Have Istio optional (#645)

* limitador_cluster_envoyfilter_controller optional * rate_limiting_wasmplugin_controller optional * istio optional The operator runs even when Istio or GatewayAPI are not present * locking istio deps on its own golang package. part 1 * locking istio deps on its own golang package. part 2 * istio tests. part 1 * istio tests. part 2 * pkg/istio/external_authorizer.go: fix kuadrant cr removal when istio not installed * doc/development.md: update * istio tests. part 3 * istio tests. part 4 * doc/development.md: little change * kuadrant status reports on lack of at least one of the supported GatewayAPI providers * bring changes from main * fix conflicts * fix unittests * fix controllers/kuadrant_controller_test.go name * Update .github/workflows/test.yaml Co-authored-by: Kevin Fan <[email protected]> * Update .github/workflows/test.yaml Co-authored-by: Kevin Fan <[email protected]> * Update .github/workflows/test.yaml Co-authored-by: Kevin Fan <[email protected]> * moving istio registration logic back to controllers * Update tests/gatewayapi/suite_test.go Co-authored-by: Guilherme Cassolato <[email protected]> * controllers/authpolicy_authconfig.go: revert unnecessary change * GATEWAYAPI_PROVIDER=istio in lowercase * bring change from 'Start subnet offset at 1 to avoid overlap with kind cluster ips' CommitID: 3cd0fa9 * integration tests: INTEGRATION_TESTS_EXTRA_ARGS makefile variable --------- Co-authored-by: Kevin Fan <[email protected]> Co-authored-by: Guilherme Cassolato <[email protected]>
Kuadrant · Jun 3, 2024 · 833650b · 833650b
1 parent 7481023
commit 833650b
Show file tree

Hide file tree

Showing 53 changed files with 2,942 additions and 1,700 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -2,10 +2,10 @@ name: Test
 
 on:
   push:
-    branches: [ 'main' ]
+    branches: ['main']
 
   pull_request:
-    branches: [ '*' ]
+    branches: ['*']
     paths-ignore:
       - '**.adoc'
       - '**.md'
@@ -20,8 +20,8 @@ jobs:
     name: Unit Tests
     strategy:
       matrix:
-        go-version: [ 1.21.x ]
-        platform: [ ubuntu-latest ]
+        go-version: [1.21.x]
+        platform: [ubuntu-latest]
     runs-on: ${{ matrix.platform }}
     defaults:
       run:
@@ -49,16 +49,16 @@ jobs:
           fail_ci_if_error: false
           verbose: true
 
