diff --git a/cmd/kube-apiserver/app/testing/testserver.go b/cmd/kube-apiserver/app/testing/testserver.go index 97498f60c14..89d370f8346 100644 --- a/cmd/kube-apiserver/app/testing/testserver.go +++ b/cmd/kube-apiserver/app/testing/testserver.go @@ -28,6 +28,9 @@ import ( "time" "github.com/spf13/pflag" + "go.etcd.io/etcd/clientv3" + "go.etcd.io/etcd/pkg/transport" + "google.golang.org/grpc" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -59,10 +62,12 @@ type TestServerInstanceOptions struct { // TestServer return values supplied by kube-test-ApiServer type TestServer struct { - ClientConfig *restclient.Config // Rest client config - ServerOpts *options.ServerRunOptions // ServerOpts - TearDownFn TearDownFunc // TearDown function - TmpDir string // Temp Dir used, by the apiserver + ClientConfig *restclient.Config // Rest client config + ServerOpts *options.ServerRunOptions // ServerOpts + TearDownFn TearDownFunc // TearDown function + TmpDir string // Temp Dir used, by the apiserver + EtcdClient *clientv3.Client // used by tests that need to check data migrated from APIs that are no longer served + EtcdStoragePrefix string // storage prefix in etcd } // Logger allows t.Testing and b.Testing to be passed to StartTestServer and StartTestServerOrDie @@ -258,12 +263,36 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo return result, fmt.Errorf("failed to wait for default namespace to be created: %v", err) } + tlsInfo := transport.TLSInfo{ + CertFile: storageConfig.Transport.CertFile, + KeyFile: storageConfig.Transport.KeyFile, + TrustedCAFile: storageConfig.Transport.TrustedCAFile, + } + tlsConfig, err := tlsInfo.ClientConfig() + if err != nil { + return result, err + } + etcdConfig := clientv3.Config{ + Endpoints: storageConfig.Transport.ServerList, + DialTimeout: 20 * time.Second, + DialOptions: []grpc.DialOption{ + grpc.WithBlock(), // block until the underlying connection is up + }, + TLS: tlsConfig, + } + etcdClient, err := clientv3.New(etcdConfig) + if err != nil { + return result, err + } + // from here the caller must call tearDown result.ClientConfig = restclient.CopyConfig(server.GenericAPIServer.LoopbackClientConfig) result.ClientConfig.QPS = 1000 result.ClientConfig.Burst = 10000 result.ServerOpts = s result.TearDownFn = tearDown + result.EtcdClient = etcdClient + result.EtcdStoragePrefix = storageConfig.Prefix return result, nil } diff --git a/test/integration/apiserver/admissionwebhook/admission_test.go b/test/integration/apiserver/admissionwebhook/admission_test.go index 292af40daab..d88d6fa08b6 100644 --- a/test/integration/apiserver/admissionwebhook/admission_test.go +++ b/test/integration/apiserver/admissionwebhook/admission_test.go @@ -25,14 +25,17 @@ import ( "io/ioutil" "net/http" "net/http/httptest" + "path" "sort" "strings" "sync" "testing" "time" + "go.etcd.io/etcd/clientv3" admissionreviewv1 "k8s.io/api/admission/v1" "k8s.io/api/admission/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" admissionv1 "k8s.io/api/admissionregistration/v1" admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" appsv1beta1 "k8s.io/api/apps/v1beta1" @@ -49,11 +52,13 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" + genericapirequest "k8s.io/apiserver/pkg/endpoints/request" dynamic "k8s.io/client-go/dynamic" clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/util/retry" kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing" + apisv1beta1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1" "k8s.io/kubernetes/test/integration/etcd" "k8s.io/kubernetes/test/integration/framework" ) @@ -66,6 +71,10 @@ const ( validation = "validation" ) +var ( + noSideEffects = admissionregistrationv1.SideEffectClassNone +) + type testContext struct { t *testing.T @@ -592,10 +601,10 @@ func testWebhookAdmission(t *testing.T, watchCache bool) { holder.gvrToConvertedGVK[metaGVR] = schema.GroupVersionKind{Group: resourcesByGVR[convertedGVR].Group, Version: resourcesByGVR[convertedGVR].Version, Kind: resourcesByGVR[convertedGVR].Kind} } - if err := createV1beta1MutationWebhook(client, webhookServer.URL+"/v1beta1/"+mutation, webhookServer.URL+"/v1beta1/convert/"+mutation, convertedV1beta1Rules); err != nil { + if err := createV1beta1MutationWebhook(server.EtcdClient, server.EtcdStoragePrefix, client, webhookServer.URL+"/v1beta1/"+mutation, webhookServer.URL+"/v1beta1/convert/"+mutation, convertedV1beta1Rules); err != nil { t.Fatal(err) } - if err := createV1beta1ValidationWebhook(client, webhookServer.URL+"/v1beta1/"+validation, webhookServer.URL+"/v1beta1/convert/"+validation, convertedV1beta1Rules); err != nil { + if err := createV1beta1ValidationWebhook(server.EtcdClient, server.EtcdStoragePrefix, client, webhookServer.URL+"/v1beta1/"+validation, webhookServer.URL+"/v1beta1/convert/"+validation, convertedV1beta1Rules); err != nil { t.Fatal(err) } if err := createV1MutationWebhook(client, webhookServer.URL+"/v1/"+mutation, webhookServer.URL+"/v1/convert/"+mutation, convertedV1Rules); err != nil { @@ -1500,11 +1509,10 @@ func shouldTestResourceVerb(gvr schema.GroupVersionResource, resource metav1.API // webhook registration helpers // -func createV1beta1ValidationWebhook(client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error { +func createV1beta1ValidationWebhook(etcdClient *clientv3.Client, etcdStoragePrefix string, client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error { fail := admissionv1beta1.Fail equivalent := admissionv1beta1.Equivalent - // Attaching Admission webhook to API server - _, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.ValidatingWebhookConfiguration{ + webhookConfig := &admissionv1beta1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, Webhooks: []admissionv1beta1.ValidatingWebhook{ { @@ -1532,15 +1540,32 @@ func createV1beta1ValidationWebhook(client clientset.Interface, endpoint, conver AdmissionReviewVersions: []string{"v1beta1"}, }, }, - }, metav1.CreateOptions{}) - return err + } + // run through to get defaulting + apisv1beta1.SetObjectDefaults_ValidatingWebhookConfiguration(webhookConfig) + webhookConfig.TypeMeta.Kind = "ValidatingWebhookConfiguration" + webhookConfig.TypeMeta.APIVersion = "admissionregistration.k8s.io/v1beta1" + + // Attaching Mutation webhook to API server + ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), metav1.NamespaceNone) + key := path.Join("/", etcdStoragePrefix, "validatingwebhookconfigurations", webhookConfig.Name) + val, _ := json.Marshal(webhookConfig) + if _, err := etcdClient.Put(ctx, key, string(val)); err != nil { + return err + } + + // make sure we can get the webhook + if _, err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Get(context.TODO(), webhookConfig.Name, metav1.GetOptions{}); err != nil { + return err + } + + return nil } -func createV1beta1MutationWebhook(client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error { +func createV1beta1MutationWebhook(etcdClient *clientv3.Client, etcdStoragePrefix string, client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error { fail := admissionv1beta1.Fail equivalent := admissionv1beta1.Equivalent - // Attaching Mutation webhook to API server - _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + webhookConfig := &admissionv1beta1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "mutation.integration.test"}, Webhooks: []admissionv1beta1.MutatingWebhook{ { @@ -1568,8 +1593,26 @@ func createV1beta1MutationWebhook(client clientset.Interface, endpoint, converte AdmissionReviewVersions: []string{"v1beta1"}, }, }, - }, metav1.CreateOptions{}) - return err + } + // run through to get defaulting + apisv1beta1.SetObjectDefaults_MutatingWebhookConfiguration(webhookConfig) + webhookConfig.TypeMeta.Kind = "MutatingWebhookConfiguration" + webhookConfig.TypeMeta.APIVersion = "admissionregistration.k8s.io/v1beta1" + + // Attaching Mutation webhook to API server + ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), metav1.NamespaceNone) + key := path.Join("/", etcdStoragePrefix, "mutatingwebhookconfigurations", webhookConfig.Name) + val, _ := json.Marshal(webhookConfig) + if _, err := etcdClient.Put(ctx, key, string(val)); err != nil { + return err + } + + // make sure we can get the webhook + if _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(context.TODO(), webhookConfig.Name, metav1.GetOptions{}); err != nil { + return err + } + + return nil } func createV1ValidationWebhook(client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1.RuleWithOperations) error { diff --git a/test/integration/apiserver/admissionwebhook/broken_webhook_test.go b/test/integration/apiserver/admissionwebhook/broken_webhook_test.go index 