github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 22:17:14 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #99736 from deads2k/beta-policy

Browse Source 
clean usage of admissionregistration/v1beta1 from integration tests
This commit is contained in:
Kubernetes Prow Robot 2021-03-04 05:42:22 -08:00 committed by GitHub
commit 9d34bfd601
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 222 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
cmd/kube-apiserver/app/testing/testserver.go
View File

@ -28,6 +28,9 @@ import (
"time" "time"
"github.com/spf13/pflag" "github.com/spf13/pflag"
"go.etcd.io/etcd/clientv3"
"go.etcd.io/etcd/pkg/transport"
"google.golang.org/grpc"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -59,10 +62,12 @@ type TestServerInstanceOptions struct {
// TestServer return values supplied by kube-test-ApiServer // TestServer return values supplied by kube-test-ApiServer
type TestServer struct { type TestServer struct {
ClientConfig *restclient.Config // Rest client config ClientConfig *restclient.Config // Rest client config
ServerOpts *options.ServerRunOptions // ServerOpts ServerOpts *options.ServerRunOptions // ServerOpts
TearDownFn TearDownFunc // TearDown function TearDownFn TearDownFunc // TearDown function
TmpDir string // Temp Dir used, by the apiserver TmpDir string // Temp Dir used, by the apiserver
EtcdClient *clientv3.Client // used by tests that need to check data migrated from APIs that are no longer served
EtcdStoragePrefix string // storage prefix in etcd
} }
// Logger allows t.Testing and b.Testing to be passed to StartTestServer and StartTestServerOrDie // Logger allows t.Testing and b.Testing to be passed to StartTestServer and StartTestServerOrDie
@ -258,12 +263,36 @@ func StartTestServer(t Logger, instanceOptions *TestServerInstanceOptions, custo
return result, fmt.Errorf("failed to wait for default namespace to be created: %v", err) return result, fmt.Errorf("failed to wait for default namespace to be created: %v", err)
} }
tlsInfo := transport.TLSInfo{
CertFile: storageConfig.Transport.CertFile,
KeyFile: storageConfig.Transport.KeyFile,
TrustedCAFile: storageConfig.Transport.TrustedCAFile,
}
tlsConfig, err := tlsInfo.ClientConfig()
if err != nil {
return result, err
}
etcdConfig := clientv3.Config{
Endpoints: storageConfig.Transport.ServerList,
DialTimeout: 20 * time.Second,
DialOptions: []grpc.DialOption{
grpc.WithBlock(), // block until the underlying connection is up
},
TLS: tlsConfig,
}
etcdClient, err := clientv3.New(etcdConfig)
if err != nil {
return result, err
}
// from here the caller must call tearDown // from here the caller must call tearDown
result.ClientConfig = restclient.CopyConfig(server.GenericAPIServer.LoopbackClientConfig) result.ClientConfig = restclient.CopyConfig(server.GenericAPIServer.LoopbackClientConfig)
result.ClientConfig.QPS = 1000 result.ClientConfig.QPS = 1000
result.ClientConfig.Burst = 10000 result.ClientConfig.Burst = 10000
result.ServerOpts = s result.ServerOpts = s
result.TearDownFn = tearDown result.TearDownFn = tearDown
result.EtcdClient = etcdClient
result.EtcdStoragePrefix = storageConfig.Prefix
return result, nil return result, nil
} }

