sigs.k8s.io/gateway-api@v1.0.0/hack/verify-crds-kind.sh (about)

     1  #!/bin/bash
     2  
     3  # Copyright 2020 The Kubernetes Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  set -o nounset
    18  set -o pipefail
    19  
    20  readonly GO111MODULE="on"
    21  readonly GOFLAGS="-mod=readonly"
    22  readonly GOPATH="$(mktemp -d)"
    23  readonly CLUSTER_NAME="verify-gateway-api"
    24  readonly LOCAL_IMAGE="registry.k8s.io/gateway-api/admission-server:latest"
    25  
    26  export KUBECONFIG="${GOPATH}/.kubeconfig"
    27  export GOFLAGS GO111MODULE GOPATH
    28  export PATH="${GOPATH}/bin:${PATH}"
    29  
    30  # Cleanup logic for cleanup on exit
    31  CLEANED_UP=false
    32  cleanup() {
    33    if [ "$CLEANED_UP" = "true" ]; then
    34      return
    35    fi
    36  
    37    rm -f config/webhook/kustomization.yaml
    38  
    39    if [ "${KIND_CREATE_ATTEMPTED:-}" = true ]; then
    40      kind delete cluster --name "${CLUSTER_NAME}" || true
    41    fi
    42    CLEANED_UP=true
    43  }
    44  
    45  trap cleanup INT TERM EXIT
    46  
    47  # For exit code
    48  res=0
    49  
    50  # Install kind
    51  (cd $GOPATH && go install sigs.k8s.io/kind@v0.20.0) || res=$?
    52  
    53  # Create cluster
    54  KIND_CREATE_ATTEMPTED=true
    55  kind create cluster --name "${CLUSTER_NAME}"
    56  
    57  # Verify CEL validations before installing webhook.
    58  for CHANNEL in experimental standard; do
    59    # Install CRDs.
    60    kubectl apply -f "config/crd/${CHANNEL}/gateway*.yaml"
    61  
    62    # Run tests.
    63    go test -v -timeout=120s -count=1 --tags ${CHANNEL} sigs.k8s.io/gateway-api/pkg/test/cel || res=$?
    64  
    65    # Delete CRDs to reset environment.
    66    kubectl delete -f "config/crd/${CHANNEL}/gateway*.yaml"
    67  done
    68  
    69  # Temporary workaround for https://github.com/kubernetes/kubernetes/issues/104090
    70  sleep 8
    71  
    72  ## Check using example YAMLs as well
    73  ## with _only_ CEL validation
    74  
    75  
    76  for CHANNEL in experimental standard; do
    77    ##### Test valid CRD apply and that invalid examples are invalid.
    78    # Install CRDs
    79    kubectl apply -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
    80  
    81    # Temporary workaround for https://github.com/kubernetes/kubernetes/issues/104090
    82    sleep 8
    83  
    84    kubectl apply --recursive -f examples/standard || res=$?
    85  
    86    # Install all experimental example gateway-api resources when experimental mode is enabled
    87    if [[ "${CHANNEL}" == "experimental" ]]; then
    88      echo "Experimental mode enabled: deploying experimental examples"
    89      kubectl apply --recursive -f examples/experimental || res=$?
    90    fi
    91  
    92    # Find all our invalid examples and check them one by one.
    93    # This lets us check the output in a cleaner way than a grep pipeline.
    94    for file in $(find hack/invalid-examples -name "*.yaml"); do
    95      # Don't check alpha resources in Standard checks
    96      if [[ "$file" =~ "experimental" && "$CHANNEL" == "standard" ]]; then
    97        continue
    98      fi
    99  
   100      KUBECTL_OUTPUT=$(kubectl apply -f "$file" 2>&1)
   101  
   102      if [[ \
   103            ! ("$KUBECTL_OUTPUT" =~ "is invalid") && \
   104            ! ("$KUBECTL_OUTPUT" =~ "missing required field") &&  \
   105            ! ("$KUBECTL_OUTPUT" =~ "denied the request") && \
   106            ! ("$KUBECTL_OUTPUT" =~ "Invalid value") \
   107            ]]; then
   108        res=2
   109        cat<<EOF
   110  
   111  Error: Example $file in channel $CHANNEL failed in an unexpected way with CEL validation.
   112  $KUBECTL_OUTPUT
   113  EOF
   114      else
   115      echo "Example $file in channel $CHANNEL failed as expected with CEL validation."
   116      fi
   117  
   118    done
   119    kubectl delete -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
   120  done
   121  
   122  ###
   123  # This section and below can be REMOVED once the webhook is removed.
   124  ###
   125  # Install webhook and check the _invalid_ examples again.
   126  cat <<EOF >config/webhook/kustomization.yaml
   127  resources:
   128    - 0-namespace.yaml
   129    - certificate_config.yaml
   130    - admission_webhook.yaml
   131  patches:
   132    - patch: |-
   133        - op: replace
   134          path: /spec/template/spec/containers/0/image
   135          value: ${LOCAL_IMAGE}
   136        - op: replace
   137          path: /spec/template/spec/containers/0/imagePullPolicy
   138          value: IfNotPresent
   139      target:
   140        group: apps
   141        version: v1
   142        kind: Deployment
   143        name: gateway-api-admission-server
   144  EOF
   145  
   146  
   147  
   148  docker build -t ${LOCAL_IMAGE} -f docker/Dockerfile.webhook .
   149  kind load docker-image ${LOCAL_IMAGE} --name "${CLUSTER_NAME}"
   150  kubectl apply -k config/webhook/
   151  
   152  # Wait for webhook to be ready
   153  for check in {1..10}; do
   154    sleep 5
   155    NUM_COMPLETED=$(kubectl get po -n gateway-system | grep Completed | wc -l | xargs || echo Failed to get completed Pods)
   156    if [ "${NUM_COMPLETED}" = "2" ]; then
   157      echo "Webhook successfully configured"
   158      break
   159    elif [ "${check}" = "10" ]; then
   160      echo "Timed out waiting for webhook setup to complete"
   161      cleanup
   162      exit 1
   163    fi
   164    echo "Webhook not ready yet, will check again in 5 seconds"
   165  done
   166  
   167  for CHANNEL in experimental standard; do
   168    ##### Test valid CRD apply and that invalid examples are invalid.
   169    # Install CRDs
   170    kubectl apply -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
   171  
   172    # Temporary workaround for https://github.com/kubernetes/kubernetes/issues/104090
   173    sleep 8
   174  
   175    # Note that we skip the working examples since we did them already with
   176    # just CEL validation.
   177  
   178    for file in $(find hack/invalid-examples -name "*.yaml"); do
   179      # Don't check alpha resources in Standard checks
   180      if [[ "$file" =~ "experimental" && "$CHANNEL" == "standard" ]]; then
   181        continue
   182      fi
   183  
   184      KUBECTL_OUTPUT=$(kubectl apply -f "$file" 2>&1)
   185  
   186      if [[ \
   187            ! ("$KUBECTL_OUTPUT" =~ "is invalid") && \
   188            ! ("$KUBECTL_OUTPUT" =~ "missing required field") &&  \
   189            ! ("$KUBECTL_OUTPUT" =~ "denied the request") && \
   190            ! ("$KUBECTL_OUTPUT" =~ "Invalid value") \
   191            ]]; then
   192        res=2
   193        cat<<EOF
   194  
   195  Error: Example $file in channel $CHANNEL failed in an unexpected way with webhook validation.
   196  $KUBECTL_OUTPUT
   197  EOF
   198      else
   199      echo "Example $file in channel $CHANNEL failed as expected with webhook validation."
   200      fi
   201  
   202    done
   203    kubectl delete -f "config/crd/${CHANNEL}/gateway*.yaml" || res=$?
   204  done
   205  
   206  ### We've trapped EXIT with cleanup(), so just exit with what we've got.
   207  exit $res