#!/usr/bin/env bash # Copyright 2018 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. set -o errexit set -o nounset set -o pipefail # Runs tests related to kubectl apply. run_kubectl_apply_tests() { set -o nounset set -o errexit create_and_use_new_namespace kube::log::status "Testing kubectl apply" ## kubectl apply should create the resource that doesn't exist yet # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # Command: apply a pod "test-pod" (doesn't exist) should create this pod kubectl apply -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # Post-Condition: pod "test-pod" is created kube::test::get_object_assert 'pods test-pod' "{{${labels_field:?}.name}}" 'test-pod-label' # Post-Condition: pod "test-pod" has configuration annotation grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get pods test-pod -o yaml "${kube_flags[@]:?}")" # pod has field manager for kubectl client-side apply output_message=$(kubectl get --show-managed-fields -f hack/testdata/pod.yaml -o=jsonpath='{.metadata.managedFields[*].manager}' "${kube_flags[@]:?}" 2>&1) kube::test::if_has_string "${output_message}" 'kubectl-client-side-apply' # Clean up kubectl delete pods test-pod "${kube_flags[@]:?}" ### set-last-applied # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # Command: create "test-pod" (doesn't exist) should create this pod without last-applied annotation kubectl create -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # Post-Condition: pod "test-pod" is created kube::test::get_object_assert 'pods test-pod' "{{${labels_field:?}.name}}" 'test-pod-label' # Pre-Condition: pod "test-pod" does not have configuration annotation ! grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get pods test-pod -o yaml "${kube_flags[@]:?}")" || exit 1 # Dry-run set-last-applied kubectl apply set-last-applied --dry-run=client -f hack/testdata/pod.yaml --create-annotation=true "${kube_flags[@]:?}" kubectl apply set-last-applied --dry-run=server -f hack/testdata/pod.yaml --create-annotation=true "${kube_flags[@]:?}" ! grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get pods test-pod -o yaml "${kube_flags[@]:?}")" || exit 1 # Command kubectl apply set-last-applied -f hack/testdata/pod.yaml --create-annotation=true "${kube_flags[@]:?}" # Post-Condition: pod "test-pod" has configuration annotation grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get pods test-pod -o yaml "${kube_flags[@]:?}")" # Clean up kubectl delete pods test-pod "${kube_flags[@]:?}" ## kubectl apply should be able to clear defaulted fields. # Pre-Condition: no deployment exists kube::test::get_object_assert deployments "{{range.items}}{{${id_field:?}}}:{{end}}" '' # Command: apply a deployment "test-deployment-retainkeys" (doesn't exist) should create this deployment kubectl apply -f hack/testdata/retainKeys/deployment/deployment-before.yaml "${kube_flags[@]:?}" # Post-Condition: deployment "test-deployment-retainkeys" created kube::test::get_object_assert deployments "{{range.items}}{{${id_field:?}}}{{end}}" 'test-deployment-retainkeys' # Post-Condition: deployment "test-deployment-retainkeys" has defaulted fields grep -q RollingUpdate <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" grep -q maxSurge <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" grep -q maxUnavailable <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" grep -q emptyDir <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" # Command: apply a deployment "test-deployment-retainkeys" should clear # defaulted fields and successfully update the deployment [[ "$(kubectl apply -f hack/testdata/retainKeys/deployment/deployment-after.yaml "${kube_flags[@]:?}")" ]] # Post-Condition: deployment "test-deployment-retainkeys" has updated fields grep -q Recreate <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" ! grep -q RollingUpdate <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" || exit 1 grep -q hostPath <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" ! grep -q emptyDir <<< "$(kubectl get deployments test-deployment-retainkeys -o yaml "${kube_flags[@]:?}")" || exit 1 # Clean up kubectl delete deployments test-deployment-retainkeys "${kube_flags[@]:?}" ## kubectl apply -f with label selector should only apply matching objects # Pre-Condition: no POD exists kube::test::wait_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply kubectl apply -l unique-label=bingbang -f hack/testdata/filter "${kube_flags[@]:?}" # check right pod exists kube::test::get_object_assert 'pods selector-test-pod' "{{${labels_field:?}.name}}" 'selector-test-pod' # check wrong pod doesn't exist output_message=$(! kubectl get pods selector-test-pod-dont-apply 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'pods "selector-test-pod-dont-apply" not found' # cleanup kubectl delete pods selector-test-pod ## kubectl apply --dry-run=server # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply dry-run kubectl apply --dry-run=client -f hack/testdata/pod.yaml "${kube_flags[@]:?}" kubectl apply --dry-run=server -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # No pod exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply non dry-run creates the pod kubectl apply -f hack/testdata/pod.yaml "${kube_flags[@]:?}" initialResourceVersion=$(kubectl get "${kube_flags[@]:?}" -f hack/testdata/pod.yaml -o go-template='{{ .metadata.resourceVersion }}') # apply changes kubectl apply --dry-run=client -f hack/testdata/pod-apply.yaml "${kube_flags[@]:?}" kubectl apply --dry-run=server -f hack/testdata/pod-apply.yaml "${kube_flags[@]:?}" # Post-Condition: label still has initial value kube::test::get_object_assert 'pods test-pod' "{{${labels_field:?}.name}}" 'test-pod-label' # Ensure dry-run doesn't persist change resourceVersion=$(kubectl get "${kube_flags[@]:?}" -f hack/testdata/pod.yaml -o go-template='{{ .metadata.resourceVersion }}') kube::test::if_has_string "${resourceVersion}" "${initialResourceVersion}" # clean-up kubectl delete -f hack/testdata/pod.yaml "${kube_flags[@]:?}" ## kubectl apply dry-run on CR # Create CRD kubectl "${kube_flags_with_token[@]:?}" create -f - << __EOF__ { "kind": "CustomResourceDefinition", "apiVersion": "apiextensions.k8s.io/v1", "metadata": { "name": "resources.mygroup.example.com" }, "spec": { "group": "mygroup.example.com", "scope": "Namespaced", "names": { "plural": "resources", "singular": "resource", "kind": "Kind", "listKind": "KindList" }, "versions": [ { "name": "v1alpha1", "served": true, "storage": true, "schema": { "openAPIV3Schema": { "x-kubernetes-preserve-unknown-fields": true, "type": "object" } } } ] } } __EOF__ # Ensure the API server has recognized and started serving the associated CR API local tries=5 for i in $(seq 1 $tries); do local output output=$(kubectl "${kube_flags[@]:?}" api-resources --api-group mygroup.example.com -oname || true) if kube::test::if_has_string "$output" resources.mygroup.example.com; then break fi echo "${i}: Waiting for CR API to be available" sleep "$i" done # Dry-run create the CR kubectl "${kube_flags[@]:?}" apply --dry-run=server -f hack/testdata/CRD/resource.yaml "${kube_flags[@]:?}" # Make sure that the CR doesn't exist ! kubectl "${kube_flags[@]:?}" get resource/myobj 2>/dev/null || exit 1 # clean-up kubectl "${kube_flags[@]:?}" delete customresourcedefinition resources.mygroup.example.com ## kubectl apply --prune # Pre-Condition: namespace nsb exists; no POD exists kubectl create ns nsb kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply a into namespace nsb kubectl apply --namespace nsb -l prune-group=true -f hack/testdata/prune/a.yaml "${kube_flags[@]:?}" kube::test::get_object_assert 'pods a -n nsb' "{{${id_field:?}}}" 'a' # apply b with namespace kubectl apply --namespace nsb --prune -l prune-group=true -f hack/testdata/prune/b.yaml "${kube_flags[@]:?}" # check right pod exists and wrong pod doesn't exist kube::test::wait_object_assert 'pods -n nsb' "{{range.items}}{{${id_field:?}}}:{{end}}" 'b:' # cleanup kubectl delete pods b -n nsb # same thing without prune for a sanity check # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply a kubectl apply -l prune-group=true -f hack/testdata/prune/a.yaml "${kube_flags[@]:?}" # check right pod exists kube::test::get_object_assert 'pods a' "{{${id_field:?}}}" 'a' # check wrong pod doesn't exist kube::test::wait_object_assert 'pods -n nsb' "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply b kubectl apply -l prune-group=true -f hack/testdata/prune/b.yaml "${kube_flags[@]:?}" # check both pods exist kube::test::get_object_assert 'pods a' "{{${id_field:?}}}" 'a' kube::test::get_object_assert 'pods b -n nsb' "{{${id_field:?}}}" 'b' # cleanup kubectl delete pod/a kubectl delete pod/b -n nsb ## kubectl apply --prune requires a --all flag to select everything output_message=$(! kubectl apply --prune -f hack/testdata/prune 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" \ 'all resources selected for prune without explicitly passing --all' # should apply everything kubectl apply --all --prune -f hack/testdata/prune kube::test::get_object_assert 'pods a' "{{${id_field:?}}}" 'a' kube::test::get_object_assert 'pods b -n nsb' "{{${id_field:?}}}" 'b' kubectl delete pod/a kubectl delete pod/b -n nsb kubectl delete ns nsb ## kubectl apply --prune should fallback to delete for non reapable types kubectl apply --all --prune -f hack/testdata/prune-reap/a.yml 2>&1 "${kube_flags[@]:?}" kube::test::get_object_assert 'pvc a-pvc' "{{${id_field:?}}}" 'a-pvc' kubectl apply --all --prune -f hack/testdata/prune-reap/b.yml 2>&1 "${kube_flags[@]:?}" kube::test::get_object_assert 'pvc b-pvc' "{{${id_field:?}}}" 'b-pvc' kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' kubectl delete pvc b-pvc 2>&1 "${kube_flags[@]:?}" ## kubectl apply --prune --prune-allowlist # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply pod a kubectl apply --prune -l prune-group=true -f hack/testdata/prune/a.yaml "${kube_flags[@]:?}" # check right pod exists kube::test::get_object_assert 'pods a' "{{${id_field:?}}}" 'a' # apply svc and don't prune pod a by overwriting allowlist kubectl apply --prune -l prune-group=true -f hack/testdata/prune/svc.yaml --prune-allowlist core/v1/Service 2>&1 "${kube_flags[@]:?}" kube::test::get_object_assert 'service prune-svc' "{{${id_field:?}}}" 'prune-svc' kube::test::get_object_assert 'pods a' "{{${id_field:?}}}" 'a' # apply svc and prune pod a with default allowlist kubectl apply --prune -l prune-group=true -f hack/testdata/prune/svc.yaml 2>&1 "${kube_flags[@]:?}" kube::test::get_object_assert 'service prune-svc' "{{${id_field:?}}}" 'prune-svc' kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # cleanup kubectl delete svc prune-svc 2>&1 "${kube_flags[@]:?}" ## kubectl apply --prune can prune resources not in the defaulted namespace # Pre-Condition: namespace nsb exists; no POD exists kubectl create ns nsb kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply a into namespace nsb kubectl apply --namespace nsb -f hack/testdata/prune/a.yaml "${kube_flags[@]:?}" kube::test::get_object_assert 'pods a -n nsb' "{{${id_field:?}}}" 'a' # apply b with namespace kubectl apply --namespace nsb -f hack/testdata/prune/b.yaml "${kube_flags[@]:?}" kube::test::get_object_assert 'pods b -n nsb' "{{${id_field:?}}}" 'b' # apply --prune must prune a kubectl apply --prune --all -f hack/testdata/prune/b.yaml # check wrong pod doesn't exist and right pod exists kube::test::wait_object_assert 'pods -n nsb' "{{range.items}}{{${id_field:?}}}:{{end}}" 'b:' # cleanup kubectl delete ns nsb ## kubectl apply -n must fail if input file contains namespace other than the one given in -n output_message=$(! kubectl apply -n foo -f hack/testdata/prune/b.yaml 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'the namespace from the provided object "nsb" does not match the namespace "foo".' ## kubectl apply -f some.yml --force # Pre-condition: no service exists kube::test::get_object_assert services "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply service a kubectl apply -f hack/testdata/service-revision1.yaml "${kube_flags[@]:?}" # check right service exists kube::test::get_object_assert 'services a' "{{${id_field:?}}}" 'a' # change immutable field and apply service a output_message=$(! kubectl apply -f hack/testdata/service-revision2.yaml 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'may not change once set' # apply --force to recreate resources for immutable fields kubectl apply -f hack/testdata/service-revision2.yaml --force "${kube_flags[@]:?}" # check immutable field exists kube::test::get_object_assert 'services a' "{{.spec.clusterIP}}" '10.0.0.12' # cleanup kubectl delete -f hack/testdata/service-revision2.yaml "${kube_flags[@]:?}" ## kubectl apply -k somedir kubectl apply -k hack/testdata/kustomize kube::test::get_object_assert 'configmap test-the-map' "{{${id_field}}}" 'test-the-map' kube::test::get_object_assert 'deployment test-the-deployment' "{{${id_field}}}" 'test-the-deployment' kube::test::get_object_assert 'service test-the-service' "{{${id_field}}}" 'test-the-service' # cleanup kubectl delete -k hack/testdata/kustomize ## kubectl apply --kustomize somedir kubectl apply --kustomize hack/testdata/kustomize kube::test::get_object_assert 'configmap test-the-map' "{{${id_field}}}" 'test-the-map' kube::test::get_object_assert 'deployment test-the-deployment' "{{${id_field}}}" 'test-the-deployment' kube::test::get_object_assert 'service test-the-service' "{{${id_field}}}" 'test-the-service' # cleanup kubectl delete --kustomize hack/testdata/kustomize ## kubectl apply multiple resources with one failure during apply phase. # Pre-Condition: namespace does not exist and no POD exists output_message=$(! kubectl get namespace multi-resource-ns 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'namespaces "multi-resource-ns" not found' kube::test::wait_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # First pass, namespace is created, but pod is not (since namespace does not exist yet). output_message=$(! kubectl apply -f hack/testdata/multi-resource-1.yaml 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'namespaces "multi-resource-ns" not found' output_message=$(! kubectl get pods test-pod -n multi-resource-ns 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'pods "test-pod" not found' # Second pass, pod is created (now that namespace exists). kubectl apply -f hack/testdata/multi-resource-1.yaml "${kube_flags[@]:?}" kube::test::get_object_assert 'pods test-pod -n multi-resource-ns' "{{${id_field}}}" 'test-pod' # cleanup kubectl delete -f hack/testdata/multi-resource-1.yaml "${kube_flags[@]:?}" ## kubectl apply multiple resources with one failure during builder phase. # Pre-Condition: No configmaps with name=foo kube::test::get_object_assert 'configmaps --field-selector=metadata.name=foo' "{{range.items}}{{${id_field:?}}}:{{end}}" '' # Apply a configmap and a bogus custom resource. output_message=$(! kubectl apply -f hack/testdata/multi-resource-2.yaml 2>&1 "${kube_flags[@]:?}") # Should be error message from bogus custom resource. kube::test::if_has_string "${output_message}" 'no matches for kind "Bogus" in version "example.com/v1"' # ConfigMap should have been created even with custom resource error. kube::test::get_object_assert 'configmaps foo' "{{${id_field}}}" 'foo' # cleanup kubectl delete configmaps foo "${kube_flags[@]:?}" ## kubectl apply multiple resources with one failure during builder phase. # Pre-Condition: No pods exist. kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # Applies three pods, one of which is invalid (POD-B), two succeed (pod-a, pod-c). output_message=$(! kubectl apply -f hack/testdata/multi-resource-3.yaml 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'The Pod "POD-B" is invalid' kube::test::get_object_assert 'pods pod-a' "{{${id_field}}}" 'pod-a' kube::test::get_object_assert 'pods pod-c' "{{${id_field}}}" 'pod-c' # cleanup kubectl delete pod pod-a pod-c "${kube_flags[@]:?}" kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' ## kubectl apply multiple resources with one failure during apply phase. # Pre-Condition: crd does not exist, and custom resource does not exist. kube::test::get_object_assert crds "{{range.items}}{{${id_field:?}}}:{{end}}" '' # First pass, custom resource fails, but crd apply succeeds. output_message=$(! kubectl apply -f hack/testdata/multi-resource-4.yaml 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'no matches for kind "Widget" in version "example.com/v1"' kubectl wait --timeout=2s --for=condition=Established=true crd/widgets.example.com output_message=$(! kubectl get widgets foo 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" 'widgets.example.com "foo" not found' kube::test::get_object_assert 'crds widgets.example.com' "{{${id_field}}}" 'widgets.example.com' # Second pass, custom resource is created (now that crd exists). kubectl apply -f hack/testdata/multi-resource-4.yaml "${kube_flags[@]:?}" kube::test::get_object_assert 'widget foo' "{{${id_field}}}" 'foo' # cleanup kubectl delete -f hack/testdata/multi-resource-4.yaml "${kube_flags[@]:?}" set +o nounset set +o errexit } # Runs tests related to kubectl apply (server-side) run_kubectl_server_side_apply_tests() { set -o nounset set -o errexit create_and_use_new_namespace kube::log::status "Testing kubectl apply --server-side" ## kubectl apply should create the resource that doesn't exist yet # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # Command: apply a pod "test-pod" (doesn't exist) should create this pod kubectl apply --server-side -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # Post-Condition: pod "test-pod" is created kube::test::get_object_assert 'pods test-pod' "{{${labels_field:?}.name}}" 'test-pod-label' # pod has field manager for kubectl server-side apply output_message=$(kubectl get --show-managed-fields -f hack/testdata/pod.yaml -o=jsonpath='{.metadata.managedFields[*].manager}' "${kube_flags[@]:?}" 2>&1) kube::test::if_has_string "${output_message}" 'kubectl' # pod has custom field manager kubectl apply --server-side --field-manager=my-field-manager --force-conflicts -f hack/testdata/pod.yaml "${kube_flags[@]:?}" output_message=$(kubectl get -f hack/testdata/pod.yaml -o=jsonpath='{.metadata.managedFields[*].manager}' "${kube_flags[@]:?}" 2>&1) kube::test::if_has_string "${output_message}" 'my-field-manager' # Clean up kubectl delete pods test-pod "${kube_flags[@]:?}" ## kubectl apply --dry-run=server # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply dry-run kubectl apply --server-side --dry-run=server -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # No pod exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' # apply non dry-run creates the pod kubectl apply --server-side -f hack/testdata/pod.yaml "${kube_flags[@]:?}" initialResourceVersion=$(kubectl get "${kube_flags[@]:?}" -f hack/testdata/pod.yaml -o go-template='{{ .metadata.resourceVersion }}') # apply changes kubectl apply --server-side --dry-run=server -f hack/testdata/pod-apply.yaml "${kube_flags[@]:?}" # Post-Condition: label still has initial value kube::test::get_object_assert 'pods test-pod' "{{${labels_field:?}.name}}" 'test-pod-label' # Ensure dry-run doesn't persist change resourceVersion=$(kubectl get "${kube_flags[@]:?}" -f hack/testdata/pod.yaml -o go-template='{{ .metadata.resourceVersion }}') kube::test::if_has_string "${resourceVersion}" "${initialResourceVersion}" # clean-up kubectl delete -f hack/testdata/pod.yaml "${kube_flags[@]:?}" ## kubectl apply upgrade # Pre-Condition: no POD exists kube::test::get_object_assert pods "{{range.items}}{{${id_field:?}}}:{{end}}" '' kube::log::status "Testing upgrade kubectl client-side apply to server-side apply" # run client-side apply kubectl apply -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # test upgrade does not work with non-standard server-side apply field manager ! kubectl apply --server-side --field-manager="not-kubectl" -f hack/testdata/pod-apply.yaml "${kube_flags[@]:?}" || exit 1 # test upgrade from client-side apply to server-side apply kubectl apply --server-side -f hack/testdata/pod-apply.yaml "${kube_flags[@]:?}" # Post-Condition: pod "test-pod" has configuration annotation grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get pods test-pod -o yaml "${kube_flags[@]:?}")" output_message=$(kubectl apply view-last-applied pod/test-pod -o json 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" '"name": "test-pod-applied"' kube::log::status "Testing downgrade kubectl server-side apply to client-side apply" # test downgrade from server-side apply to client-side apply kubectl apply --server-side -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # Post-Condition: pod "test-pod" has configuration annotation grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get pods test-pod -o yaml "${kube_flags[@]:?}")" output_message=$(kubectl apply view-last-applied pod/test-pod -o json 2>&1 "${kube_flags[@]:?}") kube::test::if_has_string "${output_message}" '"name": "test-pod-label"' kubectl apply -f hack/testdata/pod-apply.yaml "${kube_flags[@]:?}" # clean-up kubectl delete -f hack/testdata/pod.yaml "${kube_flags[@]:?}" # Test apply migration # Create a configmap in the cluster with client-side apply: output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side=false -f - << __EOF__ apiVersion: v1 kind: ConfigMap metadata: name: test data: key: value legacy: unused __EOF__ ) kube::test::if_has_string "${output_message}" 'configmap/test created' # Apply the same manifest with --server-side flag, as per server-side-apply migration instructions: output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side -f - << __EOF__ apiVersion: v1 kind: ConfigMap metadata: name: test data: key: value legacy: unused __EOF__ ) kube::test::if_has_string "${output_message}" 'configmap/test serverside-applied' # Apply the object a third time using server-side-apply, but this time removing # a field and adding a field. Old versions of kubectl would not allow the field # to be removed output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side -f - << __EOF__ apiVersion: v1 kind: ConfigMap metadata: name: test data: key: value ssaKey: ssaValue __EOF__ ) kube::test::if_has_string "${output_message}" 'configmap/test serverside-applied' # Fetch the object and check to see that it does not have a field 'legacy' kube::test::get_object_assert "configmap test" "{{ .data.key }}" 'value' kube::test::get_object_assert "configmap test" "{{ .data.legacy }}" '' kube::test::get_object_assert "configmap test" "{{ .data.ssaKey }}" 'ssaValue' # CSA the object after it has been server-side-applied and had a field removed # Add new key with client-side-apply. Also removes the field from server-side-apply output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side=false -f - << __EOF__ apiVersion: v1 kind: ConfigMap metadata: name: test data: key: value newKey: newValue __EOF__ ) kube::test::get_object_assert "configmap test" "{{ .data.key }}" 'value' kube::test::get_object_assert "configmap test" "{{ .data.newKey }}" 'newValue' kube::test::get_object_assert "configmap test" "{{ .data.ssaKey }}" '' # SSA the object without the field added above by CSA. Show that the object # on the server has had the field removed output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side -f - << __EOF__ apiVersion: v1 kind: ConfigMap metadata: name: test data: key: value ssaKey: ssaValue __EOF__ ) # Fetch the object and check to see that it does not have a field 'newKey' kube::test::get_object_assert "configmap test" "{{ .data.key }}" 'value' kube::test::get_object_assert "configmap test" "{{ .data.newKey }}" '' kube::test::get_object_assert "configmap test" "{{ .data.ssaKey }}" 'ssaValue' # Show that kubectl diff --server-side also functions after a migration output_message=$(kubectl diff "${kube_flags[@]:?