Remove old Istio tests, add new Istio suite with regression values

.github/workflows/pr-kubernetes-tests.yaml

@@ -64,7 +64,7 @@ jobs:
         # May 14th: ~ minutes execution time (see load_balancing_tests.md)
         - cluster-name: 'cluster-three'
           go-test-args: '-v -timeout=25m'
-          go-test-run-regex: '(^TestK8sGatewayIstioAutoMtls$$|^TestAutomtlsIstioEdgeApisGateway$$|^TestIstioEdgeApiGateway$$)'
+          go-test-run-regex: '(^TestK8sGatewayIstioAutoMtls$$|^TestAutomtlsIstioEdgeApisGateway$$|^TestIstioEdgeApiGateway$$|^TestIstioRegression$$)'
 
         # May 14th: ~ minutes execution time (see load_balancing_tests.md)
         - cluster-name: 'cluster-four'

.github/workflows/regression-tests.yaml

@@ -49,7 +49,7 @@ jobs:
         # upgrade tests are run on LTS but not on main branch, for main they are run nightly
         # ingress will be deprecated from 1.17. Ref: https://solo-io-corp.slack.com/archives/G01EERAK3KJ/p1716389614777799
         # this is the github action version of ternary op
-        kube-e2e-test-type: [ 'gateway', 'gloo', 'ingress', 'helm', 'gloomtls', 'glooctl', 'upgrade', 'istio' ]
+        kube-e2e-test-type: [ 'gateway', 'gloo', 'ingress', 'helm', 'gloomtls', 'glooctl', 'upgrade' ]
         kube-version: [ { node: 'v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245', kubectl: 'v1.29.2', kind: 'v0.20.0', helm: 'v3.14.4' } ]
         image-variant:
           - distroless

changelog/v1.18.0-beta1/remove-old-istio-tests.yaml

@@ -0,0 +1,4 @@
+changelog:
+  - type: NON_USER_FACING
+    description: >-
+      Remove old Istio integration regression e2e tests and glooctl Istio integration e2e tests.

ci/kind/setup-kind.sh

@@ -15,8 +15,6 @@ SKIP_DOCKER="${SKIP_DOCKER:-false}"
 JUST_KIND="${JUST_KIND:-false}"
 # Offer a default value for type of installation
 KUBE2E_TESTS="${KUBE2E_TESTS:-gateway}"  # If 'KUBE2E_TESTS' not set or null, use 'gateway'.
-# The version of istio to install for glooctl tests. This should get set by the 'setup-kind-cluster' github action, where it is a required input.
-ISTIO_VERSION="${ISTIO_VERSION:-1.22.0}"
 # Set the default image variant to standard
 IMAGE_VARIANT="${IMAGE_VARIANT:-standard}"
 # If true, run extra steps to set up k8s gateway api conformance test environment
@@ -103,16 +101,3 @@ if [[ $CONFORMANCE == "true" ]]; then
 	    - address-pool
 	EOF
 fi
-
-# 7. Install additional resources used for particular KUBE2E tests
-if [[ $KUBE2E_TESTS = "glooctl" || $KUBE2E_TESTS = "istio" ]]; then
-  TARGET_ARCH=x86_64
-  if [[ $ARCH == 'arm64' ]]; then
-    TARGET_ARCH=arm64
-  fi
-  echo "Downloading Istio $ISTIO_VERSION"
-  curl -L https://istio.io/downloadIstio | ISTIO_VERSION=$ISTIO_VERSION TARGET_ARCH=$TARGET_ARCH sh -
-
-  echo "Installing Istio"
-  yes | "./istio-$ISTIO_VERSION/bin/istioctl" install --set profile=minimal
-fi

test/kube2e/istio/README.md → devel/architecture/istio-integration.md

@@ -43,10 +43,10 @@ To keep the mTLS communication transparent to the Edge configuration, we again l
 [Istio](https://istio.io/latest/docs/ops/deployment/architecture/) is logically split into a data plane and a control plane. The data plane is composed of a set of intelligent proxies (Envoy) deployed as sidecars. The control plane (istiod) provides service discovery, configuration and certificate management.
 Istiod acts as a Certificate Authority (CA) and generates certificates to allow secure mTLS communication in the data plane.
 
