File tree Expand file tree Collapse file tree 3 files changed +44
-1
lines changed Expand file tree Collapse file tree 3 files changed +44
-1
lines changed Original file line number Diff line number Diff line change @@ -16,6 +16,7 @@ import (
1616
1717 corev1 "k8s.io/api/core/v1"
1818 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
19+ utilversion "k8s.io/apimachinery/pkg/util/version"
1920 "k8s.io/client-go/kubernetes"
2021 "k8s.io/kubernetes/test/e2e/framework"
2122 e2edebug "k8s.io/kubernetes/test/e2e/framework/debug"
3233 metav1 .NamespaceSystem ,
3334 "azure-workload-identity-system" ,
3435 }
36+
37+ useNativeSidecar bool
3538)
3639
3740var _ = ginkgo .SynchronizedBeforeSuite (func (ctx context.Context ) []byte {
@@ -81,7 +84,15 @@ var _ = ginkgo.SynchronizedBeforeSuite(func(ctx context.Context) []byte {
8184 if serverVersion != nil {
8285 framework .Logf ("kube-apiserver version: %s" , serverVersion .GitVersion )
8386 }
84-
87+ sv , err := utilversion .ParseSemantic (serverVersion .GitVersion )
88+ if err != nil {
89+ framework .Failf ("unexpected server error parsing version: %v" , err )
90+ }
91+ // "SidecarContainers" went beta in 1.29. With the 3 version skew policy,
92+ // between API server and kubelet, 1.32 is the earliest version this can be
93+ // safely used.
94+ useNativeSidecar = sv .AtLeast (utilversion .MajorMinor (1 , 32 ))
95+ framework .Logf ("proxy should use native sidecar: %t" , useNativeSidecar )
8596 return nil
8697}, func (data []byte ) {})
8798
Original file line number Diff line number Diff line change @@ -320,3 +320,31 @@ func getVolumeProjectionSources(serviceAccountName string) []corev1.VolumeProjec
320320 }},
321321 }
322322}
323+
324+ func validateProxySideCarInMutatedPod (pod * corev1.Pod ) {
325+ framework .Logf ("validating that the proxy sidecar is injected to %s" , pod .Name )
326+ containers := pod .Spec .Containers
327+ if useNativeSidecar {
328+ framework .Logf ("validating that the proxy init container is injected as native sidecar to %s" , pod .Name )
329+ containers = pod .Spec .InitContainers
330+ }
331+
332+ proxySidecar := getProxySidecarContainer (containers )
333+ gomega .Expect (proxySidecar ).NotTo (gomega .BeNil (), "proxy sidecar is not injected to pod %s" , pod .Name )
334+
335+ if useNativeSidecar {
336+ gomega .Expect (proxySidecar .RestartPolicy ).ToNot (gomega .BeNil (), "proxy sidecar in pod %s should have a restart policy" , pod .Name )
337+ gomega .Expect (* proxySidecar .RestartPolicy ).To (gomega .Equal (corev1 .ContainerRestartPolicyAlways ), "proxy sidecar in pod %s should have restart policy 'Always'" , pod .Name )
338+ } else {
339+ gomega .Expect (proxySidecar .RestartPolicy ).To (gomega .BeNil (), "proxy sidecar in pod %s should not have a restart policy" , pod .Name )
340+ }
341+ }
342+
343+ func getProxySidecarContainer (containers []corev1.Container ) * corev1.Container {
344+ for _ , container := range containers {
345+ if container .Name == "azwi-proxy" {
346+ return & container
347+ }
348+ }
349+ return nil
350+ }
Original file line number Diff line number Diff line change @@ -59,6 +59,8 @@ var _ = ginkgo.Describe("Proxy [LinuxOnly] [AKSSoakOnly]", func() {
5959 }
6060 }()
6161
62+ validateProxySideCarInMutatedPod (pod )
63+
6264 for _ , container := range []string {busybox1 , busybox2 } {
6365 framework .Logf ("validating that %s in %s has acquired a valid AAD token via the proxy" , container , pod .Name )
6466 gomega .Eventually (func () bool {
@@ -113,6 +115,8 @@ var _ = ginkgo.Describe("Proxy [LinuxOnly] [AKSSoakOnly]", func() {
113115 }
114116 }()
115117
118+ validateProxySideCarInMutatedPod (pod )
119+
116120 for _ , container := range []string {busybox1 , busybox2 } {
117121 framework .Logf ("validating that %s in %s has acquired a valid AAD token via the proxy using AZURE_CLIENT_ID" , container , pod .Name )
118122 gomega .Eventually (func () bool {
You can’t perform that action at this time.
0 commit comments