3546760e31f..9c9de69420c 100644 --- a/test/integration/apiserver/admissionwebhook/broken_webhook_test.go +++ b/test/integration/apiserver/admissionwebhook/broken_webhook_test.go @@ -22,7 +22,7 @@ import ( "testing" "time" - admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -60,7 +60,7 @@ func TestBrokenWebhook(t *testing.T) { } t.Logf("Creating Broken Webhook that will block all operations on all objects") - _, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{}) + _, err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{}) if err != nil { t.Fatalf("Failed to register broken webhook: %v", err) } @@ -96,7 +96,7 @@ func TestBrokenWebhook(t *testing.T) { } t.Logf("Deleting the broken webhook to fix the cluster") - err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{}) + err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{}) if err != nil { t.Fatalf("Failed to delete broken webhook: %v", err) } @@ -149,19 +149,19 @@ func exampleDeployment(name string) *appsv1.Deployment { } } -func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWebhookConfiguration { +func brokenWebhookConfig(name string) *admissionregistrationv1.ValidatingWebhookConfiguration { var path string - failurePolicy := admissionregistrationv1beta1.Fail - return &admissionregistrationv1beta1.ValidatingWebhookConfiguration{ + failurePolicy := admissionregistrationv1.Fail + return &admissionregistrationv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Name: name, }, - Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{ + Webhooks: []admissionregistrationv1.ValidatingWebhook{ { Name: "broken-webhook.k8s.io", - Rules: []admissionregistrationv1beta1.RuleWithOperations{{ - Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.OperationAll}, - Rule: admissionregistrationv1beta1.Rule{ + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{ APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}, @@ -169,15 +169,17 @@ func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWe }}, // This client config references a non existent service // so it should always fail. - ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{ - Service: &admissionregistrationv1beta1.ServiceReference{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ + Service: &admissionregistrationv1.ServiceReference{ Namespace: "default", Name: "invalid-webhook-service", Path: &path, }, CABundle: nil, }, - FailurePolicy: &failurePolicy, + FailurePolicy: &failurePolicy, + SideEffects: &noSideEffects, + AdmissionReviewVersions: []string{"v1"}, }, }, } diff --git a/test/integration/apiserver/admissionwebhook/client_auth_test.go b/test/integration/apiserver/admissionwebhook/client_auth_test.go index 87534edf14c..6839be9788a 100644 --- a/test/integration/apiserver/admissionwebhook/client_auth_test.go +++ b/test/integration/apiserver/admissionwebhook/client_auth_test.go @@ -32,7 +32,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -165,28 +165,29 @@ plugins: t.Fatal(err) } - fail := admissionv1beta1.Fail - mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + fail := admissionregistrationv1.Fail + mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: "admission.integration.test", - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &webhookServer.URL, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, FailurePolicy: &fail, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }}, }, metav1.CreateOptions{}) if err != nil { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/apiserver/admissionwebhook/load_balance_test.go b/test/integration/apiserver/admissionwebhook/load_balance_test.go index 5e3a775ef25..30ed5cc5f82 100644 --- a/test/integration/apiserver/admissionwebhook/load_balance_test.go +++ b/test/integration/apiserver/admissionwebhook/load_balance_test.go @@ -31,7 +31,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -114,28 +114,29 @@ func TestWebhookLoadBalance(t *testing.T) { t.Fatal(err) } - fail := admissionv1beta1.Fail - mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + fail := admissionregistrationv1.Fail + mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: "admission.integration.test", - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &webhookURL, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, FailurePolicy: &fail, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }}, }, metav1.CreateOptions{}) if