diff --git a/test/extended/router/certs.go b/test/extended/router/certs.go index 95d3cbddb8ac..4477b08ba068 100644 --- a/test/extended/router/certs.go +++ b/test/extended/router/certs.go @@ -12,8 +12,10 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" admissionapi "k8s.io/pod-security-admission/api" + utilpointer "k8s.io/utils/pointer" routeclientset "github.com/openshift/client-go/route/clientset/versioned" @@ -21,16 +23,60 @@ import ( exurl "github.com/openshift/origin/test/extended/util/url" ) -var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io]", func() { - defer g.GinkgoRecover() - var ( - oc *exutil.CLI - ns string - routerImage string - isFIPS bool - ) - const ( - pemData = `-----BEGIN CERTIFICATE----- +const ( + defaultPemData = ` +-----BEGIN CERTIFICATE----- +MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL +BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs +dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU +ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ +ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw +MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx +CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t +MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO +WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE +K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N +k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk +vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY +ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ +BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 +E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF ++ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc +wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI +93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y +kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj +9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr +7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 +L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F +ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG +DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z +J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd +RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl +zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t +pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af +uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O ++yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt +izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS +f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA +WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp +70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS +VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF +Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn +xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 +rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c +woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF +ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR +ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf +D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD +J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH +bk65iLoLrUSkxMDi46qTAs5K +-----END PRIVATE KEY----- +` + pemData1024 = `-----BEGIN CERTIFICATE----- MIIDIjCCAgqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx CzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl ZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3 @@ -65,6 +111,15 @@ pgfj+yGLmkUw8JwgGH6xCUbHO+WBUFSlPf+Y50fJeO+OrjqPXAVKeSV3ZCwWjKT4 u3YLAbyW/lHhOCiZu2iAI8AbmXem9lW6Tr7p/97s0w== -----END RSA PRIVATE KEY----- ` +) + +var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io]", func() { + defer g.GinkgoRecover() + var ( + oc *exutil.CLI + ns string + routerImage string + isFIPS bool ) g.AfterEach(func() { @@ -95,27 +150,23 @@ u3YLAbyW/lHhOCiZu2iAI8AbmXem9lW6Tr7p/97s0w== o.Expect(err).NotTo(o.HaveOccurred()) configPath := exutil.FixturePath("testdata", "router", "router-common.yaml") - err = oc.AsAdmin().Run("new-app").Args("-f", configPath).Execute() + err = oc.AsAdmin().Run("apply").Args("-f", configPath).Execute() o.Expect(err).NotTo(o.HaveOccurred()) }) g.When("FIPS is enabled", func() { g.Describe("the HAProxy router", func() { - g.It("should not work when configured with a 1024-bit RSA key [apigroup:template.openshift.io]", func() { + g.It("should not work when configured with a 1024-bit RSA key", func() { if !isFIPS { g.Skip("skipping on non-FIPS cluster") } - configPath := exutil.FixturePath("testdata", "router", "router-scoped.yaml") - g.By(fmt.Sprintf("creating a router from a config file %q", configPath)) - err := oc.AsAdmin().Run("new-app").Args("-f", configPath, - "-p=IMAGE="+routerImage, - `-p=ROUTER_NAME=test-1024bit`, - `-p=DEFAULT_CERTIFICATE=`+pemData, - ).Execute() + routerPod := createScopedRouterPod(routerImage, "test-1024bit", pemData1024, "true") + g.By("creating a router") + ns := oc.KubeFramework().Namespace.Name + _, err := oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), routerPod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) - ns := oc.KubeFramework().Namespace.Name execPod := exutil.CreateExecPodOrFail(oc.AdminKubeClient(), ns, "execpod") defer func() { oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) @@ -139,21 +190,17 @@ u3YLAbyW/lHhOCiZu2iAI8AbmXem9lW6Tr7p/97s0w== g.When("FIPS is disabled", func() { g.Describe("the HAProxy router", func() { - g.It("should serve routes when configured with a 1024-bit RSA key [apigroup:template.openshift.io]", func() { + g.It("should serve routes when configured with a 1024-bit RSA key", func() { if isFIPS { g.Skip("skipping on FIPS cluster") } - configPath := exutil.FixturePath("testdata", "router", "router-scoped.yaml") - g.By(fmt.Sprintf("creating a router from a config file %q", configPath)) - err := oc.AsAdmin().Run("new-app").Args("-f", configPath, - "-p=IMAGE="+routerImage, - `-p=ROUTER_NAME=test-1024bit`, - `-p=DEFAULT_CERTIFICATE=`+pemData, - ).Execute() + routerPod := createScopedRouterPod(routerImage, "test-1024bit", pemData1024, "true") + g.By("creating a router") + ns := oc.KubeFramework().Namespace.Name + _, err := oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), routerPod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) - ns := oc.KubeFramework().Namespace.Name execPod := exutil.CreateExecPodOrFail(oc.AdminKubeClient(), ns, "execpod") defer func() { oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) @@ -193,3 +240,69 @@ u3YLAbyW/lHhOCiZu2iAI8AbmXem9lW6Tr7p/97s0w== }) }) }) + +func createScopedRouterPod(routerImage, routerName, pemData, updateStatus string) *corev1.Pod { + return &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "router-scoped", + Labels: map[string]string{ + "test": "router-scoped", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "route", + Image: routerImage, + ImagePullPolicy: corev1.PullIfNotPresent, + Env: []corev1.EnvVar{ + { + Name: "POD_NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + { + Name: "DEFAULT_CERTIFICATE", + Value: pemData, + }, + }, + Args: []string{ + "--name=" + routerName, + "--namespace=$(POD_NAMESPACE)", + "--update-status=" + updateStatus, + "-v=4", + "--labels=select=first", + "--stats-port=1936", + "--metrics-type=haproxy", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 80, + }, + { + ContainerPort: 443, + }, + { + ContainerPort: 1936, + Name: "stats", + Protocol: corev1.ProtocolTCP, + }, + }, + ReadinessProbe: &corev1.Probe{ + InitialDelaySeconds: 10, + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/healthz/ready", + Port: intstr.FromInt(1936), + }, + }, + }, + }, + }, + }, + } +} diff --git a/test/extended/router/config_manager.go b/test/extended/router/config_manager.go index 0abb58fa3167..cfb6d407a851 100644 --- a/test/extended/router/config_manager.go +++ b/test/extended/router/config_manager.go @@ -10,13 +10,19 @@ import ( g "github.com/onsi/ginkgo/v2" o "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" e2e "k8s.io/kubernetes/test/e2e/framework" + utilpointer "k8s.io/utils/pointer" + routev1 "github.com/openshift/api/route/v1" routeclientset "github.com/openshift/client-go/route/clientset/versioned" exutil "github.com/openshift/origin/test/extended/util" + "github.com/openshift/origin/test/extended/util/image" ) const timeoutSeconds = 3 * 60 @@ -24,9 +30,8 @@ const timeoutSeconds = 3 * 60 var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io]", func() { defer g.GinkgoRecover() var ( - configPath = exutil.FixturePath("testdata", "router", "router-config-manager.yaml") - oc *exutil.CLI - ns string + oc *exutil.CLI + ns string ) // this hook must be registered before the framework namespace teardown @@ -52,8 +57,436 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][a routerImage, err := exutil.FindRouterImage(oc) o.Expect(err).NotTo(o.HaveOccurred()) - err = oc.AsAdmin().Run("new-app").Args("-f", configPath, "-p", "IMAGE="+routerImage).Execute() + g.By("creating a RoleBinding") + roleBinding := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "system-router", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: "default", + }, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "ClusterRole", + APIGroup: "rbac.authorization.k8s.io", + Name: "system:router", + }, + } + + _, err = oc.AdminKubeClient().RbacV1().RoleBindings(ns).Create(context.Background(), roleBinding, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("creating a ConfigMap") + configMap := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "serving-cert", + }, + Data: map[string]string{ + "nginx.conf": ` +daemon off; +events { } +http { + server { + listen 8443; + ssl on; + ssl_certificate /etc/serving-cert/tls.crt; + ssl_certificate_key /etc/serving-cert/tls.key; + server_name "*.svc"; + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } +} + `, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().ConfigMaps(ns).Create(context.Background(), configMap, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("creating Services") + services := []corev1.Service{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "insecure-service", + Labels: map[string]string{ + "test": "router", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "test": "haproxy-cfgmgr", + "endpoints": "insecure-endpoint", + }, + Ports: []corev1.ServicePort{ + { + Port: 8080, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "secure-service", + Annotations: map[string]string{ + "service.alpha.openshift.io/serving-cert-secret-name": "serving-cert", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "app": "secure-endpoint", + }, + Ports: []corev1.ServicePort{ + { + Port: 443, + Name: "https", + TargetPort: intstr.FromInt(8443), + Protocol: corev1.ProtocolTCP, + }, + }, + }, + }, + } + + for _, service := range services { + _, err = oc.AdminKubeClient().CoreV1().Services(ns).Create(context.Background(), &service, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } + + g.By("creating Routes") + routes := []routev1.Route{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "edge-blueprint", + Labels: map[string]string{ + "test": "router", + "select": "hapcm-blueprint", + }, + Annotations: map[string]string{ + "router.openshift.io/cookie_name": "empire", + }, + }, + Spec: routev1.RouteSpec{ + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationEdge, + }, + Host: "edge.blueprint.hapcm.test", + To: routev1.RouteTargetReference{ + Name: "insecure-service", + Kind: "Service", + }, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "reencrypt-blueprint", + Labels: map[string]string{ + "test": "router", + "select": "hapcm-blueprint", + }, + Annotations: map[string]string{ + "ren": "stimpy", + }, + }, + Spec: routev1.RouteSpec{ + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationReencrypt, + }, + Host: "reencrypt.blueprint.hapcm.test", + To: routev1.RouteTargetReference{ + Name: "secure-service", + Kind: "Service", + }, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "passthrough-blueprint", + Labels: map[string]string{ + "test": "router", + "select": "hapcm-blueprint", + }, + Annotations: map[string]string{ + "test": "ptcruiser", + "foo": "bar", + }, + }, + Spec: routev1.RouteSpec{ + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationPassthrough, + }, + Host: "passthrough.blueprint.hapcm.test", + To: routev1.RouteTargetReference{ + Name: "secure-service", + Kind: "Service", + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "insecure-route", + Labels: map[string]string{ + "test": "haproxy-cfgmgr", + "select": "haproxy-cfgmgr", + }, + }, + Spec: routev1.RouteSpec{ + Host: "insecure.hapcm.test", + To: routev1.RouteTargetReference{ + Name: "insecure-service", + Kind: "Service", + }, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "edge-allow-http-route", + Labels: map[string]string{ + "test": "haproxy-cfgmgr", + "select": "haproxy-cfgmgr", + }, + }, + Spec: routev1.RouteSpec{ + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationEdge, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyAllow, + }, + Host: "edge.allow.hapcm.test", + To: routev1.RouteTargetReference{ + Name: "insecure-service", + Kind: "Service", + }, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "reencrypt-route", + Labels: map[string]string{ + "test": "haproxy-cfgmgr", + "select": "haproxy-cfgmgr", + }, + }, + Spec: routev1.RouteSpec{ + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationReencrypt, + }, + Host: "reencrypt.hapcm.test", + To: routev1.RouteTargetReference{ + Name: "secure-service", + Kind: "Service", + }, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "passthrough-route", + Labels: map[string]string{ + "test": "haproxy-cfgmgr", + "select": "haproxy-cfgmgr", + }, + }, + Spec: routev1.RouteSpec{ + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationPassthrough, + }, + Host: "passthrough.hapcm.test", + To: routev1.RouteTargetReference{ + Name: "secure-service", + Kind: "Service", + }, + }, + }, + } + + for _, route := range routes { + _, err := oc.RouteClient().RouteV1().Routes(ns).Create(context.Background(), &route, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } + + g.By("creating route Pods") + routerPods := []corev1.Pod{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "router-haproxy-cfgmgr", + Labels: map[string]string{ + "test": "router-haproxy-cfgmgr", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "router", + Image: routerImage, + ImagePullPolicy: corev1.PullIfNotPresent, + Env: []corev1.EnvVar{ + { + Name: "POD_NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + }, + Args: []string{ + "--namespace=$(POD_NAMESPACE)", + "-v=4", + "--haproxy-config-manager=true", + "--blueprint-route-labels=select=hapcm-blueprint", + "--labels=select=haproxy-cfgmgr", + "--stats-password=password", + "--stats-port=1936", + "--stats-user=admin", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 80, + }, + { + ContainerPort: 443, + }, + { + ContainerPort: 1936, + Name: "stats", + Protocol: corev1.ProtocolTCP, + }, + }, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "insecure-endpoint", + Labels: map[string]string{ + "test": "haproxy-cfgmgr", + "endpoints": "insecure-endpoint", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "test", + Image: image.LocationFor("registry.k8s.io/e2e-test-images/agnhost:2.40"), + Args: []string{"netexec"}, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8080, + Name: "http", + }, + { + ContainerPort: 100, + Protocol: corev1.ProtocolUDP, + }, + }, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "secure-endpoint", + Labels: map[string]string{ + "app": "secure-endpoint", + }, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "serve", + Image: image.LocationFor("registry.k8s.io/e2e-test-images/nginx:1.15-2"), + Command: []string{"/usr/sbin/nginx"}, + Args: []string{"-c", "/etc/nginx/nginx.conf"}, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8443, + Protocol: corev1.ProtocolTCP, + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "cert", + MountPath: "/etc/serving-cert", + }, + { + Name: "conf", + MountPath: "/etc/nginx", + }, + { + Name: "tmp", + MountPath: "/var/cache/nginx", + }, + { + Name: "tmp2", + MountPath: "/var/run", + }, + }, + }, + }, + Volumes: []corev1.Volume{ + { + Name: "conf", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "serving-cert", + }, + }, + }, + }, + { + Name: "cert", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "service-cert", + }, + }, + }, + { + Name: "tmp", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, + { + Name: "tmp2", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, + }, + }, + }, + } + + for _, pod := range routerPods { + _, err = oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), &pod, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } }) g.Describe("The HAProxy router", func() { @@ -67,8 +500,6 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][a oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) }() - g.By(fmt.Sprintf("creating a router with haproxy config manager from a config file %q", configPath)) - var routerIP string err := wait.Poll(time.Second, timeoutSeconds*time.Second, func() (bool, error) { pod, err := oc.KubeFramework().ClientSet.CoreV1().Pods(oc.KubeFramework().Namespace.Name).Get(context.Background(), "router-haproxy-cfgmgr", metav1.GetOptions{}) diff --git a/test/extended/router/grpc-interop.go b/test/extended/router/grpc-interop.go index f9a863d85d36..86922372124a 100644 --- a/test/extended/router/grpc-interop.go +++ b/test/extended/router/grpc-interop.go @@ -8,11 +8,14 @@ import ( g "github.com/onsi/ginkgo/v2" o "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" e2e "k8s.io/kubernetes/test/e2e/framework" e2epod "k8s.io/kubernetes/test/e2e/framework/pod" admissionapi "k8s.io/pod-security-admission/api" + utilpointer "k8s.io/utils/pointer" routev1 "github.com/openshift/api/route/v1" @@ -25,13 +28,7 @@ import ( var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Router]", func() { defer g.GinkgoRecover() - var ( - grpcServiceConfigPath = exutil.FixturePath("testdata", "router", "router-grpc-interop.yaml") - grpcRoutesConfigPath = exutil.FixturePath("testdata", "router", "router-grpc-interop-routes.yaml") - grpcRouterShardConfigPath = exutil.FixturePath("testdata", "router", "router-shard.yaml") - oc = exutil.NewCLIWithPodSecurityLevel("grpc-interop", admissionapi.LevelBaseline) - shardConfigPath string // computed - ) + var oc = exutil.NewCLIWithPodSecurityLevel("grpc-interop", admissionapi.LevelBaseline) // this hook must be registered before the framework namespace teardown // hook @@ -40,13 +37,10 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou exutil.DumpPodLogsStartingWith("grpc", oc) exutil.DumpPodLogsStartingWithInNamespace("router", "openshift-ingress", oc.AsAdmin()) } - if len(shardConfigPath) > 0 { - oc.AsAdmin().Run("delete").Args("-n", "openshift-ingress-operator", "-f", shardConfigPath).Execute() - } }) g.Describe("The HAProxy router", func() { - g.It("should pass the gRPC interoperability tests [apigroup:config.openshift.io][apigroup:route.openshift.io][apigroup:template.openshift.io]", func() { + g.It("should pass the gRPC interoperability tests [apigroup:config.openshift.io][apigroup:route.openshift.io][apigroup:operator.openshift.io]", func() { isProxyJob, err := exutil.IsClusterProxyEnabled(oc) o.Expect(err).NotTo(o.HaveOccurred(), "failed to get proxy configuration") if isProxyJob { @@ -67,7 +61,110 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou o.Expect(err).NotTo(o.HaveOccurred()) g.By("Creating grpc-interop test service") - err = oc.Run("new-app").Args("-f", grpcServiceConfigPath, "-p", "IMAGE="+image).Execute() + service := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "grpc-interop", + Annotations: map[string]string{ + "service.beta.openshift.io/serving-cert-secret-name": "service-cert-grpc-interop", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "app": "grpc-interop", + }, + Ports: []corev1.ServicePort{ + { + AppProtocol: utilpointer.String("h2c"), + Name: "h2c", + Port: 1110, + Protocol: corev1.ProtocolTCP, + TargetPort: intstr.FromInt(1110), + }, + { + Name: "https", + Port: 8443, + Protocol: corev1.ProtocolTCP, + TargetPort: intstr.FromInt(8443), + }, + }, + }, + } + + ns := oc.KubeFramework().Namespace.Name + _, err = oc.AdminKubeClient().CoreV1().Services(ns).Create(context.Background(), service, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("Creating grpc-interop test service pod") + servicePod := &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "grpc-interop", + Labels: map[string]string{ + "app": "grpc-interop", + }, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "server", + Image: image, + ImagePullPolicy: corev1.PullIfNotPresent, + Command: []string{"ingress-operator", "serve-grpc-test-server"}, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 1110, + Name: "h2c", + Protocol: corev1.ProtocolTCP, + }, + { + ContainerPort: 8443, + Name: "https", + Protocol: corev1.ProtocolTCP, + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + MountPath: "/etc/serving-cert", + Name: "cert", + }, + }, + ReadinessProbe: &corev1.Probe{ + FailureThreshold: 3, + ProbeHandler: corev1.ProbeHandler{ + TCPSocket: &corev1.TCPSocketAction{ + Port: intstr.FromInt(8443), + }, + }, + InitialDelaySeconds: 10, + PeriodSeconds: 30, + SuccessThreshold: 1, + }, + LivenessProbe: &corev1.Probe{ + FailureThreshold: 3, + ProbeHandler: corev1.ProbeHandler{ + TCPSocket: &corev1.TCPSocketAction{ + Port: intstr.FromInt(8443), + }, + }, + InitialDelaySeconds: 10, + PeriodSeconds: 30, + SuccessThreshold: 1, + }, + }, + }, + Volumes: []corev1.Volume{ + { + Name: "cert", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "service-cert-grpc-interop", + }, + }, + }, + }, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), servicePod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) g.By("Waiting for grpc-interop pod to be running") @@ -93,19 +190,123 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou shardFQDN := oc.Namespace() + "." + defaultDomain g.By("Creating routes to test for gRPC interoperability") - err = oc.Run("new-app").Args("-f", grpcRoutesConfigPath, - "-p", "DOMAIN="+shardFQDN, - "-p", "TLS_CRT="+pemCrt, - "-p", "TLS_KEY="+derKey, - "-p", "TYPE="+oc.Namespace()).Execute() - o.Expect(err).NotTo(o.HaveOccurred()) + routeType := oc.Namespace() + routes := []routev1.Route{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "grpc-interop-h2c", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "grpc-interop-h2c." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(1110), + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "grpc-interop", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "grpc-interop-edge", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "grpc-interop-edge." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(1110), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationEdge, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + Key: derKey, + Certificate: pemCrt, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "grpc-interop", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "grpc-interop-reencrypt", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "grpc-interop-reencrypt." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationReencrypt, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + Key: derKey, + Certificate: pemCrt, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "grpc-interop", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "grpc-interop-passthrough", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "grpc-interop-passthrough." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationPassthrough, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "grpc-interop", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + } + + for _, route := range routes { + _, err := oc.RouteClient().RouteV1().Routes(ns).Create(context.Background(), &route, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } g.By("Creating a test-specific router shard") - shardConfigPath, err = shard.DeployNewRouterShard(oc, 10*time.Minute, shard.Config{ - FixturePath: grpcRouterShardConfigPath, - Domain: shardFQDN, - Type: oc.Namespace(), + shardIngressCtrl, err := shard.DeployNewRouterShard(oc, 10*time.Minute, shard.Config{ + Domain: shardFQDN, + Type: oc.Namespace(), }) + defer func() { + if shardIngressCtrl != nil { + if err := oc.AdminOperatorClient().OperatorV1().IngressControllers(shardIngressCtrl.Namespace).Delete(context.Background(), shardIngressCtrl.Name, metav1.DeleteOptions{}); err != nil { + e2e.Logf("deleting ingress controller failed: %v\n", err) + } + } + }() o.Expect(err).NotTo(o.HaveOccurred(), "new router shard did not rollout") // Shard is using a namespace selector so diff --git a/test/extended/router/h2spec.go b/test/extended/router/h2spec.go index 943e13c1c3d5..02f948468977 100644 --- a/test/extended/router/h2spec.go +++ b/test/extended/router/h2spec.go @@ -13,12 +13,16 @@ import ( o "github.com/onsi/gomega" authorizationv1 "k8s.io/api/authorization/v1" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" e2e "k8s.io/kubernetes/test/e2e/framework" e2epod "k8s.io/kubernetes/test/e2e/framework/pod" admissionapi "k8s.io/pod-security-admission/api" + utilpointer "k8s.io/utils/pointer" + routev1 "github.com/openshift/api/route/v1" securityv1 "github.com/openshift/api/security/v1" routeclientset "github.com/openshift/client-go/route/clientset/versioned" @@ -37,14 +41,7 @@ type h2specFailingTest struct { var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io]", func() { defer g.GinkgoRecover() - var ( - h2specServiceConfigPath = exutil.FixturePath("testdata", "router", "router-h2spec.yaml") - h2specRoutesConfigPath = exutil.FixturePath("testdata", "router", "router-h2spec-routes.yaml") - h2specRouterShardConfigPath = exutil.FixturePath("testdata", "router", "router-shard.yaml") - - oc = exutil.NewCLIWithPodSecurityLevel("router-h2spec", admissionapi.LevelBaseline) - shardConfigPath string // computed - ) + var oc = exutil.NewCLIWithPodSecurityLevel("router-h2spec", admissionapi.LevelBaseline) // this hook must be registered before the framework namespace teardown // hook @@ -56,15 +53,10 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou } exutil.DumpPodLogsStartingWith("h2spec", oc) } - if len(shardConfigPath) > 0 { - if err := oc.AsAdmin().Run("delete").Args("-n", "openshift-ingress-operator", "-f", shardConfigPath).Execute(); err != nil { - e2e.Logf("deleting ingress controller failed: %v\n", err) - } - } }) g.Describe("The HAProxy router", func() { - g.It("should pass the h2spec conformance tests [apigroup:config.openshift.io][apigroup:authorization.openshift.io][apigroup:user.openshift.io][apigroup:security.openshift.io][apigroup:template.openshift.io]", func() { + g.It("should pass the h2spec conformance tests [apigroup:config.openshift.io][apigroup:authorization.openshift.io][apigroup:user.openshift.io][apigroup:security.openshift.io][apigroup:operator.openshift.io]", func() { isProxyJob, err := exutil.IsClusterProxyEnabled(oc) o.Expect(err).NotTo(o.HaveOccurred(), "failed to get proxy configuration") if isProxyJob { @@ -102,10 +94,298 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou ) o.Expect(err).NotTo(o.HaveOccurred()) - g.By("Creating h2spec test service") - err = oc.Run("new-app").Args("-f", h2specServiceConfigPath, - "-p", "HAPROXY_IMAGE="+routerImage, - "-p", "H2SPEC_IMAGE="+canaryImage).Execute() + g.By("Creating h2spec test service config") + ns := oc.KubeFramework().Namespace.Name + configMap := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "h2spec-haproxy-config", + }, + Data: map[string]string{ + "haproxy.config": ` +global + daemon + log stdout local0 + nbthread 4 + tune.ssl.default-dh-param 2048 + tune.ssl.capture-cipherlist-size 1 +defaults + mode http + timeout connect 5s + timeout client 30s + timeout client-fin 1s + timeout server 30s + timeout server-fin 1s + timeout http-request 10s + timeout http-keep-alive 300s + option logasap + option http-buffer-request + log-format "frontend:%f/%H/%fi:%fp GMT:%T\ body:%[capture.req.hdr(0)]\ request:%r" +frontend fe_proxy_tls + option http-buffer-request + declare capture request len 40000 + http-request capture req.body id 0 + log global + bind *:8443 ssl crt /tmp/bundle.pem alpn h2 + default_backend haproxy-availability-ok +backend haproxy-availability-ok + errorfile 503 /etc/haproxy/errorfile + http-request deny deny_status 200 +`, + "errorfile": ` +HTTP/1.1 200 OK +Content-Length: 8192 +Cache-Control: max-age=28800 +Content-Type: text/plain + +2wWvUP5ISuTTzmzf27uZ/hGEVQMowYJYgDBZPGj3VY9XEHtdiCILqnw6oMvB95lUtNDPfVh+sEpM +4NbGyxC/hALxe98LaexsWfMgdtrOs0Cre2MwGeL2Vgr68Ju9mTzL3YpYetU09WSesko6RfnqjPyA +b0dsc7XecYeh8XfetC5WgUfsGGhJTKEd80ClFAWv0usTU+qccoG7zkxxTGzw5qzp7L+B4t8Bwgjf +dvFOZZ3cwPowiGg+4iF7rwbBCtOfXgFe/eBVGpP5KtW6hcdf7Wqw/w6Tkf8ZXlKSzT6xLXrq0C73 +OrUwvRn+NJl6wbpSOFEvB3Cp19Q0oMTa9+alvPwWZxwXEIi85hT5YVDZsb0pP1hcTOQAsT5LOWzm +mtNcIstM50XZj1hHEhJeixp5gAsrwY1m+Uwm2X6a70NBEtqnP0B04oOIPfTtebORGu1DiJGgntWM +wdk1ReLyDLTS2tISn6ItAwknF0Qk3D5kMqNN2sB1GBcWf7zqTlgB3W2p6I31P2Vt/I+z859JwbIw +3w3AI5UAGSPmguLzzdPrqKa1igzrBcoDvEJnk2O0+39qlJ+Sa2Ko02KjGkl7ZNZJwUAIKMsC5vAl +hV2KFRtRnWa7YzDMuNzoOZezPnIz8zvLVQFVGCSnpu7crAKrrhJD9F/nDBEnLtA5lzJRf32LUYNI +tCs2CHt8guaddJ1U1+lEGLKX3QM0N62MhDQy2lZwAvag8WlW1le+kj0vO1NYCwauzEWZtdHEedGv +E98m9Y4OWDLl4k8uTV0f8vsgwHTCgFcJ8EmWYizi/ykL1kfdR324JiW+3YpH3F8GEp9L7ESkqIns +eXajNzKhagc1e+YM8Xe6SjWDXbdVV9ZSEsgdhK2gy0MQchK2vU1hzUKq4cxDTMJ8k3CAkuG3IFpd +Nyv9eW4aJUSsNv2OzH0iRUaXs3qAefORFQgn8/Qe2c6wSDAI5wHEi7zi/Lick3UVv+7V13zfvcWl +32A2p1Erotjl/tgj4lX60Ci3uRgRBQ/9wR/N9JuH0A4ynn0uBaS1M/Qpbmz78/oeXQgCEnUCEA4k +DXYvXl6o+dEfJkuUYMIAH4wadtmdf+DSH9oOPvBFSM93X8BF21SSDeb8K+YfIi6+Ivzll+5jcNoi +uUryTyp1don75Zk6CT7b2m1o514MS68ulcNI4g36GpaS44rnuvQGyacdau6NabzgR0Q/3n9kOlFE +IOse9+eUEmR6KXZ/DuoeT7M2+Qul4uNwJz8i2RrF7mAToB3k0qdA8fO2munXXWoGr77vSkEDdJeq +ihFBQ60KNZeZh4x18uAxYigNrYfWjmIFAdzQd9XpsGL7iHYmjyHUQQabzFirJdeS4w4hZoSznA5m +1CtCvRtAT8RPoiUPSqKU3QtH46iNGusjRoRfCj7ynrmeqeDqkw4H34CrnkolqT1hDqvaqZIyJo50 +D3MGeURwMM6DYjWKOaVJaQDbXC8Ahb67+1nKUEyEaLKkfTh8GPGOnmBiWub/Y/N3AL9TEuihw9KP +NtjZQ82jL32NqdSdwKDXmE2SMmElUOY6fVFEGDVdgx9eJbeMaiSwXLTtUFxAxsO1wY5jDf8Cr97w +P8tLv1CPcec381Y2jAD0CgkGaa1u0VTj0jLFIwZK2faeKa3VJrB7ldYD74+PwiIgfl9nbvxlC8KN +5RTd7ThSGRQ+N7zpjRdaoftafUcFj6G/O/QrbhPxLZHcHG+zBGt/Fkr1lswfjiDsHHSM1ZyLiuny +ZqFBSSjL8X+NOa76tUq414UrZZ85w6nDTkzitXb36x8TEgfaoipUZJVNQ8smjE3bO9wB1zyzYXh7 +vDQe9p3GfRN223tJKGhXZ1SewOqoZsEWTogk6FFxngAyYb6jfqFFChe9gSrjS54+WUm0HyvSGuks +q/NwwvgI69cXqPZL6eXpgAAwFbt366HbGDHcKaG02fmuBNdhguw1BuF3EaBiPF2beQvYx9GPyzua +VDTflywUGXI3JixRbwT0TgXDIX+2FceA5NcyGQLjwF5CpDH650PaholA3dUif8Blls+FpJ74UdK1 +Ws+mG/UaBZ31hLHKqHI986G3PSxEWYyrF6vL6+CuNfet/SYh7AMRWK93Rkb3/N8GPosuFPaBNZLR +EBSHW9HUTP0viNWDupGx8mmncAUb9HLjqcFJoWGqZjVKaYe8J3NwvaL1P8+/v7ckpLUzOgiZVake +azDZDBoEfqFp/EGwnwm/KsnCQZ/I0aqrVW8T3AjUyFRIBw+rYLLGC2oIiUDH5ccvYhDY1epYS3C/ +qW+mWa1XNz0Aat+7LFoMt4BG3319S/fqApIRMq3rcoegfPhGSI9CBoNnLCxz/GHnlSxstCIQdnMJ +xwWBgvHuVb84bHfsRknUQX7g5s7xf9UK06TXRmYG+lb70Trkb0EZKzT17IMIOnZk4BCJkX08YK88 +C1rP68EjSdLSRiln3EPJ6kuNVFct077SfDG3SiLldx/VsZGSFzqWv69Qdb82wI+v5FcV3TZkrZAP +mhHJEWFaWvtEMyc7TtNI+0XhME96RIscBSLtoaRRV8CbMSJ8uanfox5LFId0gD4kfWiGtirj9/1/ +GnAUoMhFeipQ8mYKu2zwOFsDVmWzC10uNyorY4qg/WBJ6A3asEcHIUVkmOnakPkRipKTKxFYlXjF +1Jau+KsvHTvWxOP/LTDipJjxwQWBzDEmUHOQJJrHQG/grmOPFB891bcFRLWzYSuSYCSLetA8HlCK +m9Bxit43AUhLeeUoVHroflvyHhI1LT2k6crEz4g/bdLMi7ncbtCmB88k6UYXUaXKL2YlzxRp+cWA +nxeR63cR2RXeqUVdO3GqgAFKHFw96lgbF74qBc9AE5r5juzvT6qoHq7sHNJ31VhA6cASdIio+H+D +O2sb8xvGyuCfydIHgJoRc2ilhVsMPwEoMsCrp1MRWE5tLgkn0uH5RjV1K1yDYY0PivgJYbBtjOhx +mcaaa+P8jHc7J/Q6rI6BCjehbOwFY7dbCjcBJ8y39yNvDFwtj53UxMiWoRSwNO8ICJNFwm1dXjUa +gJ/+g6q0U4qf0nL5f/whHCsY8qdD9Jj9qcRjvSNaiP/l44ETGA2bc+/33cdZZImYAw54nfoN1UPx +hcvP3dsol6SaHgGOvZV0R6sapasMbIuFOkAXEVjn75E1dnWoom2k/cWH1gCxStYKUE4ilsMi+Smb +ejw1wXXJ4IG/861DPEAfrhwXO5nBppSClyf8ASMI+EjJmEO9o9b+hvKST0lN/+qnXfgzyirrhjSH +B8mMyArxcZo3+avdi1hC8VgNsRpR9aC7Sim9v8gjMfVg0qvIcDPjfvozyXhiEhrc7T+GDqk6Ledv +lOwTMw+i5UlrEEeJXDp8Ae8dQ1i/aLN/J7bR6LI9off7egiSIgnoOaUJl5LfvHqzFJsbjpSrm9U9 +hrhs9ChG6Qa1VsB/cvoaLwbzXi3XcbPue8DuNrgTP4CcP7KtiiS+NM+n0nRKEk9y7eeSfjXI5pE7 +6JFIdYs2qXFLtc+SuBq4M2dtKySiOr27gi59sbgr/OlWl+JQDNKPZ3XFM9nsoNpD3QU5Ye0DKzrI +rJh5Q/Gt3fQg91sFiB76kkpsQ88GQ/kgui9jadTYZcRmz/vQkoiQShX0xhdbkmwQgocnNO9IkZy+ +vua906n5skPPQIpaZOPuIxBoHE/1y+Ap2ofezIBj9p/HNv5Aolc1TL0eY5dPabXWwab/4vutMKos +MKAbI1Gow+RyptiZsau72g/IicWTIpBbveRnbiDWTmw2uwLus4asSanzWjZnlNyy0MIVK0uZRNVn +NBKCXH2VbYMyPIvN9CQbCl7/VnL4qPC8sxkJL28ZtwW881Kn79k49Go7FXZn/go1hdig8av4h+JZ +cHw+bjsNKe3Mr6JvyLIpkvsBFL3TGRQkEy/me6V2HI8dl3RoryJy3SiE8G5uXlKXJywYOaCoIUIp +2uyalKb2YNaZFc6xHjputeIegC4zJh6KmKK8H4n92/qn33DK813xaFpcQWh6HfTL33V1xn6x93jX +x40RmHxbslHN0DYbYcK8fDEdvHfAY/zzKpvXg1TsKYuW8tyeXWL5NjfGND7XliJCo/GIj0dAyWro +IkLvv7XqnAUvLyH+Kd1LBzMa+1Q6luGSQaYaw1Uwioi0+W8VP/vd2MZifv/M+Fg9jXQ0YAPxvnqw +dMNjVq+kCJY9wjwBpgEOdXte5cZebR4b9Zyn0DRFzb4levpCF0bjmJcbzgE/doh8c+qfCIxK57/l +j37u34+y4OjnTeqm991+jnzqjHP9Dr96IjRRVh268Hgqymx670MolqAFlb7Fazwi/+3n4wH6oIjj +cbgFVrsOH0KFnLKf3QFOA2Rr/x+ycY8e0A3Br90AjEzHBsbV2LCpmcB5JaFxQG3K8IGXP2O3h7jP +yXHLPG/Euu0CTN4TlDNl45Ppk2GY48jGb6bdhJjV/qeL49y9wSghFmnGlXkbOxZ/JqI2QeIXleAe +xeVcdnCF9d3mEE0POtHvh4/nF3SS6IwqQd9qtiNLvDrCuhLJCTfowCfTm0WzpNJmaXxrKG4jyUJG +IpVcQSKulIDwkgt66V/PtbgE/2V+4+EvYgP5uM8tf7AAskxlnqB5L81Ph/0zsumrqLUsX1gTONCW +Hqf0cPJlALcHY/FaKq3sZl3J/BoIygIR2IwMeOQCEprt46RsJeY8AAWEk0p9eDoiX7eniV8YFes9 +mNUXxHyg1GYzRtbXv0Ua/TomdZwFVhOYGb2SeVCDmzmjPcWLnLZ8949jbHIKIvKgkYgFF5qrtukA +PcPkKGAbzAUpiWr7zn8pp1emm3YRhzvYVJ2gNMtxHZkRg6uNAbt/mF1BqIS8ODtTUUo4+gC/RGYF +bgJryFrYBuFihZLOSXV0T6KNcp/04xRTXI63nfGuJaY0iSoPI3mbeulgxMIFAoALb3nQ9z0bVSzT +Lf6jPmaeM379NQ0bg0IoF+lrRYNTOAE5LssUrDTO8EV402wulLU0MR3bKKkt4jvp04/GpIjn9xmJ +3ZuWjxjvyZGjlaGT/BgsAgi/MuNN1Syty0Pzw8cJUWAogcak/2Xt7cY0+xTWtk7JHy9npv0hNzaw +mpt6NM0Yk4wqMDE9VL8G5P302eAYv11/ZlRM9yDUmTr15wwEc2J0koLqulN96VwMekGsPMi1makl +JpcHjgSuuM4CrD8sd6L8K6IyZWyGBmWV4JQ2Sd4lGvuzxf9+5pS3Q2Iq6QqPzW6rBa9GUAufvtI0 +cR+JxqDOwCEd9IwaDq1mvLFUqlfvlGgyj1GrOYMJMMjBa/ErFtnsFL2rzO9g1QkHtErTND50VM8C +IdAybJLV4DOUwzOK3NSElr4Wej8K0Lfbwe4R3KzE4vRc+mO1ZesiPyfM7VsR7dN2NRDTTqWF7dXn +jrCpI2Pwz/BSwbtNvKnVrELydJYqQZ4YN0Kgkb5ZQ+Ei23t+X6IjRNTY576q5BtmNw9MEV70/b4w +Ac0ArzOfp+PbLaC6WdjxzI/AdpZJ5RSBo3w5PY+3P8IG4tz1UyKMhvCtA/xBGTu77C83a0R696aL +kMA5RhYjlCdm73+BMTLp17jXM+j5ek8pt0l5beEWOQSQQuzowiyPwfyp3c77A+3OsuK1dIdTpxh4 +EeGLY1UuMQla1ugZODWHac42h6uBftP7Q77qKbCQHHB6G7HlH8xIJp6YfoBbqeQuMhrZrbeWGMpE +XGHizQFlsiHAniPfcY+XaCE4sgW+2gAlR6ESkO3DnGFnyejMspfa+BDdZBfuUO1JNWQwOtlooicQ +JXbSKAVrfDTsFrerk1LJkuhCvIGINt7D+9i9/t+twgA834ObDzb89dpWJAiFV1JtfJW4DGTKga6I +850NJW8/GP4l/hqH0EH9jSDXgjdhS0716/nEjXnwZ0rsHLfGq1AaMUHv972wv+3TA188kzlk7fRr +wuJbuLpwVqp/H1LNueJu+/lzFQoh9eeboguENZNIoZQ7cD0pINwHdeyhXZDomaxHnIrxiZmy72P/ +aNkruB+Kf7evbRHzPNZAWkie/PwDrAsPLpeiTuK3nhpd/XIfmnNXZtt1X53MJHRwDMl00ze7lXwn +37Pm2dYsZo2f20cIuVrzyOPv9f9y2y92UAJ6VvPxHjci2lQupmdn/D7kdeF44nZWUMRkvnHW+Lxj +NYHuwwX6sOoKavnmVALOhYk9mukP4pNliuvcJmuhJxaI9oQah8encM2WA8Z7s61Xf1Gk2luMH709 +0EX6VvPrNLFUY7xJJsXT191vyrg6Wu5Yd2ZIFXrCgKBLfHumvO3NE+YE+LKK6xrH7Urk9trmKJKt +sfsgmIz8xj4D59tlIsgKZfwGsIbIlachpjhXM9jNdOSe5k2tHNdnh1OvBJvOIqKSp4uVlHZnLUMZ +07rzxr9wdzU4ihaUgvreVpar6vnNYuj/TTDRP0FcBay0IuPunVhX9Wel5ga+NWIV9srCmzsJN7/d +puvaV9sb5dc0M0klEq41bMKDFd86YKifRhwagol5OAHTPjvIqZ9WOr/7XVuxAtOG0l1ohgrKTtfV +jw4KZCd+zIazzwuA0ItCENMmAm2Xppqy1T0Uu7gql3b8XAtsk+IhQw+L8H/oJtt/vaRSnbfTS02N +umm7CcneYyHT1FiuMfm5rkHee7rPR+YiDXlnkrTjd6HaBk3a/mEf0amzsMH9s4FzQRLbYPcXZrfi +ah18pV5ZlcfsC1kmM+wBbxCjxoUcV2DyeGiMdQo2Pif9LpPXOo6SE9a4lDovQF5brB6z9MGUZlKf +n+bQ1SVZxu4ArWLnbmXrgHzz+APsWh6VBfCw0MT8oP7uzB6tzIP1RCm7uKgb1Hi2f8f4DympfW4r +K3/H/5c3foZqlZDSDCGv3amzwkSZ3VsWHPrGFa0jLkTweBf+8UyzRIdoceDI7Ovg9cOiVf4bVqA/ +B4DavbV6xOAbHloEJTIEI54epi2CEFnAvpJUgr+uWkgQbSTJVmXUWw0s6gv+2sbeNYYz169c1ScP +U1afX80IXtL0iq7sQjbEPfOg9hWbHQWoAaSgLT0mvGkMHn8eKUBFdvF2paNOfU47OirGz1ifdRZe +9BgBR6glFDlp5g99K6PXxADoy+nHAKnzxlWuxjfMoXgcIWpmIXad+vi3m7J48Z8xAaN8/657UjNW +JmYHVjst8m+Q14lyMJfFj1Q+9FjyKTGwSjryd5dUJacyGrg3mli2v99KnTsOjY1Wm6//G5dcuRIT +IceUARlCKNONQVe3tM4LoIglqTipwfzLwjDfb223BAfNt41otmZ3VGM8yesZQmAnokKhcErDTrw3 +g9aoCI6OlrtLrTx3V1k7qW9INLZXspvhU4CalQdWvugpH4prAQO6FeFLCu66/KIL9FZoe5n66UBz +TFR2ih8dKo1JV/aLuqjpsZ+l4lNal4vnqgaLUehC7j1zQAiLD585VMuEliJSmES8wHL3nt5JUKoe +2Y6+aRDQqYUZsEhnPQ1H+0AT5LHOh6P1576m52Bp2tczVjN2K6Hgw+koDUmZj7YUj1stzjKso5rM +0zRAppa9g4XJSDnjaBFdYcRmWZ+PE/sjXzcu1eNtttlJqmYqO4dMGHiffoBIvz9nvqn8eZIRMPdt +D1/ykxN6Cbl42Ox9WTSIZncj6LbhB/5dT12DdCtedx7ljDcGVQm30HbB5GSYWYuWphJSJ0YWX8O+ +lW8A3Qy0Vnu2EZUsNKBzgSbws63t2xrizMq0eRkMkHL8L4OUFKenwro6m0PJcuPhTBhVN0ek73vl +YVdXRPoPejw6wPeETZ6ObnCFqySDsycqyIwYXmxFNw3aYiTjFls2i+BZ6lGManDeJ/U/VKdrJt74 +Ua3HXuQXe9z/uOBdmiWPBuIA79uzt3C/g5hTFt3L4Q25aRMRXIQkrtRRfP6AEyKJmAUY1hwyIJQV ++HVW+djWL9nO1/REKbJcGPmQwscoH9YYrP4XpLaXbWV/XbuCsyPzW+QKqUinMIX3LlAIYgJp+pyb +m2/3So5gYJkPZxx4UxVrqxAkKhSkQVHvv6Rvj6LkdomEfA76eWKxxvksde+zZkD2ZcWMg0obX1Ox +BFNBRELPe53ZdLKWpf2Sr96vRPRNw +`, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().ConfigMaps(ns).Create(context.Background(), configMap, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("Creating h2spec test service h2spec-haproxy pod") + haProxyPod := &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "h2spec-haproxy", + Labels: map[string]string{ + "app": "h2spec-haproxy", + }, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Image: routerImage, + Name: "haproxy", + Command: []string{"/bin/bash", "-c"}, + Args: []string{ + "set -e; cat /etc/serving-cert/tls.key /etc/serving-cert/tls.crt > /tmp/bundle.pem; haproxy -f /etc/haproxy/haproxy.config -db", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8443, + Protocol: corev1.ProtocolTCP, + }, + }, + ReadinessProbe: &corev1.Probe{ + FailureThreshold: 3, + ProbeHandler: corev1.ProbeHandler{ + TCPSocket: &corev1.TCPSocketAction{ + Port: intstr.FromInt(8443), + }, + }, + InitialDelaySeconds: 10, + PeriodSeconds: 30, + SuccessThreshold: 1, + }, + LivenessProbe: &corev1.Probe{ + FailureThreshold: 3, + ProbeHandler: corev1.ProbeHandler{ + TCPSocket: &corev1.TCPSocketAction{ + Port: intstr.FromInt(8443), + }, + }, + InitialDelaySeconds: 10, + PeriodSeconds: 30, + SuccessThreshold: 1, + }, + SecurityContext: &corev1.SecurityContext{ + AllowPrivilegeEscalation: utilpointer.Bool(true), + }, + VolumeMounts: []corev1.VolumeMount{ + { + MountPath: "/etc/serving-cert", + Name: "cert", + }, + { + MountPath: "/etc/haproxy", + Name: "config", + }, + }, + }, + }, + Volumes: []corev1.Volume{ + { + Name: "config", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "h2spec-haproxy-config", + }, + }, + }, + }, + { + Name: "cert", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "serving-cert-h2spec", + }, + }, + }, + }, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), haProxyPod, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("Creating h2spec test service object") + + service := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "h2spec-haproxy", + Annotations: map[string]string{ + "service.beta.openshift.io/serving-cert-secret-name": "serving-cert-h2spec", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "app": "h2spec-haproxy", + }, + Ports: []corev1.ServicePort{ + { + Port: 8443, + Name: "https", + TargetPort: intstr.FromInt(8443), + Protocol: corev1.ProtocolTCP, + }, + }, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().Services(ns).Create(context.Background(), service, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("Creating h2spec test service h2spec pod") + + h2specPod := &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "h2spec", + Labels: map[string]string{ + "app": "h2spec", + }, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "h2spec", + Image: canaryImage, + Command: []string{"sleep"}, + Args: []string{"infinity"}, + }, + }, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), h2specPod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) e2e.