Merge pull request #3838 from wallrj/3289-stable-api-versions
Update cainjector to use stable API versions
This commit is contained in:
jetstack-bot
GitHub
commit
e7333df106
@ -16,14 +16,14 @@ go_library(
|
||||
"//pkg/apis/certmanager/v1alpha3:go_default_library",
|
||||
"//pkg/apis/certmanager/v1beta1:go_default_library",
|
||||
"//pkg/apis/meta/v1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1beta1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/runtime:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/runtime/schema:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/runtime/serializer:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/util/runtime:go_default_library",
|
||||
"@io_k8s_client_go//kubernetes/scheme:go_default_library",
|
||||
"@io_k8s_kube_aggregator//pkg/apis/apiregistration/v1beta1:go_default_library",
|
||||
"@io_k8s_kube_aggregator//pkg/apis/apiregistration/v1:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
@ -17,14 +17,14 @@ limitations under the License.
|
||||
package api
|
||||
|
||||
import (
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
kscheme "k8s.io/client-go/kubernetes/scheme"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
|
||||
|
||||
whapi "github.com/jetstack/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
|
||||
cmacmev1 "github.com/jetstack/cert-manager/pkg/apis/acme/v1"
|
||||
|
||||
@ -16,15 +16,15 @@ go_library(
|
||||
"//pkg/apis/meta/v1:go_default_library",
|
||||
"//pkg/logs:go_default_library",
|
||||
"@com_github_go_logr_logr//:go_default_library",
|
||||
"@io_k8s_api//admissionregistration/v1beta1:go_default_library",
|
||||
"@io_k8s_api//admissionregistration/v1:go_default_library",
|
||||
"@io_k8s_api//core/v1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1beta1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/api/errors:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/api/meta:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/runtime:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/types:go_default_library",
|
||||
"@io_k8s_kube_aggregator//pkg/apis/apiregistration/v1beta1:go_default_library",
|
||||
"@io_k8s_kube_aggregator//pkg/apis/apiregistration/v1:go_default_library",
|
||||
"@io_k8s_sigs_controller_runtime//:go_default_library",
|
||||
"@io_k8s_sigs_controller_runtime//pkg/cache:go_default_library",
|
||||
"@io_k8s_sigs_controller_runtime//pkg/client:go_default_library",
|
||||
|
||||
@ -17,10 +17,10 @@ limitations under the License.
|
||||
package cainjector
|
||||
|
||||
import (
|
||||
admissionreg "k8s.io/api/admissionregistration/v1beta1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
|
||||
admissionreg "k8s.io/api/admissionregistration/v1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
|
||||
)
|
||||
|
||||
// this contains implementations of CertInjector (and dependents)
|
||||
@ -132,8 +132,11 @@ func (t *crdConversionTarget) SetCA(data []byte) {
|
||||
if t.obj.Spec.Conversion == nil || t.obj.Spec.Conversion.Strategy != apiext.WebhookConverter {
|
||||
return
|
||||
}
|
||||
if t.obj.Spec.Conversion.WebhookClientConfig == nil {
|
||||
t.obj.Spec.Conversion.WebhookClientConfig = &apiext.WebhookClientConfig{}
|
||||
if t.obj.Spec.Conversion.Webhook == nil {
|
||||
t.obj.Spec.Conversion.Webhook = &apiext.WebhookConversion{}
|
||||
}
|
||||
t.obj.Spec.Conversion.WebhookClientConfig.CABundle = data
|
||||
if t.obj.Spec.Conversion.Webhook.ClientConfig == nil {
|
||||
t.obj.Spec.Conversion.Webhook.ClientConfig = &apiext.WebhookClientConfig{}
|
||||
}
|
||||
t.obj.Spec.Conversion.Webhook.ClientConfig.CABundle = data
|
||||
}
|
||||
|
||||
@ -24,11 +24,11 @@ import (
|
||||
logf "github.com/jetstack/cert-manager/pkg/logs"
|
||||
"golang.org/x/sync/errgroup"
|
||||
|
||||
admissionreg "k8s.io/api/admissionregistration/v1beta1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
|
||||
admissionreg "k8s.io/api/admissionregistration/v1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
"k8s.io/apimachinery/pkg/api/meta"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
|
||||
ctrl "sigs.k8s.io/controller-runtime"
|
||||
"sigs.k8s.io/controller-runtime/pkg/cache"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
|
||||
@ -27,7 +27,7 @@ go_library(
|
||||
"@io_k8s_api//authorization/v1:go_default_library",
