Skip to content
CI

Update submodules/gatekeeper-library digest to e3855f5 #4992

Sign in to view logs

Update submodules/gatekeeper-library digest to e3855f5

Update submodules/gatekeeper-library digest to e3855f5 #4992

GitHub Actions / Test results (kyverno) static policy failed Jan 15, 2025 in 1s

21 passed, 3 failed and 0 skipped

Tests failed

❌ report.xml

24 tests were completed in 70s with 21 passed, 3 failed and 0 skipped.

Test suite Passed Failed Skipped Time
tests.bats 21✅ 3❌ 70s

❌ tests.bats

❌ privileged
	(from function `setup' in test file tests/tests.bats, line 10)
❌ hostPID
	(from function `setup' in test file tests/tests.bats, line 10)
✅ hostIPC
✅ hostNetwork
✅ hostPorts
✅ volumes
✅ allowedHostPaths
✅ allowedFlexVolumes
✅ readOnlyRootFilesystem
✅ runAsUser
✅ runAsGroup
✅ supplementalGroups
✅ fsgroup
✅ allowPrivilegeEscalation
✅ defaultAllowPrivilegeEscalation
✅ allowedCapabilities
✅ defaultAddCapabilities
✅ requiredDropCapabilities
✅ seLinux
✅ allowedProcMountTypes
❌ apparmor
	(from function `setup' in test file tests/tests.bats, line 31)
✅ seccomp
✅ forbiddenSysctls
✅ allowedUnsafeSysctls

Annotations

Check failure on line 0 in report.xml

See this annotation in the file changed.

@github-actions github-actions / Test results (kyverno) static policy

tests.bats ► privileged 

Failed test found in:
  report.xml
Error:
  (from function `setup' in test file tests/tests.bats, line 10)
Raw output 
(from function `setup' in test file tests/tests.bats, line 10)
  `kubectl apply -f tests/${testcase}/${SYSTEM}.yaml' failed
Error from server (InternalError): error when creating "tests/privileged/kyverno.yaml": Internal error occurred: failed calling webhook "mutate-policy.kyverno.svc": failed to call webhook: Post "https://kyverno-svc.kyverno.svc:443/policymutate?timeout=10s": dial tcp 10.96.50.77:443: connect: connection refused
Error from server (NotFound): error when deleting "tests/privileged/allowed.yaml": pods "nginx-privileged-allowed" not found
Error from server (NotFound): error when deleting "tests/privileged/disallowed.yaml": pods "nginx-privileged-disallowed" not found
Error from server (NotFound): error when deleting "tests/privileged/kyverno.yaml": clusterpolicies.kyverno.io "psp-privileged-container" not found
Error from server (NotFound): clusterpolicies.kyverno.io "psp-privileged-container" not found

Check failure on line 0 in report.xml

See this annotation in the file changed.

@github-actions github-actions / Test results (kyverno) static policy

tests.bats ► hostPID 

Failed test found in:
  report.xml
Error:
  (from function `setup' in test file tests/tests.bats, line 10)
Raw output 
(from function `setup' in test file tests/tests.bats, line 10)
  `kubectl apply -f tests/${testcase}/${SYSTEM}.yaml' failed
Error from server (InternalError): error when creating "tests/hostPID/kyverno.yaml": Internal error occurred: failed calling webhook "mutate-policy.kyverno.svc": failed to call webhook: Post "https://kyverno-svc.kyverno.svc:443/policymutate?timeout=10s": dial tcp 10.96.50.77:443: connect: connection refused
Error from server (NotFound): error when deleting "tests/hostPID/allowed.yaml": pods "nginx-host-namespace-allowed" not found
Error from server (NotFound): error when deleting "tests/hostPID/disallowed.yaml": pods "nginx-host-namespace-disallowed" not found
Error from server (NotFound): error when deleting "tests/hostPID/kyverno.yaml": clusterpolicies.kyverno.io "psp-host-namespace" not found
Error from server (NotFound): clusterpolicies.kyverno.io "psp-host-namespace" not found

Check failure on line 0 in report.xml

See this annotation in the file changed.

@github-actions github-actions / Test results (kyverno) static policy

tests.bats ► apparmor 

Failed test found in:
  report.xml
Error:
  (from function `setup' in test file tests/tests.bats, line 31)
Raw output 
(from function `setup' in test file tests/tests.bats, line 31)
  `kubectl apply -f tests/${testcase}/allowed.yaml' failed
clusterpolicy.kyverno.io/psp-apparmor created
Error from server: error when creating "tests/apparmor/allowed.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:

resource Pod/default/nginx-apparmor-allowed was blocked due to the following policies

psp-apparmor:
  app-armor: 'validation error: Specifying other AppArmor profiles is disallowed.
    The annotation container.apparmor.security.beta.kubernetes.io must not be defined,
    or must not be set to anything other than `runtime/default`. rule app-armor failed
    at path /metadata/annotations/container.apparmor.security.beta.kubernetes.io/nginx/'
Error from server (NotFound): error when deleting "tests/apparmor/allowed.yaml": pods "nginx-apparmor-allowed" not found
Error from server (NotFound): error when deleting "tests/apparmor/disallowed.yaml": pods "nginx-apparmor-disallowed" not found
clusterpolicy.kyverno.io "psp-apparmor" deleted
Error from server (NotFound): clusterpolicies.kyverno.io "psp-apparmor" not found
View more details on GitHub Actions