UNCLASSIFIED - NO CUI

Skip to content

Setup Kyverno CLI Unit Testing

Kyverno recommends using their Kyverno CLI and unit test framework. The Helm Test suite we have does not allow for testing individual policies, and does not work with the Kyverno CLI. This pull request pulls in all of the unit tests from Kyverno Release 1.7, for all the policies under best-practices and pod-security. It also includes a .gitingore to allow for an option 'output' folder and custom vales yaml, that will not be included in the repository, and ignore the Mac .DS_Store files, for testing convenience. It then adds to and re-organized the testing documentation to separate the Helm Test from Kyverno CLI tests, with instructions on how to (1) generate plain yaml manifests for each policy, based on the Helm template for that policy, and (2) how to use it to run against the provided unit tests using Kyverno CLI.

It also corrects a typo found in one of the existing templates, which was causing that particular set of unit tests to fail.

This will give us a base in which to test the policies, use them with the Kyverno CLI for pipeline inclusion outside of a live cluster, and more easily allow us to contribute back to Kyverno, since the repository will know start matching their setup better.

Merge request reports

Loading