diff --git a/.testcoverage.yml b/.testcoverage.yml index 24e9aed90..2aca657b5 100644 --- a/.testcoverage.yml +++ b/.testcoverage.yml @@ -43,7 +43,7 @@ override: path: ^internal/validators/secretref$ - threshold: 75 path: ^internal/resourcelock$ - - threshold: 85 + - threshold: 84 path: ^internal/webhookcert$ - threshold: 73 path: ^webhook/logpipeline$ diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index bc4dbc864..2a084f09b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -60,7 +60,7 @@ rules: verbs: - get - list - - patch + - update - watch - apiGroups: - apps diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 13b9c632a..9cf26134e 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -1,5 +1,5 @@ resources: -#- manifests.yaml +- manifests.yaml - service.yaml configurations: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index c4534242c..eae61f7d8 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -3,7 +3,7 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: validation.webhook.telemetry.kyma-project.io + name: validating-webhook.kyma-project.io webhooks: - admissionReviewVersions: - v1beta1 @@ -11,12 +11,12 @@ webhooks: clientConfig: service: name: telemetry-manager-webhook - namespace: system + namespace: kyma-system path: /validate-logpipeline port: 443 failurePolicy: Fail matchPolicy: Exact - name: validation.logpipelines.telemetry.kyma-project.io + name: validating-logpipelines.kyma-project.io namespaceSelector: {} objectSelector: {} rules: @@ -38,12 +38,12 @@ webhooks: clientConfig: service: name: telemetry-manager-webhook - namespace: system + namespace: kyma-system path: /validate-logparser port: 443 failurePolicy: Fail matchPolicy: Exact - name: validating.logparsers.telemetry.kyma-project.io + name: validating-logparsers.kyma-project.io namespaceSelector: {} objectSelector: {} rules: diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml index 32dbc5784..044063a17 100644 --- a/config/webhook/service.yaml +++ b/config/webhook/service.yaml @@ -3,7 +3,6 @@ apiVersion: v1 kind: Service metadata: name: manager-webhook - namespace: system spec: ports: - port: 443 diff --git a/internal/reconciler/telemetry/reconciler.go b/internal/reconciler/telemetry/reconciler.go index 6f40b83e9..074da5abc 100644 --- a/internal/reconciler/telemetry/reconciler.go +++ b/internal/reconciler/telemetry/reconciler.go @@ -138,6 +138,10 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu } func (r *Reconciler) doReconcile(ctx context.Context, telemetry *operatorv1alpha1.Telemetry) error { + if err := r.deleteOldValidatingWebhook(ctx); err != nil { + return fmt.Errorf("failed to delete old validating webhook: %w", err) + } + if err := r.handleFinalizer(ctx, telemetry); err != nil { return fmt.Errorf("failed to manage finalizer: %w", err) } @@ -255,11 +259,6 @@ func (r *Reconciler) handleFinalizer(ctx context.Context, telemetry *operatorv1a return nil } - err := r.deleteWebhook(ctx) - if err != nil && !apierrors.IsNotFound(err) { - return fmt.Errorf("failed to delete webhook: %w", err) - } - controllerutil.RemoveFinalizer(telemetry, finalizer) if err := r.Update(ctx, telemetry); err != nil { @@ -270,16 +269,6 @@ func (r *Reconciler) handleFinalizer(ctx context.Context, telemetry *operatorv1a return nil } -func (r *Reconciler) deleteWebhook(ctx context.Context) error { - webhook := &admissionregistrationv1.ValidatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Name: r.config.Webhook.CertConfig.WebhookName.Name, - }, - } - - return r.Delete(ctx, webhook) -} - func (r *Reconciler) reconcileWebhook(ctx context.Context, telemetry *operatorv1alpha1.Telemetry) error { // We skip webhook reconciliation only if no pipelines are remaining. This avoids the risk of certificate expiration while waiting for deletion. if !telemetry.DeletionTimestamp.IsZero() && !r.dependentCRsFound(ctx) { @@ -314,3 +303,21 @@ func (r *Reconciler) reconcileWebhook(ctx context.Context, telemetry *operatorv1 return nil } + +func (r *Reconciler) deleteOldValidatingWebhook(ctx context.Context) error { + oldValidatingWebhook := &admissionregistrationv1.ValidatingWebhookConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "validation.webhook.telemetry.kyma-project.io", + }, + } + + if err := r.Delete(ctx, oldValidatingWebhook); err != nil { + if apierrors.IsNotFound(err) { + return nil + } + + return fmt.Errorf("failed to delete old validating webhook: %w", err) + } + + return nil +} diff --git a/internal/webhookcert/resources.go b/internal/webhookcert/resources.go index 5ec2ff403..d0f53ddc0 100644 --- a/internal/webhookcert/resources.go +++ b/internal/webhookcert/resources.go @@ -6,92 +6,41 @@ import ( admissionregistrationv1 "k8s.io/api/admissionregistration/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" - - k8sutils "github.com/kyma-project/telemetry-manager/internal/utils/k8s" ) const ( webhookServicePort int32 = 443 ) -// applyWebhookConfigResources creates or updates a ValidatingWebhookConfiguration for the LogPipeline/LogParser resources. -// additionally it patches a LogPipeline conversion webhook configuration. +// applyWebhookConfigResources applies the following webhook configurations: +// 1- Updates validating webhook configuration with the provided CA bundle. +// 2- Updates LogPipeline CRD with conversion webhook configuration. func applyWebhookConfigResources(ctx context.Context, c client.Client, caBundle []byte, config Config) error { - validatingWebhookConfig := makeValidatingWebhookConfig(caBundle, config) - if err := k8sutils.CreateOrUpdateValidatingWebhookConfiguration(ctx, c, &validatingWebhookConfig); err != nil { - return fmt.Errorf("failed to create or update validating webhook configuration: %w", err) + if err := updateValidatingWebhookConfig(ctx, c, caBundle, config); err != nil { + return fmt.Errorf("failed to update