From a559eb7f0a73f5bd2ad73da9c59dec3a4dce04a6 Mon Sep 17 00:00:00 2001 From: Jamon Date: Thu, 11 Apr 2024 18:00:01 -0400 Subject: [PATCH 1/7] refactor istio to use imagetest_harness_k3s Signed-off-by: Jamon --- images/istio/main.tf | 3 - images/istio/tests/base/main.tf | 33 +++ images/istio/tests/gateway/main.tf | 47 +++++ images/istio/tests/install-cni/main.tf | 44 ++++ images/istio/tests/istiod/main.tf | 47 +++++ images/istio/tests/main.tf | 274 +++++++++++-------------- images/istio/tests/operator/main.tf | 38 ++++ 7 files changed, 328 insertions(+), 158 deletions(-) create mode 100644 images/istio/tests/base/main.tf create mode 100644 images/istio/tests/gateway/main.tf create mode 100644 images/istio/tests/install-cni/main.tf create mode 100644 images/istio/tests/istiod/main.tf create mode 100644 images/istio/tests/operator/main.tf diff --git a/images/istio/main.tf b/images/istio/main.tf index 8a02d3bbb4..933a6ad5e5 100644 --- a/images/istio/main.tf +++ b/images/istio/main.tf @@ -8,8 +8,6 @@ variable "target_repository" { description = "The docker repo into which the image and attestations should be published." } -resource "random_pet" "suffix" {} - module "test-latest" { source = "./tests" digests = { @@ -18,7 +16,6 @@ module "test-latest" { pilot = module.pilot.image_ref operator = module.operator.image_ref } - namespace = "istio-system-${random_pet.suffix.id}" } resource "oci_tag" "latest" { diff --git a/images/istio/tests/base/main.tf b/images/istio/tests/base/main.tf new file mode 100644 index 0000000000..623b1c309f --- /dev/null +++ b/images/istio/tests/base/main.tf @@ -0,0 +1,33 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + imagetest = { source = "chainguard-dev/imagetest" } + } +} + +variable "values" { + type = any + default = { + global = { + istioNamespace = "istio-system" + } + defaultRevision = "" + } +} + +module "helm" { + source = "../../../../tflib/imagetest/helm" + + chart = "base" + repo = "https://istio-release.storage.googleapis.com/charts/" + + values = var.values +} + +output "install_cmd" { + value = module.helm.install_cmd +} + +output "release_name" { + value = module.helm.release_name +} diff --git a/images/istio/tests/gateway/main.tf b/images/istio/tests/gateway/main.tf new file mode 100644 index 0000000000..8e4f8c8da1 --- /dev/null +++ b/images/istio/tests/gateway/main.tf @@ -0,0 +1,47 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + imagetest = { source = "chainguard-dev/imagetest" } + } +} + +variable "values" { + type = any + default = { + revision = "istio" + service = { + type = "ClusterIP" + } + global = { + istioNamespace = "istio-system" + hub = "cgr.dev/chainguard/istio-proxy" + proxy = { + image = "cgr.dev/chainguard/istio-proxy" + } + proxy-init = { + image = "cgr.dev/chainguard/istio-proxy" + } + tag = "latest" + } + version = "1.19.0" + namespace = "istio-system" + } +} + +module "helm" { + source = "../../../../tflib/imagetest/helm" + + namespace = var.values.namespace + repo = "https://istio-release.storage.googleapis.com/charts/" + chart = "gateway" + + values = var.values +} + +output "install_cmd" { + value = module.helm.install_cmd +} + +output "release_name" { + value = module.helm.release_name +} diff --git a/images/istio/tests/install-cni/main.tf b/images/istio/tests/install-cni/main.tf new file mode 100644 index 0000000000..6c554242d1 --- /dev/null +++ b/images/istio/tests/install-cni/main.tf @@ -0,0 +1,44 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + imagetest = { source = "chainguard-dev/imagetest" } + } +} + +variable "values" { + type = any + default = { + revision = "istio" + cni = { + image = "cgr.dev/chainguard/istio-install-cni" + tag = "latest" + cniBinDir = "/var/lib/rancher/k3s/data/current/bin" + cniConfDir = "/var/lib/rancher/k3s/agent/etc/cni/net.d" + } + global = { + hub = "cgr.dev/chainguard/istio-install-cni" + tag = "latest" + } + version = "1.19.0" + namespace = "istio-system" + } +} + +module "helm" { + source = "../../../../tflib/imagetest/helm" + + namespace = var.values.namespace + name = "istio-cni" + repo = "https://istio-release.storage.googleapis.com/charts/" + chart = "cni" + + values = var.values +} + +output "install_cmd" { + value = module.helm.install_cmd +} + +output "release_name" { + value = module.helm.release_name +} diff --git a/images/istio/tests/istiod/main.tf b/images/istio/tests/istiod/main.tf new file mode 100644 index 0000000000..f40e964c5b --- /dev/null +++ b/images/istio/tests/istiod/main.tf @@ -0,0 +1,47 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + imagetest = { source = "chainguard-dev/imagetest" } + } +} + +variable "values" { + type = any + default = { + revision = "istio-system" + pilot = { + image = "cgr.dev/chainguard/istio-pilot" + } + global = { + istioNamespace = "istio-system" + hub = "cgr.dev/chainguard/istio-proxy" + proxy = { + image = "cgr.dev/chainguard/istio-proxy" + } + proxy-init = { + image = "cgr.dev/chainguard/istio-proxy" + } + tag = "latest" + } + version = "1.19.0" + namespace = "istio-system" + } +} + +module "helm" { + source = "../../../../tflib/imagetest/helm" + + namespace = var.values.namespace + repo = "https://istio-release.storage.googleapis.com/charts/" + chart = "istiod" + + values = var.values +} + +output "install_cmd" { + value = module.helm.install_cmd +} + +output "release_name" { + value = module.helm.release_name +} diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf index 01a0458a6b..0fa708efca 100644 --- a/images/istio/tests/main.tf +++ b/images/istio/tests/main.tf @@ -1,10 +1,14 @@ terraform { required_providers { - oci = { source = "chainguard-dev/oci" } - helm = { source = "hashicorp/helm" } + oci = { source = "chainguard-dev/oci" } + imagetest = { source = "chainguard-dev/imagetest" } } } +locals { + namespace = "istio-system" +} + variable "digests" { description = "The image digest to run tests over." type = object({ @@ -15,92 +19,61 @@ variable "digests" { }) } -variable "namespace" { - description = "The namespace to install Istio in." +data "oci_string" "ref" { + for_each = var.digests + input = each.value } -variable "helm-chart-version" { - description = "The version of the Helm chart." - default = "1.19.0" -} +data "imagetest_inventory" "this" {} -data "oci_exec_test" "proxy-version" { - digest = var.digests.proxy - script = "docker run --rm $IMAGE_NAME --version" +resource "imagetest_harness_k3s" "this" { + name = "istio-system" + inventory = data.imagetest_inventory.this + sandbox = { + mounts = [ + { + source = path.module + destination = "/tests" + } + ] + } } -data "oci_exec_test" "pilot-version" { - digest = var.digests.pilot - script = "docker run --rm $IMAGE_NAME --version" +module "helm_base" { + source = "./base" + values = { + global = { + istioNamespace = local.namespace + } + # Disable the CRD validation webhook to avoid contention w/ tests of other versions, + # as this is a cluster-wide resource that we can't customize the name. + defaultRevision = "" + } } -data "oci_exec_test" "operator-version" { - digest = var.digests.operator - script = "docker run --rm $IMAGE_NAME version" -} +module "helm_operator" { + source = "./operator" + values = { + namespace = local.namespace -data "oci_string" "operator-ref" { input = var.digests.operator } -data "oci_string" "proxy-ref" { input = var.digests.proxy } -data "oci_string" "install-cni-ref" { input = var.digests.install-cni } -resource "helm_release" "operator" { - name = "operator" - namespace = local.namespace - create_namespace = true - # there's no official helm chart for the istio operator - repository = "https://stevehipwell.github.io/helm-charts/" - chart = "istio-operator" - values = [jsonencode({ image = { - repository = data.oci_string.operator-ref.registry_repo - tag = data.oci_string.operator-ref.pseudo_tag + repository = data.oci_string.ref["operator"].registry_repo + tag = data.oci_string.ref["operator"].pseudo_tag } - })] -} - -module "helm_cleanup" { - source = "../../../tflib/helm-cleanup" - name = helm_release.operator.id - namespace = helm_release.operator.namespace + } } -resource "random_pet" "suffix" {} +module "helm_istiod" { + source = "./istiod" -locals { - namespace = "istio-system-${random_pet.suffix.id}" -} - -resource "helm_release" "base" { - name = "${local.namespace}-base" - namespace = local.namespace - create_namespace = true - repository = "https://istio-release.storage.googleapis.com/charts/" - chart = "base" - version = var.helm-chart-version - replace = true # Allow reinstallation - as CRDs are not reinstalled anyway. - values = [jsonencode({ - global = { - istioNamespace = local.namespace - } - # Disable the CRD validation webhook to avoid contention w/ tests of other versions, - # as this is a cluster-wide resource that we can't customize the name. - defaultRevision = "" - })] -} + values = { + namespace = local.namespace -resource "helm_release" "istiod" { - depends_on = [helm_release.base] - name = "${local.namespace}-istiod" - namespace = local.namespace - create_namespace = true - repository = "https://istio-release.storage.googleapis.com/charts/" - chart = "istiod" - version = var.helm-chart-version - values = [jsonencode({ # Set the revision so that only namespace with istio.io/rev=local.namespace # will be managed. revision = local.namespace pilot = { - image = var.digests.pilot + image = data.oci_string.ref["pilot"].registry_repo } global = { istioNamespace = local.namespace @@ -109,30 +82,23 @@ resource "helm_release" "istiod" { # If the registry_repo is gcr.io/my/repo/istio-proxy, we need to set # hub = gcr.io/my/repo # image = istio-proxy - hub = dirname(data.oci_string.proxy-ref.registry_repo) + hub = dirname(data.oci_string.ref["proxy"].registry_repo) proxy = { - image = basename(data.oci_string.proxy-ref.registry_repo) + image = basename(data.oci_string.ref["proxy"].registry_repo) } proxy-init = { - image = basename(data.oci_string.proxy-ref.registry_repo) + image = basename(data.oci_string.ref["proxy"].registry_repo) } - tag = data.oci_string.proxy-ref.pseudo_tag + tag = data.oci_string.ref["proxy"].pseudo_tag } - })] + } } -resource "helm_release" "gateway" { - # Technically this should only depend on `istiod` installation, but - # we block this until `install-cni` is done to make sure the CNI plugin - # installation did not break Pod sandbox creation. - depends_on = [helm_release.istiod, helm_release.install-cni] - name = "${local.namespace}-gateway" - namespace = local.namespace - create_namespace = true - repository = "https://istio-release.storage.googleapis.com/charts/" - chart = "gateway" - version = var.helm-chart-version - values = [jsonencode({ +module "helm_gateway" { + source = "./gateway" + values = { + namespace = local.namespace + # Set the revision so that only namespace with istio.io/rev=local.namespace # will be managed. revision = local.namespace @@ -146,37 +112,35 @@ resource "helm_release" "gateway" { # If the registry_repo is gcr.io/my/repo/istio-proxy, we need to set # hub = gcr.io/my/repo # image = istio-proxy - hub = dirname(data.oci_string.proxy-ref.registry_repo) + hub = dirname(data.oci_string.ref["proxy"].registry_repo) proxy = { - image = basename(data.oci_string.proxy-ref.registry_repo) + image = basename(data.oci_string.ref["proxy"].registry_repo) } proxy-init = { - image = basename(data.oci_string.proxy-ref.registry_repo) + image = basename(data.oci_string.ref["proxy"].registry_repo) } - tag = data.oci_string.proxy-ref.pseudo_tag + tag = data.oci_string.ref["proxy"].pseudo_tag } - })] + } } -resource "helm_release" "install-cni" { - depends_on = [helm_release.base] - name = "${local.namespace}-cni" - namespace = local.namespace - repository = "https://istio-release.storage.googleapis.com/charts/" - chart = "cni" - version = var.helm-chart-version - values = [jsonencode({ +module "helm_install-cni" { + source = "./install-cni" + values = { + namespace = local.namespace + global = { # These Helm charts do not like slashes in the image param. # # If the registry_repo is gcr.io/my/repo/istio-install-cni, we need to set # hub = gcr.io/my/repo # image = istio-install-cni - hub = dirname(data.oci_string.install-cni-ref.registry_repo) - tag = data.oci_string.install-cni-ref.pseudo_tag + hub = dirname(data.oci_string.ref["install-cni"].registry_repo) + tag = data.oci_string.ref["install-cni"].registry_repo } cni = { - image = basename(data.oci_string.install-cni-ref.registry_repo) + image = data.oci_string.ref["install-cni"].registry_repo + tag = data.oci_string.ref["install-cni"].pseudo_tag # These two settings are highly dependent on the K8s cluster setup. cniBinDir = "/var/lib/rancher/k3s/data/current/bin" # Special thanks to Wolf @@ -185,59 +149,59 @@ resource "helm_release" "install-cni" { # Set the revision so that only namespace with istio.io/rev=local.namespace # will be managed. revision = local.namespace - })] -} - -# Wait for the CNI daemonset to come up -data "oci_exec_test" "install-cni-daemonset-up" { - depends_on = [helm_release.install-cni] - digest = var.digests.proxy - script = "kubectl rollout status daemonset -n ${local.namespace} istio-cni-node --timeout 60s" -} - -# Test the sidecar injection. -data "oci_exec_test" "sidecar-injection-works" { - depends_on = [helm_release.istiod] - - script = "${path.module}/test-injection.sh" - digest = var.digests.proxy - - env { - name = "ISTIO_NAMESPACE" - value = local.namespace } } -# Test that simple VirtualService/Gateway is working. -data "oci_exec_test" "gateway" { - depends_on = [helm_release.gateway] - - script = "${path.module}/test-gateway.sh" - digest = var.digests.proxy - - env { - name = "ISTIO_NAMESPACE" - value = local.namespace +resource "imagetest_feature" "this" { + harness = imagetest_harness_k3s.this + name = "istio" + description = "Test istio functionality of the various istio helm charts." + + steps = [ + { + name = "Create istio-system namespace" + cmd = < Date: Thu, 11 Apr 2024 18:17:54 -0400 Subject: [PATCH 2/7] refactor istio to use imagetest_harness_k3s Signed-off-by: Jamon --- images/istio/tests/istiod/main.tf | 1 + images/istio/tests/main.tf | 1 + 2 files changed, 2 insertions(+) diff --git a/images/istio/tests/istiod/main.tf b/images/istio/tests/istiod/main.tf index f40e964c5b..64e50f9c8e 100644 --- a/images/istio/tests/istiod/main.tf +++ b/images/istio/tests/istiod/main.tf @@ -11,6 +11,7 @@ variable "values" { revision = "istio-system" pilot = { image = "cgr.dev/chainguard/istio-pilot" + tag = "latest" } global = { istioNamespace = "istio-system" diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf index 0fa708efca..d84d60d0bd 100644 --- a/images/istio/tests/main.tf +++ b/images/istio/tests/main.tf @@ -74,6 +74,7 @@ module "helm_istiod" { revision = local.namespace pilot = { image = data.oci_string.ref["pilot"].registry_repo + tag = data.oci_string.ref["pilot"].pseudo_tag } global = { istioNamespace = local.namespace From 2e26e5ff0b3c10b28704fd1e9f5f8007796754c7 Mon Sep 17 00:00:00 2001 From: Jamon Date: Thu, 11 Apr 2024 18:24:45 -0400 Subject: [PATCH 3/7] refactor istio to use imagetest_harness_k3s Signed-off-by: Jamon --- images/istio/tests/istiod/main.tf | 2 +- images/istio/tests/main.tf | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/images/istio/tests/istiod/main.tf b/images/istio/tests/istiod/main.tf index 64e50f9c8e..12a6065549 100644 --- a/images/istio/tests/istiod/main.tf +++ b/images/istio/tests/istiod/main.tf @@ -11,7 +11,7 @@ variable "values" { revision = "istio-system" pilot = { image = "cgr.dev/chainguard/istio-pilot" - tag = "latest" + tag = "latest" } global = { istioNamespace = "istio-system" diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf index d84d60d0bd..58edbe5f6c 100644 --- a/images/istio/tests/main.tf +++ b/images/istio/tests/main.tf @@ -24,6 +24,21 @@ data "oci_string" "ref" { input = each.value } +data "oci_exec_test" "proxy-version" { + digest = var.digests.proxy + script = "docker run --rm $IMAGE_NAME --version" +} + +data "oci_exec_test" "pilot-version" { + digest = var.digests.pilot + script = "docker run --rm $IMAGE_NAME --version" +} + +data "oci_exec_test" "operator-version" { + digest = var.digests.operator + script = "docker run --rm $IMAGE_NAME version" +} + data "imagetest_inventory" "this" {} resource "imagetest_harness_k3s" "this" { @@ -74,7 +89,7 @@ module "helm_istiod" { revision = local.namespace pilot = { image = data.oci_string.ref["pilot"].registry_repo - tag = data.oci_string.ref["pilot"].pseudo_tag + tag = data.oci_string.ref["pilot"].pseudo_tag } global = { istioNamespace = local.namespace From 4836dbbdf6d96de6f4d30f294bc0cd082b6a76e0 Mon Sep 17 00:00:00 2001 From: Jamon Date: Thu, 11 Apr 2024 21:28:36 -0400 Subject: [PATCH 4/7] getting closer with istio imagetest harness Signed-off-by: Jamon --- images/istio/tests/gateway/main.tf | 2 +- images/istio/tests/install-cni/main.tf | 2 +- images/istio/tests/main.tf | 27 ++++++++++---------------- images/istio/tests/test-gateway.sh | 4 ++-- images/istio/tests/virtualservice.yaml | 4 ++-- 5 files changed, 16 insertions(+), 23 deletions(-) diff --git a/images/istio/tests/gateway/main.tf b/images/istio/tests/gateway/main.tf index 8e4f8c8da1..8e0b4e0c69 100644 --- a/images/istio/tests/gateway/main.tf +++ b/images/istio/tests/gateway/main.tf @@ -8,7 +8,7 @@ terraform { variable "values" { type = any default = { - revision = "istio" + revision = "istio-system" service = { type = "ClusterIP" } diff --git a/images/istio/tests/install-cni/main.tf b/images/istio/tests/install-cni/main.tf index 6c554242d1..79f0a5eccb 100644 --- a/images/istio/tests/install-cni/main.tf +++ b/images/istio/tests/install-cni/main.tf @@ -8,7 +8,7 @@ terraform { variable "values" { type = any default = { - revision = "istio" + revision = "istio-system" cni = { image = "cgr.dev/chainguard/istio-install-cni" tag = "latest" diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf index 58edbe5f6c..26099fa667 100644 --- a/images/istio/tests/main.tf +++ b/images/istio/tests/main.tf @@ -24,21 +24,6 @@ data "oci_string" "ref" { input = each.value } -data "oci_exec_test" "proxy-version" { - digest = var.digests.proxy - script = "docker run --rm $IMAGE_NAME --version" -} - -data "oci_exec_test" "pilot-version" { - digest = var.digests.pilot - script = "docker run --rm $IMAGE_NAME --version" -} - -data "oci_exec_test" "operator-version" { - digest = var.digests.operator - script = "docker run --rm $IMAGE_NAME version" -} - data "imagetest_inventory" "this" {} resource "imagetest_harness_k3s" "this" { @@ -88,7 +73,8 @@ module "helm_istiod" { # will be managed. revision = local.namespace pilot = { - image = data.oci_string.ref["pilot"].registry_repo + hub = dirname(data.oci_string.ref["pilot"].registry_repo) + image = basename(data.oci_string.ref["pilot"].registry_repo) tag = data.oci_string.ref["pilot"].pseudo_tag } global = { @@ -121,6 +107,7 @@ module "helm_gateway" { service = { type = "ClusterIP" } + # this isn't part of the gateway chart, is it used? global = { istioNamespace = local.namespace # These Helm charts do not like slashes in the image param. @@ -155,7 +142,8 @@ module "helm_install-cni" { tag = data.oci_string.ref["install-cni"].registry_repo } cni = { - image = data.oci_string.ref["install-cni"].registry_repo + hub = dirname(data.oci_string.ref["install-cni"].registry_repo) + image = basename(data.oci_string.ref["install-cni"].registry_repo) tag = data.oci_string.ref["install-cni"].pseudo_tag # These two settings are highly dependent on the K8s cluster setup. @@ -178,6 +166,7 @@ resource "imagetest_feature" "this" { name = "Create istio-system namespace" cmd = < Date: Thu, 11 Apr 2024 21:30:03 -0400 Subject: [PATCH 5/7] terraform fmt istio imagetest harness Signed-off-by: Jamon --- images/istio/tests/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf index 26099fa667..b7d6003c55 100644 --- a/images/istio/tests/main.tf +++ b/images/istio/tests/main.tf @@ -73,7 +73,7 @@ module "helm_istiod" { # will be managed. revision = local.namespace pilot = { - hub = dirname(data.oci_string.ref["pilot"].registry_repo) + hub = dirname(data.oci_string.ref["pilot"].registry_repo) image = basename(data.oci_string.ref["pilot"].registry_repo) tag = data.oci_string.ref["pilot"].pseudo_tag } @@ -142,7 +142,7 @@ module "helm_install-cni" { tag = data.oci_string.ref["install-cni"].registry_repo } cni = { - hub = dirname(data.oci_string.ref["install-cni"].registry_repo) + hub = dirname(data.oci_string.ref["install-cni"].registry_repo) image = basename(data.oci_string.ref["install-cni"].registry_repo) tag = data.oci_string.ref["install-cni"].pseudo_tag @@ -198,7 +198,7 @@ resource "imagetest_feature" "this" { }, { name = "Install curl", - cmd = "apk add curl" + cmd = "apk add curl" }, { name = "Test injection", From 4593e70e450a67e6cf17e857b74f3a8988e55b98 Mon Sep 17 00:00:00 2001 From: Jamon Date: Fri, 12 Apr 2024 07:41:47 -0400 Subject: [PATCH 6/7] Success! Signed-off-by: Jamon --- images/istio/tests/base/main.tf | 1 + images/istio/tests/gateway/main.tf | 1 + images/istio/tests/install-cni/main.tf | 8 +++++--- images/istio/tests/istiod/main.tf | 8 +++++--- images/istio/tests/main.tf | 7 +++++++ 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/images/istio/tests/base/main.tf b/images/istio/tests/base/main.tf index 623b1c309f..fedc416e99 100644 --- a/images/istio/tests/base/main.tf +++ b/images/istio/tests/base/main.tf @@ -8,6 +8,7 @@ terraform { variable "values" { type = any default = { + name = "istio-system-base" global = { istioNamespace = "istio-system" } diff --git a/images/istio/tests/gateway/main.tf b/images/istio/tests/gateway/main.tf index 8e0b4e0c69..ed876f7856 100644 --- a/images/istio/tests/gateway/main.tf +++ b/images/istio/tests/gateway/main.tf @@ -8,6 +8,7 @@ terraform { variable "values" { type = any default = { + name = "istio-system-gateway" revision = "istio-system" service = { type = "ClusterIP" diff --git a/images/istio/tests/install-cni/main.tf b/images/istio/tests/install-cni/main.tf index 79f0a5eccb..c69babd6ca 100644 --- a/images/istio/tests/install-cni/main.tf +++ b/images/istio/tests/install-cni/main.tf @@ -8,7 +8,9 @@ terraform { variable "values" { type = any default = { - revision = "istio-system" + name = "istio-system-cni" + namespace = "istio-system" + revision = "istio-system" cni = { image = "cgr.dev/chainguard/istio-install-cni" tag = "latest" @@ -19,8 +21,8 @@ variable "values" { hub = "cgr.dev/chainguard/istio-install-cni" tag = "latest" } - version = "1.19.0" - namespace = "istio-system" + version = "1.19.0" + } } diff --git a/images/istio/tests/istiod/main.tf b/images/istio/tests/istiod/main.tf index 12a6065549..5d899a2e98 100644 --- a/images/istio/tests/istiod/main.tf +++ b/images/istio/tests/istiod/main.tf @@ -8,7 +8,9 @@ terraform { variable "values" { type = any default = { - revision = "istio-system" + name = "istio-system-istiod" + namespace = "istio-system" + revision = "istio-system" pilot = { image = "cgr.dev/chainguard/istio-pilot" tag = "latest" @@ -24,8 +26,8 @@ variable "values" { } tag = "latest" } - version = "1.19.0" - namespace = "istio-system" + version = "1.19.0" + } } diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf index b7d6003c55..400d13abc6 100644 --- a/images/istio/tests/main.tf +++ b/images/istio/tests/main.tf @@ -30,6 +30,9 @@ resource "imagetest_harness_k3s" "this" { name = "istio-system" inventory = data.imagetest_inventory.this sandbox = { + envs = { + "ISTIO_NAMESPACE" = local.namespace + } mounts = [ { source = path.module @@ -42,6 +45,7 @@ resource "imagetest_harness_k3s" "this" { module "helm_base" { source = "./base" values = { + name = "${local.namespace}-base" global = { istioNamespace = local.namespace } @@ -67,6 +71,7 @@ module "helm_istiod" { source = "./istiod" values = { + name = "${local.namespace}-istiod" namespace = local.namespace # Set the revision so that only namespace with istio.io/rev=local.namespace @@ -99,6 +104,7 @@ module "helm_istiod" { module "helm_gateway" { source = "./gateway" values = { + name = "${local.namespace}-gateway" namespace = local.namespace # Set the revision so that only namespace with istio.io/rev=local.namespace @@ -130,6 +136,7 @@ module "helm_gateway" { module "helm_install-cni" { source = "./install-cni" values = { + name = "${local.namespace}-cni" namespace = local.namespace global = { From 8138afbfb9f0ed215595c22c47e64a93e7a80cc9 Mon Sep 17 00:00:00 2001 From: Jamon Date: Fri, 12 Apr 2024 08:07:16 -0400 Subject: [PATCH 7/7] Double down on success! Signed-off-by: Jamon --- images/istio/tests/base/main.tf | 7 ++++++- images/istio/tests/gateway/main.tf | 14 +++++++------ images/istio/tests/install-cni/main.tf | 8 ++++---- images/istio/tests/istiod/main.tf | 13 +++++++----- images/istio/tests/main.tf | 28 +++++++++++++------------- images/istio/tests/operator/main.tf | 6 ++++-- 6 files changed, 44 insertions(+), 32 deletions(-) diff --git a/images/istio/tests/base/main.tf b/images/istio/tests/base/main.tf index fedc416e99..52a26eb699 100644 --- a/images/istio/tests/base/main.tf +++ b/images/istio/tests/base/main.tf @@ -8,7 +8,10 @@ terraform { variable "values" { type = any default = { - name = "istio-system-base" + name = "istio-system-base" + namespace = "istio-system" + create_namespace = true + global = { istioNamespace = "istio-system" } @@ -19,6 +22,8 @@ variable "values" { module "helm" { source = "../../../../tflib/imagetest/helm" + namespace = var.values.namespace + chart = "base" repo = "https://istio-release.storage.googleapis.com/charts/" diff --git a/images/istio/tests/gateway/main.tf b/images/istio/tests/gateway/main.tf index ed876f7856..9fc1ba26ed 100644 --- a/images/istio/tests/gateway/main.tf +++ b/images/istio/tests/gateway/main.tf @@ -8,8 +8,10 @@ terraform { variable "values" { type = any default = { - name = "istio-system-gateway" - revision = "istio-system" + name = "istio-system-gateway" + namespace = "istio-system" + revision = "istio-system" + service = { type = "ClusterIP" } @@ -24,8 +26,7 @@ variable "values" { } tag = "latest" } - version = "1.19.0" - namespace = "istio-system" + version = "1.19.0" } } @@ -33,8 +34,9 @@ module "helm" { source = "../../../../tflib/imagetest/helm" namespace = var.values.namespace - repo = "https://istio-release.storage.googleapis.com/charts/" - chart = "gateway" + + repo = "https://istio-release.storage.googleapis.com/charts/" + chart = "gateway" values = var.values } diff --git a/images/istio/tests/install-cni/main.tf b/images/istio/tests/install-cni/main.tf index c69babd6ca..c8fe6d4503 100644 --- a/images/istio/tests/install-cni/main.tf +++ b/images/istio/tests/install-cni/main.tf @@ -11,6 +11,7 @@ variable "values" { name = "istio-system-cni" namespace = "istio-system" revision = "istio-system" + cni = { image = "cgr.dev/chainguard/istio-install-cni" tag = "latest" @@ -22,7 +23,6 @@ variable "values" { tag = "latest" } version = "1.19.0" - } } @@ -30,9 +30,9 @@ module "helm" { source = "../../../../tflib/imagetest/helm" namespace = var.values.namespace - name = "istio-cni" - repo = "https://istio-release.storage.googleapis.com/charts/" - chart = "cni" + + repo = "https://istio-release.storage.googleapis.com/charts/" + chart = "cni" values = var.values } diff --git a/images/istio/tests/istiod/main.tf b/images/istio/tests/istiod/main.tf index 5d899a2e98..4d8ab253a1 100644 --- a/images/istio/tests/istiod/main.tf +++ b/images/istio/tests/istiod/main.tf @@ -8,9 +8,11 @@ terraform { variable "values" { type = any default = { - name = "istio-system-istiod" - namespace = "istio-system" - revision = "istio-system" + name = "istio-system-istiod" + namespace = "istio-system" + create_namespace = true + revision = "istio-system" + pilot = { image = "cgr.dev/chainguard/istio-pilot" tag = "latest" @@ -35,8 +37,9 @@ module "helm" { source = "../../../../tflib/imagetest/helm" namespace = var.values.namespace - repo = "https://istio-release.storage.googleapis.com/charts/" - chart = "istiod" + + repo = "https://istio-release.storage.googleapis.com/charts/" + chart = "istiod" values = var.values } diff --git a/images/istio/tests/main.tf b/images/istio/tests/main.tf index 400d13abc6..66336f5455 100644 --- a/images/istio/tests/main.tf +++ b/images/istio/tests/main.tf @@ -45,7 +45,10 @@ resource "imagetest_harness_k3s" "this" { module "helm_base" { source = "./base" values = { - name = "${local.namespace}-base" + name = "${local.namespace}-base" + namespace = local.namespace + create_namespace = true + global = { istioNamespace = local.namespace } @@ -58,7 +61,9 @@ module "helm_base" { module "helm_operator" { source = "./operator" values = { - namespace = local.namespace + name = "operator" + namespace = local.namespace + create_namespace = true image = { repository = data.oci_string.ref["operator"].registry_repo @@ -71,8 +76,9 @@ module "helm_istiod" { source = "./istiod" values = { - name = "${local.namespace}-istiod" - namespace = local.namespace + name = "${local.namespace}-istiod" + namespace = local.namespace + create_namespace = true # Set the revision so that only namespace with istio.io/rev=local.namespace # will be managed. @@ -104,8 +110,9 @@ module "helm_istiod" { module "helm_gateway" { source = "./gateway" values = { - name = "${local.namespace}-gateway" - namespace = local.namespace + name = "${local.namespace}-gateway" + namespace = local.namespace + create_namespace = true # Set the revision so that only namespace with istio.io/rev=local.namespace # will be managed. @@ -169,13 +176,6 @@ resource "imagetest_feature" "this" { description = "Test istio functionality of the various istio helm charts." steps = [ - { - name = "Create istio-system namespace" - cmd = <