67
test/integration/apiserver/admissionwebhook/admission_test.go
View File

@ -25,14 +25,17 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"path"
"sort" "sort"
"strings" "strings"
"sync" "sync"
"testing" "testing"
"time" "time"
"go.etcd.io/etcd/clientv3"
admissionreviewv1 "k8s.io/api/admission/v1" admissionreviewv1 "k8s.io/api/admission/v1"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
admissionv1 "k8s.io/api/admissionregistration/v1" admissionv1 "k8s.io/api/admissionregistration/v1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1"
appsv1beta1 "k8s.io/api/apps/v1beta1" appsv1beta1 "k8s.io/api/apps/v1beta1"
@ -49,11 +52,13 @@ import (
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
dynamic "k8s.io/client-go/dynamic" dynamic "k8s.io/client-go/dynamic"
clientset "k8s.io/client-go/kubernetes" clientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/client-go/util/retry" "k8s.io/client-go/util/retry"
kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing" kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing"
apisv1beta1 "k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1"
"k8s.io/kubernetes/test/integration/etcd" "k8s.io/kubernetes/test/integration/etcd"
"k8s.io/kubernetes/test/integration/framework" "k8s.io/kubernetes/test/integration/framework"
) )
@ -66,6 +71,10 @@ const (
validation = "validation" validation = "validation"
) )
var (
noSideEffects = admissionregistrationv1.SideEffectClassNone
)
type testContext struct { type testContext struct {
t *testing.T t *testing.T
@ -592,10 +601,10 @@ func testWebhookAdmission(t *testing.T, watchCache bool) {
holder.gvrToConvertedGVK[metaGVR] = schema.GroupVersionKind{Group: resourcesByGVR[convertedGVR].Group, Version: resourcesByGVR[convertedGVR].Version, Kind: resourcesByGVR[convertedGVR].Kind} holder.gvrToConvertedGVK[metaGVR] = schema.GroupVersionKind{Group: resourcesByGVR[convertedGVR].Group, Version: resourcesByGVR[convertedGVR].Version, Kind: resourcesByGVR[convertedGVR].Kind}
} }
if err := createV1beta1MutationWebhook(client, webhookServer.URL+"/v1beta1/"+mutation, webhookServer.URL+"/v1beta1/convert/"+mutation, convertedV1beta1Rules); err != nil { if err := createV1beta1MutationWebhook(server.EtcdClient, server.EtcdStoragePrefix, client, webhookServer.URL+"/v1beta1/"+mutation, webhookServer.URL+"/v1beta1/convert/"+mutation, convertedV1beta1Rules); err != nil {
t.Fatal(err) t.Fatal(err)
} }
if err := createV1beta1ValidationWebhook(client, webhookServer.URL+"/v1beta1/"+validation, webhookServer.URL+"/v1beta1/convert/"+validation, convertedV1beta1Rules); err != nil { if err := createV1beta1ValidationWebhook(server.EtcdClient, server.EtcdStoragePrefix, client, webhookServer.URL+"/v1beta1/"+validation, webhookServer.URL+"/v1beta1/convert/"+validation, convertedV1beta1Rules); err != nil {
t.Fatal(err) t.Fatal(err)
} }
if err := createV1MutationWebhook(client, webhookServer.URL+"/v1/"+mutation, webhookServer.URL+"/v1/convert/"+mutation, convertedV1Rules); err != nil { if err := createV1MutationWebhook(client, webhookServer.URL+"/v1/"+mutation, webhookServer.URL+"/v1/convert/"+mutation, convertedV1Rules); err != nil {
@ -1500,11 +1509,10 @@ func shouldTestResourceVerb(gvr schema.GroupVersionResource, resource metav1.API
// webhook registration helpers // webhook registration helpers
// //
func createV1beta1ValidationWebhook(client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error { func createV1beta1ValidationWebhook(etcdClient *clientv3.Client, etcdStoragePrefix string, client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error {
fail := admissionv1beta1.Fail fail := admissionv1beta1.Fail
equivalent := admissionv1beta1.Equivalent equivalent := admissionv1beta1.Equivalent
// Attaching Admission webhook to API server webhookConfig := &admissionv1beta1.ValidatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"},
Webhooks: []admissionv1beta1.ValidatingWebhook{ Webhooks: []admissionv1beta1.ValidatingWebhook{
{ {
@ -1532,15 +1540,32 @@ func createV1beta1ValidationWebhook(client clientset.Interface, endpoint, conver
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
}, },
}, },
}, metav1.CreateOptions{}) }
return err // run through to get defaulting
apisv1beta1.SetObjectDefaults_ValidatingWebhookConfiguration(webhookConfig)
webhookConfig.TypeMeta.Kind = "ValidatingWebhookConfiguration"
webhookConfig.TypeMeta.APIVersion = "admissionregistration.k8s.io/v1beta1"
// Attaching Mutation webhook to API server
ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), metav1.NamespaceNone)
key := path.Join("/", etcdStoragePrefix, "validatingwebhookconfigurations", webhookConfig.Name)
val, _ := json.Marshal(webhookConfig)
if _, err := etcdClient.Put(ctx, key, string(val)); err != nil {
return err
}
// make sure we can get the webhook
if _, err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Get(context.TODO(), webhookConfig.Name, metav1.GetOptions{}); err != nil {
return err
}
return nil
} }
func createV1beta1MutationWebhook(client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error { func createV1beta1MutationWebhook(etcdClient *clientv3.Client, etcdStoragePrefix string, client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1beta1.RuleWithOperations) error {
fail := admissionv1beta1.Fail fail := admissionv1beta1.Fail
equivalent := admissionv1beta1.Equivalent equivalent := admissionv1beta1.Equivalent
// Attaching Mutation webhook to API server webhookConfig := &admissionv1beta1.MutatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "mutation.integration.test"}, ObjectMeta: metav1.ObjectMeta{Name: "mutation.integration.test"},
Webhooks: []admissionv1beta1.MutatingWebhook{ Webhooks: []admissionv1beta1.MutatingWebhook{
{ {
@ -1568,8 +1593,26 @@ func createV1beta1MutationWebhook(client clientset.Interface, endpoint, converte
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
}, },
}, },
}, metav1.CreateOptions{}) }
return err // run through to get defaulting
apisv1beta1.SetObjectDefaults_MutatingWebhookConfiguration(webhookConfig)
webhookConfig.TypeMeta.Kind = "MutatingWebhookConfiguration"
webhookConfig.TypeMeta.APIVersion = "admissionregistration.k8s.io/v1beta1"
// Attaching Mutation webhook to API server
ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), metav1.NamespaceNone)
key := path.Join("/", etcdStoragePrefix, "mutatingwebhookconfigurations", webhookConfig.Name)
val, _ := json.Marshal(webhookConfig)
if _, err := etcdClient.Put(ctx, key, string(val)); err != nil {
return err
}
// make sure we can get the webhook
if _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(context.TODO(), webhookConfig.Name, metav1.GetOptions{}); err != nil {
return err
}
return nil
} }
func createV1ValidationWebhook(client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1.RuleWithOperations) error { func createV1ValidationWebhook(client clientset.Interface, endpoint, convertedEndpoint string, convertedRules []admissionv1.RuleWithOperations) error {

28
test/integration/apiserver/admissionwebhook/broken_webhook_test.go
View File

@ -22,7 +22,7 @@ import (
"testing" "testing"
"time" "time"
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -60,7 +60,7 @@ func TestBrokenWebhook(t *testing.T) {
} }
t.Logf("Creating Broken Webhook that will block all operations on all objects") t.Logf("Creating Broken Webhook that will block all operations on all objects")
_, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{}) _, err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), brokenWebhookConfig(brokenWebhookName), metav1.CreateOptions{})
if err != nil { if err != nil {
t.Fatalf("Failed to register broken webhook: %v", err) t.Fatalf("Failed to register broken webhook: %v", err)
} }
@ -96,7 +96,7 @@ func TestBrokenWebhook(t *testing.T) {
} }
t.Logf("Deleting the broken webhook to fix the cluster") t.Logf("Deleting the broken webhook to fix the cluster")
err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{}) err = client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), brokenWebhookName, metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatalf("Failed to delete broken webhook: %v", err) t.Fatalf("Failed to delete broken webhook: %v", err)
} }
@ -149,19 +149,19 @@ func exampleDeployment(name string) *appsv1.Deployment {
} }
} }
func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWebhookConfiguration { func brokenWebhookConfig(name string) *admissionregistrationv1.ValidatingWebhookConfiguration {
var path string var path string
failurePolicy := admissionregistrationv1beta1.Fail failurePolicy := admissionregistrationv1.Fail
return &admissionregistrationv1beta1.ValidatingWebhookConfiguration{ return &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: name, Name: name,
}, },
Webhooks: []admissionregistrationv1beta1.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
{ {
Name: "broken-webhook.k8s.io", Name: "broken-webhook.k8s.io",
Rules: []admissionregistrationv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionregistrationv1beta1.OperationType{admissionregistrationv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionregistrationv1beta1.Rule{ Rule: admissionregistrationv1.Rule{
APIGroups: []string{"*"}, APIGroups: []string{"*"},
APIVersions: []string{"*"}, APIVersions: []string{"*"},
Resources: []string{"*/*"}, Resources: []string{"*/*"},
@ -169,15 +169,17 @@ func brokenWebhookConfig(name string) *admissionregistrationv1beta1.ValidatingWe
}}, }},
// This client config references a non existent service // This client config references a non existent service
// so it should always fail. // so it should always fail.
ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
Service: &admissionregistrationv1beta1.ServiceReference{ Service: &admissionregistrationv1.ServiceReference{
Namespace: "default", Namespace: "default",
Name: "invalid-webhook-service", Name: "invalid-webhook-service",
Path: &path, Path: &path,
}, },
CABundle: nil, CABundle: nil,
}, },
FailurePolicy: &failurePolicy, FailurePolicy: &failurePolicy,
SideEffects: &noSideEffects,
AdmissionReviewVersions: []string{"v1"},
}, },
}, },
} }

