From 73c167164eae76a52e069af91ec8cb0420ea9092 Mon Sep 17 00:00:00 2001 From: ctartici Date: Thu, 20 Feb 2025 19:47:48 +0100 Subject: [PATCH 1/6] Modifications to Run integration Tests With Sail Operator --- .../sail-operator/egress-gateway-values.yaml | 9 ++ .../sail-operator/ingress-gateway-values.yaml | 32 +++++ prow/config/sail-operator/istioCNI-cr.yaml | 8 ++ prow/integ-suite-ocp.sh | 7 + prow/setup/sail-operator-setup.sh | 122 ++++++++++++++++++ 5 files changed, 178 insertions(+) create mode 100644 prow/config/sail-operator/egress-gateway-values.yaml create mode 100644 prow/config/sail-operator/ingress-gateway-values.yaml create mode 100644 prow/config/sail-operator/istioCNI-cr.yaml create mode 100755 prow/setup/sail-operator-setup.sh diff --git a/prow/config/sail-operator/egress-gateway-values.yaml b/prow/config/sail-operator/egress-gateway-values.yaml new file mode 100644 index 0000000000..55f58fa26a --- /dev/null +++ b/prow/config/sail-operator/egress-gateway-values.yaml @@ -0,0 +1,9 @@ +platform: openshift +autoscaling: + enabled: false + +meshConfig: + accessLogFile: /dev/stdout + +service: + type: ClusterIP diff --git a/prow/config/sail-operator/ingress-gateway-values.yaml b/prow/config/sail-operator/ingress-gateway-values.yaml new file mode 100644 index 0000000000..b643a8ec88 --- /dev/null +++ b/prow/config/sail-operator/ingress-gateway-values.yaml @@ -0,0 +1,32 @@ +platform: openshift +autoscaling: + enabled: false + +meshConfig: + accessLogFile: /dev/stdout + +service: + ports: + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + ## Extra ports for testing + - port: 15012 + targetPort: 15012 + name: tls-istiod + - port: 15017 + targetPort: 15017 + name: tls-webhook + - port: 31400 + targetPort: 31400 + name: tcp diff --git a/prow/config/sail-operator/istioCNI-cr.yaml b/prow/config/sail-operator/istioCNI-cr.yaml new file mode 100644 index 0000000000..7df6c5a06a --- /dev/null +++ b/prow/config/sail-operator/istioCNI-cr.yaml @@ -0,0 +1,8 @@ +apiVersion: sailoperator.io/v1alpha1 +kind: IstioCNI +metadata: + name: default +spec: + namespace: ${ISTIOCNI_NAESPACE} + version: ${ISTIO_VERSION} + profile: openshift \ No newline at end of file diff --git a/prow/integ-suite-ocp.sh b/prow/integ-suite-ocp.sh index 1404354205..c12751f584 100755 --- a/prow/integ-suite-ocp.sh +++ b/prow/integ-suite-ocp.sh @@ -135,6 +135,13 @@ base_cmd=("go" "test" "-p" "1" "-v" "-count=1" "-tags=integ" "-vet=off" "-timeou "--istio.test.tag=${TAG}" "--istio.test.openshift") +# Append sail operator setup script to base command +if [ "${OPERATOR_TYPE:-}" == "sail" ]; then + SAIL_SETUP_SCRIPT="${WD}/setup/sail-operator-setup.sh" + base_cmd+=("--istio.test.kube.deploy=false") + base_cmd+=("--istio.test.kube.controlPlaneInstaller=${SAIL_SETUP_SCRIPT}") +fi + # Append skip tests flag if SKIP_TESTS is set if [ -n "${SKIP_TESTS}" ]; then base_cmd+=("-skip" "${SKIP_TESTS}") diff --git a/prow/setup/sail-operator-setup.sh b/prow/setup/sail-operator-setup.sh new file mode 100755 index 0000000000..89f2b45dfa --- /dev/null +++ b/prow/setup/sail-operator-setup.sh @@ -0,0 +1,122 @@ +#!/bin/bash + +# Copyright 2019 Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The integration test runtime is calling this script two times if istio.test.kube.controlPlaneInstaller parameter set. One call is with +# install and another is with cleanup. On install script is used to convert istio in-cluster operator config to sail operator config and install istiod, istio-cni and gateways. +# On cleanup istiod, istio-cni, istio-ingressgateway and istio-engressgateway are cleaned +# The output log of this script is printed under working directory set by: --istio.test.work_dir/sail-operator-setup.log + +exec > >(tee -a "$2"/sail-operator-setup.log) 2>&1 +# Exit immediately for non zero status +set -e +# Check unset variables +set -u +# Print commands +set -x + +function usage() { + echo "Usage: $0 " + echo "Example: $0 install /path/to/iop.yaml" + exit 1 +} + +if [[ $# -lt 2 ]]; then + echo "Error: Missing required arguments." + usage +fi + +if ! command -v yq &>/dev/null; then + echo "Error: 'yq' is not installed. Please install it before running the script." + exit 1 +fi + +if ! command -v helm &> /dev/null; then + echo "Helm is not installed. Please install Helm before proceeding." + exit 1 +fi + +WD=$(dirname "$0") +PROW="$(dirname "$WD")" +ROOT="$(dirname "$PROW")" + +WORKDIR="$2" +IOP_FILE="$2"/iop.yaml +SAIL_IOP_FILE="$(basename "${IOP_FILE%.yaml}")-sail.yaml" + +ISTIO_VERSION="${ISTIO_VERSION:-v1.24.1}" +INGRESS_GATEWAY_SVC_NAMESPACE="${INGRESS_GATEWAY_SVC_NAMESPACE:-istio-system}" +ISTIOCNI_NAMESPACE="${ISTIOCNI_NAMESPACE:-istio-cni}" + +ISTIOCNI="${PROW}/config/sail-operator/istioCNI-cr.yaml" +INGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/ingress-gateway-values.yaml" +EGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/egress-gateway-values.yaml" + +CONVERTER_ADDRESS="https://raw.githubusercontent.com/istio-ecosystem/sail-operator/main/tools/configuration-converter.sh" +CONVERTER_SCRIPT=$(basename $CONVERTER_ADDRESS) + +function download_execute_converter(){ + cd ${PROW} + curl -fsSL "$CONVERTER_ADDRESS" -o "$CONVERTER_SCRIPT" || { echo "Failed to download converter script"; exit 1; } + chmod +x $CONVERTER_SCRIPT + bash $CONVERTER_SCRIPT "$IOP_FILE" -v "$ISTIO_VERSION" -n $INGRESS_GATEWAY_SVC_NAMESPACE + rm $CONVERTER_SCRIPT +} + +function install_istio_cni(){ + oc create namespace "${ISTIOCNI_NAMESPACE}" || true + TMP_ISTIOCNI=$WORKDIR/istioCNI.yaml + cp "$ISTIOCNI" "$TMP_ISTIOCNI" + yq -i ".spec.namespace=\"$ISTIOCNI_NAMESPACE\"" "$TMP_ISTIOCNI" + yq -i ".spec.version=\"$ISTIO_VERSION\"" "$TMP_ISTIOCNI" + oc apply -f "$TMP_ISTIOCNI" + echo "istioCNI created." +} + +function install_istiod(){ + # overwrite sailoperator version before applying it + if [ "${SAIL_API_VERSION:-}" != "" ]; then + yq -i eval ".apiVersion = \"sailoperator.io/$SAIL_API_VERSION\"" "$WORKDIR/$SAIL_IOP_FILE" + fi + oc apply -f "$WORKDIR/$SAIL_IOP_FILE" + echo "istiod created." +} + +# Install ingress and egress gateways +function install_gateways(){ + helm template -n $INGRESS_GATEWAY_SVC_NAMESPACE istio-ingressgateway ${ROOT}/manifests/charts/gateway --values $INGRESS_GATEWAY_VALUES > ${WORKDIR}/istio-ingressgateway.yaml + oc apply -f ${WORKDIR}/istio-ingressgateway.yaml + helm template -n $INGRESS_GATEWAY_SVC_NAMESPACE istio-egressgateway ${ROOT}/manifests/charts/gateway --values $EGRESS_GATEWAY_VALUES > ${WORKDIR}/istio-egressgateway.yaml + oc apply -f ${WORKDIR}/istio-egressgateway.yaml + echo "Gateways created." + +} + +function cleanup_istio(){ + oc delete istio/default + oc delete istioCNI/default + oc delete all --selector app=istio-egressgateway -n $INGRESS_GATEWAY_SVC_NAMESPACE + oc delete all --selector app=istio-ingressgateway -n $INGRESS_GATEWAY_SVC_NAMESPACE + echo "Cleanup completed." +} + +if [ "$1" = "install" ]; then + download_execute_converter || { echo "Failed to execute converter"; exit 1; } + install_istio_cni || { echo "Failed to install Istio CNI"; exit 1; } + install_istiod || { echo "Failed to install Istiod"; exit 1; } + install_gateways || { echo "Failed to install gateways"; exit 1; } +elif [ "$1" = "cleanup" ]; then + cleanup_istio || { echo "Failed to cleanup cluster"; exit 1; } +fi From e4bc17b19f6703e2d9e0c382372125731c049031 Mon Sep 17 00:00:00 2001 From: ctartici Date: Mon, 24 Feb 2025 15:52:39 +0100 Subject: [PATCH 2/6] enhanced comments and variable names --- .../{istioCNI-cr.yaml => istio-cni.yaml} | 0 prow/integ-suite-ocp.sh | 3 +- prow/setup/sail-operator-setup.sh | 33 +++++++++++-------- 3 files changed, 22 insertions(+), 14 deletions(-) rename prow/config/sail-operator/{istioCNI-cr.yaml => istio-cni.yaml} (100%) diff --git a/prow/config/sail-operator/istioCNI-cr.yaml b/prow/config/sail-operator/istio-cni.yaml similarity index 100% rename from prow/config/sail-operator/istioCNI-cr.yaml rename to prow/config/sail-operator/istio-cni.yaml diff --git a/prow/integ-suite-ocp.sh b/prow/integ-suite-ocp.sh index c12751f584..b7b6b87d1b 100755 --- a/prow/integ-suite-ocp.sh +++ b/prow/integ-suite-ocp.sh @@ -29,6 +29,7 @@ SKIP_TESTS="${2:-""}" TEST_SUITE="${1:-"pilot"}" SKIP_SETUP="${SKIP_SETUP:-"false"}" INSTALL_METALLB="${INSTALL_METALLB:-"false"}" +CONTROL_PLANE_SOURCE="${CONTROL_PLANE_SOURCE:-"istio"}" # Important: SKIP_TEST_RUN is a workaround until downstream tests can be executed by using this script. # To execute the tests in downstream, set SKIP_TEST_RUN to true # Jira: https://issues.redhat.com/browse/OSSM-8029 @@ -136,7 +137,7 @@ base_cmd=("go" "test" "-p" "1" "-v" "-count=1" "-tags=integ" "-vet=off" "-timeou "--istio.test.openshift") # Append sail operator setup script to base command -if [ "${OPERATOR_TYPE:-}" == "sail" ]; then +if [ "${CONTROL_PLANE_SOURCE}" == "sail" ]; then SAIL_SETUP_SCRIPT="${WD}/setup/sail-operator-setup.sh" base_cmd+=("--istio.test.kube.deploy=false") base_cmd+=("--istio.test.kube.controlPlaneInstaller=${SAIL_SETUP_SCRIPT}") diff --git a/prow/setup/sail-operator-setup.sh b/prow/setup/sail-operator-setup.sh index 89f2b45dfa..5374e05742 100755 --- a/prow/setup/sail-operator-setup.sh +++ b/prow/setup/sail-operator-setup.sh @@ -18,6 +18,7 @@ # install and another is with cleanup. On install script is used to convert istio in-cluster operator config to sail operator config and install istiod, istio-cni and gateways. # On cleanup istiod, istio-cni, istio-ingressgateway and istio-engressgateway are cleaned # The output log of this script is printed under working directory set by: --istio.test.work_dir/sail-operator-setup.log +# Upstream WoW to call this script is documented in here: https://github.com/openshift-service-mesh/istio/tree/master/tests/integration#running-tests-on-custom-deployment exec > >(tee -a "$2"/sail-operator-setup.log) 2>&1 # Exit immediately for non zero status @@ -26,6 +27,8 @@ set -e set -u # Print commands set -x +# fail if any command in the pipeline fails +set -o pipefail function usage() { echo "Usage: $0 " @@ -53,14 +56,15 @@ PROW="$(dirname "$WD")" ROOT="$(dirname "$PROW")" WORKDIR="$2" +# iop.yaml is the static file name for istiod config created by upstream integration test runtime IOP_FILE="$2"/iop.yaml SAIL_IOP_FILE="$(basename "${IOP_FILE%.yaml}")-sail.yaml" -ISTIO_VERSION="${ISTIO_VERSION:-v1.24.1}" +ISTIO_VERSION="${ISTIO_VERSION:-latest}" INGRESS_GATEWAY_SVC_NAMESPACE="${INGRESS_GATEWAY_SVC_NAMESPACE:-istio-system}" ISTIOCNI_NAMESPACE="${ISTIOCNI_NAMESPACE:-istio-cni}" -ISTIOCNI="${PROW}/config/sail-operator/istioCNI-cr.yaml" +ISTIOCNI="${PROW}/config/sail-operator/istio-cni.yaml" INGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/ingress-gateway-values.yaml" EGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/egress-gateway-values.yaml" @@ -68,16 +72,16 @@ CONVERTER_ADDRESS="https://raw.githubusercontent.com/istio-ecosystem/sail-operat CONVERTER_SCRIPT=$(basename $CONVERTER_ADDRESS) function download_execute_converter(){ - cd ${PROW} + cd "${PROW}" curl -fsSL "$CONVERTER_ADDRESS" -o "$CONVERTER_SCRIPT" || { echo "Failed to download converter script"; exit 1; } - chmod +x $CONVERTER_SCRIPT - bash $CONVERTER_SCRIPT "$IOP_FILE" -v "$ISTIO_VERSION" -n $INGRESS_GATEWAY_SVC_NAMESPACE - rm $CONVERTER_SCRIPT + chmod +x "$CONVERTER_SCRIPT" + bash "$CONVERTER_SCRIPT" "$IOP_FILE" -v "$ISTIO_VERSION" -n "$INGRESS_GATEWAY_SVC_NAMESPACE" || { echo "Failed to execute converter script"; exit 1; } + rm "$CONVERTER_SCRIPT" } function install_istio_cni(){ oc create namespace "${ISTIOCNI_NAMESPACE}" || true - TMP_ISTIOCNI=$WORKDIR/istioCNI.yaml + TMP_ISTIOCNI=$WORKDIR/istio-cni.yaml cp "$ISTIOCNI" "$TMP_ISTIOCNI" yq -i ".spec.namespace=\"$ISTIOCNI_NAMESPACE\"" "$TMP_ISTIOCNI" yq -i ".spec.version=\"$ISTIO_VERSION\"" "$TMP_ISTIOCNI" @@ -91,15 +95,18 @@ function install_istiod(){ yq -i eval ".apiVersion = \"sailoperator.io/$SAIL_API_VERSION\"" "$WORKDIR/$SAIL_IOP_FILE" fi oc apply -f "$WORKDIR/$SAIL_IOP_FILE" + oc wait --for=condition=Available=True deployment/istiod --timeout=30s echo "istiod created." } # Install ingress and egress gateways function install_gateways(){ - helm template -n $INGRESS_GATEWAY_SVC_NAMESPACE istio-ingressgateway ${ROOT}/manifests/charts/gateway --values $INGRESS_GATEWAY_VALUES > ${WORKDIR}/istio-ingressgateway.yaml - oc apply -f ${WORKDIR}/istio-ingressgateway.yaml - helm template -n $INGRESS_GATEWAY_SVC_NAMESPACE istio-egressgateway ${ROOT}/manifests/charts/gateway --values $EGRESS_GATEWAY_VALUES > ${WORKDIR}/istio-egressgateway.yaml - oc apply -f ${WORKDIR}/istio-egressgateway.yaml + helm template -n "$INGRESS_GATEWAY_SVC_NAMESPACE" istio-ingressgateway "${ROOT}"/manifests/charts/gateway --values "$INGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-ingressgateway.yaml + oc apply -f "${WORKDIR}"/istio-ingressgateway.yaml + helm template -n "$INGRESS_GATEWAY_SVC_NAMESPACE" istio-egressgateway "${ROOT}"/manifests/charts/gateway --values "$EGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-egressgateway.yaml + oc apply -f "${WORKDIR}"/istio-egressgateway.yaml + oc wait --for=condition=Available=True deployment/istio-ingressgateway --timeout=30s + oc wait --for=condition=Available=True deployment/istio-egressgateway --timeout=30s echo "Gateways created." } @@ -107,8 +114,8 @@ function install_gateways(){ function cleanup_istio(){ oc delete istio/default oc delete istioCNI/default - oc delete all --selector app=istio-egressgateway -n $INGRESS_GATEWAY_SVC_NAMESPACE - oc delete all --selector app=istio-ingressgateway -n $INGRESS_GATEWAY_SVC_NAMESPACE + oc delete all --selector app=istio-egressgateway -n "$INGRESS_GATEWAY_SVC_NAMESPACE" + oc delete all --selector app=istio-ingressgateway -n "$INGRESS_GATEWAY_SVC_NAMESPACE" echo "Cleanup completed." } From 8b1a9190912b243c2f84c6cb902d9c2e1eed23de Mon Sep 17 00:00:00 2001 From: ctartici Date: Tue, 25 Feb 2025 17:02:57 +0100 Subject: [PATCH 3/6] install operator option added --- prow/config/sail-operator/istio-cni.yaml | 4 +-- prow/integ-suite-ocp.sh | 8 ++++++ prow/setup/ocp_setup.sh | 30 ++++++++++++++++++++ prow/setup/sail-operator-setup.sh | 36 +++++++++++++++--------- 4 files changed, 62 insertions(+), 16 deletions(-) diff --git a/prow/config/sail-operator/istio-cni.yaml b/prow/config/sail-operator/istio-cni.yaml index 7df6c5a06a..2e398111b7 100644 --- a/prow/config/sail-operator/istio-cni.yaml +++ b/prow/config/sail-operator/istio-cni.yaml @@ -1,8 +1,8 @@ -apiVersion: sailoperator.io/v1alpha1 +apiVersion: sailoperator.io/v1 kind: IstioCNI metadata: name: default spec: - namespace: ${ISTIOCNI_NAESPACE} + namespace: ${ISTIOCNI_NAMESPACE} version: ${ISTIO_VERSION} profile: openshift \ No newline at end of file diff --git a/prow/integ-suite-ocp.sh b/prow/integ-suite-ocp.sh index b7b6b87d1b..9fca5a8f0a 100755 --- a/prow/integ-suite-ocp.sh +++ b/prow/integ-suite-ocp.sh @@ -29,7 +29,10 @@ SKIP_TESTS="${2:-""}" TEST_SUITE="${1:-"pilot"}" SKIP_SETUP="${SKIP_SETUP:-"false"}" INSTALL_METALLB="${INSTALL_METALLB:-"false"}" +OPERATOR_NAMESPACE="${OPERATOR_NAMESPACE:-"sail-operator"}" CONTROL_PLANE_SOURCE="${CONTROL_PLANE_SOURCE:-"istio"}" +INSTALL_SAIL_OPERATOR="${INSTALL_SAIL_OPERATOR:-"true"}" + # Important: SKIP_TEST_RUN is a workaround until downstream tests can be executed by using this script. # To execute the tests in downstream, set SKIP_TEST_RUN to true # Jira: https://issues.redhat.com/browse/OSSM-8029 @@ -97,6 +100,11 @@ else echo "Skipping the setup" fi +# Install Sail Operator +if [ "${INSTALL_SAIL_OPERATOR}" == "true" ]; then + deploy_operator +fi + # Check if the test run should be skipped # This is a workaround until downstream tests can be executed by using this script. # Jira: https://issues.redhat.com/browse/OSSM-8029 diff --git a/prow/setup/ocp_setup.sh b/prow/setup/ocp_setup.sh index 5ad11a9f14..8c2e070224 100644 --- a/prow/setup/ocp_setup.sh +++ b/prow/setup/ocp_setup.sh @@ -31,6 +31,7 @@ WD=$(dirname "$0") WD=$(cd "$WD"; pwd) TIMEOUT=300 export NAMESPACE="${NAMESPACE:-"istio-system"}" +SAIL_REPO_URL="https://github.com/istio-ecosystem/sail-operator.git" function setup_internal_registry() { # Validate that the internal registry is running in the OCP Cluster, configure the variable to be used in the make target. @@ -177,4 +178,33 @@ spec: timeout --foreground -v -s SIGHUP -k ${TIMEOUT} ${TIMEOUT} bash -c 'until oc get IPAddressPool default -n metallb-system; do sleep 5; done && echo "The IP address pool has been created."' echo "MetalLB has been deployed and configured with the IP address pool." +} + +#need to change env variables since make deploy of sail-operator uses them +function env_save(){ + INICIAL_NAMESPACE="$NAMESPACE" + INICIAL_HUB="$HUB" + INITIAL_TAG="$TAG" +} +function cleanup_sail_repo() { + echo "Cleaning up..." + cd .. 2>/dev/null || true + rm -rf sail-operator + export NAMESPACE="$INICIAL_NAMESPACE" + export HUB="$INICIAL_HUB" + export TAG="$INITIAL_TAG" +} + +function deploy_operator(){ + env_save + unset HUB + unset TAG + unset NAMESPACE + git clone --depth 1 --branch main $SAIL_REPO_URL || { echo "Failed to clone sail-operator repo"; exit 1; } + cd sail-operator + make deploy || { echo "sail-operator make deploy failed"; cleanup_sail_repo ; exit 1; } + oc -n sail-operator wait --for=condition=Available deployment/sail-operator --timeout=240s || { echo "Failed to start sail-operator"; exit 1; } + cleanup_sail_repo + echo "Sail operator deployed" + } \ No newline at end of file diff --git a/prow/setup/sail-operator-setup.sh b/prow/setup/sail-operator-setup.sh index 5374e05742..a3382a1f78 100755 --- a/prow/setup/sail-operator-setup.sh +++ b/prow/setup/sail-operator-setup.sh @@ -20,7 +20,10 @@ # The output log of this script is printed under working directory set by: --istio.test.work_dir/sail-operator-setup.log # Upstream WoW to call this script is documented in here: https://github.com/openshift-service-mesh/istio/tree/master/tests/integration#running-tests-on-custom-deployment -exec > >(tee -a "$2"/sail-operator-setup.log) 2>&1 +LOG_FILE="$2/sail-operator-setup.log" +# Redirect stdout and stderr to the log file +exec > >(awk '{print strftime("[%Y-%m-%d %H:%M:%S]"), $0}' | tee -a "$LOG_FILE") 2>&1 + # Exit immediately for non zero status set -e # Check unset variables @@ -30,6 +33,7 @@ set -x # fail if any command in the pipeline fails set -o pipefail + function usage() { echo "Usage: $0 " echo "Example: $0 install /path/to/iop.yaml" @@ -60,8 +64,8 @@ WORKDIR="$2" IOP_FILE="$2"/iop.yaml SAIL_IOP_FILE="$(basename "${IOP_FILE%.yaml}")-sail.yaml" -ISTIO_VERSION="${ISTIO_VERSION:-latest}" -INGRESS_GATEWAY_SVC_NAMESPACE="${INGRESS_GATEWAY_SVC_NAMESPACE:-istio-system}" +ISTIO_VERSION="${ISTIO_VERSION:-v1.24-latest}" +NAMESPACE="${NAMESPACE:-istio-system}" ISTIOCNI_NAMESPACE="${ISTIOCNI_NAMESPACE:-istio-cni}" ISTIOCNI="${PROW}/config/sail-operator/istio-cni.yaml" @@ -75,7 +79,7 @@ function download_execute_converter(){ cd "${PROW}" curl -fsSL "$CONVERTER_ADDRESS" -o "$CONVERTER_SCRIPT" || { echo "Failed to download converter script"; exit 1; } chmod +x "$CONVERTER_SCRIPT" - bash "$CONVERTER_SCRIPT" "$IOP_FILE" -v "$ISTIO_VERSION" -n "$INGRESS_GATEWAY_SVC_NAMESPACE" || { echo "Failed to execute converter script"; exit 1; } + bash "$CONVERTER_SCRIPT" "$IOP_FILE" -v "$ISTIO_VERSION" -n "$NAMESPACE" || { echo "Failed to execute converter script"; exit 1; } rm "$CONVERTER_SCRIPT" } @@ -91,31 +95,35 @@ function install_istio_cni(){ function install_istiod(){ # overwrite sailoperator version before applying it + oc create namespace "${NAMESPACE}" || true if [ "${SAIL_API_VERSION:-}" != "" ]; then yq -i eval ".apiVersion = \"sailoperator.io/$SAIL_API_VERSION\"" "$WORKDIR/$SAIL_IOP_FILE" fi - oc apply -f "$WORKDIR/$SAIL_IOP_FILE" - oc wait --for=condition=Available=True deployment/istiod --timeout=30s + oc apply -f "$WORKDIR/$SAIL_IOP_FILE" || { echo "Failed to install istiod"; kubectl get istio default -o yaml;} + oc -n "$NAMESPACE" wait --for=condition=Available deployment/istiod --timeout=240s || { sleep 60; } echo "istiod created." } # Install ingress and egress gateways function install_gateways(){ - helm template -n "$INGRESS_GATEWAY_SVC_NAMESPACE" istio-ingressgateway "${ROOT}"/manifests/charts/gateway --values "$INGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-ingressgateway.yaml + helm template -n "$NAMESPACE" istio-ingressgateway "${ROOT}"/manifests/charts/gateway --values "$INGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-ingressgateway.yaml oc apply -f "${WORKDIR}"/istio-ingressgateway.yaml - helm template -n "$INGRESS_GATEWAY_SVC_NAMESPACE" istio-egressgateway "${ROOT}"/manifests/charts/gateway --values "$EGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-egressgateway.yaml + helm template -n "$NAMESPACE" istio-egressgateway "${ROOT}"/manifests/charts/gateway --values "$EGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-egressgateway.yaml oc apply -f "${WORKDIR}"/istio-egressgateway.yaml - oc wait --for=condition=Available=True deployment/istio-ingressgateway --timeout=30s - oc wait --for=condition=Available=True deployment/istio-egressgateway --timeout=30s + oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-ingressgateway --timeout=60s || { echo "Failed to start istio-ingressgateway"; oc get pods -n "$NAMESPACE" -o wide; oc describe pod $(oc get pods -n istio-system --no-headers | awk '$3=="ErrImagePull" {print $1}' | head -n 1) -n istio-system;} + oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-egressgateway --timeout=60s || { echo "Failed to start istio-egressgateway"; kubectl get istios; oc get pods -n "$NAMESPACE" -o wide;} echo "Gateways created." } function cleanup_istio(){ - oc delete istio/default - oc delete istioCNI/default - oc delete all --selector app=istio-egressgateway -n "$INGRESS_GATEWAY_SVC_NAMESPACE" - oc delete all --selector app=istio-ingressgateway -n "$INGRESS_GATEWAY_SVC_NAMESPACE" + kubectl delete all --all -n $ISTIOCNI_NAMESPACE + kubectl delete all --all -n $NAMESPACE + kubectl delete istios.sailoperator.io --all --all-namespaces --wait=true + kubectl get clusterrole | grep istio | awk '{print $1}' | xargs kubectl delete clusterrole + kubectl get clusterrolebinding | grep istio | awk '{print $1}' | xargs kubectl delete clusterrolebinding + oc delete ns $ISTIOCNI_NAMESPACE + oc delete ns $NAMESPACE echo "Cleanup completed." } From 6d2370e3d61439ea510ef9490ec35f8dedc41a97 Mon Sep 17 00:00:00 2001 From: ctartici Date: Thu, 27 Mar 2025 09:28:58 +0100 Subject: [PATCH 4/6] Skip failing tests in telemetry suite. --- prow/integ-suite-ocp.sh | 5 +---- prow/setup/sail-operator-setup.sh | 2 -- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/prow/integ-suite-ocp.sh b/prow/integ-suite-ocp.sh index 1e8c7e5fca..578c0be490 100755 --- a/prow/integ-suite-ocp.sh +++ b/prow/integ-suite-ocp.sh @@ -31,7 +31,7 @@ SKIP_SETUP="${SKIP_SETUP:-"false"}" INSTALL_METALLB="${INSTALL_METALLB:-"false"}" OPERATOR_NAMESPACE="${OPERATOR_NAMESPACE:-"sail-operator"}" CONTROL_PLANE_SOURCE="${CONTROL_PLANE_SOURCE:-"istio"}" -INSTALL_SAIL_OPERATOR="${INSTALL_SAIL_OPERATOR:-"true"}" +INSTALL_SAIL_OPERATOR="${INSTALL_SAIL_OPERATOR:-"false"}" # Important: SKIP_TEST_RUN is a workaround until downstream tests can be executed by using this script. # To execute the tests in downstream, set SKIP_TEST_RUN to true @@ -149,9 +149,6 @@ if [ "${CONTROL_PLANE_SOURCE}" == "sail" ]; then SAIL_SETUP_SCRIPT="${WD}/setup/sail-operator-setup.sh" base_cmd+=("--istio.test.kube.deploy=false") base_cmd+=("--istio.test.kube.controlPlaneInstaller=${SAIL_SETUP_SCRIPT}") - #SKIP_TESTS+="|TestCNIRaceRepair|TestCNIVersionSkew|TestValidation|TestWebhook|TestMultiRevision|TestTraffic/dns/a|TestPreserveHTTPHeaderCaseConfiguration|TestLocality/TrafficDistribution/EDS" - SKIP_TESTS+="|TestStatsGatewayServerTCPFilter|TestDashboard/pilot-dashboard.json|TestStatsGatewayServerTCPFilter|TestStatsTCPFilter/additional-labels|TestStatsFilter/additional-labels|TestStatsFilter/mockprom-to-metrics|TestServerTracing/primary-0|TestClientTracing/primary-0|TestBadWasmRemoteLoad|TestStatsGatewayServerTCPFilter - echo $SKIP_TESTS fi # Append skip tests flag if SKIP_TESTS is set diff --git