Egress Kubernetes Services Automated test (#7887)

* add missing cleanup for vs nginx * add test * move cleanup
2020-08-08 01:31:55 -04:00 · 2020-08-08 01:31:55 -04:00 · 1cb1ce6a51
parent a75de76203
commit 1cb1ce6a51
3 changed files with 304 additions and 8 deletions
--- a/content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/index.md
@ -4,7 +4,7 @@ description: Shows how to configure Istio for Kubernetes External Services.
 keywords: [traffic-management,egress]
 weight: 60
 owner: istio/wg-networking-maintainers
-test: no
+test: yes
 ---

 Kubernetes [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname)
@ -50,13 +50,13 @@ Kubernetes Services for egress traffic work with other protocols as well.
    pod:

    {{< text bash >}}
-    $ export SOURCE_POD_WITHOUT_ISTIO=$(kubectl get pod -n without-istio -l app=sleep -o jsonpath={.items..metadata.name})
+    $ export SOURCE_POD_WITHOUT_ISTIO="$(kubectl get pod -n without-istio -l app=sleep -o jsonpath={.items..metadata.name})"
    {{< /text >}}

 *   Verify that the Istio sidecar was not injected, that is the pod has one container:

    {{< text bash >}}
-    $ kubectl get pod $SOURCE_POD_WITHOUT_ISTIO -n without-istio
+    $ kubectl get pod "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio
    NAME                     READY   STATUS    RESTARTS   AGE
    sleep-66c8d79ff5-8tqrl   1/1     Running   0          32s
    {{< /text >}}
@ -95,7 +95,7 @@ Kubernetes Services for egress traffic work with other protocols as well.
    Note that the _curl_ command below uses the [Kubernetes DNS format for services](https://v1-13.docs.kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-records): `<service name>.<namespace>.svc.cluster.local`.

    {{< text bash >}}
-    $ kubectl exec -it $SOURCE_POD_WITHOUT_ISTIO -n without-istio -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
+    $ kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
    {
      "headers": {
        "Accept": "*/*",
@ -128,7 +128,7 @@ Kubernetes Services for egress traffic work with other protocols as well.
    the `Host` header equals to your service's hostname.

    {{< text bash >}}
-    $ kubectl exec -it $SOURCE_POD -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
+    $ kubectl exec -it "$SOURCE_POD" -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
    {
      "headers": {
        "Accept": "*/*",
@ -201,7 +201,7 @@ $ kubectl delete service my-httpbin
    Use the `--resolve` option of `curl` to access `wikipedia.org` by the cluster IP:

    {{< text bash >}}
-    $ kubectl exec -it $SOURCE_POD_WITHOUT_ISTIO -n without-istio -c sleep -- curl -s --resolve en.wikipedia.org:443:$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}') https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
+    $ kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
    <title>Wikipedia, the free encyclopedia</title>
    {{< /text >}}

@ -225,7 +225,7 @@ $ kubectl delete service my-httpbin
 1.  Access `wikipedia.org` by your Kubernetes service's cluster IP from the source pod with Istio sidecar:

    {{< text bash >}}
-    $ kubectl exec -it $SOURCE_POD -c sleep -- curl -s --resolve en.wikipedia.org:443:$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}') https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
+    $ kubectl exec -it "$SOURCE_POD" -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
    <title>Wikipedia, the free encyclopedia</title>
    {{< /text >}}

@ -234,7 +234,7 @@ $ kubectl delete service my-httpbin
    in the output of your service as the cluster IP.

    {{< text bash >}}
-    $ kubectl exec -it $SOURCE_POD -c sleep -- curl -v --resolve en.wikipedia.org:443:$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}') https://en.wikipedia.org/wiki/Main_Page -o /dev/null
+    $ kubectl exec -it "$SOURCE_POD" -c sleep -- curl -v --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page -o /dev/null
    * Added en.wikipedia.org:443:172.21.156.230 to DNS cache
    * Hostname en.wikipedia.org was found in DNS cache
    *   Trying 172.21.156.230...
--- a/content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/snips.sh
+++ b/content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/snips.sh
@ -0,0 +1,225 @@
+#!/bin/bash
+# shellcheck disable=SC2034,SC2153,SC2155,SC2164
+
+# Copyright Istio Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+####################################################################################################
+# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
+#          docs/tasks/traffic-management/egress/egress-kubernetes-services/index.md
+####################################################################################################
+
+snip__1() {
+kubectl create namespace without-istio
+}
+
+snip__2() {
+kubectl apply -f samples/sleep/sleep.yaml -n without-istio
+}
+
+snip__3() {
+export SOURCE_POD_WITHOUT_ISTIO="$(kubectl get pod -n without-istio -l app=sleep -o jsonpath={.items..metadata.name})"
+}
+
+snip__4() {
+kubectl get pod "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio
+}
+
+! read -r -d '' snip__4_out <<\ENDSNIP
+NAME                     READY   STATUS    RESTARTS   AGE
+sleep-66c8d79ff5-8tqrl   1/1     Running   0          32s
+ENDSNIP
+
+snip_kubernetes_externalname_service_to_access_an_external_service_1() {
+kubectl apply -f - <<EOF
+kind: Service
+apiVersion: v1
+metadata:
+  name: my-httpbin
+spec:
+  type: ExternalName
+  externalName: httpbin.org
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+EOF
+}
+
+snip_kubernetes_externalname_service_to_access_an_external_service_2() {
+kubectl get svc my-httpbin
+}
+
+! read -r -d '' snip_kubernetes_externalname_service_to_access_an_external_service_2_out <<\ENDSNIP
+NAME         TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
+my-httpbin   ExternalName   <none>       httpbin.org   80/TCP    4s
+ENDSNIP
+
+snip_kubernetes_externalname_service_to_access_an_external_service_3() {
+kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
+}
+
+! read -r -d '' snip_kubernetes_externalname_service_to_access_an_external_service_3_out <<\ENDSNIP
+{
+  "headers": {
+    "Accept": "*/*",
+    "Host": "my-httpbin.default.svc.cluster.local",
+    "User-Agent": "curl/7.55.0"
+  }
+}
+ENDSNIP
+
+snip_kubernetes_externalname_service_to_access_an_external_service_4() {
+kubectl apply -f - <<EOF
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: my-httpbin
+spec:
+  host: my-httpbin.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+EOF
+}
+
+snip_kubernetes_externalname_service_to_access_an_external_service_5() {
+kubectl exec -it "$SOURCE_POD" -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
+}
+
+! read -r -d '' snip_kubernetes_externalname_service_to_access_an_external_service_5_out <<\ENDSNIP
+{
+  "headers": {
+    "Accept": "*/*",
+    "Content-Length": "0",
+    "Host": "my-httpbin.default.svc.cluster.local",
+    "User-Agent": "curl/7.64.0",
+    "X-B3-Sampled": "0",
+    "X-B3-Spanid": "5795fab599dca0b8",
+    "X-B3-Traceid": "5079ad3a4af418915795fab599dca0b8",
+    "X-Envoy-Decorator-Operation": "my-httpbin.default.svc.cluster.local:80/*",
+    "X-Envoy-Peer-Metadata": "...",
+    "X-Envoy-Peer-Metadata-Id": "sidecar~10.28.1.74~sleep-6bdb595bcb-drr45.default~default.svc.cluster.local"
+  }
+}
+ENDSNIP
+
+snip_cleanup_of_kubernetes_externalname_service_1() {
+kubectl delete destinationrule my-httpbin
+kubectl delete service my-httpbin
+}
+
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_1() {
+kubectl apply -f - <<EOF
+kind: Service
+apiVersion: v1
+metadata:
+  name: my-wikipedia
+spec:
+  ports:
+  - protocol: TCP
+    port: 443
+    name: tls
+EOF
+}
+
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_2() {
+kubectl apply -f - <<EOF
+kind: Endpoints
+apiVersion: v1
+metadata:
+  name: my-wikipedia
+subsets:
+  - addresses:
+      - ip: 91.198.174.192
+      - ip: 198.35.26.96
+    ports:
+      - port: 443
+        name: tls
+EOF
+}
+
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_3() {
+kubectl get svc my-wikipedia
+}
+
+! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_3_out <<\ENDSNIP
+NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
+my-wikipedia   ClusterIP   172.21.156.230   <none>        443/TCP   21h
+ENDSNIP
+
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_4() {
+kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_4_out <<\ENDSNIP
+<title>Wikipedia, the free encyclopedia</title>
+ENDSNIP
+
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_5() {
+kubectl apply -f - <<EOF
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: my-wikipedia
+spec:
+  host: my-wikipedia.default.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: DISABLE
+EOF
+}
+
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_6() {
+kubectl exec -it "$SOURCE_POD" -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_6_out <<\ENDSNIP
+<title>Wikipedia, the free encyclopedia</title>
+ENDSNIP
+
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_7() {
+kubectl exec -it "$SOURCE_POD" -c sleep -- curl -v --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page -o /dev/null
+}
+
+! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_7_out <<\ENDSNIP
+* Added en.wikipedia.org:443:172.21.156.230 to DNS cache
+* Hostname en.wikipedia.org was found in DNS cache
+*   Trying 172.21.156.230...
+* TCP_NODELAY set
+* Connected to en.wikipedia.org (172.21.156.230) port 443 (#0)
+...
+ENDSNIP
+
+snip_cleanup_of_kubernetes_service_with_endpoints_1() {
+kubectl delete destinationrule my-wikipedia
+kubectl delete endpoints my-wikipedia
+kubectl delete service my-wikipedia
+}
+
+snip_cleanup_1() {
+kubectl delete -f samples/sleep/sleep.yaml
+}
+
+snip_cleanup_2() {
+kubectl delete -f samples/sleep/sleep.yaml -n without-istio
+}
+
+snip_cleanup_3() {
+kubectl delete namespace without-istio
+}
+
+snip_cleanup_4() {
+unset SOURCE_POD SOURCE_POD_WITHOUT_ISTIO
+}
--- a/content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/test.sh
+++ b/content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/test.sh
@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC1090,SC2154,SC2155
+
+# Copyright 2020 Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# @setup profile=demo
+
+set -e
+set -u
+set -o pipefail
+
+source "tests/util/samples.sh"
+
+# Deploy sleep sample and set up variable pointing to it
+# Start the sleep sample
+startup_sleep_sample
+export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')
+
+# create namespace without istio
+snip__1
+
+# deploy sleep in without-istio namespace
+snip__2
+_wait_for_deployment without-istio sleep
+snip__3
+
+# Create secret
+snip_kubernetes_externalname_service_to_access_an_external_service_1
+
+_verify_contains snip_kubernetes_externalname_service_to_access_an_external_service_3 "\"Host\": \"my-httpbin.default.svc.cluster.local"
+
+# apply dr
+snip_kubernetes_externalname_service_to_access_an_external_service_4
+_wait_for_istio destinationrule default my-httpbin
+
+_verify_contains snip_kubernetes_externalname_service_to_access_an_external_service_5 "\"X-Envoy-Decorator-Operation\": \"my-httpbin.default.svc.cluster.local:80/*\""
+
+# service wikipedia
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_1
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_2
+
+_verify_contains snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_4 "<title>Wikipedia, the free encyclopedia</title>"
+
+# apply dr
+snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_5
+_wait_for_istio destinationrule default my-wikipedia
+
+_verify_contains snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_6 "<title>Wikipedia, the free encyclopedia</title>"
+
+_verify_contains snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_7 "Connected to en.wikipedia.org"
+
+# @cleanup
+set +e # ignore cleanup errors
+snip_cleanup_of_kubernetes_externalname_service_1
+snip_cleanup_of_kubernetes_service_with_endpoints_1
+snip_cleanup_1
+snip_cleanup_2
+snip_cleanup_3
+snip_cleanup_4