-**Istio-Proxy Sidecar**: This is responsible for generating the certificates used for mTLS communication. These certificates are mounted to a volume, which are then provided to the gateway-proxy configuration via SDS. The gateway-proxy, with these certificates, is now able to establish mTLS communication with an upstream in the Mesh. 
-The Istio-Proxy Sidecar usually runs both the istio-agent and envoy. The [istio-agent](https://github.com/istio/istio/blob/master/architecture/security/istio-agent.md) is responsible for generating the certificates, and the envoy is responsible for terminating TLS and establishing mTLS communication with other services in the Mesh. 
-By default, the istio-proxy will run an extended version of the Envoy proxy. However, we don't need the istio-proxy Envoy functionality, we only need the istio-agent to create the CSR request to istiod and handle rotating certificates near expiration. 
-To avoid running the istio-proxy Envoy, we can set the `DISABLE_ENVOY` environment variable. This will cause the istio-proxy to run in proxyless mode and not start the Envoy process. 
+**Istio-Proxy Sidecar**: This is responsible for generating the certificates used for mTLS communication. These certificates are mounted to a volume, which are then provided to the gateway-proxy configuration via SDS. The gateway-proxy, with these certificates, is now able to establish mTLS communication with an upstream in the Mesh.
+The Istio-Proxy Sidecar usually runs both the istio-agent and envoy. The [istio-agent](https://github.com/istio/istio/blob/master/architecture/security/istio-agent.md) is responsible for generating the certificates, and the envoy is responsible for terminating TLS and establishing mTLS communication with other services in the Mesh.
+By default, the istio-proxy will run an extended version of the Envoy proxy. However, we don't need the istio-proxy Envoy functionality, we only need the istio-agent to create the CSR request to istiod and handle rotating certificates near expiration.
+To avoid running the istio-proxy Envoy, we can set the `DISABLE_ENVOY` environment variable. This will cause the istio-proxy to run in proxyless mode and not start the Envoy process.
 
 <img src="https://github.com/istio/istio/raw/master/architecture/security/docs/overview.svg">
 
@@ -64,7 +64,7 @@ While the component itself has a single responsibility, implement the SDS API, i
 
 _As a result, we have `glooMtls.enabled` to enable the former, and `istioIntegration.enabled` to enable the latter._
 
-Note, the current Gloo SDS does not reach out to Istiod. The istio-agent is responsible for sending the CSR to Istiod. 
+Note, the current Gloo SDS does not reach out to Istiod. The istio-agent is responsible for sending the CSR to Istiod.
 The SDS server then reads the certs from a file written by the istio-agent and then SDS serves the certificates to the Gloo Envoy proxy.
 
 # Validating mTLS Traffic
@@ -73,9 +73,9 @@ Istio leverages the [`x-forwarded-client-cert`](https://istio.io/latest/docs/ops
 
 If the application that we’re running can logs requests that it receives, we could search the logs for the existence of that header
 
-# Testing automtls 
+# Testing automtls
 
-The istio e2e integration tests automtls functionality with Gloo Edge "classic" APIs and k8s Gateway API resources. This 
+The istio e2e integration tests automtls functionality with Gloo Edge "classic" APIs and k8s Gateway API resources. This
 can be manually tested by following the steps below on a kind cluster:
 
 1. Setup environment and kind cluster
@@ -164,7 +164,7 @@ Then edit upstream to disable automtls:
 kubectl edit upstreams -n gloo-system bookinfo-productpage-9080
 ```
 
-Add this line: 
+Add this line:
 
 ```shell
 spec:
@@ -272,7 +272,7 @@ Port-forward the new k8s gateway:
 kubectl port-forward deployment/gloo-proxy-http 8080:8080
 ``` 
 
-Now let's send traffic with the same curl as before, this time going through the new k8s Gateway API gateway. 
+Now let's send traffic with the same curl as before, this time going through the new k8s Gateway API gateway.
 The first attempt will succeed because of automtls is still enabled on the settings policy:
 
 ```shell

test/kube2e/glooctl/glooctl_suite_test.go

@@ -52,8 +52,6 @@ func StartTestHelper() {
 	var err error
 	testHelper, err = kube2e.GetTestHelper(ctx, namespace)
 	Expect(err).NotTo(HaveOccurred())
-	// Register additional fail handlers
-	skhelpers.RegisterPreFailHandler(helpers.StandardGlooDumpOnFail(GinkgoWriter, metav1.ObjectMeta{Namespace: "istio-system"}, metav1.ObjectMeta{Namespace: testHelper.InstallNamespace}))
 
 	if !testutils.ShouldSkipInstall() {
 		installGloo()