From e578b85410f748c6c7b4e10ff1a5fdbca09b3328 Mon Sep 17 00:00:00 2001 From: Marc Khair <67377306+marckhair@users.noreply.github.com> Date: Wed, 7 May 2025 19:14:34 -0400 Subject: [PATCH] feat(health): add kyverno Policy resource customization (#21552) Signed-off-by: Marc Khair <67377306+marckhair@users.noreply.github.com> --- .../kyverno.io/Policy/health.lua | 15 + .../kyverno.io/Policy/health_test.yaml | 9 + .../kyverno.io/Policy/testdata/healthy.yaml | 260 ++++++++++++++++++ .../Policy/testdata/progressing.yaml | 7 + 4 files changed, 291 insertions(+) create mode 100644 resource_customizations/kyverno.io/Policy/health.lua create mode 100644 resource_customizations/kyverno.io/Policy/health_test.yaml create mode 100644 resource_customizations/kyverno.io/Policy/testdata/healthy.yaml create mode 100644 resource_customizations/kyverno.io/Policy/testdata/progressing.yaml diff --git a/resource_customizations/kyverno.io/Policy/health.lua b/resource_customizations/kyverno.io/Policy/health.lua new file mode 100644 index 0000000000..67d1881a79 --- /dev/null +++ b/resource_customizations/kyverno.io/Policy/health.lua @@ -0,0 +1,15 @@ +local hs = {} + +if obj.status ~= nil and obj.status.conditions ~= nil then + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "True" and condition.reason == "Succeeded" and condition.message == "Ready" then + hs.status = "Healthy" + hs.message = "Policy is ready" + return hs + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for Policy to be ready" +return hs diff --git a/resource_customizations/kyverno.io/Policy/health_test.yaml b/resource_customizations/kyverno.io/Policy/health_test.yaml new file mode 100644 index 0000000000..d23f27e854 --- /dev/null +++ b/resource_customizations/kyverno.io/Policy/health_test.yaml @@ -0,0 +1,9 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for Policy to be ready" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Healthy + message: "Policy is ready" + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kyverno.io/Policy/testdata/healthy.yaml b/resource_customizations/kyverno.io/Policy/testdata/healthy.yaml new file mode 100644 index 0000000000..5946ece704 --- /dev/null +++ b/resource_customizations/kyverno.io/Policy/testdata/healthy.yaml @@ -0,0 +1,260 @@ +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + annotations: + name: sample-policy + namespace: test-namespace +spec: {} +status: + autogen: + rules: + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - DaemonSet + - Deployment + - Job + - StatefulSet + - ReplicaSet + - ReplicationController + mutate: {} + name: autogen-require-label-app + skipBackgroundRequests: true + validate: + message: An `app` label is required. + pattern: + spec: + template: + metadata: + labels: + app: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - CronJob + mutate: {} + name: autogen-cronjob-require-label-app + skipBackgroundRequests: true + validate: + message: An `app` label is required. + pattern: + spec: + jobTemplate: + spec: + template: + metadata: + labels: + app: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - DaemonSet + - Deployment + - Job + - StatefulSet + - ReplicaSet + - ReplicationController + mutate: {} + name: autogen-require-label-environment + skipBackgroundRequests: true + validate: + message: An `environment` label is required. + pattern: + spec: + template: + metadata: + labels: + environment: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - CronJob + mutate: {} + name: autogen-cronjob-require-label-environment + skipBackgroundRequests: true + validate: + message: An `environment` label is required. + pattern: + spec: + jobTemplate: + spec: + template: + metadata: + labels: + environment: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - DaemonSet + - Deployment + - Job + - StatefulSet + - ReplicaSet + - ReplicationController + mutate: {} + name: autogen-require-annotation-version + skipBackgroundRequests: true + validate: + message: A `version` annotation is required. + pattern: + spec: + template: + metadata: + annotations: + version: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - CronJob + mutate: {} + name: autogen-cronjob-require-annotation-version + skipBackgroundRequests: true + validate: + message: A `version` annotation is required. + pattern: + spec: + jobTemplate: + spec: + template: + metadata: + annotations: + version: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - DaemonSet + - Deployment + - Job + - StatefulSet + - ReplicaSet + - ReplicationController + mutate: {} + name: autogen-require-annotation-maintainer + skipBackgroundRequests: true + validate: + message: A `maintainer` annotation is required. + pattern: + spec: + template: + metadata: + annotations: + maintainer: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - CronJob + mutate: {} + name: autogen-cronjob-require-annotation-maintainer + skipBackgroundRequests: true + validate: + message: A `maintainer` annotation is required. + pattern: + spec: + jobTemplate: + spec: + template: + metadata: + annotations: + maintainer: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - DaemonSet + - Deployment + - Job + - StatefulSet + - ReplicaSet + - ReplicationController + mutate: {} + name: autogen-require-spec-containers + skipBackgroundRequests: true + validate: + message: The Pod must have at least one container. + pattern: + spec: + template: + spec: + containers: + - name: ?* + - exclude: + resources: {} + generate: + clone: {} + cloneList: {} + match: + resources: + kinds: + - CronJob + mutate: {} + name: autogen-cronjob-require-spec-containers + skipBackgroundRequests: true + validate: + message: The Pod must have at least one container. + pattern: + spec: + jobTemplate: + spec: + template: + spec: + containers: + - name: ?* + conditions: + - lastTransitionTime: "2025-01-17T19:09:11Z" + message: Ready + reason: Succeeded + status: "True" + type: Ready + rulecount: + generate: 0 + mutate: 0 + validate: 5 + verifyimages: 0 + validatingadmissionpolicy: + generated: false + message: "" + diff --git a/resource_customizations/kyverno.io/Policy/testdata/progressing.yaml b/resource_customizations/kyverno.io/Policy/testdata/progressing.yaml new file mode 100644 index 0000000000..ad65efb8ad --- /dev/null +++ b/resource_customizations/kyverno.io/Policy/testdata/progressing.yaml @@ -0,0 +1,7 @@ +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: sample-policy + namespace: test-namespace +spec: {} +