuge odinuge odinuge left review comments

@alejandrox1 alejandrox1 Awaiting requested review from alejandrox1

@oomichi oomichi Awaiting requested review from oomichi

@tallclair tallclair Awaiting requested review from tallclair

@liggitt liggitt Awaiting requested review from liggitt

Assignees

@oomichi oomichi

@Random-Liu Random-Liu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-none Denotes a PR that doesn't merit a release note. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.17
Development

Successfully merging this pull request may close these issues.

[Failing Test] Security Context should run with an image specified user ID
6 participants
@zouyee @oomichi @liggitt @k8s-ci-robot @odinuge @Random-Liu