diff --git a/cmd/sonobuoy/app/args.go b/cmd/sonobuoy/app/args.go index 8e5723838..5aac1fbf2 100644 --- a/cmd/sonobuoy/app/args.go +++ b/cmd/sonobuoy/app/args.go @@ -36,28 +36,29 @@ import ( ) const ( - namespaceFlag = "namespace" - sonobuoyImageFlag = "sonobuoy-image" - imagePullPolicyFlag = "image-pull-policy" - forceImagePullPolicyFlag = "force-image-pull-policy" - pluginFlag = "plugin" - timeoutFlag = "timeout" - waitOutputFlag = "wait-output" - customRegistryFlag = "custom-registry" - kubeconfig = "kubeconfig" - kubecontext = "context" - e2eFocusFlag = "e2e-focus" - e2eSkipFlag = "e2e-skip" - e2eParallelFlag = "e2e-parallel" - e2eRegistryConfigFlag = "e2e-repo-config" - e2eRegistryFlag = "e2e-repo" - pluginImageFlag = "plugin-image" - filenameFlag = "filename" - retrievePathFlag = "retrieve-path" - securityContextModeFlag = "security-context-mode" - aggregatorPermissionsFlag = "aggregator-permissions" - serviceAccountNameFlag = "service-account-name" - existingServiceAccountFlag = "existing-service-account" + namespaceFlag = "namespace" + sonobuoyImageFlag = "sonobuoy-image" + imagePullPolicyFlag = "image-pull-policy" + forceImagePullPolicyFlag = "force-image-pull-policy" + pluginFlag = "plugin" + timeoutFlag = "timeout" + waitOutputFlag = "wait-output" + customRegistryFlag = "custom-registry" + kubeconfig = "kubeconfig" + kubecontext = "context" + e2eFocusFlag = "e2e-focus" + e2eSkipFlag = "e2e-skip" + e2eParallelFlag = "e2e-parallel" + e2eRegistryConfigFlag = "e2e-repo-config" + e2eRegistryFlag = "e2e-repo" + pluginImageFlag = "plugin-image" + filenameFlag = "filename" + retrievePathFlag = "retrieve-path" + securityContextModeFlag = "security-context-mode" + aggregatorPermissionsFlag = "aggregator-permissions" + serviceAccountNameFlag = "service-account-name" + existingServiceAccountFlag = "existing-service-account" + namespacePSAEnforceLevelFlag = "namespace-psa-enforce-level" ) // AddNamespaceFlag initialises a namespace flag. @@ -470,6 +471,14 @@ func AddRetrievePathFlag(str *string, flags *pflag.FlagSet) { ) } +// AddNamespacePSAEnforceLevelFlag adds a flag for labelling the namespace +func AddNamespacePSAEnforceLevelFlag(str *string, flags *pflag.FlagSet) { + flags.StringVar( + str, namespacePSAEnforceLevelFlag, config.DefaultNamespacePSAEnforceLevel, + "The PSA enforce level for the namespace.", + ) +} + // Used if we're just setting the given string as the value; focus and skip need // regexp validation first. type envVarModierFlag struct { diff --git a/cmd/sonobuoy/app/gen.go b/cmd/sonobuoy/app/gen.go index e926ae0f0..aca4ecc99 100644 --- a/cmd/sonobuoy/app/gen.go +++ b/cmd/sonobuoy/app/gen.go @@ -84,6 +84,7 @@ func GenFlagSet(cfg *genFlags, rbac RBACMode) *pflag.FlagSet { AddAggregatorPermissionsFlag(&cfg.sonobuoyConfig.AggregatorPermissions, genset) AddServiceAccountNameFlag(&cfg.sonobuoyConfig.ServiceAccountName, genset) AddExistingServiceAccountFlag(&cfg.sonobuoyConfig.ExistingServiceAccount, genset) + AddNamespacePSAEnforceLevelFlag(&cfg.sonobuoyConfig.NamespacePSAEnforceLevel, genset) AddNamespaceFlag(&cfg.sonobuoyConfig.Namespace, genset) AddDNSNamespaceFlag(&cfg.dnsNamespace, genset) diff --git a/pkg/client/gen.go b/pkg/client/gen.go index fa3646001..fba885cfd 100644 --- a/pkg/client/gen.go +++ b/pkg/client/gen.go @@ -621,8 +621,11 @@ func generateNS(w io.Writer, cfg GenConfig) error { return nil } + labels := make(map[string]string) + labels["pod-security.kubernetes.io/enforce"] = cfg.Config.NamespacePSAEnforceLevel ns := &corev1.Namespace{} ns.Name = cfg.Config.Namespace + ns.Labels = labels ns.SetGroupVersionKind(schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Namespace"}) return appendAsYAML(w, ns) } diff --git a/pkg/client/testdata/aggregatorpermissions-noncluster-admin.golden b/pkg/client/testdata/aggregatorpermissions-noncluster-admin.golden index ec91cf3e4..ff34c3865 100644 --- a/pkg/client/testdata/aggregatorpermissions-noncluster-admin.golden +++ b/pkg/client/testdata/aggregatorpermissions-noncluster-admin.golden @@ -8,7 +8,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"somethingelse","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"somethingelse","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/default-plugins-via-nil-selection.golden b/pkg/client/testdata/default-plugins-via-nil-selection.golden index 89296a8fb..d74ffac2a 100644 --- a/pkg/client/testdata/default-plugins-via-nil-selection.golden +++ b/pkg/client/testdata/default-plugins-via-nil-selection.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/default-plugins-via-selection.golden b/pkg/client/testdata/default-plugins-via-selection.golden index 80b75a239..5cccd3b2c 100644 --- a/pkg/client/testdata/default-plugins-via-selection.golden +++ b/pkg/client/testdata/default-plugins-via-selection.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/default-pod-spec.golden b/pkg/client/testdata/default-pod-spec.golden index 89296a8fb..d74ffac2a 100644 --- a/pkg/client/testdata/default-pod-spec.golden +++ b/pkg/client/testdata/default-pod-spec.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/default.golden b/pkg/client/testdata/default.golden index 89296a8fb..d74ffac2a 100644 --- a/pkg/client/testdata/default.golden +++ b/pkg/client/testdata/default.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/e2e-default.golden b/pkg/client/testdata/e2e-default.golden index 7b9538ad6..1f9d9e9a6 100644 --- a/pkg/client/testdata/e2e-default.golden +++ b/pkg/client/testdata/e2e-default.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[{"name":"e2e"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[{"name":"e2e"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/e2e-progress-custom-port.golden b/pkg/client/testdata/e2e-progress-custom-port.golden index 4eacc67ab..939a4aeb5 100644 --- a/pkg/client/testdata/e2e-progress-custom-port.golden +++ b/pkg/client/testdata/e2e-progress-custom-port.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"1234","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"1234","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/e2e-progress-vs-user-defined.golden b/pkg/client/testdata/e2e-progress-vs-user-defined.golden index 400079b5e..78d19fb70 100644 --- a/pkg/client/testdata/e2e-progress-vs-user-defined.golden +++ b/pkg/client/testdata/e2e-progress-vs-user-defined.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/e2e-progress.golden b/pkg/client/testdata/e2e-progress.golden index 7e4ac7590..b456e7f83 100644 --- a/pkg/client/testdata/e2e-progress.golden +++ b/pkg/client/testdata/e2e-progress.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/envoverrides.golden b/pkg/client/testdata/envoverrides.golden index ffccad7dd..6e4fef452 100644 --- a/pkg/client/testdata/envoverrides.golden +++ b/pkg/client/testdata/envoverrides.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/goRunnerRemoved.golden b/pkg/client/testdata/goRunnerRemoved.golden index 450a5ec5b..476d617e6 100644 --- a/pkg/client/testdata/goRunnerRemoved.golden +++ b/pkg/client/testdata/goRunnerRemoved.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/imagePullPolicy-all-plugins.golden b/pkg/client/testdata/imagePullPolicy-all-plugins.golden index 526148367..300548cf1 100644 --- a/pkg/client/testdata/imagePullPolicy-all-plugins.golden +++ b/pkg/client/testdata/imagePullPolicy-all-plugins.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ForceImagePullPolicy":true,"ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ForceImagePullPolicy":true,"ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/imagePullPolicy-not-all-plugins.golden b/pkg/client/testdata/imagePullPolicy-not-all-plugins.golden index c613de4fb..6b91255f3 100644 --- a/pkg/client/testdata/imagePullPolicy-not-all-plugins.golden +++ b/pkg/client/testdata/imagePullPolicy-not-all-plugins.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/imagePullSecrets.golden b/pkg/client/testdata/imagePullSecrets.golden index 14aed3e89..f120d4150 100644 --- a/pkg/client/testdata/imagePullSecrets.golden +++ b/pkg/client/testdata/imagePullSecrets.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"foo","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"foo","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/manual-custom-plugin-plus-e2e.golden b/pkg/client/testdata/manual-custom-plugin-plus-e2e.golden index 5dccd88bf..518daa16f 100644 --- a/pkg/client/testdata/manual-custom-plugin-plus-e2e.golden +++ b/pkg/client/testdata/manual-custom-plugin-plus-e2e.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/manual-custom-plugin-plus-systemd.golden b/pkg/client/testdata/manual-custom-plugin-plus-systemd.golden index 183085d54..f41b5234c 100644 --- a/pkg/client/testdata/manual-custom-plugin-plus-systemd.golden +++ b/pkg/client/testdata/manual-custom-plugin-plus-systemd.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/manual-custom-plugin.golden b/pkg/client/testdata/manual-custom-plugin.golden index 2ab997efd..5c3248ca1 100644 --- a/pkg/client/testdata/manual-custom-plugin.golden +++ b/pkg/client/testdata/manual-custom-plugin.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/manual-e2e.golden b/pkg/client/testdata/manual-e2e.golden index 7e4ac7590..b456e7f83 100644 --- a/pkg/client/testdata/manual-e2e.golden +++ b/pkg/client/testdata/manual-e2e.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/multiple-node-selector.golden b/pkg/client/testdata/multiple-node-selector.golden index 10f618dee..3c1652a98 100644 --- a/pkg/client/testdata/multiple-node-selector.golden +++ b/pkg/client/testdata/multiple-node-selector.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/no-plugins-via-option.golden b/pkg/client/testdata/no-plugins-via-option.golden index fdcc7314b..d8b9e7de2 100644 --- a/pkg/client/testdata/no-plugins-via-option.golden +++ b/pkg/client/testdata/no-plugins-via-option.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","SkipPlugins":true,"WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","SkipPlugins":true,"WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/plugin-configmaps.golden b/pkg/client/testdata/plugin-configmaps.golden index aed493e85..5aeedf9fa 100644 --- a/pkg/client/testdata/plugin-configmaps.golden +++ b/pkg/client/testdata/plugin-configmaps.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/plugins-and-pluginSelection.golden b/pkg/client/testdata/plugins-and-pluginSelection.golden index 0e7dce78a..104413633 100644 --- a/pkg/client/testdata/plugins-and-pluginSelection.golden +++ b/pkg/client/testdata/plugins-and-pluginSelection.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[{"name":"a"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[{"name":"a"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/single-node-selector.golden b/pkg/client/testdata/single-node-selector.golden index 210314c9c..e326c53c1 100644 --- a/pkg/client/testdata/single-node-selector.golden +++ b/pkg/client/testdata/single-node-selector.