Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Istio ambient to KinD test #14103

Merged
merged 6 commits into from
Aug 2, 2023
Merged

Add Istio ambient to KinD test #14103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
395a586
Add ambient
nak3 Jun 15, 2023
9f1f6e5
Add ambient to kind
nak3 Jun 28, 2023
4c291c9
Fix script
nak3 Jun 28, 2023
7d7b4b5
fix typo
nak3 Jun 29, 2023
e6f609d
fix script
nak3 Jun 29, 2023
4bababc
Fix ordering
nak3 Aug 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/workflows/kind-e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ jobs:
- kourier
- kourier-tls
- istio
- istio-ambient
- contour
# Disabled due to consistent failures
# - gateway_istio
Expand All @@ -117,6 +118,11 @@ jobs:
- ingress: istio
namespace-resources: virtualservices

- ingress: istio-ambient
namespace-resources: virtualservices
ingress-class: istio
ambient: 1

- ingress: kourier-tls
ingress-class: kourier
enable-tls: 1
Expand All @@ -134,6 +140,7 @@ jobs:
KIND: 1
INGRESS_CLASS: ${{ matrix.ingress-class || matrix.ingress }}.ingress.networking.knative.dev
ENABLE_TLS: ${{ matrix.enable-tls || 0 }}
AMBIENT: ${{ matrix.ambient || 0 }}

steps:
- name: Set up Go 1.19.x
Expand Down
24 changes: 24 additions & 0 deletions test/config/ytt/ambient/istio-injection.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
#@ load("helpers.lib.yaml", "subset")

#@ def namespaces():
#@ names = [
#@ data.values.serving.namespaces.system,
#@ data.values.serving.namespaces.test.default,
#@ data.values.serving.namespaces.test.alternate,
#@ data.values.serving.namespaces.test.tls,
#@ ]
#@ matches = []
#@ for name in names:
#@ matches.append(subset(name=name, kind="Namespace"))
#@ end
#@ return overlay.or_op(*matches)
#@ end

#@overlay/match by=namespaces(), expects="1+"
---
#@overlay/match-child-defaults missing_ok=True
metadata:
labels:
istio.io/dataplane-mode: ambient
22 changes: 22 additions & 0 deletions test/config/ytt/ambient/kapp-order.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#! ztunnel have to be deployed before istio-cni-node.
#! TODO: Remove this ordering if https://github.com/istio/istio/issues/45781 was solved.

#@ load("@ytt:overlay", "overlay")
#@ load("helpers.lib.yaml", "subset", "label_subset")

#@overlay/match by=subset(kind="DaemonSet", name="ztunnel"), expects="1+"
---
metadata:
#@overlay/match missing_ok=True
annotations:
#@overlay/match missing_ok=True
kapp.k14s.io/change-group: "ztunnel"

#@overlay/match by=subset(kind="DaemonSet", name="istio-cni-node"), expects="1+"
---
metadata:
#@overlay/match missing_ok=True
#@overlay/match-child-defaults missing_ok=True
annotations:
kapp.k14s.io/change-group: "istio-cni-node"
kapp.k14s.io/change-rule: "upsert after upserting ztunnel"
5 changes: 5 additions & 0 deletions test/e2e-common.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ export SHORT=0
export ENABLE_HA=0
export ENABLE_TLS=${ENABLE_TLS:-0}
export MESH=0
export AMBIENT=${AMBIENT:-0}
export PERF=0
export KIND=${KIND:-0}
export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-cluster.local}
Expand Down Expand Up @@ -302,6 +303,10 @@ function install() {
YTT_FILES+=("${REPO_ROOT_DIR}/test/config/ytt/mesh")
fi

if ((AMBIENT)); then
YTT_FILES+=("${REPO_ROOT_DIR}/test/config/ytt/ambient")
fi

if (( ENABLE_HA )); then
YTT_FILES+=("${E2E_YAML_DIR}/test/config/chaosduck/chaosduck.yaml")
YTT_FILES+=("${REPO_ROOT_DIR}/test/config/ytt/ha")
Expand Down
6 changes: 5 additions & 1 deletion test/e2e-networking-library.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,11 @@ function net_istio_file_url() {
local profile="istio-ci-no-mesh"

if (( KIND )); then
profile="istio-kind-no-mesh"
if (( AMBIENT )); then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems we are getting a lot of env variations here (including the encryption stuff). WDYT about having the istio profile as a variable instead of having MESH and AMBIENT?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean that adding the PROFILE in test/e2e-common.sh like?

    --mesh)
      readonly MESH=1
      readonly PROFILE="istio-ci-mesh"
      return 1
      ;;
    --no-mesh)
      readonly MESH=0
      readonly PROFILE="istio-ci-no-mesh"
      return 1
      ;;

If so, it sounds good to me. If you are okay, I would like to change it in another PR as it may fix #14182 (then need some more debug...).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or even add just one variable to the GH-actions with MESH_PROFILE and then specify the profile directly there? I don't see much reason for the abstraction we have, as we only target MESH in the istio-case anyway.

Works for me to do it in a followup.

profile="istio-kind-ambient"
else
profile="istio-kind-no-mesh"
fi
elif (( MESH )); then
profile="istio-ci-mesh"
fi
Expand Down