Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update PodDisruptionBudget to policy/v1 #397

Merged
merged 32 commits into from
Apr 6, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
5f89535
update policy/v1beta to policy/v1 for kubernetes v1.25 support
jcarrig Mar 16, 2023
e56a747
trigger workflows
jcarrig Mar 16, 2023
bc5758d
Revert "update policy/v1beta to policy/v1 for kubernetes v1.25 support"
jcarrig Mar 16, 2023
604214c
Revert "Revert "update policy/v1beta to policy/v1 for kubernetes v1.2…
jcarrig Mar 16, 2023
c8bf1e8
change kube version to v1.24.11
jcarrig Mar 16, 2023
0e2bd4a
more logs in apiserver
jcarrig Mar 16, 2023
4cf5b3c
remove --insecure-port
jcarrig Mar 16, 2023
5c08a1e
add required flags
jcarrig Mar 16, 2023
6ca61ab
syntax
jcarrig Mar 16, 2023
47a79ed
use data dir
jcarrig Mar 16, 2023
aa62f61
short circuit test
jcarrig Mar 16, 2023
75c64ff
only try to start api server
jcarrig Mar 16, 2023
f0ae685
use abac auth
jcarrig Mar 16, 2023
10714bd
config set-context
jcarrig Mar 16, 2023
bfda9c2
try with anonymous user
jcarrig Mar 16, 2023
56f8e7d
try with equals
jcarrig Mar 16, 2023
aa1e5cb
fix args
jcarrig Mar 16, 2023
d405bd4
start etcd
jcarrig Mar 16, 2023
0b36365
revert issuer
jcarrig Mar 16, 2023
a137396
add docker images
jcarrig Mar 17, 2023
1c9323b
add script to start etcd
jcarrig Mar 17, 2023
186645b
add kube-apiserver-up
jcarrig Mar 17, 2023
030800d
move into folder and add readme
jcarrig Mar 17, 2023
a028ac7
see if test passes
jcarrig Mar 17, 2023
4743242
test again
jcarrig Mar 17, 2023
d6fdb77
run tests
jcarrig Mar 17, 2023
ba05768
cleanup cmdline kubectl
jcarrig Mar 17, 2023
bdb47e5
cleanup
jcarrig Mar 17, 2023
5b89a25
more cleanup
jcarrig Mar 17, 2023
e4f183d
generate random token
jcarrig Mar 17, 2023
e892279
update readme and k8s version to v1.25.8
jcarrig Mar 20, 2023
ba29c75
Merge remote-tracking branch 'origin/main' into jcarrig/main
frouioui Apr 6, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
use abac auth
Signed-off-by: Jack Carrig <[email protected]>
  • Loading branch information
jcarrig committed Mar 17, 2023
commit f0ae685873742f5d3a28ba153396f97ec9d3733a
15 changes: 15 additions & 0 deletions test/integration/framework/apiserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,19 @@ func startApiserver() (func(), error) {
}
klog.Infof("storing kube-apiserver data in: %v", apiserverDataDir)

authPolicy := `{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubecfg", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kube-proxy", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kube", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"system:controller_manager", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"system:dns", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"system:logging", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"system:monitoring", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"system:scheduler", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"system:serviceaccount:kube-system:default", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}`
os.WriteFile(fmt.Sprintf("%s/auth-policy.json",apiserverDataDir), []byte(authPolicy), 0644)

ctx, cancel := context.WithCancel(context.Background())
cmd := exec.CommandContext(
ctx,
Expand All @@ -78,6 +91,8 @@ func startApiserver() (func(), error) {
"--service-account-issuer", "https://kubernetes.default.svc.cluster.local",
"--service-account-key-file", fmt.Sprintf("%s/apiserver.crt", apiserverDataDir),
"--service-account-signing-key-file", fmt.Sprintf("%s/apiserver.key", apiserverDataDir),
"--authorization-policy-file", fmt.Sprintf("%s/auth-policy.json",apiserverDataDir),
"--authorization-mode", "ABAC",
)

// Uncomment these to see kube-apiserver output in test logs.
Expand Down
3 changes: 2 additions & 1 deletion test/integration/framework/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,6 @@ func testMain(tests func() int) error {
klog.Info("Waiting for kube-apiserver to be ready...")
start := time.Now()
for {
klog.Info("checking kubectl version")
out, kubectlErr := execKubectl("version")
if kubectlErr == nil {
break
Expand All @@ -140,6 +139,8 @@ func testMain(tests func() int) error {
time.Sleep(time.Second)
}

klog.Info("kube-apiserver is ready!")

return nil

if out, err := execKubectlStdin(strings.NewReader(defaultNamespace), "apply", "-f", "-"); err != nil {
Expand Down