e2e: add a test for e2e ssl (#862)

scripts/e2e/cmd/runner/helper.go

@@ -59,7 +59,7 @@ func parseK8sYaml(fileName string) ([]runtime.Object, error) {
 		return nil, err
 	}
 
-	acceptedK8sTypes := regexp.MustCompile(`(Namespace|Deployment|Service|Ingress|Secret)`)
+	acceptedK8sTypes := regexp.MustCompile(`(Namespace|Deployment|Service|Ingress|Secret|ConfigMap)`)
 	fileAsString := string(fileR[:])
 	sepYamlfiles := strings.Split(fileAsString, "---")
 	retVal := make([]runtime.Object, 0, len(sepYamlfiles))
@@ -112,6 +112,11 @@ func applyYaml(clientset *kubernetes.Clientset, namespaceName string, fileName s
 				return err
 			}
 		}
+		if cm, ok := objs.(*v1.ConfigMap); ok {
+			if _, err := clientset.CoreV1().ConfigMaps(namespaceName).Create(cm); err != nil {
+				return err
+			}
+		}
 	}
 	return nil
 }
@@ -223,6 +228,7 @@ func makeGetRequest(url string, host string, statusCode int, inSecure bool) (*ht
 		}
 
 		if resp.StatusCode == statusCode {
+			klog.Infof("Got expected status code %d with url '%s' with host '%s'. Response: [%+v]", statusCode, url, host, resp)
 			return resp, nil
 		}
 

scripts/e2e/cmd/runner/runner_test.go

@@ -31,7 +31,7 @@ func TestMFU(t *testing.T) {
 }
 
 var _ = Describe("Most frequently run test suite", func() {
-	Context("one namespace one ingress: ssl-redirect", func() {
+	Context("one namespace one ingress: ssl-e2e-redirect", func() {
 		var clientset *kubernetes.Clientset
 		var namespaceName string
 		var urlHttp string
@@ -47,7 +47,7 @@ var _ = Describe("Most frequently run test suite", func() {
 			cleanUp(clientset)
 
 			// create namespace
-			namespaceName = "e2e-1n1i-ssl-redirect"
+			namespaceName = "e2e-1n1i-ssl-e2e-redirect"
 			ns := &v1.Namespace{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: namespaceName,
@@ -58,7 +58,7 @@ var _ = Describe("Most frequently run test suite", func() {
 			Expect(err).To(BeNil())
 
 			// create objects in the yaml
-			path := "testdata/one-namespace-one-ingress/ssl-redirect/app.yaml"
+			path := "testdata/one-namespace-one-ingress/ssl-e2e-redirect/app.yaml"
 			klog.Info("Applying yaml ", path)
 			err := applyYaml(clientset, namespaceName, path)
 			Expect(err).To(BeNil())
@@ -71,8 +71,8 @@ var _ = Describe("Most frequently run test suite", func() {
 			Expect(err).To(BeNil())
 			Expect(publicIP).ToNot(Equal(""))
 
-			urlHttp = fmt.Sprintf("http://%s/status/200", publicIP)
-			urlHttps = fmt.Sprintf("https://%s/status/200", publicIP)
+			urlHttp = fmt.Sprintf("http://%s/index.html", publicIP)
+			urlHttps = fmt.Sprintf("https://%s/index.html", publicIP)
 		})
 
 		It("should get correct status code for both http and https request", func() {

scripts/e2e/cmd/runner/testdata/one-namespace-one-ingress/ssl-e2e-redirect/README.md

@@ -0,0 +1,14 @@
+To add the root certificate to app gateway, use
+
+```
+az network application-gateway root-cert create -n test --cert-file test.crt --gateway-name <gateway> --resource-group <resgp>
+```
+
+To generate a new self-signed certificate:
+```
+openssl ecparam -out test.key -name prime256v1 -genkey
+openssl req -new -sha256 -key test.key -out test.csr -subj "/CN=test"
+openssl x509 -req -sha256 -days 365 -in test.csr -signkey test.key -out test.cer
+```
+
+If you are using a different certificate, don't forget to update the tls secret in the app.yaml.

scripts/e2e/cmd/runner/testdata/one-namespace-one-ingress/ssl-e2e-redirect/app.yaml

