cluster/admitomatic: implement opt-out namespaces
Change-Id: I32d4b019211fa755e2b3b103b88ea3f4c14e500f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1521
Reviewed-by: informatic <informatic@hackerspace.pl>
diff --git a/cluster/admitomatic/ingress_test.go b/cluster/admitomatic/ingress_test.go
index 15a6049..92b1357 100644
--- a/cluster/admitomatic/ingress_test.go
+++ b/cluster/admitomatic/ingress_test.go
@@ -94,6 +94,7 @@
f.allow("personal-q3k", "*.k0.q3k.org")
f.allow("personal-vuko", "shells.vuko.pl")
f.allow("minecraft", "*.k0.q3k.org")
+ f.anythingGoesNamespaces = []string{"opted-out"}
mkReq := func(ns string, annotations map[string]string, is *networking.IngressSpec) *admission.AdmissionRequest {
i := &networking.Ingress{
@@ -185,6 +186,19 @@
},
},
}), ""},
+ // 6: janky annotations, should be allowed by exception
+ {mkReq("opted-out", map[string]string{
+ "nginx.ingress.kubernetes.io/configuration-snippet": "omghax",
+ }, &networking.IngressSpec{
+ Rules: []networking.IngressRule{
+ {Host: "matrix.hackerspace.pl"},
+ },
+ TLS: []networking.IngressTLS{
+ {
+ Hosts: []string{"matrix.hackerspace.pl"},
+ },
+ },
+ }), ""},
} {
res, err := f.admit(el.req)
if err != nil {