Konformitätstest Komm.ONE Rancher Namespace
Ausführung Schritte
rancher kubectl apply -k k8s-manifests/
rancher kubectl logs igbvc-conformance-test--1-m7gcp -n igbvc-conformance-test
Ergebnis
Pod Log
conform:
must: []
should: []
nonconform:
must:
- expectation: Forbidden
podname: restrict-external-ips-bad
result: Bad Request
- expectation: Forbidden
podname: disallow-host-ports-bad-1
result: Unprocessable Entity
- expectation: Forbidden
podname: disallow-host-ports-bad-2
result: Unprocessable Entity
- expectation: Forbidden
podname: require-default-proc-mount-bad-1
result: created
- expectation: Forbidden
podname: require-default-proc-mount-bad-2
result: created
- expectation: Forbidden
podname: restrict-image-registries-bad
result: created
- expectation: Forbidden
podname: disallow-latest-tag-bad-1
result: created
- expectation: Forbidden
podname: disallow-latest-tag-bad-2
result: created
- expectation: Forbidden
podname: host-namespaces-bad
result: created
- expectation: Forbidden
podname: disallow-host-path-bad
result: created
- expectation: Forbidden
podname: disallow-privileged-containers-bad
result: created
- expectation: Forbidden
podname: disallow-add-capabilities-bad-1
result: created
- expectation: Forbidden
podname: disallow-add-capabilities-bad-2
result: created
should:
- expectation: Forbidden
podname: disallow-selinux-options-bad-1
result: created
- expectation: Forbidden
podname: disallow-selinux-options-bad-2
result: created
- expectation: Forbidden
podname: disallow-selinux-options-bad-3
result: created
- expectation: Forbidden
podname: require-run-as-non-root-bad-1
result: created
- expectation: Forbidden
podname: require-run-as-non-root-bad-2
result: created
- expectation: Forbidden
podname: require-run-as-non-root-bad-3
result: created
- expectation: Forbidden
podname: require-uid-greater-than-2000-bad-1
result: created
- expectation: Forbidden
podname: require-uid-greater-than-2000-bad-2
result: created
- expectation: Forbidden
podname: ghost-without-readonly-rootfilesystem
result: created
- expectation: Forbidden
podname: require-limits-and-requests-bad-1
result: created
- expectation: Forbidden
podname: require-limits-and-requests-bad-2
result: created
- expectation: Forbidden
podname: require-limits-and-requests-bad-3
result: created
- expectation: Forbidden
podname: require-non-root-groups-bad-1
result: created
- expectation: Forbidden
podname: require-non-root-groups-bad-2
result: created
- expectation: Forbidden
podname: require-non-root-groups-bad-3
result: created
- expectation: Forbidden
podname: require-non-root-groups-bad-4
result: created
- expectation: Forbidden
podname: require-non-root-groups-bad-5
result: created
- expectation: Forbidden
podname: disallow-default-serviceaccount-bad-1
result: created
- expectation: Forbidden
podname: disallow-default-serviceaccount-bad-2
result: created
- expectation: Forbidden
podname: already-taken-user
result: created
- expectation: Forbidden
podname: restrict-sysctls-bad
result: created
- expectation: Forbidden
podname: always-pullpolicy-bad
result: created
- expectation: Forbidden
podname: deny-privilege-escalation-bad
result: created
- expectation: Forbidden
podname: require-health-and-liveness-check-bad-1
result: Unprocessable Entity
- expectation: Forbidden
podname: require-health-and-liveness-check-bad-2
result: Unprocessable Entity
- expectation: Forbidden
podname: restrict-apparmor-bad
result: Unprocessable Entity