diff --git a/Makefile.core.mk b/Makefile.core.mk index 6d370409a0..6b89285ea6 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -1,3 +1,62 @@ +# Get the source directory for this project +ISTIOIO_GO := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +export ISTIOIO_GO +SHELL := /bin/bash -o pipefail + +VERSION ?= latest + +export GO111MODULE ?= on +export GOPROXY ?= https://proxy.golang.org +export GOSUMDB ?= sum.golang.org + +# If GOPATH is not set by the env, set it to a sane value +GOPATH ?= $(shell cd ${ISTIOIO_GO}/../../..; pwd) +export GOPATH + +# Set the directory for Istio source. +ISTIO_GO ?= "${GOPATH}/src/istio.io/istio" +export ISTIO_GO + +# If GOPATH is made up of several paths, use the first one for our targets in this Makefile +GO_TOP := $(shell echo ${GOPATH} | cut -d ':' -f1) +export GO_TOP + +GO ?= go + +GOARCH_LOCAL := $(TARGET_ARCH) +GOOS_LOCAL := $(TARGET_OS) + +HUB?=istio +ifeq ($(HUB),) + $(error "HUB cannot be empty") +endif + +# If tag not explicitly set in users' .istiorc.mk or command line, default to the git sha. +TAG ?= $(shell git rev-parse --verify HEAD) +ifeq ($(TAG),) + $(error "TAG cannot be empty") +endif + +# Environment for tests, the directory containing istio and deps binaries. +# Typically same as GOPATH/bin, so tests work seemlessly with IDEs. + +export ISTIO_BIN=$(GOBIN) +# Using same package structure as pkg/ + +export ISTIO_BIN=$(GOBIN) +export ISTIO_OUT:=$(TARGET_OUT) +export ISTIO_OUT_LINUX:=$(TARGET_OUT_LINUX) + +export ARTIFACTS ?= $(ISTIO_OUT) +export JUNIT_OUT ?= $(ARTIFACTS)/junit.xml +export REPO_ROOT := $(shell git rev-parse --show-toplevel) + +# Make directories needed by the build system +$(shell mkdir -p $(ISTIO_OUT)) +$(shell mkdir -p $(dir $(JUNIT_OUT))) + +JUNIT_REPORT := $(shell which go-junit-report 2> /dev/null || echo "${ISTIO_BIN}/go-junit-report") + ISTIO_SERVE_DOMAIN ?= localhost export ISTIO_SERVE_DOMAIN @@ -65,8 +124,15 @@ update_all: update_ref_docs update_operator_yamls update_examples foo2: hugo version +.PHONY: init +init: + bin/init.sh + include tests/tests.mk +# make lint-yaml seems to fail with pipefail, so remove now. +SHELL = /bin/bash + include common/Makefile.common.mk .PHONY: gen build build_nominify opt clean_public clean lint serve netlify_install netlify netlify_archive archive update_ref_docs update_operator_yamls update_examples update_all diff --git a/bin/init.sh b/bin/init.sh new file mode 100755 index 0000000000..0325d40a98 --- /dev/null +++ b/bin/init.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +set -x + +# Download the Istio source if not available. +if [[ ! -d "${ISTIO_GO}" ]] +then + git clone https://github.com/istio/istio.git "${ISTIO_GO}" +fi + +export ISTIO_BRANCH=${ISTIO_BRANCH:-master} + +# Switch to the selected branch and build/install istioctl +pushd "${ISTIO_GO}" +git checkout "${ISTIO_BRANCH}" +go install ./istioctl/cmd/istioctl +popd + +# Copy install/samples files over from Istio. These are needed by the tests. +rm -rf "${ISTIOIO_GO}/install" +cp -a "${ISTIO_GO}/install" "${ISTIOIO_GO}/install" + +rm -rf "${ISTIOIO_GO}/samples" +cp -a "${ISTIO_GO}/samples" "${ISTIOIO_GO}/samples" + +# For generating junit.xml files +echo "Installing go-junit-report..." +unset GOOS && unset GOARCH && CGO_ENABLED=1 go get github.com/jstemmer/go-junit-report diff --git a/go.mod b/go.mod index 1cb4329ced..ba5d32c0d0 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ replace github.com/docker/docker => github.com/docker/engine v1.4.2-0.2019101121 require ( github.com/Masterminds/semver v1.4.2 - istio.io/istio v0.0.0-20200211190130-fb23733979fe + istio.io/istio v0.0.0-20200219230945-34ee61d95048 ) replace github.com/Azure/go-autorest/autorest => github.com/Azure/go-autorest/autorest v0.9.0 diff --git a/go.sum b/go.sum index 1c979cdcf8..1626e3de61 100644 --- a/go.sum +++ b/go.sum @@ -894,11 +894,15 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt istio.io/api v0.0.0-20190515205759-982e5c3888c6/go.mod h1:hhLFQmpHia8zgaM37vb2ml9iS5NfNfqZGRt1pS9aVEo= istio.io/api v0.0.0-20200201001607-7b905a0a6e49 h1:dA52YJ/YsM3cSIB0maN7S4RvFTKz/9gDA0/FrN/59xE= istio.io/api v0.0.0-20200201001607-7b905a0a6e49/go.mod h1:bcY3prusO/6vA6zGHz4PNG2v79clPyTw06Xx3fprJSQ= +istio.io/api v0.0.0-20200218013118-7fd43ea7fc2b h1:9m5PCO7B94jCHne9O49k1v7RUMZ758AYk1SGwTAEqE0= +istio.io/api v0.0.0-20200218013118-7fd43ea7fc2b/go.mod h1:bcY3prusO/6vA6zGHz4PNG2v79clPyTw06Xx3fprJSQ= istio.io/gogo-genproto v0.0.0-20190930162913-45029607206a/go.mod h1:OzpAts7jljZceG4Vqi5/zXy/pOg1b209T3jb7Nv5wIs= istio.io/gogo-genproto v0.0.0-20200122005450-9b171d92064b h1:IGfxOYlHvdE5UeSCGvOFNHVQcPGJYAAUQ5iJm2Z7i18= istio.io/gogo-genproto v0.0.0-20200122005450-9b171d92064b/go.mod h1:OzpAts7jljZceG4Vqi5/zXy/pOg1b209T3jb7Nv5wIs= istio.io/istio v0.0.0-20200211190130-fb23733979fe h1:GwjDnzgsOBM6y8fKuuoGYKyOhYOtwTA7ZbXloScPaKA= istio.io/istio v0.0.0-20200211190130-fb23733979fe/go.mod h1:wKE9Xss4ktHDdf3U+IzDRoQjhJJyhnObuCxTyNxm1Xk= +istio.io/istio v0.0.0-20200219230945-34ee61d95048 h1:3tv6JUn3gVcF/XdRb0tKCL84mGTxou6NxhvH7BQ83KA= +istio.io/istio v0.0.0-20200219230945-34ee61d95048/go.mod h1:+l6TTXlWyn+jycoK5K1T3YO379mEZgd9307u0R8N+Nc= istio.io/pkg v0.0.0-20200131182711-9ba13e0e34bb h1:ZEOEfPpz4ooW3lhX5qi+XA6dTO1Mb72EFaRniUb6Mvc= istio.io/pkg v0.0.0-20200131182711-9ba13e0e34bb/go.mod h1:pwGaxLUDLobzL/WvWV94z72LvBbB1dr2UUUyPuasfIU= k8s.io/api v0.0.0-20190918155943-95b840bb6a1f/go.mod h1:uWuOHnjmNrtQomJrvEBg0c0HRNyQ+8KTEERVsK0PW48= diff --git a/prow/config/trustworthy-jwt.yaml b/prow/config/trustworthy-jwt.yaml new file mode 100644 index 0000000000..a27b4374bb --- /dev/null +++ b/prow/config/trustworthy-jwt.yaml @@ -0,0 +1,13 @@ +# This configs KinD to spin up a k8s cluster with trustworthy jwt (Service Account Token Volume Projection) feature. +kind: Cluster +apiVersion: kind.sigs.k8s.io/v1alpha3 +kubeadmConfigPatches: + - | + apiVersion: kubeadm.k8s.io/v1beta2 + kind: ClusterConfiguration + metadata: + name: config + apiServer: + extraArgs: + "service-account-issuer": "kubernetes.default.svc" + "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key" diff --git a/prow/integ-suite-kind.sh b/prow/integ-suite-kind.sh index 8cef9c3a3b..823f93a5e8 100755 --- a/prow/integ-suite-kind.sh +++ b/prow/integ-suite-kind.sh @@ -39,27 +39,20 @@ export TEST_ENV=kind # See https://kind.sigs.k8s.io/docs/user/quick-start/#loading-an-image-into-your-cluster export PULL_POLICY=IfNotPresent -export HUB=${HUB:-"istio-testing"} -export TAG="${TAG:-"istio-testing"}" +export HUB=${HUB:-"gcr.io/istio-testing"} +export TAG="${TAG:-"latest"}" # Setup junit report and verbose logging export T="${T:-"-v"}" export CI="true" -make init - if [[ -z "${SKIP_SETUP:-}" ]]; then time setup_kind_cluster "${NODE_IMAGE:-}" fi -if [[ -z "${SKIP_BUILD:-}" ]]; then - time build_images - time kind_load_images "" -fi - # If a variant is defined, update the tag accordingly if [[ "${VARIANT:-}" != "" ]]; then export TAG="${TAG}-${VARIANT}" fi -make "${PARAMS[*]}" +make "${@}" diff --git a/prow/lib.sh b/prow/lib.sh index 38bb88505c..e08da5d5e1 100755 --- a/prow/lib.sh +++ b/prow/lib.sh @@ -49,69 +49,6 @@ function setup_and_export_git_sha() { setup_gcloud_credentials } -# Download and unpack istio release artifacts. -function download_untar_istio_release() { - local url_path=${1} - local tag=${2} - local dir=${3:-.} - # Download artifacts - LINUX_DIST_URL="${url_path}/istio-${tag}-linux.tar.gz" - - wget -q "${LINUX_DIST_URL}" -P "${dir}" - tar -xzf "${dir}/istio-${tag}-linux.tar.gz" -C "${dir}" -} - -function build_images_legacy() { - # Build just the images needed for the legacy e2e tests that use the install/ directory - targets="docker.pilot docker.proxyv2 " - targets+="docker.app docker.test_policybackend docker.kubectl " - targets+="docker.mixer docker.citadel docker.galley docker.sidecar_injector" - DOCKER_BUILD_VARIANTS="${VARIANT:-default}" DOCKER_TARGETS="${targets}" make dockerx -} - -function build_images() { - # Build just the images needed for tests - targets="docker.pilot docker.proxyv2 " - targets+="docker.app docker.test_policybackend " - targets+="docker.mixer docker.citadel docker.galley " - DOCKER_BUILD_VARIANTS="${VARIANT:-default}" DOCKER_TARGETS="${targets}" make dockerx -} - -function kind_load_images() { - NAME="${1:-istio-testing}" - - # If HUB starts with "docker.io/" removes that part so that filtering and loading below works - local hub=${HUB#"docker.io/"} - - for i in {1..3}; do - # Archived local images and load it into KinD's docker daemon - # Kubernetes in KinD can only access local images from its docker daemon. - docker images "${hub}/*:${TAG}" --format '{{.Repository}}:{{.Tag}}' | xargs -n1 kind -v9 --name "${NAME}" load docker-image && break - echo "Attempt ${i} to load images failed, retrying in 1s..." - sleep 1 - done - - # If a variant is specified, load those images as well. - # We should still load non-variant images as well for things like `app` which do not use variants - if [[ "${VARIANT:-}" != "" ]]; then - for i in {1..3}; do - docker images "${hub}/*:${TAG}-${VARIANT}" --format '{{.Repository}}:{{.Tag}}' | xargs -n1 kind -v9 --name "${NAME}" load docker-image && break - echo "Attempt ${i} to load images failed, retrying in 1s..." - sleep 1 - done - fi -} - -function clone_cni() { - # Clone the CNI repo so the CNI artifacts can be built. - if [[ "$PWD" == "${GOPATH}/src/istio.io/istio" ]]; then - TMP_DIR=$PWD - cd ../ || return - git clone -b "${GIT_BRANCH}" "https://github.com/istio/cni.git" - cd "${TMP_DIR}" || return - fi -} - function cleanup_kind_cluster() { NAME="${1}" echo "Test exited with exit code $?." @@ -138,18 +75,8 @@ function setup_kind_cluster() { # If config not explicitly set, then use defaults if [[ -z "${CONFIG}" ]]; then - # Different Kubernetes versions need different patches - K8S_VERSION=$(cut -d ":" -f 2 <<< "${IMAGE}") - if [[ -n "${IMAGE}" && "${K8S_VERSION}" < "v1.13" ]]; then - # Kubernetes 1.12 - CONFIG=./prow/config/trustworthy-jwt-12.yaml - elif [[ -n "${IMAGE}" && "${K8S_VERSION}" < "v1.15" ]]; then - # Kubernetes 1.13, 1.14 - CONFIG=./prow/config/trustworthy-jwt-13-14.yaml - else - # Kubernetes 1.15+ - CONFIG=./prow/config/trustworthy-jwt.yaml - fi + # Kubernetes 1.15+ + CONFIG=./prow/config/trustworthy-jwt.yaml fi # Create KinD cluster @@ -157,73 +84,4 @@ function setup_kind_cluster() { echo "Could not setup KinD environment. Something wrong with KinD setup. Exporting logs." exit 1 fi - - kubectl apply -f ./prow/config/metrics -} - -function cni_run_daemon_kind() { - echo 'Run the CNI daemon set' - ISTIO_CNI_HUB=${ISTIO_CNI_HUB:-gcr.io/istio-testing} - ISTIO_CNI_TAG=${ISTIO_CNI_TAG:-latest} - - # TODO: this should not be pulling from external charts, instead the tests should checkout the CNI repo - chartdir=$(mktemp -d) - helm init --client-only - helm repo add istio.io https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/master-latest-daily/charts/ - helm fetch --devel --untar --untardir "${chartdir}" istio.io/istio-cni - - helm template --values "${chartdir}"/istio-cni/values.yaml --name=istio-cni --namespace=kube-system --set "excludeNamespaces={}" \ - --set-string hub="${ISTIO_CNI_HUB}" --set-string tag="${ISTIO_CNI_TAG}" --set-string pullPolicy=IfNotPresent --set logLevel="${CNI_LOGLVL:-debug}" "${chartdir}"/istio-cni > "${chartdir}"/istio-cni_install.yaml - - kubectl apply -f "${chartdir}"/istio-cni_install.yaml -} - -# setup_cluster_reg is used to set up a cluster registry for multicluster testing -function setup_cluster_reg () { - MAIN_CONFIG="" - for context in "${CLUSTERREG_DIR}"/*; do - if [[ -z "${MAIN_CONFIG}" ]]; then - MAIN_CONFIG="${context}" - fi - export KUBECONFIG="${context}" - kubectl delete ns istio-system-multi --ignore-not-found - kubectl delete clusterrolebinding istio-multi-test --ignore-not-found - kubectl create ns istio-system-multi - kubectl create sa istio-multi-test -n istio-system-multi - kubectl create clusterrolebinding istio-multi-test --clusterrole=cluster-admin --serviceaccount=istio-system-multi:istio-multi-test - CLUSTER_NAME=$(kubectl config view --minify=true -o "jsonpath={.clusters[].name}") - gen_kubeconf_from_sa istio-multi-test "${context}" - done - export KUBECONFIG="${MAIN_CONFIG}" -} - -function gen_kubeconf_from_sa () { - local service_account=$1 - local filename=$2 - - SERVER=$(kubectl config view --minify=true -o "jsonpath={.clusters[].cluster.server}") - SECRET_NAME=$(kubectl get sa "${service_account}" -n istio-system-multi -o jsonpath='{.secrets[].name}') - CA_DATA=$(kubectl get secret "${SECRET_NAME}" -n istio-system-multi -o "jsonpath={.data['ca\\.crt']}") - TOKEN=$(kubectl get secret "${SECRET_NAME}" -n istio-system-multi -o "jsonpath={.data['token']}" | base64 --decode) - - cat < "${filename}" - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: ${CA_DATA} - server: ${SERVER} - name: ${CLUSTER_NAME} - contexts: - - context: - cluster: ${CLUSTER_NAME} - user: ${CLUSTER_NAME} - name: ${CLUSTER_NAME} - current-context: ${CLUSTER_NAME} - kind: Config - preferences: {} - users: - - name: ${CLUSTER_NAME} - user: - token: ${TOKEN} -EOF } diff --git a/tests/tests.mk b/tests/tests.mk index 1300ec8efe..7d4002b5e0 100644 --- a/tests/tests.mk +++ b/tests/tests.mk @@ -1,45 +1,3 @@ -ISTIO_GO := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -export ISTIO_GO - -VERSION ?= latest - -export GO111MODULE ?= on -export GOPROXY ?= https://proxy.golang.org -export GOSUMDB ?= sum.golang.org - -# If GOPATH is not set by the env, set it to a sane value -GOPATH ?= $(shell cd ${ISTIO_GO}/../../..; pwd) -export GOPATH - -# If GOPATH is made up of several paths, use the first one for our targets in this Makefile -GO_TOP := $(shell echo ${GOPATH} | cut -d ':' -f1) -export GO_TOP - -GO ?= go - -GOARCH_LOCAL := $(TARGET_ARCH) -GOOS_LOCAL := $(TARGET_OS) - -HUB?=istio -ifeq ($(HUB),) - $(error "HUB cannot be empty") -endif - -# If tag not explicitly set in users' .istiorc.mk or command line, default to the git sha. -TAG ?= $(shell git rev-parse --verify HEAD) -ifeq ($(TAG),) - $(error "TAG cannot be empty") -endif - -# Environment for tests, the directory containing istio and deps binaries. -# Typically same as GOPATH/bin, so tests work seemlessly with IDEs. - -export ISTIO_BIN=$(GOBIN) -# Using same package structure as pkg/ - -export ISTIO_OUT:=$(TARGET_OUT) -export ISTIO_OUT_LINUX:=$(TARGET_OUT_LINUX) - # The following flags (in addition to ${V}) can be specified on the command-line, or the environment. This # is primarily used by the CI systems. _INTEGRATION_TEST_FLAGS ?= $(INTEGRATION_TEST_FLAGS) @@ -79,7 +37,7 @@ else _INTEGRATION_TEST_FLAGS += --istio.test.kube.config=~/.kube/config endif -test.kube.presubmit: istioctl | $(JUNIT_REPORT) +test.kube.presubmit: init PATH=${PATH}:${ISTIO_OUT} $(GO) test -p 1 ${T} ./tests/... -timeout 30m \ --istio.test.select -postsubmit,-flaky \ --istio.test.env kube \ diff --git a/tests/trafficmanagement/ingress/main_test.go b/tests/trafficmanagement/ingress/main_test.go index 3ebde17042..182e0a1cd0 100644 --- a/tests/trafficmanagement/ingress/main_test.go +++ b/tests/trafficmanagement/ingress/main_test.go @@ -43,6 +43,4 @@ func setupForSDS(cfg *istio.Config) { return } cfg.Values["gateways.istio-egressgateway.enabled"] = "false" - cfg.Values["gateways.istio-ingressgateway.sds.enabled"] = "true" - }