fd788f3476
The previously existing e2e GMSA test really only tests a small part of the whole GMSA set up process, namely that once the API has inlined the GMSA contents in the pod's spec, and sent that to a worker's kubelet, then the kubelet passes that down to the runtime. This new test, in contrast, really tests the whole thing, i.e. deploying the admission webhook, then deploying a GMSA custom resource, and using that resource within a pod. The downside of this test though, is that it does need to make a lot of assumptions about the cluster it runs against, notably that it runs on a worker node that's already been joined to a working Active Directory domain (there are other assumptions, all documented at the beginning of the test file); for that reason, it is only intended to ever be run against an AKS cluster with the custom AKS extension from https://github.com/kubernetes-sigs/windows-testing/pull/98. Note that this test doesn't aim at testing every edge-case, such as a pod trying to use a GMSA it doesn't have access to; the webhook has its own tests for these. This test's goal is to ensure the happy path doesn't break. Signed-off-by: Jean Rouge <rougej+github@gmail.com>
1.2 KiB
1.2 KiB