diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml new file mode 100644 index 000000000..f0fe23d34 --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -0,0 +1,4 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterCleanupPolicy +metadata: + name: clean-bare-pods diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml new file mode 100644 index 000000000..d9cf0944a --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,38 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + name: cleanup-bare-pods +spec: + steps: + - name: apply cluster role + try: + - apply: + file: cluster-role.yaml + - name: create a bare pod + try: + - apply: + file: pod.yaml + - assert: + file: pod.yaml + - name: apply cleanup policy + try: + - apply: + file: ../cleanup-bare-pods.yaml + - patch: + resource: + apiVersion: kyverno.io/v2beta1 + kind: ClusterCleanupPolicy + metadata: + name: clean-bare-pods + spec: + schedule: "*/1 * * * *" + - assert: + file: chainsaw-step-02-assert-1.yaml + - name: wait for scheduled deletion + try: + - sleep: + duration: 1m30s + - name: check for bare pod + try: + - error: + file: pod.yaml \ No newline at end of file diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml new file mode 100644 index 000000000..6e5bdaf66 --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/cluster-role.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: kyverno + labels: + app.kubernetes.io/component: cleanup-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:cleanup-controller:barepods +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list + - delete + diff --git a/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml b/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml new file mode 100644 index 000000000..966df958a --- /dev/null +++ b/cleanup/cleanup-bare-pods/.chainsaw-test/pod.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Pod +metadata: + name: bare-pod +spec: + containers: + - name: nginx + image: nginx:1.14.1