diff --git a/pkg/testrunner/testrunner_test.go b/pkg/testrunner/testrunner_test.go index 8a67aead2a..e55319f908 100644 --- a/pkg/testrunner/testrunner_test.go +++ b/pkg/testrunner/testrunner_test.go @@ -127,6 +127,10 @@ func Test_validate_disallow_helm_tiller(t *testing.T) { testScenario(t, "test/scenarios/samples/best_practices/scenario_validate_disallow_helm_tiller.yaml") } -func Test_mutate_add_safe_to_evict_annotation(t *testing.T) { +func Test_add_safe_to_evict_annotation(t *testing.T) { testScenario(t, "test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml") } + +func Test_add_safe_to_evict_annotation2(t *testing.T) { + testScenario(t, "test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict2.yaml") +} diff --git a/samples/best_practices/add_safe-to-evict_annotation.yaml b/samples/best_practices/add_safe-to-evict_annotation.yaml index 5e8427970a..dcd548b8d4 100644 --- a/samples/best_practices/add_safe-to-evict_annotation.yaml +++ b/samples/best_practices/add_safe-to-evict_annotation.yaml @@ -1,7 +1,7 @@ apiVersion: "kyverno.io/v1alpha1" kind: "ClusterPolicy" metadata: - name: "annotate-emptyDir" + name: "annotate-emptydir-hostpath" annotations: policies.kyverno.io/category: AutoScaling policies.kyverno.io/description: The Kubernetes cluster autoscaler does not evict pods that diff --git a/test/output/pod-with-emptydir.yaml b/test/output/pod-with-emptydir.yaml index f729d797a3..a7ac616ec6 100644 --- a/test/output/pod-with-emptydir.yaml +++ b/test/output/pod-with-emptydir.yaml @@ -2,6 +2,9 @@ apiVersion: v1 kind: Pod metadata: name: pod-with-emptydir + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: true spec: containers: - image: k8s.gcr.io/test-webserver diff --git a/test/output/pod-with-hostpath.yaml b/test/output/pod-with-hostpath.yaml new file mode 100644 index 0000000000..ea598bf740 --- /dev/null +++ b/test/output/pod-with-hostpath.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod-with-hostpath + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: true +spec: + containers: + - image: k8s.gcr.io/test-webserver + name: test-container + volumeMounts: + - mountPath: /tmp/foo + name: host-volume + volumes: + - name: host-volume + hostPath: + path: "/tmp/foo" \ No newline at end of file diff --git a/test/resources/pod-with-hostpath.yaml b/test/resources/pod-with-hostpath.yaml new file mode 100644 index 0000000000..48f81def6d --- /dev/null +++ b/test/resources/pod-with-hostpath.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod-with-hostpath +spec: + containers: + - image: k8s.gcr.io/test-webserver + name: test-container + volumeMounts: + - mountPath: /tmp/foo + name: host-volume + volumes: + - name: host-volume + hostPath: + path: "/tmp/foo" diff --git a/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml b/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml index 241971eb7e..dfff7a23a2 100644 --- a/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml +++ b/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml @@ -6,7 +6,7 @@ expected: mutation: patchedresource: test/output/pod-with-emptydir.yaml policyresponse: - policy: annotate-emptyDir + policy: annotate-emptydir-hostpath resource: kind: Pod apiVersion: v1 diff --git a/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict2.yaml b/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict2.yaml new file mode 100644 index 0000000000..fae3b040ab --- /dev/null +++ b/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict2.yaml @@ -0,0 +1,19 @@ +# file path is relative to project root +input: + policy: samples/best_practices/add_safe-to-evict_annotation.yaml + resource: test/resources/pod-with-hostpath.yaml +expected: + mutation: + patchedresource: test/output/pod-with-hostpath.yaml + policyresponse: + policy: annotate-emptydir-hostpath + resource: + kind: Pod + apiVersion: v1 + namespace: '' + name: pod-with-hostpath + rules: + - name: host-path-add-safe-to-evict + type: Mutation + success: true + message: "successfully processed overlay"