Enable cluster wide installation in tests (istio#902)

* Enable cluster wide installation in tests * Check errors * Address code review comments * Code review * goftm -s * Fix the initializer * Updated readme * Try without initializer Former-commit-id: d24eca1
xun1009 · Sep 25, 2017 · a68459e · a68459e
1 parent 5a20376
commit a68459e
Show file tree

Hide file tree

Showing 9 changed files with 120 additions and 325 deletions.
diff --git a/install/kubernetes/BUILD b/install/kubernetes/BUILD
@@ -6,7 +6,6 @@ filegroup(
         "istio-initializer.yaml",
         "istio-one-namespace.yaml",
         "istio-one-namespace-auth.yaml",
-        "istio-rbac-beta.yaml",
     ],
     visibility = ["//visibility:public"],
 )
diff --git a/install/kubernetes/istio-rbac-beta.yaml b/install/kubernetes/istio-rbac-beta.yaml
diff --git a/install/updateVersion.sh b/install/updateVersion.sh
@@ -125,12 +125,6 @@ function merge_files() {
   ISTIO_ONE_NAMESPACE_AUTH=$DEST/istio-one-namespace-auth.yaml
   ISTIO_INITIALIZER=$DEST/istio-initializer.yaml
 
-  # TODO remove 3 lines below once the e2e tests no longer look for this file
-  echo "# GENERATED FILE. Use with Kubernetes 1.7+" > $DEST/istio-rbac-beta.yaml
-  echo "# TO UPDATE, modify files in install/kubernetes/templates and run install/updateVersion.sh" >> $DEST/istio-rbac-beta.yaml
-  cat $SRC/istio-rbac-beta.yaml.tmpl >> $DEST/istio-rbac-beta.yaml
-
-
   echo "# GENERATED FILE. Use with Kubernetes 1.7+" > $ISTIO
   echo "# TO UPDATE, modify files in install/kubernetes/templates and run install/updateVersion.sh" >> $ISTIO
   cat $SRC/istio-ns.yaml.tmpl >> $ISTIO

diff --git a/prow/e2e-suite-rbac-auth.sh b/prow/e2e-suite-rbac-auth.sh
@@ -28,7 +28,9 @@ set -u
 # Print commands
 set -x
 
-RBAC_FILE='install/kubernetes/istio-rbac-beta.yaml'
-
 echo 'Running e2e with rbac, with auth Tests'
-./prow/e2e-suite.sh --rbac_path="${RBAC_FILE}" --auth_enable "${@}"
+if [ "$#" != 0 ]; then
+    ./prow/e2e-suite.sh --auth_enable "${@}"
+else
+    ./prow/e2e-suite.sh --auth_enable
+fi
diff --git a/prow/e2e-suite-rbac-no_auth.sh b/prow/e2e-suite-rbac-no_auth.sh
@@ -28,7 +28,9 @@ set -u
 # Print commands
 set -x
 
-RBAC_FILE='install/kubernetes/istio-rbac-beta.yaml'
-
 echo 'Running e2e with rbac, no auth Tests'
-./prow/e2e-suite.sh --rbac_path="${RBAC_FILE}" "${@}"
+if [ "$#" != 0 ]; then
+    ./prow/e2e-suite.sh "${@}"
+else
+    ./prow/e2e-suite.sh
+fi
diff --git a/prow/new-e2e-rbac_no_auth.sh b/prow/new-e2e-rbac_no_auth.sh
@@ -33,7 +33,7 @@ ZONE=us-central1-f
 CLUSTER_VERSION=1.7.5
 MACHINE_TYPE=n1-standard-4
 NUM_NODES=1
-CLUSTER_NAME=rbac-n-auth-$(uuidgen | cut -c1-8)
+CLUSTER_NAME=cluster-wide-auth-$(uuidgen | cut -c1-8 | tr "[A-Z]" "[a-z]")
 
 CLUSTER_CREATED=false
 
@@ -56,6 +56,5 @@ CLUSTER_CREATED=true
 
 kubectl create clusterrolebinding prow-cluster-admin-binding --clusterrole=cluster-admin [email protected]
 
-echo 'Running e2e rbac, no auth Tests'
-./prow/e2e-suite-rbac-no_auth.sh "${@}"
-
+echo 'Running cluster-wide e2e rbac, auth Tests'
+./prow/e2e-suite-rbac-auth.sh --cluster_wide "${@}"
diff --git a/tests/e2e/README.md b/tests/e2e/README.md
@@ -15,7 +15,7 @@ gcloud container clusters create ${CLUSTER_NAME} --zone ${ZONE} --project ${PROJ
 
 If you hit the error
 ```bash
-Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-pilot" is forbidden: attempt to grant extra privileges: [{[*] [istio.io] [istioconfigs] [] []} {[*] [istio.io] [istioconfigs.istio.io] [] []} {[*] [extensions] [thirdpartyresources] [] []} {[*] [extensions] [thirdpartyresources.extensions] [] []} {[*] [extensions] [ingresses] [] []} {[*] [] [configmaps] [] []} {[*] [] [endpoints] [] []} {[*] [] [pods] [] []} {[*] [] [services] [] []}] user=&{[email protected] [...]
+Error from server (Forbidden): error when creating "install/kubernetes/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-pilot" is forbidden: attempt to grant extra privileges: [{[*] [istio.io] [istioconfigs] [] []} {[*] [istio.io] [istioconfigs.istio.io] [] []} {[*] [extensions] [thirdpartyresources] [] []} {[*] [extensions] [thirdpartyresources.extensions] [] []} {[*] [extensions] [ingresses] [] []} {[*] [] [configmaps] [] []} {[*] [] [endpoints] [] []} {[*] [] [pods] [] []} {[*] [] [services] [] []}] user=&{[email protected] [...]
 ```
 You need to add the following: (replace the name with your own)
 ```
@@ -55,18 +55,19 @@ If not specify `namespace`, a randomly namespace would be generated for each tes
 
 ### For all the following example, you always need to add:
 * `--auth_enable` if you want to include auth
-* `--rbac_path=install/kubernetes/istio-rbac-beta.yaml` if you are using a rbac cluster (which means you disabled legacy if using GKE)
+* `--cluster_wide` if you want to run the cluster wide installation and tests
+* `--use_initializer` if you want to do transparent sidecar injection
 
 ### Example
 From the repo checkout root directory
 
 * Run tests with the latest stable version of istio according to istio.VERSION :
 
-`tests/e2e.sh --rbac_path=install/kubernetes/istio-rbac-beta.yaml --auth_enable`
+`tests/e2e.sh --auth_enable`
 
 * Test commit in pilot repo, SHA:"dc738396fd21ab9779853635dd22693d9dd3f78a":
 
-`tests/e2e.sh --pilot_hub=gcr.io/istio-testing --pilot_tag=dc738396fd21ab9779853635dd22693d9dd3f78a --istioctl_url=https://storage.googleapis.com/istio-artifacts/dc738396fd21ab9779853635dd22693d9dd3f78a/artifacts/istioctl  --rbac_path=install/kubernetes/istio-rbac-beta.yaml --auth_enable`
+`tests/e2e.sh --pilot_hub=gcr.io/istio-testing --pilot_tag=dc738396fd21ab9779853635dd22693d9dd3f78a --istioctl_url=https://storage.googleapis.com/istio-artifacts/dc738396fd21ab9779853635dd22693d9dd3f78a/artifacts/istioctl --auth_enable`
 
 * If you want to run one specific test, you can do: