kuma
509 строк · 21.6 Кб
1package gateway
2
3import (
4"fmt"
5"io"
6"net"
7
8"github.com/gruntwork-io/terratest/modules/k8s"
9. "github.com/onsi/ginkgo/v2"
10. "github.com/onsi/gomega"
11
12. "github.com/kumahq/kuma/test/framework"
13client "github.com/kumahq/kuma/test/framework/client"
14"github.com/kumahq/kuma/test/framework/deployments/testserver"
15"github.com/kumahq/kuma/test/framework/envs/kubernetes"
16)
17
18func GatewayAPI() {
19if Config.IPV6 {
20fmt.Println("IPv6 tests use kind which doesn't support the LoadBalancer ServiceType")
21return
22}
23
24meshName := "gatewayapi"
25namespace := "gatewayapi"
26externalServicesNamespace := "gatewayapi-external-services"
27
28externalService := fmt.Sprintf(`
29apiVersion: kuma.io/v1alpha1
30kind: ExternalService
31mesh: %s
32metadata:
33name: external-service
34spec:
35tags:
36kuma.io/service: external-service
37kuma.io/protocol: http
38networking:
39address: external-service.gatewayapi-external-services.svc.cluster.local:80
40`, meshName)
41
42BeforeAll(func() {
43setup := NewClusterSetup().
44Install(NamespaceWithSidecarInjection(namespace)).
45Install(Namespace(externalServicesNamespace)).
46Install(MTLSMeshKubernetes(meshName)).
47Install(MeshTrafficPermissionAllowAllKubernetes(meshName)).
48Install(testserver.Install(
49testserver.WithName("test-server-1"),
50testserver.WithMesh(meshName),
51testserver.WithNamespace(namespace),
52testserver.WithEchoArgs("echo", "--instance", "test-server-1"),
53)).
54Install(testserver.Install(
55testserver.WithName("test-server-2"),
56testserver.WithMesh(meshName),
57testserver.WithNamespace(namespace),
58testserver.WithEchoArgs("echo", "--instance", "test-server-2"),
59)).
60Install(testserver.Install(
61testserver.WithName("external-service"),
62testserver.WithNamespace(externalServicesNamespace),
63testserver.WithEchoArgs("echo", "--instance", "external-service"),
64)).
65Install(YamlK8s(externalService))
66Expect(setup.Setup(kubernetes.Cluster)).To(Succeed())
67})
68
69E2EAfterAll(func() {
70Expect(kubernetes.Cluster.TriggerDeleteNamespace(namespace)).To(Succeed())
71Expect(kubernetes.Cluster.TriggerDeleteNamespace(externalServicesNamespace)).To(Succeed())
72Expect(kubernetes.Cluster.DeleteMesh(meshName)).To(Succeed())
73})
74
75GatewayIP := func(name string) string {
76var ip string
77Eventually(func(g Gomega) {
78out, err := k8s.RunKubectlAndGetOutputE(
79kubernetes.Cluster.GetTesting(),
80kubernetes.Cluster.GetKubectlOptions(namespace),
81"get", "gateway", name, "-ojsonpath={.status.addresses[0].value}",
82)
83g.Expect(err).ToNot(HaveOccurred())
84g.Expect(out).ToNot(BeEmpty())
85ip = out
86}, "120s", "1s").Should(Succeed(), "could not get a LoadBalancer IP of the Gateway")
87return ip
88}
89
90Describe("GatewayClass parametersRef", Ordered, func() {
91gatewayName := "kuma-ha"
92haGatewayClass := `
93apiVersion: gateway.networking.k8s.io/v1beta1
94kind: GatewayClass
95metadata:
96name: ha-kuma
97spec:
98controllerName: gateways.kuma.io/controller
99parametersRef:
100kind: MeshGatewayConfig
101group: kuma.io
102name: ha-config`
103
104haConfig := `
105apiVersion: kuma.io/v1alpha1
106kind: MeshGatewayConfig
107metadata:
108name: ha-config
109spec:
110replicas: 3`
111
112haGateway := fmt.Sprintf(`
113apiVersion: gateway.networking.k8s.io/v1beta1
114kind: Gateway
115metadata:
116name: %s
117namespace: %s
118annotations:
119kuma.io/mesh: %s
120spec:
121gatewayClassName: ha-kuma
122listeners:
123- name: proxy
124port: 10080
125protocol: HTTP
126`, gatewayName, namespace, meshName)
127
128BeforeAll(func() {
129Expect(YamlK8s(haConfig)(kubernetes.Cluster)).To(Succeed())
130Expect(YamlK8s(haGatewayClass)(kubernetes.Cluster)).To(Succeed())
131Expect(YamlK8s(haGateway)(kubernetes.Cluster)).To(Succeed())
132Expect(WaitPodsAvailable(namespace, gatewayName)(kubernetes.Cluster)).To(Succeed())
133})
134E2EAfterAll(func() {
135Expect(k8s.RunKubectlE(kubernetes.Cluster.GetTesting(), kubernetes.Cluster.GetKubectlOptions(namespace), "delete", "gateway", gatewayName)).To(Succeed())
136Expect(k8s.RunKubectlE(kubernetes.Cluster.GetTesting(), kubernetes.Cluster.GetKubectlOptions(namespace), "delete", "gatewayclass", "ha-kuma")).To(Succeed())
137Expect(k8s.RunKubectlE(kubernetes.Cluster.GetTesting(), kubernetes.Cluster.GetKubectlOptions(namespace), "delete", "meshgatewayconfig", "ha-config")).To(Succeed())
138})
139
140It("should create the right number of pods", func() {
141Expect(kubernetes.Cluster.WaitApp(gatewayName, namespace, 3)).To(Succeed())
142})
143
144It("should create the right number of pods after updating MeshGatewayConfig", func() {
145newHaConfig := `
146apiVersion: kuma.io/v1alpha1
147kind: MeshGatewayConfig
148metadata:
149name: ha-config
150spec:
151replicas: 4`
152Expect(YamlK8s(newHaConfig)(kubernetes.Cluster)).To(Succeed())
153
154Expect(kubernetes.Cluster.WaitApp(gatewayName, namespace, 4)).To(Succeed())
155})
156})
157
158Context("HTTP Gateway", Ordered, func() {
159const gatewayName = "kuma-http"
160
161gateway := fmt.Sprintf(`
162apiVersion: gateway.networking.k8s.io/v1beta1
163kind: Gateway
164metadata:
165name: %s
166namespace: %s
167annotations:
168kuma.io/mesh: %s
169spec:
170gatewayClassName: kuma
171listeners:
172- name: proxy
173port: 10080
174protocol: HTTP
175`, gatewayName, namespace, meshName)
176
177var address string
178
179BeforeAll(func() {
180Expect(YamlK8s(gateway)(kubernetes.Cluster)).To(Succeed())
181address = net.JoinHostPort(GatewayIP(gatewayName), "10080")
182Expect(WaitPodsAvailable(namespace, gatewayName)(kubernetes.Cluster)).To(Succeed())
183})
184E2EAfterAll(func() {
185Expect(k8s.RunKubectlE(kubernetes.Cluster.GetTesting(), kubernetes.Cluster.GetKubectlOptions(namespace), "delete", "gateway", gatewayName)).To(Succeed())
186})
187
188It("should send default static payload for no route", func() {
189Eventually(func(g Gomega) {
190resp, err := client.MakeDirectRequest("http://" + address)
191
192g.Expect(err).ToNot(HaveOccurred())
193g.Expect(resp.StatusCode).To(Equal(404))
194
195defer resp.Body.Close()
196body, err := io.ReadAll(resp.Body)
197g.Expect(err).ToNot(HaveOccurred())
198g.Expect(body).ToNot(BeEmpty())
199}, "30s", "1s").Should(Succeed())
200})
201
202It("should route the traffic to test-server by path", func() {
203// given
204route := fmt.Sprintf(`
205apiVersion: gateway.networking.k8s.io/v1beta1
206kind: HTTPRoute
207metadata:
208name: test-server-paths
209namespace: %s
210annotations:
211kuma.io/mesh: %s
212spec:
213parentRefs:
214- name: %s
215rules:
216- backendRefs:
217- name: test-server-1
218port: 80
219matches:
220- path:
221type: PathPrefix
222value: /1
223- backendRefs:
224- name: test-server-2
225port: 80
226matches:
227- path:
228type: PathPrefix
229value: /2
230`, namespace, meshName, gatewayName)
231
232// when
233err := YamlK8s(route)(kubernetes.Cluster)
234
235// then
236Expect(err).ToNot(HaveOccurred())
237
238Eventually(func(g Gomega) {
239resp, err := client.CollectResponseDirectly("http://" + address + "/1")
240g.Expect(err).ToNot(HaveOccurred())
241g.Expect(resp.Instance).To(Equal("test-server-1"))
242}, "30s", "1s").Should(Succeed())
243
244Eventually(func(g Gomega) {
245resp, err := client.CollectResponseDirectly("http://" + address + "/2")
246g.Expect(err).ToNot(HaveOccurred())
247g.Expect(resp.Instance).To(Equal("test-server-2"))
248}, "30s", "1s").Should(Succeed())
249
250Expect(k8s.KubectlDeleteFromStringE(
251kubernetes.Cluster.GetTesting(),
252kubernetes.Cluster.GetKubectlOptions(namespace),
253route,
254)).To(Succeed())
255})
256
257It("should route the traffic to test-server by header", func() {
258// given
259routes := fmt.Sprintf(`
260apiVersion: gateway.networking.k8s.io/v1beta1
261kind: HTTPRoute
262metadata:
263name: test-server-1
264namespace: %s
265annotations:
266kuma.io/mesh: %s
267spec:
268parentRefs:
269- name: %s
270hostnames:
271- "test-server-1.com"
272rules:
273- backendRefs:
274- name: test-server-1
275port: 80
276---
277apiVersion: gateway.networking.k8s.io/v1beta1
278kind: HTTPRoute
279metadata:
280name: test-server-2
281namespace: %s
282annotations:
283kuma.io/mesh: %s
284spec:
285parentRefs:
286- name: %s
287hostnames:
288- "test-server-2.com"
289rules:
290- backendRefs:
291- name: test-server-2
292port: 80
293`, namespace, meshName, gatewayName, namespace, meshName, gatewayName)
294
295// when
296err := YamlK8s(routes)(kubernetes.Cluster)
297
298// then
