From 104e67b95b8463a303a605fc1d85e8cc497f970e Mon Sep 17 00:00:00 2001 From: Maxim Babushkin Date: Thu, 6 Mar 2025 12:54:00 +0200 Subject: [PATCH 1/2] Unify namespace labeling over e2e tests (#695) Use a single way of labeling the namespace in e2e tests - k.Label. Signed-off-by: Maxim Babushkin --- tests/e2e/ambient/ambient_test.go | 6 ++---- tests/e2e/controlplane/control_plane_test.go | 3 +-- .../e2e/controlplane/control_plane_update_test.go | 2 -- tests/e2e/dualstack/dualstack_test.go | 12 ++++-------- .../multicluster/multicluster_multiprimary_test.go | 6 ++---- .../multicluster_primaryremote_test.go | 14 +++----------- tests/e2e/util/certs/certs.go | 2 +- 7 files changed, 13 insertions(+), 32 deletions(-) diff --git a/tests/e2e/ambient/ambient_test.go b/tests/e2e/ambient/ambient_test.go index cb141bf042..15f954c82c 100644 --- a/tests/e2e/ambient/ambient_test.go +++ b/tests/e2e/ambient/ambient_test.go @@ -247,10 +247,8 @@ spec: Expect(k.CreateNamespace(common.HttpbinNamespace)).To(Succeed(), "Failed to create httpbin namespace") // Add the necessary ambient labels on the namespaces. - Expect(k.Patch("namespace", common.SleepNamespace, "merge", `{"metadata":{"labels":{"istio.io/dataplane-mode":"ambient"}}}`)). - To(Succeed(), "Error patching sleep namespace") - Expect(k.Patch("namespace", common.HttpbinNamespace, "merge", `{"metadata":{"labels":{"istio.io/dataplane-mode":"ambient"}}}`)). - To(Succeed(), "Error patching httpbin namespace") + Expect(k.Label("namespace", common.SleepNamespace, "istio.io/dataplane-mode", "ambient")).To(Succeed(), "Error labeling sleep namespace") + Expect(k.Label("namespace", common.HttpbinNamespace, "istio.io/dataplane-mode", "ambient")).To(Succeed(), "Error labeling httpbin namespace") // Deploy the test pods. Expect(k.WithNamespace(common.SleepNamespace).Apply(common.GetSampleYAML(version, "sleep"))).To(Succeed(), "error deploying sleep pod") diff --git a/tests/e2e/controlplane/control_plane_test.go b/tests/e2e/controlplane/control_plane_test.go index 4c50ca7ff2..0a56689176 100644 --- a/tests/e2e/controlplane/control_plane_test.go +++ b/tests/e2e/controlplane/control_plane_test.go @@ -208,8 +208,7 @@ spec: } Expect(k.CreateNamespace(sampleNamespace)).To(Succeed(), "Sample namespace failed to be created") - Expect(k.Patch("namespace", sampleNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching sample namespace") + Expect(k.Label("namespace", sampleNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sample namespace") Expect(k.WithNamespace(sampleNamespace). ApplyWithLabels(common.GetSampleYAML(version, sampleNamespace), "version=v1")). To(Succeed(), "Error deploying sample") diff --git a/tests/e2e/controlplane/control_plane_update_test.go b/tests/e2e/controlplane/control_plane_update_test.go index 8d1ea2ac22..99f960f406 100644 --- a/tests/e2e/controlplane/control_plane_update_test.go +++ b/tests/e2e/controlplane/control_plane_update_test.go @@ -137,8 +137,6 @@ spec: BeforeAll(func(ctx SpecContext) { Expect(k.CreateNamespace(sampleNamespace)).To(Succeed(), "Sample namespace failed to be created") Expect(k.Label("namespace", sampleNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sample namespace") - Expect(k.Patch("namespace", sampleNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching sample namespace") Expect(k.WithNamespace(sampleNamespace). ApplyWithLabels(common.GetSampleYAML(istioversion.Map[baseVersion], sampleNamespace), "version=v1")). To(Succeed(), "Error deploying sample") diff --git a/tests/e2e/dualstack/dualstack_test.go b/tests/e2e/dualstack/dualstack_test.go index bd554543f5..190b78cc7a 100644 --- a/tests/e2e/dualstack/dualstack_test.go +++ b/tests/e2e/dualstack/dualstack_test.go @@ -185,14 +185,10 @@ spec: Expect(k.CreateNamespace(IPv6Namespace)).To(Succeed(), "Failed to create ipv6 namespace") Expect(k.CreateNamespace(SleepNamespace)).To(Succeed(), "Failed to create sleep namespace") - Expect(k.Patch("namespace", DualStackNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching dual-stack namespace") - Expect(k.Patch("namespace", IPv4Namespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching ipv4 namespace") - Expect(k.Patch("namespace", IPv6Namespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching ipv6 namespace") - Expect(k.Patch("namespace", SleepNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching sleep namespace") + Expect(k.Label("namespace", DualStackNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling dual-stack namespace") + Expect(k.Label("namespace", IPv4Namespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling ipv4 namespace") + Expect(k.Label("namespace", IPv6Namespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling ipv6 namespace") + Expect(k.Label("namespace", SleepNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sleep namespace") Expect(k.WithNamespace(DualStackNamespace).Apply(common.GetSampleYAML(version, "tcp-echo-dual-stack"))).To(Succeed(), "error deploying tcpDualStack pod") Expect(k.WithNamespace(IPv4Namespace).Apply(common.GetSampleYAML(version, "tcp-echo-ipv4"))).To(Succeed(), "error deploying ipv4 pod") diff --git a/tests/e2e/multicluster/multicluster_multiprimary_test.go b/tests/e2e/multicluster/multicluster_multiprimary_test.go index c571f876bb..6f6700130b 100644 --- a/tests/e2e/multicluster/multicluster_multiprimary_test.go +++ b/tests/e2e/multicluster/multicluster_multiprimary_test.go @@ -206,10 +206,8 @@ spec: Expect(k2.CreateNamespace(sampleNamespace)).To(Succeed(), "Namespace failed to be created on Cluster #2") // Label the namespace - Expect(k1.Patch("namespace", sampleNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching sample namespace") - Expect(k2.Patch("namespace", sampleNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching sample namespace") + Expect(k1.Label("namespace", sampleNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sample namespace") + Expect(k2.Label("namespace", sampleNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sample namespace") // Deploy the sample app in both clusters deploySampleAppToClusters(sampleNamespace, version, []ClusterDeployment{ diff --git a/tests/e2e/multicluster/multicluster_primaryremote_test.go b/tests/e2e/multicluster/multicluster_primaryremote_test.go index f55b0aa216..50666a2137 100644 --- a/tests/e2e/multicluster/multicluster_primaryremote_test.go +++ b/tests/e2e/multicluster/multicluster_primaryremote_test.go @@ -189,13 +189,7 @@ spec: "merge", `{"metadata":{"annotations":{"topology.istio.io/controlPlaneClusters":"cluster1"}}}`)). To(Succeed(), "Error patching istio-system namespace") - Expect( - k2.Patch( - "namespace", - controlPlaneNamespace, - "merge", - `{"metadata":{"labels":{"topology.istio.io/network":"network2"}}}`)). - To(Succeed(), "Error patching istio-system namespace") + Expect(k2.Label("namespace", controlPlaneNamespace, "topology.istio.io/network", "network2")).To(Succeed(), "Error labeling istio-system namespace") // To be able to access the remote cluster from the primary cluster, we need to create a secret in the primary cluster // Remote Istio resource will not be Ready until the secret is created @@ -250,10 +244,8 @@ spec: Expect(k2.CreateNamespace(sampleNamespace)).To(Succeed(), "Namespace failed to be created on Cluster #2") // Label the namespace - Expect(k1.Patch("namespace", sampleNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching sample namespace") - Expect(k2.Patch("namespace", sampleNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). - To(Succeed(), "Error patching sample namespace") + Expect(k1.Label("namespace", sampleNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sample namespace") + Expect(k2.Label("namespace", sampleNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sample namespace") // Deploy the sample app in both clusters deploySampleAppToClusters(sampleNamespace, v, []ClusterDeployment{ diff --git a/tests/e2e/util/certs/certs.go b/tests/e2e/util/certs/certs.go index 505eebe6f4..0a59c1f34b 100644 --- a/tests/e2e/util/certs/certs.go +++ b/tests/e2e/util/certs/certs.go @@ -227,7 +227,7 @@ func PushIntermediateCA(k kubectl.Kubectl, ns, zone, network, basePath string, c _, err := common.GetObject(context.Background(), cl, kube.Key("cacerts", ns), &corev1.Secret{}) if err != nil { // Label the namespace with the network - err = k.Patch("namespace", ns, "merge", `{"metadata":{"labels":{"topology.istio.io/network":"`+network+`"}}}`) + err = k.Label("namespace", ns, "topology.istio.io/network", network) if err != nil { return fmt.Errorf("failed to label namespace: %w", err) } From aba8459c8ce839fcfd43eee829973b6e20adc5cb Mon Sep 17 00:00:00 2001 From: Sridhar Gaddam Date: Thu, 6 Mar 2025 17:37:01 +0530 Subject: [PATCH 2/2] Add a note that version is optional in Istio CRs (#697) Signed-off-by: Sridhar Gaddam --- docs/README.md | 18 +++++++++--------- docs/common/istio-ambient-mode.md | 3 ++- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/README.md b/docs/README.md index f045ef20d8..413fe59bf7 100644 --- a/docs/README.md +++ b/docs/README.md @@ -77,7 +77,6 @@ kind: Istio metadata: name: default spec: - version: v1.23.2 namespace: istio-system updateStrategy: type: InPlace @@ -89,6 +88,8 @@ spec: memory: 1024Mi ``` +Note: If you need a specific Istio version, you can explicitly set it using `spec.version`. If not specified, the Operator will install the latest supported version. + Istio uses a ConfigMap for its global configuration, called the MeshConfig. All of its settings are available through `spec.meshConfig`. To support canary updates of the control plane, Sail Operator includes support for multiple Istio versions. You can select a version by setting the `version` field in the `spec` to the version you would like to install, prefixed with a `v`. You can then update to a new version just by changing this field. An `vX.Y-latest` alias can be used for the latest z/patch versions of each supported y/minor versions. As per the example above, `v1.23-latest` can be specified in the `version` field. By doing so, the operator will keep the istio version with the latest `z` version of the same `y` version. @@ -129,7 +130,6 @@ kind: IstioCNI metadata: name: default spec: - version: v1.23.2 namespace: istio-cni values: cni: @@ -138,6 +138,8 @@ spec: - kube-system ``` +Note: If you need a specific Istio version, you can explicitly set it using `spec.version`. If not specified, the Operator will install the latest supported version. + #### Updating the IstioCNI resource Updates for the `IstioCNI` resource are `Inplace` updates, this means that the `DaemonSet` will be updated with the new version of the CNI plugin once the resource is updated and the `istio-cni-node` pods are going to be replaced with the new version. To update the CNI plugin, just change the `version` field to the version you want to install. Just like the `Istio` resource, it also has a `values` field that exposes all of the options provided in the `istio-cni` chart: @@ -151,7 +153,7 @@ To update the CNI plugin, just change the `version` field to the version you wan metadata: name: default spec: - version: v1.23.2 + version: v1.24.2 namespace: istio-cni values: cni: @@ -165,7 +167,7 @@ To update the CNI plugin, just change the `version` field to the version you wan ```bash $ kubectl get istiocni -n istio-cni NAME READY STATUS VERSION AGE - default True Healthy v1.23.2 91m + default True Healthy v1.24.2 91m $ kubectl get pods -n istio-cni NAME READY STATUS RESTARTS AGE istio-cni-node-hd9zf 1/1 Running 0 90m @@ -173,14 +175,14 @@ To update the CNI plugin, just change the `version` field to the version you wan 3. Update the CNI plugin version. ```bash - kubectl patch istiocni default -n istio-cni --type='merge' -p '{"spec":{"version":"v1.23.3"}}' + kubectl patch istiocni default -n istio-cni --type='merge' -p '{"spec":{"version":"v1.24.3"}}' ``` 4. Confirm the CNI plugin version was updated. ```bash $ kubectl get istiocni -n istio-cni NAME READY STATUS VERSION AGE - default True Healthy v1.23.3 93m + default True Healthy v1.24.3 93m $ kubectl get pods -n istio-cni NAME READY STATUS RESTARTS AGE istio-cni-node-jz4lg 1/1 Running 0 44s @@ -1104,7 +1106,7 @@ These steps are common to every multi-cluster deployment and should be completed -in root-cert.csr \ -out root-cert.pem ``` -5. Create intermediate certiciates. +5. Create intermediate certificates. ```sh for cluster in west east; do @@ -1869,7 +1871,6 @@ Note: If you installed the KinD cluster using the command above, install the [Sa ipFamilyPolicy: RequireDualStack env: ISTIO_DUAL_STACK: "true" - version: v1.23.2 namespace: istio-system EOF kubectl wait --for=jsonpath='{.status.revisions.ready}'=1 istios/default --timeout=3m @@ -1885,7 +1886,6 @@ Note: If you installed the KinD cluster using the command above, install the [Sa metadata: name: default spec: - version: v1.23.2 namespace: istio-cni EOF kubectl wait --for=condition=Ready pod -n istio-cni -l k8s-app=istio-cni-node --timeout=60s diff --git a/docs/common/istio-ambient-mode.md b/docs/common/istio-ambient-mode.md index e8631b9f9d..8f9ade774e 100644 --- a/docs/common/istio-ambient-mode.md +++ b/docs/common/istio-ambient-mode.md @@ -26,13 +26,14 @@ metadata: name: default spec: profile: ambient - version: v1.24.0 namespace: ztunnel values: ztunnel: image: docker.io/istio/ztunnel:1.24.0 ``` +Note: If you need a specific Istio version, you can explicitly set it using `spec.version`. If not specified, the Operator will install the latest supported version. + ### API Reference documentation The ZTunnel resource API reference documentation can be found [here](https://github.com/istio-ecosystem/sail-operator/blob/main/docs/api-reference/sailoperator.io.md#ztunnel).