@@ -30,7 +30,7 @@ import (
3030 "testing"
3131 "time"
3232
33- "k8s.io/api/certificates/v1alpha1 "
33+ "k8s.io/api/certificates/v1beta1 "
3434 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3535 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme"
3636 "k8s.io/apimachinery/pkg/runtime/schema"
@@ -47,9 +47,6 @@ import (
4747)
4848
4949func TestClusterTrustBundlesPublisherController (t * testing.T ) {
50- // KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE allows for APIs pending removal to not block tests
51- // TODO: Remove this line once certificates v1alpha1 types to be removed in 1.32 are fully removed
52- t .Setenv ("KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE" , "true" )
5350 ctx := ktesting .Init (t )
5451
5552 certBytes := mustMakeCertificate (t , & x509.Certificate {
@@ -73,7 +70,7 @@ func TestClusterTrustBundlesPublisherController(t *testing.T) {
7370 "--disable-admission-plugins" , "ServiceAccount" ,
7471 "--authorization-mode=RBAC" ,
7572 "--feature-gates" , "ClusterTrustBundle=true" ,
76- fmt .Sprintf ("--runtime-config=%s=true" , v1alpha1 .SchemeGroupVersion ),
73+ fmt .Sprintf ("--runtime-config=%s=true" , v1beta1 .SchemeGroupVersion ),
7774 }
7875 storageConfig := framework .SharedEtcd ()
7976 server := kubeapiservertesting .StartTestServerOrDie (t , nil , apiServerFlags , storageConfig )
@@ -108,12 +105,12 @@ func TestClusterTrustBundlesPublisherController(t *testing.T) {
108105 unrelatedPEM := pem .EncodeToMemory (& pem.Block {Type : "CERTIFICATE" , Bytes : unrelatedSigner })
109106 // set up a signer that's completely unrelated to the controller to check
110107 // it's not anyhow handled by it
111- unrelatedCTB , err := clientSet .CertificatesV1alpha1 ().ClusterTrustBundles ().Create (ctx ,
112- & v1alpha1 .ClusterTrustBundle {
108+ unrelatedCTB , err := clientSet .CertificatesV1beta1 ().ClusterTrustBundles ().Create (ctx ,
109+ & v1beta1 .ClusterTrustBundle {
113110 ObjectMeta : metav1.ObjectMeta {
114111 Name : "test.test:unrelated:0" ,
115112 },
116- Spec : v1alpha1 .ClusterTrustBundleSpec {
113+ Spec : v1beta1 .ClusterTrustBundleSpec {
117114 SignerName : "test.test/unrelated" ,
118115 TrustBundle : string (unrelatedPEM ),
119116 },
@@ -127,11 +124,11 @@ func TestClusterTrustBundlesPublisherController(t *testing.T) {
127124 waitUntilSingleKASSignerCTB (ctx , t , clientSet , certPEM )
128125
129126 t .Log ("check that the controller deletes any additional bundles for the same signer" )
130- if _ , err := clientSet .CertificatesV1alpha1 ().ClusterTrustBundles ().Create (ctx , & v1alpha1 .ClusterTrustBundle {
127+ if _ , err := clientSet .CertificatesV1beta1 ().ClusterTrustBundles ().Create (ctx , & v1beta1 .ClusterTrustBundle {
131128 ObjectMeta : metav1.ObjectMeta {
132129 Name : "kubernetes.io:kube-apiserver-serving:testname" ,
133130 },
134- Spec : v1alpha1 .ClusterTrustBundleSpec {
131+ Spec : v1beta1 .ClusterTrustBundleSpec {
135132 SignerName : "kubernetes.io/kube-apiserver-serving" ,
136133 TrustBundle : string (certPEM ),
137134 },
@@ -152,7 +149,7 @@ func TestClusterTrustBundlesPublisherController(t *testing.T) {
152149 })
153150 differentSignerPEM := pem .EncodeToMemory (& pem.Block {Type : "CERTIFICATE" , Bytes : differentSigner })
154151
155- ctbList , err := clientSet .CertificatesV1alpha1 ().ClusterTrustBundles ().List (ctx , metav1.ListOptions {
152+ ctbList , err := clientSet .CertificatesV1beta1 ().ClusterTrustBundles ().List (ctx , metav1.ListOptions {
156153 FieldSelector : "spec.signerName=kubernetes.io/kube-apiserver-serving" ,
157154 })
158155 if err != nil || len (ctbList .Items ) != 1 {
@@ -162,13 +159,13 @@ func TestClusterTrustBundlesPublisherController(t *testing.T) {
162159 ctbToUpdate := ctbList .Items [0 ].DeepCopy ()
163160 ctbToUpdate .Spec .TrustBundle = string (differentSignerPEM )
164161
165- if _ , err = clientSet .CertificatesV1alpha1 ().ClusterTrustBundles ().Update (ctx , ctbToUpdate , metav1.UpdateOptions {}); err != nil {
162+ if _ , err = clientSet .CertificatesV1beta1 ().ClusterTrustBundles ().Update (ctx , ctbToUpdate , metav1.UpdateOptions {}); err != nil {
166163 t .Fatalf ("failed to update ctb with new PEM bundle: %v" , err )
167164 }
168165
169166 waitUntilSingleKASSignerCTB (ctx , t , clientSet , certPEM )
170167
171- unrelatedCTB , err = clientSet .CertificatesV1alpha1 ().ClusterTrustBundles ().Get (ctx , unrelatedCTB .Name , metav1.GetOptions {})
168+ unrelatedCTB , err = clientSet .CertificatesV1beta1 ().ClusterTrustBundles ().Get (ctx , unrelatedCTB .Name , metav1.GetOptions {})
172169 if err != nil {
173170 t .Fatalf ("failed to get the unrelated CTB back: %v" , err )
174171 }
@@ -184,7 +181,7 @@ func TestClusterTrustBundlesPublisherController(t *testing.T) {
184181
185182func waitUntilSingleKASSignerCTB (ctx context.Context , t * testing.T , clientSet * clientset.Clientset , caPEM []byte ) {
186183 err := wait .PollUntilContextTimeout (ctx , 200 * time .Millisecond , 30 * time .Second , true , func (ctx context.Context ) (done bool , err error ) {
187- ctbList , err := clientSet .CertificatesV1alpha1 ().ClusterTrustBundles ().List (ctx , metav1.ListOptions {
184+ ctbList , err := clientSet .CertificatesV1beta1 ().ClusterTrustBundles ().List (ctx , metav1.ListOptions {
188185 FieldSelector : "spec.signerName=kubernetes.io/kube-apiserver-serving" ,
189186 })
190187
0 commit comments