1#!/bin/bash
2
3# Copyright 2020 The Kubernetes Authors.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17set -o nounset
18set -o pipefail
19
20readonly GO111MODULE="on"
21readonly GOFLAGS="-mod=readonly"
22readonly GOPATH="$(mktemp -d)"
23readonly CLUSTER_NAME="verify-gateway-api"
24readonly LOCAL_IMAGE="registry.k8s.io/gateway-api/admission-server:latest"
25
26export KUBECONFIG="${GOPATH}/.kubeconfig"
27export GOFLAGS GO111MODULE GOPATH
28export PATH="${GOPATH}/bin:${PATH}"
29
30# Cleanup logic for cleanup on exit
31CLEANED_UP=false
32cleanup() {
33 if [ "$CLEANED_UP" = "true" ]; then
34 return
35 fi
36
37 rm -f config/webhook/kustomization.yaml
38
39 if [ "${KIND_CREATE_ATTEMPTED:-}" = true ]; then
40 kind delete cluster --name "${CLUSTER_NAME}" || true
41 fi
42 CLEANED_UP=true
43}
44
45trap cleanup INT TERM EXIT
46
47# For exit code
48res=0
49
50# Install kind
51(cd $GOPATH && go install sigs.k8s.io/kind@v0.20.0) || res=$?
52
53# Create cluster
54KIND_CREATE_ATTEMPTED=true
55kind create cluster --name "${CLUSTER_NAME}"
56
57# Verify CEL validations before installing webhook.
58for CHANNEL in experimental standard; do
59 # Install CRDs.
60 kubectl apply -f "config/crd/${CHANNEL}/gateway*.yaml"
61
62 # Run tests.
63 go test -v -timeout=120s -count=1 --tags ${CHANNEL} sigs.k8s.io/gateway-api/pkg/test/cel || res=$?
64
65 # Delete CRDs to reset environment.
66 kubectl delete -f "config/crd/${CHANNEL}/gateway*.yaml"
67done
68
69# Temporary workaround for https://github.com/kubernetes/kubernetes/issues/104090
70sleep 8
71
72## Check using example YAMLs as well
73## with _only_ CEL validation
74
75
76for CHANNEL in experimental standard; do
77 ##### Test valid CRD apply and that invalid examples are invalid.
78 # Install CRDs
79 kubectl apply -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
80
81 # Temporary workaround for https://github.com/kubernetes/kubernetes/issues/104090
82 sleep 8
83
84 kubectl apply --recursive -f examples/standard || res=$?
85
86 # Install all experimental example gateway-api resources when experimental mode is enabled
87 if [[ "${CHANNEL}" == "experimental" ]]; then
88 echo "Experimental mode enabled: deploying experimental examples"
89 kubectl apply --recursive -f examples/experimental || res=$?
90 fi
91
92 # Find all our invalid examples and check them one by one.
93 # This lets us check the output in a cleaner way than a grep pipeline.
94 for file in $(find hack/invalid-examples -name "*.yaml"); do
95 # Don't check alpha resources in Standard checks
96 if [[ "$file" =~ "experimental" && "$CHANNEL" == "standard" ]]; then
97 continue
98 fi
99
100 KUBECTL_OUTPUT=$(kubectl apply -f "$file" 2>&1)
101
102 if [[ \
103 ! ("$KUBECTL_OUTPUT" =~ "is invalid") && \
104 ! ("$KUBECTL_OUTPUT" =~ "missing required field") && \
105 ! ("$KUBECTL_OUTPUT" =~ "denied the request") && \
106 ! ("$KUBECTL_OUTPUT" =~ "Invalid value") \
107 ]]; then
108 res=2
109 cat<<EOF
110
111Error: Example $file in channel $CHANNEL failed in an unexpected way with CEL validation.
112$KUBECTL_OUTPUT
113EOF
114 else
115 echo "Example $file in channel $CHANNEL failed as expected with CEL validation."
116 fi
117
118 done
119 kubectl delete -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
120done
121
122###
123# This section and below can be REMOVED once the webhook is removed.
124###
125# Install webhook and check the _invalid_ examples again.
126cat <<EOF >config/webhook/kustomization.yaml
127resources:
128 - 0-namespace.yaml
129 - certificate_config.yaml
130 - admission_webhook.yaml
131patches:
132 - patch: |-
133 - op: replace
134 path: /spec/template/spec/containers/0/image
135 value: ${LOCAL_IMAGE}
136 - op: replace
137 path: /spec/template/spec/containers/0/imagePullPolicy
138 value: IfNotPresent
139 target:
140 group: apps
141 version: v1
142 kind: Deployment
143 name: gateway-api-admission-server
144EOF
145
146
147
148docker build -t ${LOCAL_IMAGE} -f docker/Dockerfile.webhook .
149kind load docker-image ${LOCAL_IMAGE} --name "${CLUSTER_NAME}"
150kubectl apply -k config/webhook/
151
152# Wait for webhook to be ready
153for check in {1..10}; do
154 sleep 5
155 NUM_COMPLETED=$(kubectl get po -n gateway-system | grep Completed | wc -l | xargs || echo Failed to get completed Pods)
156 if [ "${NUM_COMPLETED}" = "2" ]; then
157 echo "Webhook successfully configured"
158 break
159 elif [ "${check}" = "10" ]; then
160 echo "Timed out waiting for webhook setup to complete"
161 cleanup
162 exit 1
163 fi
164 echo "Webhook not ready yet, will check again in 5 seconds"
165done
166
167for CHANNEL in experimental standard; do
168 ##### Test valid CRD apply and that invalid examples are invalid.
169 # Install CRDs
170 kubectl apply -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
171
172 # Temporary workaround for https://github.com/kubernetes/kubernetes/issues/104090
173 sleep 8
174
175 # Note that we skip the working examples since we did them already with
176 # just CEL validation.
177
178 for file in $(find hack/invalid-examples -name "*.yaml"); do
179 # Don't check alpha resources in Standard checks
180 if [[ "$file" =~ "experimental" && "$CHANNEL" == "standard" ]]; then
181 continue
182 fi
183
184 KUBECTL_OUTPUT=$(kubectl apply -f "$file" 2>&1)
185
186 if [[ \
187 ! ("$KUBECTL_OUTPUT" =~ "is invalid") && \
188 ! ("$KUBECTL_OUTPUT" =~ "missing required field") && \
189 ! ("$KUBECTL_OUTPUT" =~ "denied the request") && \
190 ! ("$KUBECTL_OUTPUT" =~ "Invalid value") \
191 ]]; then
192 res=2
193 cat<<EOF
194
195Error: Example $file in channel $CHANNEL failed in an unexpected way with webhook validation.
196$KUBECTL_OUTPUT
197EOF
198 else
199 echo "Example $file in channel $CHANNEL failed as expected with webhook validation."
200 fi
201
202 done
203 kubectl delete -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
204done
205
206### We've trapped EXIT with cleanup(), so just exit with what we've got.
207exit $res
View as plain text