Skip to content

Commit

Permalink
Merge branch 'main' into miscellaneous-policies-cel-part-3
Browse files Browse the repository at this point in the history
  • Loading branch information
MariamFahmy98 authored Jul 15, 2024
2 parents a04f06c + 7cff98b commit 96b2b31
Show file tree
Hide file tree
Showing 49 changed files with 1,616 additions and 480 deletions.
2 changes: 2 additions & 0 deletions .github/kind.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
ProcMountType: true
kubeadmConfigPatches:
- |-
kind: ClusterConfiguration
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ jobs:
# The target branch of a pull request or the branch/tag of a push
ref: ${{ github.base_ref || github.ref_name }}
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ~1.21.1
- name: Test Policy
Expand All @@ -69,7 +69,7 @@ jobs:
# The target branch of a pull request or the branch/tag of a push
ref: ${{ github.base_ref || github.ref_name }}
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ~1.21.1
- name: Lint policies
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ jobs:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ~1.21.1
- name: Install Tools
Expand Down Expand Up @@ -124,7 +124,7 @@ jobs:
set -e
kubectl apply -f ./.chainsaw/crds
- name: Install Chainsaw
uses: kyverno/action-install-chainsaw@dd64b5d7b2b7d36fdf701d48ac8b216aa94414db # v0.2.4
uses: kyverno/action-install-chainsaw@5d00c353f61f44f3b492c673420202d1b1374c3f # v0.2.6
- name: Test with Chainsaw
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kyverno.io/v2beta1
kind: ClusterCleanupPolicy
metadata:
name: clean-bare-pods
38 changes: 38 additions & 0 deletions cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: cleanup-bare-pods
spec:
steps:
- name: apply cluster role
try:
- apply:
file: cluster-role.yaml
- name: create a bare pod
try:
- apply:
file: pod.yaml
- assert:
file: pod.yaml
- name: apply cleanup policy
try:
- apply:
file: ../cleanup-bare-pods.yaml
- patch:
resource:
apiVersion: kyverno.io/v2beta1
kind: ClusterCleanupPolicy
metadata:
name: clean-bare-pods
spec:
schedule: "*/1 * * * *"
- assert:
file: chainsaw-step-02-assert-1.yaml
- name: wait for scheduled deletion
try:
- sleep:
duration: 1m30s
- name: check for bare pod
try:
- error:
file: pod.yaml
Original file line number Diff line number Diff line change
@@ -1,17 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
namespace: kyverno
labels:
app.kubernetes.io/component: background-controller
app.kubernetes.io/component: cleanup-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
name: kyverno:background-controller:k10-goldbackuppolicy
name: kyverno:cleanup-controller:barepods
rules:
- apiGroups:
- config.kio.kasten.io
- ""
resources:
- policies
- pods
verbs:
- create
- update
- get
- watch
- list
- delete

8 changes: 8 additions & 0 deletions cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: Pod
metadata:
name: bare-pod
spec:
containers:
- name: nginx
image: nginx:1.14.1

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Loading

0 comments on commit 96b2b31

Please sign in to comment.