Add conformance test flag to set implementation labels on mesh namespaces #1957
Conversation
k8s-ci-robot
added
area/conformance
cncf-cla: yes
|
Hi @frankbu. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
@frankbu: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
conformance/utils/suite/suite.go
Outdated
|
|
||
| // MeshNamespaceLabels are implentation-specific labels that should be added | ||
| // to namespaces where mesh-enabled services will be deployed. | ||
| MeshNamespaceLabels map[string]string |
There was a problem hiding this comment.
Why do we need this when we already have NamespaceLabels? It only applies to "mesh workload" namespaces not everywhere?
There was a problem hiding this comment.
It only applies to "mesh workload" namespaces not everywhere?
Yes, that is the difference.
It wasn't clear to me what the intended use of NamespaceLabels is, so I added another field. What kind of labels would we want to add to ALL namespaces, mesh or not?
There was a problem hiding this comment.
If I'm understanding correctly we expect that there will be tests where some but not all namespaces will be included in the mesh?
There was a problem hiding this comment.
@shaneutt, yes, that is my assumption. Mesh egress tests, for example.
There was a problem hiding this comment.
Actually the more general problem is that if one wants to run both the Gateway and Mesh tests, there is no way to label only the mesh namespace(s), but not the ones hosting plain k8s services that the Gateway/Route tests use. Maybe that's what we want? When running Mesh and Gateway tests together, the Gateway tests switch to mesh-ingress (instead of k8s-ingress) tests?
There was a problem hiding this comment.
@frankbu This seems like something that's maybe a bit too implementation-specific to include in our conformance test helpers unless I'm missing something. Would it be possible to just have mesh tests runs separately from ingress tests?
There was a problem hiding this comment.
@robscott, yes, absolutely, I think that would be fine. The only potential issue is if we have mesh tests that want to call services outside of the mesh (egress testing). In Istio, we use a "non-mesh" namespace to run services that simulate external services for this kind of testing.
There was a problem hiding this comment.
@robscott @shaneutt I removed MeshNamespaceLabels and just use the existing NamespaceLabels for now. If in the future we need to differentiate mesh/not-mesh namespaces we can figure out a way to do it then.
So now this PR is only adding a flag to set NamespaceLabels and fixing up pod.go to properly check that the version routing test is actually calling the expected backends.
k8s-ci-robot
added
cncf-cla: no
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
cncf-cla: no
|
@frankbu can you update the PR description to match what we've settled on? It looks like one of your latest commits caused CLA to fail, so that will also need to be fixed before this can be merged. /ok-to-test |
k8s-ci-robot
added
ok-to-test
|
/easycla |
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
the
cncf-cla: no
|
/easycla |
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
cncf-cla: yes
|
@robscott I added the unit tests you requested. Are there any other issues holding it up? |
|
Hey @frankbu we're effectively frozen right now until v0.7.0 releases, but we're expecting that to happen on Monday. |
k8s-ci-robot
added
the
needs-rebase
| @@ -0,0 +1,69 @@ | |||
| /* | |||
| Copyright 2022 The Kubernetes Authors. | |||
There was a problem hiding this comment.
Tiny nit:
| Copyright 2022 The Kubernetes Authors. | |
| Copyright 2023 The Kubernetes Authors. |
k8s-ci-robot
removed
the
needs-rebase
|
@robscott should be good to go now, thanks. |
robscott
added
the
tide/merge-method-squash
|
Thanks @frankbu! /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: frankbu, robscott The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What type of PR is this?
/test
/area conformance
What this PR does / why we need it:
Some mesh implementations require namespaces that are part of the mesh to include implementation-specific labels. For example, Istio requires an
istio-injection=enabledlabel on mesh namespaces to turn on sidecar injection.This PR adds a new flag that can be used to pass in labels that should be added to namespaces where mesh-enabled services are deployed (e.g.,
--namespace-labels "istio-injection=enabled"can be set to run on Istio).This new flag is implemented using the existing NamespaceLabels field in suite.Options. This PR is only making it settable via the command line.
Note that this PR also includes a small fix in pod.go to check that the expected backends are being called. Without this fix, the split-mesh test isn't actually confirming that the correct backends are called, just that some backend has been called.
Which issue(s) this PR fixes:
Fixes #
Does this PR introduce a user-facing change?: