Skip to content

Commit

Permalink
Re-enable remaining acceptance tests (#1652)
Browse files Browse the repository at this point in the history 
* Re-enable remaining acceptance tests
* Add -virtual suffix to node names in consul
  • Loading branch information
@ishustava
ishustava authored Nov 16, 2022
1 parent f0c58c7 commit ca6a8c9
Show file tree
Hide file tree
Showing 24 changed files with 337 additions and 223 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/reusable-acceptance.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,14 @@ on:
secrets:
CONSUL_ENT_LICENSE:
required: true
VAULT_LICENSE:
required: true

# Environment variables can only be used at the step level
env:
TEST_RESULTS: /tmp/test-results # path to where test results are saved
CONSUL_ENT_LICENSE: ${{ secrets.CONSUL_ENT_LICENSE }}
VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }}
CONSUL_K8S_IMAGE: ${{ inputs.consul-k8s-image }}

jobs:
Expand Down
4 changes: 0 additions & 4 deletions acceptance/tests/peering/peering_connect_namespaces_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,6 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
t.Skipf("skipping this test because -enable-enterprise is not set")
}

if cfg.EnableTransparentProxy {
t.Skipf("skipping because no t-proxy support")
}

ver, err := version.NewVersion("1.13.0")
require.NoError(t, err)
if cfg.ConsulVersion != nil && cfg.ConsulVersion.LessThan(ver) {
Expand Down
7 changes: 2 additions & 5 deletions acceptance/tests/vault/main_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package vault

import (
"fmt"
"os"
"testing"

Expand All @@ -11,8 +10,6 @@ import (
var suite testsuite.Suite

func TestMain(m *testing.M) {
fmt.Println("Skipping vault tests because it's not supported with agentless yet")
os.Exit(0)
//suite = testsuite.NewSuite(m)
//os.Exit(suite.Run())
suite = testsuite.NewSuite(m)
os.Exit(suite.Run())
}
3 changes: 3 additions & 0 deletions acceptance/tests/vault/vault_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,9 @@ func TestVault(t *testing.T) {
"syncCatalog.enabled": "true",
"syncCatalog.toConsul": "false",
"syncCatalog.toK8S": "false",

// Enable clients to make sure vault integration still works.
"client.enabled": "true",
}

if cfg.EnableEnterprise {
Expand Down
6 changes: 5 additions & 1 deletion charts/consul/templates/client-daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -336,7 +336,11 @@ spec:
{{- end }}
{{- end }}
{{- if .Values.client.grpc }}
-hcl='ports { grpc = 8502 }' \
{{- if .Values.global.tls.enabled }}
-hcl='ports { grpc = -1, grpc_tls = 8502 }' \
{{- else }}
-hcl='ports { grpc = 8502, grpc_tls = -1 }' \
{{- end }}
{{- end }}
{{- if (and .Values.global.metrics.enabled .Values.global.metrics.enableAgentMetrics) }}
-hcl='telemetry { prometheus_retention_time = "{{ .Values.global.metrics.agentMetricsRetentionTime }}" }' \
Expand Down
20 changes: 10 additions & 10 deletions charts/consul/templates/connect-inject-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ spec:
mountPath: /etc/connect-injector/certs
readOnly: true
{{- end }}
{{- if and .Values.global.tls.enabled (not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots))}}
{{- if and .Values.global.tls.enabled (not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled))}}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
Expand All @@ -301,17 +301,17 @@ spec:
secretName: {{ template "consul.fullname" . }}-connect-inject-webhook-cert
{{- end }}
{{- if .Values.global.tls.enabled }}
{{- if not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) }}
{{- if not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled) }}
- name: consul-ca-cert
secret:
{{- if .Values.global.tls.caCert.secretName }}
secretName: {{ .Values.global.tls.caCert.secretName }}
{{- else }}
secretName: {{ template "consul.fullname" . }}-ca-cert
{{- end }}
items:
- key: {{ default "tls.crt" .Values.global.tls.caCert.secretKey }}
path: tls.crt
{{- if .Values.global.tls.caCert.secretName }}
secretName: {{ .Values.global.tls.caCert.secretName }}
{{- else }}
secretName: {{ template "consul.fullname" . }}-ca-cert
{{- end }}
items:
- key: {{ default "tls.crt" .Values.global.tls.caCert.secretKey }}
path: tls.crt
{{- end }}
{{- end }}
{{- if .Values.connectInject.priorityClassName }}
Expand Down
30 changes: 21 additions & 9 deletions charts/consul/templates/ingress-gateways-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ spec:
emptyDir:
medium: "Memory"
{{- if $root.Values.global.tls.enabled }}
{{- if not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) }}
{{- if not (or (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) ($root.Values.global.secretsBackend.vault.enabled)) }}
- name: consul-ca-cert
secret:
{{- if $root.Values.global.tls.caCert.secretName }}
Expand All @@ -178,6 +178,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- include "consul.consulK8sConsulServerEnvVars" $root | nindent 8 }}
{{- if $root.Values.global.enableConsulNamespaces }}
- name: CONSUL_NAMESPACE
Expand All @@ -192,9 +196,7 @@ spec:
value: "component=ingress-gateway,pod=$(NAMESPACE)/$(POD_NAME)"
{{- end }}
- name: CONSUL_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
value: $(NODE_NAME)-virtual
command:
- "/bin/sh"
- "-ec"
Expand All @@ -208,11 +210,13 @@ spec:
volumeMounts:
- name: consul-service
mountPath: /consul/service
{{- if and $root.Values.global.tls.enabled (not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots)) }}
{{- if $root.Values.global.tls.enabled }}
{{- if not (or (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) ($root.Values.global.secretsBackend.vault.enabled)) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
{{- end }}
resources:
requests:
memory: "50Mi"
Expand All @@ -230,11 +234,13 @@ spec:
- name: consul-service
mountPath: /consul/service
readOnly: true
{{- if and $root.Values.global.tls.enabled (not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots)) }}
{{- if $root.Values.global.tls.enabled }}
{{- if not (or (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) ($root.Values.global.secretsBackend.vault.enabled)) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
Expand All @@ -248,6 +254,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: DP_ENVOY_READY_BIND_ADDRESS
valueFrom:
fieldRef:
Expand All @@ -257,9 +267,7 @@ spec:
- name: DP_CREDENTIAL_LOGIN_META2
value: component=ingress-gateway
- name: DP_SERVICE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
value: $(NODE_NAME)-virtual
command:
- consul-dataplane
args:
Expand All @@ -280,8 +288,12 @@ spec:
{{- end }}
{{- if and $root.Values.global.tls.enabled }}
{{- if (not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots)) }}
{{- if $root.Values.global.secretsBackend.vault.enabled }}
- -ca-certs=/vault/secrets/serverca.crt
{{- else }}
- -ca-certs=/consul/tls/ca/tls.crt
{{- end }}
{{- end }}
{{- if and $root.Values.externalServers.enabled $root.Values.externalServers.tlsServerName }}
- -tls-server-name={{ $root.Values.externalServers.tlsServerName }}
{{- else if $root.Values.global.cloud.enabled }}
Expand Down
28 changes: 20 additions & 8 deletions charts/consul/templates/mesh-gateway-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ spec:
emptyDir:
medium: "Memory"
{{- if .Values.global.tls.enabled }}
{{- if not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) }}
{{- if not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled) }}
- name: consul-ca-cert
secret:
{{- if .Values.global.tls.caCert.secretName }}
Expand Down Expand Up @@ -124,6 +124,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- include "consul.consulK8sConsulServerEnvVars" . | nindent 8 }}
