podspec_mutation_test.go 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591
  1. /*
  2. Copyright 2017 The Kubernetes Authors.
  3. Licensed under the Apache License, Version 2.0 (the "License");
  4. you may not use this file except in compliance with the License.
  5. You may obtain a copy of the License at
  6. http://www.apache.org/licenses/LICENSE-2.0
  7. Unless required by applicable law or agreed to in writing, software
  8. distributed under the License is distributed on an "AS IS" BASIS,
  9. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  10. See the License for the specific language governing permissions and
  11. limitations under the License.
  12. */
  13. package selfhosting
  14. import (
  15. "reflect"
  16. "sort"
  17. "testing"
  18. v1 "k8s.io/api/core/v1"
  19. kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
  20. )
  21. func TestMutatePodSpec(t *testing.T) {
  22. var tests = []struct {
  23. name string
  24. component string
  25. podSpec *v1.PodSpec
  26. expected v1.PodSpec
  27. }{
  28. {
  29. name: "mutate api server podspec",
  30. component: kubeadmconstants.KubeAPIServer,
  31. podSpec: &v1.PodSpec{
  32. Containers: []v1.Container{
  33. {
  34. Name: "kube-apiserver",
  35. Command: []string{
  36. "--advertise-address=10.0.0.1",
  37. },
  38. },
  39. },
  40. },
  41. expected: v1.PodSpec{
  42. Containers: []v1.Container{
  43. {
  44. Name: "kube-apiserver",
  45. Command: []string{
  46. "--advertise-address=$(HOST_IP)",
  47. },
  48. Env: []v1.EnvVar{
  49. {
  50. Name: "HOST_IP",
  51. ValueFrom: &v1.EnvVarSource{
  52. FieldRef: &v1.ObjectFieldSelector{
  53. FieldPath: "status.hostIP",
  54. },
  55. },
  56. },
  57. },
  58. },
  59. },
  60. NodeSelector: map[string]string{
  61. kubeadmconstants.LabelNodeRoleMaster: "",
  62. },
  63. Tolerations: []v1.Toleration{
  64. kubeadmconstants.ControlPlaneToleration,
  65. },
  66. DNSPolicy: v1.DNSClusterFirstWithHostNet,
  67. },
  68. },
  69. {
  70. name: "mutate controller manager podspec",
  71. component: kubeadmconstants.KubeControllerManager,
  72. podSpec: &v1.PodSpec{},
  73. expected: v1.PodSpec{
  74. NodeSelector: map[string]string{
  75. kubeadmconstants.LabelNodeRoleMaster: "",
  76. },
  77. Tolerations: []v1.Toleration{
  78. kubeadmconstants.ControlPlaneToleration,
  79. },
  80. DNSPolicy: v1.DNSClusterFirstWithHostNet,
  81. },
  82. },
  83. {
  84. name: "mutate scheduler podspec",
  85. component: kubeadmconstants.KubeScheduler,
  86. podSpec: &v1.PodSpec{},
  87. expected: v1.PodSpec{
  88. NodeSelector: map[string]string{
  89. kubeadmconstants.LabelNodeRoleMaster: "",
  90. },
  91. Tolerations: []v1.Toleration{
  92. kubeadmconstants.ControlPlaneToleration,
  93. },
  94. DNSPolicy: v1.DNSClusterFirstWithHostNet,
  95. },
  96. },
  97. }
  98. for _, rt := range tests {
  99. t.Run(rt.name, func(t *testing.T) {
  100. mutatePodSpec(GetDefaultMutators(), rt.component, rt.podSpec)
  101. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  102. t.Errorf("failed mutatePodSpec:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  103. }
  104. })
  105. }
  106. }
  107. func TestAddNodeSelectorToPodSpec(t *testing.T) {
  108. var tests = []struct {
  109. name string
  110. podSpec *v1.PodSpec
  111. expected v1.PodSpec
  112. }{
  113. {
  114. name: "empty podspec",
  115. podSpec: &v1.PodSpec{},
  116. expected: v1.PodSpec{
  117. NodeSelector: map[string]string{
  118. kubeadmconstants.LabelNodeRoleMaster: "",
  119. },
  120. },
  121. },
  122. {
  123. name: "podspec with a valid node selector",
  124. podSpec: &v1.PodSpec{
  125. NodeSelector: map[string]string{
  126. "foo": "bar",
  127. },
  128. },
  129. expected: v1.PodSpec{
  130. NodeSelector: map[string]string{
  131. "foo": "bar",
  132. kubeadmconstants.LabelNodeRoleMaster: "",
  133. },
  134. },
  135. },
  136. }
  137. for _, rt := range tests {
  138. t.Run(rt.name, func(t *testing.T) {
  139. addNodeSelectorToPodSpec(rt.podSpec)
  140. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  141. t.Errorf("failed addNodeSelectorToPodSpec:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  142. }
  143. })
  144. }
  145. }
  146. func TestSetControlPlaneTolerationOnPodSpec(t *testing.T) {
  147. var tests = []struct {
  148. name string
  149. podSpec *v1.PodSpec
  150. expected v1.PodSpec
  151. }{
  152. {
  153. name: "empty podspec",
  154. podSpec: &v1.PodSpec{},
  155. expected: v1.PodSpec{
  156. Tolerations: []v1.Toleration{
  157. kubeadmconstants.ControlPlaneToleration,
  158. },
  159. },
  160. },
  161. {
  162. name: "podspec with a valid toleration",
  163. podSpec: &v1.PodSpec{
  164. Tolerations: []v1.Toleration{
  165. {Key: "foo", Value: "bar"},
  166. },
  167. },
  168. expected: v1.PodSpec{
  169. Tolerations: []v1.Toleration{
  170. {Key: "foo", Value: "bar"},
  171. kubeadmconstants.ControlPlaneToleration,
  172. },
  173. },
  174. },
  175. }
  176. for _, rt := range tests {
  177. t.Run(rt.name, func(t *testing.T) {
  178. setControlPlaneTolerationOnPodSpec(rt.podSpec)
  179. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  180. t.Errorf("failed setControlPlaneTolerationOnPodSpec:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  181. }
  182. })
  183. }
  184. }
  185. func TestSetRightDNSPolicyOnPodSpec(t *testing.T) {
  186. var tests = []struct {
  187. name string
  188. podSpec *v1.PodSpec
  189. expected v1.PodSpec
  190. }{
  191. {
  192. name: "empty podspec",
  193. podSpec: &v1.PodSpec{},
  194. expected: v1.PodSpec{
  195. DNSPolicy: v1.DNSClusterFirstWithHostNet,
  196. },
  197. },
  198. {
  199. name: "podspec with a v1.DNSClusterFirst policy",
  200. podSpec: &v1.PodSpec{
  201. DNSPolicy: v1.DNSClusterFirst,
  202. },
  203. expected: v1.PodSpec{
  204. DNSPolicy: v1.DNSClusterFirstWithHostNet,
  205. },
  206. },
  207. }
  208. for _, rt := range tests {
  209. t.Run(rt.name, func(t *testing.T) {
  210. setRightDNSPolicyOnPodSpec(rt.podSpec)
  211. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  212. t.Errorf("failed setRightDNSPolicyOnPodSpec:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  213. }
  214. })
  215. }
  216. }
  217. func TestSetHostIPOnPodSpec(t *testing.T) {
  218. var tests = []struct {
  219. name string
  220. podSpec *v1.PodSpec
  221. expected v1.PodSpec
  222. }{
  223. {
  224. name: "set HOST_IP env var on a podspec",
  225. podSpec: &v1.PodSpec{
  226. Containers: []v1.Container{
  227. {
  228. Name: "kube-apiserver",
  229. Command: []string{
  230. "--advertise-address=10.0.0.1",
  231. },
  232. Env: []v1.EnvVar{},
  233. },
  234. },
  235. },
  236. expected: v1.PodSpec{
  237. Containers: []v1.Container{
  238. {
  239. Name: "kube-apiserver",
  240. Command: []string{
  241. "--advertise-address=$(HOST_IP)",
  242. },
  243. Env: []v1.EnvVar{
  244. {
  245. Name: "HOST_IP",
  246. ValueFrom: &v1.EnvVarSource{
  247. FieldRef: &v1.ObjectFieldSelector{
  248. FieldPath: "status.hostIP",
  249. },
  250. },
  251. },
  252. },
  253. },
  254. },
  255. },
  256. },
  257. }
  258. for _, rt := range tests {
  259. t.Run(rt.name, func(t *testing.T) {
  260. setHostIPOnPodSpec(rt.podSpec)
  261. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  262. t.Errorf("failed setHostIPOnPodSpec:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  263. }
  264. })
  265. }
  266. }
  267. func TestSetSelfHostedVolumesForAPIServer(t *testing.T) {
  268. hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
  269. var tests = []struct {
  270. name string
  271. podSpec *v1.PodSpec
  272. expected v1.PodSpec
  273. }{
  274. {
  275. name: "set selfhosted volumes for api server",