a/prow/setup/sail-operator-setup.sh b/prow/setup/sail-operator-setup.sh index a3382a1f78..65dc5c289d 100755 --- a/prow/setup/sail-operator-setup.sh +++ b/prow/setup/sail-operator-setup.sh @@ -122,8 +122,6 @@ function cleanup_istio(){ kubectl delete istios.sailoperator.io --all --all-namespaces --wait=true kubectl get clusterrole | grep istio | awk '{print $1}' | xargs kubectl delete clusterrole kubectl get clusterrolebinding | grep istio | awk '{print $1}' | xargs kubectl delete clusterrolebinding - oc delete ns $ISTIOCNI_NAMESPACE - oc delete ns $NAMESPACE echo "Cleanup completed." } From e848cb7ad9aefa7291d7f9758b504fc6cce266bc Mon Sep 17 00:00:00 2001 From: ctartici Date: Thu, 3 Apr 2025 14:19:49 +0200 Subject: [PATCH 5/6] some workarounds for failing tests --- .../sail-operator/validatingwebhook.yaml | 26 ++++++++++ prow/integ-suite-ocp.sh | 2 +- prow/setup/sail-operator-setup.sh | 48 +++++++++++++++---- 3 files changed, 66 insertions(+), 10 deletions(-) create mode 100755 prow/config/sail-operator/validatingwebhook.yaml diff --git a/prow/config/sail-operator/validatingwebhook.yaml b/prow/config/sail-operator/validatingwebhook.yaml new file mode 100755 index 0000000000..6787c15574 --- /dev/null +++ b/prow/config/sail-operator/validatingwebhook.yaml @@ -0,0 +1,26 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istiod-default-validator + labels: + app: istiod + release: istio +webhooks: + - name: rev.validation.istio.io + clientConfig: + service: + name: istiod + namespace: istio-system + path: /validate + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvVENDQWVXZ0F3SUJBZ0lSQVAwa2VmOC9EenZKVkVXM2VFMDJiM3N3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweU5UQTBNRE13T0RVMU5EaGFGdzB6TlRBMApNREV3T0RVMU5EaGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3dsOFpsUThnZSs4RDh4R0pocTI3M1FybmFBNEFJNnpWbXZ4ekwKbmtNSWxsZ2NIcjhmUitwSVRUQWZ0YUY1TTdtOHR4SmliMzBRVkZsK1ZmallyNEkyTWRWcVJ5SlFPem1mWUxtaQpzYm9FSEhKQVROZ1drQm4xUkRLa25TNFZMd2FweEo3eFZRZkZPK3VKNU8rRnEzVXg4ck9ra0djTUI3TU9aMEZrCkJnT3BKSENlKyt4UGpWWC90d0VsZjd0VmFTOUhWSkIzN0hjaVRUVVkweklacmRnMFByRUVYcjl6Ukt2TzZidlIKQmJ4eFl5VitTMUR0NVMrdkNROVN3WStqQWs0YlhpaEFDdFhrQStxdXF1aFpsUnI5bGp0Z1Zid0pDNHU3UFFtYQpCSWQxVnhHVFZ2c0hpbFlXeWllN01WVkJuTWRRcE50LzdDbjJGUDlzWkVUY0hLNGpBZ01CQUFHalFqQkFNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlN0UTQ1YXZzZ04KT0czN1IweUFtWU9jV1M0Y3RUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWMnFLeEZkcEtkTzY4WExHY2dHcQpFTGtlblcxd2pNZ05rbUtSbWs2Y0hRak8zTUY0dWxjaXZ0SVFaRFpmcmhvWlBWTjhmVWNIbmpZeW00N25JdUFFClRJRXFvZE9teCtobVl5RmgvcE1IRnBLNFNaR0s0bFJjeWVvbytSOUxidk1hL1Mva2wybjZ5WkZNa1Q1Z3NOc28KMURmVENER3NldzNCd3ZqNW5oZEswdHE5Y1o4UzU3emMvdFRocXJZK3JuaU5nN1ZlUWdjWWpKWWxJREpnZmpBcwpFMWNUam1ySEh3MjUrSEtVbThxTjFXRllmMmNZdXRURm1jMnZPc3haa1kxN25ZckVwcGtYYjN0RG9sTnlldk9VCkdhbDBKZ1hweUxSdWIrSGd2di9xMVY3Q3lRNXV5ZDI0QkJMRzUwT3NDa0JKY2g5eDg1VmxYSG9LaEI2MGxjU2kKM1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + rules: + - apiGroups: ["security.istio.io", "networking.istio.io", "telemetry.istio.io", "extensions.istio.io"] + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + scope: "*" + failurePolicy: Fail + matchPolicy: Equivalent + admissionReviewVersions: ["v1"] + sideEffects: None + timeoutSeconds: 10 \ No newline at end of file diff --git a/prow/integ-suite-ocp.sh b/prow/integ-suite-ocp.sh index 578c0be490..9bcb5eeebf 100755 --- a/prow/integ-suite-ocp.sh +++ b/prow/integ-suite-ocp.sh @@ -168,4 +168,4 @@ else fi # Exit with the status of the test command -exit $test_status \ No newline at end of file +exit "$test_status" \ No newline at end of file diff --git a/prow/setup/sail-operator-setup.sh b/prow/setup/sail-operator-setup.sh index 65dc5c289d..c8b9a4e208 100755 --- a/prow/setup/sail-operator-setup.sh +++ b/prow/setup/sail-operator-setup.sh @@ -33,6 +33,8 @@ set -x # fail if any command in the pipeline fails set -o pipefail +SKIP_CLEANUP="${SKIP_CLEANUP:-"false"}" + function usage() { echo "Usage: $0 " @@ -72,7 +74,8 @@ ISTIOCNI="${PROW}/config/sail-operator/istio-cni.yaml" INGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/ingress-gateway-values.yaml" EGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/egress-gateway-values.yaml" -CONVERTER_ADDRESS="https://raw.githubusercontent.com/istio-ecosystem/sail-operator/main/tools/configuration-converter.sh" +CONVERTER_BRANCH="${CONVERTER_BRANCH:-main}" +CONVERTER_ADDRESS="https://raw.githubusercontent.com/istio-ecosystem/sail-operator/$CONVERTER_BRANCH/tools/configuration-converter.sh" CONVERTER_SCRIPT=$(basename $CONVERTER_ADDRESS) function download_execute_converter(){ @@ -93,32 +96,55 @@ function install_istio_cni(){ echo "istioCNI created." } -function install_istiod(){ +function install_istio(){ # overwrite sailoperator version before applying it oc create namespace "${NAMESPACE}" || true if [ "${SAIL_API_VERSION:-}" != "" ]; then yq -i eval ".apiVersion = \"sailoperator.io/$SAIL_API_VERSION\"" "$WORKDIR/$SAIL_IOP_FILE" fi - oc apply -f "$WORKDIR/$SAIL_IOP_FILE" || { echo "Failed to install istiod"; kubectl get istio default -o yaml;} + patch_config + oc apply -f "$WORKDIR/$SAIL_IOP_FILE" || { echo "Failed to install istio"; kubectl get istio default -o yaml;} oc -n "$NAMESPACE" wait --for=condition=Available deployment/istiod --timeout=240s || { sleep 60; } echo "istiod created." } +SECRET_NAME="istio-ca-secret" +WEBHOOK_FILE="$PROW/config/validatingwebhook.yaml" + +function patch_config() { + # adds some control plane values that are mandatory and not available in iop.yaml + if [[ "$WORKDIR" == *"telemetry-tracing-zipkin"* ]]; then + # Workaround until https://github.com/istio/istio/pull/55408 is merged + yq eval ' + .spec.values.meshConfig.enableTracing = true | + .spec.values.pilot.traceSampling = 100.0 | + .spec.values.global.proxy.tracer = "zipkin" + ' -i "$WORKDIR/$SAIL_IOP_FILE" + echo "Configured tracing for Zipkin." + fi + + # Workaround until https://github.com/istio-ecosystem/sail-operator/issues/749 is fixed + CA_BUNDLE=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" -o yaml | grep "ca-cert" | awk '{print $2}') + sed -i "s||$CA_BUNDLE|g" "$WEBHOOK_FILE" + kubectl apply -f "$WEBHOOK_FILE" + sed -i "s|$CA_BUNDLE||g" "$WEBHOOK_FILE" +} + # Install ingress and egress gateways function install_gateways(){ helm template -n "$NAMESPACE" istio-ingressgateway "${ROOT}"/manifests/charts/gateway --values "$INGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-ingressgateway.yaml oc apply -f "${WORKDIR}"/istio-ingressgateway.yaml helm template -n "$NAMESPACE" istio-egressgateway "${ROOT}"/manifests/charts/gateway --values "$EGRESS_GATEWAY_VALUES" > "${WORKDIR}"/istio-egressgateway.yaml oc apply -f "${WORKDIR}"/istio-egressgateway.yaml - oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-ingressgateway --timeout=60s || { echo "Failed to start istio-ingressgateway"; oc get pods -n "$NAMESPACE" -o wide; oc describe pod $(oc get pods -n istio-system --no-headers | awk '$3=="ErrImagePull" {print $1}' | head -n 1) -n istio-system;} - oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-egressgateway --timeout=60s || { echo "Failed to start istio-egressgateway"; kubectl get istios; oc get pods -n "$NAMESPACE" -o wide;} + oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-ingressgateway --timeout=60s || { echo "Failed to start istio-ingressgateway"; oc get pods -n "$NAMESPACE" -o wide; oc describe pod $(oc get pods -n istio-system --no-headers | awk "$3==\"ErrImagePull\" {print $1}" | head -n 1) -n istio-system; exit 1;} + oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-egressgateway --timeout=60s || { echo "Failed to start istio-egressgateway"; kubectl get istios; oc get pods -n "$NAMESPACE" -o wide; exit 1;} echo "Gateways created." } function cleanup_istio(){ - kubectl delete all --all -n $ISTIOCNI_NAMESPACE - kubectl delete all --all -n $NAMESPACE + kubectl delete all --all -n "$ISTIOCNI_NAMESPACE" + kubectl delete all --all -n "$NAMESPACE" kubectl delete istios.sailoperator.io --all --all-namespaces --wait=true kubectl get clusterrole | grep istio | awk '{print $1}' | xargs kubectl delete clusterrole kubectl get clusterrolebinding | grep istio | awk '{print $1}' | xargs kubectl delete clusterrolebinding @@ -128,8 +154,12 @@ function cleanup_istio(){ if [ "$1" = "install" ]; then download_execute_converter || { echo "Failed to execute converter"; exit 1; } install_istio_cni || { echo "Failed to install Istio CNI"; exit 1; } - install_istiod || { echo "Failed to install Istiod"; exit 1; } + install_istio || { echo "Failed to install Istio"; exit 1; } install_gateways || { echo "Failed to install gateways"; exit 1; } elif [ "$1" = "cleanup" ]; then - cleanup_istio || { echo "Failed to cleanup cluster"; exit 1; } + if [ "$SKIP_CLEANUP" = "true" ]; then + echo "Skipping cleanup because SKIP_CLEANUP is set to true." + else + cleanup_istio || { echo "Failed to cleanup cluster"; exit 1; } + fi fi From 85b898e24117918db9f94d21a8d28b1644c641c0 Mon Sep 17 00:00:00 2001 From: ctartici Date: Mon, 7 Apr 2025 13:53:28 +0200 Subject: [PATCH 6/6] get latest version from sail repo --- .../sail-operator/validatingwebhook.yaml | 2 +- prow/setup/sail-operator-setup.sh | 32 +++++++++++++++---- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/prow/config/sail-operator/validatingwebhook.yaml b/prow/config/sail-operator/validatingwebhook.yaml index 6787c15574..90ce0471ee 100755 --- a/prow/config/sail-operator/validatingwebhook.yaml +++ b/prow/config/sail-operator/validatingwebhook.yaml @@ -12,7 +12,7 @@ webhooks: name: istiod namespace: istio-system path: /validate - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvVENDQWVXZ0F3SUJBZ0lSQVAwa2VmOC9EenZKVkVXM2VFMDJiM3N3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQ2hNTlkyeDFjM1JsY2k1c2IyTmhiREFlRncweU5UQTBNRE13T0RVMU5EaGFGdzB6TlRBMApNREV3T0RVMU5EaGFNQmd4RmpBVUJnTlZCQW9URFdOc2RYTjBaWEl1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3dsOFpsUThnZSs4RDh4R0pocTI3M1FybmFBNEFJNnpWbXZ4ekwKbmtNSWxsZ2NIcjhmUitwSVRUQWZ0YUY1TTdtOHR4SmliMzBRVkZsK1ZmallyNEkyTWRWcVJ5SlFPem1mWUxtaQpzYm9FSEhKQVROZ1drQm4xUkRLa25TNFZMd2FweEo3eFZRZkZPK3VKNU8rRnEzVXg4ck9ra0djTUI3TU9aMEZrCkJnT3BKSENlKyt4UGpWWC90d0VsZjd0VmFTOUhWSkIzN0hjaVRUVVkweklacmRnMFByRUVYcjl6Ukt2TzZidlIKQmJ4eFl5VitTMUR0NVMrdkNROVN3WStqQWs0YlhpaEFDdFhrQStxdXF1aFpsUnI5bGp0Z1Zid0pDNHU3UFFtYQpCSWQxVnhHVFZ2c0hpbFlXeWllN01WVkJuTWRRcE50LzdDbjJGUDlzWkVUY0hLNGpBZ01CQUFHalFqQkFNQTRHCkExVWREd0VCL3dRRUF3SUNCREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlN0UTQ1YXZzZ04KT0czN1IweUFtWU9jV1M0Y3RUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFWMnFLeEZkcEtkTzY4WExHY2dHcQpFTGtlblcxd2pNZ05rbUtSbWs2Y0hRak8zTUY0dWxjaXZ0SVFaRFpmcmhvWlBWTjhmVWNIbmpZeW00N25JdUFFClRJRXFvZE9teCtobVl5RmgvcE1IRnBLNFNaR0s0bFJjeWVvbytSOUxidk1hL1Mva2wybjZ5WkZNa1Q1Z3NOc28KMURmVENER3NldzNCd3ZqNW5oZEswdHE5Y1o4UzU3emMvdFRocXJZK3JuaU5nN1ZlUWdjWWpKWWxJREpnZmpBcwpFMWNUam1ySEh3MjUrSEtVbThxTjFXRllmMmNZdXRURm1jMnZPc3haa1kxN25ZckVwcGtYYjN0RG9sTnlldk9VCkdhbDBKZ1hweUxSdWIrSGd2di9xMVY3Q3lRNXV5ZDI0QkJMRzUwT3NDa0JKY2g5eDg1VmxYSG9LaEI2MGxjU2kKM1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + caBundle: rules: - apiGroups: ["security.istio.io", "networking.istio.io", "telemetry.istio.io", "extensions.istio.io"] apiVersions: ["*"] diff --git a/prow/setup/sail-operator-setup.sh b/prow/setup/sail-operator-setup.sh index c8b9a4e208..d2f7218208 100755 --- a/prow/setup/sail-operator-setup.sh +++ b/prow/setup/sail-operator-setup.sh @@ -66,7 +66,14 @@ WORKDIR="$2" IOP_FILE="$2"/iop.yaml SAIL_IOP_FILE="$(basename "${IOP_FILE%.yaml}")-sail.yaml" -ISTIO_VERSION="${ISTIO_VERSION:-v1.24-latest}" +CONVERTER_BRANCH="${CONVERTER_BRANCH:-main}" + +# get istio version from versions.yaml +VERSION_FILE="https://raw.githubusercontent.com/istio-ecosystem/sail-operator/$CONVERTER_BRANCH/pkg/istioversion/versions.yaml" +if [ -z "${ISTIO_VERSION:-}" ]; then + ISTIO_VERSION="$(curl -s "$VERSION_FILE" | grep -E 'name: v[0-9]+\.[0-9]+' | sed -E 's/.*(v[0-9]+\.[0-9]+).*/\1/' | sort -Vr | head -n1)-latest" +fi + NAMESPACE="${NAMESPACE:-istio-system}" ISTIOCNI_NAMESPACE="${ISTIOCNI_NAMESPACE:-istio-cni}" @@ -74,9 +81,8 @@ ISTIOCNI="${PROW}/config/sail-operator/istio-cni.yaml" INGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/ingress-gateway-values.yaml" EGRESS_GATEWAY_VALUES="${PROW}/config/sail-operator/egress-gateway-values.yaml" -CONVERTER_BRANCH="${CONVERTER_BRANCH:-main}" CONVERTER_ADDRESS="https://raw.githubusercontent.com/istio-ecosystem/sail-operator/$CONVERTER_BRANCH/tools/configuration-converter.sh" -CONVERTER_SCRIPT=$(basename $CONVERTER_ADDRESS) +CONVERTER_SCRIPT=$(basename "$CONVERTER_ADDRESS") function download_execute_converter(){ cd "${PROW}" @@ -109,7 +115,7 @@ function install_istio(){ } SECRET_NAME="istio-ca-secret" -WEBHOOK_FILE="$PROW/config/validatingwebhook.yaml" +WEBHOOK_FILE="$PROW/config/sail-operator/validatingwebhook.yaml" function patch_config() { # adds some control plane values that are mandatory and not available in iop.yaml @@ -124,7 +130,22 @@ function patch_config() { fi # Workaround until https://github.com/istio-ecosystem/sail-operator/issues/749 is fixed - CA_BUNDLE=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" -o yaml | grep "ca-cert" | awk '{print $2}') + CA_BUNDLE=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" -o yaml 2>/dev/null | grep "ca-cert" | awk '{print $2}') + + # If not found, sleep for 5 seconds and retry once + if [ -z "$CA_BUNDLE" ]; then + echo "Secret not found. Sleeping for 5 seconds before retrying..." + sleep 5 + + # Retry once + CA_BUNDLE=$(kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" -o yaml 2>/dev/null | grep "ca-cert" | awk '{print $2}') + + if [ -z "$CA_BUNDLE" ]; then + echo "Secret still not found after retry. Exiting." + exit 1 + fi + fi + sed -i "s||$CA_BUNDLE|g" "$WEBHOOK_FILE" kubectl apply -f "$WEBHOOK_FILE" sed -i "s|$CA_BUNDLE||g" "$WEBHOOK_FILE" @@ -139,7 +160,6 @@ function install_gateways(){ oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-ingressgateway --timeout=60s || { echo "Failed to start istio-ingressgateway"; oc get pods -n "$NAMESPACE" -o wide; oc describe pod $(oc get pods -n istio-system --no-headers | awk "$3==\"ErrImagePull\" {print $1}" | head -n 1) -n istio-system; exit 1;} oc -n "$NAMESPACE" wait --for=condition=Available deployment/istio-egressgateway --timeout=60s || { echo "Failed to start istio-egressgateway"; kubectl get istios; oc get pods -n "$NAMESPACE" -o wide; exit 1;} echo "Gateways created." - } function cleanup_istio(){