From c456b541af878774ab3ef0fc6ebb241f7321e73b Mon Sep 17 00:00:00 2001 From: vivek kumar sahu Date: Mon, 14 Mar 2022 14:45:06 +0530 Subject: [PATCH] e2e test for mutate global anchor Policy (#2574) * Added e2e test for mutate-global-anchor-policy Signed-off-by: vivek kumar sahu * Updated config.go for mutate globar anchor policy Signed-off-by: viveksahu26 * Added resources for mutate global anchor policy Signed-off-by: viveksahu26 Co-authored-by: shuting --- test/e2e/mutate/config.go | 20 ++++++++ test/e2e/mutate/resources.go | 89 ++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) diff --git a/test/e2e/mutate/config.go b/test/e2e/mutate/config.go index 4a1d04d3bb..01137f6dd1 100644 --- a/test/e2e/mutate/config.go +++ b/test/e2e/mutate/config.go @@ -108,6 +108,26 @@ var tests = []struct { ResourceRaw: kyverno_2971_resource, ExpectedPatternRaw: kyverno_2971_pattern, }, + { + TestDescription: "checks the global anchor variables for emptyDir", + PolicyName: "add-safe-to-evict", + PolicyRaw: annotate_host_path_policy, + ResourceName: "pod-with-emptydir", + ResourceNamespace: "emptydir", + ResourceGVR: podGVR, + ResourceRaw: podWithEmptyDirAsVolume, + ExpectedPatternRaw: podWithVolumePattern, + }, + { + TestDescription: "checks the global anchor variables for hostPath", + PolicyName: "add-safe-to-evict", + PolicyRaw: annotate_host_path_policy, + ResourceName: "pod-with-hostpath", + ResourceNamespace: "hostpath", + ResourceGVR: podGVR, + ResourceRaw: podWithHostPathAsVolume, + ExpectedPatternRaw: podWithVolumePattern, + }, } var ingressTests = struct { diff --git a/test/e2e/mutate/resources.go b/test/e2e/mutate/resources.go index 3a1df0593c..c388977a29 100644 --- a/test/e2e/mutate/resources.go +++ b/test/e2e/mutate/resources.go @@ -579,3 +579,92 @@ spec: - name: "nginx" image: 'my-private-registry/nginx:1.14.2' `) + +var annotate_host_path_policy = []byte(` +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: add-safe-to-evict + annotations: + policies.kyverno.io/category: Workload Management + policies.kyverno.io/description: The Kubernetes cluster autoscaler does not evict pods that + use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation + cluster-autoscaler.kubernetes.io/safe-to-evict=true must be added to the pods. +spec: + rules: + - name: annotate-empty-dir + match: + resources: + kinds: + - Pod + mutate: + patchStrategicMerge: + metadata: + annotations: + +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true" + spec: + volumes: + - <(emptyDir): {} + - name: annotate-host-path + match: + resources: + kinds: + - Pod + mutate: + patchStrategicMerge: + metadata: + annotations: + +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true" + spec: + volumes: + - hostPath: + <(path): "*" +`) + +var podWithEmptyDirAsVolume = []byte(` +apiVersion: v1 +kind: Pod +metadata: + name: pod-with-emptydir + namespace: emptydir + labels: + foo: bar +spec: + containers: + - image: nginx + name: nginx + volumeMounts: + - mountPath: /cache + name: cache-volume + volumes: + - name: cache-volume + emptyDir: {} +`) + +var podWithVolumePattern = []byte(` +metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" +`) + +var podWithHostPathAsVolume = []byte(` +apiVersion: v1 +kind: Pod +metadata: + name: pod-with-hostpath + namespace: hostpath + labels: + foo: bar +spec: + containers: + - image: nginx + name: nginx + volumeMounts: + - mountPath: /usr/share/nginx/html + name: test-volume + volumes: + - hostPath: + path: /var/local/aaa + type: DirectoryOrCreate + name: test-volume +`)