github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

Use non-default container port and scoped port vars in webhook e2e tests

Browse Source
This commit is contained in:
Joe Betz 2019-08-20 12:58:02 -07:00
parent 46d65d0a46
commit a3e187d86a
2 changed files with 63 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
test/e2e/apimachinery/crd_conversion_webhook.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package apimachinery package apimachinery
import ( import (
"fmt"
"time" "time"
"github.com/onsi/ginkgo" "github.com/onsi/ginkgo"
@ -50,7 +51,6 @@ const (
secretCRDName = "sample-custom-resource-conversion-webhook-secret" secretCRDName = "sample-custom-resource-conversion-webhook-secret"
deploymentCRDName = "sample-crd-conversion-webhook-deployment" deploymentCRDName = "sample-crd-conversion-webhook-deployment"
serviceCRDName = "e2e-test-crd-conversion-webhook" serviceCRDName = "e2e-test-crd-conversion-webhook"
serviceCRDPort = 9443
roleBindingCRDName = "crd-conversion-webhook-auth-reader" roleBindingCRDName = "crd-conversion-webhook-auth-reader"
) )
@ -119,6 +119,8 @@ var alternativeAPIVersions = []apiextensionsv1.CustomResourceDefinitionVersion{
var _ = SIGDescribe("CustomResourceConversionWebhook", func() { var _ = SIGDescribe("CustomResourceConversionWebhook", func() {
var context *certContext var context *certContext
f := framework.NewDefaultFramework("crd-webhook") f := framework.NewDefaultFramework("crd-webhook")
servicePort := int32(9443)
containerPort := int32(9444)
var client clientset.Interface var client clientset.Interface
var namespaceName string var namespaceName string
@ -134,7 +136,7 @@ var _ = SIGDescribe("CustomResourceConversionWebhook", func() {
context = setupServerCert(f.Namespace.Name, serviceCRDName) context = setupServerCert(f.Namespace.Name, serviceCRDName)
createAuthReaderRoleBindingForCRDConversion(f, f.Namespace.Name) createAuthReaderRoleBindingForCRDConversion(f, f.Namespace.Name)
deployCustomResourceWebhookAndService(f, imageutils.GetE2EImage(imageutils.Agnhost), context) deployCustomResourceWebhookAndService(f, imageutils.GetE2EImage(imageutils.Agnhost), context, servicePort, containerPort)
}) })
ginkgo.AfterEach(func() { ginkgo.AfterEach(func() {
@ -153,7 +155,7 @@ var _ = SIGDescribe("CustomResourceConversionWebhook", func() {
Namespace: f.Namespace.Name, Namespace: f.Namespace.Name,
Name: serviceCRDName, Name: serviceCRDName,
Path: pointer.StringPtr("/crdconvert"), Path: pointer.StringPtr("/crdconvert"),
Port: pointer.Int32Ptr(serviceCRDPort), Port: pointer.Int32Ptr(servicePort),
}, },
}, },
ConversionReviewVersions: []string{"v1", "v1beta1"}, ConversionReviewVersions: []string{"v1", "v1beta1"},
@ -180,7 +182,7 @@ var _ = SIGDescribe("CustomResourceConversionWebhook", func() {
Namespace: f.Namespace.Name, Namespace: f.Namespace.Name,
Name: serviceCRDName, Name: serviceCRDName,
Path: pointer.StringPtr("/crdconvert"), Path: pointer.StringPtr("/crdconvert"),
Port: pointer.Int32Ptr(serviceCRDPort), Port: pointer.Int32Ptr(servicePort),
}, },
}, },
ConversionReviewVersions: []string{"v1", "v1beta1"}, ConversionReviewVersions: []string{"v1", "v1beta1"},
@ -232,7 +234,7 @@ func createAuthReaderRoleBindingForCRDConversion(f *framework.Framework, namespa
} }
} }
func deployCustomResourceWebhookAndService(f *framework.Framework, image string, context *certContext) { func deployCustomResourceWebhookAndService(f *framework.Framework, image string, context *certContext, servicePort int32, containerPort int32) {
ginkgo.By("Deploying the custom resource conversion webhook pod") ginkgo.By("Deploying the custom resource conversion webhook pod")
client := f.ClientSet client := f.ClientSet
@ -280,8 +282,11 @@ func deployCustomResourceWebhookAndService(f *framework.Framework, image string,
"--tls-private-key-file=/webhook.local.config/certificates/tls.key", "--tls-private-key-file=/webhook.local.config/certificates/tls.key",
"--alsologtostderr", "--alsologtostderr",
"-v=4", "-v=4",
// Use a non-default port for containers.