|
||||
"@io_k8s_api//core/v1:go_default_library",
|
||||
"@io_k8s_api//rbac/v1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1beta1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/client/clientset/clientset:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/api/errors:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/api/resource:go_default_library",
|
||||
@ -37,7 +37,7 @@ go_library(
|
||||
"@io_k8s_client_go//kubernetes:go_default_library",
|
||||
"@io_k8s_client_go//kubernetes/scheme:go_default_library",
|
||||
"@io_k8s_client_go//rest:go_default_library",
|
||||
"@io_k8s_kube_aggregator//pkg/apis/apiregistration/v1beta1:go_default_library",
|
||||
"@io_k8s_kube_aggregator//pkg/apis/apiregistration/v1:go_default_library",
|
||||
"@io_k8s_sigs_controller_runtime//pkg/client:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -24,14 +24,14 @@ import (
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
api "k8s.io/api/core/v1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
apiextcs "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
kscheme "k8s.io/client-go/kubernetes/scheme"
|
||||
"k8s.io/client-go/rest"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
|
||||
crclient "sigs.k8s.io/controller-runtime/pkg/client"
|
||||
|
||||
v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
|
||||
|
||||
@ -12,12 +12,13 @@ go_library(
|
||||
"//test/e2e/util:go_default_library",
|
||||
"@com_github_onsi_ginkgo//:go_default_library",
|
||||
"@com_github_onsi_gomega//:go_default_library",
|
||||
"@io_k8s_api//admissionregistration/v1beta1:go_default_library",
|
||||
"@io_k8s_api//admissionregistration/v1:go_default_library",
|
||||
"@io_k8s_api//core/v1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1beta1:go_default_library",
|
||||
"@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/runtime:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/types:go_default_library",
|
||||
"@io_k8s_kube_aggregator//pkg/apis/apiregistration/v1:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
@ -23,16 +23,18 @@ import (
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
admissionreg "k8s.io/api/admissionregistration/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
apireg "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
|
||||
|
||||
certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
|
||||
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
|
||||
"github.com/jetstack/cert-manager/test/e2e/framework"
|
||||
"github.com/jetstack/cert-manager/test/e2e/util"
|
||||
admissionreg "k8s.io/api/admissionregistration/v1beta1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
)
|
||||
|
||||
type injectableTest struct {
|
||||
@ -155,7 +157,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
By("changing the name of the corresponding secret in the cert")
|
||||
secretName := types.NamespacedName{Name: cert.Spec.SecretName, Namespace: f.Namespace.Name}
|
||||
cert.Spec.DNSNames = append(cert.Spec.DNSNames, "something.com")
|
||||
Expect(f.CRClient.Update(context.Background(), &cert)).To(Succeed())
|
||||
Eventually(func() error { return f.CRClient.Update(context.Background(), &cert) }, "10s", "2s").Should(Succeed())
|
||||
|
||||
By("grabbing the new secret")
|
||||
var secret corev1.Secret
|
||||
@ -304,6 +306,8 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
})
|
||||
}
|
||||
|
||||
sideEffectsNone := admissionreg.SideEffectClassNone
|
||||
|
||||
injectorContext("validating webhook", &injectableTest{
|
||||
makeInjectable: func(namePrefix string) runtime.Object {
|
||||
someURL := "https://localhost:8675"
|
||||
@ -320,6 +324,8 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
ClientConfig: admissionreg.WebhookClientConfig{
|
||||
URL: &someURL,
|
||||
},
|
||||
SideEffects: &sideEffectsNone,
|
||||
AdmissionReviewVersions: []string{"v1beta1"},
|
||||
},
|
||||
{
|
||||
Name: "hook2.fake.k8s.io",
|
||||
@ -329,6 +335,8 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
Namespace: f.Namespace.Name,
|
||||
},
|
||||
},
|
||||
SideEffects: &sideEffectsNone,
|
||||
AdmissionReviewVersions: []string{"v1beta1"},
|
||||
},
|
||||
},
|
||||
}
|
||||
@ -359,6 +367,8 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
ClientConfig: admissionreg.WebhookClientConfig{
|
||||
URL: &someURL,