-  integration-tests:
-    name: Integration Tests
+  controllers-integration-tests:
+    name: Integration Tests for github.com/kuadrant/kuadrant-operator/controllers
     strategy:
       matrix:
-        istio-type: [ sail, istioctl ]
-        pr-event:
-          - ${{ github.event_name == 'pull_request' }}
-        exclude:
-          - istio-type: sail
-            pr-event: true
+        gatewayapi-provider: [istio]
+        include:
+          # - istio-type: sail
+          #   gatewayapi-provider: istio
+          - istio-type: istioctl
+            gatewayapi-provider: istio
     runs-on: ubuntu-latest
     env:
       KIND_CLUSTER_NAME: kuadrant-test
@@ -84,12 +84,9 @@ jobs:
       - name: Check cluster info
         run: |
           kubectl cluster-info dump
-      - name: Run make test-env-setup istio-type=${{ matrix.istio-type }}
+      - name: Run make env-setup GATEWAYAPI_PROVIDER=${{ matrix.gatewayapi-provider }} ISTIO_INSTALL_SAIL=${{ matrix.istio-type == 'sail' && true || false }}
         run: |
-          make test-env-setup ISTIO_INSTALL_SAIL=${{ matrix.istio-type == 'sail' && true || false }}
-      - name: Wait for deployments
-        run: |
-          kubectl -n ${{ env.KUADRANT_NAMESPACE }} wait --timeout=300s --for=condition=Available deployments --all
+          make env-setup GATEWAYAPI_PROVIDER=${{ matrix.gatewayapi-provider }} ISTIO_INSTALL_SAIL=${{ matrix.istio-type == 'sail' && true || false }}
       - name: Run integration tests
         run: |
           make test-integration
@@ -101,7 +98,142 @@ jobs:
         uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          flags: integration
+          flags: controllers-integration
+          fail_ci_if_error: false
+          verbose: true
+
+  bare-k8s-integration-tests:
+    name: Integration Tests for github.com/kuadrant/kuadrant-operator/tests/bare_k8s
+    runs-on: ubuntu-latest
+    env:
+      KIND_CLUSTER_NAME: kuadrant-test
+      KUADRANT_NAMESPACE: kuadrant-system
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Set up Go 1.21.x
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+        id: go
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Create k8s Kind Cluster
+        uses: helm/[email protected]
+        with:
+          version: v0.22.0
+          config: utils/kind-cluster.yaml
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          wait: 120s
+      - name: Check cluster info
+        run: |
+          kubectl cluster-info dump
+      - name: Run make k8s-env-setup
+        run: |
+          make k8s-env-setup
+      - name: Run integration tests
+        run: |
+          make test-bare-k8s-integration
+      - name: Upload integration-test coverage reports to CodeCov
+        # more at https://github.com/codecov/codecov-action
+        # Only run if the feature branch is in your repo (not in a fork)
+        # as Tokenless uploading is rate limited for public repos
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          flags: bare-k8s-integration
+          fail_ci_if_error: false
+          verbose: true
+
+  gatewayapi-integration-tests:
+    name: Integration Tests for github.com/kuadrant/kuadrant-operator/tests/gatewayapi
+    runs-on: ubuntu-latest
+    env:
+      KIND_CLUSTER_NAME: kuadrant-test
+      KUADRANT_NAMESPACE: kuadrant-system
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Set up Go 1.21.x
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+        id: go
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Create k8s Kind Cluster
+        uses: helm/[email protected]
+        with:
+          version: v0.22.0
+          config: utils/kind-cluster.yaml
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          wait: 120s
+      - name: Check cluster info
+        run: |
+          kubectl cluster-info dump
+      - name: Run make gatewayapi-env-setup
+        run: |
+          make gatewayapi-env-setup
+      - name: Run integration tests
+        run: |
+          make test-gatewayapi-env-integration
+      - name: Upload integration-test coverage reports to CodeCov
+        # more at https://github.com/codecov/codecov-action
+        # Only run if the feature branch is in your repo (not in a fork)
+        # as Tokenless uploading is rate limited for public repos
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          flags: gatewayapi-integration
+          fail_ci_if_error: false
+          verbose: true
+
+  istio-integration-tests:
+    name: Integration Tests for github.com/kuadrant/kuadrant-operator/tests/istio
+    runs-on: ubuntu-latest
+    env:
+      KIND_CLUSTER_NAME: kuadrant-test
+      KUADRANT_NAMESPACE: kuadrant-system
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Set up Go 1.21.x
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+        id: go
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Create k8s Kind Cluster
+        uses: helm/[email protected]
+        with:
+          version: v0.22.0
+          config: utils/kind-cluster.yaml
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          wait: 120s
+      - name: Check cluster info
+        run: |
+          kubectl cluster-info dump
+      - name: Run make istio-env-setup
+        run: |
+          make istio-env-setup
+      - name: Run integration tests
+        run: |
+          make test-istio-env-integration
+      - name: Upload integration-test coverage reports to CodeCov
+        # more at https://github.com/codecov/codecov-action
+        # Only run if the feature branch is in your repo (not in a fork)
+        # as Tokenless uploading is rate limited for public repos
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          flags: istio-integration
           fail_ci_if_error: false
           verbose: true
 
@@ -154,8 +286,8 @@ jobs:
     name: Test Scripts
     strategy:
       matrix:
-        go-version: [ 1.21.x ]
-        platform: [ ubuntu-latest, macos-latest ]
+        go-version: [1.21.x]
+        platform: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.platform }}
     defaults:
       run:

diff --git a/Makefile b/Makefile
@@ -81,8 +81,6 @@ IMG ?= $(IMAGE_TAG_BASE):$(IMAGE_TAG)
 
 # Directories containing unit & integration test packages
 UNIT_DIRS := ./pkg/... ./api/... ./controllers/...
-INTEGRATION_TEST_SUITE_PATHS := ./controllers/...
-INTEGRATION_COVER_PKGS := ./pkg/...,./controllers/...,./api/...
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -298,87 +296,13 @@ vet: ## Run go vet against code.
 clean-cov: ## Remove coverage reports
 	rm -rf $(PROJECT_PATH)/coverage
 
-.PHONY: test
-test: test-unit test-integration ## Run all tests
-
-test-integration: clean-cov generate fmt vet ginkgo ## Run Integration tests.
-	mkdir -p $(PROJECT_PATH)/coverage/integration
-#	Check `ginkgo help run` for command line options. For example to filtering tests.
-	$(GINKGO) \
-		--coverpkg $(INTEGRATION_COVER_PKGS) \
-		--output-dir $(PROJECT_PATH)/coverage/integration \
-		--coverprofile cover.out \
-		-tags integration \
-		$(INTEGRATION_TEST_SUITE_PATHS)
-
 ifdef TEST_NAME
 test-unit: TEST_PATTERN := --run $(TEST_NAME)
 endif
 test-unit: clean-cov generate fmt vet ## Run Unit tests.
 	mkdir -p $(PROJECT_PATH)/coverage/unit
 	go test $(UNIT_DIRS) -coverprofile $(PROJECT_PATH)/coverage/unit/cover.out -tags unit -v -timeout 0 $(TEST_PATTERN)
 
-.PHONY: namespace
-namespace: ## Creates a namespace where to deploy Kuadrant Operator
-	kubectl create namespace $(KUADRANT_NAMESPACE)
-
-.PHONY: local-deploy
-local-deploy: ## Deploy Kuadrant Operator in the cluster pointed by KUBECONFIG
-	$(MAKE) docker-build IMG=$(IMAGE_TAG_BASE):dev
-	$(KIND) load docker-image $(IMAGE_TAG_BASE):dev --name $(KIND_CLUSTER_NAME)
-	$(MAKE) deploy IMG=$(IMAGE_TAG_BASE):dev
-	kubectl -n $(KUADRANT_NAMESPACE) wait --timeout=300s --for=condition=Available deployments --all
-	@echo
-	@echo "Now you can export the kuadrant gateway by doing:"
-	@echo "kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 &"
-	@echo "export GATEWAY_URL=localhost:9080"
-	@echo "after that, you can curl -H \"Host: myhost.com\" \$$GATEWAY_URL"
-	@echo "-- Linux only -- Ingress gateway is exported using loadbalancer service in port 80"
-	@echo "export INGRESS_HOST=\$$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}')"
-	@echo "export INGRESS_PORT=\$$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name==\"http\")].port}')"
-	@echo "export GATEWAY_URL=\$$INGRESS_HOST:\$$INGRESS_PORT"
-	@echo "curl -H \"Host: myhost.com\" \$$GATEWAY_URL"
-	@echo
-
-.PHONY: local-setup
-local-setup: $(KIND) ## Deploy locally kuadrant operator from the current code
-	$(MAKE) local-env-setup
-	$(MAKE) local-deploy
-
-.PHONY: local-cleanup
-local-cleanup: ## Delete local cluster
-	$(MAKE) kind-delete-cluster
-
-.PHONY: local-cluster-setup
-local-cluster-setup: ## Sets up Kind cluster with GatewayAPI manifests and istio GW, nothing Kuadrant.
-	$(MAKE) kind-delete-cluster
-	$(MAKE) kind-create-cluster
-	$(MAKE) deploy-metrics-server
-	$(MAKE) namespace
-	$(MAKE) gateway-api-install
-	$(MAKE) install-metallb
-	$(MAKE) istio-install
-	$(MAKE) install-cert-manager
-	$(MAKE) deploy-gateway
-
-# kuadrant is not deployed
-.PHONY: local-env-setup
-local-env-setup: ## Deploys all services and manifests required by kuadrant to run. Used to run kuadrant with "make run"
-	$(MAKE) local-cluster-setup
-	$(MAKE) deploy-dependencies
-	$(MAKE) install
-
-.PHONY: test-env-setup
-test-env-setup: ## Deploys all services and manifests required by kuadrant to run on CI.
-	$(MAKE) namespace
-	$(MAKE) gateway-api-install
-	$(MAKE) install-metallb
-	$(MAKE) istio-install
-	$(MAKE) install-cert-manager
-	$(MAKE) deploy-gateway
-	$(MAKE) deploy-dependencies
-	$(MAKE) install
-
 ##@ Build
 
 build: generate fmt vet ## Build manager binary.
@@ -401,55 +325,6 @@ kind-load-image: ## Load image to local cluster
 kind-load-bundle: ## Load image to local cluster
 	$(KIND) load docker-image $(BUNDLE_IMG) --name $(KIND_CLUSTER_NAME)
 
