Basic Chainsaw Example
Chainsaw is an open-source tool initially developed to define and run Kyverno end-to-end tests. It can test any Kubernetes objects.
Below is a simple workflow for executing a Chainsaw test available on GitHub. You can paste this directly into the
YAML of an existing or new test, just make sure to update the name
and namespace
for your environment as needed.
- The
spec.content
property defines the path to the Chainsaw test in a GitHub repository. - The
spec.container
property uses the official Chainsaw image to set up test environment. - The
spec.steps
property defines a single step that runs thechainsaw test <test path>
test command which generates a JUnit-style XML Report which Testkube can visualise accordingly (Read More)
kind: TestWorkflow
apiVersion: testworkflows.testkube.io/v1
metadata:
name: simple-chainsaw-test
namespace: testkube
spec:
content:
git:
uri: https://github.com/cerebro1/chainsaw-testkube-demo.git
container:
image: ghcr.io/kyverno/chainsaw:latest
pod:
serviceAccountName: chainsaw-service-account
steps:
- name: Run test
shell: |
chainsaw test --report-format XML --report-path /data/repo --report-name chainsaw-report /data/repo/chainsaw-test/basic-test
artifacts:
paths:
- /data/repo/chainsaw-report.xml
status: {}
After execution, you can see the log output from the Chainsaw execution under the "Log Output" panel:
If your test produced a JUnit report it is available under the JUnit Report tab accordingly.
Using a custom ServiceAccount
Chainsaw tests attempt to create a temporary namespace to which they deploy resources to be asserted. The default ServiceAccount used by Testkube to run Workflows does not have permissions to create/get/delete namespaces, requiring you to define a corresponding ServiceAccount and use that in your Chainsaw Workflow (as shown on lines 12-13 in the example above).
Use kubectl to apply the following configuration to the cluster where the Testkube Agent is running.
apiVersion: v1
kind: ServiceAccount
metadata:
name: chainsaw-service-account
namespace: testkube
---
# Example Cluster Role for Chainsaw Tests
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: chainsaw-service-account-cr
rules:
- verbs:
- create
- delete
- get
apiGroups:
- ''
resources:
- namespaces
---
# Bind SA to the ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: chainsaw-service-account-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: chainsaw-service-account-cr
subjects:
- kind: ServiceAccount
name: chainsaw-service-account
namespace: testkube