diff --git a/test/e2e_env/kubernetes/gateway/delegated.go b/test/e2e_env/kubernetes/gateway/delegated.go index 23a33b509be9..a483ac3f5835 100644 --- a/test/e2e_env/kubernetes/gateway/delegated.go +++ b/test/e2e_env/kubernetes/gateway/delegated.go @@ -73,7 +73,53 @@ spec: kicIP, err := kic.From(kubernetes.Cluster).IP(config.namespace) Expect(err).To(Succeed()) +<<<<<<< HEAD config.kicIP = kicIP +======= + config.KicIP = kicIP + Expect(DeleteMeshResources( + kubernetes.Cluster, + config.Mesh, + mcb_api.MeshCircuitBreakerResourceTypeDescriptor, + mt_api.MeshTimeoutResourceTypeDescriptor, + mr_api.MeshRetryResourceTypeDescriptor, + )).To(Succeed()) + }) + + E2EAfterAll(func() { + Expect(kubernetes.Cluster.TriggerDeleteNamespace(config.Namespace)). + To(Succeed()) + Expect(kubernetes.Cluster.TriggerDeleteNamespace(config.NamespaceOutsideMesh)). + To(Succeed()) + Expect(kubernetes.Cluster.DeleteMesh(config.Mesh)).To(Succeed()) + Expect(kubernetes.Cluster.DeleteDeployment(config.ObservabilityDeploymentName)). + To(Succeed()) + }) + + // If you copy the test case from a non-gateway test or create a new test, + // remember the the name of policies needs to be unique. + // If they have the same name, one might override the other, causing a flake. + for policyName, test := range testMatrix { + Context(policyName, test) + } + }) + } + + contextFor("delegated with kuma.io/service", &config, map[string]func(){ + "MeshCircuitBreaker": delegated.CircuitBreaker(&config), + "MeshProxyPatch": delegated.MeshProxyPatch(&config), + "MeshHealthCheck": delegated.MeshHealthCheck(&config), + "MeshRetry": delegated.MeshRetry(&config), + "MeshHTTPRoute": delegated.MeshHTTPRoute(&config), + "MeshTimeout": delegated.MeshTimeout(&config), + "MeshMetric": delegated.MeshMetric(&config), + "MeshTrace": delegated.MeshTrace(&config), + "MeshLoadBalancingStrategy": delegated.MeshLoadBalancingStrategy(&config), + "MeshAccessLog": delegated.MeshAccessLog(&config), + "MeshPassthrough": delegated.MeshPassthrough(&config), + // Matcher for from policy doesn't work for delegated gateway https://github.com/kumahq/kuma/issues/12107 + // "MeshTLS": delegated.MeshTLS(&config), +>>>>>>> c542d022d (test(e2e): disable meshmtls test with delegated gateway (#12108)) }) E2EAfterAll(func() { diff --git a/test/e2e_env/kubernetes/gateway/delegated/meshtls.go b/test/e2e_env/kubernetes/gateway/delegated/meshtls.go new file mode 100644 index 000000000000..aa3b85595238 --- /dev/null +++ b/test/e2e_env/kubernetes/gateway/delegated/meshtls.go @@ -0,0 +1,77 @@ +package delegated + +import ( + "fmt" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/kumahq/kuma/pkg/plugins/policies/meshtls/api/v1alpha1" + "github.com/kumahq/kuma/test/framework" + "github.com/kumahq/kuma/test/framework/client" + "github.com/kumahq/kuma/test/framework/envs/kubernetes" +) + +func MeshTLS(config *Config) func() { + GinkgoHelper() + + return func() { + meshTls := fmt.Sprintf(` +apiVersion: kuma.io/v1alpha1 +kind: MeshTLS +metadata: + name: meshtls-delegated + namespace: %s + labels: + kuma.io/mesh: %s +spec: + targetRef: + kind: Mesh + from: + - targetRef: + kind: Mesh + default: + tlsVersion: + min: TLS13 + max: TLS13`, config.CpNamespace, config.Mesh) + + framework.AfterEachFailure(func() { + framework.DebugKube(kubernetes.Cluster, config.Mesh, config.Namespace, config.ObservabilityDeploymentName) + }) + + framework.E2EAfterEach(func() { + Expect(framework.DeleteMeshResources( + kubernetes.Cluster, + config.Mesh, + v1alpha1.MeshTLSResourceTypeDescriptor, + )).To(Succeed()) + }) + + XIt("should not break communication once switched to TLS 1.3", func() { + // check that communication to test-server works + Eventually(func(g Gomega) { + _, err := client.CollectEchoResponse( + kubernetes.Cluster, + "demo-client", + fmt.Sprintf("http://%s/test-server", config.KicIP), + client.FromKubernetesPod(config.NamespaceOutsideMesh, "demo-client"), + ) + g.Expect(err).ToNot(HaveOccurred()) + }, "30s", "1s", MustPassRepeatedly(5)).Should(Succeed()) + + // change TLS version to 1.3 + Expect(framework.YamlK8s(meshTls)(kubernetes.Cluster)).To(Succeed()) + + // check that communication to test-server works + Eventually(func(g Gomega) { + _, err := client.CollectEchoResponse( + kubernetes.Cluster, + "demo-client", + fmt.Sprintf("http://%s/test-server", config.KicIP), + client.FromKubernetesPod(config.NamespaceOutsideMesh, "demo-client"), + ) + g.Expect(err).ToNot(HaveOccurred()) + }, "30s", "1s", MustPassRepeatedly(5)).Should(Succeed()) + }) + } +}