github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kubelet: Support ClusterTrustBundlePEM projections

Browse Source
This commit is contained in:
Taahir Ahmed
2022-10-21 23:13:42 -07:00
parent e83baddbb1
commit 1ebe5774d0
17 changed files with 1322 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
pkg/api/pod/util_test.go
View File

@@ -3237,3 +3237,156 @@ func TestMarkPodProposedForResize(t *testing.T) {
})
}
}
func TestDropClusterTrustBundleProjectedVolumes(t *testing.T) {
testCases := []struct {
description string
clusterTrustBundleProjectionEnabled bool
oldPod *api.PodSpec
newPod *api.PodSpec
wantPod *api.PodSpec
}{
{
description: "feature gate disabled, cannot add CTB volume to pod",
oldPod: &api.PodSpec{
Volumes: []api.Volume{},
},
newPod: &api.PodSpec{
Volumes: []api.Volume{
{
Name: "foo",
VolumeSource: api.VolumeSource{
Projected: &api.ProjectedVolumeSource{
Sources: []api.VolumeProjection{
{
ClusterTrustBundle: &api.ClusterTrustBundleProjection{
Name: pointer.String("foo"),
},
},
},
}},
},
},
},
wantPod: &api.PodSpec{
Volumes: []api.Volume{
{
Name: "foo",
VolumeSource: api.VolumeSource{
Projected: &api.ProjectedVolumeSource{
Sources: []api.VolumeProjection{
{},
},
}},
},
},
},
},
{
description: "feature gate disabled, can keep CTB volume on pod",
oldPod: &api.PodSpec{
Volumes: []api.Volume{
{
Name: "foo",
VolumeSource: api.VolumeSource{
Projected: &api.ProjectedVolumeSource{
Sources: []api.VolumeProjection{
{
ClusterTrustBundle: &api.ClusterTrustBundleProjection{
Name: pointer.String("foo"),
},
},
},
}},
},
},
},
newPod: &api.PodSpec{
Volumes: []api.Volume{
{
Name: "foo",
VolumeSource: api.VolumeSource{
Projected: &api.ProjectedVolumeSource{
Sources: []api.VolumeProjection{
{
ClusterTrustBundle: &api.ClusterTrustBundleProjection{
Name: pointer.String("foo"),
},
},
},
}},
},
},
},
wantPod: &api.PodSpec{
Volumes: []api.Volume{
{
Name: "foo",
VolumeSource: api.VolumeSource{
Projected: &api.ProjectedVolumeSource{
Sources: []api.VolumeProjection{
{
ClusterTrustBundle: &api.ClusterTrustBundleProjection{
Name: pointer.String("foo"),
},
},
},
}},
},
},
},
},
{
description: "feature gate enabled, can add CTB volume to pod",
clusterTrustBundleProjectionEnabled: true,
oldPod: &api.PodSpec{
Volumes: []api.Volume{},
},
newPod: &api.PodSpec{
Volumes: []api.Volume{
{
Name: "foo",
VolumeSource: api.VolumeSource{
Projected: &api.ProjectedVolumeSource{
Sources: []api.VolumeProjection{
{
ClusterTrustBundle: &api.ClusterTrustBundleProjection{
Name: pointer.String("foo"),
},
},
},
}},
},
},
},
wantPod: &api.PodSpec{
Volumes: []api.Volume{
{
Name: "foo",
VolumeSource: api.VolumeSource{
Projected: &api.ProjectedVolumeSource{
Sources: []api.VolumeProjection{
{
ClusterTrustBundle: &api.ClusterTrustBundleProjection{
Name: pointer.String("foo"),
},
},
},
}},
},
},
},
},
}
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ClusterTrustBundleProjection, tc.clusterTrustBundleProjectionEnabled)()
dropDisabledClusterTrustBundleProjection(tc.newPod, tc.oldPod)
if diff := cmp.Diff(tc.newPod, tc.wantPod); diff != "" {
t.Fatalf("Unexpected modification to new pod; diff (-got +want)\n%s", diff)
}
})
}
}