Skip to content

Commit 21a2951

Browse files
liggittliggitt
committed
Make admission webhook e2e tests robust in non-aggregator-routing clusters
1 parent 97ad87d commit 21a2951

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

test/e2e/apimachinery/webhook.go

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -419,13 +419,16 @@ var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() {
419419
},
420420
Webhooks: []admissionregistrationv1.ValidatingWebhook{
421421
newDenyConfigMapWebhookFixture(f, context, servicePort),
422+
newValidatingIsReadyWebhookFixture(f, context, servicePort),
422423
},
423424
})
424425
framework.ExpectNoError(err, "Creating validating webhook configuration")
425426
defer func() {
426427
err := client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Delete(hook.Name, nil)
427428
framework.ExpectNoError(err, "Deleting validating webhook configuration")
428429
}()
430+
// ensure backend is ready before proceeding
431+
waitWebhookConfigurationReady(f)
429432
ginkgo.By("Creating a configMap that does not comply to the validation webhook rules")
430433
err = wait.PollImmediate(100*time.Millisecond, 30*time.Second, func() (bool, error) {
431434
cm := namedNonCompliantConfigMap(string(uuid.NewUUID()), f)
@@ -509,14 +512,16 @@ var _ = SIGDescribe("AdmissionWebhook [Privileged:ClusterAdmin]", func() {
509512
},
510513
Webhooks: []admissionregistrationv1.MutatingWebhook{
511514
newMutateConfigMapWebhookFixture(f, context, 1, servicePort),
515+
newMutatingIsReadyWebhookFixture(f, context, servicePort),
512516
},
513517
})
514518
framework.ExpectNoError(err, "Creating mutating webhook configuration")
515519
defer func() {
516520
err := client.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(hook.Name, nil)
517521
framework.ExpectNoError(err, "Deleting mutating webhook configuration")
518522
}()
519-
523+
// ensure backend is ready before proceeding
524+
waitWebhookConfigurationReady(f)
520525
hook, err = admissionClient.MutatingWebhookConfigurations().Get(f.UniqueName, metav1.GetOptions{})
521526
framework.ExpectNoError(err, "Getting mutating webhook configuration")
522527
ginkgo.By("Updating a mutating webhook configuration's rules to not include the create operation")
@@ -2449,6 +2454,7 @@ func waitWebhookConfigurationReady(f *framework.Framework) error {
24492454
// with "marker" requests via waitWebhookConfigurationReady to wait for a webhook configuration to be ready.
24502455
func newValidatingIsReadyWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.ValidatingWebhook {
24512456
sideEffectsNone := admissionregistrationv1.SideEffectClassNone
2457+
failOpen := admissionregistrationv1.Ignore
24522458
return admissionregistrationv1.ValidatingWebhook{
24532459
Name: "validating-is-webhook-configuration-ready.k8s.io",
24542460
Rules: []admissionregistrationv1.RuleWithOperations{{
@@ -2468,6 +2474,8 @@ func newValidatingIsReadyWebhookFixture(f *framework.Framework, context *certCon
24682474
},
24692475
CABundle: context.signingCert,
24702476
},
2477+
// network failures while the service network routing is being set up should be ignored by the marker
2478+
FailurePolicy: &failOpen,
24712479
SideEffects: &sideEffectsNone,
24722480
AdmissionReviewVersions: []string{"v1", "v1beta1"},
24732481
// Scope the webhook to just the markers namespace
@@ -2485,6 +2493,7 @@ func newValidatingIsReadyWebhookFixture(f *framework.Framework, context *certCon
24852493
// with "marker" requests via waitWebhookConfigurationReady to wait for a webhook configuration to be ready.
24862494
func newMutatingIsReadyWebhookFixture(f *framework.Framework, context *certContext, servicePort int32) admissionregistrationv1.MutatingWebhook {
24872495
sideEffectsNone := admissionregistrationv1.SideEffectClassNone
2496+
failOpen := admissionregistrationv1.Ignore
24882497
return admissionregistrationv1.MutatingWebhook{
24892498
Name: "mutating-is-webhook-configuration-ready.k8s.io",
24902499
Rules: []admissionregistrationv1.RuleWithOperations{{
@@ -2504,6 +2513,8 @@ func newMutatingIsReadyWebhookFixture(f *framework.Framework, context *certConte
25042513
},
25052514
CABundle: context.signingCert,
25062515
},
2516+
// network failures while the service network routing is being set up should be ignored by the marker
2517+
FailurePolicy: &failOpen,
25072518
SideEffects: &sideEffectsNone,
25082519
AdmissionReviewVersions: []string{"v1", "v1beta1"},
25092520
// Scope the webhook to just the markers namespace

0 commit comments

Comments
 (0)