Add docs test for dual-stack support (#14257)

Signed-off-by: Faseela K <faseela.k@est.tech>
2023-12-06 10:56:48 +01:00 · 2023-12-06 10:56:48 +01:00 · 2302040f2f
parent ad7b95bf30
commit 2302040f2f
4 changed files with 211 additions and 19 deletions
--- a/content/en/docs/setup/additional-setup/dual-stack/index.md
+++ b/content/en/docs/setup/additional-setup/dual-stack/index.md
@ -4,7 +4,7 @@ description: Install and use Istio in Dual-Stack mode running on a Dual-Stack Ku
 weight: 70
 keywords: [dual-stack]
 owner: istio/wg-networking-maintainers
-test: no
+test: yes
 ---

 {{< boilerplate experimental >}}
@ -18,7 +18,7 @@ test: no

 If you want to use `kind` for your test, you can set up a dual stack cluster with the following command:

-{{< text bash >}}
+{{< text syntax=bash snip_id=none >}}
 $ kind create cluster --name istio-ds --config - <<EOF
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
@ -33,7 +33,7 @@ To enable dual-stack for Istio, you will need to modify your `IstioOperator` or

 {{< tab name="IstioOperator" category-value="iop" >}}

-{{< text yaml >}}
+{{< text syntax=yaml snip_id=none >}}
 apiVersion: install.istio.io/v1alpha1
 kind: IstioOperator
 spec:
@ -57,7 +57,7 @@ spec:

 {{< tab name="Helm" category-value="helm" >}}

-{{< text yaml >}}
+{{< text syntax=yaml snip_id=none >}}
 meshConfig:
  defaultConfig:
    proxyMetadata:
@ -78,7 +78,7 @@ values:

 {{< tab name="Istioctl" category-value="istioctl" >}}

-{{< text bash >}}
+{{< text syntax=bash snip_id=none >}}
 $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig.defaultConfig.proxyMetadata.ISTIO_DUAL_STACK="true" --set values.gateways.istio-ingressgateway.ipFamilyPolicy=RequireDualStack --set values.gateways.istio-egressgateway.ipFamilyPolicy=RequireDualStack -y
 {{< /text >}}

@ -109,40 +109,50 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig
    $ kubectl label --overwrite namespace ipv6 istio-injection=enabled
    {{< /text >}}

-1. Create `tcp-echo` deployments in the namespaces:
+1. Create [tcp-echo]({{< github_tree >}}/samples/tcp-echo) deployments in the namespaces:

    {{< text bash >}}
-    $ kubectl apply --namespace dual-stack -f @samples/tcp-echo/tcp-echo-dual-stack.yaml
-    $ kubectl apply --namespace ipv4 -f @samples/tcp-echo/tcp-echo-ipv4.yaml
-    $ kubectl apply --namespace ipv6 -f @samples/tcp-echo/tcp-echo-ipv6.yaml
+    $ kubectl apply --namespace dual-stack -f @samples/tcp-echo/tcp-echo-dual-stack.yaml@
+    $ kubectl apply --namespace ipv4 -f @samples/tcp-echo/tcp-echo-ipv4.yaml@
+    $ kubectl apply --namespace ipv6 -f @samples/tcp-echo/tcp-echo-ipv6.yaml@
    {{< /text >}}

-1. Apply the `sleep` deployment in the `default` namespace:
+1. Deploy the [sleep]({{< github_tree >}}/samples/sleep) sample app to use as a test source for sending requests.

    {{< text bash >}}
-    $ kubectl apply -f @samples/sleep/sleep.yaml
+    $ kubectl apply -f @samples/sleep/sleep.yaml@
    {{< /text >}}

-1. Verify the traffic reaches the pods:
+1. Verify the traffic reaches the dual-stack pods:

    {{< text bash >}}
-    $ kubectl exec -it "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo dualstack | nc tcp-echo.dual-stack 9000"
+    $ kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo dualstack | nc tcp-echo.dual-stack 9000"
    hello dualstack
-    $ kubectl exec -it "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv4 | nc tcp-echo.ipv4 9000"
+    {{< /text >}}
+
+1. Verify the traffic reaches the IPv4 pods:
+
+    {{< text bash >}}
+    $ kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv4 | nc tcp-echo.ipv4 9000"
    hello ipv4
-    $ kubectl exec -it "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv6 | nc tcp-echo.ipv6 9000"
+    {{< /text >}}
+
+1. Verify the traffic reaches the IPv6 pods:
+
+    {{< text bash >}}
+    $ kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv6 | nc tcp-echo.ipv6 9000"
    hello ipv6
    {{< /text >}}

 1. Verify the envoy listeners:

-    {{< text bash >}}
+    {{< text syntax=bash snip_id=none >}}
    $ istioctl proxy-config listeners "$(kubectl get pod -n dual-stack -l app=tcp-echo -o jsonpath='{.items[0].metadata.name}')" -n dual-stack --port 9000
    {{< /text >}}

    You will see listeners are now bound to multiple addresses, but only for dual stack services. Other services will only be listening on a single IP address.

-    {{< text json >}}
+    {{< text syntax=json snip_id=none >}}
        "name": "fd00:10:96::f9fc_9000",
        "address": {
            "socketAddress": {
@ -164,7 +174,7 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig

 1. Verify virtual inbound addresses are configured to listen on both `0.0.0.0` and `[::]`.

-    {{< text json >}}
+    {{< text syntax=json snip_id=none >}}
    "name": "virtualInbound",
    "address": {
        "socketAddress": {
@ -186,7 +196,7 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig

 1. Verify envoy endpoints are configured to route to both IPv4 and IPv6:

-    {{< text bash >}}
+    {{< text syntax=bash snip_id=none >}}
    $ istioctl proxy-config endpoints "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" --port 9000
    ENDPOINT                 STATUS      OUTLIER CHECK     CLUSTER
    10.244.0.19:9000         HEALTHY     OK                outbound|9000||tcp-echo.ipv4.svc.cluster.local
@ -196,3 +206,12 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig
    {{< /text >}}

 Now you can experiment with dual-stack services in your environment!
+
+## Cleanup
+
+1. Cleanup application namespaces and deployments
+
+    {{< text bash >}}
+    $ kubectl delete -f @samples/sleep/sleep.yaml@
+    $ kubectl delete ns dual-stack ipv4 ipv6
+    {{< /text >}}
--- a/content/en/docs/setup/additional-setup/dual-stack/snips.sh
+++ b/content/en/docs/setup/additional-setup/dual-stack/snips.sh
@ -0,0 +1,73 @@
+#!/bin/bash
+# shellcheck disable=SC2034,SC2153,SC2155,SC2164
+
+# Copyright Istio Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+####################################################################################################
+# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
+#          docs/setup/additional-setup/dual-stack/index.md
+####################################################################################################
+
+snip_verification_1() {
+kubectl create namespace dual-stack
+kubectl create namespace ipv4
+kubectl create namespace ipv6
+}
+
+snip_verification_2() {
+kubectl label --overwrite namespace default istio-injection=enabled
+kubectl label --overwrite namespace dual-stack istio-injection=enabled
+kubectl label --overwrite namespace ipv4 istio-injection=enabled
+kubectl label --overwrite namespace ipv6 istio-injection=enabled
+}
+
+snip_verification_3() {
+kubectl apply --namespace dual-stack -f samples/tcp-echo/tcp-echo-dual-stack.yaml
+kubectl apply --namespace ipv4 -f samples/tcp-echo/tcp-echo-ipv4.yaml
+kubectl apply --namespace ipv6 -f samples/tcp-echo/tcp-echo-ipv6.yaml
+}
+
+snip_verification_4() {
+kubectl apply -f samples/sleep/sleep.yaml
+}
+
+snip_verification_5() {
+kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo dualstack | nc tcp-echo.dual-stack 9000"
+}
+
+! read -r -d '' snip_verification_5_out <<\ENDSNIP
+hello dualstack
+ENDSNIP
+
+snip_verification_6() {
+kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv4 | nc tcp-echo.ipv4 9000"
+}
+
+! read -r -d '' snip_verification_6_out <<\ENDSNIP
+hello ipv4
+ENDSNIP
+
+snip_verification_7() {
+kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv6 | nc tcp-echo.ipv6 9000"
+}
+
+! read -r -d '' snip_verification_7_out <<\ENDSNIP
+hello ipv6
+ENDSNIP
+
+snip_cleanup_1() {
+kubectl delete -f samples/sleep/sleep.yaml
+kubectl delete ns dual-stack ipv4 ipv6
+}
--- a/content/en/docs/setup/additional-setup/dual-stack/test.sh
+++ b/content/en/docs/setup/additional-setup/dual-stack/test.sh
@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2154
+# Copyright Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+set -u
+
+set -o pipefail
+
+# @setup dualstack
+
+# create test namespaces and deployments
+snip_verification_1
+snip_verification_2
+snip_verification_3
+snip_verification_4
+
+# wait for deployments to be up and running
+_wait_for_deployment default sleep
+_wait_for_deployment dual-stack tcp-echo
+_wait_for_deployment ipv4 tcp-echo
+_wait_for_deployment ipv6 tcp-echo
+
+# verify traffic
+_verify_like snip_verification_5 "$snip_verification_5_out"
+_verify_like snip_verification_6 "$snip_verification_6_out"
+_verify_like snip_verification_7 "$snip_verification_7_out"
+
+# @cleanup
+snip_cleanup_1
--- a/tests/setup/dualstack/doc_test.go
+++ b/tests/setup/dualstack/doc_test.go
@ -0,0 +1,58 @@
+// Copyright 2023 Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package setupconfig
+
+import (
+	"testing"
+
+	"istio.io/istio.io/pkg/test/istioio"
+	"istio.io/istio/pkg/test/framework"
+	"istio.io/istio/pkg/test/framework/components/istio"
+	"istio.io/istio/pkg/test/framework/resource"
+)
+
+func TestMain(m *testing.M) {
+	// nolint: staticcheck
+	framework.
+		NewSuite(m).
+		Setup(istio.Setup(nil, setupConfig)).
+		Run()
+}
+
+func TestDocs(t *testing.T) {
+	framework.
+		NewTest(t).
+		Run(istioio.NewTestDocsFunc("dualstack"))
+}
+
+func setupConfig(ctx resource.Context, cfg *istio.Config) {
+	cfg.ControlPlaneValues = `
+meshConfig:
+  defaultConfig:
+    proxyMetadata:
+      ISTIO_DUAL_STACK: "true"
+values:
+  pilot:
+    env:
+      PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING: true
+      PILOT_ENABLE_ALPHA_GATEWAY_API: false
+      ISTIO_DUAL_STACK: true
+  gateways:
+    istio-ingressgateway:
+      ipFamilyPolicy: RequireDualStack
+    istio-egressgateway:
+      ipFamilyPolicy: RequireDualStack
+`
+	cfg.DeployEastWestGW = false
+}