diff --git a/.github/workflows/composite-actions/istio-tests/action.yaml b/.github/workflows/composite-actions/istio-tests/action.yaml deleted file mode 100644 index 94602edb206..00000000000 --- a/.github/workflows/composite-actions/istio-tests/action.yaml +++ /dev/null @@ -1,45 +0,0 @@ -name: Gloo Istio Regression Tests - -description: Tests which run Gloo Edge in a Kubernetes cluster with Istio - -runs: - using: "composite" - steps: - - name: Prep Go Runner - uses: ./.github/workflows/composite-actions/prep-go-runner - - name: Install kind - uses: helm/kind-action@v1.10.0 - with: - install_only: true - version: ${{ matrix.kube-version.kind }} - - uses: azure/setup-kubectl@v4 - id: kubectl - with: - version: ${{ matrix.kube-version.kubectl }} - - uses: azure/setup-helm@v4 - with: - version: ${{ matrix.kube-version.helm }} - - name: Setup test env - shell: bash - env: - KUBE2E_TESTS: istio - CLUSTER_NAME: 'kind' - CLUSTER_NODE_VERSION: ${{ matrix.kube-version.node }} - run: ./ci/kind/setup-kind.sh - - name: Testing - kube e2e regression tests - env: - KUBE2E_TESTS: istio - shell: bash - run: | - if [[ "${{ matrix.kube-e2e-test-type }}" == "gloo-gateway" ]]; then - export GLOO_GATEWAY_SETUP=true - elif [[ "${{ matrix.kube-e2e-test-type }}" == "istio-auto" ]]; then - export ISTIO_AUTO_MTLS=true - fi - make install-test-tools run-kube-e2e-tests - - uses: actions/upload-artifact@v4 - if: ${{ failure() }} - with: - name: ${{matrix.kube-e2e-test-type}}@k8s${{matrix.kube-version.kubectl}}-kube-dump - path: "_output/kube2e-artifacts" - if-no-files-found: warn \ No newline at end of file diff --git a/.github/workflows/istio-tests.yaml b/.github/workflows/istio-tests.yaml deleted file mode 100644 index f13f0a20941..00000000000 --- a/.github/workflows/istio-tests.yaml +++ /dev/null @@ -1,65 +0,0 @@ -name: Istio Tests -on: - pull_request: - types: [opened, synchronize, reopened, ready_for_review] - -env: - VERSION: '1.0.0-ci1' - GITHUB_TOKEN: ${{ github.token }} # necessary to pass upgrade tests - -jobs: - prepare_env: - name: Prepare Environment - runs-on: ubuntu-22.04 - timeout-minutes: 5 - outputs: - should-auto-succeed-istio-tests: ${{ steps.run-strategy.outputs.auto_succeed }} - steps: - - name: Cancel Previous Actions - uses: styfle/cancel-workflow-action@0.12.1 - with: - access_token: ${{ github.token }} - - id: checkout-code - uses: actions/checkout@v4 - with: - # We require gathering the branch and tag history since we rely on a `git diff` - # which compares the state of two branches - fetch-depth: 0 - - id: process-skip-directives - uses: ./.github/workflows/composite-actions/process-skip-directives - with: - base-ref: ${{ github.base_ref }} - - id: run-strategy - name: Determine Test Run Strategy - run: | - skip_kube_tests=${{ steps.process-skip-directives.outputs.skip-kube-tests }} - if [[ ! -z $skip_kube_tests && $skip_kube_tests = true ]] ; then - echo "auto_succeed=true" >> $GITHUB_OUTPUT - fi - - # TODO(npolshak): Add multiple istio versions to test matrix - istio_tests: - name: istio integration tests - needs: prepare_env - runs-on: ubuntu-22.04 - timeout-minutes: 60 - if: ${{ !github.event.pull_request.draft }} - strategy: - fail-fast: false - matrix: - kube-e2e-test-type: [ 'istio-auto', 'gloo-gateway' ] - kube-version: [ { node: 'v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245', kubectl: 'v1.29.2', kind: 'v0.20.0', helm: 'v3.14.4' } ] - merge-to-main: - - ${{ github.event.pull_request.base.ref == 'main' }} - exclude: - - merge-to-main: true - kube-e2e-test-type: upgrade - steps: - - uses: actions/checkout@v4 - - id: run-tests - if: needs.prepare_env.outputs.should-auto-succeed-istio-tests != 'true' - uses: ./.github/workflows/composite-actions/istio-tests - - id: auto-succeed-tests - if: needs.prepare_env.outputs.should-auto-succeed-istio-tests == 'true' - run: | - echo "Istio tests auto-succeeded" \ No newline at end of file diff --git a/.github/workflows/pr-kubernetes-tests.yaml b/.github/workflows/pr-kubernetes-tests.yaml index c0cbbed272c..1ecc62f1c9d 100644 --- a/.github/workflows/pr-kubernetes-tests.yaml +++ b/.github/workflows/pr-kubernetes-tests.yaml @@ -64,7 +64,7 @@ jobs: # May 14th: ~ minutes execution time (see load_balancing_tests.md) - cluster-name: 'cluster-three' go-test-args: '-v -timeout=25m' - go-test-run-regex: '(^TestK8sGatewayIstioAutoMtls$$|^TestAutomtlsIstioEdgeApisGateway$$|^TestIstioEdgeApiGateway$$)' + go-test-run-regex: '(^TestK8sGatewayIstioAutoMtls$$|^TestAutomtlsIstioEdgeApisGateway$$|^TestIstioEdgeApiGateway$$|^TestIstioRegression$$)' # May 14th: ~ minutes execution time (see load_balancing_tests.md) - cluster-name: 'cluster-four' diff --git a/.github/workflows/regression-tests.yaml b/.github/workflows/regression-tests.yaml index 367e8d7da12..5ad77987100 100644 --- a/.github/workflows/regression-tests.yaml +++ b/.github/workflows/regression-tests.yaml @@ -49,7 +49,7 @@ jobs: # upgrade tests are run on LTS but not on main branch, for main they are run nightly # ingress will be deprecated from 1.17. Ref: https://solo-io-corp.slack.com/archives/G01EERAK3KJ/p1716389614777799 # this is the github action version of ternary op - kube-e2e-test-type: [ 'gateway', 'gloo', 'ingress', 'helm', 'gloomtls', 'glooctl', 'upgrade', 'istio' ] + kube-e2e-test-type: [ 'gateway', 'gloo', 'ingress', 'helm', 'gloomtls', 'glooctl', 'upgrade' ] kube-version: [ { node: 'v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245', kubectl: 'v1.29.2', kind: 'v0.20.0', helm: 'v3.14.4' } ] image-variant: - distroless diff --git a/changelog/v1.18.0-beta1/remove-old-istio-tests.yaml b/changelog/v1.18.0-beta1/remove-old-istio-tests.yaml new file mode 100644 index 00000000000..a0c06f2696a --- /dev/null +++ b/changelog/v1.18.0-beta1/remove-old-istio-tests.yaml @@ -0,0 +1,4 @@ +changelog: + - type: NON_USER_FACING + description: >- + Remove old Istio integration regression e2e tests and glooctl Istio integration e2e tests. \ No newline at end of file diff --git a/ci/kind/setup-kind.sh b/ci/kind/setup-kind.sh index 4b126944ab6..ca0b224d96c 100755 --- a/ci/kind/setup-kind.sh +++ b/ci/kind/setup-kind.sh @@ -15,8 +15,6 @@ SKIP_DOCKER="${SKIP_DOCKER:-false}" JUST_KIND="${JUST_KIND:-false}" # Offer a default value for type of installation KUBE2E_TESTS="${KUBE2E_TESTS:-gateway}" # If 'KUBE2E_TESTS' not set or null, use 'gateway'. -# The version of istio to install for glooctl tests. This should get set by the 'setup-kind-cluster' github action, where it is a required input. -ISTIO_VERSION="${ISTIO_VERSION:-1.22.0}" # Set the default image variant to standard IMAGE_VARIANT="${IMAGE_VARIANT:-standard}" # If true, run extra steps to set up k8s gateway api conformance test environment @@ -103,16 +101,3 @@ if [[ $CONFORMANCE == "true" ]]; then - address-pool EOF fi - -# 7. Install additional resources used for particular KUBE2E tests -if [[ $KUBE2E_TESTS = "glooctl" || $KUBE2E_TESTS = "istio" ]]; then - TARGET_ARCH=x86_64 - if [[ $ARCH == 'arm64' ]]; then - TARGET_ARCH=arm64 - fi - echo "Downloading Istio $ISTIO_VERSION" - curl -L https://istio.io/downloadIstio | ISTIO_VERSION=$ISTIO_VERSION TARGET_ARCH=$TARGET_ARCH sh - - - echo "Installing Istio" - yes | "./istio-$ISTIO_VERSION/bin/istioctl" install --set profile=minimal -fi diff --git a/test/kube2e/istio/README.md b/devel/architecture/istio-integration.md similarity index 97% rename from test/kube2e/istio/README.md rename to devel/architecture/istio-integration.md index c4cdd64f7c1..84168e19bfd 100644 --- a/test/kube2e/istio/README.md +++ b/devel/architecture/istio-integration.md @@ -43,10 +43,10 @@ To keep the mTLS communication transparent to the Edge configuration, we again l [Istio](https://istio.io/latest/docs/ops/deployment/architecture/) is logically split into a data plane and a control plane. The data plane is composed of a set of intelligent proxies (Envoy) deployed as sidecars. The control plane (istiod) provides service discovery, configuration and certificate management. Istiod acts as a Certificate Authority (CA) and generates certificates to allow secure mTLS communication in the data plane. -**Istio-Proxy Sidecar**: This is responsible for generating the certificates used for mTLS communication. These certificates are mounted to a volume, which are then provided to the gateway-proxy configuration via SDS. The gateway-proxy, with these certificates, is now able to establish mTLS communication with an upstream in the Mesh. -The Istio-Proxy Sidecar usually runs both the istio-agent and envoy. The [istio-agent](https://github.com/istio/istio/blob/master/architecture/security/istio-agent.md) is responsible for generating the certificates, and the envoy is responsible for terminating TLS and establishing mTLS communication with other services in the Mesh. -By default, the istio-proxy will run an extended version of the Envoy proxy. However, we don't need the istio-proxy Envoy functionality, we only need the istio-agent to create the CSR request to istiod and handle rotating certificates near expiration. -To avoid running the istio-proxy Envoy, we can set the `DISABLE_ENVOY` environment variable. This will cause the istio-proxy to run in proxyless mode and not start the Envoy process. +**Istio-Proxy Sidecar**: This is responsible for generating the certificates used for mTLS communication. These certificates are mounted to a volume, which are then provided to the gateway-proxy configuration via SDS. The gateway-proxy, with these certificates, is now able to establish mTLS communication with an upstream in the Mesh. +The Istio-Proxy Sidecar usually runs both the istio-agent and envoy. The [istio-agent](https://github.com/istio/istio/blob/master/architecture/security/istio-agent.md) is responsible for generating the certificates, and the envoy is responsible for terminating TLS and establishing mTLS communication with other services in the Mesh. +By default, the istio-proxy will run an extended version of the Envoy proxy. However, we don't need the istio-proxy Envoy functionality, we only need the istio-agent to create the CSR request to istiod and handle rotating certificates near expiration. +To avoid running the istio-proxy Envoy, we can set the `DISABLE_ENVOY` environment variable. This will cause the istio-proxy to run in proxyless mode and not start the Envoy process. @@ -64,7 +64,7 @@ While the component itself has a single responsibility, implement the SDS API, i _As a result, we have `glooMtls.enabled` to enable the former, and `istioIntegration.enabled` to enable the latter._ -Note, the current Gloo SDS does not reach out to Istiod. The istio-agent is responsible for sending the CSR to Istiod. +Note, the current Gloo SDS does not reach out to Istiod. The istio-agent is responsible for sending the CSR to Istiod. The SDS server then reads the certs from a file written by the istio-agent and then SDS serves the certificates to the Gloo Envoy proxy. # Validating mTLS Traffic @@ -73,9 +73,9 @@ Istio leverages the [`x-forwarded-client-cert`](https://istio.io/latest/docs/ops If the application that we’re running can logs requests that it receives, we could search the logs for the existence of that header -# Testing automtls +# Testing automtls -The istio e2e integration tests automtls functionality with Gloo Edge "classic" APIs and k8s Gateway API resources. This +The istio e2e integration tests automtls functionality with Gloo Edge "classic" APIs and k8s Gateway API resources. This can be manually tested by following the steps below on a kind cluster: 1. Setup environment and kind cluster @@ -164,7 +164,7 @@ Then edit upstream to disable automtls: kubectl edit upstreams -n gloo-system bookinfo-productpage-9080 ``` -Add this line: +Add this line: ```shell spec: @@ -272,7 +272,7 @@ Port-forward the new k8s gateway: kubectl port-forward deployment/gloo-proxy-http 8080:8080 ``` -Now let's send traffic with the same curl as before, this time going through the new k8s Gateway API gateway. +Now let's send traffic with the same curl as before, this time going through the new k8s Gateway API gateway. The first attempt will succeed because of automtls is still enabled on the settings policy: ```shell diff --git a/test/kube2e/glooctl/glooctl_suite_test.go b/test/kube2e/glooctl/glooctl_suite_test.go index 1ca4a6005c2..3a0fbb5bcb9 100644 --- a/test/kube2e/glooctl/glooctl_suite_test.go +++ b/test/kube2e/glooctl/glooctl_suite_test.go @@ -52,8 +52,6 @@ func StartTestHelper() { var err error testHelper, err = kube2e.GetTestHelper(ctx, namespace) Expect(err).NotTo(HaveOccurred()) - // Register additional fail handlers - skhelpers.RegisterPreFailHandler(helpers.StandardGlooDumpOnFail(GinkgoWriter, metav1.ObjectMeta{Namespace: "istio-system"}, metav1.ObjectMeta{Namespace: testHelper.InstallNamespace})) if !testutils.ShouldSkipInstall() { installGloo() diff --git a/test/kube2e/glooctl/istio_test.go b/test/kube2e/glooctl/istio_test.go deleted file mode 100644 index aee1e68ef01..00000000000 --- a/test/kube2e/glooctl/istio_test.go +++ /dev/null @@ -1,246 +0,0 @@ -package glooctl_test - -import ( - "net/http" - "time" - - "github.com/solo-io/gloo/projects/gateway/pkg/defaults" - "github.com/solo-io/gloo/test/kube2e/helper" - "github.com/solo-io/go-utils/testutils/exec" - "github.com/solo-io/skv2/codegen/util" - "github.com/solo-io/solo-kit/pkg/api/v1/clients" - - "path/filepath" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" -) - -var ( - petstoreYaml = filepath.Join(util.GetModuleRoot(), "example", "petstore", "petstore.yaml") - petstoreCurlOpts = helper.CurlOpts{ - Protocol: "http", - Path: "/api/pets", - Method: http.MethodGet, - Host: defaults.GatewayProxyName, - Service: defaults.GatewayProxyName, - Verbose: true, - Port: 80, - ConnectionTimeout: 1, - WithoutStats: true, - Headers: map[string]string{ - "Cache-Control": "no-cache", - }, - } - petstoreSuccessfulResponse = `[{"id":1,"name":"Dog","status":"available"},{"id":2,"name":"Cat","status":"pending"}]` -) - -var _ = Describe("Istio", Ordered, func() { - - BeforeEach(func() { - // These tests are known to be inconsistent, and cause toil in our CI pipeline - // https://github.com/solo-io/solo-projects/issues/6048 tracks the work to re-enable these tests - Skip("These tests are inconsistent. Temporarily disabling") - }) - - // Tests for: `glooctl istio [..]` - // These tests assume that Gloo and Istio are pre-installed in the cluster - - BeforeAll(func() { - err := exec.RunCommand(testHelper.RootDir, false, "kubectl", "apply", "-f", petstoreYaml) - Expect(err).NotTo(HaveOccurred(), "should be able to install petstore") - - _, err = GlooctlOut("add", "route", "--name", "petstore", "--namespace", testHelper.InstallNamespace, "--path-prefix", "/", "--dest-name", "default-petstore-8080", "--dest-namespace", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to add gloo route to petstore") - - err = exec.RunCommand(testHelper.RootDir, false, "kubectl", "label", "namespace", "default", "istio-injection=enabled", "--overwrite") - Expect(err).NotTo(HaveOccurred(), "should be able to add a label to enable istio injection") - }) - - AfterAll(func() { - err := exec.RunCommand(testHelper.RootDir, false, "kubectl", "label", "namespace", "default", "istio-injection-") - Expect(err).NotTo(HaveOccurred(), "should be able to remove the istio injection label") - - err = exec.RunCommand(testHelper.RootDir, false, "kubectl", "delete", "-f", petstoreYaml) - Expect(err).NotTo(HaveOccurred(), "should be able to uninstall petstore") - - err = exec.RunCommand(testHelper.RootDir, false, "kubectl", "delete", "vs", "petstore", "-n", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to delete the petstore VS") - - Eventually(func(g Gomega) { - virtualServices, err := resourceClientset.VirtualServiceClient().List(testHelper.InstallNamespace, clients.ListOpts{ - Ctx: ctx, - }) - g.Expect(err).NotTo(HaveOccurred(), "should be able to list virtual services") - g.Expect(virtualServices).To(BeEmpty(), "should have no virtual services") - }, 10*time.Second, 1*time.Second).ShouldNot(HaveOccurred()) - }) - - EventuallyIstioInjected := func() { - trueOffset := 1 - EventuallyWithOffset(trueOffset, func(g Gomega) { - // Check for sds sidecar - sdsContainer, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "deployments", "gateway-proxy", "-o", `jsonpath='{.spec.template.spec.containers[?(@.name == "sds")].name}'`) - g.Expect(sdsContainer).To(Equal("'sds'"), "sds container should be present after injection") - g.Expect(err).NotTo(HaveOccurred(), "should be able to kubectl get the gateway-proxy containers") - - // Check for istio-proxy sidecar - istioContainer, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "deployments", "gateway-proxy", "-o", `jsonpath='{.spec.template.spec.containers[?(@.name == "istio-proxy")].name}'`) - g.Expect(istioContainer).To(Equal("'istio-proxy'"), "istio-proxy container should be present after injection") - g.Expect(err).NotTo(HaveOccurred()) - - // Check for configMap changes - configMapEnvoyYAML, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "configmaps", "gateway-proxy-envoy-config", "-o", `jsonpath='{.data}'`) - g.Expect(configMapEnvoyYAML).To(ContainSubstring("clusterName: gateway_proxy_sds")) - g.Expect(err).NotTo(HaveOccurred(), "should be able to kubectl get the gateway-proxy containers") - }, time.Second*10, time.Second).ShouldNot(HaveOccurred(), "eventually istio injected") - } - - EventuallyIstioUninjected := func() { - trueOffset := 1 - EventuallyWithOffset(trueOffset, func(g Gomega) { - // Check for sds sidecar - sdsContainer, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "deployments", "gateway-proxy", "-o", `jsonpath='{.spec.template.spec.containers[?(@.name == "sds")].name}'`) - g.Expect(sdsContainer).To(Equal("''"), "sds container should be removed after uninjection") - g.Expect(err).NotTo(HaveOccurred(), "should be able to kubectl get the gateway-proxy containers") - - // Check for istio-proxy sidecar - istioContainer, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "deployments", "gateway-proxy", "-o", `jsonpath='{.spec.template.spec.containers[?(@.name == "istio-proxy")].name}'`) - g.Expect(istioContainer).To(Equal("''"), "istio-proxy container should be removed after uninjection") - g.Expect(err).NotTo(HaveOccurred()) - - // Check for configMap changes - configMapEnvoyYAML, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "configmaps", "gateway-proxy-envoy-config", "-o", `jsonpath='{.data}'`) - g.Expect(configMapEnvoyYAML).NotTo(ContainSubstring("clusterName: gateway_proxy_sds"), "gateway_proxy_sds cluster should be removed after uninject") - g.Expect(err).NotTo(HaveOccurred(), "should be able to kubectl get the gateway-proxy containers") - }, time.Second*10, time.Second).ShouldNot(HaveOccurred(), "eventually istio uninjected") - - } - - Context("inject", func() { - - BeforeEach(func() { - // We are assuming to be working from a clean slate, so there is no need to set anything up - }) - - AfterEach(func() { - _, err := GlooctlOut("istio", "uninject", "--namespace", testHelper.InstallNamespace, "--include-upstreams=true") - Expect(err).NotTo(HaveOccurred(), "should be able to run 'glooctl istio uninject' without errors") - - EventuallyIstioUninjected() - }) - - It("works on gateway-pod", func() { - testHelper.CurlEventuallyShouldRespond(petstoreCurlOpts, petstoreSuccessfulResponse, 0, 60*time.Second, 1*time.Second) - - _, err := GlooctlOut("istio", "inject", "--namespace", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to run 'glooctl istio inject' without errors") - - EventuallyIstioInjected() - - _, err = GlooctlOut("istio", "enable-mtls", "--upstream", "default-petstore-8080", "-n", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to enable mtls on the petstore upstream via sslConfig") - - err = toggleStictModePetstore(true) - Expect(err).NotTo(HaveOccurred(), "should be able to enable mtls strict mode on the petstore app") - - testHelper.CurlEventuallyShouldRespond(petstoreCurlOpts, petstoreSuccessfulResponse, 0, 60*time.Second, 1*time.Second) - }) - - }) - - Context("uninject (success)", func() { - - BeforeEach(func() { - testHelper.CurlEventuallyShouldRespond(petstoreCurlOpts, petstoreSuccessfulResponse, 1, 10*time.Second, 1*time.Second) - - _, err := GlooctlOut("istio", "inject", "--namespace", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to run 'glooctl istio inject' without errors") - - EventuallyIstioInjected() - - err = toggleStictModePetstore(false) - Expect(err).NotTo(HaveOccurred(), "should be able to disable mtls strict mode on the petstore app") - }) - - AfterEach(func() { - // We are assuming each test to uninject correctly, so there is nothing to clean up - }) - - When("no upstreams contain sds configuration", func() { - - It("succeeds", func() { - _, err := GlooctlOut("istio", "uninject", "--namespace", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to run 'glooctl istio uninject' without errors") - - EventuallyIstioUninjected() - - // Expect it to work - testHelper.CurlEventuallyShouldRespond(petstoreCurlOpts, petstoreSuccessfulResponse, 1, 60*time.Second, 1*time.Second) - }) - - }) - - When("upstreams contain sds configuration and --include-upstreams=true", func() { - - It("succeeds", func() { - _, err := GlooctlOut("istio", "enable-mtls", "--upstream", "default-petstore-8080", "-n", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to enable mtls on the petstore upstream via sslConfig") - - _, err = GlooctlOut("istio", "uninject", "--namespace", testHelper.InstallNamespace, "--include-upstreams=true") - Expect(err).NotTo(HaveOccurred(), "should be able to run 'glooctl istio uninject' without errors") - - EventuallyIstioUninjected() - - // Expect it to work - testHelper.CurlEventuallyShouldRespond(petstoreCurlOpts, petstoreSuccessfulResponse, 1, 60*time.Second, 1*time.Second) - }) - }) - - }) - - Context("uninject (failure)", func() { - - BeforeEach(func() { - testHelper.CurlEventuallyShouldRespond(petstoreCurlOpts, petstoreSuccessfulResponse, 1, 10*time.Second, 1*time.Second) - - _, err := GlooctlOut("istio", "inject", "--namespace", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to run 'glooctl istio inject' without errors") - - EventuallyIstioInjected() - - err = toggleStictModePetstore(false) - Expect(err).NotTo(HaveOccurred(), "should be able to enable mtls strict mode on the petstore app") - }) - - AfterEach(func() { - _, err := GlooctlOut("istio", "uninject", "--namespace", testHelper.InstallNamespace, "--include-upstreams=true") - Expect(err).NotTo(HaveOccurred(), "should be able to run 'glooctl istio uninject' without errors") - - EventuallyIstioUninjected() - }) - - When("upstreams contain sds configuration and --include-upstreams=false", func() { - - It("fails", func() { - _, err := GlooctlOut("istio", "enable-mtls", "--upstream", "default-petstore-8080", "-n", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred(), "should be able to enable mtls on the petstore upstream via sslConfig") - - _, err = GlooctlOut("istio", "uninject", "--namespace", testHelper.InstallNamespace, "--include-upstreams=false") - Expect(err).To(HaveOccurred(), "should not be able to run 'glooctl istio uninject' without errors") - }) - - }) - - }) - -}) - -func toggleStictModePetstore(strictModeEnabled bool) error { - yamlPath := testHelper.RootDir + "/test/kube2e/glooctl/petstore_peerauth_permissive.yaml" - if strictModeEnabled { - yamlPath = testHelper.RootDir + "/test/kube2e/glooctl/petstore_peerauth_strict.yaml" - } - return exec.RunCommand(testHelper.RootDir, false, "kubectl", "apply", "-f", yamlPath) - -} diff --git a/test/kube2e/istio/artifacts/automtls-helm.yaml b/test/kube2e/istio/artifacts/automtls-helm.yaml deleted file mode 100644 index 52d1fa50ba9..00000000000 --- a/test/kube2e/istio/artifacts/automtls-helm.yaml +++ /dev/null @@ -1,40 +0,0 @@ -global: - istioIntegration: - enabled: true - glooMtls: - istioProxy: - image: - repository: proxyv2 - registry: docker.io/istio - tag: 1.22.0 # This tag has to match the version of Istio being used in the test -gloo: - logLevel: info - disableLeaderElection: true - deployment: - # We have limited GitHub action resources which can cause containers to not create - # therefore we lessen the cpu resource requests values from the default (500m) to 100m. - resources: - requests: - cpu: 100m - memory: 256Mi -gatewayProxies: - gatewayProxy: - podTemplate: - resources: - requests: - cpu: 100m - memory: 256Mi - healthyPanicThreshold: 0 - -# These values are recommended production values and are not expected to impact tested behavior for the Istio suite -settings: - invalidConfigPolicy: - replaceInvalidRoutes: true - invalidRouteResponseCode: 404 - invalidRouteResponseBody: Gloo Gateway has invalid configuration. -gateway: - persistProxySpec: true - logLevel: info - validation: - allowWarnings: true - alwaysAcceptResources: false \ No newline at end of file diff --git a/test/kube2e/istio/artifacts/gloo-gateway-helm.yaml b/test/kube2e/istio/artifacts/gloo-gateway-helm.yaml deleted file mode 100644 index 11e22496676..00000000000 --- a/test/kube2e/istio/artifacts/gloo-gateway-helm.yaml +++ /dev/null @@ -1,47 +0,0 @@ -global: - istioIntegration: - enabled: true -gloo: - logLevel: info - disableLeaderElection: true - deployment: - # We have limited GitHub action resources which can cause containers to not create - # therefore we lessen the cpu resource requests values from the default (500m) to 100m. - resources: - requests: - cpu: 100m - memory: 256Mi - -# Disable gloo gateway and only rely on gateway created by Gateway resource -gatewayProxies: - gatewayProxy: - disabled: true - -# Disable discovery, Gloo gateway doesn't need this -discovery: - enabled: false - -# These values are recommended production values and are not expected to impact tested behavior for the Istio suite -settings: - # Note: disableKubernetesDestinations needs to be set for k8s gateway to select kube services - disableKubernetesDestinations: false - invalidConfigPolicy: - replaceInvalidRoutes: true - invalidRouteResponseCode: 404 - invalidRouteResponseBody: Gloo Gateway has invalid configuration. -gateway: - persistProxySpec: true - logLevel: info - validation: - allowWarnings: true - alwaysAcceptResources: false -kubeGateway: - enabled: true # Create the gateway resource as part of the test - gatewayParameters: - glooGateway: - istio: - istioProxyContainer: - image: - repository: proxyv2 - registry: docker.io/istio - tag: 1.22.0 # This tag has to match the version of Istio being used in the test \ No newline at end of file diff --git a/test/kube2e/istio/artifacts/httpbin.yaml b/test/kube2e/istio/artifacts/httpbin.yaml deleted file mode 100644 index 603ac5dd8ce..00000000000 --- a/test/kube2e/istio/artifacts/httpbin.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################################################## -# httpbin service -################################################################################################## -apiVersion: v1 -kind: ServiceAccount -metadata: - name: httpbin ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - labels: - app: httpbin - service: httpbin -spec: - ports: - - name: http - port: 8000 - targetPort: 80 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - serviceAccountName: httpbin - containers: - - image: docker.io/kennethreitz/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - ports: - - containerPort: 80 \ No newline at end of file diff --git a/test/kube2e/istio/artifacts/peerauth_disable.yaml b/test/kube2e/istio/artifacts/peerauth_disable.yaml deleted file mode 100644 index 8365d4ede6b..00000000000 --- a/test/kube2e/istio/artifacts/peerauth_disable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "test" - namespace: "istio-system" -spec: - mtls: - mode: DISABLE \ No newline at end of file diff --git a/test/kube2e/istio/artifacts/peerauth_permissive.yaml b/test/kube2e/istio/artifacts/peerauth_permissive.yaml deleted file mode 100644 index 1980ad89c54..00000000000 --- a/test/kube2e/istio/artifacts/peerauth_permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "test" - namespace: "istio-system" -spec: - mtls: - mode: PERMISSIVE \ No newline at end of file diff --git a/test/kube2e/istio/artifacts/peerauth_strict.yaml b/test/kube2e/istio/artifacts/peerauth_strict.yaml deleted file mode 100644 index c5119f5c687..00000000000 --- a/test/kube2e/istio/artifacts/peerauth_strict.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "test" - namespace: "istio-system" -spec: - mtls: - mode: STRICT \ No newline at end of file diff --git a/test/kube2e/istio/istio_integration_test.go b/test/kube2e/istio/istio_integration_test.go deleted file mode 100644 index 0fbcdb97e91..00000000000 --- a/test/kube2e/istio/istio_integration_test.go +++ /dev/null @@ -1,951 +0,0 @@ -package istio_test - -import ( - "fmt" - "net/http" - "path/filepath" - "time" - - testmatchers "github.com/solo-io/gloo/test/gomega/matchers" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "github.com/onsi/gomega/gstruct" - "github.com/solo-io/gloo/test/kube2e" - "google.golang.org/protobuf/types/known/wrapperspb" - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/ptr" - apiv1 "sigs.k8s.io/gateway-api/apis/v1" - gwv1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/solo-io/go-utils/testutils/exec" - kubeService "github.com/solo-io/solo-kit/api/external/kubernetes/service" - "github.com/solo-io/solo-kit/pkg/api/v1/clients" - "github.com/solo-io/solo-kit/pkg/api/v1/resources" - "github.com/solo-io/solo-kit/pkg/api/v1/resources/common/kubernetes" - "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" - skerrors "github.com/solo-io/solo-kit/pkg/errors" - - v1 "github.com/solo-io/gloo/projects/gateway/pkg/api/v1" - "github.com/solo-io/gloo/projects/gloo/cli/pkg/testutils" - gloov1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/core/matchers" - "github.com/solo-io/gloo/projects/gloo/pkg/defaults" - kubernetesplugin "github.com/solo-io/gloo/projects/gloo/pkg/plugins/kubernetes" - "github.com/solo-io/gloo/test/helpers" - "github.com/solo-io/gloo/test/kube2e/helper" -) - -const ( - httpbinName = "httpbin" - httpbinPort = 8000 -) - -var _ = Describe("Gloo + Istio integration tests", func() { - var ( - gatewayRef = core.ResourceRef{Name: "http", Namespace: "gloo-system"} - ) - - Context("port settings", func() { - var ( - serviceRef = core.ResourceRef{Name: helper.TestServerName, Namespace: defaults.GlooSystem} - virtualServiceRef = core.ResourceRef{Name: helper.TestServerName, Namespace: defaults.GlooSystem} - httpRouteRef = core.ResourceRef{Name: helper.TestServerName, Namespace: defaults.GlooSystem} - upstreamRef core.ResourceRef - ) - - AfterEach(func() { - var err error - if useGlooGateway { - err = resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpRouteRef.Namespace).Delete(ctx, httpRouteRef.Name, metav1.DeleteOptions{}) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - _, err := resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpRouteRef.Namespace).Get(ctx, httpRouteRef.Name, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - // Route is not found, indicating successful deletion - return true - } - fmt.Printf("Error getting HTTPRoute: %v\n", err) - return false - } - // Route still exists - return false - }).Should(BeTrue(), "HTTPRoute should be deleted") - } else { - err = resourceClientSet.VirtualServiceClient().Delete(virtualServiceRef.Namespace, virtualServiceRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - Expect(err).NotTo(HaveOccurred()) - helpers.EventuallyResourceDeleted(func() (resources.InputResource, error) { - return resourceClientSet.VirtualServiceClient().Read(virtualServiceRef.Namespace, virtualServiceRef.Name, clients.ReadOpts{}) - }) - } - - err = resourceClientSet.ServiceClient().Delete(serviceRef.Namespace, serviceRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - _, err := resourceClientSet.ServiceClient().Read(serviceRef.Namespace, serviceRef.Name, clients.ReadOpts{}) - // we should receive a DNE error, meaning it's now deleted - return err != nil && skerrors.IsNotExist(err) - }, "5s", "1s").Should(BeTrue()) - - err = resourceClientSet.UpstreamClient().Delete(upstreamRef.Namespace, upstreamRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - helpers.EventuallyResourceDeleted(func() (resources.InputResource, error) { - return resourceClientSet.UpstreamClient().Read(upstreamRef.Namespace, upstreamRef.Name, clients.ReadOpts{}) - }) - }) - - // Sets up services - setupServices := func(port int32, targetPort int) { - // A Service's TargetPort defaults to the Port if not set - tPort := intstr.FromInt(int(port)) - if targetPort != -1 { - tPort = intstr.FromInt(targetPort) - } - service := corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: serviceRef.Name, - Namespace: serviceRef.Namespace, - Labels: map[string]string{"gloo": helper.TestServerName}, - }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ - { - Name: "http", - Port: port, - TargetPort: tPort, - Protocol: corev1.ProtocolTCP, - }, - }, - Selector: map[string]string{"gloo": helper.TestServerName}, - }, - } - var err error - _, err = resourceClientSet.ServiceClient().Write( - &kubernetes.Service{Service: kubeService.Service{Service: service}}, - clients.WriteOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() error { - _, err := resourceClientSet.ServiceClient().Read(serviceRef.Namespace, service.Name, clients.ReadOpts{}) - return err - }, "5s", "1s").Should(BeNil()) - - // Check Endpoint is created with correct port before creating VirtualService - Eventually(func(g Gomega) { - endpoint, err := resourceClientSet.KubeClients().CoreV1().Endpoints(serviceRef.Namespace).Get(ctx, serviceRef.Name, metav1.GetOptions{}) - Expect(err).NotTo(HaveOccurred()) - Expect(endpoint.Subsets).To(HaveLen(1)) - Expect(endpoint.Subsets[0].Ports).To(HaveLen(1)) - Expect(endpoint.Subsets[0].Ports[0].Port).To(Equal(tPort.IntVal)) - }, "5s", "1s").Should(Succeed()) - - // the upstream should be created by discovery service - upstreamRef = core.ResourceRef{ - Name: kubernetesplugin.UpstreamName(defaults.GlooSystem, helper.TestServerName, port), - Namespace: defaults.GlooSystem, - } - - if useGlooGateway { - httpRoute := &gwv1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ - Name: httpRouteRef.Name, - Namespace: httpRouteRef.Namespace, - }, - Spec: gwv1.HTTPRouteSpec{ - Hostnames: []gwv1.Hostname{gwv1.Hostname(helper.TestServerName)}, - CommonRouteSpec: gwv1.CommonRouteSpec{ - ParentRefs: []gwv1.ParentReference{{ - Name: apiv1.ObjectName(gatewayRef.Name), - Namespace: ptr.To(apiv1.Namespace(gatewayRef.Namespace)), - }}, - }, - Rules: []gwv1.HTTPRouteRule{ - { - Matches: []gwv1.HTTPRouteMatch{ - { - Path: &gwv1.HTTPPathMatch{ - Type: ptr.To(gwv1.PathMatchPathPrefix), - Value: ptr.To("/"), - }, - }, - }, - BackendRefs: []gwv1.HTTPBackendRef{ - { - BackendRef: gwv1.BackendRef{ - BackendObjectReference: gwv1.BackendObjectReference{ - Name: apiv1.ObjectName(helper.TestServerName), - Port: ptr.To(apiv1.PortNumber(port)), - }, - }, - }, - }, - }, - }, - }, - } - - _, err = resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpRouteRef.Namespace).Create(ctx, httpRoute, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - route, err := resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpRouteRef.Namespace).Get(ctx, httpRouteRef.Name, metav1.GetOptions{}) - if err != nil { - fmt.Printf("Error getting HTTPRoute: %v\n", err) - return false - } - return route != nil - }).Should(BeTrue(), "HttpRoute should be created") - } else { - // TODO(npolshak): Need to fix status on resource. This is a temporary deflake for https://github.com/solo-io/gloo/issues/8554. - helpers.EventuallyResourceStatusMatches(func() (resources.InputResource, error) { - return resourceClientSet.UpstreamClient().Read(upstreamRef.Namespace, upstreamRef.Name, clients.ReadOpts{}) - }, - Or( - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Accepted), - }), - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Pending), - }), - ), - ) - - virtualService := &v1.VirtualService{ - Metadata: &core.Metadata{ - Name: virtualServiceRef.Name, - Namespace: virtualServiceRef.Namespace, - }, - VirtualHost: &v1.VirtualHost{ - Domains: []string{helper.TestServerName}, - Routes: []*v1.Route{{ - Action: &v1.Route_RouteAction{ - RouteAction: &gloov1.RouteAction{ - Destination: &gloov1.RouteAction_Single{ - Single: &gloov1.Destination{ - DestinationType: &gloov1.Destination_Upstream{ - Upstream: &upstreamRef, - }, - }, - }, - }, - }, - Matchers: []*matchers.Matcher{ - { - PathSpecifier: &matchers.Matcher_Prefix{ - Prefix: "/", - }, - }, - }, - }}, - }, - } - - _, err = resourceClientSet.VirtualServiceClient().Write(virtualService, clients.WriteOpts{}) - Expect(err).NotTo(HaveOccurred()) - // TODO(npolshak): Need to fix status on resource. This is a temporary deflake for https://github.com/solo-io/gloo/issues/8554. - helpers.EventuallyResourceStatusMatches(func() (resources.InputResource, error) { - return resourceClientSet.VirtualServiceClient().Read(virtualServiceRef.Namespace, virtualServiceRef.Name, clients.ReadOpts{}) - }, - Or( - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Accepted), - }), - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Pending), - }), - ), - ) - } - } - - DescribeTable("should act as expected with varied ports", func(port int32, targetPort int, expected int) { - setupServices(port, targetPort) - - var gatewayProxyName string - if useGlooGateway { - gatewayProxyName = glooGatewayProxy - } else { - gatewayProxyName = gatewayProxy - } - - testHelper.CurlEventuallyShouldRespond(helper.CurlOpts{ - Protocol: "http", - Path: "/", - Method: "GET", - Host: helper.TestServerName, - Service: gatewayProxyName, - Port: gatewayPort, - ConnectionTimeout: 10, - Verbose: false, - WithoutStats: true, - ReturnHeaders: true, - }, &testmatchers.HttpResponse{ - Body: ContainSubstring(fmt.Sprintf("HTTP/1.1 %d", expected)), - StatusCode: expected, - }, 1, time.Minute*1) - }, - Entry("with non-matching, yet valid, port and target (app) port", int32(helper.TestServerPort+1), helper.TestServerPort, http.StatusOK), - Entry("with matching port and target port", int32(helper.TestServerPort), helper.TestServerPort, http.StatusOK), - Entry("without target port, and port matching pod's port", int32(helper.TestServerPort), -1, http.StatusOK), - Entry("without target port, and port not matching app's port", int32(helper.TestServerPort+1), -1, http.StatusServiceUnavailable), - Entry("pointing to the wrong target port", int32(8000), helper.TestServerPort+1, http.StatusServiceUnavailable), - ) - }) - - Context("headless services", func() { - var ( - headlessServiceRef = core.ResourceRef{Name: "headless-svc", Namespace: "gloo-system"} - headlessVirtualServiceRef = core.ResourceRef{Name: "headless-vs", Namespace: "gloo-system"} - headlessHttpRouteRef = core.ResourceRef{Name: "headless-httproute", Namespace: "gloo-system"} - upstreamRef core.ResourceRef - ) - - BeforeEach(func() { - - // create a headless service routed to testserver - service := corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: headlessServiceRef.Name, - Namespace: headlessServiceRef.Namespace, - }, - Spec: corev1.ServiceSpec{ - ClusterIP: "None", - Ports: []corev1.ServicePort{ - { - Port: helper.TestServerPort, - Protocol: corev1.ProtocolTCP, - }, - }, - Selector: map[string]string{"gloo": "testserver"}, - }, - } - var err error - _, err = resourceClientSet.ServiceClient().Write( - &kubernetes.Service{Service: kubeService.Service{Service: service}}, - clients.WriteOpts{}, - ) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() error { - _, err := resourceClientSet.ServiceClient().Read(headlessServiceRef.Namespace, headlessServiceRef.Name, clients.ReadOpts{}) - return err - }, "5s", "1s").Should(BeNil()) - - // the upstream should be created by discovery service - upstreamRef = core.ResourceRef{ - Name: kubernetesplugin.UpstreamName(headlessServiceRef.Namespace, headlessServiceRef.Name, helper.TestServerPort), - Namespace: defaults.GlooSystem, - } - - if useGlooGateway { - // create HTTPRoute routing to the headless service's upstream - httpRoute := &gwv1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ - Name: headlessHttpRouteRef.Name, - Namespace: headlessHttpRouteRef.Namespace, - }, - Spec: gwv1.HTTPRouteSpec{ - Hostnames: []gwv1.Hostname{gwv1.Hostname("headless.local")}, - CommonRouteSpec: gwv1.CommonRouteSpec{ - ParentRefs: []gwv1.ParentReference{{ - Name: apiv1.ObjectName(gatewayRef.Name), - Namespace: ptr.To(apiv1.Namespace(gatewayRef.Namespace)), - }}, - }, - Rules: []gwv1.HTTPRouteRule{ - { - Matches: []gwv1.HTTPRouteMatch{ - { - Path: &gwv1.HTTPPathMatch{ - Type: ptr.To(gwv1.PathMatchPathPrefix), - Value: ptr.To("/"), - }, - }, - }, - BackendRefs: []gwv1.HTTPBackendRef{ - { - BackendRef: gwv1.BackendRef{ - BackendObjectReference: gwv1.BackendObjectReference{ - Name: apiv1.ObjectName(headlessServiceRef.Name), - Port: ptr.To(apiv1.PortNumber(helper.TestServerPort)), - }, - }, - }, - }, - }, - }, - }, - } - - _, err = resourceClientSet.KubernetesGatewayClient().HTTPRoutes(headlessHttpRouteRef.Namespace).Create(ctx, httpRoute, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - route, err := resourceClientSet.KubernetesGatewayClient().HTTPRoutes(headlessHttpRouteRef.Namespace).Get(ctx, headlessHttpRouteRef.Name, metav1.GetOptions{}) - if err != nil { - fmt.Printf("Error getting HTTPRoute: %v\n", err) - return false - } - return route != nil - }).Should(BeTrue(), "HttpRoute should be created") - } else { - // check upstream is created - // TODO(npolshak): Need to fix status on resource. This is a temporary deflake for https://github.com/solo-io/gloo/issues/8554. - helpers.EventuallyResourceStatusMatches(func() (resources.InputResource, error) { - return resourceClientSet.UpstreamClient().Read(upstreamRef.Namespace, upstreamRef.Name, clients.ReadOpts{}) - }, - Or( - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Accepted), - }), - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Pending), - }), - ), - ) - - // create virtual service routing to the headless service's upstream - virtualService := &v1.VirtualService{ - Metadata: &core.Metadata{ - Name: headlessVirtualServiceRef.Name, - Namespace: headlessVirtualServiceRef.Namespace, - }, - VirtualHost: &v1.VirtualHost{ - Domains: []string{"headless.local"}, - Routes: []*v1.Route{{ - Action: &v1.Route_RouteAction{ - RouteAction: &gloov1.RouteAction{ - Destination: &gloov1.RouteAction_Single{ - Single: &gloov1.Destination{ - DestinationType: &gloov1.Destination_Upstream{ - Upstream: &upstreamRef, - }, - }, - }, - }, - }, - Matchers: []*matchers.Matcher{ - { - PathSpecifier: &matchers.Matcher_Prefix{ - Prefix: "/", - }, - }, - }, - }}, - }, - } - _, err = resourceClientSet.VirtualServiceClient().Write(virtualService, clients.WriteOpts{}) - // TODO(npolshak): Need to fix status on resource. This is a temporary deflake for https://github.com/solo-io/gloo/issues/8554. - helpers.EventuallyResourceStatusMatches(func() (resources.InputResource, error) { - return resourceClientSet.VirtualServiceClient().Read(headlessVirtualServiceRef.Namespace, headlessVirtualServiceRef.Name, clients.ReadOpts{}) - }, - Or( - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Accepted), - }), - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Pending), - }), - ), - ) - } - }) - - AfterEach(func() { - var err error - if useGlooGateway { - err = resourceClientSet.KubernetesGatewayClient().HTTPRoutes(headlessHttpRouteRef.Namespace).Delete(ctx, headlessHttpRouteRef.Name, metav1.DeleteOptions{}) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - _, err := resourceClientSet.KubernetesGatewayClient().HTTPRoutes(headlessHttpRouteRef.Namespace).Get(ctx, headlessHttpRouteRef.Name, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - // Route is not found, indicating successful deletion - return true - } - fmt.Printf("Error getting HTTPRoute: %v\n", err) - return false - } - // Route still exists - return false - }).Should(BeTrue(), "HTTPRoute should be deleted") - } else { - err = resourceClientSet.VirtualServiceClient().Delete(headlessVirtualServiceRef.Namespace, headlessVirtualServiceRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - Expect(err).NotTo(HaveOccurred()) - helpers.EventuallyResourceDeleted(func() (resources.InputResource, error) { - return resourceClientSet.VirtualServiceClient().Read(headlessVirtualServiceRef.Namespace, headlessVirtualServiceRef.Name, clients.ReadOpts{}) - }) - } - - err = resourceClientSet.ServiceClient().Delete(headlessServiceRef.Namespace, headlessServiceRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - _, err := resourceClientSet.ServiceClient().Read(headlessServiceRef.Namespace, headlessServiceRef.Name, clients.ReadOpts{}) - // we should receive a DNE error, meaning it's now deleted - return err != nil && skerrors.IsNotExist(err) - }, "5s", "1s").Should(BeTrue()) - - if !useGlooGateway { - err = resourceClientSet.UpstreamClient().Delete(upstreamRef.Namespace, upstreamRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - helpers.EventuallyResourceDeleted(func() (resources.InputResource, error) { - return resourceClientSet.UpstreamClient().Read(upstreamRef.Namespace, upstreamRef.Name, clients.ReadOpts{}) - }) - } - }) - - It("routes to headless services", func() { - var gatewayProxyName string - if useGlooGateway { - gatewayProxyName = glooGatewayProxy - } else { - gatewayProxyName = gatewayProxy - } - - testHelper.CurlEventuallyShouldRespond(helper.CurlOpts{ - Protocol: "http", - Path: "/", - Method: "GET", - Host: "headless.local", - Service: gatewayProxyName, - Port: gatewayPort, - ConnectionTimeout: 10, - Verbose: false, - WithoutStats: true, - ReturnHeaders: true, - }, &testmatchers.HttpResponse{ - Body: ContainSubstring(fmt.Sprintf("HTTP/1.1 %d", http.StatusOK)), - StatusCode: http.StatusOK, - }, 1, time.Minute*1) - }) - }) - - Context("Istio mTLS", func() { - httpbinVirtualServiceRef := core.ResourceRef{Name: httpbinName, Namespace: installNamespace} - httpbinHttpRouteRef := core.ResourceRef{Name: httpbinName, Namespace: "httpbin-ns"} - - // the upstream should be created by discovery service - httpbinUpstreamRef := core.ResourceRef{ - Name: kubernetesplugin.UpstreamName(httpbinNamespace, httpbinName, httpbinPort), - Namespace: installNamespace, - } - - BeforeEach(func() { - - if useGlooGateway { - // TODO(npolshak): Add HTTPRoute builder as part of e2e test framework - // create HTTPRoute routing to the headless service's upstream - httpRoute := &gwv1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ - Name: httpbinHttpRouteRef.Name, - Namespace: httpbinHttpRouteRef.Namespace, - }, - Spec: gwv1.HTTPRouteSpec{ - Hostnames: []gwv1.Hostname{gwv1.Hostname(httpbinName)}, - CommonRouteSpec: gwv1.CommonRouteSpec{ - ParentRefs: []gwv1.ParentReference{{ - Name: apiv1.ObjectName(gatewayRef.Name), - Namespace: ptr.To(apiv1.Namespace(gatewayRef.Namespace)), - }}, - }, - Rules: []gwv1.HTTPRouteRule{ - { - Matches: []gwv1.HTTPRouteMatch{ - { - Path: &gwv1.HTTPPathMatch{ - Type: ptr.To(gwv1.PathMatchPathPrefix), - Value: ptr.To("/"), - }, - }, - }, - BackendRefs: []gwv1.HTTPBackendRef{ - { - BackendRef: gwv1.BackendRef{ - BackendObjectReference: gwv1.BackendObjectReference{ - Name: apiv1.ObjectName(httpbinName), - Port: ptr.To(apiv1.PortNumber(httpbinPort)), - }, - }, - }, - }, - }, - }, - }, - } - - _, err := resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpbinHttpRouteRef.Namespace).Create(ctx, httpRoute, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - route, err := resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpbinHttpRouteRef.Namespace).Get(ctx, httpbinHttpRouteRef.Name, metav1.GetOptions{}) - if err != nil { - fmt.Printf("Error getting HTTPRoute: %v\n", err) - return false - } - return route != nil - }).Should(BeTrue(), "HttpRoute should be created") - } else { - // check upstream is created - // TODO(npolshak): Need to fix status on resource. This is a temporary deflake for https://github.com/solo-io/gloo/issues/8554. - helpers.EventuallyResourceStatusMatches(func() (resources.InputResource, error) { - return resourceClientSet.UpstreamClient().Read(httpbinUpstreamRef.Namespace, httpbinUpstreamRef.Name, clients.ReadOpts{}) - }, - Or( - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Accepted), - }), - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Pending), - }), - ), - ) - - route := helpers.NewRouteBuilder(). - WithRouteActionToUpstreamRef(&httpbinUpstreamRef). - WithMatcher(&matchers.Matcher{ - PathSpecifier: &matchers.Matcher_Prefix{ - Prefix: "/", - }, - }). - Build() - - vs := helpers.NewVirtualServiceBuilder(). - WithName(httpbinVirtualServiceRef.Name). - WithNamespace(httpbinVirtualServiceRef.Namespace). - WithDomain(httpbinName). - WithRoute("default-route", route). - Build() - _, err := resourceClientSet.VirtualServiceClient().Write(vs, clients.WriteOpts{}) - Expect(err).NotTo(HaveOccurred()) - // TODO(npolshak): Need to fix status on resource. This is a temporary deflake for https://github.com/solo-io/gloo/issues/8554. - helpers.EventuallyResourceStatusMatches(func() (resources.InputResource, error) { - return resourceClientSet.VirtualServiceClient().Read(httpbinVirtualServiceRef.Namespace, httpbinVirtualServiceRef.Name, clients.ReadOpts{}) - }, - Or( - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Accepted), - }), - gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ - "State": Equal(core.Status_Pending), - }), - ), - ) - } - }) - - AfterEach(func() { - var err error - - if useGlooGateway { - err = resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpbinHttpRouteRef.Namespace).Delete(ctx, httpbinHttpRouteRef.Name, metav1.DeleteOptions{}) - Expect(err).NotTo(HaveOccurred()) - Eventually(func() bool { - _, err := resourceClientSet.KubernetesGatewayClient().HTTPRoutes(httpbinHttpRouteRef.Namespace).Get(ctx, httpbinHttpRouteRef.Name, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - // Route is not found, indicating successful deletion - return true - } - fmt.Printf("Error getting HTTPRoute: %v\n", err) - return false - } - // Route still exists - return false - }).Should(BeTrue(), "HTTPRoute should be deleted") - } else { - err = resourceClientSet.VirtualServiceClient().Delete(httpbinVirtualServiceRef.Namespace, httpbinVirtualServiceRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - Expect(err).NotTo(HaveOccurred()) - helpers.EventuallyResourceDeleted(func() (resources.InputResource, error) { - return resourceClientSet.VirtualServiceClient().Read(httpbinVirtualServiceRef.Namespace, httpbinVirtualServiceRef.Name, clients.ReadOpts{}) - }) - - err = resourceClientSet.UpstreamClient().Delete(httpbinUpstreamRef.Namespace, httpbinUpstreamRef.Name, clients.DeleteOpts{ - IgnoreNotExist: true, - }) - helpers.EventuallyResourceDeleted(func() (resources.InputResource, error) { - return resourceClientSet.UpstreamClient().Read(httpbinUpstreamRef.Namespace, httpbinUpstreamRef.Name, clients.ReadOpts{}) - }) - } - }) - - Context("permissive peer auth", func() { - BeforeEach(func() { - err := exec.RunCommand(testHelper.RootDir, false, "kubectl", "apply", "-f", filepath.Join(cwd, "artifacts", "peerauth_permissive.yaml")) - Expect(err).NotTo(HaveOccurred()) - }) - - AfterEach(func() { - err := exec.RunCommand(testHelper.RootDir, false, "kubectl", "delete", "-n", "istio-system", "peerauthentication", "test") - Expect(err).NotTo(HaveOccurred()) - }) - - When("mtls is not enabled for the upstream", func() { - - It("should be able to complete the request without mTLS header", func() { - var gatewayProxyName string - if useGlooGateway { - gatewayProxyName = glooGatewayProxy - } else { - gatewayProxyName = gatewayProxy - } - - testHelper.CurlEventuallyShouldRespond(helper.CurlOpts{ - Protocol: "http", - Path: "/", - Method: "GET", - Host: httpbinName, - Service: gatewayProxyName, - Port: gatewayPort, - ConnectionTimeout: 10, - Verbose: false, - WithoutStats: true, - ReturnHeaders: false, - }, &testmatchers.HttpResponse{ - Body: ContainSubstring("200"), - StatusCode: http.StatusOK, - }, 1, time.Minute) - }) - }) - - When("mtls is enabled for the upstream", func() { - BeforeEach(func() { - // auto mtls is used instead for GlooGateway and discovery is turned off - if !useGlooGateway { - // Other tests create/delete upstream, we need to wait for the upstream to be created - EventuallyWithOffset(1, func(g Gomega) { - err := testutils.Glooctl(fmt.Sprintf("istio enable-mtls --upstream %s", httpbinUpstreamRef.Name)) - Expect(err).NotTo(HaveOccurred()) - }, 30*time.Second).ShouldNot(HaveOccurred()) - } - }) - - AfterEach(func() { - if !useGlooGateway { - // It seems to sometimes take multiple calls before the disable command is registered - EventuallyWithOffset(1, func(g Gomega) { - err := testutils.Glooctl(fmt.Sprintf("istio disable-mtls --upstream %s", httpbinUpstreamRef.Name)) - g.Expect(err).NotTo(HaveOccurred()) - us, err := resourceClientSet.UpstreamClient().Read(httpbinUpstreamRef.Namespace, httpbinUpstreamRef.Name, clients.ReadOpts{}) - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(us.SslConfig).To(BeNil()) - }, 30*time.Second).ShouldNot(HaveOccurred()) - } - }) - - It("should make a request with the expected cert header", func() { - var gatewayProxyName string - if useGlooGateway { - gatewayProxyName = glooGatewayProxy - } else { - gatewayProxyName = gatewayProxy - } - - // the /headers endpoint will respond with the headers the request to the client contains - testHelper.CurlEventuallyShouldRespond(helper.CurlOpts{ - Protocol: "http", - Path: "/headers", - Method: "GET", - Host: httpbinName, - Service: gatewayProxyName, - Port: gatewayPort, - ConnectionTimeout: 10, - Verbose: false, - WithoutStats: true, - ReturnHeaders: false, - }, "\"X-Forwarded-Client-Cert\"", 1, time.Minute) - }) - }) - }) - - When("mtls disabled for the upstream", func() { - BeforeEach(func() { - useGlooGateway := useGlooGateway - if useGlooGateway { - Skip("Gloo Gateway does not support Upstream overwrites for mTLS") - } - - // update upstream to disable auto mtls - var httpbinUpstream *gloov1.Upstream - var err error - // wait for upstream to be created by discovery before editing - Eventually(func() error { - httpbinUpstream, err = resourceClientSet.UpstreamClient().Read(httpbinUpstreamRef.Namespace, httpbinUpstreamRef.Name, clients.ReadOpts{}) - return err - }, "30s", "1s").Should(BeNil()) - httpbinUpstream.DisableIstioAutoMtls = &wrapperspb.BoolValue{Value: true} - // wait for upstream to be updated - Eventually(func() error { - _, err = resourceClientSet.UpstreamClient().Write(httpbinUpstream, clients.WriteOpts{OverwriteExisting: true}) - return err - }, "30s", "1s").Should(BeNil()) - - // apply peerauth to only allow requests without mTLS - err = exec.RunCommand(testHelper.RootDir, false, "kubectl", "apply", "-f", filepath.Join(cwd, "artifacts", "peerauth_disable.yaml")) - Expect(err).NotTo(HaveOccurred()) - }) - - AfterEach(func() { - err := exec.RunCommand(testHelper.RootDir, false, "kubectl", "delete", "-n", "istio-system", "peerauthentication", "test") - Expect(err).NotTo(HaveOccurred()) - - // revert upstream to enable auto mtls - var httpbinUpstream *gloov1.Upstream - Eventually(func() error { - httpbinUpstream, err = resourceClientSet.UpstreamClient().Read(httpbinUpstreamRef.Namespace, httpbinUpstreamRef.Name, clients.ReadOpts{}) - return err - }, "30s", "1s").Should(BeNil()) - httpbinUpstream.DisableIstioAutoMtls = nil - // wait for upstream to be updated - Eventually(func() error { - _, err = resourceClientSet.UpstreamClient().Write(httpbinUpstream, clients.WriteOpts{OverwriteExisting: true}) - return err - }, "30s", "1s").Should(BeNil()) - }) - - It("should make a request with the expected cert header", func() { - var gatewayProxyName string - if useGlooGateway { - gatewayProxyName = glooGatewayProxy - } else { - gatewayProxyName = gatewayProxy - } - - // Should still be able to reach endpoint without mTLS - testHelper.CurlEventuallyShouldRespond(helper.CurlOpts{ - Protocol: "http", - Path: "/", - Method: "GET", - Host: httpbinName, - Service: gatewayProxyName, - Port: gatewayPort, - ConnectionTimeout: 10, - Verbose: false, - WithoutStats: true, - ReturnHeaders: false, - }, "200", 1, time.Minute) - }) - }) - - Context("strict peer auth", func() { - BeforeEach(func() { - err := exec.RunCommand(testHelper.RootDir, false, "kubectl", "apply", "-f", filepath.Join(cwd, "artifacts", "peerauth_strict.yaml")) - Expect(err).NotTo(HaveOccurred()) - }) - - AfterEach(func() { - err := exec.RunCommand(testHelper.RootDir, false, "kubectl", "delete", "-n", "istio-system", "peerauthentication", "test") - Expect(err).NotTo(HaveOccurred()) - }) - - When("mtls is not enabled for the upstream", func() { - - BeforeEach(func() { - // Disable auto mtls for Gloo Gateway to show strict peer auth is enforced if not used - if useGlooGateway || useAutoMtls { - kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { - Expect(settings.GetGateway().GetCompressedProxySpec()).NotTo(BeNil()) - settings.Gloo.IstioOptions.EnableAutoMtls = &wrapperspb.BoolValue{Value: false} - }, testHelper.InstallNamespace) - } - }) - - AfterEach(func() { - // Re-enable auto mtls for Gloo Gateway since other tests depend on it - if useGlooGateway || useAutoMtls { - kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { - Expect(settings.GetGateway().GetCompressedProxySpec()).NotTo(BeNil()) - settings.Gloo.IstioOptions.EnableAutoMtls = &wrapperspb.BoolValue{Value: true} - }, testHelper.InstallNamespace) - } - }) - - It("should not be able to complete the request", func() { - var gatewayProxyName string - if useGlooGateway { - gatewayProxyName = glooGatewayProxy - } else { - gatewayProxyName = gatewayProxy - } - - // the /headers endpoint will respond with the headers the request to the client contains - testHelper.CurlEventuallyShouldRespond(helper.CurlOpts{ - Protocol: "http", - Path: "/headers", - Method: "GET", - Host: httpbinName, - Service: gatewayProxyName, - Port: gatewayPort, - ConnectionTimeout: 10, - Verbose: false, - WithoutStats: true, - ReturnHeaders: false, - }, &testmatchers.HttpResponse{ - StatusCode: 503, - Body: ContainSubstring("upstream connect error or disconnect/reset before headers. reset reason: connection termination"), - }, 1, time.Minute*1) - }) - }) - - When("mtls is enabled for the upstream", func() { - BeforeEach(func() { - // Gloo Gateway relies on auto mtls and has discovery disabled so no upstreams are created - if !useGlooGateway { - // Other tests create/delete upstream, we need to wait for the upstream to be created - EventuallyWithOffset(1, func(g Gomega) { - err := testutils.Glooctl(fmt.Sprintf("istio enable-mtls --upstream %s", httpbinUpstreamRef.Name)) - Expect(err).NotTo(HaveOccurred()) - }, 30*time.Second).ShouldNot(HaveOccurred()) - } - }) - - AfterEach(func() { - if !useGlooGateway { - // It seems to sometimes take multiple calls before the disable command is registered - EventuallyWithOffset(1, func(g Gomega) { - err := testutils.Glooctl(fmt.Sprintf("istio disable-mtls --upstream %s", httpbinUpstreamRef.Name)) - g.Expect(err).NotTo(HaveOccurred()) - us, err := resourceClientSet.UpstreamClient().Read(httpbinUpstreamRef.Namespace, httpbinUpstreamRef.Name, clients.ReadOpts{}) - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(us.SslConfig).To(BeNil()) - }, 30*time.Second).ShouldNot(HaveOccurred()) - } - }) - - It("should make a request with the expected cert header", func() { - var gatewayProxyName string - if useGlooGateway { - gatewayProxyName = glooGatewayProxy - - } else { - gatewayProxyName = gatewayProxy - } - // the /headers endpoint will respond with the headers the request to the client contains - testHelper.CurlEventuallyShouldRespond(helper.CurlOpts{ - Protocol: "http", - Path: "/headers", - Method: "GET", - Host: httpbinName, - Service: gatewayProxyName, - Port: gatewayPort, - ConnectionTimeout: 10, - Verbose: false, - WithoutStats: true, - ReturnHeaders: false, - }, "\"X-Forwarded-Client-Cert\"", 1, time.Minute*1) - }) - }) - }) - }) -}) diff --git a/test/kube2e/istio/istio_suite_test.go b/test/kube2e/istio/istio_suite_test.go deleted file mode 100644 index f875917e31b..00000000000 --- a/test/kube2e/istio/istio_suite_test.go +++ /dev/null @@ -1,263 +0,0 @@ -package istio_test - -import ( - "context" - "os" - "path/filepath" - "testing" - "time" - - gloov1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" - kubernetesplugin "github.com/solo-io/gloo/projects/gloo/pkg/plugins/kubernetes" - testutils2 "github.com/solo-io/gloo/test/testutils" - "github.com/solo-io/go-utils/testutils/exec" - "github.com/solo-io/solo-kit/pkg/api/v1/clients" - "github.com/solo-io/solo-kit/pkg/api/v1/resources" - "google.golang.org/protobuf/types/known/wrapperspb" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - gatewaydefaults "github.com/solo-io/gloo/projects/gateway/pkg/defaults" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "github.com/solo-io/gloo/pkg/cliutil" - "github.com/solo-io/gloo/projects/gloo/pkg/defaults" - "github.com/solo-io/gloo/test/helpers" - "github.com/solo-io/gloo/test/kube2e" - "github.com/solo-io/gloo/test/kube2e/helper" - "github.com/solo-io/go-utils/testutils" - skhelpers "github.com/solo-io/solo-kit/test/helpers" -) - -const ( - gatewayProxy = gatewaydefaults.GatewayProxyName - glooGatewayProxy = "gloo-proxy-http" - gatewayPort = int(80) - installNamespace = defaults.GlooSystem - httpbinNamespace = "httpbin-ns" -) - -func TestIstio(t *testing.T) { - helpers.RegisterGlooDebugLogPrintHandlerAndClearLogs() - skhelpers.RegisterCommonFailHandlers() - skhelpers.SetupLog() - _ = os.Remove(cliutil.GetLogsPath()) - RunSpecs(t, "Istio Suite") -} - -var ( - testHelper *helper.SoloTestHelper - ctx context.Context - cancel context.CancelFunc - - cwd string - - resourceClientSet *kube2e.KubeResourceClientSet - - useGlooGateway bool - useAutoMtls bool -) - -var _ = BeforeSuite(func() { - var err error - - ctx, cancel = context.WithCancel(context.Background()) - - cwd, err = os.Getwd() - Expect(err).NotTo(HaveOccurred(), "working dir could not be retrieved") - - // Check env for setup options - useGlooGateway = testutils2.IsEnvTruthy(testutils2.GlooGatewaySetup) - useAutoMtls = testutils2.IsEnvTruthy(testutils2.IstioAutoMtls) - - testHelper, err = kube2e.GetTestHelper(ctx, installNamespace) - Expect(err).NotTo(HaveOccurred()) - - if useGlooGateway { - // gloo gateway is named differently from the classic edge proxy based on the Gateway resource name - skhelpers.RegisterPreFailHandler(helpers.StandardGlooDumpOnFail(GinkgoWriter, - metav1.ObjectMeta{ - Name: glooGatewayProxy, - Namespace: testHelper.InstallNamespace, - })) - } else { - skhelpers.RegisterPreFailHandler(helpers.StandardGlooDumpOnFail(GinkgoWriter, metav1.ObjectMeta{Namespace: testHelper.InstallNamespace})) - } - - if !testutils2.ShouldSkipInstall() { - // testserver is install in gloo-system - err = testutils.Kubectl("create", "ns", testHelper.InstallNamespace) - Expect(err).NotTo(HaveOccurred()) - - if useGlooGateway { - // Gloo Gateway setup always uses auto mtls - installGlooGateway() - } else { - installGloo(useAutoMtls) - } - } - - resourceClientSet, err = kube2e.NewDefaultKubeResourceClientSet(ctx) - Expect(err).NotTo(HaveOccurred(), "can create kube resource client set") - - // Install httpbin app in its own namespace, labeled for Istio injection - installHttpbin() - - // delete testserver Service, as the tests create and manage their own - testserverExists := false - err = testutils.Kubectl("get", "service", helper.TestServerName, "-n", installNamespace) - if err == nil { - // namespace exists - testserverExists = true - } - if testserverExists { - // ignore errors if the service doesn't exist - // (e.g. if the test is being re-run after a previous failure) - err = testutils.Kubectl("delete", "service", helper.TestServerName, "-n", installNamespace) - Expect(err).NotTo(HaveOccurred()) - } - EventuallyWithOffset(1, func() error { - return testutils.Kubectl("get", "service", helper.TestServerName, "-n", installNamespace) - }, "60s", "1s").Should(HaveOccurred(), "testserver service should be deleted") - - if !useGlooGateway { - // TODO(npolshak): Different check necessary for Gloo Gateway created proxy - expectIstioInjected() - } -}) - -// Installs httpbin app in its own namespace, labeled for Istio injection -func installHttpbin() { - // Check if the namespace exists - namespaceExists := false - err := testutils.Kubectl("get", "ns", httpbinNamespace) - if err == nil { - // namespace exists - namespaceExists = true - } - - if !namespaceExists { - // If the namespace doesn't exist, create it - err = testutils.Kubectl("create", "ns", httpbinNamespace) - if err != nil { - // Handle error - panic(err) - } - } - - err = testutils.Kubectl("label", "namespace", httpbinNamespace, "istio-injection=enabled") - Expect(err).NotTo(HaveOccurred()) - - err = testutils.Kubectl("apply", "-n", httpbinNamespace, "-f", filepath.Join(cwd, "artifacts", "httpbin.yaml")) - Expect(err).NotTo(HaveOccurred()) - - // Check discovery component has created upstream for httpbin - if !useGlooGateway { - httpbinUpstreamName := kubernetesplugin.UpstreamName(httpbinNamespace, httpbinName, httpbinPort) - helpers.EventuallyResourceAccepted(func() (resources.InputResource, error) { - return resourceClientSet.UpstreamClient().Read(installNamespace, httpbinUpstreamName, clients.ReadOpts{}) - }) - } -} - -var _ = AfterSuite(func() { - if testutils2.ShouldTearDown() { - uninstallGloo() - - err := testutils.Kubectl("delete", "namespace", httpbinNamespace) - Expect(err).NotTo(HaveOccurred()) - } - - cancel() -}) - -func installGloo(autoMtls bool) { - var helmValuesFile string - if autoMtls { - helmValuesFile = filepath.Join(cwd, "artifacts", "automtls-helm.yaml") - } else { - helmValuesFile = filepath.Join(cwd, "artifacts", "helm.yaml") - } - - // Install Gloo - // this helper function also applies the testserver pod and service - err := testHelper.InstallGloo(ctx, helper.GATEWAY, 5*time.Minute, helper.ExtraArgs("--values", helmValuesFile)) - Expect(err).NotTo(HaveOccurred()) - - // Check that everything is OK - kube2e.GlooctlCheckEventuallyHealthy(1, testHelper, "90s") - - // Ensure gloo reaches valid state and doesn't