}" --server-side -f - << __EOF__ || test $? -eq 1 apiVersion: v1 kind: ConfigMap metadata: name: test annotations: newAnnotation: newValue data: key: value newKey: newValue __EOF__ ) kube::test::if_has_string "${output_message}" '+ newKey: newValue' kube::test::if_has_string "${output_message}" '+ newAnnotation: newValue' # clean-up kubectl "${kube_flags[@]:?}" delete configmap test ## Test to show that supplying a custom field manager to kubectl apply # does not prevent migration from client-side-apply to server-side-apply output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side=false --field-manager=myfm -f - << __EOF__ apiVersion: v1 data: key: value1 legacy: value2 kind: ConfigMap metadata: name: ssa-test __EOF__ ) kube::test::if_has_string "$output_message" "configmap/ssa-test created" kube::test::get_object_assert "configmap ssa-test" "{{ .data.key }}" 'value1' # show that after client-side applying with a custom field manager, the # last-applied-annotation is present grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get configmap ssa-test -o yaml "${kube_flags[@]:?}")" # Migrate to server-side-apply by applying the same object output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side=true --field-manager=myfm -f - << __EOF__ apiVersion: v1 data: key: value1 legacy: value2 kind: ConfigMap metadata: name: ssa-test __EOF__ ) kube::test::if_has_string "$output_message" "configmap/ssa-test serverside-applied" kube::test::get_object_assert "configmap ssa-test" "{{ .data.key }}" 'value1' # show that after migrating to SSA with a custom field manager, the # last-applied-annotation is dropped ! grep -q kubectl.kubernetes.io/last-applied-configuration <<< "$(kubectl get configmap ssa-test -o yaml "${kube_flags[@]:?}")" || exit 1 # Change a field without having any conflict and also drop a field in the same patch output_message=$(kubectl "${kube_flags[@]:?}" apply --server-side=true --field-manager=myfm -f - << __EOF__ apiVersion: v1 data: key: value2 kind: ConfigMap metadata: name: ssa-test __EOF__ ) kube::test::if_has_string "$output_message" "configmap/ssa-test serverside-applied" kube::test::get_object_assert "configmap ssa-test" "{{ .data.key }}" 'value2' kube::test::get_object_assert "configmap ssa-test" "{{ .data.legacy }}" '' # Clean up kubectl delete configmap ssa-test ## kubectl apply dry-run on CR # Create CRD kubectl "${kube_flags_with_token[@]}" create -f - << __EOF__ { "kind": "CustomResourceDefinition", "apiVersion": "apiextensions.k8s.io/v1", "metadata": { "name": "resources.mygroup.example.com" }, "spec": { "group": "mygroup.example.com", "scope": "Namespaced", "names": { "plural": "resources", "singular": "resource", "kind": "Kind", "listKind": "KindList" }, "versions": [ { "name": "v1alpha1", "served": true, "storage": true, "schema": { "openAPIV3Schema": { "x-kubernetes-preserve-unknown-fields": true, "type": "object" } } } ] } } __EOF__ # Ensure the API server has recognized and started serving the associated CR API local tries=5 for i in $(seq 1 $tries); do local output output=$(kubectl "${kube_flags[@]:?}" api-resources --api-group mygroup.example.com -oname || true) if kube::test::if_has_string "$output" resources.mygroup.example.com; then break fi echo "${i}: Waiting for CR API to be available" sleep "$i" done # Dry-run create the CR kubectl "${kube_flags[@]:?}" apply --server-side --dry-run=server -f hack/testdata/CRD/resource.yaml "${kube_flags[@]:?}" # Make sure that the CR doesn't exist ! kubectl "${kube_flags[@]:?}" get resource/myobj 2>/dev/null || exit 1 # clean-up kubectl "${kube_flags[@]:?}" delete customresourcedefinition resources.mygroup.example.com set +o nounset set +o errexit }