Skip to content

Commit 83f99cb

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#122751 from BenTheElder/lint-e2e-images
restrict permitted e2e images to known images list
2 parents ae66cfe + 0841358 commit 83f99cb

File tree

2 files changed

+102
-0
lines changed

2 files changed

+102
-0
lines changed

hack/verify-e2e-images.sh

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
#!/usr/bin/env bash
2+
3+
# Copyright 2024 The Kubernetes Authors.
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
set -o errexit
18+
set -o nounset
19+
set -o pipefail
20+
21+
KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
22+
cd "${KUBE_ROOT}"
23+
24+
source hack/lib/init.sh
25+
26+
# NOTE: Please do NOT add any to this list!!
27+
#
28+
# We are aiming to consolidate on: registry.k8s.io/e2e-test-images/agnhost
29+
# The sources for which are in test/images/agnhost.
30+
# If agnhost is missing functionality for your tests, please reach out to SIG Testing.
31+
kube::util::read-array PERMITTED_IMAGES < <(sed '/^#/d' ./test/images/.permitted-images)
32+
33+
# get current list of images, ignoring tags
34+
echo "Getting e2e image list ..."
35+
make WHAT=test/e2e/e2e.test
36+
e2e_test="$(kube::util::find-binary e2e.test)"
37+
kube::util::read-array IMAGES < <("${e2e_test}" --list-images | sed -E 's/^(.+):[^:]+$/\1/' | LC_ALL=C sort -u)
38+
39+
# diff versus known permitted images
40+
ret=0
41+
>&2 echo "Diffing e2e image list ..."
42+
diff -Naupr <(printf '%s\n' "${IMAGES[@]}") <(printf '%s\n' "${PERMITTED_IMAGES[@]}") || ret=$?
43+
if [[ $ret -eq 0 ]]; then
44+
>&2 echo "PASS: e2e images used are OK."
45+
else
46+
>&2 echo "FAIL: e2e images do not match the approved list!"
47+
>&2 echo ""
48+
>&2 echo "Please use registry.k8s.io/e2e-test-images/agnhost wherever possible, we are consolidating test images."
49+
>&2 echo "See: test/images/agnhost/README.md"
50+
>&2 echo ""
51+
>&2 echo "You can reach out to https://git.k8s.io/community/sig-testing for help."
52+
exit 1
53+
fi

test/images/.permitted-images

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# NOTE: Please do NOT add any to this list!!
2+
#
3+
# We are aiming to consolidate on: registry.k8s.io/e2e-test-images/agnhost
4+
# The sources for which are in test/images/agnhost.
5+
# If agnhost is missing functionality for your tests, please reach out to SIG Testing.
6+
gcr.io/authenticated-image-pulling/alpine
7+
gcr.io/authenticated-image-pulling/windows-nanoserver
8+
gcr.io/k8s-authenticated-test/agnhost
9+
invalid.registry.k8s.io/invalid/alpine
10+
registry.k8s.io/build-image/distroless-iptables
11+
registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver
12+
registry.k8s.io/e2e-test-images/agnhost
13+
registry.k8s.io/e2e-test-images/apparmor-loader
14+
registry.k8s.io/e2e-test-images/busybox
15+
registry.k8s.io/e2e-test-images/cuda-vector-add
16+
registry.k8s.io/e2e-test-images/httpd
17+
registry.k8s.io/e2e-test-images/ipc-utils
18+
registry.k8s.io/e2e-test-images/jessie-dnsutils
19+
registry.k8s.io/e2e-test-images/kitten
20+
registry.k8s.io/e2e-test-images/nautilus
21+
registry.k8s.io/e2e-test-images/nginx
22+
registry.k8s.io/e2e-test-images/node-perf/npb-ep
23+
registry.k8s.io/e2e-test-images/node-perf/npb-is
24+
registry.k8s.io/e2e-test-images/node-perf/tf-wide-deep
25+
registry.k8s.io/e2e-test-images/nonewprivs
26+
registry.k8s.io/e2e-test-images/nonroot
27+
registry.k8s.io/e2e-test-images/perl
28+
registry.k8s.io/e2e-test-images/redis
29+
registry.k8s.io/e2e-test-images/regression-issue-74839
30+
registry.k8s.io/e2e-test-images/resource-consumer
31+
registry.k8s.io/e2e-test-images/sample-apiserver
32+
registry.k8s.io/e2e-test-images/volume/iscsi
33+
registry.k8s.io/e2e-test-images/volume/nfs
34+
registry.k8s.io/etcd
35+
registry.k8s.io/pause
36+
registry.k8s.io/prometheus-dummy-exporter
37+
registry.k8s.io/prometheus-to-sd
38+
registry.k8s.io/sd-dummy-exporter
39+
registry.k8s.io/sig-storage/csi-attacher
40+
registry.k8s.io/sig-storage/csi-external-health-monitor-controller
41+
registry.k8s.io/sig-storage/csi-node-driver-registrar
42+
registry.k8s.io/sig-storage/csi-provisioner
43+
registry.k8s.io/sig-storage/csi-resizer
44+
registry.k8s.io/sig-storage/csi-snapshotter
45+
registry.k8s.io/sig-storage/hello-populator
46+
registry.k8s.io/sig-storage/hostpathplugin
47+
registry.k8s.io/sig-storage/livenessprobe
48+
registry.k8s.io/sig-storage/nfs-provisioner
49+
registry.k8s.io/sig-storage/volume-data-source-validator

0 commit comments

Comments
 (0)