From ff0b4d26cddb80a27b07f8c9cff372995fc796f2 Mon Sep 17 00:00:00 2001 From: Jay Prasad <70968485+Jay179-sudo@users.noreply.github.com> Date: Sun, 14 Jul 2024 19:30:22 +0530 Subject: [PATCH] [Chainsaw Tests] Add Chainsaw test for Bare Pods (#1057) * Added chainsaw tests for bare pods. Created a test pod and the corresponding clusterrole definition for the test Signed-off-by: Jay179-sudo * Reduced scheduled time from five minutes to one Signed-off-by: Jay179-sudo * Created a separate test policy referenced by the chainsaw test. Undid changes to the original policy Signed-off-by: Jay179-sudo * Update cleanup/cleanup-bare-pods/clusterrole.yaml Signed-off-by: Chip Zoller * Update cleanup/cleanup-bare-pods/clusterrole.yaml Signed-off-by: Chip Zoller * Cleaned up and moved the clusterrole file. Applied a patch to reduce scheduled time Signed-off-by: Jay179-sudo * fixed file name to cluster-role Signed-off-by: Jay179-sudo * minor fix Signed-off-by: Jay179-sudo --------- Signed-off-by: Jay179-sudo Signed-off-by: Chip Zoller Co-authored-by: Chip Zoller --- .../chainsaw-step-02-assert-1.yaml | 4 ++ .../.chainsaw-test/chainsaw-test.yaml | 38 +++++++++++++++++++ .../.chainsaw-test/cluster-role.yaml | 20 ++++++++++ .../cleanup-bare-pods/.chainsaw-test/pod.yaml | 8 ++++ 4 files changed, 70 insertions(+) create mode 100644 cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml create mode 100644 cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml create mode 100644 cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml create mode 100644 cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml new file mode 100644 index 000000000..f0fe23d34 --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -0,0 +1,4 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterCleanupPolicy +metadata: + name: clean-bare-pods diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml new file mode 100644 index 000000000..d9cf0944a --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,38 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + name: cleanup-bare-pods +spec: + steps: + - name: apply cluster role + try: + - apply: + file: cluster-role.yaml + - name: create a bare pod + try: + - apply: + file: pod.yaml + - assert: + file: pod.yaml + - name: apply cleanup policy + try: + - apply: + file: ../cleanup-bare-pods.yaml + - patch: + resource: + apiVersion: kyverno.io/v2beta1 + kind: ClusterCleanupPolicy + metadata: + name: clean-bare-pods + spec: + schedule: "*/1 * * * *" + - assert: + file: chainsaw-step-02-assert-1.yaml + - name: wait for scheduled deletion + try: + - sleep: + duration: 1m30s + - name: check for bare pod + try: + - error: + file: pod.yaml \ No newline at end of file diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml new file mode 100644 index 000000000..6e5bdaf66 --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: kyverno + labels: + app.kubernetes.io/component: cleanup-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:cleanup-controller:barepods +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list + - delete + diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml new file mode 100644 index 000000000..966df958a --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Pod +metadata: + name: bare-pod +spec: + containers: + - name: nginx + image: nginx:1.14.1