From ad1c2d6bca45e738eb762a0e91337e31105dcfbc Mon Sep 17 00:00:00 2001
From: Alok Naushad <alokme123@gmail.com>
Date: Fri, 26 May 2023 20:36:13 +0530
Subject: [PATCH] test: pod restart on configmap/secret update (#7306)
* test: pod restart on secret update
Signed-off-by: Alok N <alokme123@gmail.com>
* fix: requested changes
Signed-off-by: Alok N <alokme123@gmail.com>
* fix: debug remove, secret
Signed-off-by: Alok N <alokme123@gmail.com>
---------
Signed-off-by: Alok N <alokme123@gmail.com>
---
.../01-manifests.yaml | 5 ++
.../pod-restart-on-cm-update/02-policy.yaml | 6 ++
.../03-save-pod-name.yaml | 4 ++
.../04-update-sc.yaml | 7 ++
.../pod-restart-on-cm-update/05-sleep.yaml | 4 ++
.../06-check-restart.yaml | 4 ++
.../pod-restart-on-cm-update/README.md | 11 +++
.../cluster-role.yaml | 15 ++++
.../pod-restart-on-cm-update/manifests.yaml | 37 ++++++++++
.../policy-ready.yaml | 9 +++
.../pod-restart-on-cm-update/policy.yaml | 68 +++++++++++++++++++
.../add-external-secret-prefix/03-sleep.yaml | 4 ++
.../{03-resource.yaml => 04-resource.yaml} | 0
13 files changed, 174 insertions(+)
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/README.md
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/cluster-role.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/manifests.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy-ready.yaml
create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml
create mode 100644 test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-sleep.yaml
rename test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/{03-resource.yaml => 04-resource.yaml} (100%)
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml
new file mode 100644
index 0000000000..cc496d2df4
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml
@@ -0,0 +1,5 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- manifests.yaml
+- cluster-role.yaml
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml
new file mode 100644
index 0000000000..f3857739b0
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml
@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-ready.yaml
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml
new file mode 100644
index 0000000000..1442a3185b
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - script: "kubectl get po -n kube-state-metrics | awk 'NR==2{print $1}' > pod-name.txt"
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml
new file mode 100644
index 0000000000..6e7dda9b5a
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: kube-state-metrics-crds
+ namespace: kube-state-metrics
+data:
+ foo: bm90LWJhcg==
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml
new file mode 100644
index 0000000000..5b8bfb4701
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - command: sleep 5
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml
new file mode 100644
index 0000000000..db1c68f914
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - script: "if [ \"$(kubectl get pods -n kyverno | sort --key 5 --numeric | awk 'NR==2{print $1}')\" != \"$(cat pod-name.txt)\" ];then exit;else (exit 1);fi"
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/README.md b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/README.md
new file mode 100644
index 0000000000..3be519f36d
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/README.md
@@ -0,0 +1,11 @@
+## Description
+
+This test checks if a restart is triggered on a generated secret update
+
+## Expected Behavior
+
+Pod restarted after the generated secret is updated
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/6605
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/cluster-role.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/cluster-role.yaml
new file mode 100644
index 0000000000..6b093b6d7c
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/cluster-role.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: kyverno:background-controller:additional
+ labels:
+ app.kubernetes.io/component: background-controller
+ app.kubernetes.io/instance: kyverno
+ app.kubernetes.io/part-of: kyverno
+rules:
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - update
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/manifests.yaml
new file mode 100644
index 0000000000..06dd336459
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/manifests.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kube-state-metrics
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kube-state-metrics-source-cm
+ namespace: kube-state-metrics
+ labels:
+ kubestatemetrics.platform.example: source
+data:
+ allowed: '"true"'
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: kube-state-metrics
+ name: kube-state-metrics
+ labels:
+ app: busybox
+spec:
+ selector:
+ matchLabels:
+ app: busybox
+ template:
+ metadata:
+ labels:
+ app: busybox
+ spec:
+ containers:
+ - name: busybox
+ image: busybox:1.35
+ command:
+ - sleep
+ - "36000"
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy-ready.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy-ready.yaml
new file mode 100644
index 0000000000..409d06e3c7
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy-ready.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: generate-cm-for-kube-state-metrics-crds
+status:
+ conditions:
+ - reason: Succeeded
+ status: "True"
+ type: Ready
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml
new file mode 100644
index 0000000000..a4aa067717
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml
@@ -0,0 +1,68 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: generate-cm-for-kube-state-metrics-crds
+ annotations:
+ policies.kyverno.io/description: >-
+ This policy generates and synchronizes a configmap for custom resource kube-state-metrics.
+spec:
+ generateExisting: true
+ mutateExistingOnPolicyUpdate: false
+ schemaValidation: false
+ rules:
+ - name: generate-cm-for-kube-state-metrics-crds
+ match:
+ any:
+ - resources:
+ names:
+ - "*"
+ kinds:
+ - ConfigMap
+ namespaces:
+ - "kube-state-metrics"
+ selector:
+ matchLabels:
+ kubestatemetrics.platform.example: source
+ generate:
+ synchronize: true
+ apiVersion: v1
+ kind: Secret
+ name: kube-state-metrics-crds
+ namespace: kube-state-metrics
+ data:
+ metadata:
+ labels:
+ generatedBy: kyverno
+ kubestatemetrics.platform.example: generated
+ data:
+ foo: YmFy
+ - name: restart-kube-state-metrics-on-sc-change
+ match:
+ any:
+ - resources:
+ kinds:
+ - Secret
+ names:
+ - "kube-state-metrics-crds"
+ namespaces:
+ - "kube-state-metrics"
+ preconditions:
+ all:
+ - key: "{{ request.object.metadata.labels.\"kubestatemetrics.platform.example\" || '' }}"
+ operator: NotEquals
+ value: source
+ - key: "{{request.operation || 'BACKGROUND'}}"
+ operator: Equals
+ value: UPDATE
+ mutate:
+ targets:
+ - apiVersion: apps/v1
+ kind: Deployment
+ name: kube-state-metrics
+ namespace: kube-state-metrics
+ patchStrategicMerge:
+ spec:
+ template:
+ metadata:
+ annotations:
+ platform.cloud.allianz/triggerrestart: "{{request.object.metadata.resourceVersion}}"
\ No newline at end of file
diff --git a/test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-sleep.yaml b/test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-sleep.yaml
new file mode 100644
index 0000000000..5b8bfb4701
--- /dev/null
+++ b/test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-sleep.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+ - command: sleep 5
\ No newline at end of file
diff --git a/test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-resource.yaml b/test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/04-resource.yaml
similarity index 100%
rename from test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-resource.yaml
rename to test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/04-resource.yaml