mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #102089 from ardaguclu/test-node-authn-ipv6-formating
Add Node IP IPv6 formatting in NodeAuthenticator tests
This commit is contained in:
commit
fed3a4520d
@ -19,6 +19,8 @@ package auth
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
v1 "k8s.io/api/core/v1"
|
v1 "k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
@ -60,7 +62,8 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
|
|||||||
pod := createNodeAuthTestPod(f)
|
pod := createNodeAuthTestPod(f)
|
||||||
for _, nodeIP := range nodeIPs {
|
for _, nodeIP := range nodeIPs {
|
||||||
// Anonymous authentication is disabled by default
|
// Anonymous authentication is disabled by default
|
||||||
result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s:%v/metrics", "%{http_code}", nodeIP, ports.KubeletPort))
|
host := net.JoinHostPort(nodeIP, strconv.Itoa(ports.KubeletPort))
|
||||||
|
result := framework.RunHostCmdOrDie(ns, pod.Name, fmt.Sprintf("curl -sIk -o /dev/null -w '%s' https://%s/metrics", "%{http_code}", host))
|
||||||
gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials")
|
gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet's main port 10250 should reject requests with no credentials")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
@ -81,12 +84,13 @@ var _ = SIGDescribe("[Feature:NodeAuthenticator]", func() {
|
|||||||
pod := createNodeAuthTestPod(f)
|
pod := createNodeAuthTestPod(f)
|
||||||
|
|
||||||
for _, nodeIP := range nodeIPs {
|
for _, nodeIP := range nodeIPs {
|
||||||
|
host := net.JoinHostPort(nodeIP, strconv.Itoa(ports.KubeletPort))
|
||||||
result := framework.RunHostCmdOrDie(ns,
|
result := framework.RunHostCmdOrDie(ns,
|
||||||
pod.Name,
|
pod.Name,
|
||||||
fmt.Sprintf("curl -sIk -o /dev/null -w '%s' --header \"Authorization: Bearer `%s`\" https://%s:%v/metrics",
|
fmt.Sprintf("curl -sIk -o /dev/null -w '%s' --header \"Authorization: Bearer `%s`\" https://%s/metrics",
|
||||||
"%{http_code}",
|
"%{http_code}",
|
||||||
"cat /var/run/secrets/kubernetes.io/serviceaccount/token",
|
"cat /var/run/secrets/kubernetes.io/serviceaccount/token",
|
||||||
nodeIP, ports.KubeletPort))
|
host))
|
||||||
gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server")
|
gomega.Expect(result).To(gomega.Or(gomega.Equal("401"), gomega.Equal("403")), "the kubelet can delegate ServiceAccount tokens to the API server")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
Loading…
Reference in New Issue
Block a user