ingress

package
v0.0.0-...-d424939 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 49 Imported by: 0

README

Ingress Conformance Testing

This directory contains Ingress conformance tests for Knative Ingress resource.

Environment requirements

Development tools
  1. go: The language Knative Serving is built in (1.13 or later)
  2. ko: Build tool to setup the environment.
  3. kubectl: For managing development environments.
Test environment
  1. A running Knative Serving cluster., with the Ingress implementation of choice installed.

    # Set the Ingress class annotation to use in tests.
    # Some examples:
    #   export INGRESS_CLASS=gloo.ingress.networking.knative.dev      # Gloo Ingress
    #   export INGRESS_CLASS=istio.ingress.networking.knative.dev     # Istio Ingress
    #   export INGRESS_CLASS=kourier.ingress.networking.knative.dev   # Kourier Ingress
    export INGRESS_CLASS=<your-ingress-class-annotation>
    
  2. Knative Networking source code check out at ${NETWORKING_ROOT}. Often this is $GOPATH/src/go/knative.dev/networking. This contains both the test images and the tests.

    export NETWORKING_ROOT=<where-you-checked-out-knative/networking>
    
  3. (Recommended) Knative net-istio source code checked out. This contains an invocation of RunConformance that easily allows to run tests.

  4. (For setup only) Knative Serving source code check out at ${SERVING_ROOT}. Often this is $GOPATH/src/go/knative.dev/serving. This contains the knative-testing resources.

    export SERVING_ROOT=<where-you-checked-out-knative/serving>
    
  5. A docker repo containing the test images KO_DOCKER_REPO: The docker repository to which developer images should be pushed (e.g. gcr.io/[gcloud-project]).

    export KO_DOCKER_REPO=<your-docker-repository>
    
  6. The knative-testing resources

    ko apply -f "$SERVING_ROOT/test/config"
    

Building the test images

NOTE: this is only required when you run conformance/e2e tests locally with go test commands, and may be required periodically.

The upload-test-images.sh script can be used to build and push the test images used by the conformance and e2e tests. The script expects your environment to be setup as described in DEVELOPMENT.md.

To run the script for all end to end test images:

cd $NETWORKING_ROOT
./test/upload-test-images.sh

Adding a test

Tests need to be exported and accessible downstream so they should be placed in non-test files (ie. sometest.go). Additionally, invoke your test in the default RunConformance function in run.go. This function is the entry point by which tests are executed.

This approach aims to reduce the changes required when tests are added & removed.

Running the tests

Running the tests downstream

To run all the conformance tests in your own repo we encourage adopting the RunConformance function to run all your tests.

To do so would look something like:

package conformance

import (
	"testing"
	"knative.dev/serving/test/conformance/ingress"
)

func TestYourIngressConformance(t *testing.T) {
	ingress.RunConformance(t)
}
Running the tests from net-istio repository

net-istio already invokes the RunConformance function in ingress_test.go, so it offers a convenient place to run the tests.

If INGRESS_CLASS is already set, then you can simply go test ingress_test.go

How to run tests from your local repository

  1. Clone the net-istio repository (or use any repository that invokes RunConformance).

  2. In net-istio, add an entry to go.mod that points to your local networking folder:

  3. Make any changes to your local networking E2E tests

  4. Run go mod vendor in net-istio

  5. Run go test test/conformance/ingress_test.go

NOTE: You will need to run go mod vendor for every change you make.

Running the tests with TLS server

Each test image can run the server with TLS. If you specified the secret name, which stores server certificate, via UPSTREAM_TLS_CERT env variable, the servers are running with TLS server.

The following steps show how you can use it:

  1. Create server certificate with the name server-certs in serving-tests namespace.
$ kubectl create -n serving-tests secret tls server-certs \
    --key=tls.key --cert=tls.crt
  1. Set env variable UPSTREAM_TLS_CERT=server-certs and run the tests.
$ export UPSTREAM_TLS_CERT=server-certs
$ go test -race -count=1 -tags=e2e ./test/conformance/ -run "TestIngressConformance/basic"
  1. The backend test server starts running with TLS.
$ kubectl -n serving-tests logs ingress-conformance-basics-tfpnykaw
2022/01/27 11:54:14 Server starting on port with TLS 8047
  ...

The httpproxy test image can also forward requests using TLS instead of plain HTTP and configure the CA certificate to verify the server connection. This might be used to test TLS with cluster-local services.

Follow the steps to configure TLS for the httpproxy image:

  1. Create server CA certificate with the name server-ca in serving-tests namespace. The root.crt includes the CA certificate that was used to sign the server certificate. The target key in the Secret must be named ca.crt.

    $ kubectl -n serving-tests create secret generic server-ca \
       --from-file=ca.crt=root.crt
    
  2. Set env variable UPSTREAM_CA_CERT to point the httpproxy image to the CA certificate.

    $ export UPSTREAM_CA_CERT=server-ca
    
  3. Optional: Set env variable SERVER_NAME.

    $ export SERVER_NAME=foo
    

    The server name must be equal to Subject Alternative Name (SAN) that was configured for the server side certificate.

  4. Run tests with the httpproxy image.

    $ go test -race -count=1 -tags=e2e ./test/conformance/ -run "TestIngressConformance/visibility"
    

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateDialContext

func CreateDialContext(ctx context.Context, t *testing.T, ing *v1alpha1.Ingress, clients *test.Clients) func(context.Context, string, string) (net.Conn, error)

CreateDialContext looks up the endpoint information to create a "dialer" for the provided Ingress' public ingress loas balancer. It can be used to contact external-visibility services with an HTTP client via:

client := &http.Client{
	Transport: &http.Transport{
		DialContext: CreateDialContext(t, ing, clients),
	},
}

func CreateGRPCService

func CreateGRPCService(ctx context.Context, t *testing.T, clients *test.Clients, suffix string) (string, int, context.CancelFunc)

CreateGRPCService creates a Kubernetes service that will upgrade the connection to use GRPC and echo back the received messages with the provided suffix.

func CreateIngress

func CreateIngress(ctx context.Context, t *testing.T, clients *test.Clients, spec v1alpha1.IngressSpec, io ...Option) (*v1alpha1.Ingress, context.CancelFunc)

CreateIngress creates a Knative Ingress resource

func CreateIngressReady

func CreateIngressReady(ctx context.Context, t *testing.T, clients *test.Clients, spec v1alpha1.IngressSpec) (*v1alpha1.Ingress, *http.Client, context.CancelFunc)

func CreateIngressReadyWithTLS

func CreateIngressReadyWithTLS(ctx context.Context, t *testing.T, clients *test.Clients, spec v1alpha1.IngressSpec, tlsConfig *tls.Config) (*v1alpha1.Ingress, *http.Client, context.CancelFunc)

func CreateProxyService

func CreateProxyService(ctx context.Context, t *testing.T, clients *test.Clients, target string, gatewayDomain string) (string, int, context.CancelFunc)

CreateProxyService creates a Kubernetes service that will forward requests to the specified target. It returns the service name, the port on which the service is listening, and a "cancel" function to clean up the created resources.

func CreateRetryService

func CreateRetryService(ctx context.Context, t *testing.T, clients *test.Clients) (string, int, context.CancelFunc)

CreateRetryService creates a service that will return a 503 on first access, and then 200 after that.

func CreateRuntimeService

func CreateRuntimeService(ctx context.Context, t *testing.T, clients *test.Clients, portName string, appProtocol ...string) (string, int, context.CancelFunc)

CreateRuntimeService creates a Kubernetes service that will respond to the protocol specified with the given portName. It returns the service name, the port on which the service is listening, and a "cancel" function to clean up the created resources.

