istio

main_test.go
395 строк · 11.7 Кб
Перенос по словам
1
//go:build integ
2
// +build integ
3

4
// Copyright Istio Authors
5
//
6
// Licensed under the Apache License, Version 2.0 (the "License");
7
// you may not use this file except in compliance with the License.
8
// You may obtain a copy of the License at
9
//
10
//     http://www.apache.org/licenses/LICENSE-2.0
11
//
12
// Unless required by applicable law or agreed to in writing, software
13
// distributed under the License is distributed on an "AS IS" BASIS,
14
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
// See the License for the specific language governing permissions and
16
// limitations under the License.
17

18
package ambient
19

20
import (
21
	"context"
22
	"strings"
23
	"testing"
24

25
	kerrors "k8s.io/apimachinery/pkg/api/errors"
26
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
27

28
	"istio.io/istio/pkg/config/constants"
29
	"istio.io/istio/pkg/test/framework"
30
	"istio.io/istio/pkg/test/framework/components/ambient"
31
	"istio.io/istio/pkg/test/framework/components/echo"
32
	"istio.io/istio/pkg/test/framework/components/echo/common/ports"
33
	"istio.io/istio/pkg/test/framework/components/echo/deployment"
34
	"istio.io/istio/pkg/test/framework/components/echo/match"
35
	"istio.io/istio/pkg/test/framework/components/istio"
36
	"istio.io/istio/pkg/test/framework/components/namespace"
37
	"istio.io/istio/pkg/test/framework/components/prometheus"
38
	"istio.io/istio/pkg/test/framework/label"
39
	"istio.io/istio/pkg/test/framework/resource"
40
	"istio.io/istio/pkg/test/scopes"
41
	"istio.io/istio/tests/integration/security/util/cert"
42
)
43

44
var (
45
	i istio.Instance
46

47
	// Below are various preconfigured echo deployments. Whenever possible, tests should utilize these
48
	// to avoid excessive creation/tear down of deployments. In general, a test should only deploy echo if
49
	// its doing something unique to that specific test.
50
	apps = &EchoDeployments{}
51

52
	// used to validate telemetry in-cluster
53
	prom prometheus.Instance
54
)
55

56
type EchoDeployments struct {
57
	// Namespace echo apps will be deployed
58
	Namespace                 namespace.Instance
59
	AllWaypoint               echo.Instances
60
	WorkloadAddressedWaypoint echo.Instances
61
	ServiceAddressedWaypoint  echo.Instances
62
	Captured                  echo.Instances
63
	Uncaptured                echo.Instances
64
	SidecarWaypoint           echo.Instances
65
	SidecarCaptured           echo.Instances
66
	SidecarUncaptured         echo.Instances
67
	All                       echo.Instances
68
	Mesh                      echo.Instances
69
	MeshExternal              echo.Instances
70

71
	WaypointProxies map[string]ambient.WaypointProxy
72
}
73

74
// TestMain defines the entrypoint for pilot tests using a standard Istio installation.
75
// If a test requires a custom install it should go into its own package, otherwise it should go
76
// here to reuse a single install across tests.
77
func TestMain(m *testing.M) {
78
	// nolint: staticcheck
79
	framework.
80
		NewSuite(m).
81
		RequireMinVersion(24).
82
		SkipIf("https://github.com/istio/istio/issues/43243", func(ctx resource.Context) bool {
83
			return strings.Contains(ctx.Settings().Image.Tag, "distroless")
84
		}).
85
		Label(label.IPv4). // https://github.com/istio/istio/issues/41008
86
		Setup(func(t resource.Context) error {
87
			t.Settings().Ambient = true
88
			return nil
89
		}).
90
		Setup(istio.Setup(&i, func(ctx resource.Context, cfg *istio.Config) {
91
			// can't deploy VMs without eastwest gateway
92
			ctx.Settings().SkipVMs()
93
			cfg.EnableCNI = true
94
			cfg.DeployEastWestGW = false
95
			cfg.ControlPlaneValues = `
96
values:
97
  ztunnel:
98
    terminationGracePeriodSeconds: 5
99
    env:
100
      SECRET_TTL: 5m
101
`
102
		}, cert.CreateCASecretAlt)).
103
		Setup(func(t resource.Context) error {
104
			gatewayConformanceInputs.Client = t.Clusters().Default()
105
			gatewayConformanceInputs.Cleanup = !t.Settings().NoCleanup
106

