mirror of https://github.com/istio/istio.io.git
145 lines
5.2 KiB
Bash
145 lines
5.2 KiB
Bash
#!/usr/bin/env bash
|
|
# shellcheck disable=SC1090,SC2034,SC2154
|
|
|
|
# Copyright Istio Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Initialize KUBECONFIG_FILES and KUBE_CONTEXTS
|
|
_set_kube_vars
|
|
|
|
# set_single_network_vars initializes all variables for a single network config.
|
|
function set_single_network_vars
|
|
{
|
|
export KUBECONFIG_CLUSTER1="${KUBECONFIG_FILES[0]}"
|
|
export KUBECONFIG_CLUSTER2="${KUBECONFIG_FILES[1]}"
|
|
export CTX_CLUSTER1="${KUBE_CONTEXTS[0]}"
|
|
export CTX_CLUSTER2="${KUBE_CONTEXTS[1]}"
|
|
}
|
|
|
|
# set_multi_network_vars initializes all variables for a multi-network config.
|
|
function set_multi_network_vars
|
|
{
|
|
export KUBECONFIG_CLUSTER1="${KUBECONFIG_FILES[0]}"
|
|
export KUBECONFIG_CLUSTER2="${KUBECONFIG_FILES[2]}"
|
|
export CTX_CLUSTER1="${KUBE_CONTEXTS[0]}"
|
|
export CTX_CLUSTER2="${KUBE_CONTEXTS[2]}"
|
|
}
|
|
|
|
# configure_trust creates a hierarchy of
|
|
function configure_trust
|
|
{
|
|
# Keeps the certs under a separate directory.
|
|
mkdir -p certs
|
|
pushd certs || exit
|
|
|
|
# Create the root cert.
|
|
make -f ../tools/certs/Makefile.selfsigned.mk root-ca
|
|
|
|
# Create and deploy intermediate certs for cluster1 and cluster2.
|
|
make -f ../tools/certs/Makefile.selfsigned.mk cluster1-cacerts
|
|
make -f ../tools/certs/Makefile.selfsigned.mk cluster2-cacerts
|
|
|
|
# Create the istio-system namespace in each cluster so that we can create the secrets.
|
|
kubectl --context="$CTX_CLUSTER1" create namespace istio-system
|
|
kubectl --context="$CTX_CLUSTER2" create namespace istio-system
|
|
|
|
# Deploy secret to each cluster
|
|
kubectl --context="$CTX_CLUSTER1" create secret generic cacerts -n istio-system \
|
|
--from-file=cluster1/ca-cert.pem \
|
|
--from-file=cluster1/ca-key.pem \
|
|
--from-file=cluster1/root-cert.pem \
|
|
--from-file=cluster1/cert-chain.pem
|
|
kubectl --context="$CTX_CLUSTER2" create secret generic cacerts -n istio-system \
|
|
--from-file=cluster2/ca-cert.pem \
|
|
--from-file=cluster2/ca-key.pem \
|
|
--from-file=cluster2/root-cert.pem \
|
|
--from-file=cluster2/cert-chain.pem
|
|
|
|
popd || exit # Return to the previous directory.
|
|
}
|
|
|
|
# cleanup removes all resources created by the tests.
|
|
function cleanup
|
|
{
|
|
# Remove temp files.
|
|
rm -f cluster1.yaml cluster2.yaml certs
|
|
|
|
# Delete the namespaces on both clusters concurrently
|
|
delete_namespaces_cluster1 &
|
|
delete_namespaces_cluster2 &
|
|
wait
|
|
}
|
|
|
|
# _delete_namespaces_cluster1 removes the istio-system and sample namespaces on both
|
|
# CLUSTER1.
|
|
function delete_namespaces_cluster1
|
|
{
|
|
kubectl delete ns istio-system sample --context="${CTX_CLUSTER1}" --ignore-not-found
|
|
}
|
|
|
|
# _delete_namespaces_cluster2 removes the istio-system and sample namespaces on both
|
|
# CLUSTER2.
|
|
function delete_namespaces_cluster2
|
|
{
|
|
kubectl delete ns istio-system sample --context="${CTX_CLUSTER2}" --ignore-not-found
|
|
}
|
|
|
|
# verify_load_balancing verifies that traffic is load balanced properly
|
|
# between CLUSTER1 and CLUSTER2.
|
|
function verify_load_balancing
|
|
{
|
|
# Deploy the HelloWorld service.
|
|
snip_deploy_the_helloworld_service_1
|
|
snip_deploy_the_helloworld_service_2
|
|
snip_deploy_the_helloworld_service_3
|
|
|
|
# Deploy HelloWorld v1 and v2
|
|
snip_deploy_helloworld_v1_1
|
|
snip_deploy_helloworld_v2_1
|
|
|
|
# Deploy Sleep
|
|
snip_deploy_sleep_1
|
|
|
|
# Wait for all the deployments.
|
|
_wait_for_deployment sample helloworld-v1 "${CTX_CLUSTER1}"
|
|
_wait_for_deployment sample sleep "${CTX_CLUSTER1}"
|
|
_wait_for_deployment sample helloworld-v2 "${CTX_CLUSTER2}"
|
|
_wait_for_deployment sample sleep "${CTX_CLUSTER2}"
|
|
|
|
# Verify everything is deployed as expected.
|
|
VERIFY_RETRIES=0 # Don't retry.
|
|
echo "Verifying helloworld v1 deployment"
|
|
_verify_like snip_deploy_helloworld_v1_2 "$snip_deploy_helloworld_v1_2_out"
|
|
echo "Verifying helloworld v2 deployment"
|
|
_verify_like snip_deploy_helloworld_v2_2 "$snip_deploy_helloworld_v2_2_out"
|
|
echo "Verifying sleep deployment in ${CTX_CLUSTER1}"
|
|
_verify_like snip_deploy_sleep_2 "$snip_deploy_sleep_2_out"
|
|
echo "Verifying sleep deployment in ${CTX_CLUSTER2}"
|
|
_verify_like snip_deploy_sleep_3 "$snip_deploy_sleep_3_out"
|
|
unset VERIFY_RETRIES # Restore default
|
|
|
|
local EXPECTED_RESPONSE_FROM_CLUSTER1="Hello version: v1, instance:"
|
|
local EXPECTED_RESPONSE_FROM_CLUSTER2="Hello version: v2, instance:"
|
|
|
|
# Verify we hit both clusters from CLUSTER1
|
|
echo "Verifying load balancing from ${CTX_CLUSTER1}"
|
|
_verify_contains snip_verifying_crosscluster_traffic_1 "$EXPECTED_RESPONSE_FROM_CLUSTER1"
|
|
_verify_contains snip_verifying_crosscluster_traffic_1 "$EXPECTED_RESPONSE_FROM_CLUSTER2"
|
|
|
|
# Verify we hit both clusters from CLUSTER2
|
|
echo "Verifying load balancing from ${CTX_CLUSTER2}"
|
|
_verify_contains snip_verifying_crosscluster_traffic_3 "$EXPECTED_RESPONSE_FROM_CLUSTER1"
|
|
_verify_contains snip_verifying_crosscluster_traffic_3 "$EXPECTED_RESPONSE_FROM_CLUSTER2"
|
|
}
|