func CreateTLSSecret

func CreateTLSSecret(ctx context.Context, t *testing.T, clients *test.Clients, hosts []string) (string, *tls.Config, context.CancelFunc)

CreateTLSSecret creates a secret with TLS certs in the serving namespace. This is based on https://golang.org/src/crypto/tls/generate_cert.go

func CreateTimeoutService

func CreateTimeoutService(ctx context.Context, t *testing.T, clients *test.Clients) (string, int, context.CancelFunc)

CreateTimeoutService creates a Kubernetes service that will respond to the protocol specified with the given portName. It returns the service name, the port on which the service is listening, and a "cancel" function to clean up the created resources.

func CreateWebsocketService

func CreateWebsocketService(ctx context.Context, t *testing.T, clients *test.Clients, suffix string) (string, int, context.CancelFunc)

CreateWebsocketService creates a Kubernetes service that will upgrade the connection to use websockets and echo back the received messages with the provided suffix.

func DumpResponse

func DumpResponse(_ context.Context, t *testing.T, resp *http.Response)

func IsDialError

func IsDialError(err error) bool

func IsIngressReady

func IsIngressReady(r *v1alpha1.Ingress) (bool, error)

IsIngressReady will check the status conditions of the ingress and return true if the ingress is ready.

func PodWithOption

func PodWithOption(pod *corev1.Pod, po ...PodOption) *corev1.Pod

PodWithOption modifies pod objects with PodOptions.

func RunConformance

func RunConformance(t *testing.T)

RunConformance will run ingress conformance tests

Depending on the options it may test alpha and beta features

func RuntimeRequest

func RuntimeRequest(ctx context.Context, t *testing.T, client *http.Client, url string, opts ...RequestOption) *types.RuntimeInfo

func RuntimeRequestWithExpectations

func RuntimeRequestWithExpectations(ctx context.Context, t *testing.T, client *http.Client, url string,
	responseExpectations []ResponseExpectation,
	allowDialError bool,
	opts ...RequestOption) *types.RuntimeInfo

RuntimeRequestWithExpectations attempts to make a request to url and return runtime information. If connection is successful only then it will validate all response expectations. If allowDialError is set to true then function will not fail if connection is a dial error.

func TestBasics

func TestBasics(t *testing.T)

TestBasics verifies that a no frills Ingress exposes a simple Pod/Service via the public load balancer.

func TestBasicsHTTP2

func TestBasicsHTTP2(t *testing.T)

TestBasicsHTTP2 verifies that the same no-frills Ingress over a Service with http/2 configured will see a ProtoMajor of 2.

func TestGRPC

func TestGRPC(t *testing.T)

TestGRPC verifies that GRPC may be used via a simple Ingress.

func TestGRPCSplit

func TestGRPCSplit(t *testing.T)

TestGRPCSplit verifies that websockets may be used across a traffic split.

func TestHTTPOption

func TestHTTPOption(t *testing.T)

TestHTTPOption verifies that the Ingress properly handles HTTPOption field.

func TestIngressClass

func TestIngressClass(t *testing.T)

TestIngressClass verifies that kingress does not pick ingress up when ingress.class annotation is incorrect.

func TestIngressTLS

func TestIngressTLS(t *testing.T)

TestIngressTLS verifies that the Ingress properly handles the TLS field.

func TestMultipleHosts

func TestMultipleHosts(t *testing.T)

TestMultipleHosts verifies that an Ingress can respond to multiple hosts.

func TestPath

func TestPath(t *testing.T)

TestPath verifies that an Ingress properly dispatches to backends based on the path of the URL.

func TestPathAndPercentageSplit

func TestPathAndPercentageSplit(t *testing.T)

func TestPercentage

func TestPercentage(t *testing.T)

TestPercentage verifies that an Ingress splitting over multiple backends respects the given percentage distribution.

func TestPostSplitSetHeaders

func TestPostSplitSetHeaders(t *testing.T)