fmt.Sprintf("--port=%d", containerPort),
}, },
Image: image, Image: image,
Ports: []v1.ContainerPort{{ContainerPort: containerPort}},
}, },
} }
d := &appsv1.Deployment{ d := &appsv1.Deployment{
@ -331,8 +336,8 @@ func deployCustomResourceWebhookAndService(f *framework.Framework, image string,
Ports: []v1.ServicePort{ Ports: []v1.ServicePort{
{ {
Protocol: "TCP", Protocol: "TCP",
Port: serviceCRDPort, Port: servicePort,
TargetPort: intstr.FromInt(443), TargetPort: intstr.FromInt(int(containerPort)),
}, },
}, },
}, },

98
test/e2e/apimachinery/webhook.go
View File

@ -59,7 +59,6 @@ const (
secretName = "sample-webhook-secret" secretName = "sample-webhook-secret"
deploymentName = "sample-webhook-deployment" deploymentName = "sample-webhook-deployment"
serviceName = "e2e-test-webhook" serviceName = "e2e-test-webhook"
servicePort = 8443
roleBindingName = "webhook-auth-reader" roleBindingName = "webhook-auth-reader"
skipNamespaceLabelKey = "skip-webhook-admission" skipNamespaceLabelKey = "skip-webhook-admission"
@ -83,6 +82,8 @@ var serverWebhookVersion = utilversion.MustParseSemantic("v1.8.0")
var _ = SIGDescribe("AdmissionWebhook", func() { var _ = SIGDescribe("AdmissionWebhook", func() {
var context *certContext var context *certContext
f := framework.NewDefaultFramework("webhook") f := framework.NewDefaultFramework("webhook")
servicePort := int32(8443)
containerPort := int32(8444)
var client clientset.Interface var client clientset.Interface
var namespaceName string var namespaceName string
@ -107,7 +108,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
context = setupServerCert(namespaceName, serviceName) context = setupServerCert(namespaceName, serviceName)
createAuthReaderRoleBinding(f, namespaceName) createAuthReaderRoleBinding(f, namespaceName)
deployWebhookAndService(f, imageutils.GetE2EImage(imageutils.Agnhost), context) deployWebhookAndService(f, imageutils.GetE2EImage(imageutils.Agnhost), context, servicePort, containerPort)
}) })
ginkgo.AfterEach(func() { ginkgo.AfterEach(func() {
@ -115,13 +116,13 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
}) })
ginkgo.It("Should be able to deny pod and configmap creation", func() { ginkgo.It("Should be able to deny pod and configmap creation", func() {
webhookCleanup := registerWebhook(f, f.UniqueName, context) webhookCleanup := registerWebhook(f, f.UniqueName, context, servicePort)
defer webhookCleanup() defer webhookCleanup()
testWebhook(f) testWebhook(f)
}) })
ginkgo.It("Should be able to deny attaching pod", func() { ginkgo.It("Should be able to deny attaching pod", func() {
webhookCleanup := registerWebhookForAttachingPod(f, f.UniqueName, context) webhookCleanup := registerWebhookForAttachingPod(f, f.UniqueName, context, servicePort)
defer webhookCleanup() defer webhookCleanup()
testAttachingPodWebhook(f) testAttachingPodWebhook(f)
}) })
@ -132,36 +133,36 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
return return
} }
defer testcrd.CleanUp() defer testcrd.CleanUp()
webhookCleanup := registerWebhookForCustomResource(f, f.UniqueName, context, testcrd) webhookCleanup := registerWebhookForCustomResource(f, f.UniqueName, context, testcrd, servicePort)
defer webhookCleanup() defer webhookCleanup()
testCustomResourceWebhook(f, testcrd.Crd, testcrd.DynamicClients["v1"]) testCustomResourceWebhook(f, testcrd.Crd, testcrd.DynamicClients["v1"])
testBlockingCustomResourceDeletion(f, testcrd.Crd, testcrd.DynamicClients["v1"]) testBlockingCustomResourceDeletion(f, testcrd.Crd, testcrd.DynamicClients["v1"])
}) })
ginkgo.It("Should unconditionally reject operations on fail closed webhook", func() { ginkgo.It("Should unconditionally reject operations on fail closed webhook", func() {
webhookCleanup := registerFailClosedWebhook(f, f.UniqueName, context) webhookCleanup := registerFailClosedWebhook(f, f.UniqueName, context, servicePort)
defer webhookCleanup() defer webhookCleanup()
testFailClosedWebhook(f) testFailClosedWebhook(f)
}) })
ginkgo.It("Should mutate configmap", func() { ginkgo.It("Should mutate configmap", func() {
webhookCleanup := registerMutatingWebhookForConfigMap(f, f.UniqueName, context) webhookCleanup := registerMutatingWebhookForConfigMap(f, f.UniqueName, context, servicePort)
defer webhookCleanup() defer webhookCleanup()
testMutatingConfigMapWebhook(f) testMutatingConfigMapWebhook(f)
}) })
ginkgo.It("Should mutate pod and apply defaults after mutation", func() { ginkgo.It("Should mutate pod and apply defaults after mutation", func() {
webhookCleanup := registerMutatingWebhookForPod(f, f.UniqueName, context) webhookCleanup := registerMutatingWebhookForPod(f, f.UniqueName, context, servicePort)
defer webhookCleanup() defer webhookCleanup()
testMutatingPodWebhook(f) testMutatingPodWebhook(f)
}) })
ginkgo.It("Should not be able to mutate or prevent deletion of webhook configuration objects", func() { ginkgo.It("Should not be able to mutate or prevent deletion of webhook configuration objects", func() {
validatingWebhookCleanup := registerValidatingWebhookForWebhookConfigurations(f, f.UniqueName+"blocking", context) validatingWebhookCleanup := registerValidatingWebhookForWebhookConfigurations(f, f.UniqueName+"blocking", context, servicePort)
defer validatingWebhookCleanup() defer validatingWebhookCleanup()
mutatingWebhookCleanup := registerMutatingWebhookForWebhookConfigurations(f, f.UniqueName+"blocking", context) mutatingWebhookCleanup := registerMutatingWebhookForWebhookConfigurations(f, f.UniqueName+"blocking", context, servicePort)
defer mutatingWebhookCleanup() defer mutatingWebhookCleanup()
testWebhooksForWebhookConfigurations(f, f.UniqueName) testWebhooksForWebhookConfigurations(f, f.UniqueName, servicePort)
}) })
ginkgo.It("Should mutate custom resource", func() { ginkgo.It("Should mutate custom resource", func() {
@ -170,13 +171,13 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
return return
} }
defer testcrd.CleanUp() defer testcrd.CleanUp()
webhookCleanup := registerMutatingWebhookForCustomResource(f, f.UniqueName, context, testcrd) webhookCleanup := registerMutatingWebhookForCustomResource(f, f.UniqueName, context, testcrd, servicePort)
defer webhookCleanup() defer webhookCleanup()
testMutatingCustomResourceWebhook(f, testcrd.Crd, testcrd.DynamicClients["v1"], false) testMutatingCustomResourceWebhook(f, testcrd.Crd, testcrd.DynamicClients["v1"], false)
}) })
ginkgo.It("Should deny crd creation", func() { ginkgo.It("Should deny crd creation", func() {
crdWebhookCleanup := registerValidatingWebhookForCRD(f, f.UniqueName, context) crdWebhookCleanup := registerValidatingWebhookForCRD(f, f.UniqueName, context, servicePort)
defer crdWebhookCleanup() defer crdWebhookCleanup()
testCRDDenyWebhook(f) testCRDDenyWebhook(f)
@ -188,7 +189,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
return return
} }
defer testcrd.CleanUp() defer testcrd.CleanUp()
webhookCleanup := registerMutatingWebhookForCustomResource(f, f.UniqueName, context, testcrd) webhookCleanup := registerMutatingWebhookForCustomResource(f, f.UniqueName, context, testcrd, servicePort)
defer webhookCleanup() defer webhookCleanup()
testMultiVersionCustomResourceWebhook(f, testcrd) testMultiVersionCustomResourceWebhook(f, testcrd)
}) })
@ -219,7 +220,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
return return
} }
defer testcrd.CleanUp() defer testcrd.CleanUp()
webhookCleanup := registerMutatingWebhookForCustomResource(f, f.UniqueName, context, testcrd) webhookCleanup := registerMutatingWebhookForCustomResource(f, f.UniqueName, context, testcrd, servicePort)
defer webhookCleanup() defer webhookCleanup()
testMutatingCustomResourceWebhook(f, testcrd.Crd, testcrd.DynamicClients["v1"], prune) testMutatingCustomResourceWebhook(f, testcrd.Crd, testcrd.DynamicClients["v1"], prune)
}) })
@ -229,22 +230,22 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
policyIgnore := admissionregistrationv1.Ignore policyIgnore := admissionregistrationv1.Ignore
ginkgo.By("Setting timeout (1s) shorter than webhook latency (5s)") ginkgo.By("Setting timeout (1s) shorter than webhook latency (5s)")
slowWebhookCleanup := registerSlowWebhook(f, f.UniqueName, context, &policyFail, pointer.Int32Ptr(1)) slowWebhookCleanup := registerSlowWebhook(f, f.UniqueName, context, &policyFail, pointer.Int32Ptr(1), servicePort)
testSlowWebhookTimeoutFailEarly(f) testSlowWebhookTimeoutFailEarly(f)
slowWebhookCleanup() slowWebhookCleanup()
ginkgo.By("Having no error when timeout is shorter than webhook latency and failure policy is ignore") ginkgo.By("Having no error when timeout is shorter than webhook latency and failure policy is ignore")
slowWebhookCleanup = registerSlowWebhook(f, f.UniqueName, context, &policyIgnore, pointer.Int32Ptr(1)) slowWebhookCleanup = registerSlowWebhook(f, f.UniqueName, context, &policyIgnore, pointer.Int32Ptr(1), servicePort)
testSlowWebhookTimeoutNoError(f) testSlowWebhookTimeoutNoError(f)
slowWebhookCleanup() slowWebhookCleanup()
ginkgo.By("Having no error when timeout is longer than webhook latency") ginkgo.By("Having no error when timeout is longer than webhook latency")
slowWebhookCleanup = registerSlowWebhook(f, f.UniqueName, context, &policyFail, pointer.Int32Ptr(10)) slowWebhookCleanup = registerSlowWebhook(f, f.UniqueName, context, &policyFail, pointer.Int32Ptr(10), servicePort)
testSlowWebhookTimeoutNoError(f) testSlowWebhookTimeoutNoError(f)
slowWebhookCleanup() slowWebhookCleanup()
ginkgo.By("Having no error when timeout is empty (defaulted to 10s in v1)") ginkgo.By("Having no error when timeout is empty (defaulted to 10s in v1)")
slowWebhookCleanup = registerSlowWebhook(f, f.UniqueName, context, &policyFail, nil) slowWebhookCleanup = registerSlowWebhook(f, f.UniqueName, context, &policyFail, nil, servicePort)
testSlowWebhookTimeoutNoError(f) testSlowWebhookTimeoutNoError(f)
slowWebhookCleanup() slowWebhookCleanup()
}) })
@ -259,7 +260,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
Name: f.UniqueName, Name: f.UniqueName,
}, },
Webhooks: []admissionregistrationv1.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
newDenyConfigMapWebhookFixture(f, context), newDenyConfigMapWebhookFixture(f, context, servicePort),
}, },
}) })
framework.ExpectNoError(err, "Creating validating webhook configuration") framework.ExpectNoError(err, "Creating validating webhook configuration")
@ -342,7 +343,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
Name: f.UniqueName, Name: f.UniqueName,
}, },
Webhooks: []admissionregistrationv1.MutatingWebhook{ Webhooks: []admissionregistrationv1.MutatingWebhook{
newMutateConfigMapWebhookFixture(f, context, 1), newMutateConfigMapWebhookFixture(f, context, 1, servicePort),
}, },
}) })
framework.ExpectNoError(err, "Creating mutating webhook configuration") framework.ExpectNoError(err, "Creating mutating webhook configuration")
@ -406,7 +407,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
Labels: map[string]string{"e2e-list-test-uuid": testUUID}, Labels: map[string]string{"e2e-list-test-uuid": testUUID},
}, },
Webhooks: []admissionregistrationv1.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
newDenyConfigMapWebhookFixture(f, context), newDenyConfigMapWebhookFixture(f, context, servicePort),
}, },
}) })
framework.ExpectNoError(err, "Creating validating webhook configuration") framework.ExpectNoError(err, "Creating validating webhook configuration")
@ -467,7 +468,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
Labels: map[string]string{"e2e-list-test-uuid": testUUID}, Labels: map[string]string{"e2e-list-test-uuid": testUUID},
}, },
Webhooks: []admissionregistrationv1.MutatingWebhook{ Webhooks: []admissionregistrationv1.MutatingWebhook{
newMutateConfigMapWebhookFixture(f, context, 1), newMutateConfigMapWebhookFixture(f, context, 1, servicePort),
}, },
}) })
framework.ExpectNoError(err, "Creating mutating webhook configuration") framework.ExpectNoError(err, "Creating mutating webhook configuration")
@ -553,7 +554,7 @@ func createAuthReaderRoleBinding(f *framework.Framework, namespace string) {
} }
} }
func deployWebhookAndService(f *framework.Framework, image string, context *certContext) { func deployWebhookAndService(f *framework.Framework, image string, context *certContext, servicePort int32, containerPort int32) {
ginkgo.By("Deploying the webhook pod") ginkgo.By("Deploying the webhook pod")
client := f.ClientSet client := f.ClientSet
@ -601,8 +602,11 @@ func deployWebhookAndService(f *framework.Framework, image string, context *cert
"--tls-private-key-file=/webhook.local.config/certificates/tls.key", "--tls-private-key-file=/webhook.local.config/certificates/tls.key",
"--alsologtostderr", "--alsologtostderr",
"-v=4", "-v=4",
// Use a non-default port for containers.
fmt.Sprintf("--port=%d", containerPort),
}, },
Image: image, Image: image,
Ports: []v1.ContainerPort{{ContainerPort: containerPort}},
}, },
} }
d := &appsv1.Deployment{ d := &appsv1.Deployment{
@ -653,7 +657,7 @@ func deployWebhookAndService(f *framework.Framework, image string, context *cert
{ {
Protocol: "TCP", Protocol: "TCP",
Port: servicePort, Port: servicePort,
TargetPort: intstr.FromInt(443), TargetPort: intstr.FromInt(int(containerPort)),
}, },
}, },
}, },
@ -668,13 +672,13 @@ func deployWebhookAndService(f *framework.Framework, image string, context *cert
func strPtr(s string) *string { return &s } func strPtr(s string) *string { return &s }
func registerWebhook(f *framework.Framework, configName string, context *certContext) func() { func registerWebhook(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering the webhook via the AdmissionRegistration API") ginkgo.By("Registering the webhook via the AdmissionRegistration API")
namespace := f.Namespace.Name namespace := f.Namespace.Name
// A webhook that cannot talk to server, with fail-open policy // A webhook that cannot talk to server, with fail-open policy
failOpenHook := failingWebhook(namespace, "fail-open.k8s.io") failOpenHook := failingWebhook(namespace, "fail-open.k8s.io", servicePort)
policyIgnore := admissionregistrationv1.Ignore policyIgnore := admissionregistrationv1.Ignore
failOpenHook.FailurePolicy = &policyIgnore failOpenHook.FailurePolicy = &policyIgnore
failOpenHook.NamespaceSelector = &metav1.LabelSelector{ failOpenHook.NamespaceSelector = &metav1.LabelSelector{
@ -686,8 +690,8 @@ func registerWebhook(f *framework.Framework, configName string, context *certCon
Name: configName, Name: configName,
}, },
Webhooks: []admissionregistrationv1.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
newDenyPodWebhookFixture(f, context), newDenyPodWebhookFixture(f, context, servicePort),
newDenyConfigMapWebhookFixture(f, context), newDenyConfigMapWebhookFixture(f, context, servicePort),
// Server cannot talk to this webhook, so it always fails. // Server cannot talk to this webhook, so it always fails.
