-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch namespaced deploy to pruning blacklist #616
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
NAME SHORTNAMES APIGROUP NAMESPACED KIND VERBS | ||
bindings true Binding [create] | ||
configmaps cm true ConfigMap [create delete deletecollection get list patch update watch] | ||
endpoints ep true Endpoints [create delete deletecollection get list patch update watch] | ||
events ev true Event [create delete deletecollection get list patch update watch] | ||
limitranges limits true LimitRange [create delete deletecollection get list patch update watch] | ||
persistentvolumeclaims pvc true PersistentVolumeClaim [create delete deletecollection get list patch update watch] | ||
pods po true Pod [create delete deletecollection get list patch update watch] | ||
podtemplates true PodTemplate [create delete deletecollection get list patch update watch] | ||
replicationcontrollers rc true ReplicationController [create delete deletecollection get list patch update watch] | ||
resourcequotas quota true ResourceQuota [create delete deletecollection get list patch update watch] | ||
secrets true Secret [create delete deletecollection get list patch update watch] | ||
serviceaccounts sa true ServiceAccount [create delete deletecollection get list patch update watch] | ||
services svc true Service [create delete get list patch update watch] | ||
controllerrevisions apps true ControllerRevision [create delete deletecollection get list patch update watch] | ||
daemonsets ds apps true DaemonSet [create delete deletecollection get list patch update watch] | ||
deployments deploy apps true Deployment [create delete deletecollection get list patch update watch] | ||
replicasets rs apps true ReplicaSet [create delete deletecollection get list patch update watch] | ||
statefulsets sts apps true StatefulSet [create delete deletecollection get list patch update watch] | ||
localsubjectaccessreviews authorization.k8s.io true LocalSubjectAccessReview [create] | ||
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler [create delete deletecollection get list patch update watch] | ||
cronjobs cj batch true CronJob [create delete deletecollection get list patch update watch] | ||
jobs batch true Job [create delete deletecollection get list patch update watch] | ||
leases coordination.k8s.io true Lease [create delete deletecollection get list patch update watch] | ||
events ev events.k8s.io true Event [create delete deletecollection get list patch update watch] | ||
ingresses ing extensions true Ingress [create delete deletecollection get list patch update watch] | ||
ingresses ing networking.k8s.io true Ingress [create delete deletecollection get list patch update watch] | ||
networkpolicies netpol networking.k8s.io true NetworkPolicy [create delete deletecollection get list patch update watch] | ||
poddisruptionbudgets pdb policy true PodDisruptionBudget [create delete deletecollection get list patch update watch] | ||
rolebindings rbac.authorization.k8s.io true RoleBinding [create delete deletecollection get list patch update watch] | ||
roles rbac.authorization.k8s.io true Role [create delete deletecollection get list patch update watch] |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -185,8 +185,7 @@ def namespace_globals(fixtures, selector) | |
fixtures.each do |_, kinds_map| | ||
kinds_map.each do |_, resources| | ||
resources.each do |resource| | ||
resource["metadata"]["name"] = (resource["metadata"]["name"] + @namespace)[0..63] | ||
resource["metadata"]["name"] += "0" if resource["metadata"]["name"].end_with?("-") | ||
resource["metadata"]["name"] = (resource["metadata"]["name"] + Digest::MD5.hexdigest(@namespace))[0..63] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is to fix a bug that was causing resources to have the same name across different tests. Its triggered when the real name was long as the start of two tests were the same. We need the value appended to the name to be stable across tests hence the hashing of @namespace. |
||
resource["metadata"]["labels"] ||= {} | ||
resource["metadata"]["labels"][selector_key] = selector_value | ||
end | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,41 +2,62 @@ | |
require 'test_helper' | ||
|
||
class ClusterResourceDiscoveryTest < Krane::TestCase | ||
def test_global_resource_kinds_failure | ||
def test_fetch_resources_failure | ||
crd = mocked_cluster_resource_discovery(nil, success: false) | ||
kinds = crd.global_resource_kinds | ||
assert_equal(kinds, []) | ||
resources = crd.fetch_resources | ||
assert_equal(resources, []) | ||
end | ||
|
||
def test_global_resource_kinds_success | ||
crd = mocked_cluster_resource_discovery(api_resources_full_response) | ||
kinds = crd.global_resource_kinds | ||
assert_equal(kinds.length, api_resources_full_response.split("\n").length - 1) | ||
def test_fetch_resources_not_namespaced | ||
crd = mocked_cluster_resource_discovery(api_resources_not_namespaced_full_response) | ||
kinds = crd.fetch_resources(namespaced: false).map { |r| r['kind'] } | ||
assert_equal(kinds.length, api_resources_not_namespaced_full_response.split("\n").length - 1) | ||
%w(MutatingWebhookConfiguration ComponentStatus CustomResourceDefinition).each do |kind| | ||
assert_includes(kinds, kind) | ||
end | ||
end | ||
|
||
def test_prunable_resources | ||
def test_fetch_resources_namespaced | ||
crd = mocked_cluster_resource_discovery(api_resources_namespaced_full_response, namespaced: true) | ||
kinds = crd.fetch_resources(namespaced: true).map { |r| r['kind'] } | ||
assert_equal(kinds.length, api_resources_namespaced_full_response.split("\n").length - 1) | ||
%w(ConfigMap CronJob Deployment).each do |kind| | ||
assert_includes(kinds, kind) | ||
end | ||
end | ||
|
||
def test_prunable_global_resources | ||
Krane::Kubectl.any_instance.stubs(:run).with("api-versions", attempts: 5, use_namespace: false) | ||
.returns([api_versions_full_response, "", stub(success?: true)]) | ||
crd = mocked_cluster_resource_discovery(api_resources_full_response) | ||
crd = mocked_cluster_resource_discovery(api_resources_not_namespaced_full_response) | ||
kinds = crd.prunable_resources(namespaced: false) | ||
|
||
assert_equal(kinds.length, 13) | ||
%w(scheduling.k8s.io/v1beta1/PriorityClass storage.k8s.io/v1beta1/StorageClass).each do |kind| | ||
assert_includes(kinds, kind) | ||
%w(PriorityClass StorageClass).each do |expected_kind| | ||
assert kinds.one? { |k| k.include?(expected_kind) } | ||
Comment on lines
+36
to
+37
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this just a sanity check or is there a reason for these 2 in particular? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just a sanity check, the |
||
end | ||
%w(node namespace).each do |black_lised_kind| | ||
assert_empty kinds.select { |k| k.downcase.include?(black_lised_kind) } | ||
end | ||
end | ||
|
||
def test_prunable_namespaced_resources | ||
Krane::Kubectl.any_instance.stubs(:run).with("api-versions", attempts: 5, use_namespace: false) | ||
.returns([api_versions_full_response, "", stub(success?: true)]) | ||
crd = mocked_cluster_resource_discovery(api_resources_namespaced_full_response, namespaced: true) | ||
kinds = crd.prunable_resources(namespaced: true) | ||
|
||
assert_equal(kinds.length, 28) | ||
%w(ConfigMap CronJob Deployment).each do |expected_kind| | ||
assert kinds.one? { |k| k.include?(expected_kind) } | ||
end | ||
end | ||
|
||
private | ||
|
||
def mocked_cluster_resource_discovery(response, success: true) | ||
def mocked_cluster_resource_discovery(response, success: true, namespaced: false) | ||
Krane::Kubectl.any_instance.stubs(:run) | ||
.with("api-resources", "--namespaced=false", attempts: 5, use_namespace: false, output: "wide") | ||
.with("api-resources", "--namespaced=#{namespaced}", attempts: 5, use_namespace: false, output: "wide") | ||
.returns([response, "", stub(success?: success)]) | ||
Krane::ClusterResourceDiscovery.new(task_config: task_config, namespace_tags: []) | ||
end | ||
|
@@ -45,7 +66,11 @@ def api_versions_full_response | |
File.read(File.join(fixture_path('for_unit_tests'), "api_versions.txt")) | ||
end | ||
|
||
def api_resources_full_response | ||
File.read(File.join(fixture_path('for_unit_tests'), "api_resources.txt")) | ||
def api_resources_namespaced_full_response | ||
File.read(File.join(fixture_path('for_unit_tests'), "api_resources_namespaced.txt")) | ||
end | ||
|
||
def api_resources_not_namespaced_full_response | ||
File.read(File.join(fixture_path('for_unit_tests'), "api_resources_global.txt")) | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are we adding this here (instead of updating
Krane::DeprecatedDeployTask
) to avoid changingKubernetesDeploy::DeployTask
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes