Add automation documentation tests for migration from sidecar to ambient#1379
Add automation documentation tests for migration from sidecar to ambient#1379bmangoen wants to merge 11 commits into
Conversation
bmangoen
changed the title
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1379 +/- ##
=======================================
Coverage 80.71% 80.71%
=======================================
Files 51 51
Lines 2598 2598
=======================================
Hits 2097 2097
Misses 380 380
Partials 121 121
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
fjglira
left a comment
fjglira
left a comment
There was a problem hiding this comment.
Looks preatty good in general
bmangoen
force-pushed
the
doc/automation-test-migration-sidecar-to-ambient
branch
from
5d5f234 to
b83b8bc
Compare
|
Hey @bmangoen checking the execution after the latest changes I see this: PLease check the applied yamls because seems that can be issues with the format Check also a step where is trying to label the namespace and get looking for a label I think from that last error message is coming the issue that is causing to not go ambient mode correctly in the bookinfo namespace, because in the last step I see that the restarted bookinfo pods are still on sidecar mode: |
bmangoen
force-pushed
the
doc/automation-test-migration-sidecar-to-ambient
branch
from
1ebd7af to
262769a
Compare
fjglira
left a comment
fjglira
left a comment
There was a problem hiding this comment.
I think we still need to add some wait and validations. At the end the migration looks almost good but there are some steps that seems to not be doing a proper validation
bmangoen
force-pushed
the
doc/automation-test-migration-sidecar-to-ambient
branch
from
29a171d to
832b65c
Compare
fjglira
left a comment
fjglira
left a comment
There was a problem hiding this comment.
Just some small comment the rest of the test looks ok, the connectivity is working and the migration seems successfully
| # Increase inotify limits to prevent "too many open files" errors with ztunnel and ambient mode | ||
| # This is needed because ztunnel watches ConfigMaps and the default limits are often too low | ||
| echo "Increasing inotify limits on KIND node..." | ||
| docker exec "${NAME}"-control-plane sysctl -w fs.inotify.max_user_instances=8192 || true | ||
| docker exec "${NAME}"-control-plane sysctl -w fs.inotify.max_user_watches=524288 || true | ||
|
|
There was a problem hiding this comment.
These changes are going to be overriden because we get these files from istio/common-files repo
There was a problem hiding this comment.
Ah you're right ! Do you think guys from the community would accept this change upstream?
There was a problem hiding this comment.
I think we should give a try to do the change upstream. I don't see any downside on this
There was a problem hiding this comment.
Removed and waiting for istio/common-files#1278 to be accepted and merged
There was a problem hiding this comment.
So, this errors:
##### Test istio-migrate-from-sidecar-to-ambient: Step 28
Error from server: error when creating "STDIN": admission webhook "validation.istio.io" denied the request: configuration is invalid: 2 errors occurred:
* invalid policy productpage-ztunnel-protection.bookinfo: invalid `value` for `key` source.workload_name: unknown attribute: source.workload_name
* invalid policy productpage-ztunnel-protection.bookinfo: invalid `notValue` for `key` source.workload_name: unknown attribute: source.workload_name
Error from server: error when creating "STDIN": admission webhook "validation.istio.io" denied the request: configuration is invalid: 2 errors occurred:
* invalid policy reviews-ztunnel-protection.bookinfo: invalid `value` for `key` source.workload_name: unknown attribute: source.workload_name
* invalid policy reviews-ztunnel-protection.bookinfo: invalid `notValue` for `key` source.workload_name: unknown attribute: source.workload_name
##### Test istio-migrate-from-sidecar-to-ambient completed: FAIL
Are they related to that change?
There was a problem hiding this comment.
Seems that Jonh is concerned about being masking an actual leak instead of a resource consumption issue
There was a problem hiding this comment.
So, this errors:
##### Test istio-migrate-from-sidecar-to-ambient: Step 28 Error from server: error when creating "STDIN": admission webhook "validation.istio.io" denied the request: configuration is invalid: 2 errors occurred: * invalid policy productpage-ztunnel-protection.bookinfo: invalid `value` for `key` source.workload_name: unknown attribute: source.workload_name * invalid policy productpage-ztunnel-protection.bookinfo: invalid `notValue` for `key` source.workload_name: unknown attribute: source.workload_name Error from server: error when creating "STDIN": admission webhook "validation.istio.io" denied the request: configuration is invalid: 2 errors occurred: * invalid policy reviews-ztunnel-protection.bookinfo: invalid `value` for `key` source.workload_name: unknown attribute: source.workload_name * invalid policy reviews-ztunnel-protection.bookinfo: invalid `notValue` for `key` source.workload_name: unknown attribute: source.workload_name ##### Test istio-migrate-from-sidecar-to-ambient completed: FAILAre they related to that change?
I don't think so. I'm looking at it
There was a problem hiding this comment.
Seems that Jonh is concerned about being masking an actual leak instead of a resource consumption issue
Yeah he's right ! So we need to find the leak if there is (or maybe it's just in my local environment, I need to confirm this)
|
/retest |
|
Ok, checking these errors: These error happens on this step: But I don't think are related to the step it self, seems to be related to a kind cluster issue, checking previous steps I see some pods on error state. Maybe worth include some debugging steps to check what is going on. But don't see to be related to the test it self |
Reorganized doc and added automation test for migration from sidecar to ambient mode Signed-off-by: bmangoen <bmangoen@redhat.com>
Adding prebuilt functions for creating default Istio resource, installing Bookinfo and creating Bookinfo Gateway Signed-off-by: bmangoen <bmangoen@redhat.com>
Signed-off-by: bmangoen <bmangoen@redhat.com>
Signed-off-by: bmangoen <bmangoen@redhat.com>
* Variabilize istio latest version * Remove execution of checking status Signed-off-by: bmangoen <bmangoen@redhat.com>
* Remove unnecessary console characters / debug statements * Fix all execution errors in the migration.adoc file Signed-off-by: bmangoen <bmangoen@redhat.com>
Signed-off-by: bmangoen <bmangoen@redhat.com>
Signed-off-by: bmangoen <bmangoen@redhat.com>
Signed-off-by: bmangoen <bmangoen@redhat.com>
Signed-off-by: bmangoen <bmangoen@redhat.com>
bmangoen
force-pushed
the
doc/automation-test-migration-sidecar-to-ambient
branch
from
a94ca05 to
2270e60
Compare
Signed-off-by: bmangoen <bmangoen@redhat.com>
| group: "" | ||
| name: productpage | ||
| action: DENY | ||
| action: ALLOW |
There was a problem hiding this comment.
@fjglira I modified a bit the AuthorizationPolicy. They were too restrictive and it blocks all legitimate service-to-service traffic (like ratings → reviews)
|
/retest |
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
3 participants
What type of PR is this?
What this PR does / why we need it:
Reorganized the migration from sidecar to ambient mode doc part and added automation tests for migration from sidecar to ambient mode
Which issue(s) this PR fixes:
Fixes #1290