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/systemd-logs-default.golden b/pkg/client/testdata/systemd-logs-default.golden index 62b3d585d..627cd423e 100644 --- a/pkg/client/testdata/systemd-logs-default.golden +++ b/pkg/client/testdata/systemd-logs-default.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[{"name":"systemd-logs"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":[{"name":"systemd-logs"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/client/testdata/use-existing-pod-spec.golden b/pkg/client/testdata/use-existing-pod-spec.golden index 2bb1ffb60..8c1dcf46a 100644 --- a/pkg/client/testdata/use-existing-pod-spec.golden +++ b/pkg/client/testdata/use-existing-pod-spec.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -13,7 +15,7 @@ metadata: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"static-version-for-testing","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:static-version-for-testing","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/pkg/config/config.go b/pkg/config/config.go index a4636e06f..a90abc9fd 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -77,6 +77,9 @@ const ( // DefaultServiceAccountName is the default Service Account name that should be used if no customization is provided DefaultServiceAccountName = "sonobuoy-serviceaccount" + + // DefaultNamespacePSAEnforceLevel is the default Pod Security Admission level to label the Sonobouy namespace for enforcing mode + DefaultNamespacePSAEnforceLevel = "privileged" ) var ( @@ -144,14 +147,15 @@ type Config struct { /////////////////////////////////////////////// // Sonobuoy configuration /////////////////////////////////////////////// - WorkerImage string `json:"WorkerImage" mapstructure:"WorkerImage"` - ImagePullPolicy string `json:"ImagePullPolicy" mapstructure:"ImagePullPolicy"` - ForceImagePullPolicy bool `json:"ForceImagePullPolicy,omitempty" mapstructure:"ForceImagePullPolicy"` - ImagePullSecrets string `json:"ImagePullSecrets" mapstructure:"ImagePullSecrets"` - CustomAnnotations map[string]string `json:"CustomAnnotations,omitempty" mapstructure:"CustomAnnotations"` - AggregatorPermissions string `json:"AggregatorPermissions" mapstructure:"AggregatorPermissions"` - ServiceAccountName string `json:"ServiceAccountName" mapstructure:"ServiceAccountName"` - ExistingServiceAccount bool `json:"ExistingServiceAccount,omitempty" mapstructure:"ExistingServiceAccount,omitempty"` + WorkerImage string `json:"WorkerImage" mapstructure:"WorkerImage"` + ImagePullPolicy string `json:"ImagePullPolicy" mapstructure:"ImagePullPolicy"` + ForceImagePullPolicy bool `json:"ForceImagePullPolicy,omitempty" mapstructure:"ForceImagePullPolicy"` + ImagePullSecrets string `json:"ImagePullSecrets" mapstructure:"ImagePullSecrets"` + CustomAnnotations map[string]string `json:"CustomAnnotations,omitempty" mapstructure:"CustomAnnotations"` + AggregatorPermissions string `json:"AggregatorPermissions" mapstructure:"AggregatorPermissions"` + ServiceAccountName string `json:"ServiceAccountName" mapstructure:"ServiceAccountName"` + ExistingServiceAccount bool `json:"ExistingServiceAccount,omitempty" mapstructure:"ExistingServiceAccount,omitempty"` + NamespacePSAEnforceLevel string `json:"NamespacePSAEnforceLevel,omitempty" mapstructure:"NamespacePSAEnforceLevel,omitempty"` // ProgressUpdatesPort is the port on which the Sonobuoy worker will listen for status updates from its plugin. ProgressUpdatesPort string `json:"ProgressUpdatesPort,omitempty" mapstructure:"ProgressUpdatesPort"` @@ -330,6 +334,8 @@ func New() *Config { cfg.ExistingServiceAccount = false + cfg.NamespacePSAEnforceLevel = DefaultNamespacePSAEnforceLevel + return &cfg } diff --git a/scripts/build_funcs.sh b/scripts/build_funcs.sh index f4fca4998..edcca6932 100755 --- a/scripts/build_funcs.sh +++ b/scripts/build_funcs.sh @@ -194,7 +194,7 @@ build_binary_GOOS_GOARCH() { # Avoid quoting nightmare by not running in /bin/sh docker run --rm -v "$(pwd)":"$BUILDMNT" -w "$BUILDMNT" \ -e CGO_ENABLED=0 -e GOOS="$1" -e GOARCH="$2" "$BUILD_IMAGE" \ - go build -o build/"$1"/"$2"/"$BINARY" "${args[@]}" "$GOTARGET" + go build -buildvcs=false -o build/"$1"/"$2"/"$BINARY" "${args[@]}" "$GOTARGET" } # Builds all linux and windows binaries. @@ -211,7 +211,7 @@ build_binaries() { native() { LDFLAGS="-s -w -X $GOTARGET/pkg/buildinfo.Version=$GIT_VERSION -X $GOTARGET/pkg/buildinfo.GitSHA=$GIT_REF_LONG" args=(-ldflags "${LDFLAGS}" "$GOTARGET") - CGO_ENABLED=0 GOOS="$HOST_GOOS" GOARCH="$HOST_GOARCH" go build -o sonobuoy "${args[@]}" + CGO_ENABLED=0 GOOS="$HOST_GOOS" GOARCH="$HOST_GOARCH" go build -buildvcs=false -o sonobuoy "${args[@]}" mkdir -p ./build/$HOST_GOOS/$HOST_GOARCH cp ./sonobuoy ./build/$HOST_GOOS/$HOST_GOARCH/sonobuoy } diff --git a/test/integration/sonobuoy_integration_test.go b/test/integration/sonobuoy_integration_test.go index a31ea1c88..ad05cac9f 100644 --- a/test/integration/sonobuoy_integration_test.go +++ b/test/integration/sonobuoy_integration_test.go @@ -846,6 +846,10 @@ func TestExactOutput_LocalGolden(t *testing.T) { desc: "sonobuoy respects plugin imagePullPolicy unless forced via config", cmdLine: "gen --kubernetes-version=ignore -p testdata/plugins/good/setImagePullPolicy.yaml --force-image-pull-policy", expectFile: "testdata/gen-imagePullPolicy-forced.golden", + }, { + desc: "sonobuoy overrides default namespace PSA level when provided flag", + cmdLine: "gen --kubernetes-version=ignore --namespace-psa-enforce-level=baseline", + expectFile: "testdata/gen-override-namespace-psa.golden", }, } for _, tc := range testCases { diff --git a/test/integration/testdata/gen-aggregator-permissions-clusterRead.golden b/test/integration/testdata/gen-aggregator-permissions-clusterRead.golden index 5ad981e59..b3b47fe97 100644 --- a/test/integration/testdata/gen-aggregator-permissions-clusterRead.golden +++ b/test/integration/testdata/gen-aggregator-permissions-clusterRead.golden @@ -80,7 +80,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterRead","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterRead","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-aggregator-permissions-namespaced.golden b/test/integration/testdata/gen-aggregator-permissions-namespaced.golden index 5bc965d22..5a8e52483 100644 --- a/test/integration/testdata/gen-aggregator-permissions-namespaced.golden +++ b/test/integration/testdata/gen-aggregator-permissions-namespaced.golden @@ -41,7 +41,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"namespaceAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"namespaceAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-config-no-flags.golden b/test/integration/testdata/gen-config-no-flags.golden index 1b0eff1b0..9d11ae4d0 100644 --- a/test/integration/testdata/gen-config-no-flags.golden +++ b/test/integration/testdata/gen-config-no-flags.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: configfileNS --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"vSubfieldTestVersion","ResultsDir":"/tmp/sonobuoy","Resources":["apiservices","certificatesigningrequests","clusterrolebindings","clusterroles","componentstatuses","configmaps","controllerrevisions","cronjobs","customresourcedefinitions","daemonsets","deployments","endpoints","ingresses","jobs","leases","limitranges","mutatingwebhookconfigurations","namespaces","networkpolicies","nodes","persistentvolumeclaims","persistentvolumes","poddisruptionbudgets","pods","podlogs","podsecuritypolicies","podtemplates","priorityclasses","replicasets","replicationcontrollers","resourcequotas","rolebindings","roles","servergroups","serverversion","serviceaccounts","services","statefulsets","storageclasses","validatingwebhookconfigurations","volumeattachments"],"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":12345},"Plugins":[{"name":"configpluginval"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"configfileNS","WorkerImage":"configImg","ImagePullPolicy":"Never","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"vSubfieldTestVersion","ResultsDir":"/tmp/sonobuoy","Resources":["apiservices","certificatesigningrequests","clusterrolebindings","clusterroles","componentstatuses","configmaps","controllerrevisions","cronjobs","customresourcedefinitions","daemonsets","deployments","endpoints","ingresses","jobs","leases","limitranges","mutatingwebhookconfigurations","namespaces","networkpolicies","nodes","persistentvolumeclaims","persistentvolumes","poddisruptionbudgets","pods","podlogs","podsecuritypolicies","podtemplates","priorityclasses","replicasets","replicationcontrollers","resourcequotas","rolebindings","roles","servergroups","serverversion","serviceaccounts","services","statefulsets","storageclasses","validatingwebhookconfigurations","volumeattachments"],"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":12345},"Plugins":[{"name":"configpluginval"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"configfileNS","WorkerImage":"configImg","ImagePullPolicy":"Never","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-config-no-uuid.golden b/test/integration/testdata/gen-config-no-uuid.golden index 67a2d4545..cfc0f535d 100644 --- a/test/integration/testdata/gen-config-no-uuid.golden +++ b/test/integration/testdata/gen-config-no-uuid.golden @@ -1 +1 @@ -{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"} +{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"} diff --git a/test/integration/testdata/gen-config-then-flags.golden b/test/integration/testdata/gen-config-then-flags.golden index 56ef70bca..d4b8bae59 100644 --- a/test/integration/testdata/gen-config-then-flags.golden +++ b/test/integration/testdata/gen-config-then-flags.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: cmdlineNS --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"vSubfieldTestVersion","ResultsDir":"/tmp/sonobuoy","Resources":["apiservices","certificatesigningrequests","clusterrolebindings","clusterroles","componentstatuses","configmaps","controllerrevisions","cronjobs","customresourcedefinitions","daemonsets","deployments","endpoints","ingresses","jobs","leases","limitranges","mutatingwebhookconfigurations","namespaces","networkpolicies","nodes","persistentvolumeclaims","persistentvolumes","poddisruptionbudgets","pods","podlogs","podsecuritypolicies","podtemplates","priorityclasses","replicasets","replicationcontrollers","resourcequotas","rolebindings","roles","servergroups","serverversion","serviceaccounts","services","statefulsets","storageclasses","validatingwebhookconfigurations","volumeattachments"],"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":99},"Plugins":[{"name":"configpluginval"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"cmdlineNS","WorkerImage":"cmdlineimg","ImagePullPolicy":"Always","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"vSubfieldTestVersion","ResultsDir":"/tmp/sonobuoy","Resources":["apiservices","certificatesigningrequests","clusterrolebindings","clusterroles","componentstatuses","configmaps","controllerrevisions","cronjobs","customresourcedefinitions","daemonsets","deployments","endpoints","ingresses","jobs","leases","limitranges","mutatingwebhookconfigurations","namespaces","networkpolicies","nodes","persistentvolumeclaims","persistentvolumes","poddisruptionbudgets","pods","podlogs","podsecuritypolicies","podtemplates","priorityclasses","replicasets","replicationcontrollers","resourcequotas","rolebindings","roles","servergroups","serverversion","serviceaccounts","services","statefulsets","storageclasses","validatingwebhookconfigurations","volumeattachments"],"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":99},"Plugins":[{"name":"configpluginval"}],"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"cmdlineNS","WorkerImage":"cmdlineimg","ImagePullPolicy":"Always","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-imagePullPolicy-forced.golden b/test/integration/testdata/gen-imagePullPolicy-forced.golden index 5834eca9c..0c375d9d8 100644 --- a/test/integration/testdata/gen-imagePullPolicy-forced.golden +++ b/test/integration/testdata/gen-imagePullPolicy-forced.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ForceImagePullPolicy":true,"ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ForceImagePullPolicy":true,"ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-imagePullPolicy.golden b/test/integration/testdata/gen-imagePullPolicy.golden index 2a7120166..ee0f6ed91 100644 --- a/test/integration/testdata/gen-imagePullPolicy.golden +++ b/test/integration/testdata/gen-imagePullPolicy.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-issue-1375.golden b/test/integration/testdata/gen-issue-1375.golden index 45699a5ee..6404c9883 100644 --- a/test/integration/testdata/gen-issue-1375.golden +++ b/test/integration/testdata/gen-issue-1375.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-issue-1376.golden b/test/integration/testdata/gen-issue-1376.golden index 280808f19..0d0fe4572 100644 --- a/test/integration/testdata/gen-issue-1376.golden +++ b/test/integration/testdata/gen-issue-1376.golden @@ -2,6 +2,8 @@ time="STATIC_TIME_FOR_TESTING" level=warning msg="kube-conformance-image flag an apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -51,7 +53,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-issue-1388.golden b/test/integration/testdata/gen-issue-1388.golden index c634da928..b447a1611 100644 --- a/test/integration/testdata/gen-issue-1388.golden +++ b/test/integration/testdata/gen-issue-1388.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-issue-1528.golden b/test/integration/testdata/gen-issue-1528.golden index ba7a89429..249826090 100644 --- a/test/integration/testdata/gen-issue-1528.golden +++ b/test/integration/testdata/gen-issue-1528.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-kube-test-repo.golden b/test/integration/testdata/gen-kube-test-repo.golden index c06448a4b..f8a453115 100644 --- a/test/integration/testdata/gen-kube-test-repo.golden +++ b/test/integration/testdata/gen-kube-test-repo.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-mode-and-focus.golden b/test/integration/testdata/gen-mode-and-focus.golden index b618319a9..6a96c9cc7 100644 --- a/test/integration/testdata/gen-mode-and-focus.golden +++ b/test/integration/testdata/gen-mode-and-focus.golden @@ -29,6 +29,7 @@ Flags: --kubernetes-version string Use default E2E image, but override the version. Default is 'auto', which will be set to your cluster's version if detected, erroring otherwise. 'ignore' will try version resolution but ignore errors. 'latest' will find the latest dev image/version upstream. (default "") -m, --mode Mode What mode to run the e2e plugin in. Valid modes are [certified-conformance conformance-lite non-disruptive-conformance quick]. (default non-disruptive-conformance) -n, --namespace string The namespace to run Sonobuoy in. Only one Sonobuoy run can exist per namespace simultaneously. (default "sonobuoy") + --namespace-psa-enforce-level string The PSA enforce level for the namespace. (default "privileged") -p, --plugin pluginList Which plugins to run. Can either point to a URL, local file/directory, or be one of the known plugins (e2e or systemd-logs). Can be specified multiple times to run multiple plugins. --plugin-env pluginenvvar Set env vars on plugins. Values can be given multiple times and are in the form plugin.env=value (default map[]) --plugin-image plugin:image Override a plugins image from what is in its definition (e.g. myPlugin:testimage) (default map[]) diff --git a/test/integration/testdata/gen-mode-and-rerun.golden b/test/integration/testdata/gen-mode-and-rerun.golden index 7d2aec3bf..84cee6f1d 100644 --- a/test/integration/testdata/gen-mode-and-rerun.golden +++ b/test/integration/testdata/gen-mode-and-rerun.golden @@ -29,6 +29,7 @@ Flags: --kubernetes-version string Use default E2E image, but override the version. Default is 'auto', which will be set to your cluster's version if detected, erroring otherwise. 'ignore' will try version resolution but ignore errors. 