107
			return nil
108
		}).
109
		Setup(func(t resource.Context) error {
110
			return SetupApps(t, i, apps)
111
		}).
112
		Run()
113
}
114

115
const (
116
	WorkloadAddressedWaypoint = "workload-addressed-waypoint"
117
	ServiceAddressedWaypoint  = "service-addressed-waypoint"
118
	Captured                  = "captured"
119
	Uncaptured                = "uncaptured"
120
	SidecarWaypoint           = "sidecar-waypoint"
121
	SidecarCaptured           = "sidecar-captured"
122
	SidecarUncaptured         = "sidecar-uncaptured"
123
)
124

125
var inMesh = match.Matcher(func(instance echo.Instance) bool {
126
	names := []string{"waypoint", "captured", "sidecar"}
127
	for _, name := range names {
128
		if strings.Contains(instance.Config().Service, name) {
129
			return true
130
		}
131
	}
132
	return false
133
})
134

135
func SetupApps(t resource.Context, i istio.Instance, apps *EchoDeployments) error {
136
	var err error
137
	apps.Namespace, err = namespace.New(t, namespace.Config{
138
		Prefix: "echo",
139
		Inject: false,
140
		Labels: map[string]string{
141
			constants.DataplaneMode: "ambient",
142
		},
143
	})
144
	if err != nil {
145
		return err
146
	}
147

148
	prom, err = prometheus.New(t, prometheus.Config{})
149
	if err != nil {
150
		return err
151
	}
152

153
	// Headless services don't work with targetPort, set to same port
154
	headlessPorts := make([]echo.Port, len(ports.All()))
155
	for i, p := range ports.All() {
156
		p.ServicePort = p.WorkloadPort
157
		headlessPorts[i] = p
158
	}
159
	builder := deployment.New(t).
160
		WithClusters(t.Clusters()...).
161
		WithConfig(echo.Config{
162
			Service:               WorkloadAddressedWaypoint,
163
			Namespace:             apps.Namespace,
164
			Ports:                 ports.All(),
165
			ServiceAccount:        true,
166
			WorkloadWaypointProxy: "waypoint",
167
			Subsets: []echo.SubsetConfig{
168
				{
169
					Replicas: 1,
170
					Version:  "v1",
171
					Labels: map[string]string{
172
						"app":     WorkloadAddressedWaypoint,
173
						"version": "v1",
174
					},
175
					Annotations: map[echo.Annotation]*echo.AnnotationValue{
176
						echo.AmbientUseWaypoint: {
177
							Value: "waypoint",
178
						},
179
					},
180
				},
181
				{
182
					Replicas: 1,
183
					Version:  "v2",
184
					Labels: map[string]string{
185
						"app":     WorkloadAddressedWaypoint,
186
						"version": "v2",
187
					},
188
					Annotations: map[echo.Annotation]*echo.AnnotationValue{
189
						echo.AmbientUseWaypoint: {
190
							Value: "waypoint",
191
						},
192
					},
193
				},
194
			},
195
		}).
196
		WithConfig(echo.Config{
197
			Service:              ServiceAddressedWaypoint,
198
			Namespace:            apps.Namespace,
199
			Ports:                ports.All(),
200
			ServiceAnnotations:   echo.NewAnnotations().Set(echo.AmbientUseWaypoint, "waypoint"),
201
			ServiceAccount:       true,
202
			ServiceWaypointProxy: "waypoint",
203
			Subsets: []echo.SubsetConfig{
204
				{
205
					Replicas: 1,
206
					Version:  "v1",
207
					Labels: map[string]string{
208
						"app":     ServiceAddressedWaypoint,
209
						"version": "v1",
210
					},
211
					Annotations: map[echo.Annotation]*echo.AnnotationValue{
212
						echo.AmbientUseWaypoint: {
213
							Value: "waypoint",
214
						},
215
					},
216
				},
217
				{
218
					Replicas: 1,
219
					Version:  "v2",
220
					Labels: map[string]string{
221
						"app":     ServiceAddressedWaypoint,
222
						"version": "v2",
223
					},
224
					Annotations: map[echo.Annotation]*echo.AnnotationValue{
225
						echo.AmbientUseWaypoint: {
226
							Value: "waypoint",
227
						},
228
					},
229
				},
230
			},
231
		}).
232
		WithConfig(echo.Config{
233
			Service:        Captured,
234
			Namespace:      apps.Namespace,
235
			Ports:          ports.All(),
236
			ServiceAccount: true,
237
			Subsets: []echo.SubsetConfig{
238
				{
239
					Replicas: 1,
240
					Version:  "v1",
241
				},
242
				{
243
					Replicas: 1,
244
					Version:  "v2",
245
				},
246
			},
247
		}).
248
		WithConfig(echo.Config{
249
			Service:        Uncaptured,
250
			Namespace:      apps.Namespace,
251
			Ports:          ports.All(),
252
			ServiceAccount: true,
253
			Subsets: []echo.SubsetConfig{
254
				{
255
					Replicas:    1,
256
					Version:     "v1",
257
					Annotations: echo.NewAnnotations().Set(echo.AmbientType, constants.AmbientRedirectionDisabled),
258
				},
259
				{
260
					Replicas:    1,
261
					Version:     "v2",
262
					Annotations: echo.NewAnnotations().Set(echo.AmbientType, constants.AmbientRedirectionDisabled),
263
				},
264
			},
265
		})
266

