From 76feee7903c8832934f4f3bad7317082bcfeecdc Mon Sep 17 00:00:00 2001 From: Maartje Eyskens Date: Fri, 24 Feb 2023 11:12:41 +0100 Subject: [PATCH] Enable L7 and k8s secrets in tests This enables the Envoy l7 proxy backend in the test setups as well as the tls secrets backend to be k8s. This allows the L7 ans TLS connectivity tests to run. Signed-off-by: Maartje Eyskens --- .../in-cluster-test-scripts/aks-azure-ipam-install.sh | 2 ++ .github/in-cluster-test-scripts/aks-byocni-install.sh | 2 ++ .github/in-cluster-test-scripts/eks-tunnel.sh | 2 ++ .github/in-cluster-test-scripts/eks.sh | 2 ++ .../external-workloads-install.sh | 2 ++ .github/in-cluster-test-scripts/gke.sh | 4 +++- .github/in-cluster-test-scripts/multicluster.sh | 4 ++++ .github/workflows/kind.yaml | 9 +++++++-- 8 files changed, 24 insertions(+), 3 deletions(-) diff --git a/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh b/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh index e5dcb5c153..b4ca56ee13 100644 --- a/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh +++ b/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh @@ -14,4 +14,6 @@ cilium install \ --azure-client-id "${AZURE_CLIENT_ID}" \ --azure-client-secret "${AZURE_CLIENT_SECRET}" \ --wait=false \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s \ --config monitor-aggregation=none diff --git a/.github/in-cluster-test-scripts/aks-byocni-install.sh b/.github/in-cluster-test-scripts/aks-byocni-install.sh index 8cd5560bd7..3a5794a8fe 100644 --- a/.github/in-cluster-test-scripts/aks-byocni-install.sh +++ b/.github/in-cluster-test-scripts/aks-byocni-install.sh @@ -9,4 +9,6 @@ cilium install \ --disable-check=az-binary \ --datapath-mode=aks-byocni \ --wait=false \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s \ --config monitor-aggregation=none diff --git a/.github/in-cluster-test-scripts/eks-tunnel.sh b/.github/in-cluster-test-scripts/eks-tunnel.sh index 7b3149ef4b..669fe26a06 100644 --- a/.github/in-cluster-test-scripts/eks-tunnel.sh +++ b/.github/in-cluster-test-scripts/eks-tunnel.sh @@ -10,6 +10,8 @@ cilium install \ --wait=false \ --config monitor-aggregation=none \ --datapath-mode=tunnel \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s \ --ipam cluster-pool # Enable Relay diff --git a/.github/in-cluster-test-scripts/eks.sh b/.github/in-cluster-test-scripts/eks.sh index 12f7f43edf..7aa22918a1 100644 --- a/.github/in-cluster-test-scripts/eks.sh +++ b/.github/in-cluster-test-scripts/eks.sh @@ -8,6 +8,8 @@ cilium install \ --version "${CILIUM_VERSION}" \ --cluster-name "${CLUSTER_NAME}" \ --wait=false \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s \ --config monitor-aggregation=none # Enable Relay diff --git a/.github/in-cluster-test-scripts/external-workloads-install.sh b/.github/in-cluster-test-scripts/external-workloads-install.sh index af2802fbce..9e6b92a339 100644 --- a/.github/in-cluster-test-scripts/external-workloads-install.sh +++ b/.github/in-cluster-test-scripts/external-workloads-install.sh @@ -10,6 +10,8 @@ cilium install \ --config monitor-aggregation=none \ --config tunnel=vxlan \ --kube-proxy-replacement=strict \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s \ --ipv4-native-routing-cidr="${CLUSTER_CIDR}" # Enable Relay diff --git a/.github/in-cluster-test-scripts/gke.sh b/.github/in-cluster-test-scripts/gke.sh index b87e5f9152..974a1837c1 100644 --- a/.github/in-cluster-test-scripts/gke.sh +++ b/.github/in-cluster-test-scripts/gke.sh @@ -8,7 +8,9 @@ cilium install \ --version "${CILIUM_VERSION}" \ --cluster-name "${CLUSTER_NAME}" \ --config monitor-aggregation=none \ - --ipv4-native-routing-cidr="${CLUSTER_CIDR}" + --ipv4-native-routing-cidr="${CLUSTER_CIDR}" \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s # Enable Relay cilium hubble enable diff --git a/.github/in-cluster-test-scripts/multicluster.sh b/.github/in-cluster-test-scripts/multicluster.sh index 3a6c47bddd..88dada2140 100644 --- a/.github/in-cluster-test-scripts/multicluster.sh +++ b/.github/in-cluster-test-scripts/multicluster.sh @@ -11,6 +11,8 @@ CONTEXT2=$(kubectl config view | grep "${CLUSTER_NAME_2}" | head -1 | awk '{prin cilium install \ --version "${CILIUM_VERSION}" \ --context "${CONTEXT1}" \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s \ --cluster-name "${CLUSTER_NAME_1}" \ --cluster-id 1 \ --config monitor-aggregation=none \ @@ -20,6 +22,8 @@ cilium install \ cilium install \ --version "${CILIUM_VERSION}" \ --context "${CONTEXT2}" \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s \ --cluster-name "${CLUSTER_NAME_2}" \ --cluster-id 2 \ --config monitor-aggregation=none \ diff --git a/.github/workflows/kind.yaml b/.github/workflows/kind.yaml index 28448748fe..14fc8c4c09 100644 --- a/.github/workflows/kind.yaml +++ b/.github/workflows/kind.yaml @@ -60,7 +60,9 @@ jobs: --version=${{ env.cilium_version }} \ --wait=false \ --config monitor-aggregation=none \ - --helm-set cni.chainingMode=portmap + --helm-set cni.chainingMode=portmap \ + --helm-set loadBalancer.l7.backend=envoy \ + --helm-set tls.secretsBackend=k8s - name: Enable Relay run: | @@ -85,7 +87,10 @@ jobs: - name: Install Cilium with IPsec Encryption run: | - cilium install --version=${{ env.cilium_version}} --encryption=ipsec --kube-proxy-replacement=disabled + cilium install \ + --version=${{ env.cilium_version}} \ + --encryption=ipsec \ + --kube-proxy-replacement=disabled - name: Enable Relay run: |