mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 21:47:07 +00:00
Make admission webhook e2e tests robust in non-aggregator-routing clusters
This commit is contained in:
Jordan Liggitt
parent
97ad87df02
commit
21a2951375
@ -419,6 +419,7 @@ var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() {
|
|||||||
},
|
},
|
||||||
Webhooks: []admissionregistrationv1.ValidatingWebhook{
|
Webhooks: []admissionregistrationv1.ValidatingWebhook{
|
||||||
newDenyConfigMapWebhookFixture(f, context, servicePort),
|
newDenyConfigMapWebhookFixture(f, context, servicePort),
|
||||||
|
newValidatingIsReadyWebhookFixture(f, context, servicePort),
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
framework.ExpectNoError(err, "Creating validating webhook configuration")
|
framework.ExpectNoError(err, "Creating validating webhook configuration")
|
||||||
@ -426,6 +427,8 @@ var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() {
|
|||||||
err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(hook.Name, nil)
|
err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(hook.Name, nil)
|
||||||
framework.ExpectNoError(err, "Deleting validating webhook configuration")
|
framework.ExpectNoError(err, "Deleting validating webhook configuration")
|
||||||
}()
|
}()
|
||||||
|
// ensure backend is ready before proceeding
|
||||||
|
waitWebhookConfigurationReady(f)
|
||||||
ginkgo.By("Creating a configMap that does not comply to the validation webhook rules")
|
ginkgo.By("Creating a configMap that does not comply to the validation webhook rules")
|
||||||
err = wait.PollImmediate(100*time.Millisecond, 30*time.Second, func() (bool, error) {
|
err = wait.PollImmediate(100*time.Millisecond, 30*time.Second, func() (bool, error) {
|
||||||
cm := namedNonCompliantConfigMap(string(uuid.NewUUID()), f)
|
cm := namedNonCompliantConfigMap(string(uuid.NewUUID()), f)
|
||||||
@ -509,6 +512,7 @@ var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() {
|
|||||||
},
|
},
|
||||||
Webhooks: []admissionregistrationv1.MutatingWebhook{
|
Webhooks: []admissionregistrationv1.MutatingWebhook{
|
||||||
newMutateConfigMapWebhookFixture(f, context, 1, servicePort),
|
newMutateConfigMapWebhookFixture(f, context, 1, servicePort),
|
||||||
|
newMutatingIsReadyWebhookFixture(f, context, servicePort),
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
framework.ExpectNoError(err, "Creating mutating webhook configuration")
|
framework.ExpectNoError(err, "Creating mutating webhook configuration")
|
||||||
@ -516,7 +520,8 @@ var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() {
|
|||||||
err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(hook.Name, nil)
|
err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(hook.Name, nil)
|
||||||
framework.ExpectNoError(err, "Deleting mutating webhook configuration")
|
framework.ExpectNoError(err, "Deleting mutating webhook configuration")
|
||||||
}()
|
}()
|
||||||
|
// ensure backend is ready before proceeding
|
||||||
|
waitWebhookConfigurationReady(f)
|
||||||
hook, err = admissionClient.MutatingWebhookConfigurations().Get(f.UniqueName, metav1.GetOptions{})
|
hook, err = admissionClient.MutatingWebhookConfigurations().Get(f.UniqueName, metav1.GetOptions{})
|
||||||
framework.ExpectNoError(err, "Getting mutating webhook configuration")
|
framework.ExpectNoError(err, "Getting mutating webhook configuration")
|
||||||
ginkgo.By("Updating a mutating webhook configuration's rules to not include the create operation")
|
ginkgo.By("Updating a mutating webhook configuration's rules to not include the create operation")
|
||||||
@ -2449,6 +2454,7 @@ func waitWebhookConfigurationReady(f *framework.Framework) error {
|
|||||||
// with "marker" requests via waitWebhookConfigurationReady to wait for a webhook configuration to be ready.
|
// with "marker" requests via waitWebhookConfigurationReady to wait for a webhook configuration to be ready.
|
||||||
func newValidatingIsReadyWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.ValidatingWebhook {
|
func newValidatingIsReadyWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.ValidatingWebhook {
|
||||||
sideEffectsNone := admissionregistrationv1.SideEffectClassNone
|
sideEffectsNone := admissionregistrationv1.SideEffectClassNone
|
||||||
|
failOpen := admissionregistrationv1.Ignore
|
||||||
return admissionregistrationv1.ValidatingWebhook{
|
return admissionregistrationv1.ValidatingWebhook{
|
||||||
Name: "validating-is-webhook-configuration-ready.k8s.io",
|
Name: "validating-is-webhook-configuration-ready.k8s.io",
|
||||||
Rules: []admissionregistrationv1.RuleWithOperations{{
|
Rules: []admissionregistrationv1.RuleWithOperations{{
|
||||||
@ -2468,6 +2474,8 @@ func newValidatingIsReadyWebhookFixture(f *framework.Framework, context *certCon
|
|||||||
},
|
},
|
||||||
CABundle: context.signingCert,
|
CABundle: context.signingCert,
|
||||||
},
|
},
|
||||||
|
// network failures while the service network routing is being set up should be ignored by the marker
|
||||||
|
FailurePolicy: &failOpen,
|
||||||
SideEffects: &sideEffectsNone,
|
SideEffects: &sideEffectsNone,
|
||||||
AdmissionReviewVersions: []string{"v1", "v1beta1"},
|
AdmissionReviewVersions: []string{"v1", "v1beta1"},
|
||||||
// Scope the webhook to just the markers namespace
|
// Scope the webhook to just the markers namespace
|
||||||
@ -2485,6 +2493,7 @@ func newValidatingIsReadyWebhookFixture(f *framework.Framework, context *certCon
|
|||||||
// with "marker" requests via waitWebhookConfigurationReady to wait for a webhook configuration to be ready.
|
// with "marker" requests via waitWebhookConfigurationReady to wait for a webhook configuration to be ready.
|
||||||
func newMutatingIsReadyWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.MutatingWebhook {
|
func newMutatingIsReadyWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.MutatingWebhook {
|
||||||
sideEffectsNone := admissionregistrationv1.SideEffectClassNone
|
sideEffectsNone := admissionregistrationv1.SideEffectClassNone
|
||||||
|
failOpen := admissionregistrationv1.Ignore
|
||||||
return admissionregistrationv1.MutatingWebhook{
|
return admissionregistrationv1.MutatingWebhook{
|
||||||
Name: "mutating-is-webhook-configuration-ready.k8s.io",
|
Name: "mutating-is-webhook-configuration-ready.k8s.io",
|
||||||
Rules: []admissionregistrationv1.RuleWithOperations{{
|
Rules: []admissionregistrationv1.RuleWithOperations{{
|
||||||
@ -2504,6 +2513,8 @@ func newMutatingIsReadyWebhookFixture(f *framework.Framework, context *certConte
|
|||||||
},
|
},
|
||||||
CABundle: context.signingCert,
|
CABundle: context.signingCert,
|
||||||
},
|
},
|
||||||
|
// network failures while the service network routing is being set up should be ignored by the marker
|
||||||
|
FailurePolicy: &failOpen,
|
||||||
SideEffects: &sideEffectsNone,
|
SideEffects: &sideEffectsNone,
|
||||||
AdmissionReviewVersions: []string{"v1", "v1beta1"},
|
AdmissionReviewVersions: []string{"v1", "v1beta1"},
|
||||||
// Scope the webhook to just the markers namespace
|
// Scope the webhook to just the markers namespace
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user