[Feature] Add tests for Karpenter Do Not Disrupt policy

Added chainsaw and kyverno test files to verify policy behavior for:
- Label mutation from do-not-evict to do-not-disrupt
- Proper handling of pods with and without the original label
- Policy readiness verification

Signed-off-by: Indrranil Pawar <[email protected]>

karpenter/add-karpenter-donot-disrupt/.chainsaw-test/chainsaw-test.yaml

@@ -0,0 +1,28 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: add-karpenter-donot-disrupt
+spec:
+  steps:
+    - name: step-01
+      try:
+        - apply:
+            file: ../add-karpenter-donot-disrupt.yaml
+        - assert:
+            file: policy-ready.yaml
+    - name: step-02
+      try:
+        - apply:
+            file: ../.kyverno-test/resource.yaml
+        - apply:
+            file: resource-others.yaml
+    - name: step-03
+      try:
+        - assert:
+            file: ../.kyverno-test/patched01.yaml
+        - assert:
+            file: ../.kyverno-test/patched02.yaml
+        - assert:
+            file: patched03.yaml
+        - assert:
+            file: patched04.yaml

karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched03.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-1
+  labels:
+    karpenter.sh/do-not-evict: "true"
+    karpenter.sh/do-not-disrupt: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2

karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched04.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-2
+  labels:
+    karpenter.sh/do-not-evict: "false"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2

karpenter/add-karpenter-donot-disrupt/.chainsaw-test/policy-ready.yaml

@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: add-karpenter-donot-disrupt
+status:
+  conditions:
+    - reason: Succeeded
+      status: "True"
+      type: Ready

karpenter/add-karpenter-donot-disrupt/.chainsaw-test/resource-others.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-1
+  labels:
+    karpenter.sh/do-not-evict: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-2
+  labels:
+    karpenter.sh/do-not-evict: "false"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2

karpenter/add-karpenter-donot-disrupt/.kyverno-test/kyverno-test.yaml

@@ -0,0 +1,23 @@
+apiVersion: cli.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: add-karpenter-donot-disrupt
+policies:
+  - ../add-karpenter-donot-disrupt.yaml
+resources:
+  - resource.yaml
+results:
+  - kind: Pod
+    patchedResource: patched01.yaml
+    policy: add-karpenter-donot-disrupt
+    resources:
+      - test-pod-with-evict
+    result: pass
+    rule: add-donot-disrupt-label
+  - kind: Pod
+    patchedResource: patched02.yaml
+    policy: add-karpenter-donot-disrupt
+    resources:
+      - test-pod-without-evict
+    result: skip
+    rule: add-donot-disrupt-label

karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched01.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-with-evict
+  labels:
+    karpenter.sh/do-not-evict: "true"
+    karpenter.sh/do-not-disrupt: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2

karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched02.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-without-evict
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2

karpenter/add-karpenter-donot-disrupt/.kyverno-test/resource.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-with-evict
+  labels:
+    karpenter.sh/do-not-evict: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-without-evict
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2