Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-1.6] 🌱 Use manager in test extension #10106

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ help: # Display this help

##@ generate:

ALL_GENERATE_MODULES = core kubeadm-bootstrap kubeadm-control-plane docker-infrastructure in-memory-infrastructure
ALL_GENERATE_MODULES = core kubeadm-bootstrap kubeadm-control-plane docker-infrastructure in-memory-infrastructure test-extension

.PHONY: generate
generate: ## Run all generate-manifests-*, generate-go-deepcopy-*, generate-go-conversions-* and generate-go-openapi targets
Expand Down Expand Up @@ -365,6 +365,13 @@ generate-manifests-in-memory-infrastructure: $(CONTROLLER_GEN) ## Generate manif
output:webhook:dir=./config/webhook \
webhook

.PHONY: generate-manifests-test-extension
generate-manifests-test-extension: $(CONTROLLER_GEN) ## Generate manifests e.g. RBAC for test-extension provider
cd ./test/extension; $(CONTROLLER_GEN) \
paths=./... \
output:rbac:dir=./config/rbac \
rbac:roleName=manager-role

.PHONY: generate-go-deepcopy
generate-go-deepcopy: ## Run all generate-go-deepcopy-* targets
$(MAKE) $(addprefix generate-go-deepcopy-,$(ALL_GENERATE_MODULES))
Expand Down Expand Up @@ -415,6 +422,9 @@ generate-go-deepcopy-in-memory-infrastructure: $(CONTROLLER_GEN) ## Generate dee
paths=./api/... \
paths=./internal/cloud/api/...

.PHONY: generate-go-deepcopy-test-extension
generate-go-deepcopy-test-extension: $(CONTROLLER_GEN) ## Generate deepcopy go code for test-extension

.PHONY: generate-go-conversions
generate-go-conversions: ## Run all generate-go-conversions-* targets
$(MAKE) $(addprefix generate-go-conversions-,$(ALL_GENERATE_MODULES))
Expand Down Expand Up @@ -505,6 +515,9 @@ generate-go-conversions-docker-infrastructure: $(CONVERSION_GEN) ## Generate con
generate-go-conversions-in-memory-infrastructure: $(CONVERSION_GEN) ## Generate conversions go code for in-memory infrastructure provider
cd $(CAPIM_DIR)

.PHONY: generate-go-conversions-test-extension
generate-go-conversions-test-extension: $(CONVERSION_GEN) ## Generate conversions go code for in-memory infrastructure provider

# The tmp/sigs.k8s.io/cluster-api symlink is a workaround to make this target run outside of GOPATH
.PHONY: generate-go-openapi
generate-go-openapi: $(OPENAPI_GEN) $(CONTROLLER_GEN) ## Generate openapi go code for runtime SDK
Expand Down
30 changes: 16 additions & 14 deletions exp/runtime/server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ var DefaultPort = 9443

// Server is a runtime webhook server.
type Server struct {
webhook.Server
catalog *runtimecatalog.Catalog
server webhook.Server
handlers map[string]ExtensionHandler
}

Expand All @@ -53,20 +53,26 @@ type Options struct {
// Catalog is the catalog used to handle requests.
Catalog *runtimecatalog.Catalog

// Port is the port that the webhook server serves at.
// It is used to set webhook.Server.Port.
Port int

// Host is the hostname that the webhook server binds to.
// Host is the address that the server will listen on.
// Defaults to "" - all addresses.
// It is used to set webhook.Server.Host.
Host string

// Port is the port number that the server will serve.
// It will be defaulted to 9443 if unspecified.
// It is used to set webhook.Server.Port.
Port int

// CertDir is the directory that contains the server key and certificate.
// If not set, webhook server would look up the server key and certificate in
// {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
// must be named tls.key and tls.crt, respectively.
// It is used to set webhook.Server.CertDir.
CertDir string

// TLSOpts is used to allow configuring the TLS config used for the server.
// This also allows providing a certificate via GetCertificate.
TLSOpts []func(*tls.Config)
}

