4 SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))"
5 LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib"
7 source $LIBDIR/common.sh
9 BUILDDIR=${SCRIPTDIR/deploy/build}
13 clone_istio_repository
15 # Create a temporary kubeconfig file for the tests
16 cluster_name=${CLUSTER_1_NAME:-management}
17 local -r cluster_1_kubeconfig="${BUILDDIR}/${cluster_name}.conf"
18 clusterctl -n metal3 get kubeconfig ${cluster_name} >${cluster_1_kubeconfig}
19 cluster_name=${CLUSTER_2_NAME:-compute}
20 local -r cluster_2_kubeconfig="${BUILDDIR}/${cluster_name}.conf"
21 clusterctl -n metal3 get kubeconfig ${cluster_name} >${cluster_2_kubeconfig}
23 # Deploy sleep on cluster-1
24 kubectl --kubeconfig=${cluster_1_kubeconfig} create namespace foo
25 kubectl --kubeconfig=${cluster_1_kubeconfig} label namespace foo istio-injection=enabled
26 cat <<EOF | kubectl --kubeconfig=${cluster_1_kubeconfig} apply -f -
27 apiVersion: rbac.authorization.k8s.io/v1
30 name: psp:privileged-foo
33 apiGroup: rbac.authorization.k8s.io
38 name: system:serviceaccounts:foo
39 apiGroup: rbac.authorization.k8s.io
41 kubectl --kubeconfig=${cluster_1_kubeconfig} apply -n foo -f ${ISTIOPATH}/samples/sleep/sleep.yaml --wait
43 # Deploy httpbin on cluster-2
44 kubectl --kubeconfig=${cluster_2_kubeconfig} create namespace bar
45 kubectl --kubeconfig=${cluster_2_kubeconfig} label namespace bar istio-injection=enabled
46 cat <<EOF | kubectl --kubeconfig=${cluster_2_kubeconfig} apply -f -
47 apiVersion: rbac.authorization.k8s.io/v1
50 name: psp:privileged-bar
53 apiGroup: rbac.authorization.k8s.io
58 name: system:serviceaccounts:bar
59 apiGroup: rbac.authorization.k8s.io
61 kubectl --kubeconfig=${cluster_2_kubeconfig} apply -n bar -f ${ISTIOPATH}/samples/httpbin/httpbin.yaml --wait
63 # Create service entry for httpbin on cluster-1
64 cat <<EOF | kubectl --kubeconfig=${cluster_1_kubeconfig} apply -f -
65 apiVersion: networking.istio.io/v1alpha3
72 # DNS name selected for the service
73 - httpbin.bar.cluster2
74 # Treat remote cluster services as part of the service mesh
75 # as all clusters in the service mesh share the same root of trust.
76 location: MESH_INTERNAL
83 # the IP address to which httpbin.bar.cluster2 will resolve to
84 # must be unique for each remote service, within a given cluster.
85 # This address need not be routable. Traffic for this IP will be captured
86 # by the sidecar and routed appropriately.
89 # This is the routable address of the ingress gateway in cluster2 that
90 # sits in front of sleep.foo service. Traffic from the sidecar will be
91 # routed to this address.