267
	_, whErr := t.Clusters().Default().
268
		Kube().AdmissionregistrationV1().MutatingWebhookConfigurations().
269
		Get(context.Background(), "istio-sidecar-injector", metav1.GetOptions{})
270
	if whErr != nil && !kerrors.IsNotFound(whErr) {
271
		return whErr
272
	}
273
	// Only setup sidecar tests if webhook is installed
274
	if whErr == nil {
275
		// TODO(https://github.com/istio/istio/issues/43244) support sidecars that are captured
276
		//builder = builder.WithConfig(echo.Config{
277
		//	Service:   SidecarWaypoint,
278
		//	Namespace: apps.Namespace,
279
		//	Ports:     ports.All(),
280
		//	Subsets: []echo.SubsetConfig{
281
		//		{
282
		//			Replicas: 1,
283
		//			Version:  "v1",
284
		//			Labels: map[string]string{
285
		//				"ambient-type":            "workload",
286
		//				"sidecar.istio.io/inject": "true",
287
		//			},
288
		//		},
289
		//		{
290
		//			Replicas: 1,
291
		//			Version:  "v2",
292
		//			Labels: map[string]string{
293
		//				"ambient-type":            "workload",
294
		//				"sidecar.istio.io/inject": "true",
295
		//			},
296
		//		},
297
		//	},
298
		//})
299
		//	builder = builder.WithConfig(echo.Config{
300
		//		Service:   SidecarCaptured,
301
		//		Namespace: apps.Namespace,
302
		//		Ports:     ports.All(),
303
		//		Subsets: []echo.SubsetConfig{
304
		//			{
305
		//				Replicas: 1,
306
		//				Version:  "v1",
307
		//				Labels: map[string]string{
308
		//					"ambient-type":            "workload",
309
		//					"sidecar.istio.io/inject": "true",
310
		//				},
311
		//			},
312
		//			{
313
		//				Replicas: 1,
314
		//				Version:  "v2",
315
		//				Labels: map[string]string{
316
		//					"ambient-type":            "workload",
317
		//					"sidecar.istio.io/inject": "true",
318
		//				},
319
		//			},
320
		//		},
321
		//	})
322
		builder = builder.WithConfig(echo.Config{
323
			Service:        SidecarUncaptured,
324
			Namespace:      apps.Namespace,
325
			Ports:          ports.All(),
326
			ServiceAccount: true,
327
			Subsets: []echo.SubsetConfig{
328
				{
329
					Replicas:    1,
330
					Version:     "v1",
331
					Annotations: echo.NewAnnotations().Set(echo.AmbientType, constants.AmbientRedirectionDisabled),
332
					Labels: map[string]string{
333
						"sidecar.istio.io/inject": "true",
334
					},
335
				},
336
				{
337
					Replicas:    1,
338
					Version:     "v2",
339
					Annotations: echo.NewAnnotations().Set(echo.AmbientType, constants.AmbientRedirectionDisabled),
340
					Labels: map[string]string{
341
						"sidecar.istio.io/inject": "true",
342
					},
343
				},
344
			},
345
		})
346
	}
347

