github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

hardens TestAggregatedAPIServer

Browse Source 
Since ClientCAs are provided by "client-ca::kube-system::extension-apiserver-authentication::client-ca-file" controller
we need to wait until it picks up the configmap (via a lister) before checking the CAs otherwise the response might contain an empty result.
This commit is contained in:
Lukasz Szaszkiewicz 2022-05-24 16:38:18 +02:00
parent fdb2d54475
commit c4e337c57c
1 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
test/integration/examples/apiserver_test.go
View File

@ -130,7 +130,7 @@ func TestAggregatedAPIServer(t *testing.T) {
} }
// wait for the unavailable API service to be processed with updated status // wait for the unavailable API service to be processed with updated status
err = wait.Poll(100*time.Millisecond, 5*time.Second, func() (done bool, err error) { err = wait.Poll(1*time.Second, wait.ForeverTestTimeout, func() (done bool, err error) {
_, _, err = kubeClient.Discovery().ServerGroupsAndResources() _, _, err = kubeClient.Discovery().ServerGroupsAndResources()
hasExpectedError := checkWardleUnavailableDiscoveryError(t, err) hasExpectedError := checkWardleUnavailableDiscoveryError(t, err)
return hasExpectedError, nil return hasExpectedError, nil
@ -140,17 +140,37 @@ func TestAggregatedAPIServer(t *testing.T) {
} }
// TODO figure out how to turn on enough of services and dns to run more // TODO figure out how to turn on enough of services and dns to run more
// Since ClientCAs are provided by "client-ca::kube-system::extension-apiserver-authentication::client-ca-file" controller
// we need to wait until it picks up the configmap (via a lister) otherwise the response might contain an empty result.
// The following code waits up to ForeverTestTimeout seconds for ClientCA to show up otherwise it fails
// maybe in the future this could be wired into the /readyz EP
// Now we want to verify that the client CA bundles properly reflect the values for the cluster-authentication // Now we want to verify that the client CA bundles properly reflect the values for the cluster-authentication
firstKubeCANames, err := cert.GetClientCANamesForURL(kubeClientConfig.Host) var firstKubeCANames []string
err = wait.Poll(1*time.Second, wait.ForeverTestTimeout, func() (done bool, err error) {
firstKubeCANames, err = cert.GetClientCANamesForURL(kubeClientConfig.Host)
if err != nil {
return false, err
}
return len(firstKubeCANames) != 0, nil
})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
t.Log(firstKubeCANames) t.Log(firstKubeCANames)
firstWardleCANames, err := cert.GetClientCANamesForURL(directWardleClientConfig.Host) var firstWardleCANames []string
err = wait.Poll(1*time.Second, wait.ForeverTestTimeout, func() (done bool, err error) {
firstWardleCANames, err = cert.GetClientCANamesForURL(directWardleClientConfig.Host)
if err != nil {
return false, err
}
return len(firstWardleCANames) != 0, nil
})
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
t.Log(firstWardleCANames) t.Log(firstWardleCANames)
// Now we want to verify that the client CA bundles properly reflect the values for the cluster-authentication
if !reflect.DeepEqual(firstKubeCANames, firstWardleCANames) { if !reflect.DeepEqual(firstKubeCANames, firstWardleCANames) {
t.Fatal("names don't match") t.Fatal("names don't match")
} }