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(oc.KubeClient(), "h2spec-haproxy", oc.KubeFramework().Namespace.Name)) @@ -121,17 +401,47 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou o.Expect(err).NotTo(o.HaveOccurred()) g.By("Creating routes to test for h2spec compliance") - err = oc.Run("new-app").Args("-f", h2specRoutesConfigPath, - "-p", "DOMAIN="+shardFQDN, - "-p", "TYPE="+oc.Namespace()).Execute() + h2specRoute := &routev1.Route{ + ObjectMeta: metav1.ObjectMeta{ + Name: "h2spec-passthrough", + Labels: map[string]string{ + "app": "h2spec-haproxy", + "type": oc.Namespace(), + }, + }, + Spec: routev1.RouteSpec{ + Host: "h2spec-passthrough." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationPassthrough, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "h2spec-haproxy", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + } + + _, err = oc.RouteClient().RouteV1().Routes(ns).Create(context.Background(), h2specRoute, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) g.By("Creating a test-specific router shard") - shardConfigPath, err = shard.DeployNewRouterShard(oc, 10*time.Minute, shard.Config{ - FixturePath: h2specRouterShardConfigPath, - Domain: shardFQDN, - Type: oc.Namespace(), + shardIngressCtrl, err := shard.DeployNewRouterShard(oc, 10*time.Minute, shard.Config{ + Domain: shardFQDN, + Type: oc.Namespace(), }) + defer func() { + if shardIngressCtrl != nil { + if err := oc.AdminOperatorClient().OperatorV1().IngressControllers(shardIngressCtrl.Namespace).Delete(context.Background(), shardIngressCtrl.Name, metav1.DeleteOptions{}); err != nil { + e2e.Logf("deleting ingress controller failed: %v\n", err) + } + } + }() o.Expect(err).NotTo(o.HaveOccurred(), "new router shard did not rollout") g.By("Getting LB service") diff --git a/test/extended/router/http2.go b/test/extended/router/http2.go index f2df95f31ad2..51c92bd0d5d9 100644 --- a/test/extended/router/http2.go +++ b/test/extended/router/http2.go @@ -14,14 +14,18 @@ import ( o "github.com/onsi/gomega" "golang.org/x/net/http2" + corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" e2e "k8s.io/kubernetes/test/e2e/framework" e2epod "k8s.io/kubernetes/test/e2e/framework/pod" "k8s.io/pod-security-admission/api" + utilpointer "k8s.io/utils/pointer" configv1 "github.com/openshift/api/config/v1" + routev1 "github.com/openshift/api/route/v1" routeclientset "github.com/openshift/client-go/route/clientset/versioned" "github.com/openshift/origin/test/extended/router/certgen" @@ -59,15 +63,7 @@ func makeHTTPClient(useHTTP2Transport bool, timeout time.Duration) *http.Client var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io]", func() { defer g.GinkgoRecover() - var ( - http2ServiceConfigPath = exutil.FixturePath("testdata", "router", "router-http2.yaml") - http2RoutesConfigPath = exutil.FixturePath("testdata", "router", "router-http2-routes.yaml") - http2RouterShardConfigPath = exutil.FixturePath("testdata", "router", "router-shard.yaml") - - oc = exutil.NewCLIWithPodSecurityLevel("router-http2", api.LevelBaseline) - - shardConfigPath string // computed - ) + var oc = exutil.NewCLIWithPodSecurityLevel("router-http2", api.LevelBaseline) // this hook must be registered before the framework namespace teardown // hook @@ -80,15 +76,10 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou exutil.DumpPodLogsStartingWith("http2", oc) exutil.DumpPodLogsStartingWithInNamespace("router", "openshift-ingress", oc.AsAdmin()) } - if len(shardConfigPath) > 0 { - if err := oc.AsAdmin().Run("delete").Args("-n", "openshift-ingress-operator", "-f", shardConfigPath).Execute(); err != nil { - e2e.Logf("deleting ingress controller failed: %v\n", err) - } - } }) g.Describe("The HAProxy router", func() { - g.It("should pass the http2 tests [apigroup:image.openshift.io][apigroup:template.openshift.io]", func() { + g.It("should pass the http2 tests [apigroup:image.openshift.io][apigroup:operator.openshift.io]", func() { isProxyJob, err := exutil.IsClusterProxyEnabled(oc) o.Expect(err).NotTo(o.HaveOccurred(), "failed to get proxy configuration") if isProxyJob { @@ -109,7 +100,112 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou o.Expect(err).NotTo(o.HaveOccurred()) g.By("Creating http2 test service") - err = oc.Run("new-app").Args("-f", http2ServiceConfigPath, "-p", "IMAGE="+image).Execute() + http2service := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "http2", + Annotations: map[string]string{ + "service.beta.openshift.io/serving-cert-secret-name": "serving-cert-http2", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "name": "http2", + }, + Ports: []corev1.ServicePort{ + { + Name: "https", + Protocol: corev1.ProtocolTCP, + Port: 8443, + TargetPort: intstr.FromInt(8443), + }, + { + Name: "http", + Protocol: corev1.ProtocolTCP, + Port: 8080, + TargetPort: intstr.FromInt(8080), + }, + }, + }, + } + + ns := oc.KubeFramework().Namespace.Name + _, err = oc.AdminKubeClient().CoreV1().Services(ns).Create(context.Background(), http2service, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("Creating http2 test service pod") + http2Pod := &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "http2", + Labels: map[string]string{ + "name": "http2", + }, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Image: image, + Name: "server", + Command: []string{"ingress-operator", "serve-http2-test-server"}, + ReadinessProbe: &corev1.Probe{ + FailureThreshold: 3, + ProbeHandler: corev1.ProbeHandler{ + TCPSocket: &corev1.TCPSocketAction{ + Port: intstr.FromInt(8080), + }, + }, + InitialDelaySeconds: 10, + PeriodSeconds: 30, + SuccessThreshold: 1, + }, + LivenessProbe: &corev1.Probe{ + FailureThreshold: 3, + ProbeHandler: corev1.ProbeHandler{ + TCPSocket: &corev1.TCPSocketAction{ + Port: intstr.FromInt(8080), + }, + }, + InitialDelaySeconds: 10, + PeriodSeconds: 30, + SuccessThreshold: 1, + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8443, + Protocol: corev1.ProtocolTCP, + }, + { + ContainerPort: 8080, + Protocol: corev1.ProtocolTCP, + }, + }, + Env: []corev1.EnvVar{ + { + Name: "GODEBUG", + Value: "http2debug=1", + }, + }, + VolumeMounts: []corev1.VolumeMount{ + { + MountPath: "/etc/serving-cert", + Name: "cert", + }, + }, + }, + }, + Volumes: []corev1.Volume{ + { + Name: "cert", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "serving-cert-http2", + }, + }, + }, + }, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), http2Pod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) g.By("Waiting for http2 pod to be running") @@ -142,19 +238,151 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou o.Expect(err).NotTo(o.HaveOccurred()) g.By("Creating routes to test for http/2 compliance") - err = oc.Run("new-app").Args("-f", http2RoutesConfigPath, - "-p", "DOMAIN="+shardFQDN, - "-p", "TLS_CRT="+pemCrt, - "-p", "TLS_KEY="+derKey, - "-p", "TYPE="+oc.Namespace()).Execute() - o.Expect(err).NotTo(o.HaveOccurred()) + routeType := oc.Namespace() + routes := []routev1.Route{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "http2-default-cert-edge", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "http2-default-cert-edge." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationEdge, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "http2", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "http2-default-cert-reencrypt", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "http2-default-cert-reencrypt." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationReencrypt, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "http2", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "http2-custom-cert-edge", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "http2-custom-cert-edge." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationEdge, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + Key: derKey, + Certificate: pemCrt, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "http2", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "http2-custom-cert-reencrypt", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "http2-custom-cert-reencrypt." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationReencrypt, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + Key: derKey, + Certificate: pemCrt, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "http2", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "http2-passthrough", + Labels: map[string]string{ + "type": routeType, + }, + }, + Spec: routev1.RouteSpec{ + Host: "http2-passthrough." + shardFQDN, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8443), + }, + TLS: &routev1.TLSConfig{ + Termination: routev1.TLSTerminationPassthrough, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "http2", + Weight: utilpointer.Int32(100), + }, + WildcardPolicy: routev1.WildcardPolicyNone, + }, + }, + } + + for _, route := range routes { + _, err := oc.RouteClient().RouteV1().Routes(ns).Create(context.Background(), &route, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } g.By("Creating a test-specific router shard") - shardConfigPath, err = shard.DeployNewRouterShard(oc, 10*time.Minute, shard.Config{ - FixturePath: http2RouterShardConfigPath, - Domain: shardFQDN, - Type: oc.Namespace(), + shardIngressCtrl, err := shard.DeployNewRouterShard(oc, 10*time.Minute, shard.Config{ + Domain: shardFQDN, + Type: oc.Namespace(), }) + defer func() { + if shardIngressCtrl != nil { + if err := oc.AdminOperatorClient().OperatorV1().IngressControllers(shardIngressCtrl.Namespace).Delete(context.Background(), shardIngressCtrl.Name, metav1.DeleteOptions{}); err != nil { + e2e.Logf("deleting ingress controller failed: %v\n", err) + } + } + }() o.Expect(err).NotTo(o.HaveOccurred(), "new router shard did not rollout") testCases := []struct { diff --git a/test/extended/router/idle.go b/test/extended/router/idle.go index 1955c80f258a..096f33a7af14 100644 --- a/test/extended/router/idle.go +++ b/test/extended/router/idle.go @@ -9,15 +9,20 @@ import ( "net/http" "time" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" e2e "k8s.io/kubernetes/test/e2e/framework" admissionapi "k8s.io/pod-security-admission/api" + utilpointer "k8s.io/utils/pointer" g "github.com/onsi/ginkgo/v2" o "github.com/onsi/gomega" configv1 "github.com/openshift/api/config/v1" + routev1 "github.com/openshift/api/route/v1" unidlingapi "github.com/openshift/api/unidling/v1alpha1" exutil "github.com/openshift/origin/test/extended/util" @@ -28,8 +33,7 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou defer g.GinkgoRecover() var ( - configPath = exutil.FixturePath("testdata", "router", "router-idle.yaml") - oc = exutil.NewCLIWithPodSecurityLevel("router-idling", admissionapi.LevelBaseline) + oc = exutil.NewCLIWithPodSecurityLevel("router-idling", admissionapi.LevelBaseline) ) // this hook must be registered before the framework namespace teardown @@ -41,7 +45,7 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou }) g.Describe("The HAProxy router", func() { - g.It("should be able to connect to a service that is idled because a GET on the route will unidle it [apigroup:config.openshift.io][apigroup:template.openshift.io]", func() { + g.It("should be able to connect to a service that is idled because a GET on the route will unidle it [apigroup:config.openshift.io]", func() { network, err := oc.AdminConfigClient().ConfigV1().Networks().Get(context.Background(), "cluster", metav1.GetOptions{}) o.Expect(err).NotTo(o.HaveOccurred(), "failed to get cluster network configuration") if !(network.Status.NetworkType == "OVNKubernetes" || network.Status.NetworkType == "OpenShiftSDN") { @@ -61,9 +65,107 @@ var _ = g.Describe("[sig-network-edge][Conformance][Area:Networking][Feature:Rou timeout := 15 * time.Minute - g.By(fmt.Sprintf("creating test fixture from a config file %q", configPath)) - err = oc.Run("new-app").Args("-f", configPath).Execute() - o.Expect(err).NotTo(o.HaveOccurred(), "failed to create test fixture") + g.By("creating test fixtures") + ns := oc.KubeFramework().Namespace.Name + idleRoute := &routev1.Route{ + ObjectMeta: metav1.ObjectMeta{ + Name: "idle-test", + Labels: map[string]string{ + "app": "idle-test", + }, + }, + Spec: routev1.RouteSpec{ + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "idle-test", + }, + }, + } + _, err = oc.RouteClient().RouteV1().Routes(ns).Create(context.Background(), idleRoute, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + idleService := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "idle-test", + Labels: map[string]string{ + "app": "idle-test", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "app": "idle-test", + }, + Ports: []corev1.ServicePort{ + { + Port: 8080, + Name: "8080-http", + TargetPort: intstr.FromInt(8080), + Protocol: corev1.ProtocolTCP, + }, + }, + }, + } + + _, err = oc.AdminKubeClient().CoreV1().Services(ns).Create(context.Background(), idleService, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + + idleDeployment := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "idle-test", + }, + Spec: appsv1.DeploymentSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": "idle-test", + }, + }, + Replicas: utilpointer.Int32(1), + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Name: "idle-test", + Labels: map[string]string{ + "app": "idle-test", + }, + }, + + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Image: "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest", + Name: "idle-test", + ReadinessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/", + Port: intstr.FromInt(8080), + }, + }, + InitialDelaySeconds: 3, + PeriodSeconds: 3, + }, + Command: []string{ + "/usr/bin/socat", + "TCP4-LISTEN:8080,reuseaddr,fork", + `EXEC:'/bin/bash -c \"printf \\\"HTTP/1.0 200 OK\r\n\r\n\\\"; sed -e \\\"/^\r/q\\\"\"'`, + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8080, + Protocol: corev1.ProtocolTCP, + }, + }, + }, + }, + }, + }, + }, + } + + _, err = oc.AdminKubeClient().AppsV1().Deployments(ns).Create(context.Background(), idleDeployment, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) g.By("Waiting for pods to be running") err = waitForRunningPods(oc, 1, exutil.ParseLabelsOrDie("app=idle-test"), timeout) diff --git a/test/extended/router/scoped.go b/test/extended/router/scoped.go index 9780eb71c8ac..46a2424abe3f 100644 --- a/test/extended/router/scoped.go +++ b/test/extended/router/scoped.go @@ -14,9 +14,11 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" e2e "k8s.io/kubernetes/test/e2e/framework" admissionapi "k8s.io/pod-security-admission/api" + utilpointer "k8s.io/utils/pointer" routev1 "github.com/openshift/api/route/v1" routeclientset "github.com/openshift/client-go/route/clientset/versioned" @@ -26,7 +28,7 @@ import ( const changeTimeoutSeconds = 3 * 60 -var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:template.openshift.io]", func() { +var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io]", func() { defer g.GinkgoRecover() var ( oc *exutil.CLI @@ -56,19 +58,19 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][a o.Expect(err).NotTo(o.HaveOccurred()) configPath := exutil.FixturePath("testdata", "router", "router-common.yaml") - err = oc.AsAdmin().Run("new-app").Args("-f", configPath).Execute() + err = oc.AsAdmin().Run("apply").Args("-f", configPath).Execute() o.Expect(err).NotTo(o.HaveOccurred()) }) g.Describe("The HAProxy router", func() { g.It("should serve the correct routes when scoped to a single namespace and label set", func() { - configPath := exutil.FixturePath("testdata", "router", "router-scoped.yaml") - g.By(fmt.Sprintf("creating a router from a config file %q", configPath)) - err := oc.AsAdmin().Run("new-app").Args("-f", configPath, "-p", "IMAGE="+routerImage).Execute() + routerPod := createScopedRouterPod(routerImage, "test-scoped", defaultPemData, "true") + g.By("creating a router") + ns := oc.KubeFramework().Namespace.Name + _, err := oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), routerPod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) - ns := oc.KubeFramework().Namespace.Name execPod := exutil.CreateExecPodOrFail(oc.AdminKubeClient(), ns, "execpod") defer func() { oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) @@ -108,12 +110,12 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][a g.It("should override the route host with a custom value", func() { - configPath := exutil.FixturePath("testdata", "router", "router-override.yaml") - g.By(fmt.Sprintf("creating a router from a config file %q", configPath)) - err := oc.AsAdmin().Run("new-app").Args("-f", configPath, "-p", "IMAGE="+routerImage).Execute() + routerPod := createOverrideRouterPod(routerImage) + g.By("creating a router") + ns := oc.KubeFramework().Namespace.Name + _, err := oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), routerPod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) - ns := oc.KubeFramework().Namespace.Name execPod := exutil.CreateExecPodOrFail(oc.AdminKubeClient(), ns, "execpod") defer func() { oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) @@ -172,18 +174,18 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][a g.It("should override the route host for overridden domains with a custom value [apigroup:image.openshift.io]", func() { - configPath := exutil.FixturePath("testdata", "router", "router-override-domains.yaml") - g.By(fmt.Sprintf("creating a router from a config file %q", configPath)) - err := oc.AsAdmin().Run("new-app").Args("-f", configPath, "-p", "IMAGE="+routerImage).Execute() + routerPod := createOverrideDomainRouterPod(routerImage) + g.By("creating a router") + ns := oc.KubeFramework().Namespace.Name + _, err := oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), routerPod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) - ns := oc.KubeFramework().Namespace.Name execPod := exutil.CreateExecPodOrFail(oc.AdminKubeClient(), ns, "execpod") defer func() { oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) }() - g.By(fmt.Sprintf("creating a scoped router with overridden domains from a config file %q", configPath)) + g.By("creating a scoped router with overridden domains") var routerIP string err = wait.Poll(time.Second, changeTimeoutSeconds*time.Second, func() (bool, error) { @@ -335,3 +337,135 @@ func ingressForName(r *routev1.Route, name string) *routev1.RouteIngress { } return nil } + +func createOverrideRouterPod(routerImage string) *corev1.Pod { + return &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "router-override", + Labels: map[string]string{ + "test": "router-override", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "router", + Image: routerImage, + ImagePullPolicy: corev1.PullIfNotPresent, + Env: []corev1.EnvVar{ + { + Name: "POD_NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + { + Name: "DEFAULT_CERTIFICATE", + Value: defaultPemData, + }, + }, + Args: []string{ + "--name=test-override", + "--namespace=$(POD_NAMESPACE)", + "-v=4", + "--override-hostname", + "--hostname-template=${name}-${namespace}.myapps.mycompany.com", + "--stats-port=1936", + "--metrics-type=haproxy", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 80, + }, + { + ContainerPort: 443, + }, + { + ContainerPort: 1936, + Name: "stats", + Protocol: corev1.ProtocolTCP, + }, + }, + ReadinessProbe: &corev1.Probe{ + InitialDelaySeconds: 10, + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/healthz/ready", + Port: intstr.FromInt(1936), + }, + }, + }, + }, + }, + }, + } +} + +func createOverrideDomainRouterPod(routerImage string) *corev1.Pod { + return &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "router-override-domains", + Labels: map[string]string{ + "test": "router-override-domains", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "route", + Image: routerImage, + ImagePullPolicy: corev1.PullIfNotPresent, + Env: []corev1.EnvVar{ + { + Name: "POD_NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + { + Name: "DEFAULT_CERTIFICATE", + Value: defaultPemData, + }, + }, + Args: []string{ + "--name=test-override-domains", + "--namespace=$(POD_NAMESPACE)", + "-v=4", + "--override-domains=null.ptr,void.str", + "--hostname-template=${name}-${namespace}.apps.veto.test", + "--stats-port=1936", + "--metrics-type=haproxy", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 80, + }, + { + ContainerPort: 443, + }, + { + ContainerPort: 1936, + Name: "stats", + Protocol: corev1.ProtocolTCP, + }, + }, + ReadinessProbe: &corev1.Probe{ + InitialDelaySeconds: 10, + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/healthz/ready", + Port: intstr.FromInt(1936), + }, + }, + }, + }, + }, + }, + } +} diff --git a/test/extended/router/shard/shard.go b/test/extended/router/shard/shard.go index 5ba39f013688..f5dbe462a7dd 100644 --- a/test/extended/router/shard/shard.go +++ b/test/extended/router/shard/shard.go @@ -9,15 +9,13 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/wait" e2e "k8s.io/kubernetes/test/e2e/framework" + utilpointer "k8s.io/utils/pointer" operatorv1 "github.com/openshift/api/operator/v1" exutil "github.com/openshift/origin/test/extended/util" ) type Config struct { - // FixturePath is the path to the ingresscontroller fixture. - FixturePath string - // Domain is the domain for the ingresscontroller to host Domain string @@ -32,20 +30,41 @@ var ingressControllerNonDefaultAvailableConditions = []operatorv1.OperatorCondit {Type: "Admitted", Status: operatorv1.ConditionTrue}, } -func DeployNewRouterShard(oc *exutil.CLI, timeout time.Duration, cfg Config) (string, error) { - jsonCfg, err := oc.AsAdmin().Run("process").Args("-f", cfg.FixturePath, "-p", - "NAMESPACE=openshift-ingress-operator", - "DOMAIN="+cfg.Domain, - "TYPE="+cfg.Type).OutputToFile("config.json") - if err != nil { - return "", err +func DeployNewRouterShard(oc *exutil.CLI, timeout time.Duration, cfg Config) (*operatorv1.IngressController, error) { + ingressCtrl := &operatorv1.IngressController{ + ObjectMeta: metav1.ObjectMeta{ + Name: cfg.Type, + Namespace: "openshift-ingress-operator", + Annotations: map[string]string{ + "ingress.operator.openshift.io/default-enable-http2": "true", + }, + }, + Spec: operatorv1.IngressControllerSpec{ + Replicas: utilpointer.Int32(1), + Domain: cfg.Domain, + EndpointPublishingStrategy: &operatorv1.EndpointPublishingStrategy{ + Type: operatorv1.LoadBalancerServiceStrategyType, + }, + NodePlacement: &operatorv1.NodePlacement{ + NodeSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "node-role.kubernetes.io/worker": "", + }, + }, + }, + NamespaceSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "type": cfg.Type, + }, + }, + }, } - - if err := oc.AsAdmin().Run("create").Args("-f", jsonCfg, "--namespace=openshift-ingress-operator").Execute(); err != nil { - return "", err + _, err := oc.AdminOperatorClient().OperatorV1().IngressControllers(ingressCtrl.Namespace).Create(context.Background(), ingressCtrl, metav1.CreateOptions{}) + if err != nil { + return nil, err } - return jsonCfg, waitForIngressControllerCondition(oc, timeout, types.NamespacedName{Namespace: "openshift-ingress-operator", Name: oc.Namespace()}, ingressControllerNonDefaultAvailableConditions...) + return ingressCtrl, waitForIngressControllerCondition(oc, timeout, types.NamespacedName{Namespace: ingressCtrl.Namespace, Name: ingressCtrl.Name}, ingressControllerNonDefaultAvailableConditions...) } func operatorConditionMap(conditions ...operatorv1.OperatorCondition) map[string]string { diff --git a/test/extended/router/unprivileged.go b/test/extended/router/unprivileged.go index 7fba9aaf0577..ef70d0ae196f 100644 --- a/test/extended/router/unprivileged.go +++ b/test/extended/router/unprivileged.go @@ -19,7 +19,7 @@ import ( exutil "github.com/openshift/origin/test/extended/util" ) -var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:template.openshift.io]", func() { +var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io]", func() { defer g.GinkgoRecover() var ( oc *exutil.CLI @@ -49,23 +49,19 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:route.openshift.io][a o.Expect(err).NotTo(o.HaveOccurred()) configPath := exutil.FixturePath("testdata", "router", "router-common.yaml") - err = oc.AsAdmin().Run("new-app").Args("-f", configPath).Execute() + err = oc.AsAdmin().Run("apply").Args("-f", configPath).Execute() o.Expect(err).NotTo(o.HaveOccurred()) }) g.Describe("The HAProxy router", func() { g.It("should run even if it has no access to update status [apigroup:image.openshift.io]", func() { - configPath := exutil.FixturePath("testdata", "router", "router-scoped.yaml") - g.By(fmt.Sprintf("creating a router from a config file %q", configPath)) - err := oc.AsAdmin().Run("new-app").Args("-f", configPath, - `-p=IMAGE=`+routerImage, - `-p=ROUTER_NAME=test-unprivileged`, - `-p=UPDATE_STATUS=false`, - ).Execute() + routerPod := createScopedRouterPod(routerImage, "test-unprivileged", defaultPemData, "false") + g.By("creating a router") + ns := oc.KubeFramework().Namespace.Name + _, err := oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), routerPod, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) - ns := oc.KubeFramework().Namespace.Name execPod := exutil.CreateExecPodOrFail(oc.AdminKubeClient(), ns, "execpod") defer func() { oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) diff --git a/test/extended/router/weighted.go b/test/extended/router/weighted.go index 4086092eb061..95aac4d4f03d 100644 --- a/test/extended/router/weighted.go +++ b/test/extended/router/weighted.go @@ -13,28 +13,320 @@ import ( g "github.com/onsi/ginkgo/v2" o "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" e2e "k8s.io/kubernetes/test/e2e/framework" + utilpointer "k8s.io/utils/pointer" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/kubernetes/test/e2e/framework/pod" admissionapi "k8s.io/pod-security-admission/api" + routev1 "github.com/openshift/api/route/v1" exutil "github.com/openshift/origin/test/extended/util" + "github.com/openshift/origin/test/extended/util/image" ) var _ = g.Describe("[sig-network][Feature:Router][apigroup:config.openshift.io][apigroup:image.openshift.io]", func() { defer g.GinkgoRecover() var ( - configPath = exutil.FixturePath("testdata", "router", "weighted-router.yaml") - oc = exutil.NewCLIWithPodSecurityLevel("weighted-router", admissionapi.LevelBaseline) + oc = exutil.NewCLIWithPodSecurityLevel("weighted-router", admissionapi.LevelBaseline) ) g.BeforeEach(func() { routerImage, err := exutil.FindRouterImage(oc) o.Expect(err).NotTo(o.HaveOccurred()) - err = oc.AsAdmin().Run("new-app").Args("-f", configPath, "-p", "IMAGE="+routerImage).Execute() + + g.By("creating a weighted router") + + g.By("creating a RoleBinding") + roleBinding := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "system-router", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: "default", + }, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "ClusterRole", + APIGroup: "rbac.authorization.k8s.io", + Name: "system:router", + }, + } + + ns := oc.Namespace() + _, err = oc.AdminKubeClient().RbacV1().RoleBindings(ns).Create(context.Background(), roleBinding, metav1.CreateOptions{}) o.Expect(err).NotTo(o.HaveOccurred()) + + g.By("creating Services") + services := []corev1.Service{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "weightedendpoints1", + Labels: map[string]string{ + "test": "router", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "test": "weightedrouter1", + "endpoints": "weightedrouter1", + }, + Ports: []corev1.ServicePort{ + { + Port: 8080, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "weightedendpoints2", + Labels: map[string]string{ + "test": "router", + }, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "test": "weightedrouter2", + "endpoints": "weightedrouter2", + }, + Ports: []corev1.ServicePort{ + { + Port: 8080, + }, + }, + }, + }, + } + + for _, service := range services { + _, err = oc.AdminKubeClient().CoreV1().Services(ns).Create(context.Background(), &service, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } + + g.By("creating Routes") + routes := []routev1.Route{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "weightedroute", + Labels: map[string]string{ + "test": "router", + "select": "weighted", + }, + }, + Spec: routev1.RouteSpec{ + Host: "weighted.example.com", + To: routev1.RouteTargetReference{ + Name: "weightedendpoints1", + Kind: "Service", + Weight: utilpointer.Int32(90), + }, + AlternateBackends: []routev1.RouteTargetReference{ + { + Name: "weightedendpoints2", + Kind: "Service", + Weight: utilpointer.Int32(10), + }, + }, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "zeroweightroute", + Labels: map[string]string{ + "test": "router", + "select": "weighted", + }, + }, + Spec: routev1.RouteSpec{ + Host: "zeroweight.example.com", + To: routev1.RouteTargetReference{ + Name: "weightedendpoints1", + Kind: "Service", + Weight: utilpointer.Int32(0), + }, + AlternateBackends: []routev1.RouteTargetReference{ + { + Name: "weightedendpoints2", + Kind: "Service", + Weight: utilpointer.Int32(0), + }, + }, + Port: &routev1.RoutePort{ + TargetPort: intstr.FromInt(8080), + }, + }, + }, + } + + for _, route := range routes { + _, err := oc.RouteClient().RouteV1().Routes(ns).Create(context.Background(), &route, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } + + g.By("creating route Pods") + routerPods := []corev1.Pod{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "weighted-router", + Labels: map[string]string{ + "test": "weighted-router", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "router", + Image: routerImage, + ImagePullPolicy: corev1.PullIfNotPresent, + Env: []corev1.EnvVar{ + { + Name: "POD_NAMESPACE", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }, + }, + { + Name: "DEFAULT_CERTIFICATE", + Value: defaultPemData, + }, + }, + Args: []string{ + "--namespace=$(POD_NAMESPACE)", + "-v=4", + "--labels=select=weighted", + "--stats-password=password", + "--stats-port=1936", + "--stats-user=admin", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 80, + }, + { + ContainerPort: 443, + }, + { + ContainerPort: 1936, + Name: "stats", + Protocol: corev1.ProtocolTCP, + }, + }, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "endpoint-1", + Labels: map[string]string{ + "test": "weightedrouter1", + "endpoints": "weightedrouter1", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "test", + Image: image.LocationFor("registry.k8s.io/e2e-test-images/agnhost:2.40"), + Args: []string{ + "netexec", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8080, + Name: "http", + }, + { + ContainerPort: 100, + Protocol: corev1.ProtocolUDP, + }, + }, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "endpoint-2", + Labels: map[string]string{ + "test": "weightedrouter2", + "endpoints": "weightedrouter2", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "test", + Image: image.LocationFor("registry.k8s.io/e2e-test-images/agnhost:2.40"), + Args: []string{ + "netexec", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8080, + Name: "http", + }, + { + ContainerPort: 100, + Protocol: corev1.ProtocolUDP, + }, + }, + }, + }, + }, + }, + { + ObjectMeta: metav1.ObjectMeta{ + Name: "endpoint-3", + Labels: map[string]string{ + "test": "weightedrouter2", + "endpoints": "weightedrouter2", + }, + }, + Spec: corev1.PodSpec{ + TerminationGracePeriodSeconds: utilpointer.Int64(1), + Containers: []corev1.Container{ + { + Name: "test", + Image: image.LocationFor("registry.k8s.io/e2e-test-images/agnhost:2.40"), + Args: []string{ + "netexec", + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8080, + Name: "http", + }, + { + ContainerPort: 100, + Protocol: corev1.ProtocolUDP, + }, + }, + }, + }, + }, + }, + } + + for _, pod := range routerPods { + _, err = oc.AdminKubeClient().CoreV1().Pods(ns).Create(context.Background(), &pod, metav1.CreateOptions{}) + o.Expect(err).NotTo(o.HaveOccurred()) + } }) g.Describe("The HAProxy router", func() { @@ -51,8 +343,6 @@ var _ = g.Describe("[sig-network][Feature:Router][apigroup:config.openshift.io][ oc.AdminKubeClient().CoreV1().Pods(ns).Delete(context.Background(), execPod.Name, *metav1.NewDeleteOptions(1)) }() - g.By(fmt.Sprintf("creating a weighted router from a config file %q", configPath)) - var routerIP string err := wait.Poll(time.Second, changeTimeoutSeconds*time.Second, func() (bool, error) { pod, err := oc.KubeFramework().ClientSet.CoreV1().Pods(oc.KubeFramework().Namespace.Name).Get(context.Background(), "weighted-router", metav1.GetOptions{}) diff --git a/test/extended/testdata/bindata.go b/test/extended/testdata/bindata.go index 6d00fe14907a..fd356e2cd22c 100644 --- a/test/extended/testdata/bindata.go +++ b/test/extended/testdata/bindata.go @@ -436,21 +436,8 @@ // test/extended/testdata/router/ingress.yaml // test/extended/testdata/router/reencrypt-serving-cert.yaml // test/extended/testdata/router/router-common.yaml -// test/extended/testdata/router/router-config-manager.yaml -// test/extended/testdata/router/router-grpc-interop-routes.yaml -// test/extended/testdata/router/router-grpc-interop.yaml -// test/extended/testdata/router/router-h2spec-routes.yaml -// test/extended/testdata/router/router-h2spec.yaml // test/extended/testdata/router/router-http-echo-server.yaml -// test/extended/testdata/router/router-http2-routes.yaml -// test/extended/testdata/router/router-http2.yaml -// test/extended/testdata/router/router-idle.yaml // test/extended/testdata/router/router-metrics.yaml -// test/extended/testdata/router/router-override-domains.yaml -// test/extended/testdata/router/router-override.yaml -// test/extended/testdata/router/router-scoped.yaml -// test/extended/testdata/router/router-shard.yaml -// test/extended/testdata/router/weighted-router.yaml // test/extended/testdata/run_policy/parallel-bc.yaml // test/extended/testdata/run_policy/serial-bc.yaml // test/extended/testdata/run_policy/serial-latest-only-bc.yaml @@ -47774,13 +47761,11 @@ func testExtendedTestdataRouterReencryptServingCertYaml() (*asset, error) { return a, nil } -var _testExtendedTestdataRouterRouterCommonYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -objects: - +var _testExtendedTestdataRouterRouterCommonYaml = []byte(`kind: List +apiVersion: v1 +items: # ensure the router can access routes and endpoints -- apiVersion: v1 +- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: system-router @@ -47788,6 +47773,8 @@ objects: - kind: ServiceAccount name: default roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io name: system:router # two routes that differ only by their labels and names @@ -47905,764 +47892,6 @@ func testExtendedTestdataRouterRouterCommonYaml() (*asset, error) { return a, nil } -var _testExtendedTestdataRouterRouterConfigManagerYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -objects: -- apiVersion: v1 - kind: Pod - metadata: - name: router-haproxy-cfgmgr - labels: - test: router-haproxy-cfgmgr - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: ["--namespace=$(POD_NAMESPACE)", "-v=4", "--haproxy-config-manager=true", "--blueprint-route-labels=select=hapcm-blueprint", "--labels=select=haproxy-cfgmgr", "--stats-password=password", "--stats-port=1936", "--stats-user=admin"] - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - serviceAccountName: default - -# ensure the router can access routes and endpoints -- apiVersion: v1 - kind: RoleBinding - metadata: - name: system-router - subjects: - - kind: ServiceAccount - name: default - roleRef: - name: system:router - -# blueprints for edge, reencrypt and passthrough routes with annotation(s) -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: edge-blueprint - labels: - test: router - select: hapcm-blueprint - annotations: - router.openshift.io/cookie_name: empire - spec: - tls: - termination: edge - host: edge.blueprint.hapcm.test - to: - name: insecure-service - kind: Service - ports: - - targetPort: 8080 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: reencrypt-blueprint - labels: - test: router - select: hapcm-blueprint - annotations: - ren: stimpy - spec: - tls: - termination: reencrypt - host: reencrypt.blueprint.hapcm.test - to: - name: secure-service - kind: Service - ports: - - targetPort: 8443 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: passthrough-blueprint - labels: - test: router - select: hapcm-blueprint - annotations: - test: ptcruiser - foo: bar - spec: - tls: - termination: passthrough - host: passthrough.blueprint.hapcm.test - to: - name: secure-service - kind: Service - -# config map for nginx -- apiVersion: v1 - kind: ConfigMap - metadata: - name: serving-cert - data: - nginx.conf: | - daemon