19
test/integration/apiserver/admissionwebhook/client_auth_test.go
View File

@ -32,7 +32,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -165,28 +165,29 @@ plugins:
t.Fatal(err) t.Fatal(err)
} }
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: "admission.integration.test", Name: "admission.integration.test",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &webhookServer.URL, URL: &webhookServer.URL,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
FailurePolicy: &fail, FailurePolicy: &fail,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

19
test/integration/apiserver/admissionwebhook/load_balance_test.go
View File

@ -31,7 +31,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -114,28 +114,29 @@ func TestWebhookLoadBalance(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"}, ObjectMeta: metav1.ObjectMeta{Name: "admission.integration.test"},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: "admission.integration.test", Name: "admission.integration.test",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &webhookURL, URL: &webhookURL,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
FailurePolicy: &fail, FailurePolicy: &fail,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

39
test/integration/apiserver/admissionwebhook/reinvocation_test.go
View File

@ -34,8 +34,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
schedulingv1 "k8s.io/api/scheduling/v1" schedulingv1 "k8s.io/api/scheduling/v1"
@ -84,12 +83,12 @@ func patchAnnotationValue(configuration, webhook string, patch string) string {
// testWebhookReinvocationPolicy ensures that the admission webhook reinvocation policy is applied correctly. // testWebhookReinvocationPolicy ensures that the admission webhook reinvocation policy is applied correctly.
func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) { func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) {
reinvokeNever := registrationv1beta1.NeverReinvocationPolicy reinvokeNever := admissionregistrationv1.NeverReinvocationPolicy
reinvokeIfNeeded := registrationv1beta1.IfNeededReinvocationPolicy reinvokeIfNeeded := admissionregistrationv1.IfNeededReinvocationPolicy
type testWebhook struct { type testWebhook struct {
path string path string
policy *registrationv1beta1.ReinvocationPolicyType policy *admissionregistrationv1.ReinvocationPolicyType
objectSelector *metav1.LabelSelector objectSelector *metav1.LabelSelector
} }
@ -339,46 +338,48 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
webhooks := []admissionv1beta1.MutatingWebhook{} webhooks := []admissionregistrationv1.MutatingWebhook{}
for j, webhook := range tt.webhooks { for j, webhook := range tt.webhooks {
endpoint := webhookServer.URL + webhook.path endpoint := webhookServer.URL + webhook.path
name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.TrimPrefix(webhook.path, "/")) name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.TrimPrefix(webhook.path, "/"))
webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{
Name: name, Name: name,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
ObjectSelector: webhook.objectSelector, ObjectSelector: webhook.objectSelector,
NamespaceSelector: &metav1.LabelSelector{MatchLabels: nsLabels}, NamespaceSelector: &metav1.LabelSelector{MatchLabels: nsLabels},
FailurePolicy: &fail, FailurePolicy: &fail,
ReinvocationPolicy: webhook.policy, ReinvocationPolicy: webhook.policy,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
} }
// Register a marker checking webhook with each set of webhook configurations // Register a marker checking webhook with each set of webhook configurations
markerEndpoint := webhookServer.URL + "/marker" markerEndpoint := webhookServer.URL + "/marker"
webhooks = append(webhooks, admissionv1beta1.MutatingWebhook{ webhooks = append(webhooks, admissionregistrationv1.MutatingWebhook{
Name: "admission.integration.test.marker", Name: "admission.integration.test.marker",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &markerEndpoint, URL: &markerEndpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
NamespaceSelector: &metav1.LabelSelector{MatchLabels: markerNsLabels}, NamespaceSelector: &metav1.LabelSelector{MatchLabels: markerNsLabels},
ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"marker": "true"}}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"marker": "true"}},
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
cfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ cfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)},
Webhooks: webhooks, Webhooks: webhooks,
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
@ -386,7 +387,7 @@ func testWebhookReinvocationPolicy(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), cfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

