mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

test: pod restart on configmap/secret update (#7306)

Browse source 
* test: pod restart on secret update

Signed-off-by: Alok N <alokme123@gmail.com>

* fix: requested changes

Signed-off-by: Alok N <alokme123@gmail.com>

* fix: debug remove, secret

Signed-off-by: Alok N <alokme123@gmail.com>

---------

Signed-off-by: Alok N <alokme123@gmail.com>
This commit is contained in:
Alok Naushad 2023-05-26 20:36:13 +05:30 committed by GitHub
parent f74eac4e52
commit ad1c2d6bca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 174 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
apply:
- manifests.yaml
- cluster-role.yaml

6
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
apply:
- policy.yaml
assert:
- policy-ready.yaml

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: "kubectl get po -n kube-state-metrics | awk 'NR==2{print $1}' > pod-name.txt"

7
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: kube-state-metrics-crds
namespace: kube-state-metrics
data:
foo: bm90LWJhcg==

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- command: sleep 5

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- script: "if [ \"$(kubectl get pods -n kyverno | sort --key 5 --numeric | awk 'NR==2{print $1}')\" != \"$(cat pod-name.txt)\" ];then exit;else (exit 1);fi"

11
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/README.md Normal file
View file

@ -0,0 +1,11 @@
## Description
This test checks if a restart is triggered on a generated secret update
## Expected Behavior
Pod restarted after the generated secret is updated
## Reference Issue(s)
https://github.com/kyverno/kyverno/issues/6605

15
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/cluster-role.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kyverno:background-controller:additional
labels:
app.kubernetes.io/component: background-controller
app.kubernetes.io/instance: kyverno
app.kubernetes.io/part-of: kyverno
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- update

37
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/manifests.yaml Normal file
View file

@ -0,0 +1,37 @@
apiVersion: v1
kind: Namespace
metadata:
name: kube-state-metrics
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-state-metrics-source-cm
namespace: kube-state-metrics
labels:
kubestatemetrics.platform.example: source
data:
allowed: '"true"'
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: kube-state-metrics
name: kube-state-metrics
labels:
app: busybox
spec:
selector:
matchLabels:
app: busybox
template:
metadata:
labels:
app: busybox
spec:
containers:
- name: busybox
image: busybox:1.35
command:
- sleep
- "36000"

9
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy-ready.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: generate-cm-for-kube-state-metrics-crds
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

68
test/conformance/kuttl/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml Normal file
View file

@ -0,0 +1,68 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: generate-cm-for-kube-state-metrics-crds
annotations:
policies.kyverno.io/description: >-
This policy generates and synchronizes a configmap for custom resource kube-state-metrics.
spec:
generateExisting: true
mutateExistingOnPolicyUpdate: false
schemaValidation: false
rules:
- name: generate-cm-for-kube-state-metrics-crds
match:
any:
- resources:
names:
- "*"
kinds:
- ConfigMap
namespaces:
- "kube-state-metrics"
selector:
matchLabels:
kubestatemetrics.platform.example: source
generate:
synchronize: true
apiVersion: v1
kind: Secret
name: kube-state-metrics-crds
namespace: kube-state-metrics
data:
metadata:
labels:
generatedBy: kyverno
kubestatemetrics.platform.example: generated
data:
foo: YmFy
- name: restart-kube-state-metrics-on-sc-change
match:
any:
- resources:
kinds:
- Secret
names:
- "kube-state-metrics-crds"
namespaces:
- "kube-state-metrics"
preconditions:
all:
- key: "{{ request.object.metadata.labels.\"kubestatemetrics.platform.example\" || '' }}"
operator: NotEquals
value: source
- key: "{{request.operation || 'BACKGROUND'}}"
operator: Equals
value: UPDATE
mutate:
targets:
- apiVersion: apps/v1
kind: Deployment
name: kube-state-metrics
namespace: kube-state-metrics
patchStrategicMerge:
spec:
template:
metadata:
annotations:
platform.cloud.allianz/triggerrestart: "{{request.object.metadata.resourceVersion}}"

4
test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-sleep.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- command: sleep 5

0
test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/03-resource.yaml → test/conformance/kuttl/mutate/refactor/add-external-secret-prefix/04-resource.yaml
View file