continually resync - // we can consider doing the same for leaking go-routines after resyncs - kube2e.EventuallyReachesConsistentState(testHelper.InstallNamespace) - - // Ensure discovery reaches a valid state - // Note: discovery is only used in the "classic", non-k8s-gateway api setup - err = testutils.WaitPodsRunning(ctx, time.Second, testHelper.InstallNamespace, "gloo=discovery") - Expect(err).NotTo(HaveOccurred()) - - if autoMtls { - kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { - Expect(settings.GetGateway().GetCompressedProxySpec()).NotTo(BeNil()) - settings.Gloo.IstioOptions.EnableAutoMtls = &wrapperspb.BoolValue{Value: true} - }, testHelper.InstallNamespace) - } -} - -func installGlooGateway() { - helmValuesFile := filepath.Join(cwd, "artifacts", "gloo-gateway-helm.yaml") - - // Install Gloo Gateway with Istio SDS enabled and automtls - // this helper function also applies the testserver pod and service - err := testHelper.InstallGloo(ctx, helper.GATEWAY, 5*time.Minute, helper.ExtraArgs("--values", helmValuesFile)) - Expect(err).NotTo(HaveOccurred()) - - // TODO(npolshak): Add glooctl health check support for Gloo Gateway - - // Ensure gloo reaches valid state and doesn't continually resync - // we can consider doing the same for leaking go-routines after resyncs - kube2e.EventuallyReachesConsistentState(testHelper.InstallNamespace) - - // Create Gateway resources - err = testutils.Kubectl("apply", "-f", filepath.Join(cwd, "artifacts", "gateway.yaml")) - Expect(err).NotTo(HaveOccurred()) - - kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { - Expect(settings.GetGateway().GetCompressedProxySpec()).NotTo(BeNil()) - settings.Gloo.IstioOptions.EnableAutoMtls = &wrapperspb.BoolValue{Value: true} - }, testHelper.InstallNamespace) -} - -func uninstallGloo() { - err := testHelper.UninstallGlooAll() - Expect(err).NotTo(HaveOccurred()) - - // glooctl should delete the namespace. we do it again just in case it failed - // ignore errors - _ = testutils.Kubectl("delete", "namespace", testHelper.InstallNamespace) - - EventuallyWithOffset(1, func() error { - return testutils.Kubectl("get", "namespace", testHelper.InstallNamespace) - }, "60s", "1s").Should(HaveOccurred()) -} - -// expects gateway-proxy and httpbin to have the istio-proxy sidecar, testserver should not -func expectIstioInjected() { - // Check for istio-proxy sidecar - istioContainer, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "pods", "-l", "gloo=gateway-proxy", "-o", `jsonpath='{.items[*].spec.containers[?(@.name == "istio-proxy")].name}'`) - ExpectWithOffset(1, istioContainer).To(Equal("'istio-proxy'"), "istio-proxy container should be present on gateway-proxy due to IstioIntegration.enabled=true") - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - istioContainer, err = exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "pods", helper.TestServerName, "-o", `jsonpath='{.spec.containers[?(@.name == "istio-proxy")].name}'`) - ExpectWithOffset(1, istioContainer).To(Equal("''"), "istio-proxy container should not be present on the testserver") - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - istioContainer, err = exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", httpbinNamespace, "pods", "-l", "app=httpbin", "-o", `jsonpath='{.items[*].spec.containers[?(@.name == "istio-proxy")].name}'`) - ExpectWithOffset(1, istioContainer).To(Equal("'istio-proxy'"), "istio-proxy container should be present on the httpbin pod after injection") - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - // Check for sds container - sdsContainer, err := exec.RunCommandOutput(testHelper.RootDir, false, "kubectl", "get", "-n", testHelper.InstallNamespace, "pods", "-l", "gloo=gateway-proxy", "-o", `jsonpath='{.items[*].spec.containers[?(@.name == "sds")].name}'`) - ExpectWithOffset(1, sdsContainer).To(Equal("'sds'"), "sds container should be present on gateway-proxy due to IstioIntegration.enabled=true") - ExpectWithOffset(1, err).NotTo(HaveOccurred()) -} diff --git a/test/kubernetes/e2e/features/port_routing/edge_gateway_suite.go b/test/kubernetes/e2e/features/port_routing/edge_gateway_suite.go new file mode 100644 index 00000000000..922a4474299 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/edge_gateway_suite.go @@ -0,0 +1,177 @@ +package port_routing + +import ( + "context" + + "github.com/solo-io/gloo/projects/gateway/pkg/defaults" + "github.com/stretchr/testify/suite" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/solo-io/gloo/pkg/utils/kubeutils" + "github.com/solo-io/gloo/pkg/utils/requestutils/curl" + "github.com/solo-io/gloo/test/kubernetes/e2e" +) + +// glooGatewayPortRoutingTestingSuite is the entire Suite of tests for the "PortRouting" cases +type glooGatewayPortRoutingTestingSuite struct { + suite.Suite + + ctx context.Context + + // testInstallation contains all the metadata/utilities necessary to execute a series of tests + // against an installation of Gloo Gateway + testInstallation *e2e.TestInstallation + + // maps test name to a list of manifests to apply before the test + manifests map[string][]testManifest +} + +/* +The port routing suite sets up in the following order + +SetupSuite: + 1. Create the setup apps (curl, nginx, etc.) + 2. Create Virtual Service + +Each port routing test: + 1. Create Service with different port/targetport definition per test, and create corresponding Upstream resource + 2. Remove Upstream and Service, gloo proxy still exists with VirtualService, but no Upstream or Service + +TearDownSuite: + 1. Deletes the setup apps (curl, nginx, etc.) + 2. Delete Virtual Service +*/ +func NewEdgeGatewayApiTestingSuite(ctx context.Context, testInst *e2e.TestInstallation) suite.TestingSuite { + return &glooGatewayPortRoutingTestingSuite{ + ctx: ctx, + testInstallation: testInst, + manifests: map[string][]testManifest{ + "TestInvalidPortAndValidTargetport": { + {manifestFile: upstreamInvalidPortAndValidTargetportManifest, extraArgs: []string{"-n", testInst.Metadata.InstallNamespace}}, + {manifestFile: svcInvalidPortAndValidTargetportManifest}, + }, + "TestMatchPortAndTargetport": { + {manifestFile: upstreamMatchPortandTargetportManifest, extraArgs: []string{"-n", testInst.Metadata.InstallNamespace}}, + {manifestFile: svcMatchPortandTargetportManifest}, + }, + "TestMatchPodPortWithoutTargetport": { + {manifestFile: upstreamMatchPodPortWithoutTargetportManifest, extraArgs: []string{"-n", testInst.Metadata.InstallNamespace}}, + {manifestFile: svcMatchPodPortWithoutTargetportManifest}, + }, + "TestInvalidPortWithoutTargetport": { + {manifestFile: upstreamInvalidPortWithoutTargetportManifest, extraArgs: []string{"-n", testInst.Metadata.InstallNamespace}}, + {manifestFile: svcInvalidPortWithoutTargetportManifest}, + }, + "TestInvalidPortAndInvalidTargetportManifest": { + {manifestFile: upstreamInvalidPortAndInvalidTargetportManifest, extraArgs: []string{"-n", testInst.Metadata.InstallNamespace}}, + {manifestFile: svcInvalidPortAndInvalidTargetportManifest}, + }, + }, + } +} + +func (s *glooGatewayPortRoutingTestingSuite) SetupSuite() { + err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, setupManifest) + s.NoError(err, "can apply setup manifest") + + err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, setupEdgeManifest, "-n", s.testInstallation.Metadata.InstallNamespace) + s.NoError(err, "can apply edge routing manifest") +} + +func (s *glooGatewayPortRoutingTestingSuite) TearDownSuite() { + err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, setupManifest) + s.NoError(err, "can delete setup manifest") + + err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, setupEdgeManifest, "-n", s.testInstallation.Metadata.InstallNamespace) + s.NoError(err, "can delete edge routing manifest") +} + +func (s *glooGatewayPortRoutingTestingSuite) BeforeTest(suiteName, testName string) { + manifests, ok := s.manifests[testName] + if !ok { + s.FailNow("no manifests found for %s, manifest map contents: %v", testName, s.manifests) + } + + for _, manifest := range manifests { + // apply gloo gateway resources to gloo installation namespace + err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, manifest.manifestFile, manifest.extraArgs...) + s.NoError(err, "can apply "+manifest.manifestFile) + } +} + +func (s *glooGatewayPortRoutingTestingSuite) AfterTest(suiteName, testName string) { + manifests, ok := s.manifests[testName] + if !ok { + s.FailNow("no manifests found for " + testName) + } + + for _, manifest := range manifests { + err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, manifest.manifestFile, manifest.extraArgs...) + s.NoError(err, "can delete "+manifest.manifestFile) + } +} + +func (s *glooGatewayPortRoutingTestingSuite) TestInvalidPortAndValidTargetport() { + s.testInstallation.Assertions.AssertEventualCurlResponse( + s.ctx, + curlPodExecOpt, + []curl.Option{ + curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{Name: defaults.GatewayProxyName, Namespace: s.testInstallation.Metadata.InstallNamespace})), + // The host header must match the domain in the VirtualService + curl.WithHostHeader("example.com"), + curl.WithPort(80), + }, + expectedHealthyResponse) +} + +func (s *glooGatewayPortRoutingTestingSuite) TestMatchPortAndTargetport() { + s.testInstallation.Assertions.AssertEventualCurlResponse( + s.ctx, + curlPodExecOpt, + []curl.Option{ + curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{Name: defaults.GatewayProxyName, Namespace: s.testInstallation.Metadata.InstallNamespace})), + // The host header must match the domain in the VirtualService + curl.WithHostHeader("example.com"), + curl.WithPort(80), + }, + expectedHealthyResponse) +} + +func (s *glooGatewayPortRoutingTestingSuite) TestMatchPodPortWithoutTargetport() { + s.testInstallation.Assertions.AssertEventualCurlResponse( + s.ctx, + curlPodExecOpt, + []curl.Option{ + curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{Name: defaults.GatewayProxyName, Namespace: s.testInstallation.Metadata.InstallNamespace})), + // The host header must match the domain in the VirtualService + curl.WithHostHeader("example.com"), + curl.WithPort(80), + }, + expectedHealthyResponse) +} + +func (s *glooGatewayPortRoutingTestingSuite) TestInvalidPortWithoutTargetport() { + s.testInstallation.Assertions.AssertEventualCurlResponse( + s.ctx, + curlPodExecOpt, + []curl.Option{ + curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{Name: defaults.GatewayProxyName, Namespace: s.testInstallation.Metadata.InstallNamespace})), + // The host header must match the domain in the VirtualService + curl.WithHostHeader("example.com"), + curl.WithPort(80), + }, + expectedServiceUnavailableResponse) +} + +func (s *glooGatewayPortRoutingTestingSuite) TestInvalidPortAndInvalidTargetportManifest() { + s.testInstallation.Assertions.AssertEventualCurlResponse( + s.ctx, + curlPodExecOpt, + []curl.Option{ + curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{Name: defaults.GatewayProxyName, Namespace: s.testInstallation.Metadata.InstallNamespace})), + // The host header must match the domain in the VirtualService + curl.WithHostHeader("example.com"), + curl.WithPort(80), + }, + expectedServiceUnavailableResponse) +} diff --git a/test/kubernetes/e2e/features/port_routing/suite.go b/test/kubernetes/e2e/features/port_routing/k8s_gateway_suite.go similarity index 76% rename from test/kubernetes/e2e/features/port_routing/suite.go rename to test/kubernetes/e2e/features/port_routing/k8s_gateway_suite.go index 8b914714a15..23783d38503 100644 --- a/test/kubernetes/e2e/features/port_routing/suite.go +++ b/test/kubernetes/e2e/features/port_routing/k8s_gateway_suite.go @@ -11,7 +11,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var _ e2e.NewSuiteFunc = NewTestingSuite +var _ e2e.NewSuiteFunc = NewK8sGatewayTestingSuite // portRoutingTestingSuite is the entire Suite of tests for the "PortRouting" cases type portRoutingTestingSuite struct { @@ -31,27 +31,29 @@ type portRoutingTestingSuite struct { The port routing suite sets up in the following order SetupSuite: - 1. Create k8s Gateway - 2. Proxy provisioned + 1. Create the setup apps (curl, nginx, etc.) + 2. Create k8s Gateway + 3. Proxy provisioned (k8s deployment created and checked) Each port routing test: 1. Attach HttpRoute with different port/targetport definition per test 2. Remove HttpRoute, proxy still exists without any routes TearDownSuite: - 1. Deletes the k8s Gateway - 2. Proxy de-provisioned + 1. Deletes the setup apps (curl, nginx, etc.) + 2. Deletes the k8s Gateway + 3. Proxy de-provisioned (k8s deployment deleted) */ -func NewTestingSuite(ctx context.Context, testInst *e2e.TestInstallation) suite.TestingSuite { +func NewK8sGatewayTestingSuite(ctx context.Context, testInst *e2e.TestInstallation) suite.TestingSuite { return &portRoutingTestingSuite{ ctx: ctx, testInstallation: testInst, manifests: map[string][]string{ - "TestInvalidPortAndValidTargetport": {invalidPortAndValidTargetportManifest}, - "TestMatchPortAndTargetport": {matchPortandTargetportManifest}, - "TestMatchPodPortWithoutTargetport": {matchPodPortWithoutTargetportManifest}, - "TestInvalidPortWithoutTargetport": {invalidPortWithoutTargetportManifest}, - "TestInvalidPortAndInvalidTargetport": {invalidPortAndInvalidTargetportManifest}, + "TestInvalidPortAndValidTargetport": {svcInvalidPortAndValidTargetportManifest, invalidPortAndValidTargetportManifest}, + "TestMatchPortAndTargetport": {svcMatchPortandTargetportManifest, matchPortandTargetportManifest}, + "TestMatchPodPortWithoutTargetport": {svcMatchPodPortWithoutTargetportManifest, matchPodPortWithoutTargetportManifest}, + "TestInvalidPortWithoutTargetport": {svcInvalidPortWithoutTargetportManifest, invalidPortWithoutTargetportManifest}, + "TestInvalidPortAndInvalidTargetport": {svcInvalidPortAndInvalidTargetportManifest, invalidPortAndInvalidTargetportManifest}, }, } } @@ -59,6 +61,8 @@ func NewTestingSuite(ctx context.Context, testInst *e2e.TestInstallation) suite. func (s *portRoutingTestingSuite) SetupSuite() { err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, setupManifest) s.NoError(err, "can apply setup manifest") + err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, setupK8sManifest) + s.NoError(err, "can apply setup k8s gateway manifest") s.testInstallation.Assertions.EventuallyObjectsExist(s.ctx, proxyService, proxyDeployment) // Check that test resources are running s.testInstallation.Assertions.EventuallyPodsRunning(s.ctx, proxyDeployment.ObjectMeta.GetNamespace(), @@ -68,6 +72,8 @@ func (s *portRoutingTestingSuite) SetupSuite() { func (s *portRoutingTestingSuite) TearDownSuite() { err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, setupManifest) s.NoError(err, "can delete setup manifest") + err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, setupK8sManifest) + s.NoError(err, "can delete setup k8s gateway manifest") s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, proxyService, proxyDeployment) } diff --git a/test/kubernetes/e2e/features/port_routing/testdata/edge-routing.yaml b/test/kubernetes/e2e/features/port_routing/testdata/edge-routing.yaml new file mode 100644 index 00000000000..bc6525cf8de --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/edge-routing.yaml @@ -0,0 +1,16 @@ +# Don't set namespace, apply to test installation namespace +apiVersion: gateway.solo.io/v1 +kind: VirtualService +metadata: + name: example-vs +spec: + virtualHost: + domains: + - "example.com" + routes: + - matchers: + - prefix: / + routeAction: + single: + upstream: + name: nginx-upstream \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-and-invalid-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-and-invalid-targetport.yaml new file mode 100644 index 00000000000..903d7bdf0e4 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-and-invalid-targetport.yaml @@ -0,0 +1,11 @@ +apiVersion: gloo.solo.io/v1 +kind: Upstream +metadata: + name: nginx-upstream +spec: + kube: + selector: + app.kubernetes.io/name: nginx + serviceName: example-svc + serviceNamespace: default + servicePort: 8000 \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-and-valid-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-and-valid-targetport.yaml new file mode 100644 index 00000000000..c8a34b48c23 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-and-valid-targetport.yaml @@ -0,0 +1,11 @@ +apiVersion: gloo.solo.io/v1 +kind: Upstream +metadata: + name: nginx-upstream +spec: + kube: + selector: + app.kubernetes.io/name: nginx + serviceName: example-svc + serviceNamespace: default + servicePort: 81 \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-without-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-without-targetport.yaml new file mode 100644 index 00000000000..c8a34b48c23 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/edge/invalid-port-without-targetport.yaml @@ -0,0 +1,11 @@ +apiVersion: gloo.solo.io/v1 +kind: Upstream +metadata: + name: nginx-upstream +spec: + kube: + selector: + app.kubernetes.io/name: nginx + serviceName: example-svc + serviceNamespace: default + servicePort: 81 \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/edge/match-pod-port-without-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/edge/match-pod-port-without-targetport.yaml new file mode 100644 index 00000000000..d12ca18d280 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/edge/match-pod-port-without-targetport.yaml @@ -0,0 +1,11 @@ +apiVersion: gloo.solo.io/v1 +kind: Upstream +metadata: + name: nginx-upstream +spec: + kube: + selector: + app.kubernetes.io/name: nginx + serviceName: example-svc + serviceNamespace: default + servicePort: 80 \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/edge/match-port-and-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/edge/match-port-and-targetport.yaml new file mode 100644 index 00000000000..d12ca18d280 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/edge/match-port-and-targetport.yaml @@ -0,0 +1,11 @@ +apiVersion: gloo.solo.io/v1 +kind: Upstream +metadata: + name: nginx-upstream +spec: + kube: + selector: + app.kubernetes.io/name: nginx + serviceName: example-svc + serviceNamespace: default + servicePort: 80 \ No newline at end of file diff --git a/test/kube2e/istio/artifacts/gateway.yaml b/test/kubernetes/e2e/features/port_routing/testdata/k8s-gw.yaml similarity index 57% rename from test/kube2e/istio/artifacts/gateway.yaml rename to test/kubernetes/e2e/features/port_routing/testdata/k8s-gw.yaml index 08aae79176d..213b95003ad 100644 --- a/test/kube2e/istio/artifacts/gateway.yaml +++ b/test/kubernetes/e2e/features/port_routing/testdata/k8s-gw.yaml @@ -1,14 +1,13 @@ -apiVersion: gateway.networking.k8s.io/v1 kind: Gateway +apiVersion: gateway.networking.k8s.io/v1 metadata: - name: http - namespace: gloo-system + name: gw spec: gatewayClassName: gloo-gateway listeners: - - allowedRoutes: - namespaces: - from: All + - protocol: HTTP + port: 8080 name: http - port: 80 - protocol: HTTP \ No newline at end of file + allowedRoutes: + namespaces: + from: Same \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/invalid-port-and-invalid-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-and-invalid-targetport.yaml similarity index 50% rename from test/kubernetes/e2e/features/port_routing/testdata/invalid-port-and-invalid-targetport.yaml rename to test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-and-invalid-targetport.yaml index 8960de0fec3..48ecaaa3e19 100644 --- a/test/kubernetes/e2e/features/port_routing/testdata/invalid-port-and-invalid-targetport.yaml +++ b/test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-and-invalid-targetport.yaml @@ -1,16 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-svc -spec: - selector: - app.kubernetes.io/name: nginx - ports: - - protocol: TCP - port: 8000 - targetPort: 81 # pointing to wrong target port - name: http ---- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: diff --git a/test/kubernetes/e2e/features/port_routing/testdata/invalid-port-and-valid-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-and-valid-targetport.yaml similarity index 56% rename from test/kubernetes/e2e/features/port_routing/testdata/invalid-port-and-valid-targetport.yaml rename to test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-and-valid-targetport.yaml index 89611f08d88..f6d8fb1daca 100644 --- a/test/kubernetes/e2e/features/port_routing/testdata/invalid-port-and-valid-targetport.yaml +++ b/test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-and-valid-targetport.yaml @@ -1,15 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-svc -spec: - selector: - app.kubernetes.io/name: nginx - ports: - - protocol: TCP - port: 81 - targetPort: 80 ---- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: diff --git a/test/kubernetes/e2e/features/port_routing/testdata/invalid-port-without-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-without-targetport.yaml similarity index 55% rename from test/kubernetes/e2e/features/port_routing/testdata/invalid-port-without-targetport.yaml rename to test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-without-targetport.yaml index e8c8adb7411..f6d8fb1daca 100644 --- a/test/kubernetes/e2e/features/port_routing/testdata/invalid-port-without-targetport.yaml +++ b/test/kubernetes/e2e/features/port_routing/testdata/k8s/invalid-port-without-targetport.yaml @@ -1,14 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-svc -spec: - selector: - app.kubernetes.io/name: nginx - ports: - - protocol: TCP - port: 81 # not matching app's port ---- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: diff --git a/test/kubernetes/e2e/features/port_routing/testdata/match-pod-port-without-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/k8s/match-pod-port-without-targetport.yaml similarity index 53% rename from test/kubernetes/e2e/features/port_routing/testdata/match-pod-port-without-targetport.yaml rename to test/kubernetes/e2e/features/port_routing/testdata/k8s/match-pod-port-without-targetport.yaml index 478a8e9acf5..b8b9017ede1 100644 --- a/test/kubernetes/e2e/features/port_routing/testdata/match-pod-port-without-targetport.yaml +++ b/test/kubernetes/e2e/features/port_routing/testdata/k8s/match-pod-port-without-targetport.yaml @@ -1,14 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-svc -spec: - selector: - app.kubernetes.io/name: nginx - ports: - - protocol: TCP - port: 80 # without target port, but matching port ---- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: diff --git a/test/kubernetes/e2e/features/port_routing/testdata/match-port-and-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/k8s/match-port-and-targetport.yaml similarity index 52% rename from test/kubernetes/e2e/features/port_routing/testdata/match-port-and-targetport.yaml rename to test/kubernetes/e2e/features/port_routing/testdata/k8s/match-port-and-targetport.yaml index 84c6d2f8744..b8b9017ede1 100644 --- a/test/kubernetes/e2e/features/port_routing/testdata/match-port-and-targetport.yaml +++ b/test/kubernetes/e2e/features/port_routing/testdata/k8s/match-port-and-targetport.yaml @@ -1,15 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-svc -spec: - selector: - app.kubernetes.io/name: nginx - ports: - - protocol: TCP - port: 80 # match port and targetport - targetPort: 80 ---- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: diff --git a/test/kubernetes/e2e/features/port_routing/testdata/setup.yaml b/test/kubernetes/e2e/features/port_routing/testdata/setup.yaml index 601ab9fdb45..1ddc88d4b21 100644 --- a/test/kubernetes/e2e/features/port_routing/testdata/setup.yaml +++ b/test/kubernetes/e2e/features/port_routing/testdata/setup.yaml @@ -1,17 +1,3 @@ -kind: Gateway -apiVersion: gateway.networking.k8s.io/v1 -metadata: - name: gw -spec: - gatewayClassName: gloo-gateway - listeners: - - protocol: HTTP - port: 8080 - name: http - allowedRoutes: - namespaces: - from: Same ---- apiVersion: v1 kind: Pod metadata: diff --git a/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-and-invalid-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-and-invalid-targetport.yaml new file mode 100644 index 00000000000..194c8a562e5 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-and-invalid-targetport.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: example-svc +spec: + selector: + app.kubernetes.io/name: nginx + ports: + - protocol: TCP + port: 8000 + targetPort: 81 # pointing to wrong target port + name: http \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-and-valid-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-and-valid-targetport.yaml new file mode 100644 index 00000000000..8c270e44e72 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-and-valid-targetport.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: example-svc +spec: + selector: + app.kubernetes.io/name: nginx + ports: + - protocol: TCP + port: 81 + targetPort: 80 \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-without-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-without-targetport.yaml new file mode 100644 index 00000000000..020289b1cc8 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/svc/invalid-port-without-targetport.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: example-svc +spec: + selector: + app.kubernetes.io/name: nginx + ports: + - protocol: TCP + port: 81 # not matching app's port \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/svc/match-pod-port-without-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/svc/match-pod-port-without-targetport.yaml new file mode 100644 index 00000000000..8222542a4aa --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/svc/match-pod-port-without-targetport.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: example-svc +spec: + selector: + app.kubernetes.io/name: nginx + ports: + - protocol: TCP + port: 80 # without target port, but matching port \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/testdata/svc/match-port-and-targetport.yaml b/test/kubernetes/e2e/features/port_routing/testdata/svc/match-port-and-targetport.yaml new file mode 100644 index 00000000000..23095bced63 --- /dev/null +++ b/test/kubernetes/e2e/features/port_routing/testdata/svc/match-port-and-targetport.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: example-svc +spec: + selector: + app.kubernetes.io/name: nginx + ports: + - protocol: TCP + port: 80 # match port and targetport + targetPort: 80 \ No newline at end of file diff --git a/test/kubernetes/e2e/features/port_routing/types.go b/test/kubernetes/e2e/features/port_routing/types.go index bcf43d81351..a45be00fe5c 100644 --- a/test/kubernetes/e2e/features/port_routing/types.go +++ b/test/kubernetes/e2e/features/port_routing/types.go @@ -15,14 +15,36 @@ import ( testmatchers "github.com/solo-io/gloo/test/gomega/matchers" ) +type testManifest struct { + manifestFile string + extraArgs []string +} + var ( setupManifest = filepath.Join(util.MustGetThisDir(), "testdata/setup.yaml") - invalidPortAndValidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata/invalid-port-and-valid-targetport.yaml") - invalidPortAndInvalidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata/invalid-port-and-invalid-targetport.yaml") - matchPodPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata/match-pod-port-without-targetport.yaml") - matchPortandTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata/match-port-and-targetport.yaml") - invalidPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata/invalid-port-without-targetport.yaml") + // Shared Resources + svcInvalidPortAndValidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "svc", "invalid-port-and-valid-targetport.yaml") + svcInvalidPortAndInvalidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "svc", "invalid-port-and-invalid-targetport.yaml") + svcMatchPodPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "svc", "match-pod-port-without-targetport.yaml") + svcMatchPortandTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "svc", "match-port-and-targetport.yaml") + svcInvalidPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "svc", "invalid-port-without-targetport.yaml") + + // K8s Resources + setupK8sManifest = filepath.Join(util.MustGetThisDir(), "testdata", "k8s-gw.yaml") + invalidPortAndValidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "k8s", "invalid-port-and-valid-targetport.yaml") + invalidPortAndInvalidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "k8s", "invalid-port-and-invalid-targetport.yaml") + matchPodPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "k8s", "match-pod-port-without-targetport.yaml") + matchPortandTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "k8s", "match-port-and-targetport.yaml") + invalidPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "k8s", "invalid-port-without-targetport.yaml") + + // Gloo Edge Resources + setupEdgeManifest = filepath.Join(util.MustGetThisDir(), "testdata", "edge-routing.yaml") + upstreamInvalidPortAndValidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "edge", "invalid-port-and-valid-targetport.yaml") + upstreamInvalidPortAndInvalidTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "edge", "invalid-port-and-invalid-targetport.yaml") + upstreamMatchPodPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "edge", "match-pod-port-without-targetport.yaml") + upstreamMatchPortandTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "edge", "match-port-and-targetport.yaml") + upstreamInvalidPortWithoutTargetportManifest = filepath.Join(util.MustGetThisDir(), "testdata", "edge", "invalid-port-without-targetport.yaml") // When we apply the setup.yaml file, we expect resources to be created with this metadata glooProxyObjectMeta = metav1.ObjectMeta{ diff --git a/test/kubernetes/e2e/tests/automtls_istio_edge_api_tests.go b/test/kubernetes/e2e/tests/automtls_istio_edge_api_tests.go index c0951003fa5..3f04e40f82d 100644 --- a/test/kubernetes/e2e/tests/automtls_istio_edge_api_tests.go +++ b/test/kubernetes/e2e/tests/automtls_istio_edge_api_tests.go @@ -4,12 +4,14 @@ import ( "github.com/solo-io/gloo/test/kubernetes/e2e" "github.com/solo-io/gloo/test/kubernetes/e2e/features/headless_svc" "github.com/solo-io/gloo/test/kubernetes/e2e/features/istio" + "github.com/solo-io/gloo/test/kubernetes/e2e/features/port_routing" ) func AutomtlsIstioEdgeApiSuiteRunner() e2e.SuiteRunner { automtlsIstioEdgeApiSuiteRunner := e2e.NewSuiteRunner(false) automtlsIstioEdgeApiSuiteRunner.Register("HeadlessSvc", headless_svc.NewEdgeGatewayHeadlessSvcSuite) + automtlsIstioEdgeApiSuiteRunner.Register("PortRouting", port_routing.NewEdgeGatewayApiTestingSuite) automtlsIstioEdgeApiSuiteRunner.Register("IstioIntegrationAutoMtls", istio.NewGlooIstioAutoMtlsSuite) return automtlsIstioEdgeApiSuiteRunner diff --git a/test/kubernetes/e2e/tests/automtls_istio_tests.go b/test/kubernetes/e2e/tests/automtls_istio_tests.go index 450c7500a36..94b0b17ce67 100644 --- a/test/kubernetes/e2e/tests/automtls_istio_tests.go +++ b/test/kubernetes/e2e/tests/automtls_istio_tests.go @@ -10,7 +10,7 @@ import ( func AutomtlsIstioSuiteRunner() e2e.SuiteRunner { automtlsIstioSuiteRunner := e2e.NewSuiteRunner(false) - automtlsIstioSuiteRunner.Register("PortRouting", port_routing.NewTestingSuite) + automtlsIstioSuiteRunner.Register("PortRouting", port_routing.NewK8sGatewayTestingSuite) automtlsIstioSuiteRunner.Register("HeadlessSvc", headless_svc.NewK8sGatewayHeadlessSvcSuite) automtlsIstioSuiteRunner.Register("IstioIntegrationAutoMtls", istio.NewIstioAutoMtlsSuite) diff --git a/test/kubernetes/e2e/tests/edge_gw_tests.go b/test/kubernetes/e2e/tests/edge_gw_tests.go index 0fe5328311e..da0ba6f3c40 100644 --- a/test/kubernetes/e2e/tests/edge_gw_tests.go +++ b/test/kubernetes/e2e/tests/edge_gw_tests.go @@ -3,12 +3,14 @@ package tests import ( "github.com/solo-io/gloo/test/kubernetes/e2e" "github.com/solo-io/gloo/test/kubernetes/e2e/features/headless_svc" + "github.com/solo-io/gloo/test/kubernetes/e2e/features/port_routing" ) func EdgeGwSuiteRunner() e2e.SuiteRunner { edgeGwSuiteRunner := e2e.NewSuiteRunner(false) edgeGwSuiteRunner.Register("HeadlessSvc", headless_svc.NewEdgeGatewayHeadlessSvcSuite) + edgeGwSuiteRunner.Register("PortRouting", port_routing.NewEdgeGatewayApiTestingSuite) return edgeGwSuiteRunner } diff --git a/test/kubernetes/e2e/tests/istio_edge_api_tests.go b/test/kubernetes/e2e/tests/istio_edge_api_tests.go index f72e6574b59..d59bf7a40bc 100644 --- a/test/kubernetes/e2e/tests/istio_edge_api_tests.go +++ b/test/kubernetes/e2e/tests/istio_edge_api_tests.go @@ -4,12 +4,14 @@ import ( "github.com/solo-io/gloo/test/kubernetes/e2e" "github.com/solo-io/gloo/test/kubernetes/e2e/features/headless_svc" "github.com/solo-io/gloo/test/kubernetes/e2e/features/istio" + "github.com/solo-io/gloo/test/kubernetes/e2e/features/port_routing" ) func IstioEdgeApiSuiteRunner() e2e.SuiteRunner { istioEdgeApiSuiteRunner := e2e.NewSuiteRunner(false) istioEdgeApiSuiteRunner.Register("HeadlessSvc", headless_svc.NewEdgeGatewayHeadlessSvcSuite) + istioEdgeApiSuiteRunner.Register("PortRouting", port_routing.NewEdgeGatewayApiTestingSuite) istioEdgeApiSuiteRunner.Register("IstioIntegration", istio.NewGlooTestingSuite) return istioEdgeApiSuiteRunner diff --git a/test/kubernetes/e2e/tests/istio_regression_test.go b/test/kubernetes/e2e/tests/istio_regression_test.go new file mode 100644 index 00000000000..11ad0a7f3da --- /dev/null +++ b/test/kubernetes/e2e/tests/istio_regression_test.go @@ -0,0 +1,73 @@ +package tests_test + +import ( + "context" + "log" + "path/filepath" + "testing" + "time" + + "github.com/solo-io/gloo/test/kube2e/helper" + "github.com/solo-io/gloo/test/kubernetes/e2e" + . "github.com/solo-io/gloo/test/kubernetes/e2e/tests" + "github.com/solo-io/gloo/test/kubernetes/testutils/gloogateway" + + "github.com/solo-io/skv2/codegen/util" +) + +// TestIstioRegression is the function which executes a series of tests against a given installation where +// the k8s Gateway controller is disabled and the deprecated Istio integration values are used to check for regressions +func TestIstioRegression(t *testing.T) { + ctx := context.Background() + testInstallation := e2e.CreateTestInstallation( + t, + &gloogateway.Context{ + InstallNamespace: "istio-regression-test", + ValuesManifestFile: filepath.Join(util.MustGetThisDir(), "manifests", "istio-regression-helm.yaml"), + }, + ) + + testHelper := e2e.MustTestHelper(ctx, testInstallation) + + err := testInstallation.AddIstioctl(ctx) + if err != nil { + log.Printf("failed to add istioctl: %v\n", err) + t.Fail() + } + + // We register the cleanup function _before_ we actually perform the installation. + // This allows us to uninstall Gloo Gateway, in case the original installation only completed partially + t.Cleanup(func() { + if t.Failed() { + testInstallation.PreFailHandler(ctx) + + // Generate istioctl bug report + testInstallation.CreateIstioBugReport(ctx) + } + + testInstallation.UninstallGlooGateway(ctx, func(ctx context.Context) error { + return testHelper.UninstallGlooAll() + }) + + // Uninstall Istio + err = testInstallation.UninstallIstio() + if err != nil { + log.Printf("failed to uninstall: %v\n", err) + t.Fail() + } + }) + + // Install Istio before Gloo Gateway to make sure istiod is present before istio-proxy + err = testInstallation.InstallMinimalIstio(ctx) + if err != nil { + log.Printf("failed to install: %v\n", err) + t.Fail() + } + + // Install Gloo Gateway with only Edge APIs enabled + testInstallation.InstallGlooGateway(ctx, func(ctx context.Context) error { + return testHelper.InstallGloo(ctx, helper.GATEWAY, 5*time.Minute, helper.ExtraArgs("--values", testInstallation.Metadata.ValuesManifestFile)) + }) + + IstioRegressionSuiteRunner().Run(ctx, t, testInstallation) +} diff --git a/test/kubernetes/e2e/tests/istio_regression_tests.go b/test/kubernetes/e2e/tests/istio_regression_tests.go new file mode 100644 index 00000000000..7d431684d93 --- /dev/null +++ b/test/kubernetes/e2e/tests/istio_regression_tests.go @@ -0,0 +1,18 @@ +package tests + +import ( + "github.com/solo-io/gloo/test/kubernetes/e2e" + "github.com/solo-io/gloo/test/kubernetes/e2e/features/headless_svc" + "github.com/solo-io/gloo/test/kubernetes/e2e/features/istio" + "github.com/solo-io/gloo/test/kubernetes/e2e/features/port_routing" +) + +func IstioRegressionSuiteRunner() e2e.SuiteRunner { + istioEdgeApiSuiteRunner := e2e.NewSuiteRunner(false) + + istioEdgeApiSuiteRunner.Register("HeadlessSvc", headless_svc.NewEdgeGatewayHeadlessSvcSuite) + istioEdgeApiSuiteRunner.Register("PortRouting", port_routing.NewEdgeGatewayApiTestingSuite) + istioEdgeApiSuiteRunner.Register("IstioIntegration", istio.NewGlooTestingSuite) + + return istioEdgeApiSuiteRunner +} diff --git a/test/kubernetes/e2e/tests/istio_test.go b/test/kubernetes/e2e/tests/k8s_gw_istio_test.go similarity index 100% rename from test/kubernetes/e2e/tests/istio_test.go rename to test/kubernetes/e2e/tests/k8s_gw_istio_test.go diff --git a/test/kubernetes/e2e/tests/istio_tests.go b/test/kubernetes/e2e/tests/k8s_gw_istio_tests.go similarity index 89% rename from test/kubernetes/e2e/tests/istio_tests.go rename to test/kubernetes/e2e/tests/k8s_gw_istio_tests.go index 2502e1840e8..9e84ccf0109 100644 --- a/test/kubernetes/e2e/tests/istio_tests.go +++ b/test/kubernetes/e2e/tests/k8s_gw_istio_tests.go @@ -11,7 +11,7 @@ import ( func IstioSuiteRunner() e2e.SuiteRunner { istioSuiteRunner := e2e.NewSuiteRunner(false) - istioSuiteRunner.Register("PortRouting", port_routing.NewTestingSuite) + istioSuiteRunner.Register("PortRouting", port_routing.NewK8sGatewayTestingSuite) istioSuiteRunner.Register("HeadlessSvc", headless_svc.NewK8sGatewayHeadlessSvcSuite) istioSuiteRunner.Register("IstioIntegration", istio.NewTestingSuite) istioSuiteRunner.Register("IstioGatewayParameters", deployer.NewIstioIntegrationTestingSuite) diff --git a/test/kubernetes/e2e/tests/k8s_gw_no_validation_tests.go b/test/kubernetes/e2e/tests/k8s_gw_no_validation_tests.go index 74090f6c162..d89def8144a 100644 --- a/test/kubernetes/e2e/tests/k8s_gw_no_validation_tests.go +++ b/test/kubernetes/e2e/tests/k8s_gw_no_validation_tests.go @@ -14,7 +14,7 @@ func KubeGatewayNoValidationSuiteRunner() e2e.SuiteRunner { kubeGatewayNoValidationSuiteRunner.Register("ListenerOptions", listener_options.NewTestingSuite) kubeGatewayNoValidationSuiteRunner.Register("RouteOptions", route_options.NewTestingSuite) kubeGatewayNoValidationSuiteRunner.Register("VirtualHostOptions", virtualhost_options.NewTestingSuite) - kubeGatewayNoValidationSuiteRunner.Register("PortRouting", port_routing.NewTestingSuite) + kubeGatewayNoValidationSuiteRunner.Register("PortRouting", port_routing.NewK8sGatewayTestingSuite) return kubeGatewayNoValidationSuiteRunner } diff --git a/test/kubernetes/e2e/tests/k8s_gw_tests.go b/test/kubernetes/e2e/tests/k8s_gw_tests.go index 0f88fcf7bea..78a0f7630c7 100644 --- a/test/kubernetes/e2e/tests/k8s_gw_tests.go +++ b/test/kubernetes/e2e/tests/k8s_gw_tests.go @@ -29,7 +29,7 @@ func KubeGatewaySuiteRunner() e2e.SuiteRunner { kubeGatewaySuiteRunner.Register("Upstreams", upstreams.NewTestingSuite) kubeGatewaySuiteRunner.Register("Services", services.NewTestingSuite) kubeGatewaySuiteRunner.Register("HeadlessSvc", headless_svc.NewK8sGatewayHeadlessSvcSuite) - kubeGatewaySuiteRunner.Register("PortRouting", port_routing.NewTestingSuite) + kubeGatewaySuiteRunner.Register("PortRouting", port_routing.NewK8sGatewayTestingSuite) kubeGatewaySuiteRunner.Register("RouteDelegation", route_delegation.NewTestingSuite) kubeGatewaySuiteRunner.Register("Glooctl", newGlooctlTestingSuite) diff --git a/test/kube2e/istio/artifacts/helm.yaml b/test/kubernetes/e2e/tests/manifests/istio-regression-helm.yaml similarity index 100% rename from test/kube2e/istio/artifacts/helm.yaml rename to test/kubernetes/e2e/tests/manifests/istio-regression-helm.yaml