From 2ed61a7cae24b5c83da434cdc748afb9a6a42c72 Mon Sep 17 00:00:00 2001 From: SRodi <32323373+SRodi@users.noreply.github.com> Date: Thu, 20 Apr 2023 15:11:18 +0100 Subject: [PATCH] Enable tests and remove hardcoded versions for operator install doc (#13050) * Enable tests for operator install * install-operator-tests * update snip_id * set snip_id=none for non-tested snips * add test scenarios for helm,watchns,install istio,update * use functions for better readability * add newline at the end * install-operator-tests * add tests for inplace and canary upgrade * update version 1.8.1 and 1.9.0 to 1.17.1 and 1.17.2 in docs * disable snip remove_operator failing lint/test * install-operator-tests * remove all hardcoded versions in operator install doc * add istio_previous_version and full/previous revision to snip.py * adjust test.sh accordingly * install-operator-tests * add shorcodes for revision versions * install-operator-tests * fix canary upgrade (upgrade from previous to full version) * install-operator-tests * fix reference to full_version in canary upgrade * install-operator-tests * fix slightly off format * install-operator-tests * disable test for upgrade with helm tip * add instructions to doc for canary upgrade prep * update test.sh and snips.sh accordingly * install-operator-tests * fix profile on upgrade, use default --- .../en/docs/setup/install/operator/index.md | 106 ++++++++------ .../en/docs/setup/install/operator/snips.sh | 128 +++++++++-------- .../en/docs/setup/install/operator/test.sh | 132 +++++++++++++++--- .../istio_full_version_revision.html | 1 + .../istio_previous_version_revision.html | 1 + scripts/snip.py | 6 + 6 files changed, 258 insertions(+), 116 deletions(-) create mode 100644 layouts/shortcodes/istio_full_version_revision.html create mode 100644 layouts/shortcodes/istio_previous_version_revision.html diff --git a/content/en/docs/setup/install/operator/index.md b/content/en/docs/setup/install/operator/index.md index ed76eeb828..b592c7270f 100644 --- a/content/en/docs/setup/install/operator/index.md +++ b/content/en/docs/setup/install/operator/index.md @@ -6,7 +6,7 @@ keywords: [kubernetes, operator] aliases: - /docs/setup/install/standalone-operator owner: istio/wg-environments-maintainers -test: no +test: yes status: Beta --- @@ -49,7 +49,7 @@ To avoid a vulnerability, ensure that the operator deployment is sufficiently se The `istioctl` command can be used to automatically deploy the Istio operator: -{{< text syntax=bash snip_id=create_istio_operator >}} +{{< text syntax=bash snip_id=deploy_istio_operator >}} $ istioctl operator init {{< /text >}} @@ -62,7 +62,7 @@ This command runs the operator by creating the following resources in the `istio You can configure which namespace the operator controller is installed in, the namespace(s) the operator watches, the installed Istio image sources and versions, and more. For example, you can pass one or more namespaces to watch using the `--watchedNamespaces` flag: -{{< text bash >}} +{{< text syntax=bash snip_id=deploy_istio_operator_watch_ns >}} $ istioctl operator init --watchedNamespaces=istio-namespace1,istio-namespace2 {{< /text >}} @@ -73,13 +73,13 @@ You can alternatively deploy the operator using Helm: 1. Create a namespace `istio-operator`. - {{< text bash >}} + {{< text syntax=bash snip_id=create_ns_istio_operator >}} $ kubectl create namespace istio-operator {{< /text >}} 1. Install operator using Helm. - {{< text bash >}} + {{< text syntax=bash snip_id=deploy_istio_operator_helm >}} $ helm install istio-operator manifests/charts/istio-operator \ --set watchedNamespaces="istio-namespace1\,istio-namespace2" \ -n istio-operator @@ -101,7 +101,7 @@ With the operator installed, you can now create a mesh by deploying an `IstioOpe To install the Istio `demo` [configuration profile](/docs/setup/additional-setup/config-profiles/) using the operator, run the following command: -{{< text syntax=bash snip_id=create_demo_profile >}} +{{< text syntax=bash snip_id=install_istio_demo_profile >}} $ kubectl apply -f - <}} +{{< text syntax=yaml snip_id=none >}} apiVersion: install.istio.io/v1alpha1 kind: IstioOperator ... @@ -166,7 +166,7 @@ the Istio installation correspondingly. For example, you can switch the installation to the `default` profile with the following command: -{{< text syntax=bash >}} +{{< text syntax=bash snip_id=update_to_default_profile >}} $ kubectl apply -f - <}} +{{< text syntax=bash snip_id=update_to_default_profile_egress >}} $ kubectl apply -f - <}} +{{< text syntax=bash snip_id=operator_logs >}} $ kubectl logs -f -n istio-operator "$(kubectl get pods -n istio-operator -lname=istio-operator -o jsonpath='{.items[0].metadata.name}')" {{< /text >}} @@ -217,20 +217,20 @@ for the complete set of configuration settings. Download and extract the `istioctl` corresponding to the version of Istio you wish to upgrade to. Reinstall the operator at the target Istio version: -{{< text bash >}} +{{< text syntax=bash snip_id=inplace_upgrade >}} $ /bin/istioctl operator init {{< /text >}} You should see that the `istio-operator` pod has restarted and its version has changed to the target version: -{{< text bash >}} +{{< text syntax=bash snip_id=inplace_upgrade_get_pods_istio_operator >}} $ kubectl get pods --namespace istio-operator \ -o=jsonpath='{range .items[*]}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{"\n"}{end}' {{< /text >}} After a minute or two, the Istio control plane components should also be restarted at the new version: -{{< text bash >}} +{{< text syntax=bash snip_id=inplace_upgrade_get_pods_istio_system >}} $ kubectl get pods --namespace istio-system \ -o=jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{"\n"}{end}' {{< /text >}} @@ -239,76 +239,102 @@ $ kubectl get pods --namespace istio-system \ The process for canary upgrade is similar to the [canary upgrade with `istioctl`](/docs/setup/upgrade/canary/). -For example, to upgrade the revision of Istio installed in the previous section, first verify that the `IstioOperator` CR named `example-istiocontrolplane` exists in your cluster: +For example, to upgrade Istio {{< istio_previous_version >}}.0 to {{< istio_full_version >}}, first install {{< istio_previous_version >}}.0 : -{{< text bash >}} +{{< text syntax=bash snip_id=download_istio_previous_version >}} +$ curl -L https://istio.io/downloadIstio | ISTIO_VERSION={{< istio_previous_version >}}.0 sh - +{{< /text >}} + +Deploy the operator using Istio version {{< istio_previous_version >}}.0: + +{{< text syntax=bash snip_id=deploy_operator_previous_version >}} +$ istio-{{< istio_previous_version >}}.0/bin/istioctl operator init +{{< /text >}} + +Install Istio control plane demo profile: + +{{< text syntax=bash snip_id=install_istio_previous_version >}} +$ kubectl apply -f - <}}-0 +spec: + profile: default +EOF +{{< /text >}} + +Verify that the `IstioOperator` CR named `example-istiocontrolplane` exists in your cluster: + +{{< text syntax=bash snip_id=verify_operator_cr >}} $ kubectl get iop --all-namespaces -NAMESPACE NAME REVISION STATUS AGE -istio-system example-istiocontrolplane HEALTHY 11m +NAMESPACE NAME REVISION STATUS AGE +istio-system example-istiocontrolplane{{< istio_previous_version_revision >}}-0 HEALTHY 11m {{< /text >}} Download and extract the `istioctl` corresponding to the version of Istio you wish to upgrade to. Then, run the following command to install the new target revision of the Istio control plane based on the in-cluster -`IstioOperator` CR (here, we assume the target revision is 1.8.1): +`IstioOperator` CR (here, we assume the target revision is {{< istio_full_version_revision >}}): -{{< text bash >}} -$ istio-1.8.1/bin/istioctl operator init --revision 1-8-1 +{{< text syntax=bash snip_id=canary_upgrade_init >}} +$ istio-{{< istio_full_version >}}/bin/istioctl operator init --revision {{< istio_full_version_revision >}} {{< /text >}} {{< tip >}} You can alternatively use Helm to deploy another operator with a different revision setting: -{{< text bash >}} +{{< text syntax=bash snip_id=none >}} $ helm install istio-operator manifests/charts/istio-operator \ --set watchedNamespaces=istio-system \ -n istio-operator \ - --set revision=1-9-0 + --set revision={{< istio_full_version_revision >}} {{< /text >}} Note that you need to [download the Istio release](/docs/setup/getting-started/#download) to run the above command. {{< /tip >}} -Make a copy of the `example-istiocontrolplane` CR and save it in a file named `example-istiocontrolplane-1-8-1.yaml`. -Change the name to `example-istiocontrolplane-1-8-1` and add `revision: 1-8-1` to the CR. +Make a copy of the `example-istiocontrolplane` CR and save it in a file named `example-istiocontrolplane-{{< istio_full_version_revision >}}.yaml`. +Change the name to `example-istiocontrolplane-{{< istio_full_version_revision >}}` and add `revision: {{< istio_full_version_revision >}}` to the CR. Your updated `IstioOperator` CR should look something like this: -{{< text bash >}} -$ cat example-istiocontrolplane-1-8-1.yaml +{{< text syntax=bash snip_id=cat_operator_yaml >}} +$ cat example-istiocontrolplane-{{< istio_full_version_revision >}}.yaml apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: namespace: istio-system - name: example-istiocontrolplane-1-8-1 + name: example-istiocontrolplane-{{< istio_full_version_revision >}} spec: - revision: 1-8-1 - profile: demo + revision: {{< istio_full_version_revision >}} + profile: default {{< /text >}} Apply the updated `IstioOperator` CR to the cluster. After that, you will have two control plane deployments and services running side-by-side: -{{< text bash >}} +{{< text syntax=bash snip_id=get_pods_istio_system >}} $ kubectl get pod -n istio-system -l app=istiod -NAME READY STATUS RESTARTS AGE -istiod-1-8-1-597475f4f6-bgtcz 1/1 Running 0 64s -istiod-6ffcc65b96-bxzv5 1/1 Running 0 2m11s +NAME READY STATUS RESTARTS AGE +istiod-{{< istio_full_version_revision >}}-597475f4f6-bgtcz 1/1 Running 0 64s +istiod-6ffcc65b96-bxzv5 1/1 Running 0 2m11s {{< /text >}} -{{< text bash >}} +{{< text syntax=bash snip_id=get_svc_istio_system >}} $ kubectl get services -n istio-system -l app=istiod -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -istiod ClusterIP 10.104.129.150 15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP 2m35s -istiod-1-8-1 ClusterIP 10.111.17.49 15010/TCP,15012/TCP,443/TCP,15014/TCP 88s +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istiod ClusterIP 10.104.129.150 15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP 2m35s +istiod-{{< istio_full_version_revision >}} ClusterIP 10.111.17.49 15010/TCP,15012/TCP,443/TCP,15014/TCP 88s {{< /text >}} -To complete the upgrade, label the workload namespaces with `istio.io/rev=1-8-1` and restart the workloads, as +To complete the upgrade, label the workload namespaces with `istio.io/rev={{< istio_full_version_revision >}}` and restart the workloads, as explained in the [Data plane upgrade](/docs/setup/upgrade/canary/#data-plane) documentation. ## Uninstall If you used the operator to perform a canary upgrade of the control plane, you can uninstall the old control plane and keep the new one by deleting the old in-cluster `IstioOperator` CR, which will uninstall the old revision of Istio: -{{< text syntax=bash snip_id=none >}} +{{< text syntax=bash snip_id=delete_example_istiocontrolplane >}} $ kubectl delete istiooperators.install.istio.io -n istio-system example-istiocontrolplane {{< /text >}} @@ -327,5 +353,5 @@ To clean up anything not removed by the operator: {{< text syntax=bash snip_id=cleanup >}} $ istioctl uninstall -y --purge -$ kubectl delete ns istio-system --grace-period=0 --force +$ kubectl delete ns istio-system istio-operator {{< /text >}} diff --git a/content/en/docs/setup/install/operator/snips.sh b/content/en/docs/setup/install/operator/snips.sh index 4789a00acd..0055d6b59a 100644 --- a/content/en/docs/setup/install/operator/snips.sh +++ b/content/en/docs/setup/install/operator/snips.sh @@ -20,21 +20,25 @@ # docs/setup/install/operator/index.md #################################################################################################### -snip_create_istio_operator() { +snip_deploy_istio_operator() { istioctl operator init } -snip_prerequisites_2() { +snip_deploy_istio_operator_watch_ns() { istioctl operator init --watchedNamespaces=istio-namespace1,istio-namespace2 } -snip_prerequisites_3() { -helm install istio-operator manifests/charts/istio-operator \ - --set watchedNamespaces="istio-namespace1\,istio-namespace2" \ - -n istio-operator +snip_create_ns_istio_operator() { +kubectl create namespace istio-operator } -snip_create_demo_profile() { +snip_deploy_istio_operator_helm() { +helm install istio-operator manifests/charts/istio-operator \ + --set watchedNamespaces="istio-namespace1\,istio-namespace2" \ + -n istio-operator +} + +snip_install_istio_demo_profile() { kubectl apply -f - </bin/istioctl operator init } -snip_inplace_upgrade_2() { +snip_inplace_upgrade_get_pods_istio_operator() { kubectl get pods --namespace istio-operator \ -o=jsonpath='{range .items[*]}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{"\n"}{end}' } -snip_inplace_upgrade_3() { +snip_inplace_upgrade_get_pods_istio_system() { kubectl get pods --namespace istio-system \ -o=jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{"\n"}{end}' } -snip_canary_upgrade_1() { -kubectl get iop --all-namespaces +snip_download_istio_previous_version() { +curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.17.0 sh - } -! read -r -d '' snip_canary_upgrade_1_out <<\ENDSNIP -NAMESPACE NAME REVISION STATUS AGE -istio-system example-istiocontrolplane HEALTHY 11m -ENDSNIP - -snip_canary_upgrade_2() { -istio-1.8.1/bin/istioctl operator init --revision 1-8-1 +snip_deploy_operator_previous_version() { +istio-1.17.0/bin/istioctl operator init } -snip_canary_upgrade_3() { -helm install istio-operator manifests/charts/istio-operator \ - --set watchedNamespaces=istio-system \ - -n istio-operator \ - --set revision=1-9-0 -} - -snip_canary_upgrade_4() { -cat example-istiocontrolplane-1-8-1.yaml -} - -! read -r -d '' snip_canary_upgrade_4_out <<\ENDSNIP +snip_install_istio_previous_version() { +kubectl apply -f - < 15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP 2m35s -istiod-1-8-1 ClusterIP 10.111.17.49 15010/TCP,15012/TCP,443/TCP,15014/TCP 88s +! read -r -d '' snip_get_svc_istio_system_out <<\ENDSNIP +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +istiod ClusterIP 10.104.129.150 15010/TCP,15012/TCP,443/TCP,15014/TCP,853/TCP 2m35s +istiod-1-18-0 ClusterIP 10.111.17.49 15010/TCP,15012/TCP,443/TCP,15014/TCP 88s ENDSNIP +snip_delete_example_istiocontrolplane() { +kubectl delete istiooperators.install.istio.io -n istio-system example-istiocontrolplane +} + snip_cleanup() { istioctl uninstall -y --purge -kubectl delete ns istio-system --grace-period=0 --force +kubectl delete ns istio-system istio-operator } diff --git a/content/en/docs/setup/install/operator/test.sh b/content/en/docs/setup/install/operator/test.sh index 61872ba3dd..1ca8911e5e 100644 --- a/content/en/docs/setup/install/operator/test.sh +++ b/content/en/docs/setup/install/operator/test.sh @@ -1,4 +1,6 @@ #!/usr/bin/env bash +# shellcheck disable=SC2154 + # Copyright Istio Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,30 +15,126 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -e -set -u - -set -o pipefail # @setup profile=none -snip_create_istio_operator -_wait_for_deployment istio-operator istio-operator +set -e +set -u +set -o pipefail -snip_create_demo_profile -sleep 30s -_wait_for_deployment istio-system istiod +fullVersion=$(type snip_canary_upgrade_init | sed '1,3d;$d' | sed 's/.*istio-\(.*\)\/bin.*/\1/') # 1.18.0 +fullVersionRevision=$(echo "$fullVersion" | sed -r 's/[.]+/-/g' ) # 1-18-0 +previousVersion=$(type snip_deploy_operator_previous_version | sed '1,3d;$d' | sed 's/.*istio-\(.*\)\/bin.*/\1/') +previousVersionMinorUpgrade="${previousVersion%.0}.1" -# shellcheck disable=SC2154 -_verify_like snip_kubectl_get_svc "$snip_kubectl_get_svc_out" +function testOperatorDeployWatchNs(){ + # print out body of the function and execute with flag + # this is to avoid using the default public registry + $(type snip_deploy_istio_operator_watch_ns | sed '1,3d;$d') --hub "$HUB" + _wait_for_deployment istio-operator istio-operator -# shellcheck disable=SC2154 -_verify_like snip_kubectl_get_pods "$snip_kubectl_get_pods_out" + # cleanup required for next steps + istioctl uninstall -y --purge + kubectl delete ns istio-operator istio-namespace1 istio-namespace2 +} -snip_update_operator -sleep 30s -_verify_contains snip_kubectl_get_svc "egressgateway" +function testOperatorDeployHelm(){ + snip_create_ns_istio_operator + snip_deploy_istio_operator_helm + _wait_for_deployment istio-operator istio-operator + + # cleanup required for next steps + helm uninstall istio-operator -n istio-operator + kubectl delete ns istio-operator +} + +function testOperatorDeploy(){ + $(type snip_deploy_istio_operator | sed '1,3d;$d') --hub "$HUB" + _wait_for_deployment istio-operator istio-operator +} + +function testInstallIstioDemo(){ + snip_install_istio_demo_profile + sleep 30s + _wait_for_deployment istio-system istiod + _verify_like snip_kubectl_get_svc "$snip_kubectl_get_svc_out" + _verify_like snip_kubectl_get_pods "$snip_kubectl_get_pods_out" +} + +function testUpdateProfileDefaultEgress(){ + snip_update_to_default_profile_egress + sleep 30s + _verify_contains snip_kubectl_get_svc "egressgateway" +} + +function testOperatorLogs(){ + command=$(type snip_operator_logs | sed '1,3d;$d') + # prevent following log stream + command="${command/"logs -f"/"logs"}" + echo "$command" | sh - +} + +function istioDownload(){ + version="$1" + curl -L https://istio.io/downloadIstio | ISTIO_VERSION="$version" sh - +} + +function operatorInit(){ + version="$1" + istioDownload "$version" + istio-"$version"/bin/istioctl operator init + rm -rf "istio-$version" +} + +function testInplaceUpgrade(){ + operatorInit "$previousVersion" + operatorInit "$previousVersionMinorUpgrade" + snip_inplace_upgrade_get_pods_istio_operator + snip_inplace_upgrade_get_pods_istio_system +} + +function testCanaryUpgrade(){ + snip_download_istio_previous_version + snip_deploy_operator_previous_version + snip_install_istio_previous_version + _verify_like snip_verify_operator_cr "$snip_verify_operator_cr_out" + rm -rf "istio-$previousVersion" + + istioctl operator init --revision "$fullVersionRevision" +} + +function testTwoControlPlanes(){ + echo "$snip_cat_operator_yaml_out" > example-istiocontrolplane-previous-version.yaml + _verify_like snip_cat_operator_yaml "$snip_cat_operator_yaml_out" + kubectl apply -f example-istiocontrolplane-previous-version.yaml + rm -f example-istiocontrolplane-previous-version.yaml + + _verify_like snip_get_pods_istio_system "$snip_get_pods_istio_system_out" + _verify_like snip_get_svc_istio_system "$snip_get_svc_istio_system_out" +} + +testOperatorDeployWatchNs + +testOperatorDeployHelm + +testOperatorDeploy + +testInstallIstioDemo + +snip_update_to_default_profile + +testUpdateProfileDefaultEgress + +testOperatorLogs + +snip_cleanup + +testInplaceUpgrade + +snip_cleanup + +testCanaryUpgrade # @cleanup +snip_delete_example_istiocontrolplane snip_cleanup -kubectl delete ns istio-operator --grace-period=0 --force diff --git a/layouts/shortcodes/istio_full_version_revision.html b/layouts/shortcodes/istio_full_version_revision.html new file mode 100644 index 0000000000..066d842085 --- /dev/null +++ b/layouts/shortcodes/istio_full_version_revision.html @@ -0,0 +1 @@ +{{ replace .Site.Data.args.full_version "." "-" }} \ No newline at end of file diff --git a/layouts/shortcodes/istio_previous_version_revision.html b/layouts/shortcodes/istio_previous_version_revision.html new file mode 100644 index 0000000000..9805a83a40 --- /dev/null +++ b/layouts/shortcodes/istio_previous_version_revision.html @@ -0,0 +1 @@ +{{ replace .Site.Data.args.previous_version "." "-" }} \ No newline at end of file diff --git a/scripts/snip.py b/scripts/snip.py index 36f662ad68..eecfadd959 100644 --- a/scripts/snip.py +++ b/scripts/snip.py @@ -89,6 +89,9 @@ try: source_branch_name = docs_config['source_branch_name'] istio_version = docs_config['version'] istio_full_version = docs_config['full_version'] + istio_previous_version = docs_config['previous_version'] + istio_full_version_revision = istio_full_version.replace(".", "-") + istio_previous_version_revision = istio_previous_version.replace(".", "-") k8s_gateway_api_version = docs_config['k8s_gateway_api_version'] except: sys.stderr.write('failed to retrieve data from "data/args.yml"\n') @@ -178,6 +181,9 @@ with open(markdown, 'rt', encoding='utf-8') as mdfile: multiline_cmd = True line = line.replace("{{< istio_version >}}", istio_version) line = line.replace("{{< istio_full_version >}}", istio_full_version) + line = line.replace("{{< istio_previous_version >}}", istio_previous_version) + line = line.replace("{{< istio_full_version_revision >}}", istio_full_version_revision) + line = line.replace("{{< istio_previous_version_revision >}}", istio_previous_version_revision) line = line.replace("{{< k8s_gateway_api_version >}}", k8s_gateway_api_version) current_snip["script"].append(line)