'latest' will find the latest dev image/version upstream. (default "") -m, --mode Mode What mode to run the e2e plugin in. Valid modes are [certified-conformance conformance-lite non-disruptive-conformance quick]. (default non-disruptive-conformance) -n, --namespace string The namespace to run Sonobuoy in. Only one Sonobuoy run can exist per namespace simultaneously. (default "sonobuoy") + --namespace-psa-enforce-level string The PSA enforce level for the namespace. (default "privileged") -p, --plugin pluginList Which plugins to run. Can either point to a URL, local file/directory, or be one of the known plugins (e2e or systemd-logs). Can be specified multiple times to run multiple plugins. --plugin-env pluginenvvar Set env vars on plugins. Values can be given multiple times and are in the form plugin.env=value (default map[]) --plugin-image plugin:image Override a plugins image from what is in its definition (e.g. myPlugin:testimage) (default map[]) diff --git a/test/integration/testdata/gen-no-uuid.golden b/test/integration/testdata/gen-no-uuid.golden index a6e10d0e7..528a33470 100644 --- a/test/integration/testdata/gen-no-uuid.golden +++ b/test/integration/testdata/gen-no-uuid.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-override-namespace-psa.golden b/test/integration/testdata/gen-override-namespace-psa.golden new file mode 100644 index 000000000..3893e49e8 --- /dev/null +++ b/test/integration/testdata/gen-override-namespace-psa.golden @@ -0,0 +1,248 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + pod-security.kubernetes.io/enforce: baseline + name: sonobuoy +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + component: sonobuoy + name: sonobuoy-serviceaccount + namespace: sonobuoy +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + component: sonobuoy + namespace: sonobuoy + name: sonobuoy-serviceaccount-sonobuoy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: sonobuoy-serviceaccount-sonobuoy +subjects: +- kind: ServiceAccount + name: sonobuoy-serviceaccount + namespace: sonobuoy +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + component: sonobuoy + namespace: sonobuoy + name: sonobuoy-serviceaccount-sonobuoy +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - /metrics + - /logs + - /logs/* + verbs: + - get +--- +apiVersion: v1 +data: + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"baseline","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' +kind: ConfigMap +metadata: + labels: + component: sonobuoy + name: sonobuoy-config-cm + namespace: sonobuoy +--- +apiVersion: v1 +data: + plugin-0.yaml: |- + podSpec: + containers: [] + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Never + serviceAccountName: sonobuoy-serviceaccount + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - key: kubernetes.io/e2e-evict-taint-key + operator: Exists + sonobuoy-config: + driver: Job + plugin-name: e2e + result-format: junit + spec: + command: + - /run_e2e.sh + env: + - name: E2E_EXTRA_ARGS + value: --progress-report-url=http://localhost:8099/progress + - name: E2E_FOCUS + value: \[Conformance\] + - name: E2E_PARALLEL + value: "false" + - name: E2E_SKIP + value: \[Disruptive\]|NoExecuteTaintManager + - name: E2E_USE_GO_RUNNER + value: "true" + - name: RESULTS_DIR + value: /tmp/sonobuoy/results + - name: SONOBUOY + value: "true" + - name: SONOBUOY_CONFIG_DIR + value: /tmp/sonobuoy/config + - name: SONOBUOY_K8S_VERSION + value: ignore + - name: SONOBUOY_PROGRESS_PORT + value: "8099" + - name: SONOBUOY_RESULTS_DIR + value: /tmp/sonobuoy/results + image: registry.k8s.io/conformance:ignore + imagePullPolicy: IfNotPresent + name: e2e + volumeMounts: + - mountPath: /tmp/sonobuoy/results + name: results + plugin-1.yaml: |- + podSpec: + containers: [] + dnsPolicy: ClusterFirstWithHostNet + hostIPC: true + hostNetwork: true + hostPID: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: sonobuoy-serviceaccount + tolerations: + - operator: Exists + volumes: + - hostPath: + path: / + name: root + sonobuoy-config: + driver: DaemonSet + plugin-name: systemd-logs + result-format: raw + spec: + command: + - /bin/sh + - -c + - /get_systemd_logs.sh; while true; do echo "Plugin is complete. Sleeping indefinitely + to avoid container exit and automatic restarts from Kubernetes"; sleep 3600; done + env: + - name: CHROOT_DIR + value: /node + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: RESULTS_DIR + value: /tmp/sonobuoy/results + - name: SONOBUOY + value: "true" + - name: SONOBUOY_CONFIG_DIR + value: /tmp/sonobuoy/config + - name: SONOBUOY_K8S_VERSION + value: ignore + - name: SONOBUOY_PROGRESS_PORT + value: "8099" + - name: SONOBUOY_RESULTS_DIR + value: /tmp/sonobuoy/results + image: sonobuoy/systemd-logs:v0.4 + imagePullPolicy: IfNotPresent + name: systemd-logs + securityContext: + privileged: true + volumeMounts: + - mountPath: /node + name: root + - mountPath: /tmp/sonobuoy/results + name: results +kind: ConfigMap +metadata: + labels: + component: sonobuoy + name: sonobuoy-plugins-cm + namespace: sonobuoy +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + component: sonobuoy + sonobuoy-component: aggregator + tier: analysis + name: sonobuoy + namespace: sonobuoy +spec: + containers: + - args: + - aggregator + - --no-exit + - --level=info + - -v=4 + - --alsologtostderr + command: + - /sonobuoy + env: + - name: SONOBUOY_ADVERTISE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: sonobuoy/sonobuoy:*STATIC_FOR_TESTING* + imagePullPolicy: IfNotPresent + name: kube-sonobuoy + volumeMounts: + - mountPath: /etc/sonobuoy + name: sonobuoy-config-volume + - mountPath: /plugins.d + name: sonobuoy-plugins-volume + - mountPath: /tmp/sonobuoy + name: output-volume + restartPolicy: Never + securityContext: + fsGroup: 2000 + runAsGroup: 3000 + runAsUser: 1000 + serviceAccountName: sonobuoy-serviceaccount + tolerations: + - key: kubernetes.io/e2e-evict-taint-key + operator: Exists + volumes: + - configMap: + name: sonobuoy-config-cm + name: sonobuoy-config-volume + - configMap: + name: sonobuoy-plugins-cm + name: sonobuoy-plugins-volume + - emptyDir: {} + name: output-volume +--- +apiVersion: v1 +kind: Service +metadata: + labels: + component: sonobuoy + sonobuoy-component: aggregator + name: sonobuoy-aggregator + namespace: sonobuoy +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + sonobuoy-component: aggregator + type: ClusterIP +--- + diff --git a/test/integration/testdata/gen-plugin-env-sonobuoy.golden b/test/integration/testdata/gen-plugin-env-sonobuoy.golden index 67bc5458b..18daf1e95 100644 --- a/test/integration/testdata/gen-plugin-env-sonobuoy.golden +++ b/test/integration/testdata/gen-plugin-env-sonobuoy.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-plugin-renaming.golden b/test/integration/testdata/gen-plugin-renaming.golden index f23ffb1db..7874f4aae 100644 --- a/test/integration/testdata/gen-plugin-renaming.golden +++ b/test/integration/testdata/gen-plugin-renaming.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-rerunfailed-missing.golden b/test/integration/testdata/gen-rerunfailed-missing.golden index 6d28e0461..b22419367 100644 --- a/test/integration/testdata/gen-rerunfailed-missing.golden +++ b/test/integration/testdata/gen-rerunfailed-missing.golden @@ -29,6 +29,7 @@ Flags: --kubernetes-version string Use default E2E image, but override the version. Default is 'auto', which will be set to your cluster's version if detected, erroring otherwise. 'ignore' will try version resolution but ignore errors. 'latest' will find the latest dev image/version upstream. -m, --mode Mode What mode to run the e2e plugin in. Valid modes are [certified-conformance conformance-lite non-disruptive-conformance quick]. (default non-disruptive-conformance) -n, --namespace string The namespace to run Sonobuoy in. Only one Sonobuoy run can exist per namespace simultaneously. (default "sonobuoy") + --namespace-psa-enforce-level string The PSA enforce level for the namespace. (default "privileged") -p, --plugin pluginList Which plugins to run. Can either point to a URL, local file/directory, or be one of the known plugins (e2e or systemd-logs). Can be specified multiple times to run multiple plugins. --plugin-env pluginenvvar Set env vars on plugins. Values can be given multiple times and are in the form plugin.env=value (default map[]) --plugin-image plugin:image Override a plugins image from what is in its definition (e.g. myPlugin:testimage) (default map[]) diff --git a/test/integration/testdata/gen-rerunfailed-no-failures.golden b/test/integration/testdata/gen-rerunfailed-no-failures.golden index 91d175b20..7058f5f81 100644 --- a/test/integration/testdata/gen-rerunfailed-no-failures.golden +++ b/test/integration/testdata/gen-rerunfailed-no-failures.golden @@ -29,6 +29,7 @@ Flags: --kubernetes-version string Use default E2E image, but override the version. Default is 'auto', which will be set to your cluster's version if detected, erroring otherwise. 'ignore' will try version resolution but ignore errors. 'latest' will find the latest dev image/version upstream. -m, --mode Mode What mode to run the e2e plugin in. Valid modes are [certified-conformance conformance-lite non-disruptive-conformance quick]. (default non-disruptive-conformance) -n, --namespace string The namespace to run Sonobuoy in. Only one Sonobuoy run can exist per namespace simultaneously. (default "sonobuoy") + --namespace-psa-enforce-level string The PSA enforce level for the namespace. (default "privileged") -p, --plugin pluginList Which plugins to run. Can either point to a URL, local file/directory, or be one of the known plugins (e2e or systemd-logs). Can be specified multiple times to run multiple plugins. --plugin-env pluginenvvar Set env vars on plugins. Values can be given multiple times and are in the form plugin.env=value (default map[]) --plugin-image plugin:image Override a plugins image from what is in its definition (e.g. myPlugin:testimage) (default map[]) diff --git a/test/integration/testdata/gen-rerunfailed-not-tarball.golden b/test/integration/testdata/gen-rerunfailed-not-tarball.golden index b1ee4b7ee..c8c5e4dcd 100644 --- a/test/integration/testdata/gen-rerunfailed-not-tarball.golden +++ b/test/integration/testdata/gen-rerunfailed-not-tarball.golden @@ -29,6 +29,7 @@ Flags: --kubernetes-version string Use default E2E image, but override the version. Default is 'auto', which will be set to your cluster's version if detected, erroring otherwise. 'ignore' will try version resolution but ignore errors. 'latest' will find the latest dev image/version upstream. -m, --mode Mode What mode to run the e2e plugin in. Valid modes are [certified-conformance conformance-lite non-disruptive-conformance quick]. (default non-disruptive-conformance) -n, --namespace string The namespace to run Sonobuoy in. Only one Sonobuoy run can exist per namespace simultaneously. (default "sonobuoy") + --namespace-psa-enforce-level string The PSA enforce level for the namespace. (default "privileged") -p, --plugin pluginList Which plugins to run. Can either point to a URL, local file/directory, or be one of the known plugins (e2e or systemd-logs). Can be specified multiple times to run multiple plugins. --plugin-env pluginenvvar Set env vars on plugins. Values can be given multiple times and are in the form plugin.env=value (default map[]) --plugin-image plugin:image Override a plugins image from what is in its definition (e.g. myPlugin:testimage) (default map[]) diff --git a/test/integration/testdata/gen-rerunfailed-works.golden b/test/integration/testdata/gen-rerunfailed-works.golden index 3db2e6747..5b2057a0d 100644 --- a/test/integration/testdata/gen-rerunfailed-works.golden +++ b/test/integration/testdata/gen-rerunfailed-works.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-security-context-none.golden b/test/integration/testdata/gen-security-context-none.golden index cf72d3cb1..5ccb9f86d 100644 --- a/test/integration/testdata/gen-security-context-none.golden +++ b/test/integration/testdata/gen-security-context-none.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"none"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"none"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-static-only-e2e.golden b/test/integration/testdata/gen-static-only-e2e.golden index 13994223d..a9105768c 100644 --- a/test/integration/testdata/gen-static-only-e2e.golden +++ b/test/integration/testdata/gen-static-only-e2e.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"static","Version":"static","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:staticversion","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"static","Version":"static","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:staticversion","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-static.golden b/test/integration/testdata/gen-static.golden index 75a15753e..669daeb49 100644 --- a/test/integration/testdata/gen-static.golden +++ b/test/integration/testdata/gen-static.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"static","Version":"static","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:staticversion","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"static","Version":"static","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:staticversion","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-subfield-flags.golden b/test/integration/testdata/gen-subfield-flags.golden index 5b8d3e75d..757c2c5db 100644 --- a/test/integration/testdata/gen-subfield-flags.golden +++ b/test/integration/testdata/gen-subfield-flags.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: cmdlineNS --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":99},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"cmdlineNS","WorkerImage":"cmdlineimg","ImagePullPolicy":"Always","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":99},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"cmdlineNS","WorkerImage":"cmdlineimg","ImagePullPolicy":"Always","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/gen-variable-image.golden b/test/integration/testdata/gen-variable-image.golden index 49c375d50..57942b0bb 100644 --- a/test/integration/testdata/gen-variable-image.golden +++ b/test/integration/testdata/gen-variable-image.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"static","Version":"static","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:staticversion","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"static","Version":"static","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:staticversion","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/plugin-loading-installed.golden b/test/integration/testdata/plugin-loading-installed.golden index 5560d0085..5878dab3d 100644 --- a/test/integration/testdata/plugin-loading-installed.golden +++ b/test/integration/testdata/plugin-loading-installed.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: diff --git a/test/integration/testdata/plugin-loading-local.golden b/test/integration/testdata/plugin-loading-local.golden index 54dfe0002..1e4b75c75 100644 --- a/test/integration/testdata/plugin-loading-local.golden +++ b/test/integration/testdata/plugin-loading-local.golden @@ -1,6 +1,8 @@ apiVersion: v1 kind: Namespace metadata: + labels: + pod-security.kubernetes.io/enforce: privileged name: sonobuoy --- apiVersion: v1 @@ -50,7 +52,7 @@ rules: --- apiVersion: v1 data: - config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' + config.json: '{"Description":"DEFAULT","UUID":"","Version":"*STATIC_FOR_TESTING*","ResultsDir":"/tmp/sonobuoy/results","Resources":null,"Filters":{"Namespaces":".*","LabelSelector":""},"Limits":{"PodLogs":{"Namespaces":"kube-system","SonobuoyNamespace":true,"FieldSelectors":[],"LabelSelector":"","Previous":false,"SinceSeconds":null,"SinceTime":null,"Timestamps":false,"TailLines":null,"LimitBytes":null}},"QPS":30,"Burst":50,"Server":{"bindaddress":"0.0.0.0","bindport":8080,"advertiseaddress":"","timeoutseconds":21600},"Plugins":null,"PluginSearchPath":["./plugins.d","/etc/sonobuoy/plugins.d","~/sonobuoy/plugins.d"],"Namespace":"sonobuoy","WorkerImage":"sonobuoy/sonobuoy:*STATIC_FOR_TESTING*","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"","AggregatorPermissions":"clusterAdmin","ServiceAccountName":"sonobuoy-serviceaccount","NamespacePSAEnforceLevel":"privileged","ProgressUpdatesPort":"8099","SecurityContextMode":"nonroot"}' kind: ConfigMap metadata: labels: