e2e test for mutate global anchor Policy (#2574)

* Added e2e test for mutate-global-anchor-policy Signed-off-by: vivek kumar sahu <vivekkumarsahu650@gmail.com> * Updated config.go for mutate globar anchor policy Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added resources for mutate global anchor policy Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2022-03-14 14:45:06 +05:30 · 2022-03-14 14:45:06 +05:30 · c456b541af
commit c456b541af
parent 9bb7238a22
2 changed files with 109 additions and 0 deletions
--- a/test/e2e/mutate/config.go
+++ b/test/e2e/mutate/config.go
@ -108,6 +108,26 @@ var tests = []struct {
 		ResourceRaw:        kyverno_2971_resource,
 		ExpectedPatternRaw: kyverno_2971_pattern,
 	},
+	{
+		TestDescription:    "checks the global anchor variables for emptyDir",
+		PolicyName:         "add-safe-to-evict",
+		PolicyRaw:          annotate_host_path_policy,
+		ResourceName:       "pod-with-emptydir",
+		ResourceNamespace:  "emptydir",
+		ResourceGVR:        podGVR,
+		ResourceRaw:        podWithEmptyDirAsVolume,
+		ExpectedPatternRaw: podWithVolumePattern,
+	},
+	{
+		TestDescription:    "checks the global anchor variables for hostPath",
+		PolicyName:         "add-safe-to-evict",
+		PolicyRaw:          annotate_host_path_policy,
+		ResourceName:       "pod-with-hostpath",
+		ResourceNamespace:  "hostpath",
+		ResourceGVR:        podGVR,
+		ResourceRaw:        podWithHostPathAsVolume,
+		ExpectedPatternRaw: podWithVolumePattern,
+	},
 }

 var ingressTests = struct {
--- a/test/e2e/mutate/resources.go
+++ b/test/e2e/mutate/resources.go
@ -579,3 +579,92 @@ spec:
  - name: "nginx"           
    image: 'my-private-registry/nginx:1.14.2'
 `)
+
+var annotate_host_path_policy = []byte(`
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata: 
+  name: add-safe-to-evict
+  annotations:
+    policies.kyverno.io/category: Workload Management
+    policies.kyverno.io/description: The Kubernetes cluster autoscaler does not evict pods that 
+      use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation 
+      cluster-autoscaler.kubernetes.io/safe-to-evict=true must be added to the pods. 
+spec: 
+  rules: 
+  - name: annotate-empty-dir
+    match:
+      resources:
+        kinds:
+        - Pod
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          annotations:
+            +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
+        spec:          
+          volumes: 
+          - <(emptyDir): {}
+  - name: annotate-host-path
+    match:
+      resources:
+        kinds:
+        - Pod
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          annotations:
+            +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
+        spec:          
+          volumes: 
+          - hostPath:
+              <(path): "*"
+`)
+
+var podWithEmptyDirAsVolume = []byte(`
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-emptydir
+  namespace: emptydir
+  labels:
+    foo: bar
+spec:
+  containers:
+  - image: nginx
+    name: nginx
+    volumeMounts:
+    - mountPath: /cache
+      name: cache-volume
+  volumes:
+  - name: cache-volume
+    emptyDir: {}
+`)
+
+var podWithVolumePattern = []byte(`
+metadata:
+  annotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+`)
+
+var podWithHostPathAsVolume = []byte(`
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-hostpath
+  namespace: hostpath
+  labels:
+    foo: bar
+spec:
+  containers:
+  - image: nginx
+    name: nginx
+    volumeMounts:
+    - mountPath: /usr/share/nginx/html
+      name: test-volume
+  volumes:
+  - hostPath:
+      path: /var/local/aaa
+      type: DirectoryOrCreate
+    name: test-volume
+`)