istio
189 строк · 6.6 Кб
1// Copyright Istio Authors
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package controller
16
17import (
18"context"
19"testing"
20"time"
21
22v1 "k8s.io/api/core/v1"
23metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
24"k8s.io/client-go/rest"
25
26meshconfig "istio.io/api/mesh/v1alpha1"
27"istio.io/istio/pilot/pkg/features"
28"istio.io/istio/pilot/pkg/keycertbundle"
29"istio.io/istio/pilot/pkg/server"
30"istio.io/istio/pilot/pkg/serviceregistry/aggregate"
31"istio.io/istio/pkg/cluster"
32"istio.io/istio/pkg/config/mesh"
33"istio.io/istio/pkg/kube"
34"istio.io/istio/pkg/kube/multicluster"
35"istio.io/istio/pkg/test"
36"istio.io/istio/pkg/test/util/assert"
37"istio.io/istio/pkg/test/util/retry"
38)
39
40const (
41testSecretNameSpace = "istio-system"
42DomainSuffix = "fake_domain"
43)
44
45var mockserviceController = aggregate.NewController(aggregate.Options{})
46
47func createMultiClusterSecret(k8s kube.Client, sname, cname string) error {
48data := map[string][]byte{}
49secret := v1.Secret{
50ObjectMeta: metav1.ObjectMeta{
51Name: sname,
52Namespace: testSecretNameSpace,
53Labels: map[string]string{
54multicluster.MultiClusterSecretLabel: "true",
55},
56},
57Data: map[string][]byte{},
58}
59
60data[cname] = []byte("Test")
61secret.Data = data
62_, err := k8s.Kube().CoreV1().Secrets(testSecretNameSpace).Create(context.TODO(), &secret, metav1.CreateOptions{})
63return err
64}
65
66func deleteMultiClusterSecret(k8s kube.Client, sname string) error {
67var immediate int64
68
69return k8s.Kube().CoreV1().Secrets(testSecretNameSpace).Delete(
70context.TODO(),
71sname, metav1.DeleteOptions{GracePeriodSeconds: &immediate})
72}
73
74func verifyControllers(t *testing.T, m *Multicluster, expectedControllerCount int, timeoutName string) {
75t.Helper()
76assert.EventuallyEqual(t, func() int {
77return len(m.component.All())
78}, expectedControllerCount, retry.Message(timeoutName), retry.Delay(time.Millisecond*10), retry.Timeout(time.Second*5))
79}
80
81func initController(client kube.CLIClient, ns string, stop <-chan struct{}) *multicluster.Controller {
82sc := multicluster.NewController(client, ns, "cluster-1", mesh.NewFixedWatcher(nil))
83sc.ClientBuilder = func(kubeConfig []byte, c cluster.ID, configOverrides ...func(*rest.Config)) (kube.Client, error) {
84return kube.NewFakeClient(), nil
85}
86client.RunAndWait(stop)
87return sc
88}
89
90func Test_KubeSecretController(t *testing.T) {
91clientset := kube.NewFakeClient()
92stop := test.NewStop(t)
93s := server.New()
94mcc := initController(clientset, testSecretNameSpace, stop)
95mc := NewMulticluster("pilot-abc-123", clientset.Kube(), testSecretNameSpace, Options{
96ClusterID: "cluster-1",
97DomainSuffix: DomainSuffix,
98MeshWatcher: mesh.NewFixedWatcher(&meshconfig.MeshConfig{}),
99MeshServiceController: mockserviceController,
100}, nil, nil, nil, "default", false, nil, s, mcc)
101assert.NoError(t, mcc.Run(stop))
102go mockserviceController.Run(stop)
103clientset.RunAndWait(stop)
104kube.WaitForCacheSync("test", stop, mcc.HasSynced)
105_ = s.Start(stop)
106
107verifyControllers(t, mc, 1, "create local controller")
108
109// Create the multicluster secret. Sleep to allow created remote
110// controller to start and callback add function to be called.
111err := createMultiClusterSecret(clientset, "test-secret-1", "test-remote-cluster-1")
112if err != nil {
113t.Fatalf("Unexpected error on secret create: %v", err)
114}
115
116// Test - Verify that the remote controller has been added.
117verifyControllers(t, mc, 2, "create remote controller")
118
119// Delete the mulicluster secret.
120err = deleteMultiClusterSecret(clientset, "test-secret-1")
121if err != nil {
122t.Fatalf("Unexpected error on secret delete: %v", err)
123}
124
125// Test - Verify that the remote controller has been removed.
126verifyControllers(t, mc, 1, "delete remote controller")
127}
128
129func Test_KubeSecretController_ExternalIstiod_MultipleClusters(t *testing.T) {
130test.SetForTest(t, &features.ExternalIstiod, true)
131test.SetForTest(t, &features.InjectionWebhookConfigName, "")
132clientset := kube.NewFakeClient()
133stop := test.NewStop(t)
134s := server.New()
135certWatcher := keycertbundle.NewWatcher()
136mcc := initController(clientset, testSecretNameSpace, stop)
137mc := NewMulticluster("pilot-abc-123", clientset.Kube(), testSecretNameSpace, Options{
138ClusterID: "cluster-1",
139DomainSuffix: DomainSuffix,
140MeshWatcher: mesh.NewFixedWatcher(&meshconfig.MeshConfig{}),
141MeshServiceController: mockserviceController,
142}, nil, nil, certWatcher, "default", false, nil, s, mcc)
143assert.NoError(t, mcc.Run(stop))
144go mockserviceController.Run(stop)
145clientset.RunAndWait(stop)
146kube.WaitForCacheSync("test", stop, mcc.HasSynced)
147_ = s.Start(stop)
148
149// the multicluster controller will register the local cluster
150verifyControllers(t, mc, 1, "registered local cluster controller")
151
152// Create the multicluster secret. Sleep to allow created remote
153// controller to start and callback add function to be called.
154err := createMultiClusterSecret(clientset, "test-secret-1", "test-remote-cluster-1")
155if err != nil {
156t.Fatalf("Unexpected error on secret create: %v", err)
157}
158
159// Test - Verify that the remote controller has been added.
160verifyControllers(t, mc, 2, "create remote controller 1")
161
162// Create second multicluster secret. Sleep to allow created remote
163// controller to start and callback add function to be called.
164err = createMultiClusterSecret(clientset, "test-secret-2", "test-remote-cluster-2")
165if err != nil {
166t.Fatalf("Unexpected error on secret create: %v", err)
167}
168
169// Test - Verify that the remote controller has been added.
170verifyControllers(t, mc, 3, "create remote controller 2")
171
172// Delete the first mulicluster secret.
173err = deleteMultiClusterSecret(clientset, "test-secret-1")
174if err != nil {
175t.Fatalf("Unexpected error on secret delete: %v", err)
176}
177
178// Test - Verify that the remote controller has been removed.
179verifyControllers(t, mc, 2, "delete remote controller 1")
180
181// Delete the second mulicluster secret.
182err = deleteMultiClusterSecret(clientset, "test-secret-2")
183if err != nil {
184t.Fatalf("Unexpected error on secret delete: %v", err)
185}
186
187// Test - Verify that the remote controller has been removed.
188verifyControllers(t, mc, 1, "delete remote controller 2")
189}
190