299Expect(err).ToNot(HaveOccurred())
300
301Eventually(func(g Gomega) {
302resp, err := client.CollectResponseDirectly("http://"+address, client.WithHeader("host", "test-server-1.com"))
303g.Expect(err).ToNot(HaveOccurred())
304g.Expect(resp.Instance).To(Equal("test-server-1"))
305}, "30s", "1s").Should(Succeed())
306
307Eventually(func(g Gomega) {
308resp, err := client.CollectResponseDirectly("http://"+address, client.WithHeader("host", "test-server-2.com"))
309g.Expect(err).ToNot(HaveOccurred())
310g.Expect(resp.Instance).To(Equal("test-server-2"))
311}, "30s", "1s").Should(Succeed())
312
313Expect(k8s.KubectlDeleteFromStringE(
314kubernetes.Cluster.GetTesting(),
315kubernetes.Cluster.GetKubectlOptions(namespace),
316routes,
317)).To(Succeed())
318})
319
320It("should route to external service", func() {
321// given
322routes := fmt.Sprintf(`
323apiVersion: gateway.networking.k8s.io/v1beta1
324kind: HTTPRoute
325metadata:
326name: external-service
327namespace: %s
328annotations:
329kuma.io/mesh: %s
330spec:
331parentRefs:
332- name: %s
333hostnames:
334- "external-service.com"
335rules:
336- backendRefs:
337- group: kuma.io
338kind: ExternalService
339name: external-service
340`, namespace, meshName, gatewayName)
341
342// when
343err := YamlK8s(routes)(kubernetes.Cluster)
344
345// then
346Expect(err).ToNot(HaveOccurred())
347
348Eventually(func(g Gomega) {
349resp, err := client.CollectResponseDirectly("http://"+address, client.WithHeader("host", "external-service.com"))
350g.Expect(err).ToNot(HaveOccurred())
351g.Expect(resp.Instance).To(Equal("external-service"))
352}, "30s", "1s").Should(Succeed())
353
354Expect(k8s.KubectlDeleteFromStringE(
355kubernetes.Cluster.GetTesting(),
356kubernetes.Cluster.GetKubectlOptions(namespace),
357routes,
358)).To(Succeed())
359})
360})
361
362Context("HTTPS Gateway", Ordered, func() {
363const gatewayName = "kuma-https"
364secret := fmt.Sprintf(`
365apiVersion: v1
366kind: Secret
367metadata:
368name: secret-tls
369namespace: %s
370type: kubernetes.io/tls
371data:
372tls.crt: >-
373LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVPekNDQXlPZ0F3SUJBZ0lSQU5RUisvcTNEWk5jLy80ckdXKzR5am93RFFZSktvWklodmNOQVFFTEJRQXcKSFRFYk1Ca0dBMVVFQXhNU2EzVnRZUzFqYjI1MGNtOXNMWEJzWVc1bE1CNFhEVEl5TURFeU5ERXdNekExTmxvWApEVE15TURFeU1qRXdNekExTmxvd0hURWJNQmtHQTFVRUF4TVNhM1Z0WVMxamIyNTBjbTlzTFhCc1lXNWxNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0M0E2bzRvT3A3MnZMV1ZmTVM1WWFHRzAKdFFHY0FRVEFvR3diY2VheUFaN2xQbElNZVFPNXdNYlpFUGw3TUMvZWJxQ3NNWjB0THJoQ0tOUHh2QUt5WG05OAoyK2lRVlk5bkNZemlQZGZmZEY1aVk2SDhQL0FxNDVSbDVIYmpmcFNIZ3JRYlRXUUZCbUNsNkJrV3BPTEYwcThOCkozV0RpVHMvdnlkSWF6Q0tOTjRsTlIxVEFSODdXL0c3MHRxVnd2R1FEN1Y0VXFFUDRia05nQVVmNW5iSmtZTSsKeVROSG9remRaUFhyaHlmMkhqYXlzekRQZWhEMThlMkNaeDJhWEMxMVFRSnFHQmp6QWsvU2FOVUpya1poc0lpYgo5SGZZQ3BQMHprTmNYWms0