  276. podSpec: &v1.PodSpec{
  277. Containers: []v1.Container{
  278. {
  279. VolumeMounts: []v1.VolumeMount{
  280. {
  281. Name: "ca-certs",
  282. MountPath: "/etc/ssl/certs",
  283. },
  284. {
  285. Name: "k8s-certs",
  286. MountPath: "/etc/kubernetes/pki",
  287. },
  288. },
  289. Command: []string{
  290. "--foo=bar",
  291. },
  292. },
  293. },
  294. Volumes: []v1.Volume{
  295. {
  296. Name: "ca-certs",
  297. VolumeSource: v1.VolumeSource{
  298. HostPath: &v1.HostPathVolumeSource{
  299. Path: "/etc/ssl/certs",
  300. Type: &hostPathDirectoryOrCreate,
  301. },
  302. },
  303. },
  304. {
  305. Name: "k8s-certs",
  306. VolumeSource: v1.VolumeSource{
  307. HostPath: &v1.HostPathVolumeSource{
  308. Path: "/etc/kubernetes/pki",
  309. Type: &hostPathDirectoryOrCreate,
  310. },
  311. },
  312. },
  313. },
  314. },
  315. expected: v1.PodSpec{
  316. Containers: []v1.Container{
  317. {
  318. VolumeMounts: []v1.VolumeMount{
  319. {
  320. Name: "ca-certs",
  321. MountPath: "/etc/ssl/certs",
  322. },
  323. {
  324. Name: "k8s-certs",
  325. MountPath: "/etc/kubernetes/pki",
  326. },
  327. },
  328. Command: []string{
  329. "--foo=bar",
  330. },
  331. },
  332. },
  333. Volumes: []v1.Volume{
  334. {
  335. Name: "ca-certs",
  336. VolumeSource: v1.VolumeSource{
  337. HostPath: &v1.HostPathVolumeSource{
  338. Path: "/etc/ssl/certs",
  339. Type: &hostPathDirectoryOrCreate,
  340. },
  341. },
  342. },
  343. {
  344. Name: "k8s-certs",
  345. VolumeSource: apiServerCertificatesVolumeSource(),
  346. },
  347. },
  348. },
  349. },
  350. }
  351. for _, rt := range tests {
  352. t.Run(rt.name, func(t *testing.T) {
  353. setSelfHostedVolumesForAPIServer(rt.podSpec)
  354. sort.Strings(rt.podSpec.Containers[0].Command)
  355. sort.Strings(rt.expected.Containers[0].Command)
  356. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  357. t.Errorf("failed setSelfHostedVolumesForAPIServer:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  358. }
  359. })
  360. }
  361. }
  362. func TestSetSelfHostedVolumesForControllerManager(t *testing.T) {
  363. hostPathFileOrCreate := v1.HostPathFileOrCreate
  364. hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
  365. var tests = []struct {
  366. name string
  367. podSpec *v1.PodSpec
  368. expected v1.PodSpec
  369. }{
  370. {
  371. name: "set selfhosted volumes for controller mananger",
  372. podSpec: &v1.PodSpec{
  373. Containers: []v1.Container{
  374. {
  375. VolumeMounts: []v1.VolumeMount{
  376. {
  377. Name: "ca-certs",
  378. MountPath: "/etc/ssl/certs",
  379. },
  380. {
  381. Name: "k8s-certs",
  382. MountPath: "/etc/kubernetes/pki",
  383. },
  384. {
  385. Name: "kubeconfig",
  386. MountPath: "/etc/kubernetes/controller-manager.conf",
  387. },
  388. },
  389. Command: []string{
  390. "--kubeconfig=/etc/kubernetes/controller-manager.conf",
  391. "--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf",
  392. "--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf",
  393. "--foo=bar",
  394. },
  395. },
  396. },
  397. Volumes: []v1.Volume{
  398. {
  399. Name: "ca-certs",
  400. VolumeSource: v1.VolumeSource{
  401. HostPath: &v1.HostPathVolumeSource{
  402. Path: "/etc/ssl/certs",
  403. Type: &hostPathDirectoryOrCreate,
  404. },
  405. },
  406. },
  407. {
  408. Name: "k8s-certs",
  409. VolumeSource: v1.VolumeSource{
  410. HostPath: &v1.HostPathVolumeSource{
  411. Path: "/etc/kubernetes/pki",
  412. Type: &hostPathDirectoryOrCreate,
  413. },
  414. },
  415. },
  416. {
  417. Name: "kubeconfig",
  418. VolumeSource: v1.VolumeSource{
  419. HostPath: &v1.HostPathVolumeSource{
  420. Path: "/etc/kubernetes/controller-manager.conf",
  421. Type: &hostPathFileOrCreate,
  422. },
  423. },
  424. },
  425. },
  426. },
  427. expected: v1.PodSpec{
  428. Containers: []v1.Container{