92 - address: $(kubectl --kubeconfig=${cluster_2_kubeconfig} config view | awk -F[/:] '/server/ {print $5}')
94 tcp: 32001 # Nodeport for istio-ingressgateway for port 15433
97 # Create DestinationRule for httpbin on cluster-1
98 cat <<EOF | kubectl --kubeconfig=${cluster_1_kubeconfig} apply -f -
99 apiVersion: networking.istio.io/v1alpha3
100 kind: DestinationRule
105 host: httpbin.bar.cluster2
111 # Create Gateway resource on cluster-2
112 cat <<EOF | kubectl --kubeconfig=${cluster_2_kubeconfig} apply -f -
113 apiVersion: networking.istio.io/v1alpha3
116 name: httpbin-gateway
117 namespace: istio-system
120 istio: ingressgateway
127 mode: AUTO_PASSTHROUGH
129 - "httpbin.bar.cluster2"
132 # Create ServiceEntry on cluster-2 that is required to map the
133 # remote fqdn to local fqdn
134 cat <<EOF | kubectl --kubeconfig=${cluster_2_kubeconfig} apply -f -
135 apiVersion: networking.istio.io/v1alpha3
139 namespace: istio-system # must be in same namespace as gateway
142 location: MESH_INTERNAL
150 - "httpbin.bar.cluster2"
152 - address: httpbin.bar.svc.cluster.local
155 # Create DestinationRule and Virtual Service on cluster-2
156 cat <<EOF | kubectl --kubeconfig=${cluster_2_kubeconfig} apply -f -
157 apiVersion: networking.istio.io/v1beta1
158 kind: DestinationRule
161 namespace: istio-system
163 host: "httpbin.bar.cluster2"
170 function httpbin_accessible_from_sleep_service {
171 cluster_name=${CLUSTER_1_NAME:-management}
172 local -r cluster_1_kubeconfig="${BUILDDIR}/${cluster_name}.conf"
173 local -r sleep_pod=$(kubectl --kubeconfig=${cluster_1_kubeconfig} get -n foo pod -l app=sleep -o jsonpath={.items..metadata.name})
174 kubectl --kubeconfig=${cluster_1_kubeconfig} exec ${sleep_pod} -n foo -c sleep -- curl -I httpbin.bar.cluster2:8000/headers
177 function test_teardown {
178 cluster_name=${CLUSTER_1_NAME:-management}
179 local -r cluster_1_kubeconfig="${BUILDDIR}/${cluster_name}.conf"
180 cluster_name=${CLUSTER_2_NAME:-compute}
181 local -r cluster_2_kubeconfig="${BUILDDIR}/${cluster_name}.conf"
183 kubectl --kubeconfig=${cluster_2_kubeconfig} -n istio-system delete DestinationRule httpbin-dr --ignore-not-found
184 kubectl --kubeconfig=${cluster_2_kubeconfig} -n istio-system delete ServiceEntry httpbin-remote --ignore-not-found
185 kubectl --kubeconfig=${cluster_2_kubeconfig} -n istio-system delete Gateway httpbin-gateway --ignore-not-found
187 kubectl --kubeconfig=${cluster_1_kubeconfig} -n foo delete DestinationRule httpbin-dr --ignore-not-found
188 kubectl --kubeconfig=${cluster_1_kubeconfig} -n foo delete ServiceEntry httpbin-bar --ignore-not-found
190 kubectl --kubeconfig=${cluster_2_kubeconfig} -n bar delete -f ${ISTIOPATH}/samples/httpbin/httpbin.yaml --ignore-not-found
191 kubectl --kubeconfig=${cluster_2_kubeconfig} -n bar delete RoleBinding psp:privileged-bar --ignore-not-found
192 kubectl --kubeconfig=${cluster_2_kubeconfig} delete namespace bar --ignore-not-found
194 kubectl --kubeconfig=${cluster_1_kubeconfig} -n foo delete -f ${ISTIOPATH}/samples/sleep/sleep.yaml --ignore-not-found
195 kubectl --kubeconfig=${cluster_1_kubeconfig} -n foo delete RoleBinding psp:privileged-foo --ignore-not-found
196 kubectl --kubeconfig=${cluster_1_kubeconfig} delete namespace foo --ignore-not-found
199 function test_istio {
202 WAIT_FOR_INTERVAL=10s
204 wait_for httpbin_accessible_from_sleep_service
210 "test") test_istio ;;
212 Usage: $(basename $0) COMMAND
214 The "test" command looks for the CLUSTER_1_NAME and CLUSTER_2_NAME
215 variables in the environment (default: "management" and "compute").
216 This should be the name of the Cluster resources to execute the tests