[Chainsaw Tests] Add Chainsaw test for Bare Pods (#1057)

* Added chainsaw tests for bare pods. Created a test pod and the corresponding clusterrole definition for the test Signed-off-by: Jay179-sudo <[email protected]> * Reduced scheduled time from five minutes to one Signed-off-by: Jay179-sudo <[email protected]> * Created a separate test policy referenced by the chainsaw test. Undid changes to the original policy Signed-off-by: Jay179-sudo <[email protected]> * Update cleanup/cleanup-bare-pods/clusterrole.yaml Signed-off-by: Chip Zoller <[email protected]> * Update cleanup/cleanup-bare-pods/clusterrole.yaml Signed-off-by: Chip Zoller <[email protected]> * Cleaned up and moved the clusterrole file. Applied a patch to reduce scheduled time Signed-off-by: Jay179-sudo <[email protected]> * fixed file name to cluster-role Signed-off-by: Jay179-sudo <[email protected]> * minor fix Signed-off-by: Jay179-sudo <[email protected]> --------- Signed-off-by: Jay179-sudo <[email protected]> Signed-off-by: Chip Zoller <[email protected]> Co-authored-by: Chip Zoller <[email protected]>
kyverno · Jul 14, 2024 · ff0b4d2 · ff0b4d2
1 parent 9b9a0ac
commit ff0b4d2
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 0 deletions.
diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml
@@ -0,0 +1,4 @@
+apiVersion: kyverno.io/v2beta1
+kind: ClusterCleanupPolicy
+metadata:
+  name: clean-bare-pods
diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml
@@ -0,0 +1,38 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: cleanup-bare-pods
+spec:
+  steps:
+    - name: apply cluster role
+      try:
+        - apply:
+            file: cluster-role.yaml
+    - name: create a bare pod
+      try:
+        - apply:
+            file: pod.yaml
+        - assert:
+            file: pod.yaml
+    - name: apply cleanup policy
+      try:
+        - apply:
+            file: ../cleanup-bare-pods.yaml
+        - patch:
+            resource:
+              apiVersion: kyverno.io/v2beta1
+              kind: ClusterCleanupPolicy
+              metadata:
+                name: clean-bare-pods
+              spec:
+                schedule: "*/1 * * * *"
+        - assert:
+            file: chainsaw-step-02-assert-1.yaml
+    - name: wait for scheduled deletion
+      try:
+        - sleep:
+            duration: 1m30s
+    - name: check for bare pod
+      try:
+        - error:
+            file: pod.yaml
diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  namespace: kyverno
+  labels:
+    app.kubernetes.io/component: cleanup-controller
+    app.kubernetes.io/instance: kyverno
+    app.kubernetes.io/part-of: kyverno
+  name: kyverno:cleanup-controller:barepods
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - watch
+  - list
+  - delete
+
diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: bare-pod
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.1