-
Notifications
You must be signed in to change notification settings - Fork 39.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
federation: Adding support for namespace admission controls in federation-apiserver #31139
federation: Adding support for namespace admission controls in federation-apiserver #31139
Conversation
Am working on fixing the federation e2es. |
c773f64
to
7cd8664
Compare
This is now ready for review. Have fixed all federation e2es and have added a test to ensure that a request to create a namespaced resource fails if the namespace does not exist. I have a TODO to clean up the federation namespace after each test, which I will send another PR for (need to fix #31077 before that). ptal. |
I think you can only add NamespaceLifecycle. The others should be marked On Monday, August 22, 2016, Kubernetes Bot notifications@github.com wrote:
|
7cd8664
to
4ba25b3
Compare
Removed the other 2 namespace admission controls and filed #31195 to keep track to deprecate it in kube-apiserver. Updated the PR description and release-notes |
4ba25b3
to
db7af6c
Compare
@@ -94,7 +94,7 @@ function create-federation-api-objects { | |||
export FEDERATION_API_NODEPORT=32111 | |||
export FEDERATION_NAMESPACE | |||
export FEDERATION_NAME="${FEDERATION_NAME:-federation}" | |||
export DNS_ZONE_NAME="${DNS_ZONE_NAME:-federation.example}" # See https://tools.ietf.org/html/rfc2606 | |||
export DNS_ZONE_NAME="${DNS_ZONE_NAME:-federation.example.}" # See https://tools.ietf.org/html/rfc2606 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't seem to belong in this PR?
GCE e2e build/test passed for commit db7af6c. |
@@ -84,8 +84,44 @@ var _ = framework.KubeDescribe("Federation apiserver [Feature:Federation]", func | |||
framework.Logf("Verified that zero clusters remain") | |||
}) | |||
}) | |||
Describe("Admission control", func() { | |||
AfterEach(func() { | |||
framework.SkipUnlessFederated(f.Client) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Surely this belongs in BeforeEach(), not AfterEach()?
Thanks @nikhiljindal. Comments can be addressed in a followup PR. LGTM. |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
GCE e2e build/test passed for commit db7af6c. |
Automatic merge from submit-queue |
@nikhiljindal One of these tests is ~perma-failing since 8/23. Could you please take a look? |
Sure. Am on it: #31624 |
Now that we have namespaces in federation apiserver, we can support namespace admission controls.
There are 3 of these:
namespace/autoprovision, namespace/exists and namespace/lifecycle.
namespace/autoprovision, namespace/exists should be deprecated in kubernetes(#31195). Adding support for namespace/lifecycle to federation-apiserver.
As in kube-apiserver, enabling namespace/lifecycle by default.
cc @kubernetes/sig-cluster-federation @quinton-hoole
This change is