@@ -0,0 +1,94 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-cm
+data:
+  default.conf: |-
+    server {
+        listen 80 default_server;
+        listen 443 ssl;
+        root /usr/share/nginx/html;
+        index index.html;
+        ssl_certificate /etc/nginx/ssl/tls.crt;
+        ssl_certificate_key /etc/nginx/ssl/tls.key;
+        location / {
+                try_files $uri $uri/ =404;
+        }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ssl-redirect-deployment
+spec:
+  selector:
+    matchLabels:
+      app: ssl-redirect
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: ssl-redirect
+    spec:
+      containers:
+        - name: nginx
+          imagePullPolicy: Always
+          image: nginx:latest
+          ports:
+            - containerPort: 443
+          volumeMounts:
+          - mountPath: /etc/nginx/ssl
+            name: secret-volume
+          - mountPath: /etc/nginx/conf.d
+            name: configmap-volume
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: testsecret-tls
+      - name: configmap-volume
+        configMap:
+          name: nginx-cm       
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ssl-redirect-service
+spec:
+  selector:
+    app: ssl-redirect
+  ports:
+  - protocol: TCP
+    port: 443
+    targetPort: 443
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: ssl-redirect-ingress
+  annotations:
+    kubernetes.io/ingress.class: azure/application-gateway
+    appgw.ingress.kubernetes.io/ssl-redirect: "true"
+    appgw.ingress.kubernetes.io/backend-hostname: "test"
+    appgw.ingress.kubernetes.io/appgw-trusted-root-certificate: "test"
+spec:
+  tls:
+    - secretName: testsecret-tls
+  backend:
+    serviceName: ssl-redirect-service
+    servicePort: 443
+  rules:
+    - http:
+        paths:
+        - path: /index.html
+          backend:
+            serviceName: ssl-redirect-service
+            servicePort: 443
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: testsecret-tls
+type: kubernetes.io/tls
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJEVENCdEFJSkFLWTlOYkJMVjlJTE1Bb0dDQ3FHU000OUJBTUNNQTh4RFRBTEJnTlZCQU1NQkhSbGMzUXcKSGhjTk1qQXdOVEU0TWpFeU1UUXpXaGNOTWpFd05URTRNakV5TVRReldqQVBNUTB3Q3dZRFZRUUREQVIwWlhOMApNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU2eHlzV0lhZUFkenYveXdUNTl5NDNreXppUGViCmMvaEpLOCt1Nm9uMmtOYjJpZ2tuTDZndU9PYWxsamQxOVB1dTYwYmh4aEpobGJpcHpBcWZCcFYzYnpBS0JnZ3EKaGtqT1BRUURBZ05JQURCRkFpRUFzbGNmNjNId0hxUDZoMHJTdjg3TXlBRVVoWmRoUlNZdm5sMGQyazRxZGtZQwpJRG1qNWdDcFAzTldmZWRVZHh6bTlsOEtxRUl2c1VxL1hXYWxUODhTWitWQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdncWhrak9QUU1CQnc9PQotLS0tLUVORCBFQyBQQVJBTUVURVJTLS0tLS0KLS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdQeE1qSytnOEd1dWhlMW1PQUZHY1V3V09xdHZRbjZCTHBQZVJGUTZUNHhvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNnh5c1dJYWVBZHp2L3l3VDU5eTQza3l6aVBlYmMvaEpLOCt1Nm9uMmtOYjJpZ2tuTDZndQpPT2FsbGpkMTlQdXU2MGJoeGhKaGxiaXB6QXFmQnBWM2J3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=

scripts/e2e/cmd/runner/testdata/one-namespace-one-ingress/ssl-e2e-redirect/test.crt

@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE-----
+MIIBDTCBtAIJAKY9NbBLV9ILMAoGCCqGSM49BAMCMA8xDTALBgNVBAMMBHRlc3Qw
+HhcNMjAwNTE4MjEyMTQzWhcNMjEwNTE4MjEyMTQzWjAPMQ0wCwYDVQQDDAR0ZXN0
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6xysWIaeAdzv/ywT59y43kyziPeb
+c/hJK8+u6on2kNb2igknL6guOOalljd19Puu60bhxhJhlbipzAqfBpV3bzAKBggq
+hkjOPQQDAgNIADBFAiEAslcf63HwHqP6h0rSv87MyAEUhZdhRSYvnl0d2k4qdkYC
+IDmj5gCpP3NWfedUdxzm9l8KqEIvsUq/XWalT88SZ+VA
+-----END CERTIFICATE-----