// Because this webhook is configured fail-open, request should be admitted after the call fails. // Because this webhook is configured fail-open, request should be admitted after the call fails.
failOpenHook, failOpenHook,
@ -703,7 +707,7 @@ func registerWebhook(f *framework.Framework, configName string, context *certCon
} }
} }
func registerWebhookForAttachingPod(f *framework.Framework, configName string, context *certContext) func() { func registerWebhookForAttachingPod(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering the webhook via the AdmissionRegistration API") ginkgo.By("Registering the webhook via the AdmissionRegistration API")
@ -753,7 +757,7 @@ func registerWebhookForAttachingPod(f *framework.Framework, configName string, c
} }
} }
func registerMutatingWebhookForConfigMap(f *framework.Framework, configName string, context *certContext) func() { func registerMutatingWebhookForConfigMap(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering the mutating configmap webhook via the AdmissionRegistration API") ginkgo.By("Registering the mutating configmap webhook via the AdmissionRegistration API")
@ -764,8 +768,8 @@ func registerMutatingWebhookForConfigMap(f *framework.Framework, configName stri
Name: configName, Name: configName,
}, },
Webhooks: []admissionregistrationv1.MutatingWebhook{ Webhooks: []admissionregistrationv1.MutatingWebhook{
newMutateConfigMapWebhookFixture(f, context, 1), newMutateConfigMapWebhookFixture(f, context, 1, servicePort),
newMutateConfigMapWebhookFixture(f, context, 2), newMutateConfigMapWebhookFixture(f, context, 2, servicePort),
}, },
}) })
framework.ExpectNoError(err, "registering mutating webhook config %s with namespace %s", configName, namespace) framework.ExpectNoError(err, "registering mutating webhook config %s with namespace %s", configName, namespace)
@ -791,7 +795,7 @@ func testMutatingConfigMapWebhook(f *framework.Framework) {
} }
} }
func registerMutatingWebhookForPod(f *framework.Framework, configName string, context *certContext) func() { func registerMutatingWebhookForPod(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering the mutating pod webhook via the AdmissionRegistration API") ginkgo.By("Registering the mutating pod webhook via the AdmissionRegistration API")
@ -1020,7 +1024,7 @@ func testAttachingPodWebhook(f *framework.Framework) {
// failingWebhook returns a webhook with rule of create configmaps, // failingWebhook returns a webhook with rule of create configmaps,
// but with an invalid client config so that server cannot communicate with it // but with an invalid client config so that server cannot communicate with it
func failingWebhook(namespace, name string) admissionregistrationv1.ValidatingWebhook { func failingWebhook(namespace, name string, servicePort int32) admissionregistrationv1.ValidatingWebhook {
sideEffectsNone := admissionregistrationv1.SideEffectClassNone sideEffectsNone := admissionregistrationv1.SideEffectClassNone
return admissionregistrationv1.ValidatingWebhook{ return admissionregistrationv1.ValidatingWebhook{
@ -1048,13 +1052,13 @@ func failingWebhook(namespace, name string) admissionregistrationv1.ValidatingWe
} }
} }
func registerFailClosedWebhook(f *framework.Framework, configName string, context *certContext) func() { func registerFailClosedWebhook(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
ginkgo.By("Registering a webhook that server cannot talk to, with fail closed policy, via the AdmissionRegistration API") ginkgo.By("Registering a webhook that server cannot talk to, with fail closed policy, via the AdmissionRegistration API")
namespace := f.Namespace.Name namespace := f.Namespace.Name
// A webhook that cannot talk to server, with fail-closed policy // A webhook that cannot talk to server, with fail-closed policy
policyFail := admissionregistrationv1.Fail policyFail := admissionregistrationv1.Fail
hook := failingWebhook(namespace, "fail-closed.k8s.io") hook := failingWebhook(namespace, "fail-closed.k8s.io", servicePort)
hook.FailurePolicy = &policyFail hook.FailurePolicy = &policyFail