err != nil { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/apiserver/admissionwebhook/reinvocation_test.go b/test/integration/apiserver/admissionwebhook/reinvocation_test.go index 40db2ea198c..33c1f445e0c 100644 --- a/test/integration/apiserver/admissionwebhook/reinvocation_test.go +++ b/test/integration/apiserver/admissionwebhook/reinvocation_test.go @@ -34,8 +34,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" - registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" schedulingv1 "k8s.io/api/scheduling/v1" @@ -84,12 +83,12 @@ func patchAnnotationValue(configuration, webhook string, patch string) string { // testWebhookReinvocationPolicy ensures that the admission webhook reinvocation policy is applied correctly. func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { - reinvokeNever := registrationv1beta1.NeverReinvocationPolicy - reinvokeIfNeeded := registrationv1beta1.IfNeededReinvocationPolicy + reinvokeNever := admissionregistrationv1.NeverReinvocationPolicy + reinvokeIfNeeded := admissionregistrationv1.IfNeededReinvocationPolicy type testWebhook struct { path string - policy *registrationv1beta1.ReinvocationPolicyType + policy *admissionregistrationv1.ReinvocationPolicyType objectSelector *metav1.LabelSelector } @@ -339,46 +338,48 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { t.Fatal(err) } - fail := admissionv1beta1.Fail - webhooks := []admissionv1beta1.MutatingWebhook{} + fail := admissionregistrationv1.Fail + webhooks := []admissionregistrationv1.MutatingWebhook{} for j, webhook := range tt.webhooks { endpoint := webhookServer.URL + webhook.path name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.TrimPrefix(webhook.path, "/")) - webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ + webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{ Name: name, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, ObjectSelector: webhook.objectSelector, NamespaceSelector: &metav1.LabelSelector{MatchLabels: nsLabels}, FailurePolicy: &fail, ReinvocationPolicy: webhook.policy, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) } // Register a marker checking webhook with each set of webhook configurations markerEndpoint := webhookServer.URL + "/marker" - webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ + webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{ Name: "admission.integration.test.marker", - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &markerEndpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, NamespaceSelector: &metav1.LabelSelector{MatchLabels: markerNsLabels}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"marker": "true"}}, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) - cfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + cfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, Webhooks: webhooks, }, metav1.CreateOptions{}) @@ -386,7 +387,7 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/apiserver/admissionwebhook/timeout_test.go b/test/integration/apiserver/admissionwebhook/timeout_test.go index 5d01bd6a4bc..0382d16918d 100644 --- a/test/integration/apiserver/admissionwebhook/timeout_test.go +++ b/test/integration/apiserver/admissionwebhook/timeout_test.go @@ -32,7 +32,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -69,7 +69,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { type testWebhook struct { path string timeoutSeconds int32 - policy admissionv1beta1.FailurePolicyType + policy admissionregistrationv1.FailurePolicyType objectSelector *metav1.LabelSelector } @@ -86,12 +86,12 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { name: "minimum of request timeout or webhook timeout propagated", timeoutSeconds: 10, mutatingWebhooks: []testWebhook{ - {path: "/mutating/1/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, - {path: "/mutating/2/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, + {path: "/mutating/1/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, + {path: "/mutating/2/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, }, validatingWebhooks: []testWebhook{ - {path: "/validating/3/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, - {path: "/validating/4/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, + {path: "/validating/3/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, + {path: "/validating/4/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, }, expectInvocations: []invocation{ {path: "/mutating/1/0s", timeoutSeconds: 10}, // from request @@ -104,14 +104,14 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { name: "webhooks consume client timeout available, not webhook timeout", timeoutSeconds: 10, mutatingWebhooks: []testWebhook{ - {path: "/mutating/1/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, - {path: "/mutating/2/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, - {path: "/mutating/3/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, + {path: "/mutating/1/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, + {path: "/mutating/2/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, + {path: "/mutating/3/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, }, validatingWebhooks: []testWebhook{ - {path: "/validating/4/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, - {path: "/validating/5/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 10}, - {path: "/validating/6/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, + {path: "/validating/4/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5}, + {path: "/validating/5/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 10}, + {path: "/validating/6/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20}, }, expectInvocations: []invocation{ {path: "/mutating/1/1s", timeoutSeconds: 10}, // from request @@ -126,9 +126,9 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { name: "timed out client requests skip later mutating webhooks (regardless of failure policy) and fail", timeoutSeconds: 3, mutatingWebhooks: []testWebhook{ - {path: "/mutating/1/5s", policy: admissionv1beta1.Ignore, timeoutSeconds: 4}, - {path: "/mutating/2/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, - {path: "/mutating/3/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, + {path: "/mutating/1/5s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 4}, + {path: "/mutating/2/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5}, + {path: "/mutating/3/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5}, }, expectInvocations: []invocation{ {path: "/mutating/1/5s", timeoutSeconds: 3}, // from request @@ -190,27 +190,28 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { t.Fatal(err) } - mutatingWebhooks := []admissionv1beta1.MutatingWebhook{} + mutatingWebhooks := []admissionregistrationv1.MutatingWebhook{} for j, webhook := range tt.mutatingWebhooks { name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) endpoint := webhookServer.URL + webhook.path - mutatingWebhooks = append(mutatingWebhooks, admissionv1beta1.MutatingWebhook{ + mutatingWebhooks = append(mutatingWebhooks, admissionregistrationv1.MutatingWebhook{ Name: name, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, ObjectSelector: webhook.objectSelector, FailurePolicy: &tt.mutatingWebhooks[j].policy, TimeoutSeconds: &tt.mutatingWebhooks[j].timeoutSeconds, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) } - mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, Webhooks: mutatingWebhooks, }, metav1.CreateOptions{}) @@ -218,33 +219,34 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } }() - validatingWebhooks := []admissionv1beta1.ValidatingWebhook{} + validatingWebhooks := []admissionregistrationv1.ValidatingWebhook{} for j, webhook := range tt.validatingWebhooks { name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) endpoint := webhookServer.URL + webhook.path - validatingWebhooks = append(validatingWebhooks, admissionv1beta1.ValidatingWebhook{ + validatingWebhooks = append(validatingWebhooks, admissionregistrationv1.ValidatingWebhook{ Name: name, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: localhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, }}, ObjectSelector: webhook.objectSelector, FailurePolicy: &tt.validatingWebhooks[j].policy, TimeoutSeconds: &tt.validatingWebhooks[j].timeoutSeconds, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }) } - validatingCfg, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.ValidatingWebhookConfiguration{ + validatingCfg, err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, Webhooks: validatingWebhooks, }, metav1.CreateOptions{}) @@ -252,7 +254,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) { t.Fatal(err) } defer func() { - err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{}) + err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{}) if err != nil { t.Fatal(err) } diff --git a/test/integration/apiserver/print_test.go b/test/integration/apiserver/print_test.go index 48f8a87fb0a..74beae0bbd1 100644 --- a/test/integration/apiserver/print_test.go +++ b/test/integration/apiserver/print_test.go @@ -27,18 +27,6 @@ import ( "testing" "time" - apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1" - discoveryv1alpha1 "k8s.io/api/discovery/v1alpha1" - discoveryv1beta1 "k8s.io/api/discovery/v1beta1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" - flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" - flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1" - nodev1 "k8s.io/api/node/v1" - nodev1alpha1 "k8s.io/api/node/v1alpha1" - nodev1beta1 "k8s.io/api/node/v1beta1" - rbacv1alpha1 "k8s.io/api/rbac/v1alpha1" - schedulerapi "k8s.io/api/scheduling/v1" - storagev1alpha1 "k8s.io/api/storage/v1alpha1" "k8s.io/apimachinery/pkg/api/meta" metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1" "k8s.io/apimachinery/pkg/runtime" @@ -164,18 +152,18 @@ func TestServerSidePrint(t *testing.T) { s, _, closeFn := setupWithResources(t, // additional groupversions needed for the test to run []schema.GroupVersion{ - discoveryv1alpha1.SchemeGroupVersion, - discoveryv1beta1.SchemeGroupVersion, - rbacv1alpha1.SchemeGroupVersion, - schedulerapi.SchemeGroupVersion, - storagev1alpha1.SchemeGroupVersion, - extensionsv1beta1.SchemeGroupVersion, - nodev1.SchemeGroupVersion, - nodev1alpha1.SchemeGroupVersion, - nodev1beta1.SchemeGroupVersion, - flowcontrolv1alpha1.SchemeGroupVersion, - flowcontrolv1beta1.SchemeGroupVersion, - apiserverinternalv1alpha1.SchemeGroupVersion, + {Group: "discovery.k8s.io", Version: "v1alpha1"}, + {Group: "discovery.k8s.io", Version: "v1beta1"}, + {Group: "rbac.authorization.k8s.io", Version: "v1alpha1"}, + {Group: "scheduling.k8s.io", Version: "v1"}, + {Group: "storage.k8s.io", Version: "v1alpha1"}, + {Group: "extensions", Version: "v1beta1"}, + {Group: "node.k8s.io", Version: "v1"}, + {Group: "node.k8s.io", Version: "v1alpha1"}, + {Group: "node.k8s.io", Version: "v1beta1"}, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1alpha1"}, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1"}, + {Group: "internal.apiserver.k8s.io", Version: "v1alpha1"}, }, []schema.GroupVersionResource{}, ) diff --git a/test/integration/examples/apiserver_test.go b/test/integration/examples/apiserver_test.go index 66bf8558d0e..9b8923c2851 100644 --- a/test/integration/examples/apiserver_test.go +++ b/test/integration/examples/apiserver_test.go @@ -43,7 +43,7 @@ import ( "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" "k8s.io/client-go/util/cert" - apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1" + apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" kastesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing" "k8s.io/kubernetes/test/integration/framework" @@ -111,10 +111,10 @@ func TestAggregatedAPIServer(t *testing.T) { if err != nil { t.Fatal(err) } - _, err = aggregatorClient.ApiregistrationV1beta1().APIServices().Create(context.TODO(), &apiregistrationv1beta1.APIService{ + _, err = aggregatorClient.ApiregistrationV1().APIServices().Create(context.TODO(), &apiregistrationv1.APIService{ ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"}, - Spec: apiregistrationv1beta1.APIServiceSpec{ - Service: &apiregistrationv1beta1.ServiceReference{ + Spec: apiregistrationv1.APIServiceSpec{ + Service: &apiregistrationv1.ServiceReference{ Namespace: "kube-wardle", Name: "api", }, diff --git a/test/integration/examples/webhook_test.go b/test/integration/examples/webhook_test.go index cbf60fc5ac0..b16973e2d25 100644 --- a/test/integration/examples/webhook_test.go +++ b/test/integration/examples/webhook_test.go @@ -22,7 +22,8 @@ import ( "testing" "time" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -63,19 +64,22 @@ func TestWebhookLoopback(t *testing.T) { }, }) - fail := admissionv1beta1.Fail - _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + fail := admissionregistrationv1.Fail + noSideEffects := admissionregistrationv1.SideEffectClassNone + _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: "webhooktest.example.com"}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: "webhooktest.example.com", - ClientConfig: admissionv1beta1.WebhookClientConfig{ - Service: &admissionv1beta1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath}, + ClientConfig: admissionregistrationv1.WebhookClientConfig{ + Service: &admissionregistrationv1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath}, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, - Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}}, }}, - FailurePolicy: &fail, + FailurePolicy: &fail, + SideEffects: &noSideEffects, + AdmissionReviewVersions: []string{"v1"}, }}, }, metav1.CreateOptions{}) if err != nil { diff --git a/test/integration/master/audit_test.go b/test/integration/master/audit_test.go index e33da73e703..5b984c6b5ac 100644 --- a/test/integration/master/audit_test.go +++ b/test/integration/master/audit_test.go @@ -28,7 +28,7 @@ import ( "time" "k8s.io/api/admission/v1beta1" - admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" apiv1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -243,7 +243,7 @@ func runTestWithVersion(t *testing.T, version string) { t.Fatalf("Unexpected error: %v", err) } - if err := createV1beta1MutationWebhook(kubeclient, url+"/mutation"); err != nil { + if err := createMutationWebhook(kubeclient, url+"/mutation"); err != nil { t.Fatal(err) } @@ -452,24 +452,26 @@ func admitFunc(review *v1beta1.AdmissionReview) error { return nil } -func createV1beta1MutationWebhook(client clientset.Interface, endpoint string) error { - fail := admissionv1beta1.Fail +func createMutationWebhook(client clientset.Interface, endpoint string) error { + fail := admissionregistrationv1.Fail + noSideEffects := admissionregistrationv1.SideEffectClassNone // Attaching Mutation webhook to API server - _, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ + _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: testWebhookConfigurationName}, - Webhooks: []admissionv1beta1.MutatingWebhook{{ + Webhooks: []admissionregistrationv1.MutatingWebhook{{ Name: testWebhookName, - ClientConfig: admissionv1beta1.WebhookClientConfig{ + ClientConfig: admissionregistrationv1.WebhookClientConfig{ URL: &endpoint, CABundle: utils.LocalhostCert, }, - Rules: []admissionv1beta1.RuleWithOperations{{ - Operations: []admissionv1beta1.OperationType{admissionv1beta1.Create, admissionv1beta1.Update}, - Rule: admissionv1beta1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}}, + Rules: []admissionregistrationv1.RuleWithOperations{{ + Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update}, + Rule: admissionregistrationv1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}}, }}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"admission": "true"}}, FailurePolicy: &fail, AdmissionReviewVersions: []string{"v1beta1"}, + SideEffects: &noSideEffects, }}, }, metav1.CreateOptions{}) return err diff --git a/test/integration/storageversion/storage_version_filter_test.go b/test/integration/storageversion/storage_version_filter_test.go index df6c2b5b1da..678e8e1ae71 100644 --- a/test/integration/storageversion/storage_version_filter_test.go +++ b/test/integration/storageversion/storage_version_filter_test.go @@ -37,7 +37,7 @@ import ( clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" featuregatetesting "k8s.io/component-base/featuregate/testing" - apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1" + apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing" "k8s.io/kubernetes/test/integration/etcd" @@ -94,10 +94,10 @@ func testCRDWrite(t *testing.T, cfg *rest.Config, shouldBlock bool) { func testAPIServiceWrite(t *testing.T, cfg *rest.Config, shouldBlock bool) { aggregatorClient := aggregatorclient.NewForConfigOrDie(cfg) - _, err := aggregatorClient.ApiregistrationV1beta1().APIServices().Create(context.TODO(), &apiregistrationv1beta1.APIService{ + _, err := aggregatorClient.ApiregistrationV1().APIServices().Create(context.TODO(), &apiregistrationv1.APIService{ ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"}, - Spec: apiregistrationv1beta1.APIServiceSpec{ - Service: &apiregistrationv1beta1.ServiceReference{ + Spec: apiregistrationv1.APIServiceSpec{ + Service: &apiregistrationv1.ServiceReference{ Namespace: "kube-wardle", Name: "api", },