diff --git a/Makefile b/Makefile index 55d2e4f..18c5f58 100644 --- a/Makefile +++ b/Makefile @@ -447,8 +447,8 @@ crd-schema-check: manifests # before deploying with OLM again for other untrappable signals. SKIP_CERT ?=false .PHONY: run-with-webhook -run-with-webhook: export METRICS_PORT?=8080 -run-with-webhook: export HEALTH_PORT?=8081 +run-with-webhook: export METRICS_PORT?=33080 +run-with-webhook: export HEALTH_PORT?=33081 run-with-webhook: manifests generate fmt vet ## Run a controller from your host. /bin/bash hack/clean_local_webhook.sh /bin/bash hack/run_with_local_webhook.sh diff --git a/api/v1beta1/common_webhook.go b/api/v1beta1/common_webhook.go new file mode 100644 index 0000000..01fcc55 --- /dev/null +++ b/api/v1beta1/common_webhook.go @@ -0,0 +1,25 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ctrl "sigs.k8s.io/controller-runtime" + +func (r *Watcher) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(r). + Complete() +} diff --git a/api/v1beta1/watcher_webhook.go b/api/v1beta1/watcher_webhook.go index 51384d2..76ed051 100644 --- a/api/v1beta1/watcher_webhook.go +++ b/api/v1beta1/watcher_webhook.go @@ -18,22 +18,14 @@ package v1beta1 import ( "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) // log is for logging in this package. var watcherlog = logf.Log.WithName("watcher-resource") -func (r *Watcher) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(r). - Complete() -} - -// TODO(user): EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! - //+kubebuilder:webhook:path=/mutate-watcher-openstack-org-v1beta1-watcher,mutating=true,failurePolicy=fail,sideEffects=None,groups=watcher.openstack.org,resources=watchers,verbs=create;update,versions=v1beta1,name=mwatcher.kb.io,admissionReviewVersions=v1 var _ webhook.Defaulter = &Watcher{} @@ -42,34 +34,29 @@ var _ webhook.Defaulter = &Watcher{} func (r *Watcher) Default() { watcherlog.Info("default", "name", r.Name) - // TODO(user): fill in your defaulting logic. } -// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-watcher-openstack-org-v1beta1-watcher,mutating=false,failurePolicy=fail,sideEffects=None,groups=watcher.openstack.org,resources=watchers,verbs=create;update,versions=v1beta1,name=vwatcher.kb.io,admissionReviewVersions=v1 var _ webhook.Validator = &Watcher{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *Watcher) ValidateCreate() error { +func (r *Watcher) ValidateCreate() (admission.Warnings, error) { watcherlog.Info("validate create", "name", r.Name) - // TODO(user): fill in your validation logic upon object creation. - return nil + return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *Watcher) ValidateUpdate(old runtime.Object) error { +func (r *Watcher) ValidateUpdate(runtime.Object) (admission.Warnings, error) { watcherlog.Info("validate update", "name", r.Name) - // TODO(user): fill in your validation logic upon object update. - return nil + return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *Watcher) ValidateDelete() error { +func (r *Watcher) ValidateDelete() (admission.Warnings, error) { watcherlog.Info("validate delete", "name", r.Name) - // TODO(user): fill in your validation logic upon object deletion. - return nil + return nil, nil } diff --git a/api/v1beta1/watcherapi_webhook.go b/api/v1beta1/watcherapi_webhook.go index 73e5505..772dddb 100644 --- a/api/v1beta1/watcherapi_webhook.go +++ b/api/v1beta1/watcherapi_webhook.go @@ -21,6 +21,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) // log is for logging in this package. @@ -51,25 +52,25 @@ func (r *WatcherAPI) Default() { var _ webhook.Validator = &WatcherAPI{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherAPI) ValidateCreate() error { +func (r *WatcherAPI) ValidateCreate() (admission.Warnings, error) { watcherapilog.Info("validate create", "name", r.Name) // TODO(user): fill in your validation logic upon object creation. - return nil + return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherAPI) ValidateUpdate(old runtime.Object) error { +func (r *WatcherAPI) ValidateUpdate(runtime.Object) (admission.Warnings, error) { watcherapilog.Info("validate update", "name", r.Name) // TODO(user): fill in your validation logic upon object update. - return nil + return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherAPI) ValidateDelete() error { +func (r *WatcherAPI) ValidateDelete() (admission.Warnings, error) { watcherapilog.Info("validate delete", "name", r.Name) // TODO(user): fill in your validation logic upon object deletion. - return nil + return nil, nil } diff --git a/api/v1beta1/watcherapplier_webhook.go b/api/v1beta1/watcherapplier_webhook.go index e26a2ac..70c79fb 100644 --- a/api/v1beta1/watcherapplier_webhook.go +++ b/api/v1beta1/watcherapplier_webhook.go @@ -21,6 +21,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) // log is for logging in this package. @@ -51,25 +52,25 @@ func (r *WatcherApplier) Default() { var _ webhook.Validator = &WatcherApplier{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherApplier) ValidateCreate() error { +func (r *WatcherApplier) ValidateCreate() (admission.Warnings, error) { watcherapplierlog.Info("validate create", "name", r.Name) // TODO(user): fill in your validation logic upon object creation. - return nil + return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherApplier) ValidateUpdate(old runtime.Object) error { +func (r *WatcherApplier) ValidateUpdate(runtime.Object) (admission.Warnings, error) { watcherapplierlog.Info("validate update", "name", r.Name) // TODO(user): fill in your validation logic upon object update. - return nil + return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherApplier) ValidateDelete() error { +func (r *WatcherApplier) ValidateDelete() (admission.Warnings, error) { watcherapplierlog.Info("validate delete", "name", r.Name) // TODO(user): fill in your validation logic upon object deletion. - return nil + return nil, nil } diff --git a/api/v1beta1/watcherdecisionengine_webhook.go b/api/v1beta1/watcherdecisionengine_webhook.go index f92fb0f..825988e 100644 --- a/api/v1beta1/watcherdecisionengine_webhook.go +++ b/api/v1beta1/watcherdecisionengine_webhook.go @@ -21,6 +21,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) // log is for logging in this package. @@ -51,25 +52,25 @@ func (r *WatcherDecisionEngine) Default() { var _ webhook.Validator = &WatcherDecisionEngine{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherDecisionEngine) ValidateCreate() error { +func (r *WatcherDecisionEngine) ValidateCreate() (admission.Warnings, error) { watcherdecisionenginelog.Info("validate create", "name", r.Name) // TODO(user): fill in your validation logic upon object creation. - return nil + return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherDecisionEngine) ValidateUpdate(old runtime.Object) error { +func (r *WatcherDecisionEngine) ValidateUpdate(runtime.Object) (admission.Warnings, error) { watcherdecisionenginelog.Info("validate update", "name", r.Name) // TODO(user): fill in your validation logic upon object update. - return nil + return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *WatcherDecisionEngine) ValidateDelete() error { +func (r *WatcherDecisionEngine) ValidateDelete() (admission.Warnings, error) { watcherdecisionenginelog.Info("validate delete", "name", r.Name) // TODO(user): fill in your validation logic upon object deletion. - return nil + return nil, nil } diff --git a/api/v1beta1/webhook_suite_test.go b/api/v1beta1/webhook_suite_test.go deleted file mode 100644 index 8ac63e2..0000000 --- a/api/v1beta1/webhook_suite_test.go +++ /dev/null @@ -1,141 +0,0 @@ -/* -Copyright 2024. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "context" - "crypto/tls" - "fmt" - "net" - "path/filepath" - "testing" - "time" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - - admissionv1beta1 "k8s.io/api/admission/v1beta1" - //+kubebuilder:scaffold:imports - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/rest" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment -var ctx context.Context -var cancel context.CancelFunc - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecs(t, "Webhook Suite") -} - -var _ = BeforeSuite(func() { - logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) - - ctx, cancel = context.WithCancel(context.TODO()) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, - ErrorIfCRDPathMissing: false, - WebhookInstallOptions: envtest.WebhookInstallOptions{ - Paths: []string{filepath.Join("..", "..", "config", "webhook")}, - }, - } - - var err error - // cfg is defined in this file globally. - cfg, err = testEnv.Start() - Expect(err).NotTo(HaveOccurred()) - Expect(cfg).NotTo(BeNil()) - - scheme := runtime.NewScheme() - err = AddToScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - - err = admissionv1beta1.AddToScheme(scheme) - Expect(err).NotTo(HaveOccurred()) - - //+kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme}) - Expect(err).NotTo(HaveOccurred()) - Expect(k8sClient).NotTo(BeNil()) - - // start