diff --git a/content/en/docs/setup/additional-setup/dual-stack/index.md b/content/en/docs/setup/additional-setup/dual-stack/index.md index b27fd9037d..c6204d2682 100644 --- a/content/en/docs/setup/additional-setup/dual-stack/index.md +++ b/content/en/docs/setup/additional-setup/dual-stack/index.md @@ -4,7 +4,7 @@ description: Install and use Istio in Dual-Stack mode running on a Dual-Stack Ku weight: 70 keywords: [dual-stack] owner: istio/wg-networking-maintainers -test: no +test: yes --- {{< boilerplate experimental >}} @@ -18,7 +18,7 @@ test: no If you want to use `kind` for your test, you can set up a dual stack cluster with the following command: -{{< text bash >}} +{{< text syntax=bash snip_id=none >}} $ kind create cluster --name istio-ds --config - <}} -{{< text yaml >}} +{{< text syntax=yaml snip_id=none >}} apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: @@ -57,7 +57,7 @@ spec: {{< tab name="Helm" category-value="helm" >}} -{{< text yaml >}} +{{< text syntax=yaml snip_id=none >}} meshConfig: defaultConfig: proxyMetadata: @@ -78,7 +78,7 @@ values: {{< tab name="Istioctl" category-value="istioctl" >}} -{{< text bash >}} +{{< text syntax=bash snip_id=none >}} $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig.defaultConfig.proxyMetadata.ISTIO_DUAL_STACK="true" --set values.gateways.istio-ingressgateway.ipFamilyPolicy=RequireDualStack --set values.gateways.istio-egressgateway.ipFamilyPolicy=RequireDualStack -y {{< /text >}} @@ -109,40 +109,50 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig $ kubectl label --overwrite namespace ipv6 istio-injection=enabled {{< /text >}} -1. Create `tcp-echo` deployments in the namespaces: +1. Create [tcp-echo]({{< github_tree >}}/samples/tcp-echo) deployments in the namespaces: {{< text bash >}} - $ kubectl apply --namespace dual-stack -f @samples/tcp-echo/tcp-echo-dual-stack.yaml - $ kubectl apply --namespace ipv4 -f @samples/tcp-echo/tcp-echo-ipv4.yaml - $ kubectl apply --namespace ipv6 -f @samples/tcp-echo/tcp-echo-ipv6.yaml + $ kubectl apply --namespace dual-stack -f @samples/tcp-echo/tcp-echo-dual-stack.yaml@ + $ kubectl apply --namespace ipv4 -f @samples/tcp-echo/tcp-echo-ipv4.yaml@ + $ kubectl apply --namespace ipv6 -f @samples/tcp-echo/tcp-echo-ipv6.yaml@ {{< /text >}} -1. Apply the `sleep` deployment in the `default` namespace: +1. Deploy the [sleep]({{< github_tree >}}/samples/sleep) sample app to use as a test source for sending requests. {{< text bash >}} - $ kubectl apply -f @samples/sleep/sleep.yaml + $ kubectl apply -f @samples/sleep/sleep.yaml@ {{< /text >}} -1. Verify the traffic reaches the pods: +1. Verify the traffic reaches the dual-stack pods: {{< text bash >}} - $ kubectl exec -it "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo dualstack | nc tcp-echo.dual-stack 9000" + $ kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo dualstack | nc tcp-echo.dual-stack 9000" hello dualstack - $ kubectl exec -it "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv4 | nc tcp-echo.ipv4 9000" + {{< /text >}} + +1. Verify the traffic reaches the IPv4 pods: + + {{< text bash >}} + $ kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv4 | nc tcp-echo.ipv4 9000" hello ipv4 - $ kubectl exec -it "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv6 | nc tcp-echo.ipv6 9000" + {{< /text >}} + +1. Verify the traffic reaches the IPv6 pods: + + {{< text bash >}} + $ kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv6 | nc tcp-echo.ipv6 9000" hello ipv6 {{< /text >}} 1. Verify the envoy listeners: - {{< text bash >}} + {{< text syntax=bash snip_id=none >}} $ istioctl proxy-config listeners "$(kubectl get pod -n dual-stack -l app=tcp-echo -o jsonpath='{.items[0].metadata.name}')" -n dual-stack --port 9000 {{< /text >}} You will see listeners are now bound to multiple addresses, but only for dual stack services. Other services will only be listening on a single IP address. - {{< text json >}} + {{< text syntax=json snip_id=none >}} "name": "fd00:10:96::f9fc_9000", "address": { "socketAddress": { @@ -164,7 +174,7 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig 1. Verify virtual inbound addresses are configured to listen on both `0.0.0.0` and `[::]`. - {{< text json >}} + {{< text syntax=json snip_id=none >}} "name": "virtualInbound", "address": { "socketAddress": { @@ -186,7 +196,7 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig 1. Verify envoy endpoints are configured to route to both IPv4 and IPv6: - {{< text bash >}} + {{< text syntax=bash snip_id=none >}} $ istioctl proxy-config endpoints "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" --port 9000 ENDPOINT STATUS OUTLIER CHECK CLUSTER 10.244.0.19:9000 HEALTHY OK outbound|9000||tcp-echo.ipv4.svc.cluster.local @@ -196,3 +206,12 @@ $ istioctl install --set values.pilot.env.ISTIO_DUAL_STACK=true --set meshConfig {{< /text >}} Now you can experiment with dual-stack services in your environment! + +## Cleanup + +1. Cleanup application namespaces and deployments + + {{< text bash >}} + $ kubectl delete -f @samples/sleep/sleep.yaml@ + $ kubectl delete ns dual-stack ipv4 ipv6 + {{< /text >}} diff --git a/content/en/docs/setup/additional-setup/dual-stack/snips.sh b/content/en/docs/setup/additional-setup/dual-stack/snips.sh new file mode 100755 index 0000000000..875f2f9fcd --- /dev/null +++ b/content/en/docs/setup/additional-setup/dual-stack/snips.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# shellcheck disable=SC2034,SC2153,SC2155,SC2164 + +# Copyright Istio Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#################################################################################################### +# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: +# docs/setup/additional-setup/dual-stack/index.md +#################################################################################################### + +snip_verification_1() { +kubectl create namespace dual-stack +kubectl create namespace ipv4 +kubectl create namespace ipv6 +} + +snip_verification_2() { +kubectl label --overwrite namespace default istio-injection=enabled +kubectl label --overwrite namespace dual-stack istio-injection=enabled +kubectl label --overwrite namespace ipv4 istio-injection=enabled +kubectl label --overwrite namespace ipv6 istio-injection=enabled +} + +snip_verification_3() { +kubectl apply --namespace dual-stack -f samples/tcp-echo/tcp-echo-dual-stack.yaml +kubectl apply --namespace ipv4 -f samples/tcp-echo/tcp-echo-ipv4.yaml +kubectl apply --namespace ipv6 -f samples/tcp-echo/tcp-echo-ipv6.yaml +} + +snip_verification_4() { +kubectl apply -f samples/sleep/sleep.yaml +} + +snip_verification_5() { +kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo dualstack | nc tcp-echo.dual-stack 9000" +} + +! read -r -d '' snip_verification_5_out <<\ENDSNIP +hello dualstack +ENDSNIP + +snip_verification_6() { +kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv4 | nc tcp-echo.ipv4 9000" +} + +! read -r -d '' snip_verification_6_out <<\ENDSNIP +hello ipv4 +ENDSNIP + +snip_verification_7() { +kubectl exec "$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')" -- sh -c "echo ipv6 | nc tcp-echo.ipv6 9000" +} + +! read -r -d '' snip_verification_7_out <<\ENDSNIP +hello ipv6 +ENDSNIP + +snip_cleanup_1() { +kubectl delete -f samples/sleep/sleep.yaml +kubectl delete ns dual-stack ipv4 ipv6 +} diff --git a/content/en/docs/setup/additional-setup/dual-stack/test.sh b/content/en/docs/setup/additional-setup/dual-stack/test.sh new file mode 100755 index 0000000000..bf63af3b98 --- /dev/null +++ b/content/en/docs/setup/additional-setup/dual-stack/test.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2154 +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e +set -u + +set -o pipefail + +# @setup dualstack + +# create test namespaces and deployments +snip_verification_1 +snip_verification_2 +snip_verification_3 +snip_verification_4 + +# wait for deployments to be up and running +_wait_for_deployment default sleep +_wait_for_deployment dual-stack tcp-echo +_wait_for_deployment ipv4 tcp-echo +_wait_for_deployment ipv6 tcp-echo + +# verify traffic +_verify_like snip_verification_5 "$snip_verification_5_out" +_verify_like snip_verification_6 "$snip_verification_6_out" +_verify_like snip_verification_7 "$snip_verification_7_out" + +# @cleanup +snip_cleanup_1 \ No newline at end of file diff --git a/tests/setup/dualstack/doc_test.go b/tests/setup/dualstack/doc_test.go new file mode 100755 index 0000000000..e17d1234c8 --- /dev/null +++ b/tests/setup/dualstack/doc_test.go @@ -0,0 +1,58 @@ +// Copyright 2023 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package setupconfig + +import ( + "testing" + + "istio.io/istio.io/pkg/test/istioio" + "istio.io/istio/pkg/test/framework" + "istio.io/istio/pkg/test/framework/components/istio" + "istio.io/istio/pkg/test/framework/resource" +) + +func TestMain(m *testing.M) { + // nolint: staticcheck + framework. + NewSuite(m). + Setup(istio.Setup(nil, setupConfig)). + Run() +} + +func TestDocs(t *testing.T) { + framework. + NewTest(t). + Run(istioio.NewTestDocsFunc("dualstack")) +} + +func setupConfig(ctx resource.Context, cfg *istio.Config) { + cfg.ControlPlaneValues = ` +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_DUAL_STACK: "true" +values: + pilot: + env: + PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING: true + PILOT_ENABLE_ALPHA_GATEWAY_API: false + ISTIO_DUAL_STACK: true + gateways: + istio-ingressgateway: + ipFamilyPolicy: RequireDualStack + istio-egressgateway: + ipFamilyPolicy: RequireDualStack +` + cfg.DeployEastWestGW = false +}