  429. {
  430. VolumeMounts: []v1.VolumeMount{
  431. {
  432. Name: "ca-certs",
  433. MountPath: "/etc/ssl/certs",
  434. },
  435. {
  436. Name: "k8s-certs",
  437. MountPath: "/etc/kubernetes/pki",
  438. },
  439. {
  440. Name: "kubeconfig",
  441. MountPath: "/etc/kubernetes/kubeconfig",
  442. },
  443. },
  444. Command: []string{
  445. "--kubeconfig=/etc/kubernetes/kubeconfig/controller-manager.conf",
  446. "--authentication-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager.conf",
  447. "--authorization-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager.conf",
  448. "--foo=bar",
  449. },
  450. },
  451. },
  452. Volumes: []v1.Volume{
  453. {
  454. Name: "ca-certs",
  455. VolumeSource: v1.VolumeSource{
  456. HostPath: &v1.HostPathVolumeSource{
  457. Path: "/etc/ssl/certs",
  458. Type: &hostPathDirectoryOrCreate,
  459. },
  460. },
  461. },
  462. {
  463. Name: "k8s-certs",
  464. VolumeSource: controllerManagerCertificatesVolumeSource(),
  465. },
  466. {
  467. Name: "kubeconfig",
  468. VolumeSource: kubeConfigVolumeSource(kubeadmconstants.ControllerManagerKubeConfigFileName),
  469. },
  470. },
  471. },
  472. },
  473. }
  474. for _, rt := range tests {
  475. t.Run(rt.name, func(t *testing.T) {
  476. setSelfHostedVolumesForControllerManager(rt.podSpec)
  477. sort.Strings(rt.podSpec.Containers[0].Command)
  478. sort.Strings(rt.expected.Containers[0].Command)
  479. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  480. t.Errorf("failed setSelfHostedVolumesForControllerManager:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  481. }
  482. })
  483. }
  484. }
  485. func TestSetSelfHostedVolumesForScheduler(t *testing.T) {
  486. hostPathFileOrCreate := v1.HostPathFileOrCreate
  487. var tests = []struct {
  488. name string
  489. podSpec *v1.PodSpec
  490. expected v1.PodSpec
  491. }{
  492. {
  493. name: "set selfhosted volumes for scheduler",
  494. podSpec: &v1.PodSpec{
  495. Containers: []v1.Container{
  496. {
  497. VolumeMounts: []v1.VolumeMount{
  498. {
  499. Name: "kubeconfig",
  500. MountPath: "/etc/kubernetes/scheduler.conf",
  501. },
  502. },
  503. Command: []string{
  504. "--kubeconfig=/etc/kubernetes/scheduler.conf",
  505. "--authentication-kubeconfig=/etc/kubernetes/scheduler.conf",
  506. "--authorization-kubeconfig=/etc/kubernetes/scheduler.conf",
  507. "--foo=bar",
  508. },
  509. },
  510. },
  511. Volumes: []v1.Volume{
  512. {
  513. Name: "kubeconfig",
  514. VolumeSource: v1.VolumeSource{
  515. HostPath: &v1.HostPathVolumeSource{
  516. Path: "/etc/kubernetes/scheduler.conf",
  517. Type: &hostPathFileOrCreate,
  518. },
  519. },
  520. },
  521. },
  522. },
  523. expected: v1.PodSpec{
  524. Containers: []v1.Container{
  525. {
  526. VolumeMounts: []v1.VolumeMount{
  527. {
  528. Name: "kubeconfig",
  529. MountPath: "/etc/kubernetes/kubeconfig",
  530. },
  531. },
  532. Command: []string{
  533. "--kubeconfig=/etc/kubernetes/kubeconfig/scheduler.conf",
  534. "--authentication-kubeconfig=/etc/kubernetes/kubeconfig/scheduler.conf",
  535. "--authorization-kubeconfig=/etc/kubernetes/kubeconfig/scheduler.conf",
  536. "--foo=bar",
  537. },
  538. },
  539. },
  540. Volumes: []v1.Volume{
  541. {
  542. Name: "kubeconfig",
  543. VolumeSource: kubeConfigVolumeSource(kubeadmconstants.SchedulerKubeConfigFileName),
  544. },
  545. },
  546. },
  547. },
  548. }
  549. for _, rt := range tests {
  550. t.Run(rt.name, func(t *testing.T) {
  551. setSelfHostedVolumesForScheduler(rt.podSpec)
  552. sort.Strings(rt.podSpec.Containers[0].Command)
  553. sort.Strings(rt.expected.Containers[0].Command)
  554. if !reflect.DeepEqual(*rt.podSpec, rt.expected) {
  555. t.Errorf("failed setSelfHostedVolumesForScheduler:\nexpected:\n%v\nsaw:\n%v", rt.expected, *rt.podSpec)
  556. }
  557. })
  558. }
  559. }