forked from merbridge/merbridge
-
Notifications
You must be signed in to change notification settings - Fork 0
238 lines (228 loc) · 9.31 KB
/
e2e.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
name: E2E CI
on:
# push:
# branches: [ main, test ]
pull_request:
branches: [ main, test ]
types:
- '*'
jobs:
istio-e2e:
runs-on: ubuntu-20.04
timeout-minutes: 30
if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-e2e-test') }}
env:
ISTIO_VERSION: '1.12.2'
KIND_VERSION: v0.11.1
KERNEL_VERSION: v5.4
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.17
- name: install bpftool
run: |
sudo bash ./scripts/build-bpftool.sh
- name: setup kind cluster
run: |
./scripts/setup-kind.sh
- name: try load and unload
run: |
uname -a
make load
make attach
make clean
- name: install istio
run: |
cat > /tmp/istio-config <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
meshConfig:
defaultConfig:
proxyMetadata:
# Enable basic DNS proxying
ISTIO_META_DNS_CAPTURE: "true"
# Enable automatic address allocation, optional
ISTIO_META_DNS_AUTO_ALLOCATE: "true"
EOF
bash ./scripts/install-istio.sh -f /tmp/istio-config
rm -f /tmp/istio-config
- name: deploy test apps
run: |
kubectl label ns default istio-injection=enabled
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/sleep/sleep.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/helloworld/helloworld.yaml
while true; do [ "$(kubectl get po -l app=sleep | grep '2/2')" = "" ] || break && (echo waiting for sleep app ready; sleep 3); done
while true; do [ "$(kubectl get po -l app=helloworld | grep '2/2')" = "" ] || break && (echo waiting for helloworld app ready; sleep 3); done
- name: test connect without Merbridge
run: |
kubectl exec $(kubectl get po -l app=sleep -o=jsonpath='{..metadata.name}') -c sleep -- curl -s -v helloworld:5000/hello
- name: install merbridge
run: |
nohup go run -exec sudo ./app/main.go -k -m istio -d > mbctl.log &
while true; do [ "$(cat mbctl.log | grep 'Pod Watcher Ready')" = "" ] || break && (echo waiting for mbctl watcher ready; sleep 3); done
- name: test connect with Merbridge
run: |
set -x
kubectl exec $(kubectl get po -l app=sleep -o=jsonpath='{..metadata.name}') -c sleep -- curl -s -v helloworld:5000/hello
sudo cat /sys/kernel/debug/tracing/trace > /tmp/trace-log
# check if eBPF works
[ "$(sudo cat /tmp/trace-log | grep 'from user container')" = "" ] && (echo eBPF progs not work; sudo cat /tmp/trace-log; sudo bpftool prog; sudo bpftool map; cat mbctl.log; sudo ps -ef; exit 11)
[ "$(sudo cat /tmp/trace-log | grep 'bytes with eBPF successfully')" = "" ] && (echo eBPF redirect progs not work; sudo cat /tmp/trace-log; sudo bpftool prog; sudo bpftool map; cat mbctl.log; sudo ps -ef; exit 12)
[ "$(sudo cat /tmp/trace-log | grep 'successfully deal DNS redirect query')" = "" ] && (echo DNS Proxy not work; sudo cat /tmp/trace-log; sudo bpftool prog; sudo bpftool map; cat mbctl.log; sudo ps -ef; exit 13)
sudo rm -f /tmp/trace-log
# kuma
kuma-e2e:
runs-on: ubuntu-20.04
timeout-minutes: 30
if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-e2e-test') }}
env:
KUMA_VERSION: '1.7.0'
KIND_VERSION: v0.11.1
KERNEL_VERSION: v5.4
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.18
- name: install bpftool
run: |
sudo bash ./scripts/build-bpftool.sh
- name: setup kind cluster
run: |
./scripts/setup-kind.sh
- name: try load and unload
run: |
uname -a
make load
make attach
make clean
- name: install kuma
run: |
./scripts/install-kuma.sh
- name: annotate default namespace to automatically inject kuma to pods it contains
run: |
kubectl label ns default kuma.io/sidecar-injection=enabled
- name: deploy test server app
run: |
echo '---
apiVersion: v1
kind: Service
metadata:
name: example-server
spec:
ports:
- port: 80
name: http
appProtocol: http
selector:
service: example-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-server
labels:
service: example-server
spec:
selector:
matchLabels:
service: example-server
template:
metadata:
labels:
service: example-server
spec:
terminationGracePeriodSeconds: 0
containers:
- name: nginx
image: "nginx:stable"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 3
periodSeconds: 3
livenessProbe:
httpGet:
path: /
port: 80' | kubectl apply -f -
# wait till our example deployment is ready
kubectl rollout status deployment example-server
- name: deploy test client app
run: |
echo '---
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-client
labels:
service: example-client
spec:
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
service: example-client
template:
metadata:
labels:
service: example-client
spec:
terminationGracePeriodSeconds: 0
containers:
- name: curl
image: curlimages/curl
command: ["/bin/sleep", "infinity"]
imagePullPolicy: IfNotPresent' | kubectl apply -f -
# wait till our example deployment is ready
kubectl rollout status deployment example-client
- name: apply container patch which disables kuma-init container
run: |
# this step is just temporary, till kuma won't support disabling kuma-init
# containers as a part of configuration
cat > /tmp/container-patch.yaml <<EOF
apiVersion: kuma.io/v1alpha1
kind: ContainerPatch
metadata:
name: disable-init-container
namespace: kuma-system
spec:
initPatch:
- op: replace
path: /command
value: '["echo"]'
EOF
kubectl apply -f /tmp/container-patch.yaml
rm -f /tmp/container-patch.yaml
- name: test connect without Merbridge
run: |
service_name=$(kubectl get dataplane $(kubectl get po -l service=example-server -o=jsonpath='{..metadata.name}') -o=jsonpath='{..spec.networking.inbound[0].tags.kuma\.io/service}')
kubectl exec $(kubectl get po -l service=example-client -o=jsonpath='{..metadata.name}') -c curl -- curl -s -v "$service_name".mesh
- name: disable kuma-init containers using container-patch
run: |
kubectl patch deployment example-server --patch '{"spec": {"template": {"metadata": {"annotations": {"kuma.io/container-patches": "disable-init-container", "kuma.io/virtual-probes": "disabled"}}}}}'
kubectl patch deployment example-client --patch '{"spec": {"template": {"metadata": {"annotations": {"kuma.io/container-patches": "disable-init-container"}}}}}'
- name: install merbridge
run: |
nohup go run -exec sudo ./app/main.go -k -m kuma -d > mbctl.log &
while true; do [ "$(cat mbctl.log | grep 'Pod Watcher Ready')" = "" ] || break && (echo waiting for mbctl watcher ready; sleep 3); done
- name: test connect with Merbridge
run: |
set -e
service_name=$(kubectl get dataplane $(kubectl get po -l service=example-server -o=jsonpath='{..metadata.name}') -o=jsonpath='{..spec.networking.inbound[0].tags.kuma\.io/service}')
kubectl exec $(kubectl get po -l service=example-client -o=jsonpath='{..metadata.name}') -c curl -- curl -s -v "$service_name".mesh
sudo cat /sys/kernel/debug/tracing/trace > /tmp/trace-log
# check if eBPF works
[ "$(sudo cat /tmp/trace-log | grep 'from user container')" = "" ] && (echo eBPF progs not work; sudo cat /tmp/trace-log; sudo bpftool prog; sudo bpftool map; cat mbctl.log; sudo ps -ef; exit 11)
[ "$(sudo cat /tmp/trace-log | grep 'bytes with eBPF successfully')" = "" ] && (echo eBPF redirect progs not work; sudo cat /tmp/trace-log; sudo bpftool prog; sudo bpftool map; cat mbctl.log; sudo ps -ef; exit 12)
[ "$(sudo cat /tmp/trace-log | grep 'successfully deal DNS redirect query')" = "" ] && (echo DNS Proxy not work; sudo cat /tmp/trace-log; sudo bpftool prog; sudo bpftool map; cat mbctl.log; sudo ps -ef; exit 13)
sudo rm -f /tmp/trace-log