Add test for ingress internal and external.

* Add genereate_config.sh to generate config for tests. It should be run before running tests. * Add tests for ingress internal and external.
GoogleCloudPlatform · Oct 16, 2023 · 94e3003 · 94e3003
1 parent e47ccf8
commit 94e3003
Show file tree

Hide file tree

Showing 10 changed files with 204 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,5 @@ asm/
 .crt
 .key
 .pem
-certs/
+certs/
+test/test.conf
diff --git a/ingress/single-cluster/ingress-external-basic/cleanup.sh b/ingress/single-cluster/ingress-external-basic/cleanup.sh
@@ -19,4 +19,27 @@ set -o nounset;
 set -o pipefail;
 set -o xtrace;
 
-echo "Running external basic cleanup."
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-external-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name" || true)
+# Set a non-empty value for conext since --context="" will default to use current context
+if [[ -z "${context}" ]]; then
+    context="empty-context"
+fi
+
+ingress_name="foo-external"
+fr=$(get_forwarding_rule "${ingress_name}" "${test_name}" "${context}")
+thp=$(get_target_http_proxy "${ingress_name}" "${test_name}" "${context}")
+thsp=$(get_target_https_proxy "${ingress_name}" "${test_name}" "${context}")
+um=$(get_url_map "${ingress_name}" "${test_name}" "${context}")
+backends=$(get_backends "${ingress_name}" "${test_name}" "${context}")
+negs=$(get_negs "${context}")
+
+resource_yaml="ingress/single-cluster/ingress-external-basic/external-ingress-basic.yaml"
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "${fr}" "${thp}" "${thsp}" "${um}" "${backends}" "${negs}"
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-external-basic/run-test.sh b/ingress/single-cluster/ingress-external-basic/run-test.sh
@@ -19,4 +19,18 @@ set -o nounset;
 set -o pipefail;
 set -o xtrace;
 
-echo "Running external basic test."
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-external-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name" || true)
+# Set a non-empty value for conext since --context="" will default to use current context
+if [[ -z "${context}" ]]; then
+    context="empty-context"
+fi
+
+vip=$(wait_for_ingress_ip "foo-external" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+check_http_status "${vip}" 200 "host: foo.example.com"
+check_http_status "${vip}" 404 "host: bar.example.com"
diff --git a/ingress/single-cluster/ingress-external-basic/setup.sh b/ingress/single-cluster/ingress-external-basic/setup.sh
@@ -19,4 +19,18 @@ set -o nounset;
 set -o pipefail;
 set -o xtrace;
 
-echo "Running external basic setup."
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-external-basic"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name" || true)
+# Set a non-empty value for conext since --context="" will default to use current context
+if [[ -z "${context}" ]]; then
+    context="empty-context"
+fi
+
+resource_yaml="ingress/single-cluster/ingress-external-basic/external-ingress-basic.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
diff --git a/ingress/single-cluster/ingress-internal-basic/cleanup.sh b/ingress/single-cluster/ingress-internal-basic/cleanup.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-internal-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name" || true)
+# Set a non-empty value for conext since --context="" will default to use current context
+if [[ -z "${context}" ]]; then
+    context="empty-context"
+fi
+
+ingress_name="foo-internal"
+fr=$(get_forwarding_rule "${ingress_name}" "${test_name}" "${context}")
+thp=$(get_target_http_proxy "${ingress_name}" "${test_name}" "${context}")
+thsp=$(get_target_https_proxy "${ingress_name}" "${test_name}" "${context}")
+um=$(get_url_map "${ingress_name}" "${test_name}" "${context}")
+backends=$(get_backends "${ingress_name}" "${test_name}" "${context}")
+negs=$(get_negs "${context}")
+
+resource_yaml="ingress/single-cluster/ingress-internal-basic/internal-ingress-basic.yaml"
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "${fr}" "${thp}" "${thsp}" "${um}" "${backends}" "${negs}"
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-internal-basic/run-test.sh b/ingress/single-cluster/ingress-internal-basic/run-test.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-internal-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name" || true)
+# Set a non-empty value for conext since --context="" will default to use current context
+if [[ -z "${context}" ]]; then
+    context="empty-context"
+fi
+
+vip=$(wait_for_ingress_ip "foo-internal" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+check_http_status "${vip}" 200 "host: foo.example.com" "${test_name}" "${zone}"
+check_http_status "${vip}" 404 "host: bar.example.com" "${test_name}" "${zone}"
diff --git a/ingress/single-cluster/ingress-internal-basic/setup.sh b/ingress/single-cluster/ingress-internal-basic/setup.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-internal-basic"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+setup_ilb "${test_name}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name" || true)
+# Set a non-empty value for conext since --context="" will default to use current context
+if [[ -z "${context}" ]]; then
+    context="empty-context"
+fi
+
+resource_yaml="ingress/single-cluster/ingress-internal-basic/internal-ingress-basic.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
diff --git a/test/README.md b/test/README.md
@@ -32,6 +32,18 @@ Make sure you are at the root directory of the repository.
 cd gke-networking-recipes
 ```
 
+
+First, set ZONE and SUBNET_REGION environment variable, then run ./test/generate_config.sh to generate the testing config.
+```
+export ZONE=zone
+export SUBNET_REGION=subnet_region
+
+./test/generate_config.sh
+```
+
+To run ingress-https test, you need a special project($DNS_PROJECT) that has configured DNS domain, and make sure the current service account have role/dns_admin access to that project. 
+Create a public DNS zone(DNS_ZONE). Then set the environment variable for DNS_PROJECT, HTTPS_RECORD1, HTTPS_RECORD2, and DNS_ZONE before running generate_env.sh. Make sure these records that uses the DNS name of the created DNS zone as suffix.
+
 To run a specific test, run the setup.sh, run-test.sh, and cleanup.sh in order in the recipe directory.
 