{{- if .Values.global.acls.manageSystemACLs }}
- name: CONSUL_LOGIN_AUTH_METHOD
Expand All @@ -142,9 +146,7 @@ spec:
value: "component=mesh-gateway,pod=$(NAMESPACE)/$(POD_NAME)"
{{- end }}
- name: CONSUL_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
value: $(NODE_NAME)-virtual
command:
- "/bin/sh"
- "-ec"
Expand All @@ -158,11 +160,13 @@ spec:
volumeMounts:
- name: consul-service
mountPath: /consul/service
{{- if and .Values.global.tls.enabled (not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots)) }}
{{- if .Values.global.tls.enabled }}
{{- if not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.meshGateway.initServiceInitContainer.resources }}
resources: {{ toYaml .Values.meshGateway.initServiceInitContainer.resources | nindent 10 }}
{{- end }}
Expand All @@ -181,11 +185,13 @@ spec:
- mountPath: /consul/service
name: consul-service
readOnly: true
{{- if .Values.global.tls.enabled }}
{{- if and .Values.global.tls.enabled (not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots)) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
{{- end }}
env:
- name: NAMESPACE
valueFrom:
Expand All @@ -195,14 +201,16 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: DP_CREDENTIAL_LOGIN_META1
value: pod=$(NAMESPACE)/$(POD_NAME)
- name: DP_CREDENTIAL_LOGIN_META2
value: component=mesh-gateway
- name: DP_SERVICE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
value: $(NODE_NAME)-virtual
command:
- consul-dataplane
args:
Expand All @@ -219,8 +227,12 @@ spec:
- -proxy-service-id-path=/consul/service/proxy-id
{{- if .Values.global.tls.enabled }}
{{- if (not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots)) }}
{{- if .Values.global.secretsBackend.vault.enabled }}
- -ca-certs=/vault/secrets/serverca.crt
{{- else }}
- -ca-certs=/consul/tls/ca/tls.crt
{{- end }}
{{- end }}
{{- if and .Values.externalServers.enabled .Values.externalServers.tlsServerName }}
- -tls-server-name={{.Values.externalServers.tlsServerName }}
{{- else if .Values.global.cloud.enabled }}
Expand Down
4 changes: 3 additions & 1 deletion charts/consul/templates/sync-catalog-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ spec:
serviceAccountName: {{ template "consul.fullname" . }}-sync-catalog
volumes:
{{- if .Values.global.tls.enabled }}
{{- if not (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) }}
{{- if not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled) }}
- name: consul-ca-cert
secret:
{{- if .Values.global.tls.caCert.secretName }}
Expand Down Expand Up @@ -102,10 +102,12 @@ spec:
{{- end }}
volumeMounts:
{{- if .Values.global.tls.enabled }}
{{- if not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
{{- end }}
command:
- "/bin/sh"
- "-ec"
Expand Down
26 changes: 17 additions & 9 deletions charts/consul/templates/terminating-gateways-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ spec:
{{- end }}
{{- end }}
{{- if $root.Values.global.tls.enabled }}
{{- if not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) }}
{{- if not (or (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) ($root.Values.global.secretsBackend.vault.enabled)) }}
- name: consul-ca-cert
secret:
{{- if $root.Values.global.tls.caCert.secretName }}
Expand All @@ -163,6 +163,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- include "consul.consulK8sConsulServerEnvVars" $root | nindent 10 }}
{{- if $root.Values.global.enableConsulNamespaces }}
- name: CONSUL_NAMESPACE
Expand All @@ -177,9 +181,7 @@ spec:
value: "component=terminating-gateway,pod=$(NAMESPACE)/$(POD_NAME)"
{{- end }}
- name: CONSUL_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
value: $(NODE_NAME)-virtual
command:
- "/bin/sh"
- "-ec"
Expand All @@ -194,7 +196,7 @@ spec:
- name: consul-service
mountPath: /consul/service
{{- if $root.Values.global.tls.enabled }}
{{- if not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) }}
{{- if not (or (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) ($root.Values.global.secretsBackend.vault.enabled)) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
Expand All @@ -215,7 +217,7 @@ spec:
mountPath: /consul/service
readOnly: true
{{- if $root.Values.global.tls.enabled }}
{{- if not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) }}
{{- if not (or (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) ($root.Values.global.secretsBackend.vault.enabled)) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
Expand All @@ -238,14 +240,16 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: DP_CREDENTIAL_LOGIN_META1
value: pod=$(NAMESPACE)/$(POD_NAME)
- name: DP_CREDENTIAL_LOGIN_META2
value: component=terminating-gateway
- name: DP_SERVICE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
value: $(NODE_NAME)-virtual
command:
- consul-dataplane
args:
Expand All @@ -265,8 +269,12 @@ spec:
{{- end }}
{{- if and $root.Values.global.tls.enabled }}
{{- if (not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots)) }}
{{- if $root.Values.global.secretsBackend.vault.enabled }}
- -ca-certs=/vault/secrets/serverca.crt
{{- else }}
- -ca-certs=/consul/tls/ca/tls.crt
{{- end }}
{{- end }}
{{- if and $root.Values.externalServers.enabled $root.Values.externalServers.tlsServerName }}
- -tls-server-name={{$root.Values.externalServers.tlsServerName }}
{{- else if $root.Values.global.cloud.enabled }}
Expand Down
Loading

0 comments on commit ca6a8c9

Please sign in to comment.