Enable L7 and k8s secrets in tests

This enables the ingress controller (thus l7 proxy) in the test setups
as well as the tls secrets backend to be k8s.
This allows the L7 ans TLS connectivity tests to run.

Signed-off-by: Maartje Eyskens <[email protected]>

.github/in-cluster-test-scripts/aks-azure-ipam-install.sh

@@ -14,4 +14,6 @@ cilium install \
   --azure-client-id "${AZURE_CLIENT_ID}" \
   --azure-client-secret "${AZURE_CLIENT_SECRET}" \
   --wait=false \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none

.github/in-cluster-test-scripts/aks-byocni-install.sh

@@ -9,4 +9,6 @@ cilium install \
   --disable-check=az-binary \
   --datapath-mode=aks-byocni \
   --wait=false \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none

.github/in-cluster-test-scripts/eks-tunnel.sh

@@ -10,6 +10,8 @@ cilium install \
   --wait=false \
   --config monitor-aggregation=none \
   --datapath-mode=tunnel \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s \
   --ipam cluster-pool
 
 # Enable Relay

.github/in-cluster-test-scripts/eks.sh

@@ -8,6 +8,8 @@ cilium install \
   --version "${CILIUM_VERSION}" \
   --cluster-name "${CLUSTER_NAME}" \
   --wait=false \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none
 
 # Enable Relay

.github/in-cluster-test-scripts/external-workloads-install.sh

@@ -10,6 +10,8 @@ cilium install \
   --config monitor-aggregation=none \
   --config tunnel=vxlan \
   --kube-proxy-replacement=strict \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s \
   --ipv4-native-routing-cidr="${CLUSTER_CIDR}"
 
 # Enable Relay

.github/in-cluster-test-scripts/gke.sh

@@ -8,7 +8,9 @@ cilium install \
   --version "${CILIUM_VERSION}" \
   --cluster-name "${CLUSTER_NAME}" \
   --config monitor-aggregation=none \
-  --ipv4-native-routing-cidr="${CLUSTER_CIDR}"
+  --ipv4-native-routing-cidr="${CLUSTER_CIDR}" \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s
 
 # Enable Relay
 cilium hubble enable

.github/in-cluster-test-scripts/multicluster.sh

@@ -11,6 +11,8 @@ CONTEXT2=$(kubectl config view | grep "${CLUSTER_NAME_2}" | head -1 | awk '{prin
 cilium install \
   --version "${CILIUM_VERSION}" \
   --context "${CONTEXT1}" \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s \
   --cluster-name "${CLUSTER_NAME_1}" \
   --cluster-id 1 \
   --config monitor-aggregation=none \
@@ -20,6 +22,8 @@ cilium install \
 cilium install \
   --version "${CILIUM_VERSION}" \
   --context "${CONTEXT2}" \
+  --helm-set ingressController.enabled=true \
+  --helm-set tls.secretsBackend=k8s \
   --cluster-name "${CLUSTER_NAME_2}" \
   --cluster-id 2 \
   --config monitor-aggregation=none \

.github/workflows/kind.yaml

@@ -60,7 +60,9 @@ jobs:
             --version=${{ env.cilium_version }} \
             --wait=false \
             --config monitor-aggregation=none \
-            --helm-set cni.chainingMode=portmap
+            --helm-set cni.chainingMode=portmap \
+            --helm-set ingressController.enabled=true \
+            --helm-set tls.secretsBackend=k8s
 
       - name: Enable Relay
         run: |
@@ -85,7 +87,10 @@ jobs:
 
       - name: Install Cilium with IPsec Encryption
         run: |
-          cilium install --version=${{ env.cilium_version}} --encryption=ipsec --kube-proxy-replacement=disabled
+          cilium install \
+          --version=${{ env.cilium_version}} \
+          --encryption=ipsec \
+          --kube-proxy-replacement=disabled
 
       - name: Enable Relay
         run: |