 ```

diff --git a/test/generate_config.sh b/test/generate_config.sh
@@ -0,0 +1,11 @@
+testConf="test/test.conf"
+echo "Writing to ${testConf}"
+echo "----"
+cat <<EOF |  tee ${testConf}
+zone="${ZONE}"
+subnet_region="${SUBNET_REGION}"
+dns_project="${DNS_PROJECT}"
+dns_zone="${DNS_ZONE}"
+https_record1="${HTTPS_RECORD1}"
+https_record2="${HTTPS_RECORD2}"
+EOF
diff --git a/test/helper.sh b/test/helper.sh
@@ -36,14 +36,15 @@ get_hash() {
 # Returns:
 #   0 if the ingress IP is populated within 15 minutes, 1 if not.
 wait_for_ingress_ip() {
-    local ing ns ATTEMPT
+    local ing ns conext ATTEMPT
     ing="$1"
     ns="$2"
+    context="$3"
 
     # 180*5s=15min
     for ATTEMPT in $(seq 180); do
         local vip
-        vip=$(kubectl get ingress ${ing} \
+        vip=$(kubectl --context "${context}" get ingress ${ing} \
               -n ${ns} \
               -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
         if [[ ! -z "$vip" ]]; then
@@ -62,15 +63,16 @@ wait_for_ingress_ip() {
 # Returns:
 #   0 if the status of the given certificate is Active within 60 minutes, 1 if not.
 wait_for_managed_cert() {
-    local mc ns ATTEMPT
+    local mc ns context ATTEMPT
     mc="$1"
     ns="$2"
+    context="$3"
 
     # 360*10s=60min
     for ATTEMPT in $(seq 360); do
         local certStatus domainStatus status
         # Check status of the certificate.
-        certStatus=$(kubectl get ManagedCertificate ${mc} \
+        certStatus=$(kubectl --context "${context}" get ManagedCertificate ${mc} \
                      -n ${ns} \
                      -o jsonpath="{.status.certificateStatus}")
         if [[ "${certStatus}" != "Active" ]]; then
@@ -79,7 +81,7 @@ wait_for_managed_cert() {
         fi
 
         # Check status of each domain.
-        domainStatus=( $(kubectl get ManagedCertificate ${mc} \
+        domainStatus=( $(kubectl --context "${context}" get ManagedCertificate ${mc} \
                          -n ${ns} \
                          -o jsonpath="{.status.domainStatus}" | \
                          jq  ".[] | .status") )
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,4 +4,5 @@ asm/ @@
     .crt
     .key
     .pem
-    certs/
+    certs/
+    test/test.conf