64
test/integration/apiserver/admissionwebhook/timeout_test.go
View File

@ -32,7 +32,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -69,7 +69,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
type testWebhook struct { type testWebhook struct {
path string path string
timeoutSeconds int32 timeoutSeconds int32
policy admissionv1beta1.FailurePolicyType policy admissionregistrationv1.FailurePolicyType
objectSelector *metav1.LabelSelector objectSelector *metav1.LabelSelector
} }
@ -86,12 +86,12 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
name: "minimum of request timeout or webhook timeout propagated", name: "minimum of request timeout or webhook timeout propagated",
timeoutSeconds: 10, timeoutSeconds: 10,
mutatingWebhooks: []testWebhook{ mutatingWebhooks: []testWebhook{
{path: "/mutating/1/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/mutating/1/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
{path: "/mutating/2/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/mutating/2/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
}, },
validatingWebhooks: []testWebhook{ validatingWebhooks: []testWebhook{
{path: "/validating/3/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/validating/3/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
{path: "/validating/4/0s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/validating/4/0s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
}, },
expectInvocations: []invocation{ expectInvocations: []invocation{
{path: "/mutating/1/0s", timeoutSeconds: 10}, // from request {path: "/mutating/1/0s", timeoutSeconds: 10}, // from request
@ -104,14 +104,14 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
name: "webhooks consume client timeout available, not webhook timeout", name: "webhooks consume client timeout available, not webhook timeout",
timeoutSeconds: 10, timeoutSeconds: 10,
mutatingWebhooks: []testWebhook{ mutatingWebhooks: []testWebhook{
{path: "/mutating/1/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/mutating/1/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
{path: "/mutating/2/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/mutating/2/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
{path: "/mutating/3/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/mutating/3/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
}, },
validatingWebhooks: []testWebhook{ validatingWebhooks: []testWebhook{
{path: "/validating/4/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 5}, {path: "/validating/4/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 5},
{path: "/validating/5/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 10}, {path: "/validating/5/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 10},
{path: "/validating/6/1s", policy: admissionv1beta1.Fail, timeoutSeconds: 20}, {path: "/validating/6/1s", policy: admissionregistrationv1.Fail, timeoutSeconds: 20},
}, },
expectInvocations: []invocation{ expectInvocations: []invocation{
{path: "/mutating/1/1s", timeoutSeconds: 10}, // from request {path: "/mutating/1/1s", timeoutSeconds: 10}, // from request
@ -126,9 +126,9 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
name: "timed out client requests skip later mutating webhooks (regardless of failure policy) and fail", name: "timed out client requests skip later mutating webhooks (regardless of failure policy) and fail",
timeoutSeconds: 3, timeoutSeconds: 3,
mutatingWebhooks: []testWebhook{ mutatingWebhooks: []testWebhook{
{path: "/mutating/1/5s", policy: admissionv1beta1.Ignore, timeoutSeconds: 4}, {path: "/mutating/1/5s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 4},
{path: "/mutating/2/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, {path: "/mutating/2/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5},
{path: "/mutating/3/1s", policy: admissionv1beta1.Ignore, timeoutSeconds: 5}, {path: "/mutating/3/1s", policy: admissionregistrationv1.Ignore, timeoutSeconds: 5},
}, },
expectInvocations: []invocation{ expectInvocations: []invocation{
{path: "/mutating/1/5s", timeoutSeconds: 3}, // from request {path: "/mutating/1/5s", timeoutSeconds: 3}, // from request
@ -190,27 +190,28 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
mutatingWebhooks := []admissionv1beta1.MutatingWebhook{} mutatingWebhooks := []admissionregistrationv1.MutatingWebhook{}
for j, webhook := range tt.mutatingWebhooks { for j, webhook := range tt.mutatingWebhooks {
name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1))
endpoint := webhookServer.URL + webhook.path endpoint := webhookServer.URL + webhook.path
mutatingWebhooks = append(mutatingWebhooks, admissionv1beta1.MutatingWebhook{ mutatingWebhooks = append(mutatingWebhooks, admissionregistrationv1.MutatingWebhook{
Name: name, Name: name,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
ObjectSelector: webhook.objectSelector, ObjectSelector: webhook.objectSelector,
FailurePolicy: &tt.mutatingWebhooks[j].policy, FailurePolicy: &tt.mutatingWebhooks[j].policy,
TimeoutSeconds: &tt.mutatingWebhooks[j].timeoutSeconds, TimeoutSeconds: &tt.mutatingWebhooks[j].timeoutSeconds,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
} }
mutatingCfg, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ mutatingCfg, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)},
Webhooks: mutatingWebhooks, Webhooks: mutatingWebhooks,
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
@ -218,33 +219,34 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), mutatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
}() }()
validatingWebhooks := []admissionv1beta1.ValidatingWebhook{} validatingWebhooks := []admissionregistrationv1.ValidatingWebhook{}
for j, webhook := range tt.validatingWebhooks { for j, webhook := range tt.validatingWebhooks {
name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1)) name := fmt.Sprintf("admission.integration.test.%d.%s", j, strings.Replace(strings.TrimPrefix(webhook.path, "/"), "/", "-", -1))
endpoint := webhookServer.URL + webhook.path endpoint := webhookServer.URL + webhook.path
validatingWebhooks = append(validatingWebhooks, admissionv1beta1.ValidatingWebhook{ validatingWebhooks = append(validatingWebhooks, admissionregistrationv1.ValidatingWebhook{
Name: name, Name: name,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: localhostCert, CABundle: localhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"pods"}},
}}, }},
ObjectSelector: webhook.objectSelector, ObjectSelector: webhook.objectSelector,
FailurePolicy: &tt.validatingWebhooks[j].policy, FailurePolicy: &tt.validatingWebhooks[j].policy,
TimeoutSeconds: &tt.validatingWebhooks[j].timeoutSeconds, TimeoutSeconds: &tt.validatingWebhooks[j].timeoutSeconds,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}) })
} }
validatingCfg, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.ValidatingWebhookConfiguration{ validatingCfg, err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)}, ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("admission.integration.test-%d", i)},
Webhooks: validatingWebhooks, Webhooks: validatingWebhooks,
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
@ -252,7 +254,7 @@ func testWebhookTimeout(t *testing.T, watchCache bool) {
t.Fatal(err) t.Fatal(err)
} }
defer func() { defer func() {
err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{}) err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(context.TODO(), validatingCfg.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