hook.NamespaceSelector = &metav1.LabelSelector{ hook.NamespaceSelector = &metav1.LabelSelector{
MatchLabels: map[string]string{f.UniqueName: "true"}, MatchLabels: map[string]string{f.UniqueName: "true"},
@ -1112,7 +1116,7 @@ func testFailClosedWebhook(f *framework.Framework) {
} }
} }
func registerValidatingWebhookForWebhookConfigurations(f *framework.Framework, configName string, context *certContext) func() { func registerValidatingWebhookForWebhookConfigurations(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
var err error var err error
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering a validating webhook on ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects, via the AdmissionRegistration API") ginkgo.By("Registering a validating webhook on ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects, via the AdmissionRegistration API")
@ -1171,7 +1175,7 @@ func registerValidatingWebhookForWebhookConfigurations(f *framework.Framework, c
} }
} }
func registerMutatingWebhookForWebhookConfigurations(f *framework.Framework, configName string, context *certContext) func() { func registerMutatingWebhookForWebhookConfigurations(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
var err error var err error
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering a mutating webhook on ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects, via the AdmissionRegistration API") ginkgo.By("Registering a mutating webhook on ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects, via the AdmissionRegistration API")
@ -1233,7 +1237,7 @@ func registerMutatingWebhookForWebhookConfigurations(f *framework.Framework, con
// This test assumes that the deletion-rejecting webhook defined in // This test assumes that the deletion-rejecting webhook defined in
// registerValidatingWebhookForWebhookConfigurations and the webhook-config-mutating // registerValidatingWebhookForWebhookConfigurations and the webhook-config-mutating
// webhook defined in registerMutatingWebhookForWebhookConfigurations already exist. // webhook defined in registerMutatingWebhookForWebhookConfigurations already exist.
func testWebhooksForWebhookConfigurations(f *framework.Framework, configName string) { func testWebhooksForWebhookConfigurations(f *framework.Framework, configName string, servicePort int32) {
var err error var err error
client := f.ClientSet client := f.ClientSet
ginkgo.By("Creating a dummy validating-webhook-configuration object") ginkgo.By("Creating a dummy validating-webhook-configuration object")
@ -1512,7 +1516,7 @@ func cleanWebhookTest(client clientset.Interface, namespaceName string) {
_ = client.RbacV1().RoleBindings("kube-system").Delete(roleBindingName, nil) _ = client.RbacV1().RoleBindings("kube-system").Delete(roleBindingName, nil)
} }
func registerWebhookForCustomResource(f *framework.Framework, configName string, context *certContext, testcrd *crd.TestCrd) func() { func registerWebhookForCustomResource(f *framework.Framework, configName string, context *certContext, testcrd *crd.TestCrd, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering the custom resource webhook via the AdmissionRegistration API") ginkgo.By("Registering the custom resource webhook via the AdmissionRegistration API")
@ -1561,7 +1565,7 @@ func registerWebhookForCustomResource(f *framework.Framework, configName string,
} }
} }
func registerMutatingWebhookForCustomResource(f *framework.Framework, configName string, context *certContext, testcrd *crd.TestCrd) func() { func registerMutatingWebhookForCustomResource(f *framework.Framework, configName string, context *certContext, testcrd *crd.TestCrd, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By(fmt.Sprintf("Registering the mutating webhook for custom resource %s via the AdmissionRegistration API", testcrd.Crd.Name)) ginkgo.By(fmt.Sprintf("Registering the mutating webhook for custom resource %s via the AdmissionRegistration API", testcrd.Crd.Name))
@ -1785,7 +1789,7 @@ func testMultiVersionCustomResourceWebhook(f *framework.Framework, testcrd *crd.