webhook server using Manager - webhookInstallOptions := &testEnv.WebhookInstallOptions - mgr, err := ctrl.NewManager(cfg, ctrl.Options{ - Scheme: scheme, - Host: webhookInstallOptions.LocalServingHost, - Port: webhookInstallOptions.LocalServingPort, - CertDir: webhookInstallOptions.LocalServingCertDir, - LeaderElection: false, - MetricsBindAddress: "0", - }) - Expect(err).NotTo(HaveOccurred()) - - err = (&Watcher{}).SetupWebhookWithManager(mgr) - Expect(err).NotTo(HaveOccurred()) - - err = (&WatcherAPI{}).SetupWebhookWithManager(mgr) - Expect(err).NotTo(HaveOccurred()) - - err = (&WatcherDecisionEngine{}).SetupWebhookWithManager(mgr) - Expect(err).NotTo(HaveOccurred()) - - err = (&WatcherApplier{}).SetupWebhookWithManager(mgr) - Expect(err).NotTo(HaveOccurred()) - - //+kubebuilder:scaffold:webhook - - go func() { - defer GinkgoRecover() - err = mgr.Start(ctx) - Expect(err).NotTo(HaveOccurred()) - }() - - // wait for the webhook server to get ready - dialer := &net.Dialer{Timeout: time.Second} - addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort) - Eventually(func() error { - conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true}) - if err != nil { - return err - } - conn.Close() - return nil - }).Should(Succeed()) - -}) - -var _ = AfterSuite(func() { - cancel() - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).NotTo(HaveOccurred()) -}) diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 116de32..0a448e1 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -27,5 +27,5 @@ patches: # [WEBHOOK] To enable webhook, uncomment the following section # the following config is for teaching kustomize how to do kustomization for CRDs. -#configurations: -#- kustomizeconfig.yaml +configurations: +- kustomizeconfig.yaml diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 0defb13..d8f571d 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -20,7 +20,7 @@ resources: - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -#- ../webhook +- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. @@ -34,7 +34,7 @@ patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -#- path: manager_webhook_patch.yaml +- path: manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml new file mode 100644 index 0000000..a614045 --- /dev/null +++ b/config/webhook/manifests.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-watcher-openstack-org-v1beta1-watcher + failurePolicy: Fail + name: mwatcher.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watchers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-watcher-openstack-org-v1beta1-watcherapi + failurePolicy: Fail + name: mwatcherapi.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watcherapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-watcher-openstack-org-v1beta1-watcherapplier + failurePolicy: Fail + name: mwatcherapplier.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watcherappliers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-watcher-openstack-org-v1beta1-watcherdecisionengine + failurePolicy: Fail + name: mwatcherdecisionengine.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watcherdecisionengines + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-watcher-openstack-org-v1beta1-watcher + failurePolicy: Fail + name: vwatcher.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watchers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-watcher-openstack-org-v1beta1-watcherapi + failurePolicy: Fail + name: vwatcherapi.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watcherapis + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-watcher-openstack-org-v1beta1-watcherapplier + failurePolicy: Fail + name: vwatcherapplier.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watcherappliers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-watcher-openstack-org-v1beta1-watcherdecisionengine + failurePolicy: Fail + name: vwatcherdecisionengine.kb.io + rules: + - apiGroups: + - watcher.