36
test/integration/apiserver/print_test.go
View File

@ -27,18 +27,6 @@ import (
"testing" "testing"
"time" "time"
apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1"
discoveryv1alpha1 "k8s.io/api/discovery/v1alpha1"
discoveryv1beta1 "k8s.io/api/discovery/v1beta1"
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
flowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1"
flowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1"
nodev1 "k8s.io/api/node/v1"
nodev1alpha1 "k8s.io/api/node/v1alpha1"
nodev1beta1 "k8s.io/api/node/v1beta1"
rbacv1alpha1 "k8s.io/api/rbac/v1alpha1"
schedulerapi "k8s.io/api/scheduling/v1"
storagev1alpha1 "k8s.io/api/storage/v1alpha1"
"k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/api/meta"
metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1" metav1beta1 "k8s.io/apimachinery/pkg/apis/meta/v1beta1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
@ -164,18 +152,18 @@ func TestServerSidePrint(t *testing.T) {
s, _, closeFn := setupWithResources(t, s, _, closeFn := setupWithResources(t,
// additional groupversions needed for the test to run // additional groupversions needed for the test to run
[]schema.GroupVersion{ []schema.GroupVersion{
discoveryv1alpha1.SchemeGroupVersion, {Group: "discovery.k8s.io", Version: "v1alpha1"},
discoveryv1beta1.SchemeGroupVersion, {Group: "discovery.k8s.io", Version: "v1beta1"},
rbacv1alpha1.SchemeGroupVersion, {Group: "rbac.authorization.k8s.io", Version: "v1alpha1"},
schedulerapi.SchemeGroupVersion, {Group: "scheduling.k8s.io", Version: "v1"},
storagev1alpha1.SchemeGroupVersion, {Group: "storage.k8s.io", Version: "v1alpha1"},
extensionsv1beta1.SchemeGroupVersion, {Group: "extensions", Version: "v1beta1"},
nodev1.SchemeGroupVersion, {Group: "node.k8s.io", Version: "v1"},
nodev1alpha1.SchemeGroupVersion, {Group: "node.k8s.io", Version: "v1alpha1"},
nodev1beta1.SchemeGroupVersion, {Group: "node.k8s.io", Version: "v1beta1"},
flowcontrolv1alpha1.SchemeGroupVersion, {Group: "flowcontrol.apiserver.k8s.io", Version: "v1alpha1"},
flowcontrolv1beta1.SchemeGroupVersion, {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1"},
apiserverinternalv1alpha1.SchemeGroupVersion, {Group: "internal.apiserver.k8s.io", Version: "v1alpha1"},
}, },
[]schema.GroupVersionResource{}, []schema.GroupVersionResource{},
) )

8
test/integration/examples/apiserver_test.go
View File

@ -43,7 +43,7 @@ import (
"k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api" clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"k8s.io/client-go/util/cert" "k8s.io/client-go/util/cert"
apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1" apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
kastesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing" kastesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing"
"k8s.io/kubernetes/test/integration/framework" "k8s.io/kubernetes/test/integration/framework"
@ -111,10 +111,10 @@ func TestAggregatedAPIServer(t *testing.T) {
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
_, err = aggregatorClient.ApiregistrationV1beta1().APIServices().Create(context.TODO(), &apiregistrationv1beta1.APIService{ _, err = aggregatorClient.ApiregistrationV1().APIServices().Create(context.TODO(), &apiregistrationv1.APIService{
ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"}, ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"},
Spec: apiregistrationv1beta1.APIServiceSpec{ Spec: apiregistrationv1.APIServiceSpec{
Service: &apiregistrationv1beta1.ServiceReference{ Service: &apiregistrationv1.ServiceReference{
Namespace: "kube-wardle", Namespace: "kube-wardle",
Name: "api", Name: "api",
}, },

24
test/integration/examples/webhook_test.go
View File

@ -22,7 +22,8 @@ import (
"testing" "testing"
"time" "time"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
@ -63,19 +64,22 @@ func TestWebhookLoopback(t *testing.T) {
}, },
}) })
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ noSideEffects := admissionregistrationv1.SideEffectClassNone
_, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "webhooktest.example.com"}, ObjectMeta: metav1.ObjectMeta{Name: "webhooktest.example.com"},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: "webhooktest.example.com", Name: "webhooktest.example.com",
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
Service: &admissionv1beta1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath}, Service: &admissionregistrationv1.ServiceReference{Namespace: "default", Name: "kubernetes", Path: &webhookPath},
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.OperationAll}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.OperationAll},
Rule: admissionv1beta1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{""}, APIVersions: []string{"v1"}, Resources: []string{"configmaps"}},
}}, }},
FailurePolicy: &fail, FailurePolicy: &fail,
SideEffects: &noSideEffects,
AdmissionReviewVersions: []string{"v1"},
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
if err != nil { if err != nil {

22
test/integration/master/audit_test.go
View File

@ -28,7 +28,7 @@ import (
"time" "time"
"k8s.io/api/admission/v1beta1" "k8s.io/api/admission/v1beta1"
admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
apiv1 "k8s.io/api/core/v1" apiv1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -243,7 +243,7 @@ func runTestWithVersion(t *testing.T, version string) {
t.Fatalf("Unexpected error: %v", err) t.Fatalf("Unexpected error: %v", err)
} }
if err := createV1beta1MutationWebhook(kubeclient, url+"/mutation"); err != nil { if err := createMutationWebhook(kubeclient, url+"/mutation"); err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -452,24 +452,26 @@ func admitFunc(review *v1beta1.AdmissionReview) error {
return nil return nil
} }
func createV1beta1MutationWebhook(client clientset.Interface, endpoint string) error { func createMutationWebhook(client clientset.Interface, endpoint string) error {
fail := admissionv1beta1.Fail fail := admissionregistrationv1.Fail
noSideEffects := admissionregistrationv1.SideEffectClassNone
// Attaching Mutation webhook to API server // Attaching Mutation webhook to API server
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionv1beta1.MutatingWebhookConfiguration{ _, err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: testWebhookConfigurationName}, ObjectMeta: metav1.ObjectMeta{Name: testWebhookConfigurationName},
Webhooks: []admissionv1beta1.MutatingWebhook{{ Webhooks: []admissionregistrationv1.MutatingWebhook{{
Name: testWebhookName, Name: testWebhookName,
ClientConfig: admissionv1beta1.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &endpoint, URL: &endpoint,
CABundle: utils.LocalhostCert, CABundle: utils.LocalhostCert,
}, },
Rules: []admissionv1beta1.RuleWithOperations{{ Rules: []admissionregistrationv1.RuleWithOperations{{
Operations: []admissionv1beta1.OperationType{admissionv1beta1.Create, admissionv1beta1.Update}, Operations: []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update},
Rule: admissionv1beta1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}}, Rule: admissionregistrationv1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*/*"}},
}}, }},
ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"admission": "true"}}, ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"admission": "true"}},
FailurePolicy: &fail, FailurePolicy: &fail,
AdmissionReviewVersions: []string{"v1beta1"}, AdmissionReviewVersions: []string{"v1beta1"},
SideEffects: &noSideEffects,
}}, }},
}, metav1.CreateOptions{}) }, metav1.CreateOptions{})
return err return err

8
test/integration/storageversion/storage_version_filter_test.go
View File

@ -37,7 +37,7 @@ import (
clientset "k8s.io/client-go/kubernetes" clientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
featuregatetesting "k8s.io/component-base/featuregate/testing" featuregatetesting "k8s.io/component-base/featuregate/testing"
apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1" apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing" kubeapiservertesting "k8s.io/kubernetes/cmd/kube-apiserver/app/testing"
"k8s.io/kubernetes/test/integration/etcd" "k8s.io/kubernetes/test/integration/etcd"
@ -94,10 +94,10 @@ func testCRDWrite(t *testing.T, cfg *rest.Config, shouldBlock bool) {
func testAPIServiceWrite(t *testing.T, cfg *rest.Config, shouldBlock bool) { func testAPIServiceWrite(t *testing.T, cfg *rest.Config, shouldBlock bool) {
aggregatorClient := aggregatorclient.NewForConfigOrDie(cfg) aggregatorClient := aggregatorclient.NewForConfigOrDie(cfg)
_, err := aggregatorClient.ApiregistrationV1beta1().APIServices().Create(context.TODO(), &apiregistrationv1beta1.APIService{ _, err := aggregatorClient.ApiregistrationV1().APIServices().Create(context.TODO(), &apiregistrationv1.APIService{
ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"}, ObjectMeta: metav1.ObjectMeta{Name: "v1alpha1.wardle.example.com"},
Spec: apiregistrationv1beta1.APIServiceSpec{ Spec: apiregistrationv1.APIServiceSpec{
Service: &apiregistrationv1beta1.ServiceReference{ Service: &apiregistrationv1.ServiceReference{
Namespace: "kube-wardle", Namespace: "kube-wardle",
Name: "api", Name: "api",
}, },