istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Egress Kubernetes Services Automated test (#7887) 

* add missing cleanup for vs nginx

* add test

* move cleanup
This commit is contained in:
Navraj Singh Chhina 2020-08-08 01:31:55 -04:00 committed by GitHub
parent a75de76203
commit 1cb1ce6a51
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 304 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/index.md
View File

@ -4,7 +4,7 @@ description: Shows how to configure Istio for Kubernetes External Services.
keywords: [traffic-management,egress] keywords: [traffic-management,egress]
weight: 60 weight: 60
owner: istio/wg-networking-maintainers owner: istio/wg-networking-maintainers
test: no test: yes
--- ---
Kubernetes [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) Kubernetes [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname)
@ -50,13 +50,13 @@ Kubernetes Services for egress traffic work with other protocols as well.
pod: pod:
{{< text bash >}} {{< text bash >}}
$ export SOURCE_POD_WITHOUT_ISTIO=$(kubectl get pod -n without-istio -l app=sleep -o jsonpath={.items..metadata.name}) $ export SOURCE_POD_WITHOUT_ISTIO="$(kubectl get pod -n without-istio -l app=sleep -o jsonpath={.items..metadata.name})"
{{< /text >}} {{< /text >}}
* Verify that the Istio sidecar was not injected, that is the pod has one container: * Verify that the Istio sidecar was not injected, that is the pod has one container:
{{< text bash >}} {{< text bash >}}
$ kubectl get pod $SOURCE_POD_WITHOUT_ISTIO -n without-istio $ kubectl get pod "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
sleep-66c8d79ff5-8tqrl 1/1 Running 0 32s sleep-66c8d79ff5-8tqrl 1/1 Running 0 32s
{{< /text >}} {{< /text >}}
@ -95,7 +95,7 @@ Kubernetes Services for egress traffic work with other protocols as well.
Note that the _curl_ command below uses the [Kubernetes DNS format for services](https://v1-13.docs.kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-records): `<service name>.<namespace>.svc.cluster.local`. Note that the _curl_ command below uses the [Kubernetes DNS format for services](https://v1-13.docs.kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-records): `<service name>.<namespace>.svc.cluster.local`.
{{< text bash >}} {{< text bash >}}
$ kubectl exec -it $SOURCE_POD_WITHOUT_ISTIO -n without-istio -c sleep -- curl my-httpbin.default.svc.cluster.local/headers $ kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
{ {
"headers": { "headers": {
"Accept": "*/*", "Accept": "*/*",
@ -128,7 +128,7 @@ Kubernetes Services for egress traffic work with other protocols as well.
the `Host` header equals to your service's hostname. the `Host` header equals to your service's hostname.
{{< text bash >}} {{< text bash >}}
$ kubectl exec -it $SOURCE_POD -c sleep -- curl my-httpbin.default.svc.cluster.local/headers $ kubectl exec -it "$SOURCE_POD" -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
{ {
"headers": { "headers": {
"Accept": "*/*", "Accept": "*/*",
@ -201,7 +201,7 @@ $ kubectl delete service my-httpbin
Use the `--resolve` option of `curl` to access `wikipedia.org` by the cluster IP: Use the `--resolve` option of `curl` to access `wikipedia.org` by the cluster IP:
{{< text bash >}} {{< text bash >}}
$ kubectl exec -it $SOURCE_POD_WITHOUT_ISTIO -n without-istio -c sleep -- curl -s --resolve en.wikipedia.org:443:$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}') https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>" $ kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
<title>Wikipedia, the free encyclopedia</title> <title>Wikipedia, the free encyclopedia</title>
{{< /text >}} {{< /text >}}
@ -225,7 +225,7 @@ $ kubectl delete service my-httpbin
1. Access `wikipedia.org` by your Kubernetes service's cluster IP from the source pod with Istio sidecar: 1. Access `wikipedia.org` by your Kubernetes service's cluster IP from the source pod with Istio sidecar:
{{< text bash >}} {{< text bash >}}
$ kubectl exec -it $SOURCE_POD -c sleep -- curl -s --resolve en.wikipedia.org:443:$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}') https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>" $ kubectl exec -it "$SOURCE_POD" -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
<title>Wikipedia, the free encyclopedia</title> <title>Wikipedia, the free encyclopedia</title>
{{< /text >}} {{< /text >}}
@ -234,7 +234,7 @@ $ kubectl delete service my-httpbin
in the output of your service as the cluster IP. in the output of your service as the cluster IP.
{{< text bash >}} {{< text bash >}}
$ kubectl exec -it $SOURCE_POD -c sleep -- curl -v --resolve en.wikipedia.org:443:$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}') https://en.wikipedia.org/wiki/Main_Page -o /dev/null $ kubectl exec -it "$SOURCE_POD" -c sleep -- curl -v --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page -o /dev/null
* Added en.wikipedia.org:443:172.21.156.230 to DNS cache * Added en.wikipedia.org:443:172.21.156.230 to DNS cache
* Hostname en.wikipedia.org was found in DNS cache * Hostname en.wikipedia.org was found in DNS cache
* Trying 172.21.156.230... * Trying 172.21.156.230...