|
||||
},
|
||||
SideEffects: &sideEffectsNone,
|
||||
AdmissionReviewVersions: []string{"v1beta1"},
|
||||
},
|
||||
{
|
||||
Name: "hook2.fake.k8s.io",
|
||||
@ -368,6 +378,8 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
Namespace: f.Namespace.Name,
|
||||
},
|
||||
},
|
||||
SideEffects: &sideEffectsNone,
|
||||
AdmissionReviewVersions: []string{"v1beta1"},
|
||||
},
|
||||
},
|
||||
}
|
||||
@ -395,12 +407,18 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
},
|
||||
},
|
||||
Spec: apiext.CustomResourceDefinitionSpec{
|
||||
Group: namePrefix + ".testing.cert-manager.io",
|
||||
Version: "v1",
|
||||
Group: namePrefix + ".testing.cert-manager.io",
|
||||
Versions: []apiext.CustomResourceDefinitionVersion{
|
||||
{
|
||||
Name: "v1",
|
||||
},
|
||||
},
|
||||
Conversion: &apiext.CustomResourceConversion{
|
||||
Strategy: apiext.WebhookConverter,
|
||||
WebhookClientConfig: &apiext.WebhookClientConfig{
|
||||
URL: &someURL,
|
||||
Webhook: &apiext.WebhookConversion{
|
||||
ClientConfig: &apiext.WebhookClientConfig{
|
||||
URL: &someURL,
|
||||
},
|
||||
},
|
||||
},
|
||||
Names: apiext.CustomResourceDefinitionNames{
|
||||
@ -412,46 +430,38 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
|
||||
},
|
||||
getCAs: func(obj runtime.Object) [][]byte {
|
||||
crd := obj.(*apiext.CustomResourceDefinition)
|
||||
if crd.Spec.Conversion == nil || crd.Spec.Conversion.WebhookClientConfig == nil {
|
||||
if crd.Spec.Conversion == nil || crd.Spec.Conversion.Webhook == nil || crd.Spec.Conversion.Webhook.ClientConfig == nil {
|
||||
return nil
|
||||
}
|
||||
return [][]byte{crd.Spec.Conversion.WebhookClientConfig.CABundle}
|
||||
return [][]byte{crd.Spec.Conversion.Webhook.ClientConfig.CABundle}
|
||||
},
|
||||
disabled: "ConversionWebhook feature not yet enabled on test infra",
|
||||
})
|
||||
|
||||
// TODO: re-enable this test.
|
||||
// This test has been disabled in order to reduce flakes on e2e tests
|
||||
// (hitting around 70% failure rate). This is because when running this test
|
||||
// will cause tiller install to fail, therefore making other tests to fail
|
||||
// when running bother at the same time. We should find a way to make this test run in serial.
|
||||
// https://github.com/jetstack/cert-manager/issues/2353
|
||||
// https://github.com/jetstack/cert-manager/issues/2354
|
||||
//injectorContext("api service", &injectableTest{
|
||||
// makeInjectable: func(namePrefix string) runtime.Object {
|
||||
// return &apireg.APIService{
|
||||
// ObjectMeta: metav1.ObjectMeta{
|
||||
// Name: "corev1." + namePrefix + ".testing.cert-manager.io",
|
||||
// Annotations: map[string]string{
|
||||
// certmanager.WantInjectAnnotation: types.NamespacedName{Name: "serving-certs", Namespace: f.Namespace.Name}.String(),
|
||||
// },
|
||||
// },
|
||||
// Spec: apireg.APIServiceSpec{
|
||||
// Service: &apireg.ServiceReference{
|
||||
// Name: "does-not-exit",
|
||||
// Namespace: "default",
|
||||
// },
|
||||
// Group: namePrefix + ".testing.cert-manager.io",
|
||||
// Version: "v1",
|
||||
// GroupPriorityMinimum: 1,
|
||||
// VersionPriority: 1,
|
||||
// },
|
||||
// }
|
||||
// },
|
||||
// getCAs: func(obj runtime.Object) [][]byte {
|
||||
// apiSvc := obj.(*apireg.APIService)
|
||||
// return [][]byte{apiSvc.Spec.CABundle}
|
||||
// },
|
||||
//})
|
||||
|
||||
injectorContext("api service", &injectableTest{
|
||||
makeInjectable: func(namePrefix string) runtime.Object {
|
||||
return &apireg.APIService{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "v1." + namePrefix + ".testing.cert-manager.io",
|
||||
Annotations: map[string]string{
|
||||
certmanager.WantInjectAnnotation: types.NamespacedName{Name: "serving-certs", Namespace: f.Namespace.Name}.String(),
|
||||
},
|
||||
},
|
||||
Spec: apireg.APIServiceSpec{
|
||||
Service: &apireg.ServiceReference{
|
||||
Name: "does-not-exit",
|
||||
Namespace: "default",
|
||||
},
|
||||
Group: namePrefix + ".testing.cert-manager.io",
|
||||
Version: "v1",
|
||||
GroupPriorityMinimum: 1,
|
||||
VersionPriority: 1,
|
||||
},
|
||||
}
|
||||
},
|
||||
getCAs: func(obj runtime.Object) [][]byte {
|
||||
apiSvc := obj.(*apireg.APIService)
|
||||
return [][]byte{apiSvc.Spec.CABundle}
|
||||
},
|
||||
})
|
||||
})
|
||||
|
||||
Loading…
Reference in New Issue
Block a user