From 5bb668533f9ea981219e6155c3e5103e6ac14f9b Mon Sep 17 00:00:00 2001 From: Dylan Schultz Date: Tue, 16 Mar 2021 17:01:39 -0700 Subject: [PATCH 1/2] added test showing broken namespace reference when combining resources from two different bases --- api/krusty/validatingwebhook_test.go | 136 +++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 api/krusty/validatingwebhook_test.go diff --git a/api/krusty/validatingwebhook_test.go b/api/krusty/validatingwebhook_test.go new file mode 100644 index 000000000..a57889f46 --- /dev/null +++ b/api/krusty/validatingwebhook_test.go @@ -0,0 +1,136 @@ +// Copyright 2019 The Kubernetes Authors. +// SPDX-License-Identifier: Apache-2.0 + +package krusty_test + +import ( + "testing" + + kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest" +) + +func TestValidatingWebhookCombinedNamespaces(t *testing.T) { + th := kusttest_test.MakeHarness(t) + th.WriteK("base", ` +resources: +- service.yaml +- validatingwebhook.yaml +`) + th.WriteF("base/service.yaml", ` +apiVersion: v1 +kind: Service +metadata: + name: admission + namespace: base-namespace +spec: + type: ClusterIP + ports: + - name: https-webhook + port: 443 + targetPort: webhook +`) + th.WriteF("base/validatingwebhook.yaml", ` +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validatingwebhook +webhooks: + - name: validate + matchPolicy: Equivalent + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + failurePolicy: Fail + sideEffects: None + admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + namespace: base-namespace + name: admission + path: /networking/v1beta1/ingresses +`) + th.WriteK("overlay", ` +namespace: merge-namespace +resources: +- ../base +patchesStrategicMerge: +- validatingwebhookdelete.yaml +`) + th.WriteF("overlay/validatingwebhookdelete.yaml", ` +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validatingwebhook +$patch: delete +`) + th.WriteK("combined", ` +resources: +- ../base +- ../overlay +`) + m := th.Run("combined", th.MakeDefaultOptions()) + th.AssertActualEqualsExpected(m, ` +apiVersion: v1 +kind: Service +metadata: + name: admission + namespace: base-namespace +spec: + ports: + - name: https-webhook + port: 443 + targetPort: webhook + type: ClusterIP +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validatingwebhook +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: admission + namespace: base-namespace + path: /networking/v1beta1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None +--- +apiVersion: v1 +kind: Service +metadata: + name: admission + namespace: merge-namespace +spec: + ports: + - name: https-webhook + port: 443 + targetPort: webhook + type: ClusterIP +`) +} + + From 0d152c4784213fb903480a20df11861d9ea3d3ee Mon Sep 17 00:00:00 2001 From: Dylan Schultz Date: Wed, 17 Mar 2021 10:52:41 -0700 Subject: [PATCH 2/2] added comment referring test to issue 3732 --- api/krusty/validatingwebhook_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/api/krusty/validatingwebhook_test.go b/api/krusty/validatingwebhook_test.go index a57889f46..37eb47bb7 100644 --- a/api/krusty/validatingwebhook_test.go +++ b/api/krusty/validatingwebhook_test.go @@ -9,6 +9,7 @@ import ( kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest" ) +// Reproduce issue #3732 func TestValidatingWebhookCombinedNamespaces(t *testing.T) { th := kusttest_test.MakeHarness(t) th.WriteK("base", `