// New creates a new runtime webhook server based on the given Options.
Expand All @@ -88,18 +94,14 @@ func New(options Options) (*Server, error) {
CertDir: options.CertDir,
CertName: "tls.crt",
KeyName: "tls.key",
TLSOpts: options.TLSOpts,
WebhookMux: http.NewServeMux(),
TLSOpts: []func(*tls.Config){
func(cfg *tls.Config) {
cfg.MinVersion = tls.VersionTLS13
},
},
},
)

return &Server{
Server: webhookServer,
catalog: options.Catalog,
server: webhookServer,
handlers: map[string]ExtensionHandler{},
}, nil
}
Expand Down Expand Up @@ -232,10 +234,10 @@ func (s *Server) Start(ctx context.Context) error {
handler := h

wrappedHandler := s.wrapHandler(handler)
s.server.Register(handlerPath, http.HandlerFunc(wrappedHandler))
s.Server.Register(handlerPath, http.HandlerFunc(wrappedHandler))
}

return s.server.Start(ctx)
return s.Server.Start(ctx)
}

// discoveryHandler generates a discovery handler based on a list of handlers.
Expand Down
3 changes: 3 additions & 0 deletions test/e2e/config/docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,9 @@ providers:
versions:
- name: v1.6.99 # next; use manifest from source files
value: ../../../test/extension/config/default
replacements:
- old: "--leader-elect"
new: "--leader-elect\n - --logging-format=json"
files:
- sourcePath: "../data/shared/main/metadata.yaml"

Expand Down
5 changes: 1 addition & 4 deletions test/extension/config/default/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,10 @@ resources:
- namespace.yaml
- manager.yaml
- service.yaml
- service_account.yaml
# Note: resources specific of the CAPI test-extension, other Runtime extensions provider might want to drop this
- role.yaml
- rolebinding.yaml

bases:
- ../certmanager
- ../rbac

patchesStrategicMerge:
# Enable webhook with corresponding certificate mount.
Expand Down
24 changes: 23 additions & 1 deletion test/extension/config/default/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: manager
name: controller-manager
namespace: system
labels:
app: test-extension-manager
spec:
selector:
matchLabels:
Expand All @@ -16,8 +19,27 @@ spec:
containers:
- command:
- /manager
args:
- "--leader-elect"
- "--diagnostics-address=${CAPI_DIAGNOSTICS_ADDRESS:=:8443}"
- "--insecure-diagnostics=${CAPI_INSECURE_DIAGNOSTICS:=false}"
image: controller:latest
name: manager
ports:
- containerPort: 9440
name: healthz
protocol: TCP
- containerPort: 8443
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
livenessProbe:
httpGet:
path: /healthz
port: healthz
securityContext:
allowPrivilegeEscalation: false
capabilities:
Expand Down
3 changes: 2 additions & 1 deletion test/extension/config/default/manager_image_patch.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: manager
name: controller-manager
namespace: system
spec:
template:
spec:
Expand Down
3 changes: 2 additions & 1 deletion test/extension/config/default/manager_pull_policy.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: manager
name: controller-manager
namespace: system
spec:
template:
spec:
Expand Down
3 changes: 2 additions & 1 deletion test/extension/config/default/manager_webhook_patch.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: manager
name: controller-manager
namespace: system
spec:
template:
spec:
Expand Down
18 changes: 0 additions & 18 deletions test/extension/config/default/role.yaml

This file was deleted.

8 changes: 8 additions & 0 deletions test/extension/config/rbac/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- leader_election_role.yaml
- leader_election_role_binding.yaml
- role.yaml
- role_binding.yaml
- service_account.yaml
25 changes: 25 additions & 0 deletions test/extension/config/rbac/leader_election_role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@

# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
12 changes: 12 additions & 0 deletions test/extension/config/rbac/leader_election_role_binding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: manager
namespace: system
29 changes: 29 additions & 0 deletions test/extension/config/rbac/role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: manager
- kind: ServiceAccount
name: manager
namespace: system
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: manager
namespace: system
2 changes: 2 additions & 0 deletions test/extension/handlers/topologymutation/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ var (
cgroupDriverPatchVersionCeiling = semver.Version{Major: 1, Minor: 24}
)

// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;patch;update;create

// ExtensionHandlers provides a common struct shared across the topology mutation hooks handlers;
// this is convenient because in Cluster API's E2E tests all of them are using a decoder for working with typed
// API objects, which makes code easier to read and less error prone than using unstructured or working with raw json/yaml.
Expand Down
Loading
Loading