MnJPMVdMOVRaNDZQUjNNVVNYa1A4Q1lkcUxrV1pGc0kwUFZGNk5ZdHA1cEJUUUlECkFRQUJvNElCZERDQ0FYQXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUIKTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkdJRDAvUVRpclJUTEtwVmpZc09SVjhjaEZZMQpNSUlCRndZRFZSMFJCSUlCRGpDQ0FRcUNCMkZ1ZEMxa1pYYUNDV3h2WTJGc2FHOXpkSWNFWkVQbEFZY0Vmd0FBCkFZY0VyQkVBQVljRXJCSUFBWWNFd0tnQk00Y1FBQUFBQUFBQUFBQUFBQUFBQUFBQUFZY1EvUUQ5RWpSV0FBQUEKQUFBQUFBQUFBWWNRL1hvUlhLSGdxeEpJUTgyV1lrUGxBWWNRL29BQUFBQUFBQUFBQUFBQUFBQUFBWWNRL29BQQpBQUFBQUFBZ1B6Yi8vdXhJWFljUS9vQUFBQUFBQUFBQVFnai8vdVVIMlljUS9vQUFBQUFBQUFBQVFwMy8vamdCCnA0Y1Evb0FBQUFBQUFBQlFWQUQvL3U4NUVvY1Evb0FBQUFBQUFBQlVtSUQvL254dHZZY1Evb0FBQUFBQUFBQmcKRlhYLy9yZ1V0SWNRL29BQUFBQUFBQURJLzMvLy9tZkJ1WWNRL29BQUFBQUFBQUQyeTI0dWlNY0huVEFOQmdrcQpoa2lHOXcwQkFRc0ZBQU9DQVFFQUxkTVBnaE1sRGdSQW04UHJwL0FxdERGWTRLN3p4Qmhzc2dTNWNnUWtKdnU3CitJVmszQ2o2aXdObUFhdDZCdFJYUmREODUxdlJxRDBzNk90QXBUZXlyaVcrZlgwcWN1UVc1NXVQbTZFM0JEZGcKNU9qZXRhYU9heXppUmRzeTdOU0N2bWtrWURRUVQvTTF6WDBXdlBXTkR0SDhpd2c1aEpoOHFrK3A0Q2M3blAvSAowSlBpaVQ1TEs1bE1aOGZTRHowUHBGeTF0MUd3N3RzTkhBdHN6NkZGaDJOZ1FtdkxpNFJpa1J4SGViRWlZdzlECjhtSzQ3WSsxVnErWFQ3eHd1aTZ0YzBCQXRRSnZVSUQremMvazg5QU55YmpFSFNvMG01d2RyTmpiRzBBb0xxbVAKbHM5UHY0cDNIbjJRMlRaVW5xd250Nk12cm1zYlVpSFhGYXFsOE9FclpBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
374tls.key: >-
375LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdDNBNm80b09wNzJ2TFdWZk1TNVlhR0cwdFFHY0FRVEFvR3diY2VheUFaN2xQbElNCmVRTzV3TWJaRVBsN01DL2VicUNzTVowdExyaENLTlB4dkFLeVhtOTgyK2lRVlk5bkNZemlQZGZmZEY1aVk2SDgKUC9BcTQ1Umw1SGJqZnBTSGdyUWJUV1FGQm1DbDZCa1dwT0xGMHE4TkozV0RpVHMvdnlkSWF6Q0tOTjRsTlIxVApBUjg3Vy9HNzB0cVZ3dkdRRDdWNFVxRVA0YmtOZ0FVZjVuYkprWU0reVROSG9remRaUFhyaHlmMkhqYXlzekRQCmVoRDE4ZTJDWngyYVhDMTFRUUpxR0JqekFrL1NhTlVKcmtaaHNJaWI5SGZZQ3BQMHprTmNYWms0MnJPMVdMOVQKWjQ2UFIzTVVTWGtQOENZZHFMa1daRnNJMFBWRjZOWXRwNXBCVFFJREFRQUJBb0lCQUhyRHJUck5wa2swZFF4WQpqNENHbDd3ang2QnIxMUFITWpNcXBxTnYxU21vZ1p0WHBlbEhTUVZ2RHM2QmFLUXpKUlc4aWdFYVE2YkV3ZUk1CkZjclJzelhvUHhPZGJSc1Z3Y3R1Y2VzWmtmNTdQRFdacnd2TFc2aTdKQVhtV3hIWHJXa1h5RDNlOWszeVdKWWcKVkRzOVdVOUt2KzdzZ245Ukc3UitRY1VhMHlQVmM5MFN1RU0vengxVG9ZR09QL3ZJUjNwVlkwVW9jNHFWMWt6ZwpKUUJvVWxBcGZJU0w2TWpEWE5Eekk1QjRkNWpyMWVWTmJZNEdxbnlSNDlOMXRnRjRjdFFYSzNvYUJTY1BSaHl2Ci8rRXJOVDZiNDFUeUsyVFRYQkNMdDM0Ynl0REtxc3kxVXIvdE1lOWE5NnVxU1ZIUkFjbzU3YjZ3MGhZV0pvUlAKVjRFVDlnRUNnWUVBd01MSDR4ZUN1QjBraE9ERTJsbU9ZekJDQ1Rpd3p0bkltVlRXN0hnS1B2V0FTR1pVRS91dgpHQWZackVId0o0NERvT2pnTkgyN09qL2ZxZTNIeDZ0VXNBTlJ3THF2dkhCcldLdWZRS090THFHTzN6MUlCWGtWCmFtV1QyazJJMTVmakVVbnVCcGZkc1ROUEdFNHFWeU53V2szdUpNNytsQlFQYkRqYWsvaFNLQzBDZ1lFQTg1NTkKditsSXV0UHpIUmYwaGcxSUtzZWJ5cWRJYm41RytQOVNEUXV1aHc3UFhKQnhXS2JsUmd6MTFwdW1BUi96U3RnQQpDcUpncUJhbmQzV1JRWVliZnBiN0VpK0FoSkRpMVp3ZGRGVGsybUE5YUtsVlVOdXl5VHg5cjNCTjlzV1lxRGVnCm4rdGJmL3lyNnBLaHBRd25VMFVtMW5OYVdhbG0xczBuM2dyVUVhRUNnWUFocW1NcXdGSnVRWGk5VkZ4TkhsTUYKODhtMHZwZnlxSXFtYlBEVWYrcWFNRnBsU3Fub2k0NTdEZlB3Wjl1L3JNZnBkSUtqNkVtbzFMc0ZmS2Zsc1lDcQo5UWwwTmFhM3JKS3krOVptZmEramMwZjJxVWRJM1dybUdET0lidjQxV1N1cE8xWTlCSTBOZzc2T3FpZ3U2OXVWCmlnTExudk5MZlcxc0kwblppZ2NmU1FLQmdCQmY1Y25oYno4SGdmN0JubkRvTWFLV2VoVTcrelZhRFlFdEFDSGEKV0NmQnloUkpyU1N0U3huVFF5N2lsVnpiL2VsWTdWL0puRCtRRGorTVNuQWlDSFVReHQxcERmVmJHN1FKNHp6dgplOVpsdzVybVR0SzVnYUhmQy8rZng4Mi9hRXhlT05DbTdDYUZJRFVMR0F4VTdjdStDU2MrNTZMQkxTVmc4cjRNCjhrWWhBb0dCQUtMaDVnblYxaEhYcWNZckZpWjVpWVY5L3BJUXFMdkI4VXNHVUljRm1Vb3hnZ0JKcXpRUUExaDAKQXE5cW4rTStBUlNNRUk0WFVmUjhqQnVTNk1sWmh6czRyeXRUckt0dWdmSFpLNEdGQjFuYzNPSlR5QmpTWUFmZAp5a2t4UUtrcWd4aERDZUFveG1qVkRUUDhLRGgzZ2hySUFBWWozSDFzS0Q0K1dmRXZyRHByCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
376`, namespace)
377
378gateway := fmt.Sprintf(`
379apiVersion: gateway.networking.k8s.io/v1beta1
380kind: Gateway
381metadata:
382name: %s
383namespace: %s
384annotations:
385kuma.io/mesh: %s
386spec:
387gatewayClassName: kuma
388listeners:
389- name: proxy
390port: 8090
391hostname: 'test-server-1.com'
392protocol: HTTPS
393tls:
394certificateRefs:
395- name: secret-tls
396- name: proxy-wildcard
397port: 8091
398protocol: HTTPS
399tls:
400certificateRefs:
401- name: secret-tls
402`, gatewayName, namespace, meshName)
403
404var ip string
405
406BeforeAll(func() {
407Expect(YamlK8s(secret)(kubernetes.Cluster)).To(Succeed())
408Expect(YamlK8s(gateway)(kubernetes.Cluster)).To(Succeed())
409ip = GatewayIP(gatewayName)
410Expect(WaitPodsAvailable(namespace, gatewayName)(kubernetes.Cluster)).To(Succeed())
411})
412E2EAfterAll(func() {
413Expect(k8s.RunKubectlE(kubernetes.Cluster.GetTesting(), kubernetes.Cluster.GetKubectlOptions(namespace), "delete", "gateway", gatewayName)).To(Succeed())
414})
415
416It("should route the traffic using TLS", func() {
417// given
418route := fmt.Sprintf(`
419apiVersion: gateway.networking.k8s.io/v1beta1
420kind: HTTPRoute
421metadata:
422name: test-server-paths
423namespace: %s
424annotations:
425kuma.io/mesh: %s
426spec:
427parentRefs:
428- name: %s
429rules:
430- backendRefs:
431- name: test-server-1
432port: 80
433matches:
434- path:
435type: PathPrefix
436value: /
437`, namespace, meshName, gatewayName)
438
439// when
440err := YamlK8s(route)(kubernetes.Cluster)
441
442// then
443Expect(err).ToNot(HaveOccurred())
444
445Eventually(func(g Gomega) {
446resp, err := client.CollectResponseDirectly("https://"+net.JoinHostPort(ip, "8090"), client.WithHeader("host", "test-server-1.com"))
447g.Expect(err).ToNot(HaveOccurred())
448g.Expect(resp.Instance).To(Equal("test-server-1"))
449}, "30s", "1s").Should(Succeed())
450
451Eventually(func(g Gomega) {
452resp, err := client.CollectResponseDirectly("https://" + net.JoinHostPort(ip, "8091"))
453g.Expect(err).ToNot(HaveOccurred())
