Enable L7 and k8s secrets in tests

This enables the Envoy l7 proxy backend in the test setups as well as the tls secrets backend to be k8s. This allows the L7 ans TLS connectivity tests to run. Signed-off-by: Maartje Eyskens <[email protected]>
cilium · Mar 3, 2023 · 8a5366d · 8a5366d
1 parent 3ea8e00
commit 8a5366d
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 3 deletions.
diff --git a/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh b/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh
@@ -14,4 +14,6 @@ cilium install \
   --azure-client-id "${AZURE_CLIENT_ID}" \
   --azure-client-secret "${AZURE_CLIENT_SECRET}" \
   --wait=false \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none
diff --git a/.github/in-cluster-test-scripts/aks-byocni-install.sh b/.github/in-cluster-test-scripts/aks-byocni-install.sh
@@ -9,4 +9,6 @@ cilium install \
   --disable-check=az-binary \
   --datapath-mode=aks-byocni \
   --wait=false \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none
diff --git a/.github/in-cluster-test-scripts/eks-tunnel.sh b/.github/in-cluster-test-scripts/eks-tunnel.sh
@@ -10,6 +10,8 @@ cilium install \
   --wait=false \
   --config monitor-aggregation=none \
   --datapath-mode=tunnel \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --ipam cluster-pool
 
 # Enable Relay

diff --git a/.github/in-cluster-test-scripts/eks.sh b/.github/in-cluster-test-scripts/eks.sh
@@ -8,6 +8,8 @@ cilium install \
   --version "${CILIUM_VERSION}" \
   --cluster-name "${CLUSTER_NAME}" \
   --wait=false \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none
 
 # Enable Relay

diff --git a/.github/in-cluster-test-scripts/external-workloads-install.sh b/.github/in-cluster-test-scripts/external-workloads-install.sh
@@ -10,6 +10,8 @@ cilium install \
   --config monitor-aggregation=none \
   --config tunnel=vxlan \
   --kube-proxy-replacement=strict \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --ipv4-native-routing-cidr="${CLUSTER_CIDR}"
 
 # Enable Relay

diff --git a/.github/in-cluster-test-scripts/gke.sh b/.github/in-cluster-test-scripts/gke.sh
@@ -8,7 +8,9 @@ cilium install \
   --version "${CILIUM_VERSION}" \
   --cluster-name "${CLUSTER_NAME}" \
   --config monitor-aggregation=none \
-  --ipv4-native-routing-cidr="${CLUSTER_CIDR}"
+  --ipv4-native-routing-cidr="${CLUSTER_CIDR}" \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s
 
 # Enable Relay
 cilium hubble enable

diff --git a/.github/in-cluster-test-scripts/multicluster.sh b/.github/in-cluster-test-scripts/multicluster.sh
@@ -11,6 +11,8 @@ CONTEXT2=$(kubectl config view | grep "${CLUSTER_NAME_2}" | head -1 | awk '{prin
 cilium install \
   --version "${CILIUM_VERSION}" \
   --context "${CONTEXT1}" \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --cluster-name "${CLUSTER_NAME_1}" \
   --cluster-id 1 \
   --config monitor-aggregation=none \
@@ -20,6 +22,8 @@ cilium install \
 cilium install \
   --version "${CILIUM_VERSION}" \
   --context "${CONTEXT2}" \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --cluster-name "${CLUSTER_NAME_2}" \
   --cluster-id 2 \
   --config monitor-aggregation=none \

diff --git a/.github/workflows/kind.yaml b/.github/workflows/kind.yaml
@@ -60,7 +60,9 @@ jobs:
             --version=${{ env.cilium_version }} \
             --wait=false \
             --config monitor-aggregation=none \
-            --helm-set cni.chainingMode=portmap
+            --helm-set cni.chainingMode=portmap \
+            --helm-set loadBalancer.l7.backend=envoy \
+            --helm-set tls.secretsBackend=k8s
 
       - name: Enable Relay
         run: |
@@ -85,7 +87,10 @@ jobs:
 
       - name: Install Cilium with IPsec Encryption
         run: |
-          cilium install --version=${{ env.cilium_version}} --encryption=ipsec --kube-proxy-replacement=disabled
+          cilium install \
+          --version=${{ env.cilium_version}} \
+          --encryption=ipsec \
+          --kube-proxy-replacement=disabled
 
       - name: Enable Relay
         run: |