-##@ Deployment
-
-install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	# Use server side apply, otherwise will hit into this issue https://medium.com/pareture/kubectl-install-crd-failed-annotations-too-long-2ebc91b40c7d
-	$(KUSTOMIZE) build config/crd | kubectl apply --server-side -f -
-
-uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl delete -f -
-
-deploy: manifests dependencies-manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/deploy | kubectl apply --server-side -f -
-	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMAGE_TAG_BASE):latest
-
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/deploy | kubectl delete -f -
-
-deploy-dependencies: kustomize dependencies-manifests ## Deploy dependencies to the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/dependencies | kubectl apply -f -
-	kubectl -n "$(KUADRANT_NAMESPACE)" wait --timeout=300s --for=condition=Available deployments --all
-
-.PHONY: install-metallb
-install-metallb: SUBNET_OFFSET=1
-install-metallb: kustomize yq ## Installs the metallb load balancer allowing use of an LoadBalancer type with a gateway
-	$(KUSTOMIZE) build config/metallb | kubectl apply -f -
-	kubectl -n metallb-system wait --for=condition=Available deployments controller --timeout=300s
-	kubectl -n metallb-system wait --for=condition=ready pod --selector=app=metallb --timeout=60s
-	./utils/docker-network-ipaddresspool.sh kind $(YQ) ${SUBNET_OFFSET} | kubectl apply -n metallb-system -f -
-
-.PHONY: uninstall-metallb
-uninstall-metallb: $(KUSTOMIZE)
-	$(KUSTOMIZE) build config/metallb | kubectl delete -f -
-
-.PHONY: install-olm
-install-olm: $(OPERATOR_SDK)
-	$(OPERATOR_SDK) olm install
-
-.PHONY: uninstall-olm
-uninstall-olm:
-	$(OPERATOR_SDK) olm uninstall
-
-deploy-catalog: $(KUSTOMIZE) $(YQ) ## Deploy operator to the K8s cluster specified in ~/.kube/config using OLM catalog image.
-	V="$(CATALOG_IMG)" $(YQ) eval '.spec.image = strenv(V)' -i config/deploy/olm/catalogsource.yaml
-	$(KUSTOMIZE) build config/deploy/olm | kubectl apply -f -
-
-undeploy-catalog: $(KUSTOMIZE) ## Undeploy controller from the K8s cluster specified in ~/.kube/config using OLM catalog image.
-	$(KUSTOMIZE) build config/deploy/olm | kubectl delete -f -
-
-
 # go-install-tool will 'go install' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-install-tool

diff --git a/...ndencies/gateway-api/gateway/gateway.yaml → ...g/dependencies/istio/gateway/gateway.yaml b/...ndencies/gateway-api/gateway/gateway.yaml → ...g/dependencies/istio/gateway/gateway.yaml
diff --git a/...es/gateway-api/gateway/kustomization.yaml → ...ndencies/istio/gateway/kustomization.yaml b/...es/gateway-api/gateway/kustomization.yaml → ...ndencies/istio/gateway/kustomization.yaml
diff --git a/controllers/authpolicy_controller.go b/controllers/authpolicy_controller.go
@@ -16,6 +16,7 @@ import (
 	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 	api "github.com/kuadrant/kuadrant-operator/api/v1beta2"
+	kuadrantgatewayapi "github.com/kuadrant/kuadrant-operator/pkg/library/gatewayapi"
 	"github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant"
 	"github.com/kuadrant/kuadrant-operator/pkg/library/mappers"
 	"github.com/kuadrant/kuadrant-operator/pkg/library/reconcilers"
@@ -260,6 +261,15 @@ func (r *AuthPolicyReconciler) reconcileRouteParentGatewayPolicies(ctx context.C
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *AuthPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	ok, err := kuadrantgatewayapi.IsGatewayAPIInstalled(mgr.GetRESTMapper())
+	if err != nil {
+		return err
+	}
+	if !ok {
+		r.Logger().Info("AuthPolicy controller disabled. GatewayAPI was not found")
+		return nil
+	}
+
 	httpRouteEventMapper := mappers.NewHTTPRouteEventMapper(mappers.WithLogger(r.Logger().WithName("httpRouteEventMapper")))
 	gatewayEventMapper := mappers.NewGatewayEventMapper(mappers.WithLogger(r.Logger().WithName("gatewayEventMapper")))