454g.Expect(resp.Instance).To(Equal("test-server-1"))
455}, "30s", "1s").Should(Succeed())
456
457Expect(k8s.KubectlDeleteFromStringE(
458kubernetes.Cluster.GetTesting(),
459kubernetes.Cluster.GetKubectlOptions(namespace),
460route,
461)).To(Succeed())
462})
463
464It("should manage Kuma Secret", func() {
465// given converted Kuma secret
466convertedSecretName := fmt.Sprintf("gapi-%s-secret-tls", namespace)
467var kumaSecret string
468Eventually(func(g Gomega) {
469out, err := kubernetes.Cluster.GetKumactlOptions().RunKumactlAndGetOutput("get", "secret", "-m", meshName, convertedSecretName, "-o", "json")
470g.Expect(err).ToNot(HaveOccurred())
471kumaSecret = out
472}, "30s", "1s").Should(Succeed())
473
474// when original secret is changed
475secret = fmt.Sprintf(`
476apiVersion: v1
477kind: Secret
478metadata:
479name: secret-tls
480namespace: %s
481type: kubernetes.io/tls
482data:
483tls.crt: >-
484LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLRENDQWhDZ0F3SUJBZ0lRZUxvNDFxKzJMcWpNWjNubnZSMWd2akFOQmdrcWhraUc5dzBCQVFzRkFEQVhNUlV3RXdZRFZRUURFd3gwWlhOMExtdDFiV0V1YVc4d0hoY05Nakl3TXpJME1UTTFNRE0xV2hjTk16SXdNekl4TVRNMU1ETTFXakFYTVJVd0V3WURWUVFERXd4MFpYTjBMbXQxYldFdWFXOHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDbW41aVNPV0h6Y1YrWEtxQ1Z4QTRoaUhBd2UrbnZNWkxxbmcwWkZxY1FiNkVZTWw3bXMzQU5VaXlRUVNURVZyWkdYTXJDZWY0N0VYdWZ1NlVFeGsyNkcrK2FTcjFpKzZlZE5ELzAyZklQL1JwYmZDMXlqdnhjRGJ6eWE4SUlING5DUE5LNElPVmpBZmtVRVpmSk1aVGRORUZ5MUN0S3Nod2hRY3BPd3d6em5uNmhRM284U3d3SFhlSGxlNGFCdnMvTnlpT1FTbFNXTzVxcUszdHRHSWxaRmMvbGJJWVU0N2Rqd2tMVFBNVFpXTW9BdjZvSEhVdzdvSkRDR2lGaGpzQjA3UFRMaS9udTUrekhKaG1jWUJTSC9CUkprMHpXMTlLS09odVhlQ2lLRCtJV0U5ZEN1bjZWSmpUb3B6WllNZzdBYnYwMmdkRStjYkVCejRZcTZyR0hBZ01CQUFHamNEQnVNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlIzb1loRDMxK0c1TUFEdVlUR2tXbzlXczJJNERBWEJnTlZIUkVFRURBT2dneDBaWE4wTG10MWJXRXVhVzh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUNhTUZZTWR5REt0WlhLN1hJRVJ2cmpxVlQ4VXlqTVp5RHFwVzNUeW9rSVliMGNmOHNuaEVHQUZlelhiNmZUTnd4TThEaUtFWEZnK0RMSnNJWEwzcTYyK3BWNjdOTjI1R0c1eklGSit4bG9YU1NWbXRMWEhvUVpJSGNLaUJnenVWaFo3d3NMdmo1UjYyTll4d2RpS2piZ0VSblRlaldpQzRlRUJsM0hHSk51NTV6RjI1cFRZdXZocGhwSnZmYUhzdWh2bndIWE1WbXhDWGErZFF3czV3T3dqalNIYkFMOER3Rk9pd0JBTXMrNEI2QXZQNzBYN0NkdURXV0tmUzdmVE1VN3lvNGtOT1JGRDc5TXBzWEN2QVlQenJwYjY4cDdJdjlXQTlSU0dLSXhrdjFuaFNnbjhtVWZvaHBQVVU1L2RuMzdxQnFZTUtTbG9uVlZWYUNUOWU0Yz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
485tls.key: >-
486LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcHArWWtqbGg4M0ZmbHlxZ2xjUU9JWWh3TUh2cDd6R1M2cDROR1JhbkVHK2hHREplCjVyTndEVklza0VFa3hGYTJSbHpLd25uK094RjduN3VsQk1aTnVodnZta3E5WXZ1bm5UUS85Tm55RC8wYVczd3QKY283OFhBMjg4bXZDQ0IrSndqelN1Q0RsWXdINUZCR1h5VEdVM1RSQmN0UXJTckljSVVIS1RzTU04NTUrb1VONgpQRXNNQjEzaDVYdUdnYjdQemNvamtFcFVsanVhcWl0N2JSaUpXUlhQNVd5R0ZPTzNZOEpDMHp6RTJWaktBTCtxCkJ4MU1PNkNRd2hvaFlZN0FkT3oweTR2NTd1ZnN4eVlabkdBVWgvd1VTWk5NMXRmU2lqb2JsM2dvaWcvaUZoUFgKUXJwK2xTWTA2S2MyV0RJT3dHNzlOb0hSUG5HeEFjK0dLdXF4aHdJREFRQUJBb0lCQUdNbHNtN0lNRzNndDRYRworcmxEYVRrdzY3a2Q4dXkrN2ZJbnpCbHlya1NNZUNwaXhxKzJkR1dvMFJXaGZkUksyTGx6dTc4UFFtVTVtUHRLCmQvNG9WZFg1aTVDZkNxU2NwSGRad1BqY3V6b2lYSTIxallHT2JjSUU5cnExdmthQkpjTHIyR055UjZ5clh1QS8KTzdlZmhqbytQdmVxSW55WEVVQUUydklWQkY3dHFoYVpIalA3S1dZa0U1cjRlSGMrM0NSbVB5VWFSTDhsdXpRNwowc1hLZEJUMmZ5WnRTc0NadXM3aEt3dHN3K3V6dFY5QjN0VjA0V3BONDhKMkMzQjFoanNjU2xWeS9UNHo5Z1ZBCkJWU21aMENnVUY2VmU2QW1zNmJDaVcxR3ZWOUVuTnBSUkpXb1BQNDRleldyU1ZYUkxFcThkVmtySWlISUkrQW0KeUVwT2JkRUNnWUVBemFuRDRFOTZZb3E1bys0UDlYbERTdTZld3JEZDloc3pmYWZTcXovcGx6SW1zQi8veEFLNQo4VE40T2trR0dPRC82cDBLR3EzdU9XN2Z5c1ArZDZBbWZLNXhZcENvUnA4ZXNYNUNSSmxKS1pBY09YWHFGaHFwCklYUEdQcDRFQ0tYRGJCTitnQTZSZm9zVzdaYTI3b0hHdDNqYitwSXFaeDRCMENDSC84VDR3ejhDZ1lFQXoyZTQKRS9EV09FUGVJeElyb3pTeFo4VG00dU9hTFlucEY5NkxHc2Q3cGNveTJiVW5vMTUxMy84bGplaTlGRytxKzNRUwp2TVgzeGlaMmc1OURqby9FRmdDeHVFRURHZGw5a1FLemJ4bEVPamRNUnAvNDVNV1VySm5lUklhWklBRGExVmt0CkludmZndnl3NXlra2t3SWFlalhnc2dFNGp4WUVaNm1nZkZQWko3a0NnWUVBakMrcjFMcFlNZE5kdHVBUEFNUW4KbW13TXk2akRvMzNuR3ovSjJmRTJ5RmpuQmliSnNGSXJiTDRvdFpJUkZlUklqU04rUDdGUE1OYml0TlBrSUthSgpsWE5TMWx6RVYxOGZETjJEVGo4dUg2YWJsbzlKZ01lcmdhSG8vOFcxK2k4RGhpZkRrb1picG1Zb3VzcUE1eEtPCjRZRUFjVXd3bXhsWkl3VUpyczRVd3dFQ2dZQXBaY0ZuTVlZQW13Tkdxc1ROQWFKN1hPRGMzcU1TZmRscHEwREcKcXBSeWhnWmFULzlHYTM5Sm8yckNoWGJnRWwzbGJNaWtwenNLY1BqczBxZ3dWMS9ES0laUWlhRnQwbXh1dWtSSQpZNW1ycVFmdmZOUzREUHZjNjZWaXRoN3dOVnQ0aENFdkpkeDZENmZicSttaDhpU0l5aUk4UldRZG96NWoxb2F5CjZpV0krUUtCZ1FDdmVUdDNDWFpuT2FOVXpHNzYxc293WFh4ZGpCMFlvUExjTXJGMFZyaGtNZlZrYnR5NTM1bDgKV2lzOVdkNVhVSW1LV21jWExzUlZGczRqVi9ZWCtLcHN6TmdSdWVmVEoycDhWL1JCMEZ3aDduV3ZlQzNuOHZOZwpONkFWd0VBczdERVhxZFZYek5xNmwzZHlOeFgxTDNNVlBlVmJQVEVmWlVOdktqNmVkMjJ0ZkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
487`, namespace)
488err := YamlK8s(secret)(kubernetes.Cluster)
489
490// then copied secret is also changed
491Expect(err).ToNot(HaveOccurred())
492Eventually(func(g Gomega) {
493out, err := kubernetes.Cluster.GetKumactlOptions().RunKumactlAndGetOutput("get", "secret", "-m", meshName, convertedSecretName, "-o", "json")
494g.Expect(err).ToNot(HaveOccurred())
495g.Expect(out).ToNot(MatchJSON(kumaSecret))
496}, "30s", "1s").Should(Succeed())
497
498// when original secret is removed
499err = k8s.RunKubectlE(kubernetes.Cluster.GetTesting(), kubernetes.Cluster.GetKubectlOptions(namespace), "delete", "secret", "secret-tls")
500
501// then copied secret is removed
502Expect(err).ToNot(HaveOccurred())
503Eventually(func(g Gomega) {
504_, err := kubernetes.Cluster.GetKumactlOptions().RunKumactlAndGetOutput("get", "secret", "-m", meshName, convertedSecretName)
505g.Expect(err).To(HaveOccurred())
506}, "30s", "1s").Should(Succeed())
507})
508})
509}
510