mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-10-31 02:08:13 +00:00
restrict permitted e2e images to known images list
allows tag bumps, but prevents adding new images to e2e without test/images approval adds a pointer to agnhost as preferred before adding new images
This commit is contained in:
Benjamin Elder
53
hack/verify-e2e-images.sh
Executable file
53
hack/verify-e2e-images.sh
Executable file
@@ -0,0 +1,53 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright 2024 The Kubernetes Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
|
||||
cd "${KUBE_ROOT}"
|
||||
|
||||
source hack/lib/init.sh
|
||||
|
||||
# NOTE: Please do NOT add any to this list!!
|
||||
#
|
||||
# We are aiming to consolidate on: registry.k8s.io/e2e-test-images/agnhost
|
||||
# The sources for which are in test/images/agnhost.
|
||||
# If agnhost is missing functionality for your tests, please reach out to SIG Testing.
|
||||
kube::util::read-array PERMITTED_IMAGES < <(sed '/^#/d' ./test/images/.permitted-images)
|
||||
|
||||
# get current list of images, ignoring tags
|
||||
echo "Getting e2e image list ..."
|
||||
make WHAT=test/e2e/e2e.test
|
||||
e2e_test="$(kube::util::find-binary e2e.test)"
|
||||
kube::util::read-array IMAGES < <("${e2e_test}" --list-images | sed -E 's/^(.+):[^:]+$/\1/' | LC_ALL=C sort -u)
|
||||
|
||||
# diff versus known permitted images
|
||||
ret=0
|
||||
>&2 echo "Diffing e2e image list ..."
|
||||
diff -Naupr <(printf '%s\n' "${IMAGES[@]}") <(printf '%s\n' "${PERMITTED_IMAGES[@]}") || ret=$?
|
||||
if [[ $ret -eq 0 ]]; then
|
||||
>&2 echo "PASS: e2e images used are OK."
|
||||
else
|
||||
>&2 echo "FAIL: e2e images do not match the approved list!"
|
||||
>&2 echo ""
|
||||
>&2 echo "Please use registry.k8s.io/e2e-test-images/agnhost wherever possible, we are consolidating test images."
|
||||
>&2 echo "See: test/images/agnhost/README.md"
|
||||
>&2 echo ""
|
||||
>&2 echo "You can reach out to https://git.k8s.io/community/sig-testing for help."
|
||||
exit 1
|
||||
fi
|
||||
49
test/images/.permitted-images
Normal file
49
test/images/.permitted-images
Normal file
@@ -0,0 +1,49 @@
|
||||
# NOTE: Please do NOT add any to this list!!
|
||||
#
|
||||
# We are aiming to consolidate on: registry.k8s.io/e2e-test-images/agnhost
|
||||
# The sources for which are in test/images/agnhost.
|
||||
# If agnhost is missing functionality for your tests, please reach out to SIG Testing.
|
||||
gcr.io/authenticated-image-pulling/alpine
|
||||
gcr.io/authenticated-image-pulling/windows-nanoserver
|
||||
gcr.io/k8s-authenticated-test/agnhost
|
||||
invalid.registry.k8s.io/invalid/alpine
|
||||
registry.k8s.io/build-image/distroless-iptables
|
||||
registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver
|
||||
registry.k8s.io/e2e-test-images/agnhost
|
||||
registry.k8s.io/e2e-test-images/apparmor-loader
|
||||
registry.k8s.io/e2e-test-images/busybox
|
||||
registry.k8s.io/e2e-test-images/cuda-vector-add
|
||||
registry.k8s.io/e2e-test-images/httpd
|
||||
registry.k8s.io/e2e-test-images/ipc-utils
|
||||
registry.k8s.io/e2e-test-images/jessie-dnsutils
|
||||
registry.k8s.io/e2e-test-images/kitten
|
||||
registry.k8s.io/e2e-test-images/nautilus
|
||||
registry.k8s.io/e2e-test-images/nginx
|
||||
registry.k8s.io/e2e-test-images/node-perf/npb-ep
|
||||
registry.k8s.io/e2e-test-images/node-perf/npb-is
|
||||
registry.k8s.io/e2e-test-images/node-perf/tf-wide-deep
|
||||
registry.k8s.io/e2e-test-images/nonewprivs
|
||||
registry.k8s.io/e2e-test-images/nonroot
|
||||
registry.k8s.io/e2e-test-images/perl
|
||||
registry.k8s.io/e2e-test-images/redis
|
||||
registry.k8s.io/e2e-test-images/regression-issue-74839
|
||||
registry.k8s.io/e2e-test-images/resource-consumer
|
||||
registry.k8s.io/e2e-test-images/sample-apiserver
|
||||
registry.k8s.io/e2e-test-images/volume/iscsi
|
||||
registry.k8s.io/e2e-test-images/volume/nfs
|
||||
registry.k8s.io/etcd
|
||||
registry.k8s.io/pause
|
||||
registry.k8s.io/prometheus-dummy-exporter
|
||||
registry.k8s.io/prometheus-to-sd
|
||||
registry.k8s.io/sd-dummy-exporter
|
||||
registry.k8s.io/sig-storage/csi-attacher
|
||||
registry.k8s.io/sig-storage/csi-external-health-monitor-controller
|
||||
registry.k8s.io/sig-storage/csi-node-driver-registrar
|
||||
registry.k8s.io/sig-storage/csi-provisioner
|
||||
registry.k8s.io/sig-storage/csi-resizer
|
||||
registry.k8s.io/sig-storage/csi-snapshotter
|
||||
registry.k8s.io/sig-storage/hello-populator
|
||||
registry.k8s.io/sig-storage/hostpathplugin
|
||||
registry.k8s.io/sig-storage/livenessprobe
|
||||
registry.k8s.io/sig-storage/nfs-provisioner
|
||||
registry.k8s.io/sig-storage/volume-data-source-validator
|
||||
Reference in New Issue
Block a user