framework.ExpectNoError(err, "failed to patch custom resource %s in namespace: %s", crName, f.Namespace.Name) framework.ExpectNoError(err, "failed to patch custom resource %s in namespace: %s", crName, f.Namespace.Name)
} }
func registerValidatingWebhookForCRD(f *framework.Framework, configName string, context *certContext) func() { func registerValidatingWebhookForCRD(f *framework.Framework, configName string, context *certContext, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering the crd webhook via the AdmissionRegistration API") ginkgo.By("Registering the crd webhook via the AdmissionRegistration API")
@ -1911,7 +1915,7 @@ func labelNamespace(f *framework.Framework, namespace string) {
framework.ExpectNoError(err, "error labeling namespace %s", namespace) framework.ExpectNoError(err, "error labeling namespace %s", namespace)
} }
func registerSlowWebhook(f *framework.Framework, configName string, context *certContext, policy *admissionregistrationv1.FailurePolicyType, timeout *int32) func() { func registerSlowWebhook(f *framework.Framework, configName string, context *certContext, policy *admissionregistrationv1.FailurePolicyType, timeout *int32, servicePort int32) func() {
client := f.ClientSet client := f.ClientSet
ginkgo.By("Registering slow webhook via the AdmissionRegistration API") ginkgo.By("Registering slow webhook via the AdmissionRegistration API")
@ -2060,7 +2064,7 @@ func createMutatingWebhookConfiguration(f *framework.Framework, config *admissio
return f.ClientSet.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(config) return f.ClientSet.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(config)
} }
func newDenyPodWebhookFixture(f *framework.Framework, context *certContext) admissionregistrationv1.ValidatingWebhook { func newDenyPodWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.ValidatingWebhook {
sideEffectsNone := admissionregistrationv1.SideEffectClassNone sideEffectsNone := admissionregistrationv1.SideEffectClassNone
return admissionregistrationv1.ValidatingWebhook{ return admissionregistrationv1.ValidatingWebhook{
Name: "deny-unwanted-pod-container-name-and-label.k8s.io", Name: "deny-unwanted-pod-container-name-and-label.k8s.io",
@ -2090,7 +2094,7 @@ func newDenyPodWebhookFixture(f *framework.Framework, context *certContext) admi
} }
} }
func newDenyConfigMapWebhookFixture(f *framework.Framework, context *certContext) admissionregistrationv1.ValidatingWebhook { func newDenyConfigMapWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.ValidatingWebhook {
sideEffectsNone := admissionregistrationv1.SideEffectClassNone sideEffectsNone := admissionregistrationv1.SideEffectClassNone
return admissionregistrationv1.ValidatingWebhook{ return admissionregistrationv1.ValidatingWebhook{
Name: "deny-unwanted-configmap-data.k8s.io", Name: "deny-unwanted-configmap-data.k8s.io",
@ -2127,7 +2131,7 @@ func newDenyConfigMapWebhookFixture(f *framework.Framework, context *certContext
} }
} }
func newMutateConfigMapWebhookFixture(f *framework.Framework, context *certContext, stage int) admissionregistrationv1.MutatingWebhook { func newMutateConfigMapWebhookFixture(f *framework.Framework, context *certContext, stage int, servicePort int32) admissionregistrationv1.MutatingWebhook {
sideEffectsNone := admissionregistrationv1.SideEffectClassNone sideEffectsNone := admissionregistrationv1.SideEffectClassNone
return admissionregistrationv1.MutatingWebhook{ return admissionregistrationv1.MutatingWebhook{
Name: fmt.Sprintf("adding-configmap-data-stage-%d.k8s.io", stage), Name: fmt.Sprintf("adding-configmap-data-stage-%d.k8s.io", stage),