Fix istio.io integration tests (#6489)

Makefile.core.mk

@@ -1,3 +1,62 @@
+# Get the source directory for this project
+ISTIOIO_GO := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+export ISTIOIO_GO
+SHELL := /bin/bash -o pipefail
+
+VERSION ?= latest
+
+export GO111MODULE ?= on
+export GOPROXY ?= https://proxy.golang.org
+export GOSUMDB ?= sum.golang.org
+
+# If GOPATH is not set by the env, set it to a sane value
+GOPATH ?= $(shell cd ${ISTIOIO_GO}/../../..; pwd)
+export GOPATH
+
+# Set the directory for Istio source.
+ISTIO_GO ?= "${GOPATH}/src/istio.io/istio"
+export ISTIO_GO
+
+# If GOPATH is made up of several paths, use the first one for our targets in this Makefile
+GO_TOP := $(shell echo ${GOPATH} | cut -d ':' -f1)
+export GO_TOP
+
+GO ?= go
+
+GOARCH_LOCAL := $(TARGET_ARCH)
+GOOS_LOCAL := $(TARGET_OS)
+
+HUB?=istio
+ifeq ($(HUB),)
+  $(error "HUB cannot be empty")
+endif
+
+# If tag not explicitly set in users' .istiorc.mk or command line, default to the git sha.
+TAG ?= $(shell git rev-parse --verify HEAD)
+ifeq ($(TAG),)
+  $(error "TAG cannot be empty")
+endif
+
+# Environment for tests, the directory containing istio and deps binaries.
+# Typically same as GOPATH/bin, so tests work seemlessly with IDEs.
+
+export ISTIO_BIN=$(GOBIN)
+# Using same package structure as pkg/
+
+export ISTIO_BIN=$(GOBIN)
+export ISTIO_OUT:=$(TARGET_OUT)
+export ISTIO_OUT_LINUX:=$(TARGET_OUT_LINUX)
+
+export ARTIFACTS ?= $(ISTIO_OUT)
+export JUNIT_OUT ?= $(ARTIFACTS)/junit.xml
+export REPO_ROOT := $(shell git rev-parse --show-toplevel)
+
+# Make directories needed by the build system
+$(shell mkdir -p $(ISTIO_OUT))
+$(shell mkdir -p $(dir $(JUNIT_OUT)))
+
+JUNIT_REPORT := $(shell which go-junit-report 2> /dev/null || echo "${ISTIO_BIN}/go-junit-report")
+
 ISTIO_SERVE_DOMAIN ?= localhost
 export ISTIO_SERVE_DOMAIN
 
@@ -65,8 +124,15 @@ update_all: update_ref_docs update_operator_yamls update_examples
 foo2:
 	hugo version
 
+.PHONY: init
+init:
+	bin/init.sh
+
 include tests/tests.mk
 
+# make lint-yaml seems to fail with pipefail, so remove now.
+SHELL = /bin/bash
+
 include common/Makefile.common.mk
 
 .PHONY: gen build build_nominify opt clean_public clean lint serve netlify_install netlify netlify_archive archive update_ref_docs update_operator_yamls update_examples update_all

bin/init.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# Copyright Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+set -x
+
+# Download the Istio source if not available.
+if [[ ! -d "${ISTIO_GO}" ]]
+then
+    git clone https://github.com/istio/istio.git "${ISTIO_GO}"
+fi
+
+export ISTIO_BRANCH=${ISTIO_BRANCH:-master}
+
+# Switch to the selected branch and build/install istioctl
+pushd "${ISTIO_GO}"
+git checkout "${ISTIO_BRANCH}"
+go install ./istioctl/cmd/istioctl
+popd
+
+# Copy install/samples files over from Istio. These are needed by the tests.
+rm -rf "${ISTIOIO_GO}/install"
+cp -a "${ISTIO_GO}/install" "${ISTIOIO_GO}/install"
+
+rm -rf "${ISTIOIO_GO}/samples"
+cp -a "${ISTIO_GO}/samples" "${ISTIOIO_GO}/samples"
+
+# For generating junit.xml files
+echo "Installing go-junit-report..."
+unset GOOS && unset GOARCH && CGO_ENABLED=1 go get github.com/jstemmer/go-junit-report

go.mod

@@ -12,7 +12,7 @@ replace github.com/docker/docker => github.com/docker/engine v1.4.2-0.2019101121
 
 require (
 	github.com/Masterminds/semver v1.4.2
-	istio.io/istio v0.0.0-20200211190130-fb23733979fe
+	istio.io/istio v0.0.0-20200219230945-34ee61d95048
 )
 
 replace github.com/Azure/go-autorest/autorest => github.com/Azure/go-autorest/autorest v0.9.0

go.sum

@@ -894,11 +894,15 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 istio.io/api v0.0.0-20190515205759-982e5c3888c6/go.mod h1:hhLFQmpHia8zgaM37vb2ml9iS5NfNfqZGRt1pS9aVEo=
 istio.io/api v0.0.0-20200201001607-7b905a0a6e49 h1:dA52YJ/YsM3cSIB0maN7S4RvFTKz/9gDA0/FrN/59xE=
 istio.io/api v0.0.0-20200201001607-7b905a0a6e49/go.mod h1:bcY3prusO/6vA6zGHz4PNG2v79clPyTw06Xx3fprJSQ=
+istio.io/api v0.0.0-20200218013118-7fd43ea7fc2b h1:9m5PCO7B94jCHne9O49k1v7RUMZ758AYk1SGwTAEqE0=
+istio.io/api v0.0.0-20200218013118-7fd43ea7fc2b/go.mod h1:bcY3prusO/6vA6zGHz4PNG2v79clPyTw06Xx3fprJSQ=
 istio.io/gogo-genproto v0.0.0-20190930162913-45029607206a/go.mod h1:OzpAts7jljZceG4Vqi5/zXy/pOg1b209T3jb7Nv5wIs=
 istio.io/gogo-genproto v0.0.0-20200122005450-9b171d92064b h1:IGfxOYlHvdE5UeSCGvOFNHVQcPGJYAAUQ5iJm2Z7i18=
 istio.io/gogo-genproto v0.0.0-20200122005450-9b171d92064b/go.mod h1:OzpAts7jljZceG4Vqi5/zXy/pOg1b209T3jb7Nv5wIs=
 istio.io/istio v0.0.0-20200211190130-fb23733979fe h1:GwjDnzgsOBM6y8fKuuoGYKyOhYOtwTA7ZbXloScPaKA=
 istio.io/istio v0.0.0-20200211190130-fb23733979fe/go.mod h1:wKE9Xss4ktHDdf3U+IzDRoQjhJJyhnObuCxTyNxm1Xk=
+istio.io/istio v0.0.0-20200219230945-34ee61d95048 h1:3tv6JUn3gVcF/XdRb0tKCL84mGTxou6NxhvH7BQ83KA=
+istio.io/istio v0.0.0-20200219230945-34ee61d95048/go.mod h1:+l6TTXlWyn+jycoK5K1T3YO379mEZgd9307u0R8N+Nc=
 istio.io/pkg v0.0.0-20200131182711-9ba13e0e34bb h1:ZEOEfPpz4ooW3lhX5qi+XA6dTO1Mb72EFaRniUb6Mvc=
 istio.io/pkg v0.0.0-20200131182711-9ba13e0e34bb/go.mod h1:pwGaxLUDLobzL/WvWV94z72LvBbB1dr2UUUyPuasfIU=
 k8s.io/api v0.0.0-20190918155943-95b840bb6a1f/go.mod h1:uWuOHnjmNrtQomJrvEBg0c0HRNyQ+8KTEERVsK0PW48=

prow/config/trustworthy-jwt.yaml

@@ -0,0 +1,13 @@
+# This configs KinD to spin up a k8s cluster with trustworthy jwt (Service Account Token Volume Projection) feature.
+kind: Cluster
+apiVersion: kind.sigs.k8s.io/v1alpha3
+kubeadmConfigPatches:
+  - |
+    apiVersion: kubeadm.k8s.io/v1beta2
+    kind: ClusterConfiguration
+    metadata:
+      name: config
+    apiServer:
+      extraArgs:
+        "service-account-issuer": "kubernetes.default.svc"
+        "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key"

prow/integ-suite-kind.sh

@@ -39,27 +39,20 @@ export TEST_ENV=kind
 # See https://kind.sigs.k8s.io/docs/user/quick-start/#loading-an-image-into-your-cluster
 export PULL_POLICY=IfNotPresent
 
-export HUB=${HUB:-"istio-testing"}
-export TAG="${TAG:-"istio-testing"}"
+export HUB=${HUB:-"gcr.io/istio-testing"}
+export TAG="${TAG:-"latest"}"
 
 # Setup junit report and verbose logging
 export T="${T:-"-v"}"
 export CI="true"
 
-make init
-
 if [[ -z "${SKIP_SETUP:-}" ]]; then
   time setup_kind_cluster "${NODE_IMAGE:-}"
 fi
 
-if [[ -z "${SKIP_BUILD:-}" ]]; then
-  time build_images
-  time kind_load_images ""
-fi
-
 # If a variant is defined, update the tag accordingly
 if [[ "${VARIANT:-}" != "" ]]; then
   export TAG="${TAG}-${VARIANT}"
 fi
 
-make "${PARAMS[*]}"
+make "${@}"

prow/lib.sh

@@ -49,69 +49,6 @@ function setup_and_export_git_sha() {
   setup_gcloud_credentials
 }
 
-# Download and unpack istio release artifacts.
-function download_untar_istio_release() {
-  local url_path=${1}
-  local tag=${2}
-  local dir=${3:-.}
-  # Download artifacts
-  LINUX_DIST_URL="${url_path}/istio-${tag}-linux.tar.gz"
-
-  wget  -q "${LINUX_DIST_URL}" -P "${dir}"
-  tar -xzf "${dir}/istio-${tag}-linux.tar.gz" -C "${dir}"
-}
-
-function build_images_legacy() {
-  # Build just the images needed for the legacy e2e tests that use the install/ directory
-  targets="docker.pilot docker.proxyv2 "
-  targets+="docker.app docker.test_policybackend docker.kubectl "
-  targets+="docker.mixer docker.citadel docker.galley docker.sidecar_injector"
-  DOCKER_BUILD_VARIANTS="${VARIANT:-default}" DOCKER_TARGETS="${targets}" make dockerx
-}
-
-function build_images() {
-  # Build just the images needed for tests
-  targets="docker.pilot docker.proxyv2 "
-  targets+="docker.app docker.test_policybackend "
-  targets+="docker.mixer docker.citadel docker.galley "
-  DOCKER_BUILD_VARIANTS="${VARIANT:-default}" DOCKER_TARGETS="${targets}" make dockerx
-}
-
-function kind_load_images() {
-  NAME="${1:-istio-testing}"
-
-  # If HUB starts with "docker.io/" removes that part so that filtering and loading below works
-  local hub=${HUB#"docker.io/"}
-
-  for i in {1..3}; do
-    # Archived local images and load it into KinD's docker daemon
-    # Kubernetes in KinD can only access local images from its docker daemon.
-    docker images "${hub}/*:${TAG}" --format '{{.Repository}}:{{.Tag}}' | xargs -n1 kind -v9 --name "${NAME}" load docker-image && break
-    echo "Attempt ${i} to load images failed, retrying in 1s..."
-    sleep 1
-	done
-
-  # If a variant is specified, load those images as well.
-  # We should still load non-variant images as well for things like `app` which do not use variants
-  if [[ "${VARIANT:-}" != "" ]]; then
-    for i in {1..3}; do
-      docker images "${hub}/*:${TAG}-${VARIANT}" --format '{{.Repository}}:{{.Tag}}' | xargs -n1 kind -v9 --name "${NAME}" load docker-image && break
-      echo "Attempt ${i} to load images failed, retrying in 1s..."
-      sleep 1
-    done
-  fi
-}
-
-function clone_cni() {
-  # Clone the CNI repo so the CNI artifacts can be built.
-  if [[ "$PWD" == "${GOPATH}/src/istio.io/istio" ]]; then
-      TMP_DIR=$PWD
-      cd ../ || return
-      git clone -b "${GIT_BRANCH}" "https://github.com/istio/cni.git"
-      cd "${TMP_DIR}" || return
-  fi
-}
-
 function cleanup_kind_cluster() {
   NAME="${1}"
   echo "Test exited with exit code $?."
@@ -138,18 +75,8 @@ function setup_kind_cluster() {
 
   # If config not explicitly set, then use defaults
   if [[ -z "${CONFIG}" ]]; then
-    # Different Kubernetes versions need different patches
-    K8S_VERSION=$(cut -d ":" -f 2 <<< "${IMAGE}")
-    if [[ -n "${IMAGE}" && "${K8S_VERSION}" < "v1.13" ]]; then
-      # Kubernetes 1.12
-      CONFIG=./prow/config/trustworthy-jwt-12.yaml
-    elif [[ -n "${IMAGE}" && "${K8S_VERSION}" < "v1.15" ]]; then
-      # Kubernetes 1.13, 1.14
-      CONFIG=./prow/config/trustworthy-jwt-13-14.yaml
-    else
-      # Kubernetes 1.15+
-      CONFIG=./prow/config/trustworthy-jwt.yaml
-    fi
+    # Kubernetes 1.15+
+    CONFIG=./prow/config/trustworthy-jwt.yaml
   fi
 
   # Create KinD cluster
@@ -157,73 +84,4 @@ function setup_kind_cluster() {
     echo "Could not setup KinD environment. Something wrong with KinD setup. Exporting logs."
     exit 1
   fi
-
-  kubectl apply -f ./prow/config/metrics
-}
-
-function cni_run_daemon_kind() {
-  echo 'Run the CNI daemon set'
-  ISTIO_CNI_HUB=${ISTIO_CNI_HUB:-gcr.io/istio-testing}
-  ISTIO_CNI_TAG=${ISTIO_CNI_TAG:-latest}
-
-  # TODO: this should not be pulling from external charts, instead the tests should checkout the CNI repo
-  chartdir=$(mktemp -d)
-  helm init --client-only
-  helm repo add istio.io https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/master-latest-daily/charts/
-  helm fetch --devel --untar --untardir "${chartdir}" istio.io/istio-cni
-
-  helm template --values "${chartdir}"/istio-cni/values.yaml --name=istio-cni --namespace=kube-system --set "excludeNamespaces={}" \
-    --set-string hub="${ISTIO_CNI_HUB}" --set-string tag="${ISTIO_CNI_TAG}" --set-string pullPolicy=IfNotPresent --set logLevel="${CNI_LOGLVL:-debug}"  "${chartdir}"/istio-cni >  "${chartdir}"/istio-cni_install.yaml
-
-  kubectl apply -f  "${chartdir}"/istio-cni_install.yaml
-}
-
-# setup_cluster_reg is used to set up a cluster registry for multicluster testing
-function setup_cluster_reg () {
-    MAIN_CONFIG=""
-    for context in "${CLUSTERREG_DIR}"/*; do
-        if [[ -z "${MAIN_CONFIG}" ]]; then
-            MAIN_CONFIG="${context}"
-        fi
-        export KUBECONFIG="${context}"
-        kubectl delete ns istio-system-multi --ignore-not-found
-        kubectl delete clusterrolebinding istio-multi-test --ignore-not-found
-        kubectl create ns istio-system-multi
-        kubectl create sa istio-multi-test -n istio-system-multi
-        kubectl create clusterrolebinding istio-multi-test --clusterrole=cluster-admin --serviceaccount=istio-system-multi:istio-multi-test
-        CLUSTER_NAME=$(kubectl config view --minify=true -o "jsonpath={.clusters[].name}")
-        gen_kubeconf_from_sa istio-multi-test "${context}"
-    done
-    export KUBECONFIG="${MAIN_CONFIG}"
-}
-
-function gen_kubeconf_from_sa () {
-    local service_account=$1
-    local filename=$2
-
-    SERVER=$(kubectl config view --minify=true -o "jsonpath={.clusters[].cluster.server}")
-    SECRET_NAME=$(kubectl get sa "${service_account}" -n istio-system-multi -o jsonpath='{.secrets[].name}')
-    CA_DATA=$(kubectl get secret "${SECRET_NAME}" -n istio-system-multi -o "jsonpath={.data['ca\\.crt']}")
-    TOKEN=$(kubectl get secret "${SECRET_NAME}" -n istio-system-multi -o "jsonpath={.data['token']}" | base64 --decode)
-
-    cat <<EOF > "${filename}"
-      apiVersion: v1
-      clusters:
-         - cluster:
-             certificate-authority-data: ${CA_DATA}
-             server: ${SERVER}
-           name: ${CLUSTER_NAME}
-      contexts:
-         - context:
-             cluster: ${CLUSTER_NAME}
-             user: ${CLUSTER_NAME}
-           name: ${CLUSTER_NAME}
-      current-context: ${CLUSTER_NAME}
-      kind: Config
-      preferences: {}
-      users:
-         - name: ${CLUSTER_NAME}
-           user:
-             token: ${TOKEN}
-EOF
 }

tests/tests.mk

@@ -1,45 +1,3 @@
-ISTIO_GO := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-export ISTIO_GO
-
-VERSION ?= latest
-
-export GO111MODULE ?= on
-export GOPROXY ?= https://proxy.golang.org
-export GOSUMDB ?= sum.golang.org
-
-# If GOPATH is not set by the env, set it to a sane value
-GOPATH ?= $(shell cd ${ISTIO_GO}/../../..; pwd)
-export GOPATH
-
-# If GOPATH is made up of several paths, use the first one for our targets in this Makefile
-GO_TOP := $(shell echo ${GOPATH} | cut -d ':' -f1)
-export GO_TOP
-
-GO ?= go
-
-GOARCH_LOCAL := $(TARGET_ARCH)
-GOOS_LOCAL := $(TARGET_OS)
-
-HUB?=istio
-ifeq ($(HUB),)
-  $(error "HUB cannot be empty")
-endif
-
-# If tag not explicitly set in users' .istiorc.mk or command line, default to the git sha.
-TAG ?= $(shell git rev-parse --verify HEAD)
-ifeq ($(TAG),)
-  $(error "TAG cannot be empty")
-endif
-
-# Environment for tests, the directory containing istio and deps binaries.
-# Typically same as GOPATH/bin, so tests work seemlessly with IDEs.
-
-export ISTIO_BIN=$(GOBIN)
-# Using same package structure as pkg/
-
-export ISTIO_OUT:=$(TARGET_OUT)
-export ISTIO_OUT_LINUX:=$(TARGET_OUT_LINUX)
-
 # The following flags (in addition to ${V}) can be specified on the command-line, or the environment. This
 # is primarily used by the CI systems.
 _INTEGRATION_TEST_FLAGS ?= $(INTEGRATION_TEST_FLAGS)
@@ -79,7 +37,7 @@ else
 	_INTEGRATION_TEST_FLAGS += --istio.test.kube.config=~/.kube/config
 endif
 
-test.kube.presubmit: istioctl | $(JUNIT_REPORT)
+test.kube.presubmit: init
 	PATH=${PATH}:${ISTIO_OUT} $(GO) test -p 1 ${T} ./tests/... -timeout 30m \
 	--istio.test.select -postsubmit,-flaky \
 	--istio.test.env kube \

tests/trafficmanagement/ingress/main_test.go

@@ -43,6 +43,4 @@ func setupForSDS(cfg *istio.Config) {
 		return
 	}
 	cfg.Values["gateways.istio-egressgateway.enabled"] = "false"
-	cfg.Values["gateways.istio-ingressgateway.sds.enabled"] = "true"
-
 }