Connect Kube gateway part 3: daemon create kube gateway

integration/proxy/proxy_helpers.go

@@ -40,8 +40,11 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/ssh"
+	"golang.org/x/exp/maps"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 
@@ -55,20 +58,25 @@ import (
 	"github.com/gravitational/teleport/lib/client"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/fixtures"
+	"github.com/gravitational/teleport/lib/kube/kubeconfig"
 	"github.com/gravitational/teleport/lib/reversetunnelclient"
 	"github.com/gravitational/teleport/lib/service/servicecfg"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/srv/alpnproxy"
+	"github.com/gravitational/teleport/lib/srv/alpnproxy/common"
 	alpncommon "github.com/gravitational/teleport/lib/srv/alpnproxy/common"
+	"github.com/gravitational/teleport/lib/srv/db/mysql"
 	"github.com/gravitational/teleport/lib/srv/db/postgres"
+	"github.com/gravitational/teleport/lib/teleterm/gateway"
 	"github.com/gravitational/teleport/lib/tlsca"
 	"github.com/gravitational/teleport/lib/utils"
 	awsutils "github.com/gravitational/teleport/lib/utils/aws"
 )
 
 type Suite struct {
-	root *helpers.TeleInstance
-	leaf *helpers.TeleInstance
+	root     *helpers.TeleInstance
+	leaf     *helpers.TeleInstance
+	username string
 }
 
 type suiteOptions struct {
@@ -125,12 +133,14 @@ func newSuite(t *testing.T, opts ...proxySuiteOptionsFunc) *Suite {
 	}
 	lCfg.Listeners = options.leafClusterListeners(t, &lCfg.Fds)
 	lc := helpers.NewInstance(t, lCfg)
+	user := helpers.MustGetCurrentUser(t)
+
 	suite := &Suite{
-		root: rc,
-		leaf: lc,
+		root:     rc,
+		leaf:     lc,
+		username: user.Username,
 	}
 
-	user := helpers.MustGetCurrentUser(t)
 	for _, role := range options.rootClusterRoles {
 		rc.AddUserWithRole(user.Username, role)
 	}
@@ -711,3 +721,67 @@ func mustFindKubePod(t *testing.T, tc *client.TeleportClient) {
 	require.Equal(t, types.KindKubePod, response.Resources[0].Kind)
 	require.Equal(t, kubePodName, response.Resources[0].GetName())
 }
+
+func mustConnectDatabaseGateway(t *testing.T, gw gateway.Gateway) {
+	t.Helper()
+
+	dbGateway, err := gateway.AsDatabase(gw)
+	require.NoError(t, err)
+
+	// Open a new connection.
+	client, err := mysql.MakeTestClientWithoutTLS(
+		net.JoinHostPort(gw.LocalAddress(), gw.LocalPort()),
+		dbGateway.RouteToDatabase())
+	require.NoError(t, err)
+
+	// Execute a query.
+	result, err := client.Execute("select 1")
+	require.NoError(t, err)
+	require.Equal(t, mysql.TestQueryResponse, result)
+
+	// Disconnect.
+	require.NoError(t, client.Close())
+}
+
+func kubeClientForLocalProxy(t *testing.T, kubeconfigPath, teleportCluster, kubeCluster string) *kubernetes.Clientset {
+	t.Helper()
+
+	config, err := kubeconfig.Load(kubeconfigPath)
+	require.NoError(t, err)
+
+	contextName := kubeconfig.ContextName(teleportCluster, kubeCluster)
+	require.Contains(t, maps.Keys(config.Clusters), contextName)
+	proxyURL, err := url.Parse(config.Clusters[contextName].ProxyURL)
+	require.NoError(t, err)
+
+	tlsClientConfig := rest.TLSClientConfig{
+		CAData:     config.Clusters[contextName].CertificateAuthorityData,
+		CertData:   config.AuthInfos[contextName].ClientCertificateData,
+		KeyData:    config.AuthInfos[contextName].ClientKeyData,
+		ServerName: common.KubeLocalProxySNI(teleportCluster, kubeCluster),
+	}
+	client, err := kubernetes.NewForConfig(&rest.Config{
+		Host:            "https://" + teleportCluster,
+		TLSClientConfig: tlsClientConfig,
+		Proxy:           http.ProxyURL(proxyURL),
+	})
+	require.NoError(t, err)
+	return client
+}
+
+func mustGetKubePod(t *testing.T, client *kubernetes.Clientset, wantPodName string) {
+	t.Helper()
+
+	resp, err := client.CoreV1().Pods("default").List(context.Background(), metav1.ListOptions{})
+	require.NoError(t, err)
+	require.Equal(t, len(resp.Items), 1)
+	require.Equal(t, wantPodName, resp.Items[0].GetName())
+}
+
+func mustGetProfileName(t *testing.T, webProxyAddr string) string {
+	t.Helper()
+
+	profileName, _, err := net.SplitHostPort(webProxyAddr)
+	require.NoError(t, err)
+	return profileName
+}

integration/proxy/proxy_test.go

@@ -434,9 +434,7 @@ func TestALPNSNIProxyKube(t *testing.T) {
 			},
 		})
 		require.NoError(t, err)
-		resp, err := k8Client.CoreV1().Pods("default").List(context.Background(), metav1.ListOptions{})
-		require.NoError(t, err)
-		require.Equal(t, 1, len(resp.Items), "pods item length mismatch")
+		mustGetKubePod(t, k8Client, kubePodName)
 	})
 }
 
@@ -507,9 +505,7 @@ func TestALPNSNIProxyKubeV2Leaf(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	resp, err := k8Client.CoreV1().Pods("default").List(context.Background(), metav1.ListOptions{})
-	require.NoError(t, err)
-	require.Equal(t, 1, len(resp.Items), "pods item length mismatch")
+	mustGetKubePod(t, k8Client, kubePodName)
 }
 
 func TestKubeIPPinning(t *testing.T) {