Merge pull request #6284 from sslavic/handle-admission-resiliency
Improve HandleAdmission resiliency
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
e541e1879d
2 changed files with 19 additions and 4 deletions
|
|
@ -64,9 +64,6 @@ func (ia *IngressAdmission) HandleAdmission(obj runtime.Object) (runtime.Object,
|
||||||
|
|
||||||
review, isV1 := obj.(*admissionv1.AdmissionReview)
|
review, isV1 := obj.(*admissionv1.AdmissionReview)
|
||||||
|
|
||||||
status := &admissionv1.AdmissionResponse{}
|
|
||||||
status.UID = review.Request.UID
|
|
||||||
|
|
||||||
if !isV1 {
|
if !isV1 {
|
||||||
outputVersion = admissionv1beta1.SchemeGroupVersion
|
outputVersion = admissionv1beta1.SchemeGroupVersion
|
||||||
reviewv1beta1, isv1beta1 := obj.(*admissionv1beta1.AdmissionReview)
|
reviewv1beta1, isv1beta1 := obj.(*admissionv1beta1.AdmissionReview)
|
||||||
|
|
@ -79,10 +76,13 @@ func (ia *IngressAdmission) HandleAdmission(obj runtime.Object) (runtime.Object,
|
||||||
}
|
}
|
||||||
|
|
||||||
if review.Request.Resource != networkingV1Beta1Resource && review.Request.Resource != networkingV1Resource {
|
if review.Request.Resource != networkingV1Beta1Resource && review.Request.Resource != networkingV1Resource {
|
||||||
return nil, fmt.Errorf("rejecting admission review because the request does not contains an Ingress resource but %s with name %s in namespace %s",
|
return nil, fmt.Errorf("rejecting admission review because the request does not contain an Ingress resource but %s with name %s in namespace %s",
|
||||||
review.Request.Resource.String(), review.Request.Name, review.Request.Namespace)
|
review.Request.Resource.String(), review.Request.Name, review.Request.Namespace)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
status := &admissionv1.AdmissionResponse{}
|
||||||
|
status.UID = review.Request.UID
|
||||||
|
|
||||||
ingress := networking.Ingress{}
|
ingress := networking.Ingress{}
|
||||||
|
|
||||||
codec := json.NewSerializerWithOptions(json.DefaultMetaFactory, scheme, scheme, json.SerializerOptions{
|
codec := json.NewSerializerWithOptions(json.DefaultMetaFactory, scheme, scheme, json.SerializerOptions{
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@ import (
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/util/json"
|
"k8s.io/apimachinery/pkg/util/json"
|
||||||
|
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||||
)
|
)
|
||||||
|
|
||||||
const testIngressName = "testIngressName"
|
const testIngressName = "testIngressName"
|
||||||
|
|
@ -64,6 +65,20 @@ func TestHandleAdmission(t *testing.T) {
|
||||||
t.Fatalf("with a non ingress resource, the check should not pass")
|
t.Fatalf("with a non ingress resource, the check should not pass")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
result, err = adm.HandleAdmission(nil)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatalf("with a nil AdmissionReview request, the check should not pass")
|
||||||
|
}
|
||||||
|
|
||||||
|
result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
|
||||||
|
Request: &admissionv1.AdmissionRequest{
|
||||||
|
Resource: v1.GroupVersionResource{Group: extensions.GroupName, Version: "v1beta1", Resource: "ingresses"},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
if err == nil {
|
||||||
|
t.Fatalf("with extensions/v1beta1 Ingress resource, the check should not pass")
|
||||||
|
}
|
||||||
|
|
||||||
result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
|
result, err = adm.HandleAdmission(&admissionv1.AdmissionReview{
|
||||||
Request: &admissionv1.AdmissionRequest{
|
Request: &admissionv1.AdmissionRequest{
|
||||||
Resource: v1.GroupVersionResource{Group: networking.GroupName, Version: "v1beta1", Resource: "ingresses"},
|
Resource: v1.GroupVersionResource{Group: networking.GroupName, Version: "v1beta1", Resource: "ingresses"},
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue