KropCloud/cert-manager-webhook-example
1
0
Fork 1
mirror of https://github.com/cert-manager/webhook-example.git synced 2025-07-01 14:25:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

New KUBE_VERSION, handle temp errs, update READMEs

Browse source
This commit is contained in:
Valentin Klopfenstein 2025-03-12 10:42:10 +01:00
parent 9b0da083ff
commit 4b05cc8c04
5 changed files with 58 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.github/workflows/test-go.yaml vendored
View file

@ -42,6 +42,10 @@ jobs:
export TEST_ASSET_ETCD=${{ steps.kubebuilder.outputs.BIN_DIR }}/etcd
export TEST_ASSET_KUBECTL=${{ steps.kubebuilder.outputs.BIN_DIR }}/kubectl
export TEST_ZONE_NAME="${DNSIMPLE_ZONE_NAME}." # add trailing dot
YLW='\033[1;33m'
NC='\033[0m'
echo """apiVersion: v1
kind: Secret
metadata:
@ -51,4 +55,17 @@ jobs:
token: $DNSIMPLE_API_TOKEN
""" > testdata/dnsimple-token.yaml
cd src
go test -v .
# Occasionally, transient network errors can make tests fail
attempt=0
max_attempts=3
while [ $attempt -lt $max_attempts ]; do
attempt=$((attempt+1))
output=$(go test -v . 2>&1 | tee /dev/tty)
if echo "$output" | grep -q -e "Temporary failure in name resolution" -e "connection reset by peer"; then
echo -e "${YLW}Detected transient network error. Retrying... ($attempt/$max_attempts)${NC}"
else
break
fi
done

4
Makefile
View file

@ -1,7 +1,9 @@
GO ?= $(shell which go)
OS ?= $(shell $(GO) env GOOS)
ARCH ?= $(shell $(GO) env GOARCH)
KUBE_VERSION=1.25.0
# Available versions: https://storage.googleapis.com/kubebuilder-tools
KUBE_VERSION=$(shell curl -s https://storage.googleapis.com/kubebuilder-tools | grep -oP 'kubebuilder-tools-\K[0-9]+\.[0-9]+\.[0-9]+' | sort -V | tail -n 1 || echo "1.30.0")
# required by go tests
export TEST_ASSET_ETCD=../_test/kubebuilder/etcd

28
README.md
View file

@ -75,26 +75,34 @@ The Helm chart accepts the following values:
All cert-manager webhooks have to pass the DNS01 provider conformance testing suite.
### Pull requests
Prerequisites for PRs are implemented as GitHub-actions. All tests should pass before a PR is merged:
- the `cert-manager` conformance suite is run with provided kubebuilder fixtures
- a custom test suite running on a working k8s cluster (using `minikube`) is executed as well
Prerequisites for PRs are implemented as GitHub-actions. All tests should pass before a PR is merged:
- The `cert-manager` conformance suite is run with provided kubebuilder fixtures
- A custom test suite running on a working k8s cluster (using `minikube`) is executed as well
### Local testing
#### Test suite
You can also run tests locally, as specified in the `Makefile`:
Tests can be run locally according to the `Makefile`:
1. Set-up `testdata/` according to its [README][3].
- `dnsimple-token.yaml` should be filled with a valid token (for either the sandbox or production environment)
- `dnsimple.env` should contain the remaining environment variables (non sensitive)
2. Execute the test suite:
1. Set up `testdata/` according to its [README][3]
- `dnsimple-token.yaml` should be filled with a valid token (for either the sandbox or production environment)
2. Set env var `TEST_ZONE_NAME`, adding a trailing dot
- `export TEST_ZONE_NAME="<zone>."`
3. Execute the test suite:
```bash
make test
```
> [!NOTE]
> Kubebuilder will always use the latest version available.
#### In-cluster testing
1. Install cert-manager:
```bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.yaml
```
2. Install the webhook:
```bash
helm install cert-manager-webhook-dnsimple \
@ -103,6 +111,7 @@ You can also run tests locally, as specified in the `Makefile`:
--set clusterIssuer.staging.enabled=true \
./charts/cert-manager-webhook-dnsimple
```
3. Test away... You can create a sample certificate to ensure the webhook is working correctly:
```bash
kubectl apply -f - <<<EOF
@ -123,7 +132,8 @@ You can also run tests locally, as specified in the `Makefile`:
## Releases
### Docker images
Every push to `master` or on a pull-request triggers the upload of a new docker image to the GitHub Container Registry (this is configured through github actions). These images should **not considered stable** and are tagged with `commit-<hash>`. **We recommend using a specific version tag for production deployments instead.**
Every push to `master` or on a pull-request triggers the upload of a new docker image to the GitHub Container Registry (this is configured through github actions).
These images should **not be considered stable** and are tagged with `commit-<hash>`. **We recommend using a specific version tag for production deployments instead.**
Tagged images are considered stable, these are the ones referenced by the default helm values.

18
src/main_test.go
View file

@ -1,22 +1,36 @@
package main
import (
"fmt"
"os"
"strings"
"testing"
dns "github.com/cert-manager/cert-manager/test/acme"
"sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
)
var (
zone = os.Getenv("TEST_ZONE_NAME")
const (
testdata_dir = "../testdata"
)
var (
zone = os.Getenv("TEST_ZONE_NAME")
)
func TestRunsSuite(t *testing.T) {
log.SetLogger(zap.New(zap.UseFlagOptions(&zap.Options{})))
// The manifest path should contain a file named config.json that is a
// snippet of valid configuration that should be included on the
// ChallengeRequest passed as part of the test cases.
// Ensure trailing dot
if !strings.HasSuffix(zone, ".") {
zone = fmt.Sprintf("%s.", zone)
}
fixture := dns.NewFixture(&dnsimpleDNSProviderSolver{},
dns.SetResolvedZone(zone),
dns.SetAllowAmbientCredentials(false),

3
testdata/README.md vendored
View file

@ -6,4 +6,5 @@ Copy the `dnsimple-token.yaml.example` example file removing the `.example` suff
$ cp dnsimple-token.yaml{.example,}
```
Replace the placeholders for the API token in `dnsimple-token.yaml`. The API token can be generated in your DNSimple account settings in the automation tab.
Replace the placeholders for the API token in `dnsimple-token.yaml`.
The API token can be generated in your DNSimple account settings in the automation tab.