diff options
| author | Aaron Crickenberger <spiffxp@google.com> | 2019-08-06 14:14:33 -0700 |
|---|---|---|
| committer | Aaron Crickenberger <spiffxp@google.com> | 2019-08-08 15:06:02 -0700 |
| commit | caf0d1d61874a2c8687b7deb773eca30ddaee5b6 (patch) | |
| tree | 3e0a30335fd45df3914fd1423a05410506440c29 | |
| parent | 7f857b125eea2d8e2548cd406a824e581bc0e77f (diff) | |
Kubelet API access should not be allowed for conformance tests
| -rw-r--r-- | contributors/devel/sig-architecture/conformance-tests.md | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/contributors/devel/sig-architecture/conformance-tests.md b/contributors/devel/sig-architecture/conformance-tests.md index e179f067..7c2aae22 100644 --- a/contributors/devel/sig-architecture/conformance-tests.md +++ b/contributors/devel/sig-architecture/conformance-tests.md @@ -33,6 +33,9 @@ specifically, a test is eligible for promotion to conformance if: - it tests only GA, non-optional features or APIs (e.g., no alpha or beta endpoints, no feature flags required, no deprecated features) +- it does not require direct access to kubelet's API to pass (nor does it + require indirect access via the API server node proxy endpoint); it MAY + use the kubelet API for debugging purposes upon failure - it works for all providers (e.g., no `SkipIfProviderIs`/`SkipUnlessProviderIs` calls) - it is non-privileged (e.g., does not require root on nodes, access to raw |