From 6466cfaf5804364e3062c54d091975dc99cbb01a Mon Sep 17 00:00:00 2001 From: Martin Gencur Date: Fri, 16 Nov 2018 08:23:03 +0100 Subject: [PATCH] Enable admission webhooks in CI --- openshift/admission-webhooks.yaml | 38 +++++++++++++++++++++++++++++++ openshift/e2e-tests-openshift.sh | 30 ++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 openshift/admission-webhooks.yaml diff --git a/openshift/admission-webhooks.yaml b/openshift/admission-webhooks.yaml new file mode 100644 index 00000000..13a07a6e --- /dev/null +++ b/openshift/admission-webhooks.yaml @@ -0,0 +1,38 @@ +--- +- hosts: all + become: yes + become_user: root + tasks: + - name: Backup master-config.yaml to master-config.yaml.prepatch + copy: + src: /etc/origin/master/master-config.yaml + dest: /etc/origin/master/master-config.yaml.prepatch + remote_src: yes + backup: yes + - name: Set master_patch variable + set_fact: + master_patch: | + admissionConfig: + pluginConfig: + MutatingAdmissionWebhook: + configuration: + apiVersion: apiserver.config.k8s.io/v1alpha1 + kubeConfigFile: /dev/null + kind: WebhookAdmission + ValidatingAdmissionWebhook: + configuration: + apiVersion: apiserver.config.k8s.io/v1alpha1 + kubeConfigFile: /dev/null + kind: WebhookAdmission + - name: Apply patch for admission webhooks + shell: oc ex config patch /etc/origin/master/master-config.yaml.prepatch -p "{{ master_patch }}" > /etc/origin/master/master-config.yaml + - name: Restart API server and constollers + shell: /usr/local/bin/master-restart api && /usr/local/bin/master-restart controllers + - name: Wait for API server to be available + command: oc login -u system:admin + register: login_res + until: login_res.rc == 0 + ignore_errors: yes + retries: 30 + delay: 1 + diff --git a/openshift/e2e-tests-openshift.sh b/openshift/e2e-tests-openshift.sh index 4dd8d6b0..f1fcd6de 100644 --- a/openshift/e2e-tests-openshift.sh +++ b/openshift/e2e-tests-openshift.sh @@ -4,6 +4,7 @@ source $(dirname $0)/../vendor/github.com/knative/test-infra/scripts/e2e-tests.s set -x +export API_SERVER=$(oc config view --minify | grep server | awk -F'//' '{print $2}' | awk -F':' '{print $1}') export USER=$KUBE_SSH_USER #satisfy e2e_flags.go#initializeFlags() export OPENSHIFT_REGISTRY=registry.svc.ci.openshift.org export TEST_NAMESPACE=build-tests @@ -13,6 +14,33 @@ export IGNORES="git-volume" env +function enable_admission_webhooks(){ + header "Enabling admission webhooks" + add_current_user_to_etc_passwd + disable_strict_host_checking + echo "API_SERVER=$API_SERVER" + echo "KUBE_SSH_USER=$KUBE_SSH_USER" + chmod 600 ~/.ssh/google_compute_engine + echo "$API_SERVER ansible_ssh_private_key_file=~/.ssh/google_compute_engine" > inventory.ini + ansible-playbook ${REPO_ROOT_DIR}/openshift/admission-webhooks.yaml -i inventory.ini -u $KUBE_SSH_USER + rm inventory.ini +} + +function add_current_user_to_etc_passwd(){ + if ! whoami &>/dev/null; then + echo "${USER:-default}:x:$(id -u):$(id -g):Default User:$HOME:/sbin/nologin" >> /etc/passwd + fi + cat /etc/passwd +} + +function disable_strict_host_checking(){ + cat >> ~/.ssh/config <