diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 81356772..bfba0701 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -3,12 +3,12 @@ name: lint on: pull_request: branches: - - '*' + - '**' push: branches: - 'main' tags: - - '*' + - '**' workflow_dispatch: {} jobs: diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index a74278d6..f6bff5dd 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,6 +10,7 @@ on: pull_request: branches: - 'main' + - 'release/[0-9]+.[0-9]+.x' push: branches: - 'main' @@ -114,7 +115,7 @@ jobs: if: steps.detect_if_should_run_enterprise.outputs.result == 'true' id: license with: - password: ${{ secrets.PULP_PASSWORD }} + op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: setup golang uses: actions/setup-go@v4 @@ -196,7 +197,7 @@ jobs: if: steps.detect_if_should_run.outputs.result == 'true' id: license with: - password: ${{ secrets.PULP_PASSWORD }} + op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - name: checkout repository if: steps.detect_if_should_run.outputs.result == 'true' diff --git a/CHANGELOG.md b/CHANGELOG.md index 50ccc319..75c6f2be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## v0.39.2 + +- Backport Kuma changes to honor version and handle Kuma 2.6.0 traffic + permissions properly. + [#1017](https://github.com/Kong/kubernetes-testing-framework/pull/1017) + ## v0.39.1 - Removed a module exclude that made `go install` unhappy. diff --git a/internal/cmd/ktf/environments.go b/internal/cmd/ktf/environments.go index 0c748240..876fbf71 100644 --- a/internal/cmd/ktf/environments.go +++ b/internal/cmd/ktf/environments.go @@ -62,7 +62,7 @@ func init() { //nolint:gochecknoinits var environmentsCreateCmd = &cobra.Command{ Use: "create", Short: "create a new testing environment", - Run: func(cmd *cobra.Command, args []string) { + Run: func(cmd *cobra.Command, _ []string) { ctx, cancel := context.WithTimeout(context.Background(), EnvironmentCreateTimeout) defer cancel() @@ -286,7 +286,7 @@ func init() { //nolint:gochecknoinits var environmentsDeleteCmd = &cobra.Command{ Use: "delete", Short: "delete a testing environment", - Run: func(cmd *cobra.Command, args []string) { + Run: func(cmd *cobra.Command, _ []string) { ctx, cancel := context.WithTimeout(context.Background(), EnvironmentCreateTimeout) defer cancel() diff --git a/pkg/clusters/addons/kong/addon.go b/pkg/clusters/addons/kong/addon.go index 2d2dc411..68cd4cd2 100644 --- a/pkg/clusters/addons/kong/addon.go +++ b/pkg/clusters/addons/kong/addon.go @@ -240,7 +240,7 @@ func (a *Addon) Deploy(ctx context.Context, cluster clusters.Cluster) error { if opts.Server == "" { opts.Server = "https://index.docker.io/v1/" } - opts.PrintObj = func(obj runtime.Object) error { + opts.PrintObj = func(_ runtime.Object) error { return nil } @@ -606,7 +606,8 @@ func urlForService(ctx context.Context, cluster clusters.Cluster, nsn types.Name return nil, err } - switch service.Spec.Type { //nolint:exhaustive + //nolint:exhaustive + switch service.Spec.Type { case corev1.ServiceTypeLoadBalancer: if len(service.Status.LoadBalancer.Ingress) == 1 { return url.Parse(fmt.Sprintf("http://%s:%d", service.Status.LoadBalancer.Ingress[0].IP, port)) diff --git a/pkg/clusters/addons/kuma/addon.go b/pkg/clusters/addons/kuma/addon.go index 05c1285d..75dc3dec 100644 --- a/pkg/clusters/addons/kuma/addon.go +++ b/pkg/clusters/addons/kuma/addon.go @@ -45,7 +45,7 @@ type Addon struct { name string logger *logrus.Logger - version semver.Version + version *semver.Version mtlsEnabled bool } @@ -61,9 +61,14 @@ func (a *Addon) Namespace() string { return Namespace } -// Version indicates the Kuma version for this addon. -func (a *Addon) Version() semver.Version { - return a.version +// Version returns the version of the Kuma Helm chart deployed by the addon. +// If the version is not set, the second return value will be false and the latest local +// chart version will be used. +func (a *Addon) Version() (v semver.Version, ok bool) { + if a.version == nil { + return semver.Version{}, false + } + return *a.version, true } // ----------------------------------------------------------------------------- @@ -144,6 +149,10 @@ func (a *Addon) Deploy(ctx context.Context, cluster clusters.Cluster) error { // if the dbmode is postgres, set several related values args := []string{"--kubeconfig", kubeconfig.Name(), "install", DefaultReleaseName, "kuma/kuma"} + if a.version != nil { + args = append(args, "--version", a.version.String()) + } + // compile the helm installation values args = append(args, "--create-namespace", "--namespace", Namespace) a.logger.Debugf("helm install arguments: %+v", args) @@ -225,12 +234,36 @@ spec: name: ca-1 type: builtin enabledBackend: ca-1` + + allowAllTrafficPermission = `apiVersion: kuma.io/v1alpha1 +kind: MeshTrafficPermission +metadata: + name: allow-all + namespace: kuma-system + labels: + kuma.io/mesh: default +spec: + targetRef: + kind: Mesh + from: + - targetRef: + kind: Mesh + default: + action: Allow` +) + +var ( + // From Kuma 2.6.0, the default mesh traffic permission is no longer created by default + // and must be created manually if mTLS is enabled. + // https://github.com/kumahq/kuma/blob/2.6.0/UPGRADE.md#default-trafficroute-and-trafficpermission-resources-are-not-created-when-creating-a-new-mesh + installDefaultMeshTrafficPermissionCutoffVersion = semver.MustParse("2.6.0") ) // enableMTLS attempts to apply a Mesh resource with a basic retry mechanism to deal with delays in the Kuma webhook // startup func (a *Addon) enableMTLS(ctx context.Context, cluster clusters.Cluster) (err error) { ticker := time.NewTicker(5 * time.Second) //nolint:gomnd + defer ticker.Stop() timeoutTimer := time.NewTimer(time.Minute) for { @@ -238,7 +271,12 @@ func (a *Addon) enableMTLS(ctx context.Context, cluster clusters.Cluster) (err e case <-ctx.Done(): return fmt.Errorf("context completed while retrying to apply Mesh") case <-ticker.C: - err = clusters.ApplyManifestByYAML(ctx, cluster, mtlsEnabledDefaultMesh) + yamlToApply := mtlsEnabledDefaultMesh + if v, ok := a.Version(); ok && v.GTE(installDefaultMeshTrafficPermissionCutoffVersion) { + a.logger.Infof("Kuma version is %s or later, creating default mesh traffic permission", installDefaultMeshTrafficPermissionCutoffVersion) + yamlToApply = strings.Join([]string{mtlsEnabledDefaultMesh, allowAllTrafficPermission}, "\n---\n") + } + err = clusters.ApplyManifestByYAML(ctx, cluster, yamlToApply) if err == nil { return nil } diff --git a/pkg/clusters/addons/kuma/builder.go b/pkg/clusters/addons/kuma/builder.go index 0f365254..8bde3c59 100644 --- a/pkg/clusters/addons/kuma/builder.go +++ b/pkg/clusters/addons/kuma/builder.go @@ -14,7 +14,7 @@ import ( // Builder is a configuration tool to generate Kuma cluster addons. type Builder struct { name string - version semver.Version + version *semver.Version logger *logrus.Logger mtlsEnabled bool @@ -29,7 +29,7 @@ func NewBuilder() *Builder { // WithVersion configures the specific version of Kuma which should be deployed. func (b *Builder) WithVersion(version semver.Version) *Builder { - b.version = version + b.version = &version return b } diff --git a/pkg/environments/builder.go b/pkg/environments/builder.go index 17d59875..9b3b3721 100644 --- a/pkg/environments/builder.go +++ b/pkg/environments/builder.go @@ -185,7 +185,7 @@ func (b *Builder) Build(ctx context.Context) (env Environment, err error) { cluster: cluster, }, nil case 1: - return nil, addonDeploymentErrors[0] //nolint:gosec + return nil, addonDeploymentErrors[0] default: errMsgs := make([]string, 0, totalFailures) for _, err := range addonDeploymentErrors { diff --git a/pkg/utils/kong/fake_admin_api.go b/pkg/utils/kong/fake_admin_api.go index c3818b22..7196e043 100644 --- a/pkg/utils/kong/fake_admin_api.go +++ b/pkg/utils/kong/fake_admin_api.go @@ -41,7 +41,7 @@ type FakeAdminAPIServer struct { func NewFakeAdminAPIServer() (*FakeAdminAPIServer, error) { // start up the fake admin api server mocks := make(chan AdminAPIResponse, maxMocks) - endpoint := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + endpoint := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { select { case override := <-mocks: // run any callbacks that were configured in the mock (these are optional) diff --git a/test/e2e/gke_cluster_test.go b/test/e2e/gke_cluster_test.go index 65087aeb..c8e2a91f 100644 --- a/test/e2e/gke_cluster_test.go +++ b/test/e2e/gke_cluster_test.go @@ -28,6 +28,11 @@ import ( "github.com/kong/kubernetes-testing-framework/pkg/utils/kubernetes/generators" ) +const ( + gkeVersionMajor = 1 + gkeVersionMinor = 29 +) + var ( gkeCreds = os.Getenv(gke.GKECredsVar) gkeProject = os.Getenv(gke.GKEProjectVar) @@ -60,7 +65,7 @@ func testGKECluster(t *testing.T, createSubnet bool) { t.Logf("configuring the GKE cluster PROJECT=(%s) LOCATION=(%s)", gkeProject, gkeLocation) builder := gke.NewBuilder([]byte(gkeCreds), gkeProject, gkeLocation) - builder.WithClusterMinorVersion(1, 24) + builder.WithClusterMinorVersion(gkeVersionMajor, gkeVersionMinor) builder.WithWaitForTeardown(false) builder.WithCreateSubnet(createSubnet) builder.WithLabels(map[string]string{"test-cluster": "true"}) @@ -113,8 +118,8 @@ func testGKECluster(t *testing.T, createSubnet bool) { t.Log("validating kubernetes cluster version") kubernetesVersion, err := env.Cluster().Version() require.NoError(t, err) - require.Equal(t, uint64(1), kubernetesVersion.Major) - require.Equal(t, uint64(24), kubernetesVersion.Minor) + require.Equal(t, uint64(gkeVersionMajor), kubernetesVersion.Major) + require.Equal(t, uint64(gkeVersionMinor), kubernetesVersion.Minor) t.Log("verifying that the kong addon deployed both proxy and controller") kongAddon, err := env.Cluster().GetAddon("kong")