Merge pull request #53906 from yashpimple/quality-test/gatekeeper

kranurag7 · web-flow · commit 22cd268d1fce · 2025-05-26T15:27:22.000+05:30
quality: extend test gatekeeper package
diff --git a/gatekeeper-3.18.yaml b/gatekeeper-3.18.yaml
@@ -1,7 +1,7 @@
 package:
   name: gatekeeper-3.18
   version: "3.18.3"
-  epoch: 1
+  epoch: 2
   description: Gatekeeper - Policy Controller for Kubernetes
   copyright:
     - license: Apache-2.0
@@ -109,7 +109,70 @@ update:
     tag-filter: v3.18.
 
 test:
+  environment:
+    contents:
+      packages:
+        - ${{package.name}}-gator
+        - openssl
+        - curl
+        - kubectl
   pipeline:
     # AUTOGENERATED
     - runs: |
         manager --help
+        gator --version | grep -q v"${{package.version}}"
+    - name: gator verify constraint
+      uses: test/daemon-check-output
+      with:
+        setup: |
+          cat > constraint.yaml <<EOF
+          apiVersion: constraints.gatekeeper.sh/v1beta1
+          kind: K8sRequiredLabels
+          metadata:
+            name: ns-must-have-gk
+          spec:
+            match:
+              kinds:
+                - apiGroups: [""]
+                  kinds: ["Namespace"]
+            parameters:
+              labels: ["gatekeeper"]
+          EOF
+        start: |
+          gator verify constraint.yaml
+        timeout: 10
+        expected_output: |
+          PASS
+    - uses: test/kwok/cluster
+    - name: Run Gatekeeper manager in KWOK
+      uses: test/daemon-check-output
+      with:
+        setup: |
+          export KUBERNETES_SERVICE_HOST="127.0.0.1"
+          export KUBERNETES_SERVICE_PORT="32764"
+
+          kubectl config view --minify --raw > /tmp/kwok-kubeconfig.yaml
+          # Create dummy certificates in /tmp
+          echo "Creating dummy certificates..."
+          openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=gatekeeper-webhook-service.gatekeeper-system.svc"
+
+          kubectl create ns gatekeeper-system
+          kubectl -n gatekeeper-system create secret tls gatekeeper-webhook-server-cert --cert=/tmp/tls.crt --key=/tmp/tls.key
+        start: |
+          manager -operation=webhook -metrics-addr=:8080 -logtostderr -v=2 -cert-dir=/tmp -kubeconfig=/tmp/kwok-kubeconfig.yaml
+        timeout: 30
+        expected_output: |
+          setting up cert rotation
+          starting manager
+          Starting metrics server
+          Starting workers
+        post: |
+          echo "Checking health endpoint:"
+          HEALTH_OUTPUT=$(curl -sf http://localhost:9090/healthz)
+          echo "$HEALTH_OUTPUT"
+          if echo "$HEALTH_OUTPUT" | grep -i "ok" > /dev/null; then
+            echo "Health endpoint check PASSED"
+          else
+            echo "Health endpoint check FAILED"
+            exit 1
+          fi
