tests(e2e) test admission script

* Test the admission webhook script in an E2E test. * Change the admission webhook script to use temporary files for the certificate.
Kong · Apr 8, 2022 · 1d3dfef · 1d3dfef
1 parent 60c913b
commit 1d3dfef
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 6 deletions.
diff --git a/hack/deploy-admission-controller.sh b/hack/deploy-admission-controller.sh
@@ -6,13 +6,14 @@ if [[ "$OSTYPE" == "linux-gnu"* ]]; then
 fi
 
 # create a self-signed certificate
-openssl req -x509 -newkey rsa:2048 -keyout tls.key -out tls.crt -days 365  \
+TMPDIR="$(mktemp -d )"
+openssl req -x509 -newkey rsa:2048 -keyout "${TMPDIR}"/tls.key -out "${TMPDIR}"/tls.crt -days 365  \
     -nodes -subj "/CN=kong-validation-webhook.kong.svc" \
     -extensions EXT -config <( \
    printf "[dn]\nCN=kong-validation-webhook.kong.svc\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:kong-validation-webhook.kong.svc\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
 # create a secret out of this self-signed cert-key pair
 kubectl create secret tls kong-validation-webhook -n kong \
-      --key tls.key --cert tls.crt
+      --key "${TMPDIR}"/tls.key --cert "${TMPDIR}"/tls.crt
 # enable the Admission Webhook Server server
 kubectl patch deploy -n kong ingress-kong \
   -p '{"spec":{"template":{"spec":{"containers":[{"name":"ingress-controller","env":[{"name":"CONTROLLER_ADMISSION_WEBHOOK_LISTEN","value":":8080"}],"volumeMounts":[{"name":"validation-webhook","mountPath":"/admission-webhook"}]}],"volumes":[{"secret":{"secretName":"kong-validation-webhook"},"name":"validation-webhook"}]}}}}'
@@ -66,5 +67,5 @@ webhooks:
     service:
       namespace: kong
       name: kong-validation-webhook
-    caBundle: $(cat tls.crt  | base64 ${BASE64_OPTIONS}) " | kubectl apply -f -
+    caBundle: $(cat ${TMPDIR}/tls.crt  | base64 ${BASE64_OPTIONS}) " | kubectl apply -f -
 
diff --git a/test/e2e/features_test.go b/test/e2e/features_test.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"crypto/tls"
 	"os"
+	"os/exec"
 	"testing"
 	"time"
 
@@ -20,6 +21,10 @@ import (
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/kong/kubernetes-ingress-controller/v2/internal/annotations"
+	kongv1 "github.com/kong/kubernetes-ingress-controller/v2/pkg/apis/configuration/v1"
+	"github.com/kong/kubernetes-ingress-controller/v2/pkg/clientset"
 )
 
 // -----------------------------------------------------------------------------
@@ -54,6 +59,7 @@ nodes:
 `
 	validationWebhookName = "kong-validation-webhook"
 	kongNamespace         = "kong"
+	admissionScriptPath   = "../../hack/deploy-admission-controller.sh"
 )
 
 var (
@@ -287,18 +293,40 @@ func TestDeployAllInOneDBLESSGateway(t *testing.T) {
 	require.NoError(t, err)
 	deployment := deployKong(ctx, t, env, manifest)
 
+	t.Log("running the admission webhook setup script")
+	cmd := exec.Command("bash", admissionScriptPath)
+	require.NoError(t, cmd.Run())
+
+	deployment, err = env.Cluster().Client().AppsV1().Deployments(deployment.Namespace).Get(ctx, deployment.Name, metav1.GetOptions{})
+	require.NoError(t, err)
 	t.Log("updating kong deployment to enable Gateway feature gate and admission controller")
 	for i, container := range deployment.Spec.Template.Spec.Containers {
 		if container.Name == "ingress-controller" {
 			deployment.Spec.Template.Spec.Containers[i].Env = append(deployment.Spec.Template.Spec.Containers[i].Env,
-				corev1.EnvVar{Name: "CONTROLLER_FEATURE_GATES", Value: "Gateway=true"},
-				corev1.EnvVar{Name: "CONTROLLER_ADMISSION_WEBHOOK_LISTEN", Value: ":8080"})
+				corev1.EnvVar{Name: "CONTROLLER_FEATURE_GATES", Value: "Gateway=true"})
 		}
 	}
 
 	_, err = env.Cluster().Client().AppsV1().Deployments(deployment.Namespace).Update(ctx,
 		deployment, metav1.UpdateOptions{})
-	require.NoError(t, err)
+
+	// vov it's easier than tracking the deployment state
+	t.Log("creating a consumer to ensure the admission webhook is online")
+	consumer := &kongv1.KongConsumer{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "nihoniy",
+			Annotations: map[string]string{
+				annotations.IngressClassKey: ingressClass,
+			},
+		},
+		Username: "nihoniy",
+	}
+
+	kongClient, err := clientset.NewForConfig(env.Cluster().Config())
+	require.Eventually(t, func() bool {
+		_, err = kongClient.ConfigurationV1().KongConsumers(namespace).Create(ctx, consumer, metav1.CreateOptions{})
+		return err == nil
+	}, time.Minute*2, time.Second*1)
 
 	t.Log("verifying controller updates associated Gateway resoures")
 	gw := deployGateway(ctx, t, env)