Manual backport of GKE Autopilot support into release/1.2.x (#2964)

* GKE Autopilot support
hashicorp · Sep 15, 2023 · e4c814e · e4c814e
1 parent db190fa
commit e4c814e
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 9 deletions.
diff --git a/.changelog/2952.txt b/.changelog/2952.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+Add support for running on GKE Autopilot.
+```
diff --git a/acceptance/framework/config/config.go b/acceptance/framework/config/config.go
@@ -99,10 +99,11 @@ type TestConfig struct {
 	NoCleanup          bool
 	DebugDirectory     string
 
-	UseAKS  bool
-	UseEKS  bool
-	UseGKE  bool
-	UseKind bool
+	UseAKS          bool
+	UseEKS          bool
+	UseGKE          bool
+	UseGKEAutopilot bool
+	UseKind         bool
 
 	helmChartPath string
 }
@@ -155,6 +156,15 @@ func (t *TestConfig) HelmValuesFromConfig() (map[string]string, error) {
 		}
 	}
 
+	// UseGKEAutopilot is a temporary hack that we need in place as GKE Autopilot is already installing
+	// Gateway CRDs in the clusters. There are still other CRDs we need to install though (see helm cluster install)
+	if t.UseGKEAutopilot {
+		setIfNotEmpty(helmValues, "global.server.resources.requests.cpu", "500m")
+		setIfNotEmpty(helmValues, "global.server.resources.limits.cpu", "500m")
+		setIfNotEmpty(helmValues, "connectInject.apiGateway.manageExternalCRDs", "false")
+		setIfNotEmpty(helmValues, "connectInject.apiGateway.manageNonStandardCRDs", "true")
+	}
+
 	setIfNotEmpty(helmValues, "connectInject.transparentProxy.defaultEnabled", strconv.FormatBool(t.EnableTransparentProxy))
 
 	setIfNotEmpty(helmValues, "global.image", t.ConsulImage)

diff --git a/acceptance/framework/consul/helm_cluster.go b/acceptance/framework/consul/helm_cluster.go
@@ -139,6 +139,7 @@ func (h *HelmCluster) Create(t *testing.T) {
 			logger.Logf(t, "Unable to update helm repository, proceeding anyway: %s.", err)
 		}
 	}
+
 	helm.Install(t, h.helmOptions, chartName, h.releaseName)
 
 	k8s.WaitForAllPodsToBeReady(t, h.kubernetesClient, h.helmOptions.KubectlOptions.Namespace, fmt.Sprintf("release=%s", h.releaseName))

diff --git a/acceptance/framework/flags/flags.go b/acceptance/framework/flags/flags.go
@@ -50,10 +50,11 @@ type TestFlags struct {
 
 	flagDebugDirectory string
 
-	flagUseAKS  bool
-	flagUseEKS  bool
-	flagUseGKE  bool
-	flagUseKind bool
+	flagUseAKS          bool
+	flagUseEKS          bool
+	flagUseGKE          bool
+	flagUseGKEAutopilot bool
+	flagUseKind         bool
 
 	flagDisablePeering bool
 
@@ -145,6 +146,9 @@ func (t *TestFlags) init() {
 		"If true, the tests will assume they are running against an EKS cluster(s).")
 	flag.BoolVar(&t.flagUseGKE, "use-gke", false,
 		"If true, the tests will assume they are running against a GKE cluster(s).")
+	flag.BoolVar(&t.flagUseGKEAutopilot, "use-gke-autopilot", false,
+		"If true, the tests will assume they are running against a GKE Autopilot cluster(s).")
+
 	flag.BoolVar(&t.flagUseKind, "use-kind", false,
 		"If true, the tests will assume they are running against a local kind cluster(s).")
 
@@ -233,6 +237,7 @@ func (t *TestFlags) TestConfigFromFlags() *config.TestConfig {
 		UseAKS:             t.flagUseAKS,
 		UseEKS:             t.flagUseEKS,
 		UseGKE:             t.flagUseGKE,
+		UseGKEAutopilot:    t.flagUseGKEAutopilot,
 		UseKind:            t.flagUseKind,
 	}
 

diff --git a/charts/consul/templates/crd-tcproutes.yaml b/charts/consul/templates/crd-tcproutes.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }}
+{{- if and .Values.connectInject.enabled (or .Values.connectInject.apiGateway.manageExternalCRDs .Values.connectInject.apiGateway.manageNonStandardCRDs ) }}
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 

diff --git a/charts/consul/test/unit/crd-tcproutes.bats b/charts/consul/test/unit/crd-tcproutes.bats
@@ -26,3 +26,22 @@ load _helpers
         --set 'connectInject.apiGateway.manageExternalCRDs=false' \
         . 
 }
+
+@test "tcproutes/CustomResourceDefinition: disabled with connectInject.apiGateway.manageExternalCRDs=false and connectInject.apiGateway.manageNonStandardCRDs=false" {
+    cd `chart_dir`
+    assert_empty helm template \
+        -s templates/crd-tcproutes.yaml \
+        --set 'connectInject.apiGateway.manageExternalCRDs=false' \
+        --set 'connectInject.apiGateway.manageNonStandardCRDs=false' \
+        . 
+}
+
+@test "tcproutes/CustomResourceDefinition: enabled with connectInject.apiGateway.manageNonStandardCRDs=true" {
+    cd `chart_dir`
+    local actual=$(helm template \
+        -s templates/crd-tcproutes.yaml \
+        --set 'connectInject.apiGateway.manageNonStandardCRDs=true' \
+      . | tee /dev/stderr |
+      yq -s 'length > 0' | tee /dev/stderr)
+    [ "${actual}" = "true" ]
+}
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
@@ -2167,6 +2167,11 @@ connectInject:
     # If this setting is false, you will need to install the Gateway API CRDs manually.
     manageExternalCRDs: true
 
+    # Enables Consul on Kubernets to manage only the non-standard CRDs used for Gateway API. If manageExternalCRDs is true 
+    # then all CRDs will be installed; otherwise, if manageNonStandardCRDs is true then only TCPRoute, GatewayClassConfig and MeshService
+    # will be installed.
+    manageNonStandardCRDs: false
+
     # Configuration settings for the GatewayClass installed by Consul on Kubernetes.
     managedGatewayClass:
       # This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector)