Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update submodules/gatekeeper-library digest to b1c2c88 #726

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Update submodules/gatekeeper-library digest to b1c2c88

7af8130
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Open

Update submodules/gatekeeper-library digest to b1c2c88 #726

Update submodules/gatekeeper-library digest to b1c2c88
7af8130
Select commit
Loading
Failed to load commit list.
GitHub Actions / Test results (kyverno) static policy failed Feb 14, 2025 in 0s

21 passed, 3 failed and 0 skipped

Tests failed

❌ report.xml

24 tests were completed in 68s with 21 passed, 3 failed and 0 skipped.

Test suite Passed Failed Skipped Time
tests.bats 21βœ… 3❌ 68s

❌ tests.bats

❌ privileged
	(from function `setup' in test file tests/tests.bats, line 10)
❌ hostPID
	(from function `setup' in test file tests/tests.bats, line 10)
βœ… hostIPC
βœ… hostNetwork
βœ… hostPorts
βœ… volumes
βœ… allowedHostPaths
βœ… allowedFlexVolumes
βœ… readOnlyRootFilesystem
βœ… runAsUser
βœ… runAsGroup
βœ… supplementalGroups
βœ… fsgroup
βœ… allowPrivilegeEscalation
βœ… defaultAllowPrivilegeEscalation
βœ… allowedCapabilities
βœ… defaultAddCapabilities
βœ… requiredDropCapabilities
βœ… seLinux
βœ… allowedProcMountTypes
❌ apparmor
	(from function `setup' in test file tests/tests.bats, line 31)
βœ… seccomp
βœ… forbiddenSysctls
βœ… allowedUnsafeSysctls

Annotations

Check failure on line 0 in report.xml

See this annotation in the file changed.

@github-actions github-actions / Test results (kyverno) static policy

tests.bats β–Ί privileged 

Failed test found in:
  report.xml
Error:
  (from function `setup' in test file tests/tests.bats, line 10)
Raw output 
(from function `setup' in test file tests/tests.bats, line 10)
  `kubectl apply -f tests/${testcase}/${SYSTEM}.yaml' failed
Error from server (InternalError): error when creating "tests/privileged/kyverno.yaml": Internal error occurred: failed calling webhook "mutate-policy.kyverno.svc": failed to call webhook: Post "https://kyverno-svc.kyverno.svc:443/policymutate?timeout=10s": dial tcp 10.96.38.112:443: connect: connection refused
Error from server (NotFound): error when deleting "tests/privileged/allowed.yaml": pods "nginx-privileged-allowed" not found
Error from server (NotFound): error when deleting "tests/privileged/disallowed.yaml": pods "nginx-privileged-disallowed" not found
Error from server (NotFound): error when deleting "tests/privileged/kyverno.yaml": clusterpolicies.kyverno.io "psp-privileged-container" not found
Error from server (NotFound): clusterpolicies.kyverno.io "psp-privileged-container" not found

Check failure on line 0 in report.xml

See this annotation in the file changed.

@github-actions github-actions / Test results (kyverno) static policy

tests.bats β–Ί hostPID 

Failed test found in:
  report.xml
Error:
  (from function `setup' in test file tests/tests.bats, line 10)
Raw output 
(from function `setup' in test file tests/tests.bats, line 10)
  `kubectl apply -f tests/${testcase}/${SYSTEM}.yaml' failed
Error from server (InternalError): error when creating "tests/hostPID/kyverno.yaml": Internal error occurred: failed calling webhook "mutate-policy.kyverno.svc": failed to call webhook: Post "https://kyverno-svc.kyverno.svc:443/policymutate?timeout=10s": dial tcp 10.96.38.112:443: connect: connection refused
Error from server (NotFound): error when deleting "tests/hostPID/allowed.yaml": pods "nginx-host-namespace-allowed" not found
Error from server (NotFound): error when deleting "tests/hostPID/disallowed.yaml": pods "nginx-host-namespace-disallowed" not found
Error from server (NotFound): error when deleting "tests/hostPID/kyverno.yaml": clusterpolicies.kyverno.io "psp-host-namespace" not found
Error from server (NotFound): clusterpolicies.kyverno.io "psp-host-namespace" not found

Check failure on line 0 in report.xml

See this annotation in the file changed.

@github-actions github-actions / Test results (kyverno) static policy

tests.bats β–Ί apparmor 

Failed test found in:
  report.xml
Error:
  (from function `setup' in test file tests/tests.bats, line 31)
Raw output 
(from function `setup' in test file tests/tests.bats, line 31)
  `kubectl apply -f tests/${testcase}/allowed.yaml' failed
clusterpolicy.kyverno.io/psp-apparmor created
Error from server: error when creating "tests/apparmor/allowed.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:

resource Pod/default/nginx-apparmor-allowed was blocked due to the following policies

psp-apparmor:
  app-armor: 'validation error: Specifying other AppArmor profiles is disallowed.
    The annotation container.apparmor.security.beta.kubernetes.io must not be defined,
    or must not be set to anything other than `runtime/default`. rule app-armor failed
    at path /metadata/annotations/container.apparmor.security.beta.kubernetes.io/nginx/'
Error from server (NotFound): error when deleting "tests/apparmor/allowed.yaml": pods "nginx-apparmor-allowed" not found
Error from server (NotFound): error when deleting "tests/apparmor/disallowed.yaml": pods "nginx-apparmor-disallowed" not found
clusterpolicy.kyverno.io "psp-apparmor" deleted
Error from server (NotFound): clusterpolicies.kyverno.io "psp-apparmor" not found
View more details on GitHub Actions