348
	echos, err := builder.Build()
349
	if err != nil {
350
		return err
351
	}
352
	for _, b := range echos {
353
		scopes.Framework.Infof("built %v", b.Config().Service)
354
	}
355
	apps.All = echos
356
	apps.WorkloadAddressedWaypoint = match.ServiceName(echo.NamespacedName{Name: WorkloadAddressedWaypoint, Namespace: apps.Namespace}).GetMatches(echos)
357
	apps.ServiceAddressedWaypoint = match.ServiceName(echo.NamespacedName{Name: ServiceAddressedWaypoint, Namespace: apps.Namespace}).GetMatches(echos)
358
	apps.AllWaypoint = apps.AllWaypoint.Append(apps.WorkloadAddressedWaypoint)
359
	apps.AllWaypoint = apps.AllWaypoint.Append(apps.ServiceAddressedWaypoint)
360
	apps.Uncaptured = match.ServiceName(echo.NamespacedName{Name: Uncaptured, Namespace: apps.Namespace}).GetMatches(echos)
361
	apps.Captured = match.ServiceName(echo.NamespacedName{Name: Captured, Namespace: apps.Namespace}).GetMatches(echos)
362
	apps.SidecarWaypoint = match.ServiceName(echo.NamespacedName{Name: SidecarWaypoint, Namespace: apps.Namespace}).GetMatches(echos)
363
	apps.SidecarUncaptured = match.ServiceName(echo.NamespacedName{Name: SidecarUncaptured, Namespace: apps.Namespace}).GetMatches(echos)
364
	apps.SidecarCaptured = match.ServiceName(echo.NamespacedName{Name: SidecarCaptured, Namespace: apps.Namespace}).GetMatches(echos)
365
	apps.Mesh = inMesh.GetMatches(echos)
366
	apps.MeshExternal = match.Not(inMesh).GetMatches(echos)
367

368
	if apps.WaypointProxies == nil {
369
		apps.WaypointProxies = make(map[string]ambient.WaypointProxy)
370
	}
371

372
	for _, echo := range echos {
373
		svcwp := echo.Config().ServiceWaypointProxy
374
		wlwp := echo.Config().WorkloadWaypointProxy
375
		if svcwp != "" {
376
			if _, found := apps.WaypointProxies[svcwp]; !found {
377
				apps.WaypointProxies[svcwp], err = ambient.NewWaypointProxy(t, apps.Namespace, svcwp)
378
				if err != nil {
379
					return err
380
				}
381
			}
382
		}
383
		if wlwp != "" {
384
			if _, found := apps.WaypointProxies[wlwp]; !found {
385
				apps.WaypointProxies[wlwp], err = ambient.NewWaypointProxy(t, apps.Namespace, wlwp)
386
				if err != nil {
387
					return err
388
				}
389
			}
390
		}
391

392
	}
393

394
	return nil
395
}
396
istio

Использование cookies