off; - events { } - http { - server { - listen 8443; - ssl on; - ssl_certificate /etc/serving-cert/tls.crt; - ssl_certificate_key /etc/serving-cert/tls.key; - server_name "*.svc"; - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } - } - -# pods that service http[s] requests -- apiVersion: v1 - kind: Pod - metadata: - name: insecure-endpoint - labels: - test: haproxy-cfgmgr - endpoints: insecure-endpoint - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP -- apiVersion: v1 - kind: Pod - metadata: - name: secure-endpoint - labels: - app: secure-endpoint - spec: - containers: - - image: registry.k8s.io/e2e-test-images/nginx:1.15-2 - name: serve - command: - - /usr/sbin/nginx - args: - - -c - - /etc/nginx/nginx.conf - ports: - - containerPort: 8443 - protocol: TCP - volumeMounts: - - name: cert - mountPath: /etc/serving-cert - - name: conf - mountPath: /etc/nginx - - name: tmp - mountPath: /var/cache/nginx - - name: tmp - mountPath: /var/run - volumes: - - name: conf - configMap: - name: serving-cert - - name: cert - secret: - secretName: serving-cert - - name: tmp - emptyDir: {} - - name: tmp2 - emptyDir: {} - -# services that can be routed to -- apiVersion: v1 - kind: Service - metadata: - name: insecure-service - labels: - test: router - spec: - selector: - test: haproxy-cfgmgr - endpoints: insecure-endpoint - ports: - - port: 8080 -- apiVersion: v1 - kind: Service - metadata: - name: secure-service - annotations: - service.alpha.openshift.io/serving-cert-secret-name: serving-cert - spec: - selector: - app: secure-endpoint - ports: - - port: 443 - name: https - targetPort: 8443 - protocol: TCP - - -# insecure, edge secured, reencrypt and passthrough routes -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: insecure-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - host: insecure.hapcm.test - to: - name: insecure-service - kind: Service - ports: - - targetPort: 8080 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: edge-allow-http-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow - host: edge.allow.hapcm.test - to: - name: insecure-service - kind: Service - ports: - - targetPort: 8080 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: reencrypt-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - tls: - termination: reencrypt - host: reencrypt.hapcm.test - to: - name: secure-service - kind: Service - ports: - - targetPort: 8443 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: passthrough-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - tls: - termination: passthrough - host: passthrough.hapcm.test - to: - name: secure-service - kind: Service -`) - -func testExtendedTestdataRouterRouterConfigManagerYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterConfigManagerYaml, nil -} - -func testExtendedTestdataRouterRouterConfigManagerYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterConfigManagerYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-config-manager.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterGrpcInteropRoutesYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: TLS_CRT -- name: TLS_KEY -- name: TYPE -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-h2c - labels: - type: ${TYPE} - spec: - host: grpc-interop-h2c.${DOMAIN} - port: - targetPort: 1110 - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-edge - labels: - type: ${TYPE} - spec: - host: grpc-interop-edge.${DOMAIN} - port: - targetPort: 1110 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-reencrypt - labels: - type: ${TYPE} - spec: - host: grpc-interop-reencrypt.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-passthrough - labels: - type: ${TYPE} - spec: - host: grpc-interop-passthrough.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None -`) - -func testExtendedTestdataRouterRouterGrpcInteropRoutesYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterGrpcInteropRoutesYaml, nil -} - -func testExtendedTestdataRouterRouterGrpcInteropRoutesYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterGrpcInteropRoutesYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-grpc-interop-routes.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterGrpcInteropYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE -objects: -- apiVersion: v1 - kind: Service - metadata: - name: grpc-interop - annotations: - service.beta.openshift.io/serving-cert-secret-name: service-cert-grpc-interop - spec: - selector: - app: grpc-interop - ports: - - appProtocol: h2c - name: h2c - port: 1110 - protocol: TCP - targetPort: 1110 - - name: https - port: 8443 - protocol: TCP - targetPort: 8443 -- apiVersion: v1 - kind: Pod - metadata: - name: grpc-interop - labels: - app: grpc-interop - spec: - containers: - - image: ${IMAGE} - name: server - command: ["ingress-operator", "serve-grpc-test-server"] - ports: - - containerPort: 1110 - name: h2c - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - volumeMounts: - - mountPath: /etc/serving-cert - name: cert - readinessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - livenessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - volumes: - - name: cert - secret: - secretName: service-cert-grpc-interop -`) - -func testExtendedTestdataRouterRouterGrpcInteropYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterGrpcInteropYaml, nil -} - -func testExtendedTestdataRouterRouterGrpcInteropYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterGrpcInteropYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-grpc-interop.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterH2specRoutesYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: TYPE -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - app: h2spec-haproxy - type: ${TYPE} - name: h2spec-passthrough - spec: - host: h2spec-passthrough.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: h2spec-haproxy - weight: 100 - wildcardPolicy: None -`) - -func testExtendedTestdataRouterRouterH2specRoutesYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterH2specRoutesYaml, nil -} - -func testExtendedTestdataRouterRouterH2specRoutesYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterH2specRoutesYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-h2spec-routes.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterH2specYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: HAPROXY_IMAGE -- name: H2SPEC_IMAGE -objects: -- apiVersion: v1 - kind: ConfigMap - metadata: - name: h2spec-haproxy-config - data: - haproxy.config: | - global - daemon - log stdout local0 - nbthread 4 - tune.ssl.default-dh-param 2048 - tune.ssl.capture-cipherlist-size 1 - defaults - mode http - timeout connect 5s - timeout client 30s - timeout client-fin 1s - timeout server 30s - timeout server-fin 1s - timeout http-request 10s - timeout http-keep-alive 300s - option logasap - option http-buffer-request - log-format "frontend:%f/%H/%fi:%fp GMT:%T\ body:%[capture.req.hdr(0)]\ request:%r" - frontend fe_proxy_tls - option http-buffer-request - declare capture request len 40000 - http-request capture req.body id 0 - log global - bind *:8443 ssl crt /tmp/bundle.pem alpn h2 - default_backend haproxy-availability-ok - backend haproxy-availability-ok - errorfile 503 /etc/haproxy/errorfile - http-request deny deny_status 200 - errorfile: | - HTTP/1.1 200 OK - Content-Length: 8192 - Cache-Control: max-age=28800 - Content-Type: text/plain - - 2wWvUP5ISuTTzmzf27uZ/hGEVQMowYJYgDBZPGj3VY9XEHtdiCILqnw6oMvB95lUtNDPfVh+sEpM - 4NbGyxC/hALxe98LaexsWfMgdtrOs0Cre2MwGeL2Vgr68Ju9mTzL3YpYetU09WSesko6RfnqjPyA - b0dsc7XecYeh8XfetC5WgUfsGGhJTKEd80ClFAWv0usTU+qccoG7zkxxTGzw5qzp7L+B4t8Bwgjf - dvFOZZ3cwPowiGg+4iF7rwbBCtOfXgFe/eBVGpP5KtW6hcdf7Wqw/w6Tkf8ZXlKSzT6xLXrq0C73 - OrUwvRn+NJl6wbpSOFEvB3Cp19Q0oMTa9+alvPwWZxwXEIi85hT5YVDZsb0pP1hcTOQAsT5LOWzm - mtNcIstM50XZj1hHEhJeixp5gAsrwY1m+Uwm2X6a70NBEtqnP0B04oOIPfTtebORGu1DiJGgntWM - wdk1ReLyDLTS2tISn6ItAwknF0Qk3D5kMqNN2sB1GBcWf7zqTlgB3W2p6I31P2Vt/I+z859JwbIw - 3w3AI5UAGSPmguLzzdPrqKa1igzrBcoDvEJnk2O0+39qlJ+Sa2Ko02KjGkl7ZNZJwUAIKMsC5vAl - hV2KFRtRnWa7YzDMuNzoOZezPnIz8zvLVQFVGCSnpu7crAKrrhJD9F/nDBEnLtA5lzJRf32LUYNI - tCs2CHt8guaddJ1U1+lEGLKX3QM0N62MhDQy2lZwAvag8WlW1le+kj0vO1NYCwauzEWZtdHEedGv - E98m9Y4OWDLl4k8uTV0f8vsgwHTCgFcJ8EmWYizi/ykL1kfdR324JiW+3YpH3F8GEp9L7ESkqIns - eXajNzKhagc1e+YM8Xe6SjWDXbdVV9ZSEsgdhK2gy0MQchK2vU1hzUKq4cxDTMJ8k3CAkuG3IFpd - Nyv9eW4aJUSsNv2OzH0iRUaXs3qAefORFQgn8/Qe2c6wSDAI5wHEi7zi/Lick3UVv+7V13zfvcWl - 32A2p1Erotjl/tgj4lX60Ci3uRgRBQ/9wR/N9JuH0A4ynn0uBaS1M/Qpbmz78/oeXQgCEnUCEA4k - DXYvXl6o+dEfJkuUYMIAH4wadtmdf+DSH9oOPvBFSM93X8BF21SSDeb8K+YfIi6+Ivzll+5jcNoi - uUryTyp1don75Zk6CT7b2m1o514MS68ulcNI4g36GpaS44rnuvQGyacdau6NabzgR0Q/3n9kOlFE - IOse9+eUEmR6KXZ/DuoeT7M2+Qul4uNwJz8i2RrF7mAToB3k0qdA8fO2munXXWoGr77vSkEDdJeq - ihFBQ60KNZeZh4x18uAxYigNrYfWjmIFAdzQd9XpsGL7iHYmjyHUQQabzFirJdeS4w4hZoSznA5m - 1CtCvRtAT8RPoiUPSqKU3QtH46iNGusjRoRfCj7ynrmeqeDqkw4H34CrnkolqT1hDqvaqZIyJo50 - D3MGeURwMM6DYjWKOaVJaQDbXC8Ahb67+1nKUEyEaLKkfTh8GPGOnmBiWub/Y/N3AL9TEuihw9KP - NtjZQ82jL32NqdSdwKDXmE2SMmElUOY6fVFEGDVdgx9eJbeMaiSwXLTtUFxAxsO1wY5jDf8Cr97w - P8tLv1CPcec381Y2jAD0CgkGaa1u0VTj0jLFIwZK2faeKa3VJrB7ldYD74+PwiIgfl9nbvxlC8KN - 5RTd7ThSGRQ+N7zpjRdaoftafUcFj6G/O/QrbhPxLZHcHG+zBGt/Fkr1lswfjiDsHHSM1ZyLiuny - ZqFBSSjL8X+NOa76tUq414UrZZ85w6nDTkzitXb36x8TEgfaoipUZJVNQ8smjE3bO9wB1zyzYXh7 - vDQe9p3GfRN223tJKGhXZ1SewOqoZsEWTogk6FFxngAyYb6jfqFFChe9gSrjS54+WUm0HyvSGuks - q/NwwvgI69cXqPZL6eXpgAAwFbt366HbGDHcKaG02fmuBNdhguw1BuF3EaBiPF2beQvYx9GPyzua - VDTflywUGXI3JixRbwT0TgXDIX+2FceA5NcyGQLjwF5CpDH650PaholA3dUif8Blls+FpJ74UdK1 - Ws+mG/UaBZ31hLHKqHI986G3PSxEWYyrF6vL6+CuNfet/SYh7AMRWK93Rkb3/N8GPosuFPaBNZLR - EBSHW9HUTP0viNWDupGx8mmncAUb9HLjqcFJoWGqZjVKaYe8J3NwvaL1P8+/v7ckpLUzOgiZVake - azDZDBoEfqFp/EGwnwm/KsnCQZ/I0aqrVW8T3AjUyFRIBw+rYLLGC2oIiUDH5ccvYhDY1epYS3C/ - qW+mWa1XNz0Aat+7LFoMt4BG3319S/fqApIRMq3rcoegfPhGSI9CBoNnLCxz/GHnlSxstCIQdnMJ - xwWBgvHuVb84bHfsRknUQX7g5s7xf9UK06TXRmYG+lb70Trkb0EZKzT17IMIOnZk4BCJkX08YK88 - C1rP68EjSdLSRiln3EPJ6kuNVFct077SfDG3SiLldx/VsZGSFzqWv69Qdb82wI+v5FcV3TZkrZAP - mhHJEWFaWvtEMyc7TtNI+0XhME96RIscBSLtoaRRV8CbMSJ8uanfox5LFId0gD4kfWiGtirj9/1/ - GnAUoMhFeipQ8mYKu2zwOFsDVmWzC10uNyorY4qg/WBJ6A3asEcHIUVkmOnakPkRipKTKxFYlXjF - 1Jau+KsvHTvWxOP/LTDipJjxwQWBzDEmUHOQJJrHQG/grmOPFB891bcFRLWzYSuSYCSLetA8HlCK - m9Bxit43AUhLeeUoVHroflvyHhI1LT2k6crEz4g/bdLMi7ncbtCmB88k6UYXUaXKL2YlzxRp+cWA - nxeR63cR2RXeqUVdO3GqgAFKHFw96lgbF74qBc9AE5r5juzvT6qoHq7sHNJ31VhA6cASdIio+H+D - O2sb8xvGyuCfydIHgJoRc2ilhVsMPwEoMsCrp1MRWE5tLgkn0uH5RjV1K1yDYY0PivgJYbBtjOhx - mcaaa+P8jHc7J/Q6rI6BCjehbOwFY7dbCjcBJ8y39yNvDFwtj53UxMiWoRSwNO8ICJNFwm1dXjUa - gJ/+g6q0U4qf0nL5f/whHCsY8qdD9Jj9qcRjvSNaiP/l44ETGA2bc+/33cdZZImYAw54nfoN1UPx - hcvP3dsol6SaHgGOvZV0R6sapasMbIuFOkAXEVjn75E1dnWoom2k/cWH1gCxStYKUE4ilsMi+Smb - ejw1wXXJ4IG/861DPEAfrhwXO5nBppSClyf8ASMI+EjJmEO9o9b+hvKST0lN/+qnXfgzyirrhjSH - B8mMyArxcZo3+avdi1hC8VgNsRpR9aC7Sim9v8gjMfVg0qvIcDPjfvozyXhiEhrc7T+GDqk6Ledv - lOwTMw+i5UlrEEeJXDp8Ae8dQ1i/aLN/J7bR6LI9off7egiSIgnoOaUJl5LfvHqzFJsbjpSrm9U9 - hrhs9ChG6Qa1VsB/cvoaLwbzXi3XcbPue8DuNrgTP4CcP7KtiiS+NM+n0nRKEk9y7eeSfjXI5pE7 - 6JFIdYs2qXFLtc+SuBq4M2dtKySiOr27gi59sbgr/OlWl+JQDNKPZ3XFM9nsoNpD3QU5Ye0DKzrI - rJh5Q/Gt3fQg91sFiB76kkpsQ88GQ/kgui9jadTYZcRmz/vQkoiQShX0xhdbkmwQgocnNO9IkZy+ - vua906n5skPPQIpaZOPuIxBoHE/1y+Ap2ofezIBj9p/HNv5Aolc1TL0eY5dPabXWwab/4vutMKos - MKAbI1Gow+RyptiZsau72g/IicWTIpBbveRnbiDWTmw2uwLus4asSanzWjZnlNyy0MIVK0uZRNVn - NBKCXH2VbYMyPIvN9CQbCl7/VnL4qPC8sxkJL28ZtwW881Kn79k49Go7FXZn/go1hdig8av4h+JZ - cHw+bjsNKe3Mr6JvyLIpkvsBFL3TGRQkEy/me6V2HI8dl3RoryJy3SiE8G5uXlKXJywYOaCoIUIp - 2uyalKb2YNaZFc6xHjputeIegC4zJh6KmKK8H4n92/qn33DK813xaFpcQWh6HfTL33V1xn6x93jX - x40RmHxbslHN0DYbYcK8fDEdvHfAY/zzKpvXg1TsKYuW8tyeXWL5NjfGND7XliJCo/GIj0dAyWro - IkLvv7XqnAUvLyH+Kd1LBzMa+1Q6luGSQaYaw1Uwioi0+W8VP/vd2MZifv/M+Fg9jXQ0YAPxvnqw - dMNjVq+kCJY9wjwBpgEOdXte5cZebR4b9Zyn0DRFzb4levpCF0bjmJcbzgE/doh8c+qfCIxK57/l - j37u34+y4OjnTeqm991+jnzqjHP9Dr96IjRRVh268Hgqymx670MolqAFlb7Fazwi/+3n4wH6oIjj - cbgFVrsOH0KFnLKf3QFOA2Rr/x+ycY8e0A3Br90AjEzHBsbV2LCpmcB5JaFxQG3K8IGXP2O3h7jP - yXHLPG/Euu0CTN4TlDNl45Ppk2GY48jGb6bdhJjV/qeL49y9wSghFmnGlXkbOxZ/JqI2QeIXleAe - xeVcdnCF9d3mEE0POtHvh4/nF3SS6IwqQd9qtiNLvDrCuhLJCTfowCfTm0WzpNJmaXxrKG4jyUJG - IpVcQSKulIDwkgt66V/PtbgE/2V+4+EvYgP5uM8tf7AAskxlnqB5L81Ph/0zsumrqLUsX1gTONCW - Hqf0cPJlALcHY/FaKq3sZl3J/BoIygIR2IwMeOQCEprt46RsJeY8AAWEk0p9eDoiX7eniV8YFes9 - mNUXxHyg1GYzRtbXv0Ua/TomdZwFVhOYGb2SeVCDmzmjPcWLnLZ8949jbHIKIvKgkYgFF5qrtukA - PcPkKGAbzAUpiWr7zn8pp1emm3YRhzvYVJ2gNMtxHZkRg6uNAbt/mF1BqIS8ODtTUUo4+gC/RGYF - bgJryFrYBuFihZLOSXV0T6KNcp/04xRTXI63nfGuJaY0iSoPI3mbeulgxMIFAoALb3nQ9z0bVSzT - Lf6jPmaeM379NQ0bg0IoF+lrRYNTOAE5LssUrDTO8EV402wulLU0MR3bKKkt4jvp04/GpIjn9xmJ - 3ZuWjxjvyZGjlaGT/BgsAgi/MuNN1Syty0Pzw8cJUWAogcak/2Xt7cY0+xTWtk7JHy9npv0hNzaw - mpt6NM0Yk4wqMDE9VL8G5P302eAYv11/ZlRM9yDUmTr15wwEc2J0koLqulN96VwMekGsPMi1makl - JpcHjgSuuM4CrD8sd6L8K6IyZWyGBmWV4JQ2Sd4lGvuzxf9+5pS3Q2Iq6QqPzW6rBa9GUAufvtI0 - cR+JxqDOwCEd9IwaDq1mvLFUqlfvlGgyj1GrOYMJMMjBa/ErFtnsFL2rzO9g1QkHtErTND50VM8C - IdAybJLV4DOUwzOK3NSElr4Wej8K0Lfbwe4R3KzE4vRc+mO1ZesiPyfM7VsR7dN2NRDTTqWF7dXn - jrCpI2Pwz/BSwbtNvKnVrELydJYqQZ4YN0Kgkb5ZQ+Ei23t+X6IjRNTY576q5BtmNw9MEV70/b4w - Ac0ArzOfp+PbLaC6WdjxzI/AdpZJ5RSBo3w5PY+3P8IG4tz1UyKMhvCtA/xBGTu77C83a0R696aL - kMA5RhYjlCdm73+BMTLp17jXM+j5ek8pt0l5beEWOQSQQuzowiyPwfyp3c77A+3OsuK1dIdTpxh4 - EeGLY1UuMQla1ugZODWHac42h6uBftP7Q77qKbCQHHB6G7HlH8xIJp6YfoBbqeQuMhrZrbeWGMpE - XGHizQFlsiHAniPfcY+XaCE4sgW+2gAlR6ESkO3DnGFnyejMspfa+BDdZBfuUO1JNWQwOtlooicQ - JXbSKAVrfDTsFrerk1LJkuhCvIGINt7D+9i9/t+twgA834ObDzb89dpWJAiFV1JtfJW4DGTKga6I - 850NJW8/GP4l/hqH0EH9jSDXgjdhS0716/nEjXnwZ0rsHLfGq1AaMUHv972wv+3TA188kzlk7fRr - wuJbuLpwVqp/H1LNueJu+/lzFQoh9eeboguENZNIoZQ7cD0pINwHdeyhXZDomaxHnIrxiZmy72P/ - aNkruB+Kf7evbRHzPNZAWkie/PwDrAsPLpeiTuK3nhpd/XIfmnNXZtt1X53MJHRwDMl00ze7lXwn - 37Pm2dYsZo2f20cIuVrzyOPv9f9y2y92UAJ6VvPxHjci2lQupmdn/D7kdeF44nZWUMRkvnHW+Lxj - NYHuwwX6sOoKavnmVALOhYk9mukP4pNliuvcJmuhJxaI9oQah8encM2WA8Z7s61Xf1Gk2luMH709 - 0EX6VvPrNLFUY7xJJsXT191vyrg6Wu5Yd2ZIFXrCgKBLfHumvO3NE+YE+LKK6xrH7Urk9trmKJKt - sfsgmIz8xj4D59tlIsgKZfwGsIbIlachpjhXM9jNdOSe5k2tHNdnh1OvBJvOIqKSp4uVlHZnLUMZ - 07rzxr9wdzU4ihaUgvreVpar6vnNYuj/TTDRP0FcBay0IuPunVhX9Wel5ga+NWIV9srCmzsJN7/d - puvaV9sb5dc0M0klEq41bMKDFd86YKifRhwagol5OAHTPjvIqZ9WOr/7XVuxAtOG0l1ohgrKTtfV - jw4KZCd+zIazzwuA0ItCENMmAm2Xppqy1T0Uu7gql3b8XAtsk+IhQw+L8H/oJtt/vaRSnbfTS02N - umm7CcneYyHT1FiuMfm5rkHee7rPR+YiDXlnkrTjd6HaBk3a/mEf0amzsMH9s4FzQRLbYPcXZrfi - ah18pV5ZlcfsC1kmM+wBbxCjxoUcV2DyeGiMdQo2Pif9LpPXOo6SE9a4lDovQF5brB6z9MGUZlKf - n+bQ1SVZxu4ArWLnbmXrgHzz+APsWh6VBfCw0MT8oP7uzB6tzIP1RCm7uKgb1Hi2f8f4DympfW4r - K3/H/5c3foZqlZDSDCGv3amzwkSZ3VsWHPrGFa0jLkTweBf+8UyzRIdoceDI7Ovg9cOiVf4bVqA/ - B4DavbV6xOAbHloEJTIEI54epi2CEFnAvpJUgr+uWkgQbSTJVmXUWw0s6gv+2sbeNYYz169c1ScP - U1afX80IXtL0iq7sQjbEPfOg9hWbHQWoAaSgLT0mvGkMHn8eKUBFdvF2paNOfU47OirGz1ifdRZe - 9BgBR6glFDlp5g99K6PXxADoy+nHAKnzxlWuxjfMoXgcIWpmIXad+vi3m7J48Z8xAaN8/657UjNW - JmYHVjst8m+Q14lyMJfFj1Q+9FjyKTGwSjryd5dUJacyGrg3mli2v99KnTsOjY1Wm6//G5dcuRIT - IceUARlCKNONQVe3tM4LoIglqTipwfzLwjDfb223BAfNt41otmZ3VGM8yesZQmAnokKhcErDTrw3 - g9aoCI6OlrtLrTx3V1k7qW9INLZXspvhU4CalQdWvugpH4prAQO6FeFLCu66/KIL9FZoe5n66UBz - TFR2ih8dKo1JV/aLuqjpsZ+l4lNal4vnqgaLUehC7j1zQAiLD585VMuEliJSmES8wHL3nt5JUKoe - 2Y6+aRDQqYUZsEhnPQ1H+0AT5LHOh6P1576m52Bp2tczVjN2K6Hgw+koDUmZj7YUj1stzjKso5rM - 0zRAppa9g4XJSDnjaBFdYcRmWZ+PE/sjXzcu1eNtttlJqmYqO4dMGHiffoBIvz9nvqn8eZIRMPdt - D1/ykxN6Cbl42Ox9WTSIZncj6LbhB/5dT12DdCtedx7ljDcGVQm30HbB5GSYWYuWphJSJ0YWX8O+ - lW8A3Qy0Vnu2EZUsNKBzgSbws63t2xrizMq0eRkMkHL8L4OUFKenwro6m0PJcuPhTBhVN0ek73vl - YVdXRPoPejw6wPeETZ6ObnCFqySDsycqyIwYXmxFNw3aYiTjFls2i+BZ6lGManDeJ/U/VKdrJt74 - Ua3HXuQXe9z/uOBdmiWPBuIA79uzt3C/g5hTFt3L4Q25aRMRXIQkrtRRfP6AEyKJmAUY1hwyIJQV - +HVW+djWL9nO1/REKbJcGPmQwscoH9YYrP4XpLaXbWV/XbuCsyPzW+QKqUinMIX3LlAIYgJp+pyb - m2/3So5gYJkPZxx4UxVrqxAkKhSkQVHvv6Rvj6LkdomEfA76eWKxxvksde+zZkD2ZcWMg0obX1Ox - BFNBRELPe53ZdLKWpf2Sr96vRPRNw -- apiVersion: v1 - kind: Pod - metadata: - name: h2spec-haproxy - labels: - app: h2spec-haproxy - spec: - containers: - - image: ${HAPROXY_IMAGE} - name: haproxy - command: ["/bin/bash", "-c" ] - args: - - set -e; - cat /etc/serving-cert/tls.key /etc/serving-cert/tls.crt > /tmp/bundle.pem; - haproxy -f /etc/haproxy/haproxy.config -db - ports: - - containerPort: 8443 - protocol: TCP - readinessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - livenessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - securityContext: - allowPrivilegeEscalation: true - volumeMounts: - - mountPath: /etc/serving-cert - name: cert - - mountPath: /etc/haproxy - name: config - volumes: - - name: config - configMap: - name: h2spec-haproxy-config - - name: cert - secret: - secretName: serving-cert-h2spec -- apiVersion: v1 - kind: Service - metadata: - name: h2spec-haproxy - annotations: - service.beta.openshift.io/serving-cert-secret-name: serving-cert-h2spec - spec: - selector: - app: h2spec-haproxy - ports: - - port: 8443 - name: https - targetPort: 8443 - protocol: TCP -- apiVersion: v1 - kind: Pod - metadata: - name: h2spec - labels: - app: h2spec - spec: - containers: - - name: h2spec - image: ${H2SPEC_IMAGE} - command: ["sleep"] - args: ["infinity"] -`) - -func testExtendedTestdataRouterRouterH2specYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterH2specYaml, nil -} - -func testExtendedTestdataRouterRouterH2specYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterH2specYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-h2spec.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _testExtendedTestdataRouterRouterHttpEchoServerYaml = []byte(`apiVersion: v1 kind: List metadata: {} @@ -48736,286 +47965,6 @@ func testExtendedTestdataRouterRouterHttpEchoServerYaml() (*asset, error) { return a, nil } -var _testExtendedTestdataRouterRouterHttp2RoutesYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: TLS_CRT -- name: TLS_KEY -- name: TYPE -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-default-cert-edge - labels: - type: ${TYPE} - spec: - host: http2-default-cert-edge.${DOMAIN} - port: - targetPort: 8080 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-default-cert-reencrypt - labels: - type: ${TYPE} - spec: - host: http2-default-cert-reencrypt.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-custom-cert-edge - labels: - type: ${TYPE} - spec: - host: http2-custom-cert-edge.${DOMAIN} - port: - targetPort: 8080 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-custom-cert-reencrypt - labels: - type: ${TYPE} - spec: - host: http2-custom-cert-reencrypt.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-passthrough - labels: - type: ${TYPE} - spec: - host: http2-passthrough.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -`) - -func testExtendedTestdataRouterRouterHttp2RoutesYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterHttp2RoutesYaml, nil -} - -func testExtendedTestdataRouterRouterHttp2RoutesYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterHttp2RoutesYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-http2-routes.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterHttp2Yaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE -objects: -- apiVersion: v1 - kind: Service - metadata: - name: http2 - annotations: - service.beta.openshift.io/serving-cert-secret-name: serving-cert-http2 - spec: - selector: - name: http2 - ports: - - name: https - protocol: TCP - port: 8443 - targetPort: 8443 - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 -- apiVersion: v1 - kind: Pod - metadata: - name: http2 - labels: - name: http2 - spec: - containers: - - image: ${IMAGE} - name: server - command: ["ingress-operator", "serve-http2-test-server"] - readinessProbe: - failureThreshold: 3 - tcpSocket: - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - livenessProbe: - failureThreshold: 3 - tcpSocket: - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - ports: - - containerPort: 8443 - protocol: TCP - - containerPort: 8080 - protocol: TCP - env: - - name: GODEBUG - value: http2debug=1 - volumeMounts: - - mountPath: /etc/serving-cert - name: cert - volumes: - - name: cert - secret: - secretName: serving-cert-http2 -`) - -func testExtendedTestdataRouterRouterHttp2YamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterHttp2Yaml, nil -} - -func testExtendedTestdataRouterRouterHttp2Yaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterHttp2YamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-http2.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterIdleYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: idle-test - labels: - app: idle-test - spec: - port: - targetPort: 8080 - to: - kind: Service - name: idle-test -- apiVersion: v1 - kind: Service - metadata: - name: idle-test - labels: - app: idle-test - spec: - selector: - app: idle-test - ports: - - port: 8080 - name: 8080-http - targetPort: 8080 - protocol: TCP -- apiVersion: apps/v1 - kind: Deployment - metadata: - name: idle-test - spec: - replicas: 1 - template: - metadata: - name: idle-test - labels: - app: idle-test - spec: - containers: - - image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest - name: idle-test - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 3 - command: - - /usr/bin/socat - - TCP4-LISTEN:8080,reuseaddr,fork - - EXEC:'/bin/bash -c \"printf \\\"HTTP/1.0 200 OK\r\n\r\n\\\"; sed -e \\\"/^\r/q\\\"\"' - ports: - - containerPort: 8080 - protocol: TCP - selector: - matchLabels: - app: idle-test -`) - -func testExtendedTestdataRouterRouterIdleYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterIdleYaml, nil -} - -func testExtendedTestdataRouterRouterIdleYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterIdleYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-idle.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _testExtendedTestdataRouterRouterMetricsYaml = []byte(`apiVersion: v1 kind: List items: @@ -49138,645 +48087,6 @@ func testExtendedTestdataRouterRouterMetricsYaml() (*asset, error) { return a, nil } -var _testExtendedTestdataRouterRouterOverrideDomainsYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -objects: - -# a router that overrides domains -- apiVersion: v1 - kind: Pod - metadata: - name: router-override-domains - labels: - test: router-override-domains - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: - - "--name=test-override-domains" - - "--namespace=$(POD_NAMESPACE)" - - "-v=4" - - "--override-domains=null.ptr,void.str" - - "--hostname-template=${name}-${namespace}.apps.veto.test" - - "--stats-port=1936" - - "--metrics-type=haproxy" - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - readinessProbe: - initialDelaySeconds: 10 - httpGet: - path: /healthz/ready - port: 1936 - serviceAccountName: default -`) - -func testExtendedTestdataRouterRouterOverrideDomainsYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterOverrideDomainsYaml, nil -} - -func testExtendedTestdataRouterRouterOverrideDomainsYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterOverrideDomainsYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-override-domains.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterOverrideYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -objects: - -# a router that overrides host -- apiVersion: v1 - kind: Pod - metadata: - name: router-override - labels: - test: router-override - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: - - "--name=test-override" - - "--namespace=$(POD_NAMESPACE)" - - "-v=4" - - "--override-hostname" - - "--hostname-template=${name}-${namespace}.myapps.mycompany.com" - - "--stats-port=1936" - - "--metrics-type=haproxy" - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - readinessProbe: - initialDelaySeconds: 10 - httpGet: - path: /healthz/ready - port: 1936 - serviceAccountName: default -`) - -func testExtendedTestdataRouterRouterOverrideYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterOverrideYaml, nil -} - -func testExtendedTestdataRouterRouterOverrideYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterOverrideYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-override.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterScopedYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: ROUTER_NAME - value: "test-scoped" -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -- name: UPDATE_STATUS - value: "true" -objects: -# a scoped router -- apiVersion: v1 - kind: Pod - metadata: - name: router-scoped - labels: - test: router-scoped - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: - - "--name=${ROUTER_NAME}" - - "--namespace=$(POD_NAMESPACE)" - - "--update-status=${UPDATE_STATUS}" - - "-v=4" - - "--labels=select=first" - - "--stats-port=1936" - - "--metrics-type=haproxy" - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - readinessProbe: - initialDelaySeconds: 10 - httpGet: - path: /healthz/ready - port: 1936 - serviceAccountName: default -`) - -func testExtendedTestdataRouterRouterScopedYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterScopedYaml, nil -} - -func testExtendedTestdataRouterRouterScopedYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterScopedYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-scoped.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterRouterShardYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: NAMESPACE -- name: TYPE -objects: -- apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: ${TYPE} - namespace: ${NAMESPACE} - annotations: - ingress.operator.openshift.io/default-enable-http2: "true" - spec: - replicas: 1 - domain: ${DOMAIN} - endpointPublishingStrategy: - type: LoadBalancerService - nodePlacement: - nodeSelector: - matchLabels: - node-role.kubernetes.io/worker: "" - namespaceSelector: - matchLabels: - type: ${TYPE} -`) - -func testExtendedTestdataRouterRouterShardYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterRouterShardYaml, nil -} - -func testExtendedTestdataRouterRouterShardYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterRouterShardYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/router-shard.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _testExtendedTestdataRouterWeightedRouterYaml = []byte(`apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -objects: -# a weighted router -- apiVersion: v1 - kind: Pod - metadata: - name: weighted-router - labels: - test: weighted-router - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: ["--namespace=$(POD_NAMESPACE)", "-v=4", "--labels=select=weighted", "--stats-password=password", "--stats-port=1936", "--stats-user=admin"] - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - serviceAccountName: default - -# ensure the router can access routes and endpoints -- apiVersion: v1 - kind: RoleBinding - metadata: - name: system-router - subjects: - - kind: ServiceAccount - name: default - roleRef: - name: system:router - -# a route that has multiple weighted services that it points to -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: weightedroute - labels: - test: router - select: weighted - spec: - host: weighted.example.com - to: - name: weightedendpoints1 - kind: Service - weight: 90 - alternateBackends: - - name: weightedendpoints2 - kind: Service - weight: 10 - ports: - - targetPort: 8080 - -# a route that has multiple services but all weights are zero -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: zeroweightroute - labels: - test: router - select: weighted - spec: - host: zeroweight.example.com - to: - name: weightedendpoints1 - kind: Service - weight: 0 - alternateBackends: - - name: weightedendpoints2 - kind: Service - weight: 0 - ports: - - targetPort: 8080 - -# two services that can be routed to -- apiVersion: v1 - kind: Service - metadata: - name: weightedendpoints1 - labels: - test: router - spec: - selector: - test: weightedrouter1 - endpoints: weightedrouter1 - ports: - - port: 8080 -- apiVersion: v1 - kind: Service - metadata: - name: weightedendpoints2 - labels: - test: router - spec: - selector: - test: weightedrouter2 - endpoints: weightedrouter2 - ports: - - port: 8080 -# two pods that serves a response -- apiVersion: v1 - kind: Pod - metadata: - name: endpoint-1 - labels: - test: weightedrouter1 - endpoints: weightedrouter1 - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP -- apiVersion: v1 - kind: Pod - metadata: - name: endpoint-2 - labels: - test: weightedrouter2 - endpoints: weightedrouter2 - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP -- apiVersion: v1 - kind: Pod - metadata: - name: endpoint-3 - labels: - test: weightedrouter2 - endpoints: weightedrouter2 - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP -`) - -func testExtendedTestdataRouterWeightedRouterYamlBytes() ([]byte, error) { - return _testExtendedTestdataRouterWeightedRouterYaml, nil -} - -func testExtendedTestdataRouterWeightedRouterYaml() (*asset, error) { - bytes, err := testExtendedTestdataRouterWeightedRouterYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "test/extended/testdata/router/weighted-router.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _testExtendedTestdataRun_policyParallelBcYaml = []byte(`--- kind: "List" apiVersion: "v1" @@ -53111,21 +51421,8 @@ var _bindata = map[string]func() (*asset, error){ "test/extended/testdata/router/ingress.yaml": testExtendedTestdataRouterIngressYaml, "test/extended/testdata/router/reencrypt-serving-cert.yaml": testExtendedTestdataRouterReencryptServingCertYaml, "test/extended/testdata/router/router-common.yaml": testExtendedTestdataRouterRouterCommonYaml, - "test/extended/testdata/router/router-config-manager.yaml": testExtendedTestdataRouterRouterConfigManagerYaml, - "test/extended/testdata/router/router-grpc-interop-routes.yaml": testExtendedTestdataRouterRouterGrpcInteropRoutesYaml, - "test/extended/testdata/router/router-grpc-interop.yaml": testExtendedTestdataRouterRouterGrpcInteropYaml, - "test/extended/testdata/router/router-h2spec-routes.yaml": testExtendedTestdataRouterRouterH2specRoutesYaml, - "test/extended/testdata/router/router-h2spec.yaml": testExtendedTestdataRouterRouterH2specYaml, "test/extended/testdata/router/router-http-echo-server.yaml": testExtendedTestdataRouterRouterHttpEchoServerYaml, - "test/extended/testdata/router/router-http2-routes.yaml": testExtendedTestdataRouterRouterHttp2RoutesYaml, - "test/extended/testdata/router/router-http2.yaml": testExtendedTestdataRouterRouterHttp2Yaml, - "test/extended/testdata/router/router-idle.yaml": testExtendedTestdataRouterRouterIdleYaml, "test/extended/testdata/router/router-metrics.yaml": testExtendedTestdataRouterRouterMetricsYaml, - "test/extended/testdata/router/router-override-domains.yaml": testExtendedTestdataRouterRouterOverrideDomainsYaml, - "test/extended/testdata/router/router-override.yaml": testExtendedTestdataRouterRouterOverrideYaml, - "test/extended/testdata/router/router-scoped.yaml": testExtendedTestdataRouterRouterScopedYaml, - "test/extended/testdata/router/router-shard.yaml": testExtendedTestdataRouterRouterShardYaml, - "test/extended/testdata/router/weighted-router.yaml": testExtendedTestdataRouterWeightedRouterYaml, "test/extended/testdata/run_policy/parallel-bc.yaml": testExtendedTestdataRun_policyParallelBcYaml, "test/extended/testdata/run_policy/serial-bc.yaml": testExtendedTestdataRun_policySerialBcYaml, "test/extended/testdata/run_policy/serial-latest-only-bc.yaml": testExtendedTestdataRun_policySerialLatestOnlyBcYaml, @@ -53853,24 +52150,11 @@ var _bintree = &bintree{nil, map[string]*bintree{ "policy-roles.yaml": {testExtendedTestdataRolesPolicyRolesYaml, map[string]*bintree{}}, }}, "router": {nil, map[string]*bintree{ - "ingress.yaml": {testExtendedTestdataRouterIngressYaml, map[string]*bintree{}}, - "reencrypt-serving-cert.yaml": {testExtendedTestdataRouterReencryptServingCertYaml, map[string]*bintree{}}, - "router-common.yaml": {testExtendedTestdataRouterRouterCommonYaml, map[string]*bintree{}}, - "router-config-manager.yaml": {testExtendedTestdataRouterRouterConfigManagerYaml, map[string]*bintree{}}, - "router-grpc-interop-routes.yaml": {testExtendedTestdataRouterRouterGrpcInteropRoutesYaml, map[string]*bintree{}}, - "router-grpc-interop.yaml": {testExtendedTestdataRouterRouterGrpcInteropYaml, map[string]*bintree{}}, - "router-h2spec-routes.yaml": {testExtendedTestdataRouterRouterH2specRoutesYaml, map[string]*bintree{}}, - "router-h2spec.yaml": {testExtendedTestdataRouterRouterH2specYaml, map[string]*bintree{}}, - "router-http-echo-server.yaml": {testExtendedTestdataRouterRouterHttpEchoServerYaml, map[string]*bintree{}}, - "router-http2-routes.yaml": {testExtendedTestdataRouterRouterHttp2RoutesYaml, map[string]*bintree{}}, - "router-http2.yaml": {testExtendedTestdataRouterRouterHttp2Yaml, map[string]*bintree{}}, - "router-idle.yaml": {testExtendedTestdataRouterRouterIdleYaml, map[string]*bintree{}}, - "router-metrics.yaml": {testExtendedTestdataRouterRouterMetricsYaml, map[string]*bintree{}}, - "router-override-domains.yaml": {testExtendedTestdataRouterRouterOverrideDomainsYaml, map[string]*bintree{}}, - "router-override.yaml": {testExtendedTestdataRouterRouterOverrideYaml, map[string]*bintree{}}, - "router-scoped.yaml": {testExtendedTestdataRouterRouterScopedYaml, map[string]*bintree{}}, - "router-shard.yaml": {testExtendedTestdataRouterRouterShardYaml, map[string]*bintree{}}, - "weighted-router.yaml": {testExtendedTestdataRouterWeightedRouterYaml, map[string]*bintree{}}, + "ingress.yaml": {testExtendedTestdataRouterIngressYaml, map[string]*bintree{}}, + "reencrypt-serving-cert.yaml": {testExtendedTestdataRouterReencryptServingCertYaml, map[string]*bintree{}}, + "router-common.yaml": {testExtendedTestdataRouterRouterCommonYaml, map[string]*bintree{}}, + "router-http-echo-server.yaml": {testExtendedTestdataRouterRouterHttpEchoServerYaml, map[string]*bintree{}}, + "router-metrics.yaml": {testExtendedTestdataRouterRouterMetricsYaml, map[string]*bintree{}}, }}, "run_policy": {nil, map[string]*bintree{ "parallel-bc.yaml": {testExtendedTestdataRun_policyParallelBcYaml, map[string]*bintree{}}, diff --git a/test/extended/testdata/router/router-common.yaml b/test/extended/testdata/router/router-common.yaml index 9553de201fbf..d01de3e7628b 100644 --- a/test/extended/testdata/router/router-common.yaml +++ b/test/extended/testdata/router/router-common.yaml @@ -1,10 +1,8 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -objects: - +kind: List +apiVersion: v1 +items: # ensure the router can access routes and endpoints -- apiVersion: v1 +- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: system-router @@ -12,6 +10,8 @@ objects: - kind: ServiceAccount name: default roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io name: system:router # two routes that differ only by their labels and names diff --git a/test/extended/testdata/router/router-config-manager.yaml b/test/extended/testdata/router/router-config-manager.yaml deleted file mode 100644 index a41e5f67e606..000000000000 --- a/test/extended/testdata/router/router-config-manager.yaml +++ /dev/null @@ -1,275 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -objects: -- apiVersion: v1 - kind: Pod - metadata: - name: router-haproxy-cfgmgr - labels: - test: router-haproxy-cfgmgr - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: ["--namespace=$(POD_NAMESPACE)", "-v=4", "--haproxy-config-manager=true", "--blueprint-route-labels=select=hapcm-blueprint", "--labels=select=haproxy-cfgmgr", "--stats-password=password", "--stats-port=1936", "--stats-user=admin"] - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - serviceAccountName: default - -# ensure the router can access routes and endpoints -- apiVersion: v1 - kind: RoleBinding - metadata: - name: system-router - subjects: - - kind: ServiceAccount - name: default - roleRef: - name: system:router - -# blueprints for edge, reencrypt and passthrough routes with annotation(s) -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: edge-blueprint - labels: - test: router - select: hapcm-blueprint - annotations: - router.openshift.io/cookie_name: empire - spec: - tls: - termination: edge - host: edge.blueprint.hapcm.test - to: - name: insecure-service - kind: Service - ports: - - targetPort: 8080 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: reencrypt-blueprint - labels: - test: router - select: hapcm-blueprint - annotations: - ren: stimpy - spec: - tls: - termination: reencrypt - host: reencrypt.blueprint.hapcm.test - to: - name: secure-service - kind: Service - ports: - - targetPort: 8443 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: passthrough-blueprint - labels: - test: router - select: hapcm-blueprint - annotations: - test: ptcruiser - foo: bar - spec: - tls: - termination: passthrough - host: passthrough.blueprint.hapcm.test - to: - name: secure-service - kind: Service - -# config map for nginx -- apiVersion: v1 - kind: ConfigMap - metadata: - name: serving-cert - data: - nginx.conf: | - daemon off; - events { } - http { - server { - listen 8443; - ssl on; - ssl_certificate /etc/serving-cert/tls.crt; - ssl_certificate_key /etc/serving-cert/tls.key; - server_name "*.svc"; - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } - } - -# pods that service http[s] requests -- apiVersion: v1 - kind: Pod - metadata: - name: insecure-endpoint - labels: - test: haproxy-cfgmgr - endpoints: insecure-endpoint - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP -- apiVersion: v1 - kind: Pod - metadata: - name: secure-endpoint - labels: - app: secure-endpoint - spec: - containers: - - image: registry.k8s.io/e2e-test-images/nginx:1.15-2 - name: serve - command: - - /usr/sbin/nginx - args: - - -c - - /etc/nginx/nginx.conf - ports: - - containerPort: 8443 - protocol: TCP - volumeMounts: - - name: cert - mountPath: /etc/serving-cert - - name: conf - mountPath: /etc/nginx - - name: tmp - mountPath: /var/cache/nginx - - name: tmp - mountPath: /var/run - volumes: - - name: conf - configMap: - name: serving-cert - - name: cert - secret: - secretName: serving-cert - - name: tmp - emptyDir: {} - - name: tmp2 - emptyDir: {} - -# services that can be routed to -- apiVersion: v1 - kind: Service - metadata: - name: insecure-service - labels: - test: router - spec: - selector: - test: haproxy-cfgmgr - endpoints: insecure-endpoint - ports: - - port: 8080 -- apiVersion: v1 - kind: Service - metadata: - name: secure-service - annotations: - service.alpha.openshift.io/serving-cert-secret-name: serving-cert - spec: - selector: - app: secure-endpoint - ports: - - port: 443 - name: https - targetPort: 8443 - protocol: TCP - - -# insecure, edge secured, reencrypt and passthrough routes -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: insecure-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - host: insecure.hapcm.test - to: - name: insecure-service - kind: Service - ports: - - targetPort: 8080 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: edge-allow-http-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow - host: edge.allow.hapcm.test - to: - name: insecure-service - kind: Service - ports: - - targetPort: 8080 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: reencrypt-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - tls: - termination: reencrypt - host: reencrypt.hapcm.test - to: - name: secure-service - kind: Service - ports: - - targetPort: 8443 -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: passthrough-route - labels: - test: haproxy-cfgmgr - select: haproxy-cfgmgr - spec: - tls: - termination: passthrough - host: passthrough.hapcm.test - to: - name: secure-service - kind: Service diff --git a/test/extended/testdata/router/router-grpc-interop-routes.yaml b/test/extended/testdata/router/router-grpc-interop-routes.yaml deleted file mode 100644 index 7a7c8ed1d7bb..000000000000 --- a/test/extended/testdata/router/router-grpc-interop-routes.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: TLS_CRT -- name: TLS_KEY -- name: TYPE -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-h2c - labels: - type: ${TYPE} - spec: - host: grpc-interop-h2c.${DOMAIN} - port: - targetPort: 1110 - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-edge - labels: - type: ${TYPE} - spec: - host: grpc-interop-edge.${DOMAIN} - port: - targetPort: 1110 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-reencrypt - labels: - type: ${TYPE} - spec: - host: grpc-interop-reencrypt.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: grpc-interop-passthrough - labels: - type: ${TYPE} - spec: - host: grpc-interop-passthrough.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: grpc-interop - weight: 100 - wildcardPolicy: None diff --git a/test/extended/testdata/router/router-grpc-interop.yaml b/test/extended/testdata/router/router-grpc-interop.yaml deleted file mode 100644 index 24efc142f495..000000000000 --- a/test/extended/testdata/router/router-grpc-interop.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE -objects: -- apiVersion: v1 - kind: Service - metadata: - name: grpc-interop - annotations: - service.beta.openshift.io/serving-cert-secret-name: service-cert-grpc-interop - spec: - selector: - app: grpc-interop - ports: - - appProtocol: h2c - name: h2c - port: 1110 - protocol: TCP - targetPort: 1110 - - name: https - port: 8443 - protocol: TCP - targetPort: 8443 -- apiVersion: v1 - kind: Pod - metadata: - name: grpc-interop - labels: - app: grpc-interop - spec: - containers: - - image: ${IMAGE} - name: server - command: ["ingress-operator", "serve-grpc-test-server"] - ports: - - containerPort: 1110 - name: h2c - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - volumeMounts: - - mountPath: /etc/serving-cert - name: cert - readinessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - livenessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - volumes: - - name: cert - secret: - secretName: service-cert-grpc-interop diff --git a/test/extended/testdata/router/router-h2spec-routes.yaml b/test/extended/testdata/router/router-h2spec-routes.yaml deleted file mode 100644 index 41230442d69b..000000000000 --- a/test/extended/testdata/router/router-h2spec-routes.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: TYPE -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - app: h2spec-haproxy - type: ${TYPE} - name: h2spec-passthrough - spec: - host: h2spec-passthrough.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: h2spec-haproxy - weight: 100 - wildcardPolicy: None diff --git a/test/extended/testdata/router/router-h2spec.yaml b/test/extended/testdata/router/router-h2spec.yaml deleted file mode 100644 index 88fd64276a47..000000000000 --- a/test/extended/testdata/router/router-h2spec.yaml +++ /dev/null @@ -1,225 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: HAPROXY_IMAGE -- name: H2SPEC_IMAGE -objects: -- apiVersion: v1 - kind: ConfigMap - metadata: - name: h2spec-haproxy-config - data: - haproxy.config: | - global - daemon - log stdout local0 - nbthread 4 - tune.ssl.default-dh-param 2048 - tune.ssl.capture-cipherlist-size 1 - defaults - mode http - timeout connect 5s - timeout client 30s - timeout client-fin 1s - timeout server 30s - timeout server-fin 1s - timeout http-request 10s - timeout http-keep-alive 300s - option logasap - option http-buffer-request - log-format "frontend:%f/%H/%fi:%fp GMT:%T\ body:%[capture.req.hdr(0)]\ request:%r" - frontend fe_proxy_tls - option http-buffer-request - declare capture request len 40000 - http-request capture req.body id 0 - log global - bind *:8443 ssl crt /tmp/bundle.pem alpn h2 - default_backend haproxy-availability-ok - backend haproxy-availability-ok - errorfile 503 /etc/haproxy/errorfile - http-request deny deny_status 200 - errorfile: | - HTTP/1.1 200 OK - Content-Length: 8192 - Cache-Control: max-age=28800 - Content-Type: text/plain - - 2wWvUP5ISuTTzmzf27uZ/hGEVQMowYJYgDBZPGj3VY9XEHtdiCILqnw6oMvB95lUtNDPfVh+sEpM - 4NbGyxC/hALxe98LaexsWfMgdtrOs0Cre2MwGeL2Vgr68Ju9mTzL3YpYetU09WSesko6RfnqjPyA - b0dsc7XecYeh8XfetC5WgUfsGGhJTKEd80ClFAWv0usTU+qccoG7zkxxTGzw5qzp7L+B4t8Bwgjf - dvFOZZ3cwPowiGg+4iF7rwbBCtOfXgFe/eBVGpP5KtW6hcdf7Wqw/w6Tkf8ZXlKSzT6xLXrq0C73 - OrUwvRn+NJl6wbpSOFEvB3Cp19Q0oMTa9+alvPwWZxwXEIi85hT5YVDZsb0pP1hcTOQAsT5LOWzm - mtNcIstM50XZj1hHEhJeixp5gAsrwY1m+Uwm2X6a70NBEtqnP0B04oOIPfTtebORGu1DiJGgntWM - wdk1ReLyDLTS2tISn6ItAwknF0Qk3D5kMqNN2sB1GBcWf7zqTlgB3W2p6I31P2Vt/I+z859JwbIw - 3w3AI5UAGSPmguLzzdPrqKa1igzrBcoDvEJnk2O0+39qlJ+Sa2Ko02KjGkl7ZNZJwUAIKMsC5vAl - hV2KFRtRnWa7YzDMuNzoOZezPnIz8zvLVQFVGCSnpu7crAKrrhJD9F/nDBEnLtA5lzJRf32LUYNI - tCs2CHt8guaddJ1U1+lEGLKX3QM0N62MhDQy2lZwAvag8WlW1le+kj0vO1NYCwauzEWZtdHEedGv - E98m9Y4OWDLl4k8uTV0f8vsgwHTCgFcJ8EmWYizi/ykL1kfdR324JiW+3YpH3F8GEp9L7ESkqIns - eXajNzKhagc1e+YM8Xe6SjWDXbdVV9ZSEsgdhK2gy0MQchK2vU1hzUKq4cxDTMJ8k3CAkuG3IFpd - Nyv9eW4aJUSsNv2OzH0iRUaXs3qAefORFQgn8/Qe2c6wSDAI5wHEi7zi/Lick3UVv+7V13zfvcWl - 32A2p1Erotjl/tgj4lX60Ci3uRgRBQ/9wR/N9JuH0A4ynn0uBaS1M/Qpbmz78/oeXQgCEnUCEA4k - DXYvXl6o+dEfJkuUYMIAH4wadtmdf+DSH9oOPvBFSM93X8BF21SSDeb8K+YfIi6+Ivzll+5jcNoi - uUryTyp1don75Zk6CT7b2m1o514MS68ulcNI4g36GpaS44rnuvQGyacdau6NabzgR0Q/3n9kOlFE - IOse9+eUEmR6KXZ/DuoeT7M2+Qul4uNwJz8i2RrF7mAToB3k0qdA8fO2munXXWoGr77vSkEDdJeq - ihFBQ60KNZeZh4x18uAxYigNrYfWjmIFAdzQd9XpsGL7iHYmjyHUQQabzFirJdeS4w4hZoSznA5m - 1CtCvRtAT8RPoiUPSqKU3QtH46iNGusjRoRfCj7ynrmeqeDqkw4H34CrnkolqT1hDqvaqZIyJo50 - D3MGeURwMM6DYjWKOaVJaQDbXC8Ahb67+1nKUEyEaLKkfTh8GPGOnmBiWub/Y/N3AL9TEuihw9KP - NtjZQ82jL32NqdSdwKDXmE2SMmElUOY6fVFEGDVdgx9eJbeMaiSwXLTtUFxAxsO1wY5jDf8Cr97w - P8tLv1CPcec381Y2jAD0CgkGaa1u0VTj0jLFIwZK2faeKa3VJrB7ldYD74+PwiIgfl9nbvxlC8KN - 5RTd7ThSGRQ+N7zpjRdaoftafUcFj6G/O/QrbhPxLZHcHG+zBGt/Fkr1lswfjiDsHHSM1ZyLiuny - ZqFBSSjL8X+NOa76tUq414UrZZ85w6nDTkzitXb36x8TEgfaoipUZJVNQ8smjE3bO9wB1zyzYXh7 - vDQe9p3GfRN223tJKGhXZ1SewOqoZsEWTogk6FFxngAyYb6jfqFFChe9gSrjS54+WUm0HyvSGuks - q/NwwvgI69cXqPZL6eXpgAAwFbt366HbGDHcKaG02fmuBNdhguw1BuF3EaBiPF2beQvYx9GPyzua - VDTflywUGXI3JixRbwT0TgXDIX+2FceA5NcyGQLjwF5CpDH650PaholA3dUif8Blls+FpJ74UdK1 - Ws+mG/UaBZ31hLHKqHI986G3PSxEWYyrF6vL6+CuNfet/SYh7AMRWK93Rkb3/N8GPosuFPaBNZLR - EBSHW9HUTP0viNWDupGx8mmncAUb9HLjqcFJoWGqZjVKaYe8J3NwvaL1P8+/v7ckpLUzOgiZVake - azDZDBoEfqFp/EGwnwm/KsnCQZ/I0aqrVW8T3AjUyFRIBw+rYLLGC2oIiUDH5ccvYhDY1epYS3C/ - qW+mWa1XNz0Aat+7LFoMt4BG3319S/fqApIRMq3rcoegfPhGSI9CBoNnLCxz/GHnlSxstCIQdnMJ - xwWBgvHuVb84bHfsRknUQX7g5s7xf9UK06TXRmYG+lb70Trkb0EZKzT17IMIOnZk4BCJkX08YK88 - C1rP68EjSdLSRiln3EPJ6kuNVFct077SfDG3SiLldx/VsZGSFzqWv69Qdb82wI+v5FcV3TZkrZAP - mhHJEWFaWvtEMyc7TtNI+0XhME96RIscBSLtoaRRV8CbMSJ8uanfox5LFId0gD4kfWiGtirj9/1/ - GnAUoMhFeipQ8mYKu2zwOFsDVmWzC10uNyorY4qg/WBJ6A3asEcHIUVkmOnakPkRipKTKxFYlXjF - 1Jau+KsvHTvWxOP/LTDipJjxwQWBzDEmUHOQJJrHQG/grmOPFB891bcFRLWzYSuSYCSLetA8HlCK - m9Bxit43AUhLeeUoVHroflvyHhI1LT2k6crEz4g/bdLMi7ncbtCmB88k6UYXUaXKL2YlzxRp+cWA - nxeR63cR2RXeqUVdO3GqgAFKHFw96lgbF74qBc9AE5r5juzvT6qoHq7sHNJ31VhA6cASdIio+H+D - O2sb8xvGyuCfydIHgJoRc2ilhVsMPwEoMsCrp1MRWE5tLgkn0uH5RjV1K1yDYY0PivgJYbBtjOhx - mcaaa+P8jHc7J/Q6rI6BCjehbOwFY7dbCjcBJ8y39yNvDFwtj53UxMiWoRSwNO8ICJNFwm1dXjUa - gJ/+g6q0U4qf0nL5f/whHCsY8qdD9Jj9qcRjvSNaiP/l44ETGA2bc+/33cdZZImYAw54nfoN1UPx - hcvP3dsol6SaHgGOvZV0R6sapasMbIuFOkAXEVjn75E1dnWoom2k/cWH1gCxStYKUE4ilsMi+Smb - ejw1wXXJ4IG/861DPEAfrhwXO5nBppSClyf8ASMI+EjJmEO9o9b+hvKST0lN/+qnXfgzyirrhjSH - B8mMyArxcZo3+avdi1hC8VgNsRpR9aC7Sim9v8gjMfVg0qvIcDPjfvozyXhiEhrc7T+GDqk6Ledv - lOwTMw+i5UlrEEeJXDp8Ae8dQ1i/aLN/J7bR6LI9off7egiSIgnoOaUJl5LfvHqzFJsbjpSrm9U9 - hrhs9ChG6Qa1VsB/cvoaLwbzXi3XcbPue8DuNrgTP4CcP7KtiiS+NM+n0nRKEk9y7eeSfjXI5pE7 - 6JFIdYs2qXFLtc+SuBq4M2dtKySiOr27gi59sbgr/OlWl+JQDNKPZ3XFM9nsoNpD3QU5Ye0DKzrI - rJh5Q/Gt3fQg91sFiB76kkpsQ88GQ/kgui9jadTYZcRmz/vQkoiQShX0xhdbkmwQgocnNO9IkZy+ - vua906n5skPPQIpaZOPuIxBoHE/1y+Ap2ofezIBj9p/HNv5Aolc1TL0eY5dPabXWwab/4vutMKos - MKAbI1Gow+RyptiZsau72g/IicWTIpBbveRnbiDWTmw2uwLus4asSanzWjZnlNyy0MIVK0uZRNVn - NBKCXH2VbYMyPIvN9CQbCl7/VnL4qPC8sxkJL28ZtwW881Kn79k49Go7FXZn/go1hdig8av4h+JZ - cHw+bjsNKe3Mr6JvyLIpkvsBFL3TGRQkEy/me6V2HI8dl3RoryJy3SiE8G5uXlKXJywYOaCoIUIp - 2uyalKb2YNaZFc6xHjputeIegC4zJh6KmKK8H4n92/qn33DK813xaFpcQWh6HfTL33V1xn6x93jX - x40RmHxbslHN0DYbYcK8fDEdvHfAY/zzKpvXg1TsKYuW8tyeXWL5NjfGND7XliJCo/GIj0dAyWro - IkLvv7XqnAUvLyH+Kd1LBzMa+1Q6luGSQaYaw1Uwioi0+W8VP/vd2MZifv/M+Fg9jXQ0YAPxvnqw - dMNjVq+kCJY9wjwBpgEOdXte5cZebR4b9Zyn0DRFzb4levpCF0bjmJcbzgE/doh8c+qfCIxK57/l - j37u34+y4OjnTeqm991+jnzqjHP9Dr96IjRRVh268Hgqymx670MolqAFlb7Fazwi/+3n4wH6oIjj - cbgFVrsOH0KFnLKf3QFOA2Rr/x+ycY8e0A3Br90AjEzHBsbV2LCpmcB5JaFxQG3K8IGXP2O3h7jP - yXHLPG/Euu0CTN4TlDNl45Ppk2GY48jGb6bdhJjV/qeL49y9wSghFmnGlXkbOxZ/JqI2QeIXleAe - xeVcdnCF9d3mEE0POtHvh4/nF3SS6IwqQd9qtiNLvDrCuhLJCTfowCfTm0WzpNJmaXxrKG4jyUJG - IpVcQSKulIDwkgt66V/PtbgE/2V+4+EvYgP5uM8tf7AAskxlnqB5L81Ph/0zsumrqLUsX1gTONCW - Hqf0cPJlALcHY/FaKq3sZl3J/BoIygIR2IwMeOQCEprt46RsJeY8AAWEk0p9eDoiX7eniV8YFes9 - mNUXxHyg1GYzRtbXv0Ua/TomdZwFVhOYGb2SeVCDmzmjPcWLnLZ8949jbHIKIvKgkYgFF5qrtukA - PcPkKGAbzAUpiWr7zn8pp1emm3YRhzvYVJ2gNMtxHZkRg6uNAbt/mF1BqIS8ODtTUUo4+gC/RGYF - bgJryFrYBuFihZLOSXV0T6KNcp/04xRTXI63nfGuJaY0iSoPI3mbeulgxMIFAoALb3nQ9z0bVSzT - Lf6jPmaeM379NQ0bg0IoF+lrRYNTOAE5LssUrDTO8EV402wulLU0MR3bKKkt4jvp04/GpIjn9xmJ - 3ZuWjxjvyZGjlaGT/BgsAgi/MuNN1Syty0Pzw8cJUWAogcak/2Xt7cY0+xTWtk7JHy9npv0hNzaw - mpt6NM0Yk4wqMDE9VL8G5P302eAYv11/ZlRM9yDUmTr15wwEc2J0koLqulN96VwMekGsPMi1makl - JpcHjgSuuM4CrD8sd6L8K6IyZWyGBmWV4JQ2Sd4lGvuzxf9+5pS3Q2Iq6QqPzW6rBa9GUAufvtI0 - cR+JxqDOwCEd9IwaDq1mvLFUqlfvlGgyj1GrOYMJMMjBa/ErFtnsFL2rzO9g1QkHtErTND50VM8C - IdAybJLV4DOUwzOK3NSElr4Wej8K0Lfbwe4R3KzE4vRc+mO1ZesiPyfM7VsR7dN2NRDTTqWF7dXn - jrCpI2Pwz/BSwbtNvKnVrELydJYqQZ4YN0Kgkb5ZQ+Ei23t+X6IjRNTY576q5BtmNw9MEV70/b4w - Ac0ArzOfp+PbLaC6WdjxzI/AdpZJ5RSBo3w5PY+3P8IG4tz1UyKMhvCtA/xBGTu77C83a0R696aL - kMA5RhYjlCdm73+BMTLp17jXM+j5ek8pt0l5beEWOQSQQuzowiyPwfyp3c77A+3OsuK1dIdTpxh4 - EeGLY1UuMQla1ugZODWHac42h6uBftP7Q77qKbCQHHB6G7HlH8xIJp6YfoBbqeQuMhrZrbeWGMpE - XGHizQFlsiHAniPfcY+XaCE4sgW+2gAlR6ESkO3DnGFnyejMspfa+BDdZBfuUO1JNWQwOtlooicQ - JXbSKAVrfDTsFrerk1LJkuhCvIGINt7D+9i9/t+twgA834ObDzb89dpWJAiFV1JtfJW4DGTKga6I - 850NJW8/GP4l/hqH0EH9jSDXgjdhS0716/nEjXnwZ0rsHLfGq1AaMUHv972wv+3TA188kzlk7fRr - wuJbuLpwVqp/H1LNueJu+/lzFQoh9eeboguENZNIoZQ7cD0pINwHdeyhXZDomaxHnIrxiZmy72P/ - aNkruB+Kf7evbRHzPNZAWkie/PwDrAsPLpeiTuK3nhpd/XIfmnNXZtt1X53MJHRwDMl00ze7lXwn - 37Pm2dYsZo2f20cIuVrzyOPv9f9y2y92UAJ6VvPxHjci2lQupmdn/D7kdeF44nZWUMRkvnHW+Lxj - NYHuwwX6sOoKavnmVALOhYk9mukP4pNliuvcJmuhJxaI9oQah8encM2WA8Z7s61Xf1Gk2luMH709 - 0EX6VvPrNLFUY7xJJsXT191vyrg6Wu5Yd2ZIFXrCgKBLfHumvO3NE+YE+LKK6xrH7Urk9trmKJKt - sfsgmIz8xj4D59tlIsgKZfwGsIbIlachpjhXM9jNdOSe5k2tHNdnh1OvBJvOIqKSp4uVlHZnLUMZ - 07rzxr9wdzU4ihaUgvreVpar6vnNYuj/TTDRP0FcBay0IuPunVhX9Wel5ga+NWIV9srCmzsJN7/d - puvaV9sb5dc0M0klEq41bMKDFd86YKifRhwagol5OAHTPjvIqZ9WOr/7XVuxAtOG0l1ohgrKTtfV - jw4KZCd+zIazzwuA0ItCENMmAm2Xppqy1T0Uu7gql3b8XAtsk+IhQw+L8H/oJtt/vaRSnbfTS02N - umm7CcneYyHT1FiuMfm5rkHee7rPR+YiDXlnkrTjd6HaBk3a/mEf0amzsMH9s4FzQRLbYPcXZrfi - ah18pV5ZlcfsC1kmM+wBbxCjxoUcV2DyeGiMdQo2Pif9LpPXOo6SE9a4lDovQF5brB6z9MGUZlKf - n+bQ1SVZxu4ArWLnbmXrgHzz+APsWh6VBfCw0MT8oP7uzB6tzIP1RCm7uKgb1Hi2f8f4DympfW4r - K3/H/5c3foZqlZDSDCGv3amzwkSZ3VsWHPrGFa0jLkTweBf+8UyzRIdoceDI7Ovg9cOiVf4bVqA/ - B4DavbV6xOAbHloEJTIEI54epi2CEFnAvpJUgr+uWkgQbSTJVmXUWw0s6gv+2sbeNYYz169c1ScP - U1afX80IXtL0iq7sQjbEPfOg9hWbHQWoAaSgLT0mvGkMHn8eKUBFdvF2paNOfU47OirGz1ifdRZe - 9BgBR6glFDlp5g99K6PXxADoy+nHAKnzxlWuxjfMoXgcIWpmIXad+vi3m7J48Z8xAaN8/657UjNW - JmYHVjst8m+Q14lyMJfFj1Q+9FjyKTGwSjryd5dUJacyGrg3mli2v99KnTsOjY1Wm6//G5dcuRIT - IceUARlCKNONQVe3tM4LoIglqTipwfzLwjDfb223BAfNt41otmZ3VGM8yesZQmAnokKhcErDTrw3 - g9aoCI6OlrtLrTx3V1k7qW9INLZXspvhU4CalQdWvugpH4prAQO6FeFLCu66/KIL9FZoe5n66UBz - TFR2ih8dKo1JV/aLuqjpsZ+l4lNal4vnqgaLUehC7j1zQAiLD585VMuEliJSmES8wHL3nt5JUKoe - 2Y6+aRDQqYUZsEhnPQ1H+0AT5LHOh6P1576m52Bp2tczVjN2K6Hgw+koDUmZj7YUj1stzjKso5rM - 0zRAppa9g4XJSDnjaBFdYcRmWZ+PE/sjXzcu1eNtttlJqmYqO4dMGHiffoBIvz9nvqn8eZIRMPdt - D1/ykxN6Cbl42Ox9WTSIZncj6LbhB/5dT12DdCtedx7ljDcGVQm30HbB5GSYWYuWphJSJ0YWX8O+ - lW8A3Qy0Vnu2EZUsNKBzgSbws63t2xrizMq0eRkMkHL8L4OUFKenwro6m0PJcuPhTBhVN0ek73vl - YVdXRPoPejw6wPeETZ6ObnCFqySDsycqyIwYXmxFNw3aYiTjFls2i+BZ6lGManDeJ/U/VKdrJt74 - Ua3HXuQXe9z/uOBdmiWPBuIA79uzt3C/g5hTFt3L4Q25aRMRXIQkrtRRfP6AEyKJmAUY1hwyIJQV - +HVW+djWL9nO1/REKbJcGPmQwscoH9YYrP4XpLaXbWV/XbuCsyPzW+QKqUinMIX3LlAIYgJp+pyb - m2/3So5gYJkPZxx4UxVrqxAkKhSkQVHvv6Rvj6LkdomEfA76eWKxxvksde+zZkD2ZcWMg0obX1Ox - BFNBRELPe53ZdLKWpf2Sr96vRPRNw -- apiVersion: v1 - kind: Pod - metadata: - name: h2spec-haproxy - labels: - app: h2spec-haproxy - spec: - containers: - - image: ${HAPROXY_IMAGE} - name: haproxy - command: ["/bin/bash", "-c" ] - args: - - set -e; - cat /etc/serving-cert/tls.key /etc/serving-cert/tls.crt > /tmp/bundle.pem; - haproxy -f /etc/haproxy/haproxy.config -db - ports: - - containerPort: 8443 - protocol: TCP - readinessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - livenessProbe: - failureThreshold: 3 - tcpSocket: - port: 8443 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - securityContext: - allowPrivilegeEscalation: true - volumeMounts: - - mountPath: /etc/serving-cert - name: cert - - mountPath: /etc/haproxy - name: config - volumes: - - name: config - configMap: - name: h2spec-haproxy-config - - name: cert - secret: - secretName: serving-cert-h2spec -- apiVersion: v1 - kind: Service - metadata: - name: h2spec-haproxy - annotations: - service.beta.openshift.io/serving-cert-secret-name: serving-cert-h2spec - spec: - selector: - app: h2spec-haproxy - ports: - - port: 8443 - name: https - targetPort: 8443 - protocol: TCP -- apiVersion: v1 - kind: Pod - metadata: - name: h2spec - labels: - app: h2spec - spec: - containers: - - name: h2spec - image: ${H2SPEC_IMAGE} - command: ["sleep"] - args: ["infinity"] diff --git a/test/extended/testdata/router/router-http2-routes.yaml b/test/extended/testdata/router/router-http2-routes.yaml deleted file mode 100644 index 61bcfdf98757..000000000000 --- a/test/extended/testdata/router/router-http2-routes.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: TLS_CRT -- name: TLS_KEY -- name: TYPE -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-default-cert-edge - labels: - type: ${TYPE} - spec: - host: http2-default-cert-edge.${DOMAIN} - port: - targetPort: 8080 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-default-cert-reencrypt - labels: - type: ${TYPE} - spec: - host: http2-default-cert-reencrypt.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-custom-cert-edge - labels: - type: ${TYPE} - spec: - host: http2-custom-cert-edge.${DOMAIN} - port: - targetPort: 8080 - tls: - termination: edge - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-custom-cert-reencrypt - labels: - type: ${TYPE} - spec: - host: http2-custom-cert-reencrypt.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - key: |- - ${TLS_KEY} - certificate: |- - ${TLS_CRT} - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: http2-passthrough - labels: - type: ${TYPE} - spec: - host: http2-passthrough.${DOMAIN} - port: - targetPort: 8443 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - name: http2 - weight: 100 - wildcardPolicy: None diff --git a/test/extended/testdata/router/router-http2.yaml b/test/extended/testdata/router/router-http2.yaml deleted file mode 100644 index 8a514047b3b3..000000000000 --- a/test/extended/testdata/router/router-http2.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE -objects: -- apiVersion: v1 - kind: Service - metadata: - name: http2 - annotations: - service.beta.openshift.io/serving-cert-secret-name: serving-cert-http2 - spec: - selector: - name: http2 - ports: - - name: https - protocol: TCP - port: 8443 - targetPort: 8443 - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 -- apiVersion: v1 - kind: Pod - metadata: - name: http2 - labels: - name: http2 - spec: - containers: - - image: ${IMAGE} - name: server - command: ["ingress-operator", "serve-http2-test-server"] - readinessProbe: - failureThreshold: 3 - tcpSocket: - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - livenessProbe: - failureThreshold: 3 - tcpSocket: - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - ports: - - containerPort: 8443 - protocol: TCP - - containerPort: 8080 - protocol: TCP - env: - - name: GODEBUG - value: http2debug=1 - volumeMounts: - - mountPath: /etc/serving-cert - name: cert - volumes: - - name: cert - secret: - secretName: serving-cert-http2 diff --git a/test/extended/testdata/router/router-idle.yaml b/test/extended/testdata/router/router-idle.yaml deleted file mode 100644 index 7e473fe0a7c3..000000000000 --- a/test/extended/testdata/router/router-idle.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -objects: -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: idle-test - labels: - app: idle-test - spec: - port: - targetPort: 8080 - to: - kind: Service - name: idle-test -- apiVersion: v1 - kind: Service - metadata: - name: idle-test - labels: - app: idle-test - spec: - selector: - app: idle-test - ports: - - port: 8080 - name: 8080-http - targetPort: 8080 - protocol: TCP -- apiVersion: apps/v1 - kind: Deployment - metadata: - name: idle-test - spec: - replicas: 1 - template: - metadata: - name: idle-test - labels: - app: idle-test - spec: - containers: - - image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest - name: idle-test - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 3 - command: - - /usr/bin/socat - - TCP4-LISTEN:8080,reuseaddr,fork - - EXEC:'/bin/bash -c \"printf \\\"HTTP/1.0 200 OK\r\n\r\n\\\"; sed -e \\\"/^\r/q\\\"\"' - ports: - - containerPort: 8080 - protocol: TCP - selector: - matchLabels: - app: idle-test diff --git a/test/extended/testdata/router/router-override-domains.yaml b/test/extended/testdata/router/router-override-domains.yaml deleted file mode 100644 index 2ee36c67139c..000000000000 --- a/test/extended/testdata/router/router-override-domains.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -objects: - -# a router that overrides domains -- apiVersion: v1 - kind: Pod - metadata: - name: router-override-domains - labels: - test: router-override-domains - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: - - "--name=test-override-domains" - - "--namespace=$(POD_NAMESPACE)" - - "-v=4" - - "--override-domains=null.ptr,void.str" - - "--hostname-template=${name}-${namespace}.apps.veto.test" - - "--stats-port=1936" - - "--metrics-type=haproxy" - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - readinessProbe: - initialDelaySeconds: 10 - httpGet: - path: /healthz/ready - port: 1936 - serviceAccountName: default diff --git a/test/extended/testdata/router/router-override.yaml b/test/extended/testdata/router/router-override.yaml deleted file mode 100644 index 62b4dd379fe8..000000000000 --- a/test/extended/testdata/router/router-override.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -objects: - -# a router that overrides host -- apiVersion: v1 - kind: Pod - metadata: - name: router-override - labels: - test: router-override - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: - - "--name=test-override" - - "--namespace=$(POD_NAMESPACE)" - - "-v=4" - - "--override-hostname" - - "--hostname-template=${name}-${namespace}.myapps.mycompany.com" - - "--stats-port=1936" - - "--metrics-type=haproxy" - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - readinessProbe: - initialDelaySeconds: 10 - httpGet: - path: /healthz/ready - port: 1936 - serviceAccountName: default diff --git a/test/extended/testdata/router/router-scoped.yaml b/test/extended/testdata/router/router-scoped.yaml deleted file mode 100644 index 99a6d55e73b4..000000000000 --- a/test/extended/testdata/router/router-scoped.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: ROUTER_NAME - value: "test-scoped" -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -- name: UPDATE_STATUS - value: "true" -objects: -# a scoped router -- apiVersion: v1 - kind: Pod - metadata: - name: router-scoped - labels: - test: router-scoped - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: - - "--name=${ROUTER_NAME}" - - "--namespace=$(POD_NAMESPACE)" - - "--update-status=${UPDATE_STATUS}" - - "-v=4" - - "--labels=select=first" - - "--stats-port=1936" - - "--metrics-type=haproxy" - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - readinessProbe: - initialDelaySeconds: 10 - httpGet: - path: /healthz/ready - port: 1936 - serviceAccountName: default diff --git a/test/extended/testdata/router/router-shard.yaml b/test/extended/testdata/router/router-shard.yaml deleted file mode 100644 index 0a2d5659bce7..000000000000 --- a/test/extended/testdata/router/router-shard.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: DOMAIN -- name: NAMESPACE -- name: TYPE -objects: -- apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: ${TYPE} - namespace: ${NAMESPACE} - annotations: - ingress.operator.openshift.io/default-enable-http2: "true" - spec: - replicas: 1 - domain: ${DOMAIN} - endpointPublishingStrategy: - type: LoadBalancerService - nodePlacement: - nodeSelector: - matchLabels: - node-role.kubernetes.io/worker: "" - namespaceSelector: - matchLabels: - type: ${TYPE} diff --git a/test/extended/testdata/router/weighted-router.yaml b/test/extended/testdata/router/weighted-router.yaml deleted file mode 100644 index bef07905077c..000000000000 --- a/test/extended/testdata/router/weighted-router.yaml +++ /dev/null @@ -1,222 +0,0 @@ -apiVersion: template.openshift.io/v1 -kind: Template -parameters: -- name: IMAGE - value: openshift/origin-haproxy-router:latest -- name: DEFAULT_CERTIFICATE - value: |- - -----BEGIN CERTIFICATE----- - MIIDuTCCAqGgAwIBAgIUZYD30F0sJl7HqxE7gAequtxk/HowDQYJKoZIhvcNAQEL - BQAwgaExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzEVMBMGA1UEBwwMRGVmYXVs - dCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRAwDgYDVQQLDAdU - ZXN0IENBMRowGAYDVQQDDBF3d3cuZXhhbXBsZWNhLmNvbTEiMCAGCSqGSIb3DQEJ - ARYTZXhhbXBsZUBleGFtcGxlLmNvbTAeFw0yMjAxMjgwMjU0MDlaFw0zMjAxMjYw - MjU0MDlaMHwxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTELMAkGA1UECAwCU0Mx - CzAJBgNVBAYTAlVTMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29t - MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdFeGFtcGxlMIIBIjANBgkqhkiG - 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71W7gdEnM+Nm4/SA/4jEJ2SPQfVjkCMsIYGO - WrLLHq23HkMGstQoPyBnjLY8LmkKQsNhhWGRMWQz6+yGKgI1gh8huhfocuw+HODE - K3ugP/3DlaVEQlIQbVzwxDx+K78UqZHecQAJfvakuS/JThxsMf8/pqLuhjAf+t9N - k0CO8Z6mNVALtSvyQ+e+zjmzepVtu6WmtJ+8zW9dBQEmg0QCfWFd06836LrfixLk - vTRgCn0lzTuj7rSuGjY45JDIvKK4jZGQJKsYN59Wxg1d2CEoXBUJOJjecVdS3NhY - ubHNdcm+6Equ5ZmyVEkBmv462rOcednsHU6Ggt/vWSe05EOPVQIDAQABow0wCzAJ - BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCHI+fkEr27bJ2IMtFuHpSLpFF3 - E4R5oVHt8XjflwKmuclyyLa8Z7nXnuvQLHa4jwf0tWUixsmtOyQN4tBI/msMk2PF - +ao2amcPoIo2lAg63+jFsIzkr2MEXBPu09wwt86e3XCoqmqT1Psnihh+Ys9KIPnc - wMr9muGkOh03O61vo71iaV17UKeGM4bzod333pSQIXLdYnoOuvmKdCsnD00lADoI - 93DmG/4oYR/mD93QjxPFPDxDxR4isvWGoj7iXx7CFkN7PR9B3IhZt+T//ddeau3y - kXK0iSxOhyaqHvl15hHQ8tKPBBJRSDVU4qmaqAYWRXr65yxBoelHhTJQ6Gt4 - -----END CERTIFICATE----- - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvVbuB0Scz42bj - 9ID/iMQnZI9B9WOQIywhgY5assserbceQway1Cg/IGeMtjwuaQpCw2GFYZExZDPr - 7IYqAjWCHyG6F+hy7D4c4MQre6A//cOVpURCUhBtXPDEPH4rvxSpkd5xAAl+9qS5 - L8lOHGwx/z+mou6GMB/6302TQI7xnqY1UAu1K/JD577OObN6lW27paa0n7zNb10F - ASaDRAJ9YV3Trzfout+LEuS9NGAKfSXNO6PutK4aNjjkkMi8oriNkZAkqxg3n1bG - DV3YIShcFQk4mN5xV1Lc2Fi5sc11yb7oSq7lmbJUSQGa/jras5x52ewdToaC3+9Z - J7TkQ49VAgMBAAECggEAaCBzqOI3XSLlo+2/pe158e2VSkwZ2h8DVzyHk7xQFPPd - RKRCqNEXBYfypUyv2D1JAo0Aw8gUJFoFIPLR2DsHzqn+wXkfX8iaqXO8xXJO4Shl - zJiPnw8XKI2UDryG5D+JHNFi5uTuPLfQKOW6fmptRD9aEQS4I9eSQlKe7J7c0g+t - pCR1vCp6ZMFIXDgpHhquArI1fjA36nWK0dJkaO9LrTYPgeMIr0KFjEF+W3UPh/af - uw/KLjzyzHExwfVBcGZonb6rG1nU/7isUHqK75OhOKDcXpv+7NCBYZ6fu4COlE0O - +yGztbRXojWo1upKzzGPM+yoLyNA1aSljpCGOCSljQKBgQD+4i5FzRQ+e1XZxvUt - izypHHQcc7y9DfwKTwLXb9EUhmGCmrxVIuM+gm5N/Y/eXDjqtR2bqg7iIFjj3KTS - f9djCYT8FqlTtyDBk/qFNLchDX/mrykOuhqIXfT7JpQbk5+qkCy8k2ZJMl2ToNXA - WRqRCP4oa1WJMmoJFwo3BIVRIwKBgQDwYh2ryrs/QFE0W082oHAQ3Nrce5JmOtFp - 70X/v8zZ8ESdeo7KOS0tNLeirBxlDGvUAesKwUHU1YwTgWhl/DkoPtv9INgT8kxS - VRcrix9kq62uiD+TKI732mwoG36keJdRECrQYRYjX+mf364EI+DeNmbPs3xsigaF - Zdbg+umxJwKBgF4fFelOvuAH2X8PGnDUDvV//VyYXKUPqfgAj1MRBotmyFFbZJqn - xHTL44HHVb5OHfKGKUXXeaGFQm36h573+Iio9kPE9ohkgqMZSxSvj8ST4JxGKIo4 - rR2YXKP17hF05SwuC2cjo0z6XVXruaNLBCV0xa4VXMPKKx/qMyp37+czAoGBAL8c - woo6e/QlpmoBzlCX7YD6leaFODeeu6+FVBmo26zJoUOylKOiIZC3QOhL/ac44OGF - ROEgFL6pqNw5Hk824BpnH294FVKGaLdsfydXTHY1J7iDCkhtDn1vYl3gvib02RjR - ybgx9+/X6V3579fKzpTcm5C2Gk4Qzm5wMQ5dbj4xAoGBANYzYbBu8bItAEE6ohgf - D27SPW7VJsHGzbgRNC2SGCBzo3XaTJ0A8IMP+ghl5ndCJdLBz2FpeZLQvxOuopQD - J5dJXQxp7y20vh2C1e3wTPlA5CHHKpU1JZAe4THCJUg+EPwa4I+BOlvp71EB7BaH - bk65iLoLrUSkxMDi46qTAs5K - -----END PRIVATE KEY----- -objects: -# a weighted router -- apiVersion: v1 - kind: Pod - metadata: - name: weighted-router - labels: - test: weighted-router - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: router - image: ${IMAGE} - imagePullPolicy: IfNotPresent - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DEFAULT_CERTIFICATE - value: |- - ${DEFAULT_CERTIFICATE} - args: ["--namespace=$(POD_NAMESPACE)", "-v=4", "--labels=select=weighted", "--stats-password=password", "--stats-port=1936", "--stats-user=admin"] - hostNetwork: false - ports: - - containerPort: 80 - - containerPort: 443 - - containerPort: 1936 - name: stats - protocol: TCP - serviceAccountName: default - -# ensure the router can access routes and endpoints -- apiVersion: v1 - kind: RoleBinding - metadata: - name: system-router - subjects: - - kind: ServiceAccount - name: default - roleRef: - name: system:router - -# a route that has multiple weighted services that it points to -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: weightedroute - labels: - test: router - select: weighted - spec: - host: weighted.example.com - to: - name: weightedendpoints1 - kind: Service - weight: 90 - alternateBackends: - - name: weightedendpoints2 - kind: Service - weight: 10 - ports: - - targetPort: 8080 - -# a route that has multiple services but all weights are zero -- apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: zeroweightroute - labels: - test: router - select: weighted - spec: - host: zeroweight.example.com - to: - name: weightedendpoints1 - kind: Service - weight: 0 - alternateBackends: - - name: weightedendpoints2 - kind: Service - weight: 0 - ports: - - targetPort: 8080 - -# two services that can be routed to -- apiVersion: v1 - kind: Service - metadata: - name: weightedendpoints1 - labels: - test: router - spec: - selector: - test: weightedrouter1 - endpoints: weightedrouter1 - ports: - - port: 8080 -- apiVersion: v1 - kind: Service - metadata: - name: weightedendpoints2 - labels: - test: router - spec: - selector: - test: weightedrouter2 - endpoints: weightedrouter2 - ports: - - port: 8080 -# two pods that serves a response -- apiVersion: v1 - kind: Pod - metadata: - name: endpoint-1 - labels: - test: weightedrouter1 - endpoints: weightedrouter1 - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP -- apiVersion: v1 - kind: Pod - metadata: - name: endpoint-2 - labels: - test: weightedrouter2 - endpoints: weightedrouter2 - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP -- apiVersion: v1 - kind: Pod - metadata: - name: endpoint-3 - labels: - test: weightedrouter2 - endpoints: weightedrouter2 - spec: - terminationGracePeriodSeconds: 1 - containers: - - name: test - image: registry.k8s.io/e2e-test-images/agnhost:2.40 - args: ["netexec"] - ports: - - containerPort: 8080 - name: http - - containerPort: 100 - protocol: UDP diff --git a/test/extended/util/annotate/generated/zz_generated.annotations.go b/test/extended/util/annotate/generated/zz_generated.annotations.go index 5a097898388a..0e6ab55d702c 100644 --- a/test/extended/util/annotate/generated/zz_generated.annotations.go +++ b/test/extended/util/annotate/generated/zz_generated.annotations.go @@ -1961,13 +1961,13 @@ var Annotations = map[string]string{ "[sig-network-edge] DNS should answer endpoint and wildcard queries for the cluster": " [Disabled:Broken]", - "[sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [apigroup:config.openshift.io][apigroup:template.openshift.io]": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel/minimal]", + "[sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [apigroup:config.openshift.io]": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel/minimal]", - "[sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the gRPC interoperability tests [apigroup:config.openshift.io][apigroup:route.openshift.io][apigroup:template.openshift.io]": " [Suite:openshift/conformance/parallel/minimal]", + "[sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the gRPC interoperability tests [apigroup:config.openshift.io][apigroup:route.openshift.io][apigroup:operator.openshift.io]": " [Suite:openshift/conformance/parallel/minimal]", - "[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io] The HAProxy router should pass the h2spec conformance tests [apigroup:config.openshift.io][apigroup:authorization.openshift.io][apigroup:user.openshift.io][apigroup:security.openshift.io][apigroup:template.openshift.io]": " [Suite:openshift/conformance/parallel/minimal]", + "[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io] The HAProxy router should pass the h2spec conformance tests [apigroup:config.openshift.io][apigroup:authorization.openshift.io][apigroup:user.openshift.io][apigroup:security.openshift.io][apigroup:operator.openshift.io]": " [Suite:openshift/conformance/parallel/minimal]", - "[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router should pass the http2 tests [apigroup:image.openshift.io][apigroup:template.openshift.io]": " [Suite:openshift/conformance/parallel/minimal]", + "[sig-network-edge][Conformance][Area:Networking][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router should pass the http2 tests [apigroup:image.openshift.io][apigroup:operator.openshift.io]": " [Suite:openshift/conformance/parallel/minimal]", "[sig-network-edge][Feature:Idling] Idling with a single service and DeploymentConfig [apigroup:route.openshift.io] should idle the service and DeploymentConfig properly [apigroup:apps.openshift.io]": " [Disabled:Broken]", @@ -2593,23 +2593,23 @@ var Annotations = map[string]string{ "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router converges when multiple routers are writing status": " [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io] when FIPS is disabled the HAProxy router should serve routes when configured with a 1024-bit RSA key [apigroup:template.openshift.io]": " [Feature:Networking-IPv4] [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should override the route host for overridden domains with a custom value [apigroup:image.openshift.io]": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io] when FIPS is enabled the HAProxy router should not work when configured with a 1024-bit RSA key [apigroup:template.openshift.io]": " [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should override the route host with a custom value": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router reports the expected host names in admitted routes' statuses": " [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io] The HAProxy router should serve the correct routes when scoped to a single namespace and label set": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router should serve the correct routes when running with the haproxy config manager": " [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io] when FIPS is disabled the HAProxy router should serve routes when configured with a 1024-bit RSA key": " [Feature:Networking-IPv4] [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io][apigroup:template.openshift.io] The HAProxy router should run even if it has no access to update status [apigroup:image.openshift.io]": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io] when FIPS is enabled the HAProxy router should not work when configured with a 1024-bit RSA key": " [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:operator.openshift.io][apigroup:apps.openshift.io] The HAProxy router should support reencrypt to services backed by a serving certificate automatically": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router reports the expected host names in admitted routes' statuses": " [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:template.openshift.io] The HAProxy router should override the route host for overridden domains with a custom value [apigroup:image.openshift.io]": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router should run even if it has no access to update status [apigroup:image.openshift.io]": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:template.openshift.io] The HAProxy router should override the route host with a custom value": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:config.openshift.io] The HAProxy router should serve the correct routes when running with the haproxy config manager": " [Suite:openshift/conformance/parallel]", - "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:template.openshift.io] The HAProxy router should serve the correct routes when scoped to a single namespace and label set": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", + "[sig-network][Feature:Router][apigroup:route.openshift.io][apigroup:operator.openshift.io][apigroup:apps.openshift.io] The HAProxy router should support reencrypt to services backed by a serving certificate automatically": " [Skipped:Disconnected] [Suite:openshift/conformance/parallel]", "[sig-network][Feature:Whereabouts] should assign unique IP addresses to each pod in the event of a race condition case [apigroup:k8s.cni.cncf.io]": " [Suite:openshift/conformance/parallel]", diff --git a/test/extended/util/annotate/rules.go b/test/extended/util/annotate/rules.go index 1727a110570e..a12442f00ffd 100644 --- a/test/extended/util/annotate/rules.go +++ b/test/extended/util/annotate/rules.go @@ -266,13 +266,13 @@ var ( `\[sig-network\]\[Feature:Router\]\[apigroup:config.openshift.io\] The HAProxy router should expose a health check on the metrics port`, `\[sig-network\]\[Feature:Router\]\[apigroup:config.openshift.io\] The HAProxy router should expose prometheus metrics for a route`, `\[sig-network\]\[Feature:Router\]\[apigroup:config.openshift.io\] The HAProxy router should expose the profiling endpoints`, - `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\]\[apigroup:template.openshift.io\] The HAProxy router should override the route host for overridden domains with a custom value`, - `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\]\[apigroup:template.openshift.io\] The HAProxy router should override the route host with a custom value`, + `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\] The HAProxy router should override the route host for overridden domains with a custom value`, + `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\] The HAProxy router should override the route host with a custom value`, `\[sig-network\]\[Feature:Router\]\[apigroup:operator.openshift.io\]\[apigroup:apps.openshift.io\] The HAProxy router should respond with 503 to unrecognized hosts`, - `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\]\[apigroup:config.openshift.io\]\[apigroup:template.openshift.io\] The HAProxy router should run even if it has no access to update status`, + `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\]\[apigroup:config.openshift.io\] The HAProxy router should run even if it has no access to update status`, `\[sig-network\]\[Feature:Router\]\[apigroup:config.openshift.io\]\[apigroup:image.openshift.io\] The HAProxy router should serve a route that points to two services and respect weights`, `\[sig-network\]\[Feature:Router\]\[apigroup:operator.openshift.io\]\[apigroup:apps.openshift.io\] The HAProxy router should serve routes that were created from an ingress`, - `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\]\[apigroup:template.openshift.io\] The HAProxy router should serve the correct routes when scoped to a single namespace and label set`, + `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\] The HAProxy router should serve the correct routes when scoped to a single namespace and label set`, `\[sig-network\]\[Feature:Router\]\[apigroup:config.openshift.io\]\[apigroup:operator.openshift.io\]\[apigroup:apps.openshift.io\] The HAProxy router should set Forwarded headers appropriately`, `\[sig-network\]\[Feature:Router\]\[apigroup:route.openshift.io\]\[apigroup:operator.openshift.io\]\[apigroup:apps.openshift.io\] The HAProxy router should support reencrypt to services backed by a serving certificate automatically`, `\[sig-network\] Networking should provide Internet connection for containers \[Feature:Networking-IPv6\]`,