Merge remote-tracking branch 'origin/main' into npolshak/glooctl-tests

solo-io · Jul 10, 2024 · afb0495 · afb0495
2 parents 9e49c02 + 8d9df95
commit afb0495
Show file tree

Hide file tree

Showing 12 changed files with 293 additions and 6 deletions.
diff --git a/.github/workflows/nightly-tests.yaml b/.github/workflows/nightly-tests.yaml
@@ -238,7 +238,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # TODO(npolshak): remove glooctl after 3 days of successful runs of new test suite
+        # TODO(npolshak): remove gloomtls, glooctl after 3 days of successful runs of new test suite
         kube-e2e-test-type: ['gateway', 'gloo', 'helm', 'gloomtls', 'glooctl', 'upgrade']
         kube-version: [ { node: 'v1.25.16@sha256:5da57dfc290ac3599e775e63b8b6c49c0c85d3fec771cd7d55b45fae14b38d3b', kubectl: 'v1.25.16', kind: 'v0.20.0', helm: 'v3.13.2' },
                         { node: 'v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245', kubectl: 'v1.29.2', kind: 'v0.20.0', helm: 'v3.14.4' }]
@@ -268,7 +268,7 @@ jobs:
         #   We should extend the support/usage of those .env files to these other jobs.
         #   The tests are currently in flux, and some of these regression tests are being migrated, so we decided
         #   to limit the scope (and potentially unnecessary work) for now
-        # TODO(npolshak): remove glooctl after 3 days of successful runs of new test suite
+        # TODO(npolshak): remove gloomtls, glooctl after 3 days of successful runs of new test suite
         kube-e2e-test-type: ['gateway', 'gloo', 'helm', 'gloomtls', 'glooctl', 'upgrade']
         kube-version: [ { node: 'v1.25.16@sha256:5da57dfc290ac3599e775e63b8b6c49c0c85d3fec771cd7d55b45fae14b38d3b', kubectl: 'v1.25.16', kind: 'v0.20.0', helm: 'v3.13.2' },
                         { node: 'v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245', kubectl: 'v1.29.2', kind: 'v0.20.0', helm: 'v3.14.4' }]
@@ -289,7 +289,7 @@ jobs:
       fail-fast: false
       matrix:
         # ingress are deprecated from 1.17. Ref: https://solo-io-corp.slack.com/archives/G01EERAK3KJ/p1716389614777799
-        # TODO(npolshak): remove glooctl after 3 days of successful runs of new test suite
+        # TODO(npolshak): remove gloomtls, glooctl after 3 days of successful runs of new test suite
         kube-e2e-test-type: [ 'gateway', 'gloo', 'helm', 'gloomtls', 'glooctl', 'upgrade' ]
         kube-version: [ { node: 'v1.25.16@sha256:5da57dfc290ac3599e775e63b8b6c49c0c85d3fec771cd7d55b45fae14b38d3b', kubectl: 'v1.25.16', kind: 'v0.20.0', helm: 'v3.13.2' },
                         { node: 'v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245', kubectl: 'v1.29.2', kind: 'v0.20.0', helm: 'v3.14.4' } ]

diff --git a/.github/workflows/pr-kubernetes-tests.yaml b/.github/workflows/pr-kubernetes-tests.yaml
@@ -54,7 +54,7 @@ jobs:
         # May 14th: ~ minutes execution time (see load_balancing_tests.md)
         - cluster-name: 'cluster-one'
           go-test-args: '-v -timeout=25m'
-          go-test-run-regex: '^TestK8sGateway$$/^RouteDelegation$$|^TestK8sGateway$$/^Services$$|^TestGlooctlGlooGatewayEdgeGateway$$|^TestGlooctlK8sGateway$$'
+          go-test-run-regex: '^TestGloomtlsGatewayEdgeGateway$$|^TestK8sGateway$$/^RouteDelegation$$|^TestK8sGateway$$/^Services$$|^TestGlooctlGlooGatewayEdgeGateway$$|^TestGlooctlK8sGateway$$'
 