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - watcherdecisionengines + sideEffects: None diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml index 2572881..befaa38 100644 --- a/config/webhook/service.yaml +++ b/config/webhook/service.yaml @@ -17,4 +17,4 @@ spec: protocol: TCP targetPort: 9443 selector: - control-plane: controller-manager + openstack.org/operator-name: watcher diff --git a/hack/clean_local_webhook.sh b/hack/clean_local_webhook.sh old mode 100644 new mode 100755 index 5c853e3..bd8f303 --- a/hack/clean_local_webhook.sh +++ b/hack/clean_local_webhook.sh @@ -8,4 +8,4 @@ oc delete mutatingwebhookconfiguration/mwatcherapi.kb.io --ignore-not-found oc delete validatingwebhookconfiguration/vwatcherdecisionengine.kb.io --ignore-not-found oc delete mutatingwebhookconfiguration/mwatcherdecisionengine.kb.io --ignore-not-found oc delete validatingwebhookconfiguration/vwatcherapplier.kb.io --ignore-not-found -oc delete mutatingwebhookconfiguration/mwatcherapplier.kb.io --ignore-not-found \ No newline at end of file +oc delete mutatingwebhookconfiguration/mwatcherapplier.kb.io --ignore-not-found diff --git a/hack/run_with_local_webhook.sh b/hack/run_with_local_webhook.sh old mode 100644 new mode 100755 index 10c1bac..d6a8237 --- a/hack/run_with_local_webhook.sh +++ b/hack/run_with_local_webhook.sh @@ -65,7 +65,7 @@ webhooks: - CREATE - UPDATE resources: - - watcher + - watchers scope: '*' sideEffects: None timeoutSeconds: 10 @@ -93,7 +93,7 @@ webhooks: - CREATE - UPDATE resources: - - watcher + - watchers scope: '*' sideEffects: None timeoutSeconds: 10 diff --git a/main.go b/main.go index 79a1c47..69bc928 100644 --- a/main.go +++ b/main.go @@ -20,6 +20,7 @@ import ( "crypto/tls" "flag" "os" + "strings" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. @@ -62,8 +63,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") - flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", ":33080", "The address the metric endpoint binds to.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":33081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -143,12 +144,34 @@ func main() { if err != nil { os.Exit(1) } - - if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + checker := healthz.Ping + // Setup webhooks if requested + + if strings.ToLower(os.Getenv("ENABLE_WEBHOOKS")) != "false" { + + if err = (&watcherv1beta1.Watcher{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "Watcher") + os.Exit(1) + } + if err = (&watcherv1beta1.WatcherAPI{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "WatcherAPI") + os.Exit(1) + } + if err = (&watcherv1beta1.WatcherApplier{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "WatcherApplier") + os.Exit(1) + } + if err = (&watcherv1beta1.WatcherDecisionEngine{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "WatcherDecisionEngine") + os.Exit(1) + } + checker = mgr.GetWebhookServer().StartedChecker() + } + if err := mgr.AddHealthzCheck("healthz", checker); err != nil { setupLog.Error(err, "unable to set up health check") os.Exit(1) } - if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + if err := mgr.AddReadyzCheck("readyz", checker); err != nil { setupLog.Error(err, "unable to set up ready check") os.Exit(1) } diff --git a/tests/functional/suite_test.go b/tests/functional/suite_test.go index de7a2b3..ec42360 100644 --- a/tests/functional/suite_test.go +++ b/tests/functional/suite_test.go @@ -2,6 +2,9 @@ package functional import ( "context" + "crypto/tls" + "fmt" + "net" "path/filepath" "testing" "time" @@ -148,8 +151,14 @@ var _ = BeforeSuite(func() { watcherv1.SetupDefaults() - //err = (&watcherv1.Watcher{}).SetupWebhookWithManager(k8sManager) - //Expect(err).NotTo(HaveOccurred()) + err = (&watcherv1.Watcher{}).SetupWebhookWithManager(k8sManager) + Expect(err).NotTo(HaveOccurred()) + err = (&watcherv1.WatcherAPI{}).SetupWebhookWithManager(k8sManager) + Expect(err).NotTo(HaveOccurred()) + err = (&watcherv1.WatcherDecisionEngine{}).SetupWebhookWithManager(k8sManager) + Expect(err).NotTo(HaveOccurred()) + err = (&watcherv1.WatcherApplier{}).SetupWebhookWithManager(k8sManager) + Expect(err).NotTo(HaveOccurred()) go func() { defer GinkgoRecover() @@ -158,16 +167,16 @@ var _ = BeforeSuite(func() { }() // wait for the webhook server to get ready - //dialer := &net.Dialer{Timeout: 10 * time.Second} - //addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort) - //Eventually(func() error { - // conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true}) - // if err != nil { - // return err - // } - // conn.Close() - // return nil - //}).Should(Succeed()) + dialer := &net.Dialer{Timeout: 10 * time.Second} + addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort) + Eventually(func() error { + conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true}) + if err != nil { + return err + } + conn.Close() + return nil + }).Should(Succeed()) }) var _ = AfterSuite(func() {