diff --git a/Makefile b/Makefile index 2d8baf9ae2..630ca2ac2a 100644 --- a/Makefile +++ b/Makefile @@ -62,6 +62,10 @@ test-e2e: test-e2e-with-kafka: INSTALL_KAFKA=true TEST_KNATIVE_KAFKA=true ./test/e2e-tests.sh +# Run E2E tests from the current repo for serving+eventing+mesh +test-e2e-with-mesh: + FULL_MESH=true ./test/e2e-tests.sh + # Run both unit and E2E tests from the current repo. test-operator: test-unit test-e2e @@ -72,7 +76,7 @@ test-upstream-e2e: # Run upstream E2E tests with net-istio and sidecar. # TODO: Enable upgrade tests once upstream fixed the issue https://github.com/knative/serving/issues/11535. -test-upstream-e2e-mesh: +test-upstream-e2e-mesh: test-e2e-with-mesh UNINSTALL_STRIMZI="false" ./hack/strimzi.sh FULL_MESH=true INSTALL_KAFKA=false TEST_KNATIVE_KAFKA=false TEST_KNATIVE_UPGRADE=false ./test/upstream-e2e-tests.sh diff --git a/hack/lib/mesh_resources/smcp.yaml b/hack/lib/mesh_resources/smcp.yaml index 875a30b8ec..4441b31372 100644 --- a/hack/lib/mesh_resources/smcp.yaml +++ b/hack/lib/mesh_resources/smcp.yaml @@ -7,6 +7,11 @@ spec: profiles: - default proxy: + networking: + trafficControl: + inbound: + excludedPorts: + - 8444 accessLogging: file: name: /dev/stdout diff --git a/hack/lib/mesh_resources/smmr.yaml b/hack/lib/mesh_resources/smmr.yaml index eb4115a93a..f8a091e1b5 100644 --- a/hack/lib/mesh_resources/smmr.yaml +++ b/hack/lib/mesh_resources/smmr.yaml @@ -8,6 +8,16 @@ kind: Namespace metadata: name: serving-tests-alt --- +apiVersion: v1 +kind: Namespace +metadata: + name: serverless-tests +--- +apiVersion: v1 +kind: Namespace +metadata: + name: serverless-tests2 +--- apiVersion: maistra.io/v1 kind: ServiceMeshMemberRoll metadata: @@ -18,3 +28,5 @@ spec: - knative-serving - serving-tests - serving-tests-alt + - serverless-tests + - serverless-tests2 diff --git a/hack/lib/serverless.bash b/hack/lib/serverless.bash index f938cbe284..acfd8d97be 100644 --- a/hack/lib/serverless.bash +++ b/hack/lib/serverless.bash @@ -166,7 +166,6 @@ function deploy_knativeserving_cr { # enable_net_istio adds patch to KnativeServing: # - Set ingress.istio.enbled to "true" # - Set inject and rewriteAppHTTPProbers annotations for activator and autoscaler -# - Override observability.metrics.backend-destination to "none", # as "test/v1alpha1/resources/operator.knative.dev_v1alpha1_knativeserving_cr.yaml" has the value "prometheus". function enable_net_istio { patchfile="$(mktemp -t knative-serving-XXXXX.yaml)" @@ -186,9 +185,6 @@ spec: name: autoscaler - name: domain-mapping replicas: 2 - config: - observability: - metrics.backend-destination: "none" EOF oc patch knativeserving knative-serving \ diff --git a/openshift-knative-operator/cmd/operator/kodata/ingress/0.23/0-networkpolicy-mesh.yaml b/openshift-knative-operator/cmd/operator/kodata/ingress/0.23/0-networkpolicy-mesh.yaml index ff040cbc2a..4ce25f56c5 100644 --- a/openshift-knative-operator/cmd/operator/kodata/ingress/0.23/0-networkpolicy-mesh.yaml +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/0.23/0-networkpolicy-mesh.yaml @@ -43,3 +43,21 @@ spec: ingress: - {} --- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-from-openshift-monitoring-ns + namespace: knative-serving + labels: + serving.knative.dev/release: devel + networking.knative.dev/ingress-provider: istio +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + name: "openshift-monitoring" + podSelector: {} + policyTypes: + - Ingress +--- diff --git a/openshift-knative-operator/hack/007-networkpolicy-mesh.patch b/openshift-knative-operator/hack/007-networkpolicy-mesh.patch index 915b2d3332..73b33a3347 100644 --- a/openshift-knative-operator/hack/007-networkpolicy-mesh.patch +++ b/openshift-knative-operator/hack/007-networkpolicy-mesh.patch @@ -3,7 +3,7 @@ new file mode 100644 index 00000000..3d46fbed --- /dev/null +++ b/openshift-knative-operator/cmd/operator/kodata/ingress/0.23/0-networkpolicy-mesh.yaml -@@ -0,0 +1,45 @@ +@@ -0,0 +1,63 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: @@ -49,3 +49,21 @@ index 00000000..3d46fbed + ingress: + - {} +--- ++apiVersion: networking.k8s.io/v1 ++kind: NetworkPolicy ++metadata: ++ name: allow-from-openshift-monitoring-ns ++ namespace: knative-serving ++ labels: ++ serving.knative.dev/release: devel ++ networking.knative.dev/ingress-provider: istio ++spec: ++ ingress: ++ - from: ++ - namespaceSelector: ++ matchLabels: ++ name: "openshift-monitoring" ++ podSelector: {} ++ policyTypes: ++ - Ingress ++--- diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh index 2fd30d633b..6411f53d56 100755 --- a/test/e2e-tests.sh +++ b/test/e2e-tests.sh @@ -26,7 +26,15 @@ if [[ $TEST_KNATIVE_KAFKA == true ]]; then install_strimzi serverless_operator_kafka_e2e_tests fi -ensure_serverless_installed + +if [[ $FULL_MESH == "true" ]]; then + UNINSTALL_MESH="false" install_mesh + ensure_serverless_installed + enable_net_istio +else + ensure_serverless_installed +fi + # Run Knative Serving & Eventing downstream E2E tests. downstream_serving_e2e_tests downstream_eventing_e2e_tests diff --git a/test/lib.bash b/test/lib.bash index 04008ca1e5..a3b6f26192 100644 --- a/test/lib.bash +++ b/test/lib.bash @@ -116,10 +116,18 @@ function downstream_serving_e2e_tests { # Add system-namespace labels for TestNetworkPolicy and ServiceMesh tests. add_systemnamespace_label - go_test_e2e -failfast -timeout=60m -parallel=1 ./test/servinge2e \ - --kubeconfig "${kubeconfigs[0]}" \ - --kubeconfigs "${kubeconfigs_str}" \ - "$@" + if [[ $FULL_MESH == "true" ]]; then + export GODEBUG="x509ignoreCN=0" + go_test_e2e -failfast -timeout=60m -parallel=1 ./test/servinge2e/ \ + --kubeconfig "${kubeconfigs[0]}" \ + --kubeconfigs "${kubeconfigs_str}" \ + "$@" + else + go_test_e2e -failfast -timeout=60m -parallel=1 ./test/servinge2e/... \ + --kubeconfig "${kubeconfigs[0]}" \ + --kubeconfigs "${kubeconfigs_str}" \ + "$@" + fi } function downstream_eventing_e2e_tests { diff --git a/test/service.go b/test/service.go index b0c662ef07..3be2f0eae5 100644 --- a/test/service.go +++ b/test/service.go @@ -176,7 +176,8 @@ func CreateDeployment(ctx *Context, name, namespace, image string) error { Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ - "app": name, + "app": name, + "maistra.io/expose-route": "true", }, }, Spec: corev1.PodSpec{ diff --git a/test/servinge2e/helpers.go b/test/servinge2e/helpers.go index b727379365..9936b51837 100644 --- a/test/servinge2e/helpers.go +++ b/test/servinge2e/helpers.go @@ -2,14 +2,23 @@ package servinge2e import ( "context" + "crypto/tls" + "net/http" "net/url" "testing" "github.com/openshift-knative/serverless-operator/test" - meta "k8s.io/apimachinery/pkg/apis/meta/v1" pkgTest "knative.dev/pkg/test" - servingv1 "knative.dev/serving/pkg/apis/serving/v1" - servingv1alpha1 "knative.dev/serving/pkg/apis/serving/v1alpha1" + "knative.dev/pkg/test/spoof" +) + +const ( + testNamespace2 = "serverless-tests2" + image = "gcr.io/knative-samples/helloworld-go" + helloworldService = "helloworld-go" + helloworldService2 = "helloworld-go2" + kubeHelloworldService = "kube-helloworld-go" + helloworldText = "Hello World!" ) func WaitForRouteServingText(t *testing.T, caCtx *test.Context, routeURL *url.URL, expectedText string) { @@ -21,47 +30,16 @@ func WaitForRouteServingText(t *testing.T, caCtx *test.Context, routeURL *url.UR routeURL, pkgTest.EventuallyMatchesBody(expectedText), "WaitForRouteToServeText", - true); err != nil { + true, + insecureSkipVerify(), + ); err != nil { t.Fatalf("The Route at domain %s didn't serve the expected text \"%s\": %v", routeURL, expectedText, err) } } -func withServiceReadyOrFail(ctx *test.Context, service *servingv1.Service) *servingv1.Service { - service, err := ctx.Clients.Serving.ServingV1().Services(service.Namespace).Create(context.Background(), service, meta.CreateOptions{}) - if err != nil { - ctx.T.Fatalf("Error creating ksvc: %v", err) +func insecureSkipVerify() spoof.TransportOption { + return func(transport *http.Transport) *http.Transport { + transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + return transport } - - // Let the ksvc be deleted after test - ctx.AddToCleanup(func() error { - ctx.T.Logf("Cleaning up Knative Service '%s/%s'", service.Namespace, service.Name) - return ctx.Clients.Serving.ServingV1().Services(service.Namespace).Delete(context.Background(), service.Name, meta.DeleteOptions{}) - }) - - service, err = test.WaitForServiceState(ctx, service.Name, service.Namespace, test.IsServiceReady) - if err != nil { - ctx.T.Fatalf("Error waiting for ksvc readiness: %v", err) - } - - return service -} - -func withDomainMappingReadyOrFail(ctx *test.Context, dm *servingv1alpha1.DomainMapping) *servingv1alpha1.DomainMapping { - dm, err := ctx.Clients.Serving.ServingV1alpha1().DomainMappings(dm.Namespace).Create(context.Background(), dm, meta.CreateOptions{}) - if err != nil { - ctx.T.Fatalf("Error creating ksvc: %v", err) - } - - // Let the ksvc be deleted after test - ctx.AddToCleanup(func() error { - ctx.T.Logf("Cleaning up Knative Service '%s/%s'", dm.Namespace, dm.Name) - return ctx.Clients.Serving.ServingV1alpha1().DomainMappings(dm.Namespace).Delete(context.Background(), dm.Name, meta.DeleteOptions{}) - }) - - dm, err = test.WaitForDomainMappingState(ctx, dm.Name, dm.Namespace, test.IsDomainMappingReady) - if err != nil { - ctx.T.Fatalf("Error waiting for ksvc readiness: %v", err) - } - - return dm } diff --git a/test/servinge2e/custom_route_test.go b/test/servinge2e/kourier/custom_route_test.go similarity index 99% rename from test/servinge2e/custom_route_test.go rename to test/servinge2e/kourier/custom_route_test.go index a1a116ab5a..57b9b069ab 100644 --- a/test/servinge2e/custom_route_test.go +++ b/test/servinge2e/kourier/custom_route_test.go @@ -1,4 +1,4 @@ -package servinge2e +package kourier import ( "context" diff --git a/test/servinge2e/kourier/helpers.go b/test/servinge2e/kourier/helpers.go new file mode 100644 index 0000000000..6b98f0aba5 --- /dev/null +++ b/test/servinge2e/kourier/helpers.go @@ -0,0 +1,56 @@ +package kourier + +import ( + "context" + + "github.com/openshift-knative/serverless-operator/test" + meta "k8s.io/apimachinery/pkg/apis/meta/v1" + servingv1 "knative.dev/serving/pkg/apis/serving/v1" + servingv1alpha1 "knative.dev/serving/pkg/apis/serving/v1alpha1" +) + +const ( + testNamespace = "serverless-tests" + image = "gcr.io/knative-samples/helloworld-go" + helloworldText = "Hello World!" +) + +func withServiceReadyOrFail(ctx *test.Context, service *servingv1.Service) *servingv1.Service { + service, err := ctx.Clients.Serving.ServingV1().Services(service.Namespace).Create(context.Background(), service, meta.CreateOptions{}) + if err != nil { + ctx.T.Fatalf("Error creating ksvc: %v", err) + } + + // Let the ksvc be deleted after test + ctx.AddToCleanup(func() error { + ctx.T.Logf("Cleaning up Knative Service '%s/%s'", service.Namespace, service.Name) + return ctx.Clients.Serving.ServingV1().Services(service.Namespace).Delete(context.Background(), service.Name, meta.DeleteOptions{}) + }) + + service, err = test.WaitForServiceState(ctx, service.Name, service.Namespace, test.IsServiceReady) + if err != nil { + ctx.T.Fatalf("Error waiting for ksvc readiness: %v", err) + } + + return service +} + +func withDomainMappingReadyOrFail(ctx *test.Context, dm *servingv1alpha1.DomainMapping) *servingv1alpha1.DomainMapping { + dm, err := ctx.Clients.Serving.ServingV1alpha1().DomainMappings(dm.Namespace).Create(context.Background(), dm, meta.CreateOptions{}) + if err != nil { + ctx.T.Fatalf("Error creating ksvc: %v", err) + } + + // Let the ksvc be deleted after test + ctx.AddToCleanup(func() error { + ctx.T.Logf("Cleaning up Knative Service '%s/%s'", dm.Namespace, dm.Name) + return ctx.Clients.Serving.ServingV1alpha1().DomainMappings(dm.Namespace).Delete(context.Background(), dm.Name, meta.DeleteOptions{}) + }) + + dm, err = test.WaitForDomainMappingState(ctx, dm.Name, dm.Namespace, test.IsDomainMappingReady) + if err != nil { + ctx.T.Fatalf("Error waiting for ksvc readiness: %v", err) + } + + return dm +} diff --git a/test/servinge2e/service_to_service_test.go b/test/servinge2e/kourier/service_to_service_test.go similarity index 99% rename from test/servinge2e/service_to_service_test.go rename to test/servinge2e/kourier/service_to_service_test.go index b1e77111eb..02d7a484e9 100644 --- a/test/servinge2e/service_to_service_test.go +++ b/test/servinge2e/kourier/service_to_service_test.go @@ -1,4 +1,4 @@ -package servinge2e +package kourier import ( "context" diff --git a/test/servinge2e/servicemesh_test.go b/test/servinge2e/kourier/servicemesh_test.go similarity index 99% rename from test/servinge2e/servicemesh_test.go rename to test/servinge2e/kourier/servicemesh_test.go index 78802ccc98..24ff33d7e3 100644 --- a/test/servinge2e/servicemesh_test.go +++ b/test/servinge2e/kourier/servicemesh_test.go @@ -1,4 +1,4 @@ -package servinge2e +package kourier import ( "context" diff --git a/test/servinge2e/verify_http_and_https_test.go b/test/servinge2e/kourier/verify_http_and_https_test.go similarity index 90% rename from test/servinge2e/verify_http_and_https_test.go rename to test/servinge2e/kourier/verify_http_and_https_test.go index 7c5aacded9..0680442e26 100644 --- a/test/servinge2e/verify_http_and_https_test.go +++ b/test/servinge2e/kourier/verify_http_and_https_test.go @@ -1,4 +1,4 @@ -package servinge2e +package kourier import ( "crypto/tls" @@ -8,6 +8,7 @@ import ( "testing" "github.com/openshift-knative/serverless-operator/test" + "github.com/openshift-knative/serverless-operator/test/servinge2e" ) func TestKnativeServiceHTTPS(t *testing.T) { @@ -22,7 +23,7 @@ func TestKnativeServiceHTTPS(t *testing.T) { } // Implicitly checks that HTTP works. - WaitForRouteServingText(t, caCtx, ksvc.Status.URL.URL(), helloworldText) + servinge2e.WaitForRouteServingText(t, caCtx, ksvc.Status.URL.URL(), helloworldText) // Now check that HTTPS works. httpsURL := ksvc.Status.URL.DeepCopy() diff --git a/test/servinge2e/verify_route_conflict_test.go b/test/servinge2e/kourier/verify_route_conflict_test.go similarity index 94% rename from test/servinge2e/verify_route_conflict_test.go rename to test/servinge2e/kourier/verify_route_conflict_test.go index 736629f063..a23fa88f50 100644 --- a/test/servinge2e/verify_route_conflict_test.go +++ b/test/servinge2e/kourier/verify_route_conflict_test.go @@ -1,4 +1,4 @@ -package servinge2e +package kourier import ( "context" @@ -8,6 +8,7 @@ import ( "testing" "github.com/openshift-knative/serverless-operator/test" + "github.com/openshift-knative/serverless-operator/test/servinge2e" corev1 "k8s.io/api/core/v1" apierrs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -49,7 +50,7 @@ func TestRouteConflictBehavior(t *testing.T) { t.Fatal("Knative Service not ready", err) } - WaitForRouteServingText(t, caCtx, olderSvc.Status.URL.URL(), helloworldText) + servinge2e.WaitForRouteServingText(t, caCtx, olderSvc.Status.URL.URL(), helloworldText) _, err = test.CreateService(caCtx, newer.Name, newer.Namespace, image) if err != nil { diff --git a/test/servinge2e/user_permissions_test.go b/test/servinge2e/user_permissions_test.go index c11926c22d..db32b6d375 100644 --- a/test/servinge2e/user_permissions_test.go +++ b/test/servinge2e/user_permissions_test.go @@ -13,16 +13,6 @@ import ( servingv1 "knative.dev/serving/pkg/apis/serving/v1" ) -const ( - testNamespace = "serverless-tests" - testNamespace2 = "serverless-tests2" - image = "gcr.io/knative-samples/helloworld-go" - helloworldService = "helloworld-go" - helloworldService2 = "helloworld-go2" - kubeHelloworldService = "kube-helloworld-go" - helloworldText = "Hello World!" -) - func init() { servingv1.AddToScheme(scheme.Scheme) networkingv1alpha1.AddToScheme(scheme.Scheme)