diff --git a/other/require-base-image/.chainsaw-test/pod-good.yaml b/other/require-base-image/.chainsaw-test/pod-good.yaml index 3a6733f37..7ee5d23b3 100644 --- a/other/require-base-image/.chainsaw-test/pod-good.yaml +++ b/other/require-base-image/.chainsaw-test/pod-good.yaml @@ -17,8 +17,6 @@ metadata: namespace: require-base-image-ns spec: containers: - - name: myapp - image: ghcr.io/samj1912/myapp:latest - name: kyverno image: ghcr.io/kyverno/kyverno:latest --- diff --git a/other/require-base-image/.chainsaw-test/podcontroller-good.yaml b/other/require-base-image/.chainsaw-test/podcontroller-good.yaml index 590e49a81..384407efb 100644 --- a/other/require-base-image/.chainsaw-test/podcontroller-good.yaml +++ b/other/require-base-image/.chainsaw-test/podcontroller-good.yaml @@ -32,11 +32,8 @@ spec: jobTemplate: spec: template: - metadata: spec: containers: - - name: myapp - image: ghcr.io/samj1912/myapp:latest - name: kyverno image: ghcr.io/kyverno/kyverno:latest restartPolicy: OnFailure \ No newline at end of file diff --git a/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml b/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml index d6bd83a50..046fce12a 100644 --- a/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml +++ b/pod-security-cel/restricted/disallow-privilege-escalation/.chainsaw-test/podcontroller-bad.yaml @@ -15,6 +15,9 @@ spec: containers: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: true --- apiVersion: apps/v1 kind: Deployment @@ -53,6 +56,8 @@ spec: containers: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 + securityContext: + allowPrivilegeEscalation: true - name: container02 image: ghcr.io/kyverno/test-busybox:1.35 securityContext: @@ -80,7 +85,7 @@ spec: - name: container02 image: ghcr.io/kyverno/test-busybox:1.35 securityContext: - allowPrivilegeEscalation: false + allowPrivilegeEscalation: true --- apiVersion: apps/v1 kind: Deployment @@ -99,6 +104,8 @@ spec: initContainers: - name: initcontainer01 image: ghcr.io/kyverno/test-busybox:1.35 + securityContext: + allowPrivilegeEscalation: true containers: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 @@ -129,8 +136,6 @@ spec: containers: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 - securityContext: - allowPrivilegeEscalation: false --- apiVersion: batch/v1 kind: CronJob @@ -146,6 +151,9 @@ spec: containers: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: true --- apiVersion: batch/v1 kind: CronJob @@ -178,10 +186,12 @@ spec: containers: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 + securityContext: + allowPrivilegeEscalation: true - name: container02 image: ghcr.io/kyverno/test-busybox:1.35 securityContext: - allowPrivilegeEscalation: false + allowPrivilegeEscalation: true --- apiVersion: batch/v1 kind: CronJob @@ -222,7 +232,7 @@ spec: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 securityContext: - allowPrivilegeEscalation: false + allowPrivilegeEscalation: true --- apiVersion: batch/v1 kind: CronJob @@ -246,5 +256,5 @@ spec: - name: container01 image: ghcr.io/kyverno/test-busybox:1.35 securityContext: - allowPrivilegeEscalation: false + allowPrivilegeEscalation: true --- \ No newline at end of file