validating webhook with CA bundle: %w", err) } conversionWebhookConfig := makeConversionWebhookConfig(caBundle, config) - if err := patchConversionWebhookConfig(ctx, c, conversionWebhookConfig); err != nil { - return fmt.Errorf("failed to patch conversion webhook configuration: %w", err) + if err := updateLogPipelineCRDWithConversionWebhookConfig(ctx, c, conversionWebhookConfig); err != nil { + return fmt.Errorf("failed to update LogPipeline CRD with conversion webhook configuration: %w", err) } return nil } -func makeValidatingWebhookConfig(caBundle []byte, config Config) admissionregistrationv1.ValidatingWebhookConfiguration { - apiGroups := []string{"telemetry.kyma-project.io"} - apiVersions := []string{"v1alpha1"} - webhookTimeout := int32(15) //nolint:mnd // 15 seconds - labels := map[string]string{ - "control-plane": "telemetry-manager", - "app.kubernetes.io/instance": "telemetry", - "app.kubernetes.io/name": "manager", - "kyma-project.io/component": "controller", +func updateValidatingWebhookConfig(ctx context.Context, c client.Client, caBundle []byte, config Config) error { + var validatingWebhookConfig admissionregistrationv1.ValidatingWebhookConfiguration + if err := c.Get(ctx, config.WebhookName, &validatingWebhookConfig); err != nil { + return fmt.Errorf("failed to get validating webhook configuration: %w", err) } - createWebhook := func(name, path string, resources []string) admissionregistrationv1.ValidatingWebhook { - return admissionregistrationv1.ValidatingWebhook{ - AdmissionReviewVersions: []string{"v1beta1", "v1"}, - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - Service: &admissionregistrationv1.ServiceReference{ - Name: config.ServiceName.Name, - Namespace: config.ServiceName.Namespace, - Port: ptr.To(webhookServicePort), - Path: &path, - }, - CABundle: caBundle, - }, - FailurePolicy: ptr.To(admissionregistrationv1.Fail), - MatchPolicy: ptr.To(admissionregistrationv1.Exact), - Name: name, - SideEffects: ptr.To(admissionregistrationv1.SideEffectClassNone), - TimeoutSeconds: &webhookTimeout, - Rules: []admissionregistrationv1.RuleWithOperations{ - { - Operations: []admissionregistrationv1.OperationType{ - admissionregistrationv1.Create, - admissionregistrationv1.Update, - }, - Rule: admissionregistrationv1.Rule{ - APIGroups: apiGroups, - APIVersions: apiVersions, - Scope: ptr.To(admissionregistrationv1.AllScopes), - Resources: resources, - }, - }, - }, - } - } - - webhooks := []admissionregistrationv1.ValidatingWebhook{ - createWebhook("validation.logpipelines.telemetry.kyma-project.io", "/validate-logpipeline", []string{"logpipelines"}), - createWebhook("validation.logparsers.telemetry.kyma-project.io", "/validate-logparser", []string{"logparsers"}), - } + validatingWebhookConfig.Webhooks[0].ClientConfig.CABundle = caBundle + validatingWebhookConfig.Webhooks[1].ClientConfig.CABundle = caBundle - return admissionregistrationv1.ValidatingWebhookConfiguration{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: config.WebhookName.Name, - Labels: labels, - }, - Webhooks: webhooks, - } + return c.Update(ctx, &validatingWebhookConfig) } func makeConversionWebhookConfig(caBundle []byte, config Config) apiextensionsv1.CustomResourceConversion { @@ -112,15 +61,13 @@ func makeConversionWebhookConfig(caBundle []byte, config Config) apiextensionsv1 } } -func patchConversionWebhookConfig(ctx context.Context, c client.Client, conversion apiextensionsv1.CustomResourceConversion) error { +func updateLogPipelineCRDWithConversionWebhookConfig(ctx context.Context, c client.Client, conversion apiextensionsv1.CustomResourceConversion) error { var logPipelineCRD apiextensionsv1.CustomResourceDefinition if err := c.Get(ctx, types.NamespacedName{Name: "logpipelines.telemetry.kyma-project.io"}, &logPipelineCRD); err != nil { return fmt.Errorf("failed to get logpipelines CRD: %w", err) } - patch := client.MergeFrom(logPipelineCRD.DeepCopy()) - logPipelineCRD.Spec.Conversion = &conversion - return c.Patch(ctx, &logPipelineCRD, patch) + return c.Update(ctx, &logPipelineCRD) } diff --git a/internal/webhookcert/webhook_cert_test.go b/internal/webhookcert/webhook_cert_test.go index b9d44687d..6b26e6f20 100644 --- a/internal/webhookcert/webhook_cert_test.go +++ b/internal/webhookcert/webhook_cert_test.go @@ -14,29 +14,24 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" clientgoscheme "k8s.io/client-go/kubernetes/scheme" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client/fake" ) var ( - telemetryNamespace = "telemetry-system" - webhookService = types.NamespacedName{ + systemNamespace = "kyma-system" + webhookService = types.NamespacedName{ Name: "telemetry-manager-webhook", - Namespace: telemetryNamespace, + Namespace: systemNamespace, } caBundleSecret = types.NamespacedName{ Name: "telemetry-webhook-cert", - Namespace: telemetryNamespace, + Namespace: systemNamespace, } - name = "validation.webhook.telemetry.kyma-project.io" + name = "telemetry-validating-webhook.kyma-project.io" webhookName = types.NamespacedName{ Name: name, } - labels = map[string]string{ - "control-plane": "telemetry-manager", - "app.kubernetes.io/instance": "telemetry", - "app.kubernetes.io/name": "manager", - "kyma-project.io/component": "controller", - } logPipelinesCRD = apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Name: "logpipelines.telemetry.kyma-project.io", @@ -50,151 +45,31 @@ var ( }, }, } -) - -func TestEnsureCertificate_CreatesValidatingWebhookConfig(t *testing.T) { - scheme := runtime.NewScheme() - require.NoError(t, clientgoscheme.AddToScheme(scheme)) - require.NoError(t, apiextensionsv1.AddToScheme(scheme)) - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD).Build() - - certDir, err := os.MkdirTemp("", "certificate") - require.NoError(t, err) - defer func(path string) { - deleteErr := os.RemoveAll(path) - require.NoError(t, deleteErr) - }(certDir) - - config := Config{ - CertDir: certDir, - ServiceName: webhookService, - CASecretName: caBundleSecret, - WebhookName: webhookName, - } - - err = EnsureCertificate(context.TODO(), client, config) - require.NoError(t, err) - - serverCert, err := os.ReadFile(path.Join(certDir, "tls.crt")) - require.NoError(t, err) - - var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - - err = client.Get(context.Background(), config.WebhookName, &validatingWebhookConfiguration) - require.NoError(t, err) - - require.Equal(t, name, validatingWebhookConfiguration.Name) - require.Equal(t, labels, validatingWebhookConfiguration.Labels) - - require.Equal(t, 2, len(validatingWebhookConfiguration.Webhooks)) - - require.Equal(t, int32(15), *validatingWebhookConfiguration.Webhooks[0].TimeoutSeconds) - require.Equal(t, int32(15), *validatingWebhookConfiguration.Webhooks[1].TimeoutSeconds) - - var chainChecker certChainCheckerImpl - certValid, err := chainChecker.checkRoot(context.Background(), serverCert, validatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle) - require.NoError(t, err) - require.True(t, certValid) - - certValid, err = chainChecker.checkRoot(context.Background(), serverCert, validatingWebhookConfiguration.Webhooks[1].ClientConfig.CABundle) - require.NoError(t, err) - require.True(t, certValid) - - require.Equal(t, webhookService.Name, validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name) - require.Equal(t, webhookService.Name, validatingWebhookConfiguration.Webhooks[1].ClientConfig.Service.Name) - - require.Equal(t, webhookService.Namespace, validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Namespace) - require.Equal(t, webhookService.Namespace, validatingWebhookConfiguration.Webhooks[1].ClientConfig.Service.Namespace) - - require.Equal(t, int32(443), *validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Port) - require.Equal(t, int32(443), *validatingWebhookConfiguration.Webhooks[1].ClientConfig.Service.Port) - - require.Equal(t, "/validate-logpipeline", *validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Path) - require.Equal(t, "/validate-logparser", *validatingWebhookConfiguration.Webhooks[1].ClientConfig.Service.Path) - - require.Contains(t, validatingWebhookConfiguration.Webhooks[0].Rules[0].APIGroups, "telemetry.kyma-project.io") - require.Contains(t, validatingWebhookConfiguration.Webhooks[1].Rules[0].APIGroups, "telemetry.kyma-project.io") - - require.Contains(t, validatingWebhookConfiguration.Webhooks[0].Rules[0].APIVersions, "v1alpha1") - require.Contains(t, validatingWebhookConfiguration.Webhooks[1].Rules[0].APIVersions, "v1alpha1") - - require.Contains(t, validatingWebhookConfiguration.Webhooks[0].Rules[0].Resources, "logpipelines") - require.Contains(t, validatingWebhookConfiguration.Webhooks[1].Rules[0].Resources, "logparsers") -} - -func TestEnsureCertificate_PatchesConversionWebhookConfig(t *testing.T) { - scheme := runtime.NewScheme() - require.NoError(t, clientgoscheme.AddToScheme(scheme)) - require.NoError(t, apiextensionsv1.AddToScheme(scheme)) - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD).Build() - - certDir, err := os.MkdirTemp("", "certificate") - require.NoError(t, err) - defer func(path string) { - deleteErr := os.RemoveAll(path) - require.NoError(t, deleteErr) - }(certDir) - - config := Config{ - CertDir: certDir, - ServiceName: webhookService, - CASecretName: caBundleSecret, - WebhookName: webhookName, + labels = map[string]string{ + "app.kubernetes.io/component": "telemetry", + "app.kubernetes.io/instance": "telemetry-manager", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "telemetry-manager", + "app.kubernetes.io/part-of": "kyma", + "control-plane": "telemetry-manager", } - - err = EnsureCertificate(context.TODO(), client, config) - require.NoError(t, err) - - serverCert, err := os.ReadFile(path.Join(certDir, "tls.crt")) - require.NoError(t, err) - - var crd apiextensionsv1.CustomResourceDefinition - - require.NoError(t, client.Get(context.Background(), types.NamespacedName{Name: "logpipelines.telemetry.kyma-project.io"}, &crd)) - - require.Equal(t, apiextensionsv1.WebhookConverter, crd.Spec.Conversion.Strategy) - require.Equal(t, webhookService.Name, crd.Spec.Conversion.Webhook.ClientConfig.Service.Name) - require.Equal(t, webhookService.Namespace, crd.Spec.Conversion.Webhook.ClientConfig.Service.Namespace) - require.Equal(t, int32(443), *crd.Spec.Conversion.Webhook.ClientConfig.Service.Port) - require.Equal(t, "/convert", *crd.Spec.Conversion.Webhook.ClientConfig.Service.Path) - - crdCABundle := crd.Spec.Conversion.Webhook.ClientConfig.CABundle - require.NotEmpty(t, crdCABundle) - - var chainChecker certChainCheckerImpl - certValid, err := chainChecker.checkRoot(context.Background(), serverCert, crdCABundle) - require.NoError(t, err) - require.True(t, certValid) -} - -func TestUpdateWebhookCertificate(t *testing.T) { - scheme := runtime.NewScheme() - require.NoError(t, clientgoscheme.AddToScheme(scheme)) - require.NoError(t, apiextensionsv1.AddToScheme(scheme)) - - logPipelinePath := "/validate-logpipeline" - logParserPath := "/validate-logparser" - failurePolicy := admissionregistrationv1.Fail - matchPolicy := admissionregistrationv1.Exact - sideEffects := admissionregistrationv1.SideEffectClassNone - operations := []admissionregistrationv1.OperationType{ + failurePolicy = admissionregistrationv1.Fail + matchPolicy = admissionregistrationv1.Exact + sideEffects = admissionregistrationv1.SideEffectClassNone + operations = []admissionregistrationv1.OperationType{ admissionregistrationv1.Create, admissionregistrationv1.Update, } - apiGroups := []string{"telemetry.kyma-project.io"} - apiVersions := []string{"v1alpha1"} - scope := admissionregistrationv1.AllScopes - servicePort := int32(443) - timeout := int32(15) - certificate := []byte("123") - - initialValidatingWebhookConfiguration := admissionregistrationv1.ValidatingWebhookConfiguration{ - TypeMeta: metav1.TypeMeta{}, + apiGroups = []string{"telemetry.kyma-project.io"} + apiVersions = []string{"v1alpha1"} + scope = admissionregistrationv1.AllScopes + servicePort = int32(443) + timeout = int32(15) + initialValidatingWebhookConfiguration = admissionregistrationv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Name: name, Labels: labels, }, - Webhooks: []admissionregistrationv1.ValidatingWebhook{ { AdmissionReviewVersions: []string{"v1beta1", "v1"}, @@ -203,13 +78,12 @@ func TestUpdateWebhookCertificate(t *testing.T) { Name: webhookService.Name, Namespace: webhookService.Namespace, Port: &servicePort, - Path: &logPipelinePath, + Path: ptr.To("/validate-logpipeline"), }, - CABundle: certificate, }, FailurePolicy: &failurePolicy, MatchPolicy: &matchPolicy, - Name: "validation.logpipelines.telemetry.kyma-project.io", + Name: "validating-logpipelines.kyma-project.io", SideEffects: &sideEffects, TimeoutSeconds: &timeout, Rules: []admissionregistrationv1.RuleWithOperations{ @@ -231,13 +105,12 @@ func TestUpdateWebhookCertificate(t *testing.T) { Name: webhookService.Name, Namespace: webhookService.Namespace, Port: &servicePort, - Path: &logParserPath, + Path: ptr.To("/validate-logparser"), }, - CABundle: certificate, }, FailurePolicy: &failurePolicy, MatchPolicy: &matchPolicy, - Name: "validation.logparsers.telemetry.kyma-project.io", + Name: "validating-logparsers.kyma-project.io", SideEffects: &sideEffects, TimeoutSeconds: &timeout, Rules: []admissionregistrationv1.RuleWithOperations{ @@ -254,6 +127,58 @@ func TestUpdateWebhookCertificate(t *testing.T) { }, }, } +) + +func TestUpdateLogPipelineWithWebhookConfig(t *testing.T) { + scheme := runtime.NewScheme() + require.NoError(t, clientgoscheme.AddToScheme(scheme)) + require.NoError(t, apiextensionsv1.AddToScheme(scheme)) + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD, &initialValidatingWebhookConfiguration).Build() + + certDir, err := os.MkdirTemp("", "certificate") + require.NoError(t, err) + defer func(path string) { + deleteErr := os.RemoveAll(path) + require.NoError(t, deleteErr) + }(certDir) + + config := Config{ + CertDir: certDir, + ServiceName: webhookService, + CASecretName: caBundleSecret, + WebhookName: webhookName, + } + + err = EnsureCertificate(context.TODO(), client, config) + require.NoError(t, err) + + serverCert, err := os.ReadFile(path.Join(certDir, "tls.crt")) + require.NoError(t, err) + + var crd apiextensionsv1.CustomResourceDefinition + + require.NoError(t, client.Get(context.Background(), types.NamespacedName{Name: "logpipelines.telemetry.kyma-project.io"}, &crd)) + + require.Equal(t, apiextensionsv1.WebhookConverter, crd.Spec.Conversion.Strategy) + require.Equal(t, webhookService.Name, crd.Spec.Conversion.Webhook.ClientConfig.Service.Name) + require.Equal(t, webhookService.Namespace, crd.Spec.Conversion.Webhook.ClientConfig.Service.Namespace) + require.Equal(t, int32(443), *crd.Spec.Conversion.Webhook.ClientConfig.Service.Port) + require.Equal(t, "/convert", *crd.Spec.Conversion.Webhook.ClientConfig.Service.Path) + + crdCABundle := crd.Spec.Conversion.Webhook.ClientConfig.CABundle + require.NotEmpty(t, crdCABundle) + + var chainChecker certChainCheckerImpl + certValid, err := chainChecker.checkRoot(context.Background(), serverCert, crdCABundle) + require.NoError(t, err) + require.True(t, certValid) +} + +func TestUpdateValidatingWebhookConfig(t *testing.T) { + scheme := runtime.NewScheme() + require.NoError(t, clientgoscheme.AddToScheme(scheme)) + require.NoError(t, apiextensionsv1.AddToScheme(scheme)) + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD, &initialValidatingWebhookConfiguration).Build() certDir, err := os.MkdirTemp("", "certificate") @@ -300,7 +225,7 @@ func TestCreateSecret(t *testing.T) { scheme := runtime.NewScheme() require.NoError(t, clientgoscheme.AddToScheme(scheme)) require.NoError(t, apiextensionsv1.AddToScheme(scheme)) - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD, &initialValidatingWebhookConfiguration).Build() certDir, err := os.MkdirTemp("", "certificate") require.NoError(t, err) @@ -332,7 +257,7 @@ func TestReuseExistingCertificate(t *testing.T) { scheme := runtime.NewScheme() require.NoError(t, clientgoscheme.AddToScheme(scheme)) require.NoError(t, apiextensionsv1.AddToScheme(scheme)) - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&logPipelinesCRD, &initialValidatingWebhookConfiguration).Build() certDir, err := os.MkdirTemp("", "certificate") require.NoError(t, err) diff --git a/main.go b/main.go index 952e514b2..10104e0ab 100644 --- a/main.go +++ b/main.go @@ -157,7 +157,7 @@ func init() { // +kubebuilder:rbac:urls=/metrics,verbs=get // +kubebuilder:rbac:urls=/metrics/cadvisor,verbs=get -// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch;patch +// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch;update // +kubebuilder:rbac:groups=apps,namespace=system,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,namespace=system,resources=daemonsets,verbs=get;list;watch;create;update;patch;delete @@ -528,7 +528,7 @@ func createWebhookConfig() telemetry.WebhookConfig { Namespace: telemetryNamespace, }, WebhookName: types.NamespacedName{ - Name: "validation.webhook.telemetry.kyma-project.io", + Name: "telemetry-validating-webhook.kyma-project.io", }, }, } diff --git a/test/e2e/logs_basic_v1alpha1_test.go b/test/e2e/logs_basic_v1alpha1_test.go index 7e46242f0..7b8dbd62e 100644 --- a/test/e2e/logs_basic_v1alpha1_test.go +++ b/test/e2e/logs_basic_v1alpha1_test.go @@ -55,12 +55,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline with HTTP output exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_basic_v1beta1_test.go b/test/e2e/logs_basic_v1beta1_test.go index 24425f067..ba23aee6f 100644 --- a/test/e2e/logs_basic_v1beta1_test.go +++ b/test/e2e/logs_basic_v1beta1_test.go @@ -63,12 +63,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs, suite.LabelExperimental), Or return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline with HTTP output exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_custom_output_test.go b/test/e2e/logs_custom_output_test.go index 8f7d7e5dd..f4cc8baa8 100644 --- a/test/e2e/logs_custom_output_test.go +++ b/test/e2e/logs_custom_output_test.go @@ -50,12 +50,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline with custom output exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_dedot_test.go b/test/e2e/logs_dedot_test.go index 789bb77a4..0115aa485 100644 --- a/test/e2e/logs_dedot_test.go +++ b/test/e2e/logs_dedot_test.go @@ -48,12 +48,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline that dedots labels exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_disabled_input_test.go b/test/e2e/logs_disabled_input_test.go index 3eb0d4f04..4ae98865e 100644 --- a/test/e2e/logs_disabled_input_test.go +++ b/test/e2e/logs_disabled_input_test.go @@ -43,12 +43,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline with disabled application input exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_drop_labels_test.go b/test/e2e/logs_drop_labels_test.go index 3584ad8c0..ffdb4b638 100644 --- a/test/e2e/logs_drop_labels_test.go +++ b/test/e2e/logs_drop_labels_test.go @@ -51,12 +51,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline that keeps labels and drops annotations exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_exclude_container_test.go b/test/e2e/logs_exclude_container_test.go index 5f04172c0..256b48d51 100644 --- a/test/e2e/logs_exclude_container_test.go +++ b/test/e2e/logs_exclude_container_test.go @@ -49,12 +49,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline that excludes containers exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_keep_annotation_test.go b/test/e2e/logs_keep_annotation_test.go index 5977c0ef3..32c54f77b 100644 --- a/test/e2e/logs_keep_annotation_test.go +++ b/test/e2e/logs_keep_annotation_test.go @@ -49,12 +49,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline that keeps annotations and drops labels exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_keep_original_body_test.go b/test/e2e/logs_keep_original_body_test.go index a3ea645c9..b2d1eedef 100644 --- a/test/e2e/logs_keep_original_body_test.go +++ b/test/e2e/logs_keep_original_body_test.go @@ -67,12 +67,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When 2 logpipelines that keep and drop original log body exist", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_mtls_test.go b/test/e2e/logs_mtls_test.go index 93e250725..cae9857f6 100644 --- a/test/e2e/logs_mtls_test.go +++ b/test/e2e/logs_mtls_test.go @@ -53,12 +53,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline with TLS activated exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_parser_test.go b/test/e2e/logs_parser_test.go index 1ae9b4bc4..1c4ceeca3 100644 --- a/test/e2e/logs_parser_test.go +++ b/test/e2e/logs_parser_test.go @@ -57,12 +57,6 @@ Types user:string pass:string` return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a LogParser exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_self_monitor_healthy_test.go b/test/e2e/logs_self_monitor_healthy_test.go index 97a71728f..44fd35567 100644 --- a/test/e2e/logs_self_monitor_healthy_test.go +++ b/test/e2e/logs_self_monitor_healthy_test.go @@ -48,12 +48,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelSelfMonitoringLogsHealthy), Ordere return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/logs_validation_test.go b/test/e2e/logs_validation_test.go index ad91bff25..b6163f9d2 100644 --- a/test/e2e/logs_validation_test.go +++ b/test/e2e/logs_validation_test.go @@ -9,7 +9,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" testutils "github.com/kyma-project/telemetry-manager/internal/utils/test" - "github.com/kyma-project/telemetry-manager/test/testkit/assert" kitk8s "github.com/kyma-project/telemetry-manager/test/testkit/k8s" kitkyma "github.com/kyma-project/telemetry-manager/test/testkit/kyma" "github.com/kyma-project/telemetry-manager/test/testkit/periodic" @@ -17,17 +16,11 @@ import ( ) var _ = Describe(suite.ID(), Label(suite.LabelLogs), Ordered, func() { - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a validating webhook exists", Ordered, func() { BeforeAll(func() { Eventually(func(g Gomega) { var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.ValidatingWebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) g.Expect(validatingWebhookConfiguration.Webhooks).Should(HaveLen(2)) }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) }) diff --git a/test/e2e/logs_version_conversion_test.go b/test/e2e/logs_version_conversion_test.go index 0396eb587..34f5c6e51 100644 --- a/test/e2e/logs_version_conversion_test.go +++ b/test/e2e/logs_version_conversion_test.go @@ -11,7 +11,6 @@ import ( telemetryv1alpha1 "github.com/kyma-project/telemetry-manager/apis/telemetry/v1alpha1" telemetryv1beta1 "github.com/kyma-project/telemetry-manager/apis/telemetry/v1beta1" - "github.com/kyma-project/telemetry-manager/test/testkit/assert" kitk8s "github.com/kyma-project/telemetry-manager/test/testkit/k8s" "github.com/kyma-project/telemetry-manager/test/testkit/suite" ) @@ -66,12 +65,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelLogs, suite.LabelExperimental), Or return []client.Object{&v1Alpha1LogPipeline, &v1Beta1LogPipeline} } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When v1alpha1 and v1beta1 logpipelines exist", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/e2e/metrics_validation_test.go b/test/e2e/metrics_validation_test.go index 3c90fdd50..eac5a1b8d 100644 --- a/test/e2e/metrics_validation_test.go +++ b/test/e2e/metrics_validation_test.go @@ -9,7 +9,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" testutils "github.com/kyma-project/telemetry-manager/internal/utils/test" - "github.com/kyma-project/telemetry-manager/test/testkit/assert" kitk8s "github.com/kyma-project/telemetry-manager/test/testkit/k8s" kitkyma "github.com/kyma-project/telemetry-manager/test/testkit/kyma" "github.com/kyma-project/telemetry-manager/test/testkit/periodic" @@ -17,17 +16,11 @@ import ( ) var _ = Describe(suite.ID(), Label(suite.LabelMetrics), Ordered, func() { - Context("Before deploying a metricpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a validating webhook exists", Ordered, func() { BeforeAll(func() { Eventually(func(g Gomega) { var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.ValidatingWebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) g.Expect(validatingWebhookConfiguration.Webhooks).Should(HaveLen(2)) }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) }) diff --git a/test/e2e/overrides_test.go b/test/e2e/overrides_test.go index 1fde3b0de..a6834aa0f 100644 --- a/test/e2e/overrides_test.go +++ b/test/e2e/overrides_test.go @@ -58,38 +58,34 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { return objs } - assertPipelineReconciliationDisabled := func(ctx context.Context, k8sClient client.Client, configMapName string, labelKey string) { - key := types.NamespacedName{ - Name: configMapName, - Namespace: kitkyma.SystemNamespaceName, - } + assertPipelineReconciliationDisabled := func(ctx context.Context, k8sClient client.Client, configMapNamespacedName types.NamespacedName, labelKey string) { var configMap corev1.ConfigMap - Expect(k8sClient.Get(ctx, key, &configMap)).To(Succeed()) + Expect(k8sClient.Get(ctx, configMapNamespacedName, &configMap)).To(Succeed()) delete(configMap.ObjectMeta.Labels, labelKey) Expect(k8sClient.Update(ctx, &configMap)).To(Succeed()) // The deleted label should not be restored, since the reconciliation is disabled by the overrides configmap Consistently(func(g Gomega) { - g.Expect(k8sClient.Get(ctx, key, &configMap)).To(Succeed()) + g.Expect(k8sClient.Get(ctx, configMapNamespacedName, &configMap)).To(Succeed()) g.Expect(configMap.ObjectMeta.Labels[labelKey]).To(BeZero()) }, periodic.ConsistentlyTimeout, periodic.DefaultInterval).Should(Succeed()) } - assertTelemetryReconciliationDisabled := func(ctx context.Context, k8sClient client.Client, webhookName string, labelKey string) { + assertTelemetryReconciliationDisabled := func(ctx context.Context, k8sClient client.Client, webhookName string) { key := types.NamespacedName{ Name: webhookName, } var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration Expect(k8sClient.Get(ctx, key, &validatingWebhookConfiguration)).To(Succeed()) - delete(validatingWebhookConfiguration.ObjectMeta.Labels, labelKey) + validatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte{} Expect(k8sClient.Update(ctx, &validatingWebhookConfiguration)).To(Succeed()) - // The deleted label should not be restored, since the reconciliation is disabled by the overrides configmap + // The deleted CA bundle should not be restored, since the reconciliation is disabled by the overrides configmap Consistently(func(g Gomega) { g.Expect(k8sClient.Get(ctx, key, &validatingWebhookConfiguration)).To(Succeed()) - g.Expect(validatingWebhookConfiguration.ObjectMeta.Labels[labelKey]).To(BeZero()) + g.Expect(validatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle).To(BeEmpty()) }, periodic.ConsistentlyTimeout, periodic.DefaultInterval).Should(Succeed()) } @@ -106,12 +102,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { Expect(kitk8s.CreateObjects(ctx, k8sClient, k8sObjects...)).Should(Succeed()) }) - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline with HTTP output exists", Ordered, func() { It("Should have a running logpipeline", func() { assert.LogPipelineHealthy(ctx, k8sClient, pipelineName) @@ -189,19 +179,19 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { Context("When an overrides configmap exists", func() { It("Should disable the reconciliation of the logpipeline", func() { - assertPipelineReconciliationDisabled(ctx, k8sClient, "telemetry-fluent-bit", appNameLabelKey) + assertPipelineReconciliationDisabled(ctx, k8sClient, kitkyma.FluentBitConfigMap, appNameLabelKey) }) It("Should disable the reconciliation of the metricpipeline", func() { - assertPipelineReconciliationDisabled(ctx, k8sClient, "telemetry-metric-gateway", appNameLabelKey) + assertPipelineReconciliationDisabled(ctx, k8sClient, kitkyma.MetricGatewayConfigMap, appNameLabelKey) }) It("Should disable the reconciliation of the tracepipeline", func() { - assertPipelineReconciliationDisabled(ctx, k8sClient, "telemetry-trace-gateway", appNameLabelKey) + assertPipelineReconciliationDisabled(ctx, k8sClient, kitkyma.TraceGatewayConfigMap, appNameLabelKey) }) It("Should disable the reconciliation of the telemetry CR", func() { - assertTelemetryReconciliationDisabled(ctx, k8sClient, "validation.webhook.telemetry.kyma-project.io", appNameLabelKey) + assertTelemetryReconciliationDisabled(ctx, k8sClient, kitkyma.ValidatingWebhookName) }) }) }) diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go index 7359fcf2d..327f5e59b 100644 --- a/test/e2e/suite_test.go +++ b/test/e2e/suite_test.go @@ -85,7 +85,7 @@ var _ = AfterSuite(func() { if !suite.IsOperational() { Eventually(func(g Gomega) { var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.ValidatingWebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) var secret corev1.Secret g.Expect(k8sClient.Get(ctx, kitkyma.WebhookCertSecret, &secret)).Should(Succeed()) }, periodic.EventuallyTimeout, periodic.DefaultInterval).ShouldNot(Succeed()) diff --git a/test/e2e/telemetry_test.go b/test/e2e/telemetry_test.go index 11fcaeb7c..b1c49a828 100644 --- a/test/e2e/telemetry_test.go +++ b/test/e2e/telemetry_test.go @@ -110,12 +110,12 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { It("Should have ValidatingWebhookConfiguration", func() { Eventually(func(g Gomega) { var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.ValidatingWebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) g.Expect(validatingWebhookConfiguration.Webhooks).Should(HaveLen(2)) logPipelineWebhook := validatingWebhookConfiguration.Webhooks[0] - g.Expect(logPipelineWebhook.Name).Should(Equal("validation.logpipelines.telemetry.kyma-project.io")) + g.Expect(logPipelineWebhook.Name).Should(Equal("validating-logpipelines.kyma-project.io")) g.Expect(logPipelineWebhook.ClientConfig.CABundle).ShouldNot(BeEmpty()) g.Expect(logPipelineWebhook.ClientConfig.Service.Name).Should(Equal("telemetry-manager-webhook")) g.Expect(logPipelineWebhook.ClientConfig.Service.Namespace).Should(Equal(kitkyma.SystemNamespaceName)) @@ -127,7 +127,7 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { g.Expect(logPipelineWebhook.Rules[0].Operations).Should(ContainElement(admissionregistrationv1.Update)) logParserWebhook := validatingWebhookConfiguration.Webhooks[1] - g.Expect(logParserWebhook.Name).Should(Equal("validation.logparsers.telemetry.kyma-project.io")) + g.Expect(logParserWebhook.Name).Should(Equal("validating-logparsers.kyma-project.io")) g.Expect(logParserWebhook.ClientConfig.CABundle).ShouldNot(BeEmpty()) g.Expect(logParserWebhook.ClientConfig.Service.Name).Should(Equal("telemetry-manager-webhook")) g.Expect(logParserWebhook.ClientConfig.Service.Namespace).Should(Equal(kitkyma.SystemNamespaceName)) @@ -152,10 +152,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) }) - It("Should reconcile ValidatingWebhookConfiguration", func() { - testWebhookReconciliation() - }) - It("Should reconcile CA bundle secret", func() { var oldUID types.UID By("Deleting secret", func() { @@ -190,7 +186,7 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { }) AfterAll(func() { - // Re-create Telemetry to have ValidatingWebhookConfiguration for remaining tests + // Re-create Telemetry for remaining tests Eventually(func(g Gomega) { newTelemetry := []client.Object{kitk8s.NewTelemetry("default", "kyma-system").K8sObject()} g.Expect(kitk8s.CreateObjects(ctx, k8sClient, newTelemetry...)).Should(Succeed()) @@ -211,10 +207,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) }) - It("Should reconcile ValidatingWebhookConfiguration if LogPipeline exists", func() { - testWebhookReconciliation() - }) - It("Should not delete Telemetry when LogPipeline exists", func() { By("Deleting telemetry", func() { Expect(kitk8s.ForceDeleteObjects(ctx, k8sClient, telemetryK8sObject)).Should(Succeed()) @@ -266,12 +258,7 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) }) - It("Should not have Webhook and CA bundle", func() { - Eventually(func(g Gomega) { - var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) - }, periodic.EventuallyTimeout, periodic.DefaultInterval).ShouldNot(Succeed()) - + It("Should not have CA bundle secret", func() { Eventually(func(g Gomega) { var secret corev1.Secret g.Expect(k8sClient.Get(ctx, kitkyma.WebhookCertSecret, &secret)).Should(Succeed()) @@ -279,21 +266,3 @@ var _ = Describe(suite.ID(), Label(suite.LabelTelemetry), Ordered, func() { }) }) }) - -func testWebhookReconciliation() { - var oldUID types.UID - - By("Deleting ValidatingWebhookConfiguration", func() { - var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - - Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) - oldUID = validatingWebhookConfiguration.UID - Expect(k8sClient.Delete(ctx, &validatingWebhookConfiguration)).Should(Succeed()) - }) - - Eventually(func(g Gomega) { - var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) - g.Expect(validatingWebhookConfiguration.UID).ShouldNot(Equal(oldUID)) - }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) -} diff --git a/test/e2e/traces_validation_test.go b/test/e2e/traces_validation_test.go index 12534f969..67f8a857d 100644 --- a/test/e2e/traces_validation_test.go +++ b/test/e2e/traces_validation_test.go @@ -9,7 +9,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" testutils "github.com/kyma-project/telemetry-manager/internal/utils/test" - "github.com/kyma-project/telemetry-manager/test/testkit/assert" kitk8s "github.com/kyma-project/telemetry-manager/test/testkit/k8s" kitkyma "github.com/kyma-project/telemetry-manager/test/testkit/kyma" "github.com/kyma-project/telemetry-manager/test/testkit/periodic" @@ -17,17 +16,11 @@ import ( ) var _ = Describe(suite.ID(), Label(suite.LabelTraces), Ordered, func() { - Context("Before deploying a tracepipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a validating webhook exists", Ordered, func() { BeforeAll(func() { Eventually(func(g Gomega) { var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.WebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.ValidatingWebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) g.Expect(validatingWebhookConfiguration.Webhooks).Should(HaveLen(2)) }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) }) diff --git a/test/integration/istio/logs_self_monitor_backpressure_test.go b/test/integration/istio/logs_self_monitor_backpressure_test.go index a2c3c747c..7512069c6 100644 --- a/test/integration/istio/logs_self_monitor_backpressure_test.go +++ b/test/integration/istio/logs_self_monitor_backpressure_test.go @@ -43,12 +43,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelSelfMonitoringLogsBackpressure), O return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/integration/istio/logs_self_monitor_outage_test.go b/test/integration/istio/logs_self_monitor_outage_test.go index b4753b8ee..a0f980761 100644 --- a/test/integration/istio/logs_self_monitor_outage_test.go +++ b/test/integration/istio/logs_self_monitor_outage_test.go @@ -46,12 +46,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelSelfMonitoringLogsOutage), Ordered return objs } - Context("Before deploying a logpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a logpipeline exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/integration/istio/metrics_self_monitor_backpressure_test.go b/test/integration/istio/metrics_self_monitor_backpressure_test.go index 971274bdf..ba6a55142 100644 --- a/test/integration/istio/metrics_self_monitor_backpressure_test.go +++ b/test/integration/istio/metrics_self_monitor_backpressure_test.go @@ -47,12 +47,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelSelfMonitoringMetricsBackpressure) return objs } - Context("Before deploying a metricpipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a metricpipeline exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/integration/istio/metrics_self_monitor_outage_test.go b/test/integration/istio/metrics_self_monitor_outage_test.go index 2c3ed4310..afb2f80e6 100644 --- a/test/integration/istio/metrics_self_monitor_outage_test.go +++ b/test/integration/istio/metrics_self_monitor_outage_test.go @@ -72,10 +72,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelSelfMonitoringMetricsOutage), Orde }, "1m", "10s").Should(Succeed()) }) - - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) }) Context("When a metricpipeline exists", Ordered, func() { diff --git a/test/integration/istio/suite_test.go b/test/integration/istio/suite_test.go index e7e33a55a..54162f487 100644 --- a/test/integration/istio/suite_test.go +++ b/test/integration/istio/suite_test.go @@ -13,7 +13,6 @@ import ( istiosecurityclientv1 "istio.io/client-go/pkg/apis/security/v1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" clientgoscheme "k8s.io/client-go/kubernetes/scheme" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/envtest" @@ -29,14 +28,6 @@ import ( "github.com/kyma-project/telemetry-manager/test/testkit/suite" ) -var ( - webhookName = "validation.webhook.telemetry.kyma-project.io" - webhookCertSecret = types.NamespacedName{ - Name: "telemetry-webhook-cert", - Namespace: kitkyma.SystemNamespaceName, - } -) - var ( ctx context.Context cancel context.CancelFunc @@ -95,9 +86,9 @@ var _ = AfterSuite(func() { if !suite.IsOperational() { Eventually(func(g Gomega) { var validatingWebhookConfiguration admissionregistrationv1.ValidatingWebhookConfiguration - g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: webhookName}, &validatingWebhookConfiguration)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: kitkyma.ValidatingWebhookName}, &validatingWebhookConfiguration)).Should(Succeed()) var secret corev1.Secret - g.Expect(k8sClient.Get(ctx, webhookCertSecret, &secret)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, kitkyma.WebhookCertSecret, &secret)).Should(Succeed()) }, periodic.EventuallyTimeout, periodic.DefaultInterval).ShouldNot(Succeed()) } diff --git a/test/integration/istio/traces_self_monitor_backpressure_test.go b/test/integration/istio/traces_self_monitor_backpressure_test.go index 4751d2f68..ba065df7d 100644 --- a/test/integration/istio/traces_self_monitor_backpressure_test.go +++ b/test/integration/istio/traces_self_monitor_backpressure_test.go @@ -47,12 +47,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelSelfMonitoringTracesBackpressure), return objs } - Context("Before deploying a tracepipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a tracepipeline exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/integration/istio/traces_self_monitor_outage_test.go b/test/integration/istio/traces_self_monitor_outage_test.go index 203bd7cb6..8bc638130 100644 --- a/test/integration/istio/traces_self_monitor_outage_test.go +++ b/test/integration/istio/traces_self_monitor_outage_test.go @@ -49,12 +49,6 @@ var _ = Describe(suite.ID(), Label(suite.LabelSelfMonitoringTracesOutage), Order return objs } - Context("Before deploying a tracepipeline", func() { - It("Should have a healthy webhook", func() { - assert.WebhookHealthy(ctx, k8sClient) - }) - }) - Context("When a tracepipeline exists", Ordered, func() { BeforeAll(func() { k8sObjects := makeResources() diff --git a/test/testkit/assert/webhook.go b/test/testkit/assert/webhook.go deleted file mode 100644 index 147bfa301..000000000 --- a/test/testkit/assert/webhook.go +++ /dev/null @@ -1,24 +0,0 @@ -package assert - -import ( - "context" - - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/controller-runtime/pkg/client" - - kitkyma "github.com/kyma-project/telemetry-manager/test/testkit/kyma" - "github.com/kyma-project/telemetry-manager/test/testkit/periodic" -) - -func WebhookHealthy(ctx context.Context, k8sClient client.Client) { - Eventually(func(g Gomega) { - var endpoints corev1.Endpoints - g.Expect(k8sClient.Get(ctx, kitkyma.TelemetryManagerWebhookServiceName, &endpoints)).To(Succeed()) - g.Expect(endpoints.Subsets).NotTo(BeEmpty()) - for _, subset := range endpoints.Subsets { - g.Expect(subset.Addresses).NotTo(BeEmpty()) - g.Expect(subset.NotReadyAddresses).To(BeEmpty()) - } - }, periodic.EventuallyTimeout, periodic.DefaultInterval).Should(Succeed()) -} diff --git a/test/testkit/kyma/common_names.go b/test/testkit/kyma/common_names.go index 0043c3da1..6835ba1bb 100644 --- a/test/testkit/kyma/common_names.go +++ b/test/testkit/kyma/common_names.go @@ -17,7 +17,7 @@ const ( FluentBitBaseName = "telemetry-fluent-bit" SelfMonitorBaseName = "telemetry-self-monitor" DefaultTelemetryName = "default" - WebhookName = "validation.webhook.telemetry.kyma-project.io" + ValidatingWebhookName = "telemetry-validating-webhook.kyma-project.io" MetricGatewayServiceName = "telemetry-otlp-metrics" TraceGatewayServiceName = "telemetry-otlp-traces"