Merge pull request #1677 from mythi/PR-2024-004

webhooks: make SGX mutator registration to follow other webhooks

.github/workflows/lib-e2e.yaml

@@ -42,6 +42,7 @@ jobs:
             runner: simics-spr
             images: intel-qat-plugin intel-qat-initcontainer openssl-qat-engine
           - name: e2e-sgx
+            targetjob: e2e-sgx FOCUS="|(SGX Admission)"
             runner: sgx
             images: intel-sgx-plugin intel-sgx-initcontainer intel-sgx-admissionwebhook sgx-sdk-demo intel-deviceplugin-operator
 

cmd/operator/main.go

@@ -21,7 +21,6 @@ import (
 	"os"
 	"strings"
 
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -44,7 +43,6 @@ import (
 	"github.com/intel/intel-device-plugins-for-kubernetes/pkg/fpgacontroller"
 	"github.com/intel/intel-device-plugins-for-kubernetes/pkg/fpgacontroller/patcher"
 	sgxwebhook "github.com/intel/intel-device-plugins-for-kubernetes/pkg/webhooks/sgx"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
 )
 
 var (
@@ -176,10 +174,7 @@ func main() {
 	}
 
 	if contains(devices, "sgx") {
-		if err = builder.WebhookManagedBy(mgr).
-			For(&corev1.Pod{}).
-			WithDefaulter(&sgxwebhook.Mutator{}).
-			Complete(); err != nil {
+		if err = (&sgxwebhook.Mutator{}).SetupWebhookWithManager(mgr); err != nil {
 			setupLog.Error(err, "unable to create webhook", "webhook", "Pod")
 			os.Exit(1)
 		}

cmd/sgx_admissionwebhook/main.go

@@ -20,10 +20,8 @@ import (
 	"os"
 
 	sgxwebhook "github.com/intel/intel-device-plugins-for-kubernetes/pkg/webhooks/sgx"
-	corev1 "k8s.io/api/core/v1"
 	"k8s.io/klog/v2/textlogger"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
@@ -59,10 +57,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err := builder.WebhookManagedBy(mgr).
-		For(&corev1.Pod{}).
-		WithDefaulter(&sgxwebhook.Mutator{}).
-		Complete(); err != nil {
+	if err := (&sgxwebhook.Mutator{}).SetupWebhookWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create webhook", "webhook", "Pod")
 		os.Exit(1)
 	}

pkg/webhooks/sgx/sgx.go

@@ -22,6 +22,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 
 	"github.com/intel/intel-device-plugins-for-kubernetes/pkg/internal/containers"
@@ -34,6 +35,13 @@ var ErrObjectType = errors.New("invalid runtime object type")
 // Mutator annotates Pods.
 type Mutator struct{}
 
+func (s *Mutator) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(&corev1.Pod{}).
+		WithDefaulter(s).
+		Complete()
+}
+
 const (
 	namespace                = "sgx.intel.com"
 	encl                     = namespace + "/enclave"

test/e2e/iaa/iaa.go

@@ -106,7 +106,7 @@ func describe() {
 			e2ekubectl.RunKubectlOrDie(f.Namespace.Name, "apply", "-f", demoPath)
 
 			ginkgo.By("waiting for the IAA demo to succeed")
-			err := e2epod.WaitForPodSuccessInNamespaceTimeout(ctx, f.ClientSet, podName, f.Namespace.Name, 300*time.Second)
+			err := e2epod.WaitForPodSuccessInNamespaceTimeout(ctx, f.ClientSet, podName, f.Namespace.Name, 360*time.Second)
 			gomega.Expect(err).To(gomega.BeNil(), utils.GetPodLogs(ctx, f, podName, podName))
 		})