Skip to content

feat: Implement add-configmap-ownerreference policy #1298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: Implement add-configmap-ownerreference policy #1298

wants to merge 5 commits into from

Conversation

@matanbaruch
Copy link

@matanbaruch matanbaruch commented Jun 1, 2025
edited
Loading

This pull request introduces a new Kyverno policy, add-configmap-ownerreference, which automatically adds owner references to ConfigMaps used by ReplicaSets. The changes include the policy definition, supporting test files, and metadata for Artifact Hub integration.

New Kyverno Policy: Add ConfigMap Owner Reference from ReplicaSet

  • Added the add-configmap-ownerreference.yaml file defining a Kyverno ClusterPolicy that automatically adds owner references to ConfigMaps mounted by ReplicaSets. This ensures proper ownership relationships for garbage collection and dependency tracking. The policy includes annotations, RBAC requirements, and a mutation rule.

Test Infrastructure for the Policy

  • Added chainsaw-test.yaml to define a multi-step test for the policy, including applying resources, patching, and asserting expected outcomes.
  • Added supporting test files, such as configmap-good.yaml, replicaset-with-configmap.yaml, and replicaset-without-configmap.yaml, to simulate various scenarios for the policy. [1] [2] [3]
  • Added kyverno-test.yaml to define policy test results, ensuring the policy behaves as expected under different conditions.

Artifact Hub Integration

  • Added artifacthub-pkg.yml to provide metadata for publishing the policy on Artifact Hub, including installation instructions, keywords, and annotations.

Additional Test Assertions

  • Added assertion files chainsaw-step-01-assert-1.yaml and chainsaw-step-02-assert-1.yaml to validate the policy's behavior during the test steps. [1] [2]

Checklist

  • I have read the policy contribution guidelines.
  • I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

@matanbaruch
Implement add-configmap-ownerreference policy to automatically set ow…
bd75658 
…ner references for ConfigMaps used by ReplicaSets. Includes policy definition, test cases, and example resources for validation.

Signed-off-by: matanbaruch <[email protected]>
@matanbaruch
Copy link
Author

matanbaruch commented Jun 15, 2025

@fernferret @joebowbeer @mcs @poblahblahblah Can I get a review here?

@joebowbeer
Copy link
Contributor

joebowbeer commented Jun 15, 2025
edited
Loading

I gave it a quick look and nothing jumped out that alarms me.

But I'm not a contributor with write access.

I suggest you ask @eddycharly @chipzoller

@matanbaruch
Copy link
Author

matanbaruch commented Jun 15, 2025

I gave it a quick look and nothing jumped out that alarms me.

Does it mean it can be merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JimBugwadia JimBugwadia JimBugwadia approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matanbaruch @joebowbeer @JimBugwadia