225
content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/snips.sh Normal file
View File

@ -0,0 +1,225 @@
#!/bin/bash
# shellcheck disable=SC2034,SC2153,SC2155,SC2164
# Copyright Istio Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
####################################################################################################
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
# docs/tasks/traffic-management/egress/egress-kubernetes-services/index.md
####################################################################################################
snip__1() {
kubectl create namespace without-istio
}
snip__2() {
kubectl apply -f samples/sleep/sleep.yaml -n without-istio
}
snip__3() {
export SOURCE_POD_WITHOUT_ISTIO="$(kubectl get pod -n without-istio -l app=sleep -o jsonpath={.items..metadata.name})"
}
snip__4() {
kubectl get pod "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio
}
! read -r -d '' snip__4_out <<\ENDSNIP
NAME READY STATUS RESTARTS AGE
sleep-66c8d79ff5-8tqrl 1/1 Running 0 32s
ENDSNIP
snip_kubernetes_externalname_service_to_access_an_external_service_1() {
kubectl apply -f - <<EOF
kind: Service
apiVersion: v1
metadata:
name: my-httpbin
spec:
type: ExternalName
externalName: httpbin.org
ports:
- name: http
protocol: TCP
port: 80
EOF
}
snip_kubernetes_externalname_service_to_access_an_external_service_2() {
kubectl get svc my-httpbin
}
! read -r -d '' snip_kubernetes_externalname_service_to_access_an_external_service_2_out <<\ENDSNIP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-httpbin ExternalName <none> httpbin.org 80/TCP 4s
ENDSNIP
snip_kubernetes_externalname_service_to_access_an_external_service_3() {
kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
}
! read -r -d '' snip_kubernetes_externalname_service_to_access_an_external_service_3_out <<\ENDSNIP
{
"headers": {
"Accept": "*/*",
"Host": "my-httpbin.default.svc.cluster.local",
"User-Agent": "curl/7.55.0"
}
}
ENDSNIP
snip_kubernetes_externalname_service_to_access_an_external_service_4() {
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: my-httpbin
spec:
host: my-httpbin.default.svc.cluster.local
trafficPolicy:
tls:
mode: DISABLE
EOF
}
snip_kubernetes_externalname_service_to_access_an_external_service_5() {
kubectl exec -it "$SOURCE_POD" -c sleep -- curl my-httpbin.default.svc.cluster.local/headers
}
! read -r -d '' snip_kubernetes_externalname_service_to_access_an_external_service_5_out <<\ENDSNIP
{
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Host": "my-httpbin.default.svc.cluster.local",
"User-Agent": "curl/7.64.0",
"X-B3-Sampled": "0",
"X-B3-Spanid": "5795fab599dca0b8",
"X-B3-Traceid": "5079ad3a4af418915795fab599dca0b8",
"X-Envoy-Decorator-Operation": "my-httpbin.default.svc.cluster.local:80/*",
"X-Envoy-Peer-Metadata": "...",
"X-Envoy-Peer-Metadata-Id": "sidecar~10.28.1.74~sleep-6bdb595bcb-drr45.default~default.svc.cluster.local"
}
}
ENDSNIP
snip_cleanup_of_kubernetes_externalname_service_1() {
kubectl delete destinationrule my-httpbin
kubectl delete service my-httpbin
}
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_1() {
kubectl apply -f - <<EOF
kind: Service
apiVersion: v1
metadata:
name: my-wikipedia
spec:
ports:
- protocol: TCP
port: 443
name: tls
EOF
}
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_2() {
kubectl apply -f - <<EOF
kind: Endpoints
apiVersion: v1
metadata:
name: my-wikipedia
subsets:
- addresses:
- ip: 91.198.174.192
- ip: 198.35.26.96
ports:
- port: 443
name: tls
EOF
}
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_3() {
kubectl get svc my-wikipedia
}
! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_3_out <<\ENDSNIP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-wikipedia ClusterIP 172.21.156.230 <none> 443/TCP 21h
ENDSNIP
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_4() {
kubectl exec -it "$SOURCE_POD_WITHOUT_ISTIO" -n without-istio -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
}
! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_4_out <<\ENDSNIP
<title>Wikipedia, the free encyclopedia</title>
ENDSNIP
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_5() {
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: my-wikipedia
spec:
host: my-wikipedia.default.svc.cluster.local
trafficPolicy:
tls:
mode: DISABLE
EOF
}
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_6() {
kubectl exec -it "$SOURCE_POD" -c sleep -- curl -s --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"
}
! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_6_out <<\ENDSNIP
<title>Wikipedia, the free encyclopedia</title>
ENDSNIP
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_7() {
kubectl exec -it "$SOURCE_POD" -c sleep -- curl -v --resolve en.wikipedia.org:443:"$(kubectl get service my-wikipedia -o jsonpath='{.spec.clusterIP}')" https://en.wikipedia.org/wiki/Main_Page -o /dev/null
}
! read -r -d '' snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_7_out <<\ENDSNIP
* Added en.wikipedia.org:443:172.21.156.230 to DNS cache
* Hostname en.wikipedia.org was found in DNS cache
* Trying 172.21.156.230...
* TCP_NODELAY set
* Connected to en.wikipedia.org (172.21.156.230) port 443 (#0)
...
ENDSNIP
snip_cleanup_of_kubernetes_service_with_endpoints_1() {
kubectl delete destinationrule my-wikipedia
kubectl delete endpoints my-wikipedia
kubectl delete service my-wikipedia
}
snip_cleanup_1() {
kubectl delete -f samples/sleep/sleep.yaml
}
snip_cleanup_2() {
kubectl delete -f samples/sleep/sleep.yaml -n without-istio
}
snip_cleanup_3() {
kubectl delete namespace without-istio
}
snip_cleanup_4() {
unset SOURCE_POD SOURCE_POD_WITHOUT_ISTIO
}

71
content/en/docs/tasks/traffic-management/egress/egress-kubernetes-services/test.sh Normal file
View File

@ -0,0 +1,71 @@
#!/usr/bin/env bash
# shellcheck disable=SC1090,SC2154,SC2155
# Copyright 2020 Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# @setup profile=demo
set -e
set -u
set -o pipefail
source "tests/util/samples.sh"
# Deploy sleep sample and set up variable pointing to it
# Start the sleep sample
startup_sleep_sample
export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')
# create namespace without istio
snip__1
# deploy sleep in without-istio namespace
snip__2
_wait_for_deployment without-istio sleep
snip__3
# Create secret
snip_kubernetes_externalname_service_to_access_an_external_service_1
_verify_contains snip_kubernetes_externalname_service_to_access_an_external_service_3 "\"Host\": \"my-httpbin.default.svc.cluster.local"
# apply dr
snip_kubernetes_externalname_service_to_access_an_external_service_4
_wait_for_istio destinationrule default my-httpbin
_verify_contains snip_kubernetes_externalname_service_to_access_an_external_service_5 "\"X-Envoy-Decorator-Operation\": \"my-httpbin.default.svc.cluster.local:80/*\""
# service wikipedia
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_1
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_2
_verify_contains snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_4 "<title>Wikipedia, the free encyclopedia</title>"
# apply dr
snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_5
_wait_for_istio destinationrule default my-wikipedia
_verify_contains snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_6 "<title>Wikipedia, the free encyclopedia</title>"
_verify_contains snip_use_a_kubernetes_service_with_endpoints_to_access_an_external_service_7 "Connected to en.wikipedia.org"
# @cleanup
set +e # ignore cleanup errors
snip_cleanup_of_kubernetes_externalname_service_1
snip_cleanup_of_kubernetes_service_with_endpoints_1
snip_cleanup_1
snip_cleanup_2
snip_cleanup_3
snip_cleanup_4