TestPostSplitSetHeaders verifies that an Ingress that specified AppendHeaders post-split has the appropriate header(s) set.

func TestPreSplitSetHeaders

func TestPreSplitSetHeaders(t *testing.T)

TestPreSplitSetHeaders verifies that an Ingress that specified AppendHeaders pre-split has the appropriate header(s) set.

func TestProbeHeaders

func TestProbeHeaders(t *testing.T)

TestProbeHeaders verifies that an KIngress implemented the dataplane contract for probe request.

func TestRetry

func TestRetry(t *testing.T)

TestRetry verifies that the ingress does not retry failed requests.

func TestRewriteHost

func TestRewriteHost(t *testing.T)

TestRewriteHost verifies that a RewriteHost rule can be used to implement vanity URLs.

func TestRule

func TestRule(t *testing.T)

TestRule verifies that an Ingress properly dispatches to backends based on different rules.

func TestTagHeaders

func TestTagHeaders(t *testing.T)

TestTagHeaders verifies that an Ingress properly dispatches to backends based on the tag header

See proposal doc for reference: https://docs.google.com/document/d/12t_3NE4EqvW_l0hfVlQcAGKkwkAM56tTn2wN_JtHbSQ/edit?usp=sharing

func TestTimeout

func TestTimeout(t *testing.T)

TestTimeout verifies that an Ingress implements "no timeout".

func TestUpdate

func TestUpdate(t *testing.T)

TestUpdate verifies that when the network programming changes that traffic isn't dropped.

func TestVisibility

func TestVisibility(t *testing.T)

func TestVisibilityPath

func TestVisibilityPath(t *testing.T)

func TestVisibilitySplit

func TestVisibilitySplit(t *testing.T)

func TestWebsocket

func TestWebsocket(t *testing.T)

TestWebsocket verifies that websockets may be used via a simple Ingress.

func TestWebsocketSplit

func TestWebsocketSplit(t *testing.T)

TestWebsocketSplit verifies that websockets may be used across a traffic split.

func UpdateIngress

func UpdateIngress(ctx context.Context, t *testing.T, clients *test.Clients, name string, spec v1alpha1.IngressSpec)

UpdateIngress updates a Knative Ingress resource

func UpdateIngressReady

func UpdateIngressReady(ctx context.Context, t *testing.T, clients *test.Clients, name string, spec v1alpha1.IngressSpec)

func WaitForIngressState

func WaitForIngressState(ctx context.Context, client *test.NetworkingClients, name string, inState func(r *v1alpha1.Ingress) (bool, error), desc string) error

WaitForIngressState polls the status of the Ingress called name from client every PollInterval until inState returns `true` indicating it is done, returns an error or PollTimeout. desc will be used to name the metric that is emitted to track how long it took for name to get into the state checked by inState.

Types

type Option

type Option func(*v1alpha1.Ingress)

Option enables further configuration of a Ingress.

func OverrideIngressAnnotation

func OverrideIngressAnnotation(annotations map[string]string) Option

OverrideIngressAnnotation overrides the Ingress annotation.

type PodOption

type PodOption func(*corev1.Pod)

PodOption enables further configuration of a Pod.

func WithEnv

func WithEnv(evs ...corev1.EnvVar) PodOption

WithEnv configures the Service to use the provided environment variables.

func WithReadinessSchemeHTTPS

func WithReadinessSchemeHTTPS() PodOption

WithReadinessSchemeHTTPS adds https scheme to readiness probe.

func WithVolume

func WithVolume(name, mountPath string, volumeSource corev1.VolumeSource) PodOption

WithVolume adds a volume to the pod.

type RequestOption

type RequestOption func(*http.Request)

type ResponseExpectation

type ResponseExpectation func(response *http.Response) error

func StatusCodeExpectation

func StatusCodeExpectation(statusCodes sets.Set[int]) ResponseExpectation

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL