This directory contains the tests for NGINX Gateway Fabric. The tests are divided into two categories:
- Conformance Testing. This is to ensure that the NGINX Gateway Fabric conforms to the Gateway API specification.
- System Testing. This is to ensure that the NGINX Gateway Fabric works as expected in a real system.
- Prerequisites
- Common steps for all tests
- Conformance Testing
- System Testing
If running NFR tests:
- The gcloud CLI
- A GKE cluster (if
master-authorized-networksis enabled, please setADD_VM_IP_AUTH_NETWORKS=truein your vars.env file) - Access to GCP Service Account with Kubernetes admin permissions
All the commands below are executed from the tests directory. You can see all the available commands by running make help.
Important: Functional/conformance tests can only be run on a kind cluster. NFR tests can only be run on a GKE cluster.
To create a local kind cluster:
make create-kind-clusterNote: The default kind cluster deployed is the latest available version. You can specify a different version by defining the kind image to use through the KIND_IMAGE variable, e.g.
make create-kind-cluster KIND_IMAGE=kindest/node:v1.27.3To create a GKE cluster:
Before running the below make command, copy the scripts/vars.env-example file to scripts/vars.env and populate the
required env vars. GKE_SVC_ACCOUNT needs to be the name of a service account that has Kubernetes admin permissions,
and GKE_NODES_SERVICE_ACCOUNT needs to be the name of a service account that has Artifact Registry Reader,
Kubernetes Engine Node Service Account and Monitoring Viewer permissions.
make create-gke-clusterNote: The GKE cluster is created with
master-authorized-networks, meaning only IPs from explicitly allowed CIDR ranges will be able to access the cluster. The script will automatically add your current IP to the authorized list, but if your IP changes, you can add your new local IP to themaster-authorized-networksof the cluster by running the following:
make add-local-ip-to-clusterLoading the images only applies to a kind cluster. If using a cloud provider, you will need to tag and push
your images to a registry that is accessible from that cloud provider.
make build-images load-images TAG=$(whoami)Or, to build NGF with NGINX Plus enabled (NGINX Plus cert and key must exist in the root of the repo):
make build-images-with-plus load-images-with-plus TAG=$(whoami)For the telemetry test, which requires a OTel collector, build an image with the following variables set:
TELEMETRY_ENDPOINT=otel-collector-opentelemetry-collector.collector.svc.cluster.local:4317 TELEMETRY_ENDPOINT_INSECURE=trueNote: If you want to run the latest conformance tests from the Gateway API
mainbranch, set the following environment variable before deploying NGF:
export GW_API_VERSION=mainOtherwise, the latest stable version will be used by default. Additionally, if you want to run conformance tests with experimental features enabled, set the following environment variable before deploying NGF:
export ENABLE_EXPERIMENTAL=truemake install-ngf-local-buildOr, to install NGF with NGINX Plus enabled (NGINX Plus cert and key must exist in the root of the repo):
make install-ngf-local-build-with-plusYou can optionally skip the actual build step.
make install-ngf-local-no-buildOr, to install NGF with NGINX Plus enabled:
make install-ngf-local-no-build-with-plusYou can also skip the build NGF image step and prepare the environment to instead use the edge image. Note that this
option does not currently support installing with NGINX Plus enabled.
make install-ngf-edgeNote: If you want to run the latest conformance tests from the Gateway API
mainbranch, run the following make command to update the Go modules tomain:
make update-go-modulesYou can also point to a specific fork/branch by running:
go mod edit -replace=sigs.k8s.io/gateway-api=<your-fork>@<your-branch>
go mod download
go mod verify
go mod tidyOtherwise, the latest stable version will be used by default.
make build-test-runner-imagemake run-conformance-testsmake cleanup-conformance-testsmake uninstall-ngfOptional Not required if you aren't running the main Gateway API tests.
make reset-go-modulesmake delete-kind-clusterThe system tests are meant to be run on a live Kubernetes environment to verify a real system. These are similar to the existing conformance tests, but will verify things such as:
- NGF-specific functionality
- Non-Functional requirements (NFR) testing (such as performance, scale, etc.)
When running locally, the tests create a port-forward from your NGF Pod to localhost using a port chosen by the test framework. Traffic is sent over this port. If running on a GCP VM targeting a GKE cluster, the tests will create an internal LoadBalancer service which will receive the test traffic.
Important: Functional tests can only be run on a kind cluster. NFR tests can only be run on a GKE cluster.
Directory structure is as follows:
framework: contains utility functions for running the testsresults: contains the results files for the NFR testsscripts: contain scripts used to set up the environment and run the testssuite: contains the test files
To log in the tests, use the GinkgoWriter interface described here: https://onsi.github.io/ginkgo/#logging-output.
make test TAG=$(whoami)Or, to run the tests with NGINX Plus enabled:
make test TAG=$(whoami) PLUS_ENABLED=trueThe command above doesn't run the telemetry functional test, which requires a dedicated invocation because it uses a specially built image (see above) and it needs to deploy NGF differently from the rest of functional tests.
To run the telemetry test:
make test TAG=$(whoami) GINKGO_LABEL=telemetryBefore running the below make commands, copy the scripts/vars.env-example file to scripts/vars.env and populate the
required env vars. GKE_SVC_ACCOUNT needs to be the name of a service account that has Kubernetes admin permissions.
In order to run the tests in GCP, you need a few things:
- GKE router to allow egress traffic (used by upgrade tests for pulling images from Github, and scale/reconfig tests for installing prometheus)
- this assumes that your GKE cluster is using private nodes. If using public nodes, you don't need this.
- GCP VM and firewall rule to send ingress traffic to GKE
To just set up the VM with no router (this will not run the tests):
make create-and-setup-vmTo set up just the router:
make create-gke-routerOtherwise, you can set up the VM, router, and run the tests with a single command. See the options below.
By default, the tests run using the version of NGF that was git cloned during the setup. If you want to make
incremental changes and copy your local changes to the VM to test, you can run
make sync-files-to-vmTo set up the GCP environment with the router and VM and then run the tests, run the following command:
make setup-gcp-and-run-nfr-testsTo use an existing VM to run the tests, run the following
make nfr-testThis test is run on its own (and also not in a pipeline) due to its long-running nature. It will run for 4 days before the tester must collect the results and complete the test.
To start the longevity test, set up your VM (create-and-setup-vm), router (create-gke-router), and run
make start-longevity-testNote: If you want to change the time period for which the test runs, update the
wrkcommands insuite/scripts/longevity-wrk.shto the time period you want, and runmake sync-files-to-vm.
Note: If you want to re-run the longevity test, you need to clear out the
cafe.example.comentry from the/etc/hostsfile on your VM.
You can verify the test is working by checking nginx logs to see traffic flow, and check that the cronjob is running and redeploying apps.
After 4 days (96h), you can complete the longevity tests and collect results. To ensure that the traffic has stopped flowing, you can ssh to the VM using gcloud compute ssh and run ps aux | grep wrk to verify the wrk commands are no longer running. Then, visit the GCP Monitoring Dashboards page and select the NGF Longevity Test dashboard. Take PNG screenshots of each chart for the time period in which your test ran, and save those to be added to the results file.
Finally, run
make stop-longevity-testThis will tear down the test and collect results into a file, where you can add the PNGs of the dashboard. The results collection creates multiple files that you will need to manually combine as needed (logs file, traffic output file).
To run all tests with the label "my-label", use the GINKGO_LABEL variable:
make test TAG=$(whoami) GINKGO_LABEL=my-labelor to pass a specific flag, e.g. run a specific test, use the GINKGO_FLAGS variable:
make test TAG=$(whoami) GINKGO_FLAGS='-ginkgo.focus "writes the system info to a results file"'Note: if filtering on NFR tests, set the filter in the appropriate field in your
vars.envfile.
If you are running the tests in GCP, add your required label/ flags to scripts/var.env.
You can also modify the tests code for a similar outcome. To run a specific test, you can "focus" it by adding the F
prefix to the name. For example:
It("runs some test", func(){
...
})becomes:
FIt("runs some test", func(){
...
})This can also be done at higher levels like Context.
To disable a specific test, add the X prefix to it, similar to the previous example:
It("runs some test", func(){
...
})becomes:
XIt("runs some test", func(){
...
})For more information of filtering specs, see the docs here.
-
Delete kind cluster, if required
make delete-kind-cluster
-
Delete the GCP components (GKE cluster, GKE router, VM, and firewall rule), if required
make cleanup-gcp
or
make cleanup-router
make cleanup-vm
make delete-gke-cluster