Skip to content

Commit

Permalink
Backport Kuma updates to 0.39 (#1017)
Browse files Browse the repository at this point in the history
* feat: install default allow-all traffic permission when kuma >= 2.6.0 (#957)

* feat: use kuma version when installing it (#949)

Co-authored-by: Jakub Warczarek <[email protected]>

* chore: test on PRs to release branches

* run lint workflow for all branches

* fix linter issues

---------

Co-authored-by: Grzegorz Burzyński <[email protected]>
Co-authored-by: Jakub Warczarek <[email protected]>
  • Loading branch information
3 people authored Mar 29, 2024
1 parent 0389356 commit e87868f
Show file tree
Hide file tree
Showing 10 changed files with 71 additions and 20 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@ name: lint
on:
pull_request:
branches:
- '*'
- '**'
push:
branches:
- 'main'
tags:
- '*'
- '**'
workflow_dispatch: {}

jobs:
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
pull_request:
branches:
- 'main'
- 'release/[0-9]+.[0-9]+.x'
push:
branches:
- 'main'
Expand Down Expand Up @@ -114,7 +115,7 @@ jobs:
if: steps.detect_if_should_run_enterprise.outputs.result == 'true'
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: setup golang
uses: actions/setup-go@v4
Expand Down Expand Up @@ -196,7 +197,7 @@ jobs:
if: steps.detect_if_should_run.outputs.result == 'true'
id: license
with:
password: ${{ secrets.PULP_PASSWORD }}
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

- name: checkout repository
if: steps.detect_if_should_run.outputs.result == 'true'
Expand Down
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Changelog

## v0.39.2

- Backport Kuma changes to honor version and handle Kuma 2.6.0 traffic
permissions properly.
[#1017](https://github.com/Kong/kubernetes-testing-framework/pull/1017)

## v0.39.1

- Removed a module exclude that made `go install` unhappy.
Expand Down
4 changes: 2 additions & 2 deletions internal/cmd/ktf/environments.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func init() { //nolint:gochecknoinits
var environmentsCreateCmd = &cobra.Command{
Use: "create",
Short: "create a new testing environment",
Run: func(cmd *cobra.Command, args []string) {
Run: func(cmd *cobra.Command, _ []string) {
ctx, cancel := context.WithTimeout(context.Background(), EnvironmentCreateTimeout)
defer cancel()

Expand Down Expand Up @@ -286,7 +286,7 @@ func init() { //nolint:gochecknoinits
var environmentsDeleteCmd = &cobra.Command{
Use: "delete",
Short: "delete a testing environment",
Run: func(cmd *cobra.Command, args []string) {
Run: func(cmd *cobra.Command, _ []string) {
ctx, cancel := context.WithTimeout(context.Background(), EnvironmentCreateTimeout)
defer cancel()

Expand Down
5 changes: 3 additions & 2 deletions pkg/clusters/addons/kong/addon.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ func (a *Addon) Deploy(ctx context.Context, cluster clusters.Cluster) error {
if opts.Server == "" {
opts.Server = "https://index.docker.io/v1/"
}
opts.PrintObj = func(obj runtime.Object) error {
opts.PrintObj = func(_ runtime.Object) error {
return nil
}

Expand Down Expand Up @@ -606,7 +606,8 @@ func urlForService(ctx context.Context, cluster clusters.Cluster, nsn types.Name
return nil, err
}

switch service.Spec.Type { //nolint:exhaustive
//nolint:exhaustive
switch service.Spec.Type {
case corev1.ServiceTypeLoadBalancer:
if len(service.Status.LoadBalancer.Ingress) == 1 {
return url.Parse(fmt.Sprintf("http://%s:%d", service.Status.LoadBalancer.Ingress[0].IP, port))
Expand Down
48 changes: 43 additions & 5 deletions pkg/clusters/addons/kuma/addon.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ type Addon struct {
name string
logger *logrus.Logger

version semver.Version
version *semver.Version

mtlsEnabled bool
}
Expand All @@ -61,9 +61,14 @@ func (a *Addon) Namespace() string {
return Namespace
}

// Version indicates the Kuma version for this addon.
func (a *Addon) Version() semver.Version {
return a.version
// Version returns the version of the Kuma Helm chart deployed by the addon.
// If the version is not set, the second return value will be false and the latest local
// chart version will be used.
func (a *Addon) Version() (v semver.Version, ok bool) {
if a.version == nil {
return semver.Version{}, false
}
return *a.version, true
}

// -----------------------------------------------------------------------------
Expand Down Expand Up @@ -144,6 +149,10 @@ func (a *Addon) Deploy(ctx context.Context, cluster clusters.Cluster) error {
// if the dbmode is postgres, set several related values
args := []string{"--kubeconfig", kubeconfig.Name(), "install", DefaultReleaseName, "kuma/kuma"}

if a.version != nil {
args = append(args, "--version", a.version.String())
}

// compile the helm installation values
args = append(args, "--create-namespace", "--namespace", Namespace)
a.logger.Debugf("helm install arguments: %+v", args)
Expand Down Expand Up @@ -225,20 +234,49 @@ spec:
name: ca-1
type: builtin
enabledBackend: ca-1`

allowAllTrafficPermission = `apiVersion: kuma.io/v1alpha1
kind: MeshTrafficPermission
metadata:
name: allow-all
namespace: kuma-system
labels:
kuma.io/mesh: default
spec:
targetRef:
kind: Mesh
from:
- targetRef:
kind: Mesh
default:
action: Allow`
)

var (
// From Kuma 2.6.0, the default mesh traffic permission is no longer created by default
// and must be created manually if mTLS is enabled.
// https://github.com/kumahq/kuma/blob/2.6.0/UPGRADE.md#default-trafficroute-and-trafficpermission-resources-are-not-created-when-creating-a-new-mesh
installDefaultMeshTrafficPermissionCutoffVersion = semver.MustParse("2.6.0")
)

// enableMTLS attempts to apply a Mesh resource with a basic retry mechanism to deal with delays in the Kuma webhook
// startup
func (a *Addon) enableMTLS(ctx context.Context, cluster clusters.Cluster) (err error) {
ticker := time.NewTicker(5 * time.Second) //nolint:gomnd
defer ticker.Stop()
timeoutTimer := time.NewTimer(time.Minute)

for {
select {
case <-ctx.Done():
return fmt.Errorf("context completed while retrying to apply Mesh")
case <-ticker.C:
err = clusters.ApplyManifestByYAML(ctx, cluster, mtlsEnabledDefaultMesh)
yamlToApply := mtlsEnabledDefaultMesh
if v, ok := a.Version(); ok && v.GTE(installDefaultMeshTrafficPermissionCutoffVersion) {
a.logger.Infof("Kuma version is %s or later, creating default mesh traffic permission", installDefaultMeshTrafficPermissionCutoffVersion)
yamlToApply = strings.Join([]string{mtlsEnabledDefaultMesh, allowAllTrafficPermission}, "\n---\n")
}
err = clusters.ApplyManifestByYAML(ctx, cluster, yamlToApply)
if err == nil {
return nil
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/clusters/addons/kuma/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
// Builder is a configuration tool to generate Kuma cluster addons.
type Builder struct {
name string
version semver.Version
version *semver.Version
logger *logrus.Logger

mtlsEnabled bool
Expand All @@ -29,7 +29,7 @@ func NewBuilder() *Builder {

// WithVersion configures the specific version of Kuma which should be deployed.
func (b *Builder) WithVersion(version semver.Version) *Builder {
b.version = version
b.version = &version
return b
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/environments/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ func (b *Builder) Build(ctx context.Context) (env Environment, err error) {
cluster: cluster,
}, nil
case 1:
return nil, addonDeploymentErrors[0] //nolint:gosec
return nil, addonDeploymentErrors[0]
default:
errMsgs := make([]string, 0, totalFailures)
for _, err := range addonDeploymentErrors {
Expand Down
2 changes: 1 addition & 1 deletion pkg/utils/kong/fake_admin_api.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ type FakeAdminAPIServer struct {
func NewFakeAdminAPIServer() (*FakeAdminAPIServer, error) {
// start up the fake admin api server
mocks := make(chan AdminAPIResponse, maxMocks)
endpoint := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
endpoint := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
select {
case override := <-mocks:
// run any callbacks that were configured in the mock (these are optional)
Expand Down
11 changes: 8 additions & 3 deletions test/e2e/gke_cluster_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ import (
"github.com/kong/kubernetes-testing-framework/pkg/utils/kubernetes/generators"
)

const (
gkeVersionMajor = 1
gkeVersionMinor = 29
)

var (
gkeCreds = os.Getenv(gke.GKECredsVar)
gkeProject = os.Getenv(gke.GKEProjectVar)
Expand Down Expand Up @@ -60,7 +65,7 @@ func testGKECluster(t *testing.T, createSubnet bool) {

t.Logf("configuring the GKE cluster PROJECT=(%s) LOCATION=(%s)", gkeProject, gkeLocation)
builder := gke.NewBuilder([]byte(gkeCreds), gkeProject, gkeLocation)
builder.WithClusterMinorVersion(1, 24)
builder.WithClusterMinorVersion(gkeVersionMajor, gkeVersionMinor)
builder.WithWaitForTeardown(false)
builder.WithCreateSubnet(createSubnet)
builder.WithLabels(map[string]string{"test-cluster": "true"})
Expand Down Expand Up @@ -113,8 +118,8 @@ func testGKECluster(t *testing.T, createSubnet bool) {
t.Log("validating kubernetes cluster version")
kubernetesVersion, err := env.Cluster().Version()
require.NoError(t, err)
require.Equal(t, uint64(1), kubernetesVersion.Major)
require.Equal(t, uint64(24), kubernetesVersion.Minor)
require.Equal(t, uint64(gkeVersionMajor), kubernetesVersion.Major)
require.Equal(t, uint64(gkeVersionMinor), kubernetesVersion.Minor)

t.Log("verifying that the kong addon deployed both proxy and controller")
kongAddon, err := env.Cluster().GetAddon("kong")
Expand Down

0 comments on commit e87868f

Please sign in to comment.