-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run more tests with admission webhook (validation) enabled #4680
Comments
I believe we could actually investigate the possibility of running webhook tests with envtest (and perhaps Kong Gateway started via With the introduction of Gateway Discovery tests like admission webhook integration tests might become more and more complicated to setup and debug. |
+1 |
What would be the difference in tests? Convenience how it's started? |
Yes, I believe it should allow using |
Currently, we use the
And call it, when we want to test with the Admission webhook.
I think we can have several options:
|
Another option: We can deploy the resources we need through Helm, which can also simplify many steps. I will temporarily leave this issue, I think #4973 will be a good choice. |
Is there an existing issue for this?
Problem Statement
Currently, the admission webhook is tested in the integration suite in isolation in files:
gateway_webhook_test.go
httproute_webhook_test.go
But tests that apply actual configurations (e.g. routing traffic based on Ingress configuration, etc.) and test their correctness don't have webhook enabled. Every valid configuration should not be blocked by webhook too. On the other hand, due to the nature of K8s, the admission webhook may be not configured/removed thus KIC should cope with invalid configurations too (the webhook should be able to reject as many as possible). It has to be tested.
Furthermore, validation webhook needs to be configured in a cluster for particular objects with
validatingwebhookconfigurations.admissionregistration.k8s
K8s object that is defined in custom rarely used script in repo and Helm chart. It can be easily overlooked, e.g. it happened forHTTPRoute
andIngress
, fixed in the below PRsProposed Solution
Treat admission webhook enabled as the default configuration for KIC, and run as much as possible test with it enabled.
Additional information
It's been discovered during the work on
that implemented (and covered with tests) features used to be rejected by admission webhook as not implemented yet. Another complementary issue has been created too
Acceptance Criteria
The text was updated successfully, but these errors were encountered: