Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Tetrate Istio Distribution #245

Merged
merged 8 commits into from
May 2, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions eks-anywhere-common/Addons/Partner/Tetrate.io/namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: istio-system
labels:
aws.conformance.vendor: tetrate.io
aws.conformance.vendor-solution: tetrate-istio-distribution
aws.conformance.vendor-solution-version: 1.18.1
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: tetrate-istio-charts
namespace: flux-system
spec:
interval: 30s
url: https://tetratelabs.github.io/helm-charts
16 changes: 16 additions & 0 deletions eks-anywhere-common/Addons/Partner/Tetrate.io/tetrate-istiod.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: tetrate-istiod
namespace: istio-system
spec:
chart:
spec:
chart: istiod
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: tetrate-istio-charts
namespace: flux-system
version: 1.18.1
interval: 1m0s
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@

apiVersion: v1
kind: ConfigMap
metadata:
name: tetrate-tetsjob-script
namespace: istio-system
data:
run-functional-tests.sh: |-
#!/bin/sh

# Cleanup function to remove resources
cleanup() {
echo "Cleaning up resources..."
kubectl delete gateway httpbin-gateway -n istio-system
kubectl delete deployment custom-ingressgateway -n istio-system
# Any additional cleanup commands go here
echo "Cleanup completed."
}

# Trap statement to ensure cleanup runs on exit of the script
trap cleanup EXIT


error_exit()
{
echo "Test Failed: $1" 1>&2
exit 1
}

deploy_custom_gateway() {
# Create a custom Istio ingress gateway
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: custom-ingressgateway
namespace: istio-system
spec:
replicas: 1
selector:
matchLabels:
istio: custom-ingress-gw
template:
metadata:
annotations:
inject.istio.io/templates: gateway
labels:
istio: custom-ingress-gw
sidecar.istio.io/inject: "true"
spec:
containers:
- name: istio-proxy
image: auto # Make sure to replace this with the actual image you want to use.
EOF

# Verify the custom gateway has been deployed
kubectl get deployment custom-ingressgateway -n istio-system
}

deploy_test_gateway() {
# Create a Gateway resource
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
namespace: istio-system
spec:
selector:
istio: custom-ingress-gw # this should match the label of your Istio ingress gateway deployment
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "httpbin.example.com"
EOF

# Verify the Gateway has been created
kubectl get gateway httpbin-gateway -n istio-system
}

deploy_test_virtualservice() {
# Create a VirtualService resource
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin-virtualservice
namespace: istio-system
spec:
hosts:
- "httpbin.example.com"
gateways:
- httpbin-gateway
http:
- match:
- uri:
prefix: "/"
route:
- destination:
host: httpbin
port:
number: 80
EOF

# Verify the VirtualService has been created
kubectl get virtualservice httpbin-virtualservice -n istio-system
}

check_istio_gateway_config() {
# Get the name of the Istio ingressgateway pod
local ingress_gateway_pod=$(kubectl get pod -l istio=custom-ingress-gw -n istio-system -o jsonpath='{.items[0].metadata.name}')

# Check if the ingress gateway has received configuration from Istiod
local gateway_status=$(kubectl exec "$ingress_gateway_pod" -n istio-system -- curl -s 'http://localhost:15000/config_dump')

if echo "$gateway_status" | grep 'httpbin.example.com'; then
echo "Istio Ingress Gateway has received correct configuration from Istiod."
else
error_exit "Istio Ingress Gateway has not received correct configuration from Istiod."
fi
}

echo "Deploying custom Istio Ingress Gateway..."
deploy_custom_gateway || error_exit "Failed to deploy custom Istio Ingress Gateway."

# Wait for the custom ingress gateway deployment to be ready
echo "Waiting for the custom ingress gateway deployment to be ready..."
kubectl rollout status deployment/custom-ingressgateway -n istio-system || error_exit "Custom Istio Ingress Gateway deployment is not ready."

echo "Deploying test gateway..."
deploy_test_gateway || error_exit "Failed to deploy test gateway."

echo "Deploying test VirtualService..."
deploy_test_virtualservice || error_exit "Failed to deploy test VirtualService."

echo "Checking Istio Ingress Gateway configuration..."
check_istio_gateway_config || error_exit "Ingress Gateway configuration check failed."

echo "Istio functional test completed successfully."
exit 0
28 changes: 28 additions & 0 deletions eks-anywhere-common/Testers/Tetrate.io/tetrate-istiod-testjob.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: tetrate-istiod-health-test
namespace: istio-system
spec:
schedule: "10 10 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: tetrate-istiod-healthtest
image: 'alpine/k8s:1.26.2'
imagePullPolicy: Always
command:
- /bin/run-functional-tests.sh
volumeMounts:
- name: functional-tests-volume
mountPath: /bin/run-functional-tests.sh
readOnly: true
subPath: run-functional-tests.sh
volumes:
- name: functional-tests-volume
configMap:
defaultMode: 0700
name: tetrate-tetsjob-script
restartPolicy: Never
29 changes: 29 additions & 0 deletions eks-anywhere-common/Testers/Tetrate.io/tetrate-testjob-role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tetrate-istiod-job-role
namespace: istio-system
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "services"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["networking.istio.io"]
resources: ["gateways", "virtualservices", "destinationrules", "serviceentries", "envoyfilters"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tetrate-istiod-job-rolebinding
namespace: istio-system
subjects:
- kind: ServiceAccount
name: default
namespace: istio-system
roleRef:
kind: Role
name: tetrate-istiod-job-role
apiGroup: rbac.authorization.k8s.io