github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-02-14 18:09:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Giving priority to IngressClassName rather than annotation (#64)

Browse Source 
* IngressclassName has priority over Annotation

* Covering further cases for the Ingress Class

* Forcing to use 1.18 during e2e tests
This commit is contained in:
Dario Tranchitella
2020-08-22 12:34:53 +02:00
committed by GitHub
parent e481a4ff5f
commit 0f935d53b7
3 changed files with 90 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -134,7 +134,7 @@ golint:
# Running e2e tests in a KinD instance
.PHONY: e2e
e2e:
kind create cluster --name capsule
kind create cluster --name capsule --image=kindest/node:v1.18.0
make docker-build
kind load docker-image --nodes capsule-control-plane --name capsule quay.io/clastix/capsule:latest
make deploy

112
e2e/ingress_class_test.go
View File

@@ -20,6 +20,7 @@ package e2e
import (
"context"
"strconv"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
@@ -28,6 +29,7 @@ import (
networkingv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/client-go/kubernetes"
"k8s.io/utils/pointer"
"github.com/clastix/capsule/api/v1alpha1"
@@ -39,17 +41,17 @@ var _ = Describe("when Tenant handles Ingress classes", func() {
Name: "ingress-class",
},
Spec: v1alpha1.TenantSpec{
Owner: "ingress",
Owner: "ingress",
StorageClasses: []string{},
IngressClasses: []string{
"nginx",
"haproxy",
},
LimitRanges: []corev1.LimitRangeSpec{},
NamespaceQuota: 3,
NodeSelector: map[string]string{},
LimitRanges: []corev1.LimitRangeSpec{},
NamespaceQuota: 3,
NodeSelector: map[string]string{},
NetworkPolicies: []networkingv1.NetworkPolicySpec{},
ResourceQuota: []corev1.ResourceQuotaSpec{},
ResourceQuota: []corev1.ResourceQuotaSpec{},
},
}
JustBeforeEach(func() {
@@ -83,6 +85,26 @@ var _ = Describe("when Tenant handles Ingress classes", func() {
return
}, defaultTimeoutInterval, defaultPollInterval).ShouldNot(Succeed())
})
By("using a forbidden class as Annotation", func() {
Eventually(func() (err error) {
i := &v1beta12.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "denied-ingress",
Annotations: map[string]string{
"kubernetes.io/ingress.class": "the-worst-ingress-available",
},
},
Spec: v1beta12.IngressSpec{
Backend: &v1beta12.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
},
}
_, err = cs.ExtensionsV1beta1().Ingresses(ns.GetName()).Create(context.TODO(), i, metav1.CreateOptions{})
return
}, defaultTimeoutInterval, defaultPollInterval).ShouldNot(Succeed())
})
By("specifying a forbidden class", func() {
Eventually(func() (err error) {
i := &v1beta12.Ingress{
@@ -102,34 +124,70 @@ var _ = Describe("when Tenant handles Ingress classes", func() {
}, defaultTimeoutInterval, defaultPollInterval).ShouldNot(Succeed())
})
})
It("should allow enabled Ingress class", func() {
ns := NewNamespace("ingress-class-allowed")
It("should allow enabled Ingress class using the deprecated Annotation", func() {
ns := NewNamespace("ingress-class-allowed-annotation")
cs := ownerClient(tnt)
NamespaceCreationShouldSucceed(ns, tnt)
NamespaceShouldBeManagedByTenant(ns, tnt)
By("using an available class", func() {
for _, c := range tnt.Spec.IngressClasses {
Eventually(func() (err error) {
i := &v1beta12.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: c,
Annotations: map[string]string{
"kubernetes.io/ingress.class": c,
},
for _, c := range tnt.Spec.IngressClasses {
Eventually(func() (err error) {
i := &v1beta12.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: c,
Annotations: map[string]string{
"kubernetes.io/ingress.class": c,
},
Spec: v1beta12.IngressSpec{
Backend: &v1beta12.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
},
Spec: v1beta12.IngressSpec{
Backend: &v1beta12.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
}
_, err = cs.ExtensionsV1beta1().Ingresses(ns.GetName()).Create(context.TODO(), i, metav1.CreateOptions{})
return
}, defaultTimeoutInterval, defaultPollInterval).Should(Succeed())
}
})
},
}
_, err = cs.ExtensionsV1beta1().Ingresses(ns.GetName()).Create(context.TODO(), i, metav1.CreateOptions{})
return
}, defaultTimeoutInterval, defaultPollInterval).Should(Succeed())
}
})
It("should allow enabled Ingress class using the IngressClassName field", func() {
ns := NewNamespace("ingress-class-allowed-annotation")
cs := ownerClient(tnt)
cs, err := kubernetes.NewForConfig(cfg)
Expect(err).ToNot(HaveOccurred())
v, err := cs.Discovery().ServerVersion()
Expect(err).ToNot(HaveOccurred())
major, err := strconv.Atoi(v.Major)
Expect(err).ToNot(HaveOccurred())
minor, err := strconv.Atoi(v.Minor)
Expect(err).ToNot(HaveOccurred())
if major == 1 && minor < 18 {
Skip("Running test ont Kubernetes " + v.String() + ", doesn't provide .spec.ingressClassName")
}
NamespaceCreationShouldSucceed(ns, tnt)
NamespaceShouldBeManagedByTenant(ns, tnt)
for _, c := range tnt.Spec.IngressClasses {
Eventually(func() (err error) {
i := &v1beta12.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: c,
},
Spec: v1beta12.IngressSpec{
IngressClassName: &c,
Backend: &v1beta12.IngressBackend{
ServiceName: "foo",
ServicePort: intstr.FromInt(8080),
},
},
}
_, err = cs.ExtensionsV1beta1().Ingresses(ns.GetName()).Create(context.TODO(), i, metav1.CreateOptions{})
return
}, defaultTimeoutInterval, defaultPollInterval).Should(Succeed())
}
})
})

6
pkg/webhook/ingress/handler.go
View File

@@ -30,8 +30,10 @@ import (
)
func handleIngress(ctx context.Context, object metav1.Object, ic *string, c client.Client) admission.Response {
if v, ok := object.GetAnnotations()["kubernetes.io/ingress.class"]; ok {
ic = &v
if ic == nil {
if v, ok := object.GetAnnotations()["kubernetes.io/ingress.class"]; ok {
ic = &v
}
}
if ic == nil {