         # May 14th: ~ minutes execution time (see load_balancing_tests.md)
         - cluster-name: 'cluster-two'

diff --git a/.github/workflows/regression-tests.yaml b/.github/workflows/regression-tests.yaml
@@ -49,7 +49,7 @@ jobs:
         # upgrade tests are run on LTS but not on main branch, for main they are run nightly
         # ingress will be deprecated from 1.17. Ref: https://solo-io-corp.slack.com/archives/G01EERAK3KJ/p1716389614777799
         # this is the github action version of ternary op
-        # TODO(npolshak): remove glooctl after 3 days of successful runs of new test suite
+        # TODO(npolshak): remove gloomtls, glooctl after 3 days of successful runs of new test suite
         kube-e2e-test-type: [ 'gateway', 'gloo', 'helm', 'gloomtls', 'glooctl', 'upgrade' ]
         kube-version: [ { node: 'v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245', kubectl: 'v1.29.2', kind: 'v0.20.0', helm: 'v3.14.4' } ]
         image-variant:

diff --git a/changelog/v1.18.0-beta7/gloomtls-e2e-tests.yaml b/changelog/v1.18.0-beta7/gloomtls-e2e-tests.yaml
@@ -0,0 +1,8 @@
+changelog:
+  - type: NON_USER_FACING
+    issueLink: https://github.com/solo-io/solo-projects/issues/6303
+    resolvesIssue: false
+    description: >-
+      Migrate gloomtls tests from kube2e to new framework.
+      
+      skipCI-docs-build:true
diff --git a/test/kube2e/README.md b/test/kube2e/README.md
@@ -73,7 +73,7 @@ The below table contains the environment variables that can be used to configure
 
 | Name             | Default | Description                                                                                                                                                                                                                                        |
 |------------------|---------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| KUBE2E_TESTS     | gateway | Name of the test suite to be run. Options: `'gateway', 'gloo', 'ingress', 'helm', 'gloomtls', 'glooctl', 'upgrade', 'istio'`                                                                                                                       |
+| KUBE2E_TESTS     | gateway | Name of the test suite to be run. Options: `'gateway', 'gloo', 'ingress', 'helm', 'glooctl', 'upgrade', 'istio'`                                                                                                                                   |
 | DEBUG            | 0       | Set to 1 for debug log output                                                                                                                                                                                                                      |
 | WAIT_ON_FAIL     | 0       | Set to 1 to prevent Ginkgo from cleaning up the Gloo Edge installation in case of failure. Useful to exec into inspect resources created by the test. A command to resume the test run (and thus clean up resources) will be logged to the output. |
 | TEAR_DOWN        | false   | Set to true to uninstall Gloo after the test suite completes                                                                                                                                                                                       |

diff --git a/test/kubernetes/e2e/features/gloomtls/gloomtls_edge_suite.go b/test/kubernetes/e2e/features/gloomtls/gloomtls_edge_suite.go
@@ -0,0 +1,79 @@
+package gloomtls
+
+import (
+	"context"
+	"time"
+
+	"github.com/onsi/gomega"
+	"github.com/solo-io/gloo/projects/gateway/pkg/defaults"
+	"github.com/solo-io/gloo/projects/gloo/cli/pkg/cmd/istio"
+	"github.com/solo-io/gloo/test/gomega/matchers"
+	testdefaults "github.com/solo-io/gloo/test/kubernetes/e2e/defaults"
+	"github.com/stretchr/testify/suite"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/solo-io/gloo/pkg/utils/kubeutils"
+	"github.com/solo-io/gloo/pkg/utils/requestutils/curl"
+	"github.com/solo-io/gloo/test/kubernetes/e2e"
+)
+
+// gloomtlsEdgeGatewayTestingSuite is the entire Suite of tests for the "Gloo mtls" cases
+type gloomtlsEdgeGatewayTestingSuite struct {
+	suite.Suite
+
+	ctx context.Context
+
+	// testInstallation contains all the metadata/utilities necessary to execute a series of tests
+	// against an installation of Gloo Gateway
+	testInstallation *e2e.TestInstallation
+}
+
+func NewGloomtlsEdgeGatewayApiTestingSuite(ctx context.Context, testInst *e2e.TestInstallation) suite.TestingSuite {
+	return &gloomtlsEdgeGatewayTestingSuite{
+		ctx:              ctx,
+		testInstallation: testInst,
+	}
+}
+
+func (s *gloomtlsEdgeGatewayTestingSuite) SetupSuite() {
+	err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, setupManifest)
+	s.NoError(err, "can apply setup manifest")
+
+}
+
+func (s *gloomtlsEdgeGatewayTestingSuite) TearDownSuite() {
+	err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, setupManifest)
+	s.NoError(err, "can delete setup manifest")
+}
+
+func (s *gloomtlsEdgeGatewayTestingSuite) TestRouteSecureRequestToUpstream() {
+	s.T().Cleanup(func() {
+		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, edgeRoutingResources, "-n", s.testInstallation.Metadata.InstallNamespace)
+		s.NoError(err)
+	})
+
+	err := s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, edgeRoutingResources, "-n", s.testInstallation.Metadata.InstallNamespace)
+	s.NoError(err)
+
+	// Check sds container is present
+	listOpts := metav1.ListOptions{
+		LabelSelector: "gloo=gateway-proxy",
+	}
+	matcher := gomega.And(
+		matchers.PodMatches(matchers.ExpectedPod{ContainerName: istio.SDSContainerName}),
+	)
+
+	s.testInstallation.Assertions.EventuallyPodsMatches(s.ctx, s.testInstallation.Metadata.InstallNamespace, listOpts, matcher, time.Minute*2)
+
+	// Check curl works
+	s.testInstallation.Assertions.AssertEventualCurlResponse(
+		s.ctx,
+		testdefaults.CurlPodExecOpt,
+		[]curl.Option{
+			curl.WithHost(kubeutils.ServiceFQDN(metav1.ObjectMeta{Name: defaults.GatewayProxyName, Namespace: s.testInstallation.Metadata.InstallNamespace})),
+			// The host header must match the domain in the VirtualService
+			curl.WithHostHeader("example.com"),
+			curl.WithPort(80),
+		},
+		expectedHealthyResponse)
+}
diff --git a/test/kubernetes/e2e/features/gloomtls/testdata/edge_resources.yaml b/test/kubernetes/e2e/features/gloomtls/testdata/edge_resources.yaml
@@ -0,0 +1,28 @@
+# Don't set namespace, apply to test installation namespace
+apiVersion: gateway.solo.io/v1
+kind: VirtualService
+metadata:
+  name: example-vs
+spec:
+  virtualHost:
+    domains:
+      - "example.com"
+    routes:
+      - matchers:
+          - prefix: /
+        routeAction:
+          single:
+            upstream:
+              name: nginx-upstream
+---
+apiVersion: gloo.solo.io/v1
+kind: Upstream
+metadata:
+  name: nginx-upstream
+spec:
+  kube:
+    selector:
+      app.kubernetes.io/name: nginx
+    serviceName: nginx-svc
+    serviceNamespace: default
+    servicePort: 8080
diff --git a/test/kubernetes/e2e/features/gloomtls/testdata/setup.yaml b/test/kubernetes/e2e/features/gloomtls/testdata/setup.yaml
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+  labels:
+    app.kubernetes.io/name: nginx
+spec:
+  containers:
+    - name: nginx
+      image: nginx:stable
+      ports:
+        - containerPort: 80
+          name: http-web-svc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-svc
+spec:
+  selector:
+    app.kubernetes.io/name: nginx
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: http-web-svc
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: curl
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: curl
+  namespace: curl
+  labels:
+    app: curl
+    version: v1
+spec:
+  containers:
+    - name: curl
+      image: curlimages/curl:7.83.1
+      imagePullPolicy: IfNotPresent
+      command:
+        - "tail"
+        - "-f"
+        - "/dev/null"
+      resources:
+        requests:
+          cpu: "100m"
+        limits:
+          cpu: "200m"
diff --git a/test/kubernetes/e2e/features/gloomtls/types.go b/test/kubernetes/e2e/features/gloomtls/types.go
@@ -0,0 +1,20 @@
+package gloomtls
+
+import (
+	"net/http"
+	"path/filepath"
+
+	. "github.com/onsi/gomega"
+	testmatchers "github.com/solo-io/gloo/test/gomega/matchers"
+	"github.com/solo-io/skv2/codegen/util"
+)
+
+var (
+	expectedHealthyResponse = &testmatchers.HttpResponse{
+		StatusCode: http.StatusOK,
+		Body:       ContainSubstring("Welcome to nginx!"),
+	}
+
+	setupManifest        = filepath.Join(util.MustGetThisDir(), "testdata", "setup.yaml")
+	edgeRoutingResources = filepath.Join(util.MustGetThisDir(), "testdata", "edge_resources.yaml")
+)
diff --git a/test/kubernetes/e2e/tests/gloomtls_edge_api_test.go b/test/kubernetes/e2e/tests/gloomtls_edge_api_test.go
@@ -0,0 +1,48 @@
+package tests_test
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/solo-io/gloo/test/kubernetes/e2e"
+	. "github.com/solo-io/gloo/test/kubernetes/e2e/tests"
+	"github.com/solo-io/gloo/test/kubernetes/testutils/gloogateway"
+	"github.com/solo-io/gloo/test/kubernetes/testutils/helper"
+	"github.com/solo-io/skv2/codegen/util"
+)
+
+// TestGloomtlsGatewayEdgeGateway is the function which executes a series of tests against a given installation where
+// the k8s Gateway controller is disabled and gloomtls is enabled
+func TestGloomtlsGatewayEdgeGateway(t *testing.T) {
+	ctx := context.Background()
+	testInstallation := e2e.CreateTestInstallation(
+		t,
+		&gloogateway.Context{
+			InstallNamespace:   "gloo-gateway-edge-test",
+			ValuesManifestFile: filepath.Join(util.MustGetThisDir(), "manifests", "gloomtls-edge-gateway-test-helm.yaml"),
+		},
+	)
+
+	testHelper := e2e.MustTestHelper(ctx, testInstallation)
+
+	// We register the cleanup function _before_ we actually perform the installation.
+	// This allows us to uninstall Gloo Gateway, in case the original installation only completed partially
+	t.Cleanup(func() {
+		if t.Failed() {
+			testInstallation.PreFailHandler(ctx)
+		}
+
+		testInstallation.UninstallGlooGateway(ctx, func(ctx context.Context) error {
+			return testHelper.UninstallGlooAll()
+		})
+	})
+
+	// Install Gloo Gateway with only Gloo Edge Gateway APIs enabled
+	testInstallation.InstallGlooGateway(ctx, func(ctx context.Context) error {
+		return testHelper.InstallGloo(ctx, 5*time.Minute, helper.WithExtraArgs("--values", testInstallation.Metadata.ValuesManifestFile))
+	})
+
+	GloomtlsEdgeGwSuiteRunner().Run(ctx, t, testInstallation)
+}
diff --git a/test/kubernetes/e2e/tests/gloomtls_edge_api_tests.go b/test/kubernetes/e2e/tests/gloomtls_edge_api_tests.go
@@ -0,0 +1,14 @@
+package tests
+
+import (
+	"github.com/solo-io/gloo/test/kubernetes/e2e"
+	"github.com/solo-io/gloo/test/kubernetes/e2e/features/gloomtls"
+)
+
+func GloomtlsEdgeGwSuiteRunner() e2e.SuiteRunner {
+	gloomtlsEdgeGwSuiteRunner := e2e.NewSuiteRunner(false)
+
+	gloomtlsEdgeGwSuiteRunner.Register("Gloomtls", gloomtls.NewGloomtlsEdgeGatewayApiTestingSuite)
+
+	return gloomtlsEdgeGwSuiteRunner
+}
diff --git a/test/kubernetes/e2e/tests/manifests/gloomtls-edge-gateway-test-helm.yaml b/test/kubernetes/e2e/tests/manifests/gloomtls-edge-gateway-test-helm.yaml
@@ -0,0 +1,37 @@
+global:
+  glooMtls:
+    enabled: true
+  image:
+    pullPolicy: IfNotPresent
+settings:
+  create: true
+  invalidConfigPolicy:
+    replaceInvalidRoutes: true
+    invalidRouteResponseCode: 404
+    invalidRouteResponseBody: Gloo Gateway has invalid configuration.
+gateway:
+  enabled: true
+  persistProxySpec: false
+  logLevel: info
+  validation:
+    allowWarnings: true
+    alwaysAcceptResources: false
+    # skipping delete validation due to flakes per https://github.com/solo-io/solo-projects/issues/6272
+    webhook:
+      skipDeleteValidationResources:
+        - upstreams
+kubeGateway:
+  # This is the field that enables the K8s Gateway Integration in Gloo Gateway
+  enabled: false
+gloo:
+  logLevel: info
+  disableLeaderElection: true
+  deployment:
+    replicas: 1
+    livenessProbeEnabled: true
+gatewayProxies:
+  gatewayProxy:
+    healthyPanicThreshold: 0
+# Disable discovery, not recommended for production. NOTE: Upstreams must be statically defined in the manfiests.
+discovery:
+  enabled: false