From fb97629ab5adb5f149cf364140246e496929b103 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Tue, 12 Sep 2023 22:19:14 +0200 Subject: [PATCH] fix: kyverno test are applying previous mutation rules to subsequent test cases causing failures (#8363) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .../kyverno-test.yaml | 17 ++++ .../patched.yaml | 42 ++++++++++ .../policy.yaml | 79 +++++++++++++++++++ .../resource.yaml | 61 ++++++++++++++ 4 files changed, 199 insertions(+) create mode 100644 test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml create mode 100644 test/cli/test-mutate/karpenter-annotations-to-nodeselector/patched.yaml create mode 100644 test/cli/test-mutate/karpenter-annotations-to-nodeselector/policy.yaml create mode 100644 test/cli/test-mutate/karpenter-annotations-to-nodeselector/resource.yaml diff --git a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml new file mode 100644 index 0000000000..24f0c37c8e --- /dev/null +++ b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml @@ -0,0 +1,17 @@ +name: karpenter-annotations-to-nodeselector +policies: + - policy.yaml +resources: + - resource.yaml +results: + - policy: karpenter-annotations-to-nodeselector + rule: hard-nodeselector-lifecycle-on-demand + resource: soft-pod-antiaffinity-1 + patchedResource: patched.yaml + kind: Pod + result: pass + - policy: karpenter-annotations-to-nodeselector + rule: hard-nodeselector-lifecycle-on-demand + resource: soft-pod-antiaffinity-1-copy + kind: Pod + result: pass \ No newline at end of file diff --git a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/patched.yaml b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/patched.yaml new file mode 100644 index 0000000000..a78ec0e96d --- /dev/null +++ b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/patched.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Pod +metadata: + name: soft-pod-antiaffinity-1 + namespace: sample + annotations: + spot-toleration: 'false' + ownerReferences: + - controller: true + kind: Deployment + apiVersion: v1 + uid: test + name: test +spec: + containers: + - name: echo-server + image: hashicorp/http-echo:0.2.3 + imagePullPolicy: IfNotPresent + args: + - -listen=:8080 + - -text="hello world" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - key: karpenter.sh/capacity-type + operator: NotIn + values: + - spot + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: test-pod + topologyKey: kubernetes.io/hostname + weight: 100 \ No newline at end of file diff --git a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/policy.yaml b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/policy.yaml new file mode 100644 index 0000000000..764a60817c --- /dev/null +++ b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/policy.yaml @@ -0,0 +1,79 @@ +# https://github.com/kyverno/kyverno/issues/6816 +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: karpenter-annotations-to-nodeselector +spec: + rules: + - name: nodeselector-lifecycle-on-demand + preconditions: + all: + - key: "{{ request.operation }}" + operator: Equals + value: CREATE + - key: "{{ request.object.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution || '' }}" + operator: Equals + value: '' + - key: "{{ request.object.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution || '' }}" + operator: Equals + value: '' + exclude: + any: + - resources: + annotations: + reserved-nodes: "*" + - resources: + annotations: + special-hardware: "*" + match: + all: + - resources: + kinds: + - Pod + annotations: + spot-toleration: "false" + mutate: + patchesJson6902: |- + - op: add + path: "/spec/affinity/nodeAffinity" + value: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - name: hard-nodeselector-lifecycle-on-demand + preconditions: + all: + - key: "{{ request.operation }}" + operator: Equals + value: CREATE + - key: "{{ request.object.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution || '' }}" + operator: NotEquals + value: '' + exclude: + any: + - resources: + annotations: + reserved-nodes: "*" + - resources: + annotations: + special-hardware: "*" + match: + all: + - resources: + kinds: + - Pod + annotations: + spot-toleration: "false" + mutate: + patchesJson6902: |- + - op: add + path: "/spec/affinity/nodeAffinity/requiredDuringSchedulingIgnoredDuringExecution/nodeSelectorTerms/0/matchExpressions/-" + value: + key: karpenter.sh/capacity-type + operator: NotIn + values: + - spot \ No newline at end of file diff --git a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/resource.yaml b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/resource.yaml new file mode 100644 index 0000000000..810f90c411 --- /dev/null +++ b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/resource.yaml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: Pod +metadata: + name: soft-pod-antiaffinity-1 + namespace: sample + annotations: + spot-toleration: 'false' + ownerReferences: + - controller: true + kind: Deployment + apiVersion: v1 + uid: test + name: test +spec: + containers: + - name: echo-server + image: hashicorp/http-echo:0.2.3 + imagePullPolicy: IfNotPresent + args: + - -listen=:8080 + - -text="hello world" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: test-pod + topologyKey: kubernetes.io/hostname + weight: 100 +--- +apiVersion: v1 +kind: Pod +metadata: + name: soft-pod-antiaffinity-1-copy + namespace: sample + annotations: + spot-toleration: 'false' + ownerReferences: + - controller: true + kind: Deployment + apiVersion: v1 + uid: test + name: test +spec: + containers: + - name: echo-server + image: hashicorp/http-echo:0.2.3 + imagePullPolicy: IfNotPresent + args: + - -listen=:8080 + - -text="hello world" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: test-pod + topologyKey: kubernetes.io/hostname + weight: 100 \ No newline at end of file