37ef09c43e
testing/deployer: support tproxy in v2 for dataplane (#19094) This updates the testing/deployer (aka "topology test") framework to allow for a v2-oriented topology to opt services into enabling TransparentProxy. The restrictions are similar to that of #19046 The multiport Ports map that was added in #19046 was changed to allow for the protocol to be specified at this time, but for now the only supported protocol is TCP as only L4 functions currently on main. As part of making transparent proxy work, the DNS server needed a new zonefile for responding to virtual.consul requests, since there is no Kubernetes DNS and the Consul DNS work for v2 has not happened yet. Once Consul DNS supports v2 we should switch over. For now the format of queries is: <service>--<namespace>--<partition>.virtual.consul Additionally: - All transparent proxy enabled services are assigned a virtual ip in the 10.244.0/24 range. This is something Consul will do in v2 at a later date, likely during 1.18. - All services with exposed ports (non-mesh) are assigned a virtual port number for use with tproxy - The consul-dataplane image has been made un-distroless, and gotten the necessary tools to execute consul connect redirect-traffic before running dataplane, thus simulating a kubernetes init container in plain docker. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> |
||
---|---|---|
.. | ||
README.md | ||
ac1_basic_test.go | ||
ac2_disco_chain_test.go | ||
ac3_service_defaults_upstream_test.go | ||
ac4_proxy_defaults_test.go | ||
ac5_1_no_svc_mesh_test.go | ||
ac5_2_pq_failover_test.go | ||
ac6_failovers_test.go | ||
ac7_1_rotate_gw_test.go | ||
ac7_2_rotate_leader_test.go | ||
commontopo.go | ||
sharedtopology_test.go |
README.md
CONSUL PEERING COMMON TOPOLOGY TESTS
These peering tests all use a commonTopo
(read: "common topology") to enable sharing a deployment of a Consul. Sharing a deployment of Consul cuts down on setup time.
To run these tests, you will need to have docker installed. Next, make sure that you have all the required consul containers built:
make test-compat-integ-setup
Non-Shared CommonTopo Tests
The tests in question are designed in a manner that modifies the topology. As a result, it is not possible to share the testing environment across these tests.
Shared CommonTopo Tests
The tests in question are designed in a manner that does not modify the topology in any way that would interfere with other tests. As a result, it is possible to share the testing environment across these tests.
To run all consul peering tests with no shared topology, run the following command:
cd /path/to/peering_commontopo
go test -timeout=10m -v -no-share-topo .
To run all peering tests with shared topology only:
cd /path/to/peering_commontopo
go test -timeout=10m -run '^TestSuitesOnSharedTopo' -v .
To run individual peering topology tests:
cd /path/to/peering_commontopo
go test -timeout=10m -run '^TestSuiteExample' -v -no-share-topo .
Local Development and Testing
If writing tests for peering with no shared topology, this recommendation does not apply. The following methods below not necessarily need to be implmented. For shared topology tests, all the methods in the sharedTopoSuite
interface must be implemented.
testName()
prepends the test suite name to each test in the test suite.setup()
phase must ensure that any resources added to the topology cannot interfere with other tests. Principally by prefixing.test()
phase must be "passive" and not mutate the topology in any way that would interfere with other tests.
Common topology peering tests are defined in the test-integ/peering_commontopo/ directory and new peering integration tests should always be added to this location. Adding integration tests that does not modify the topology should always start by invoking
runShareableSuites(t, testSuiteExample)
else
func TestSuiteExample(t *testing.T) {
ct := NewCommonTopo(t)
s := &testSuiteExample{}
s.setup(t, ct)
ct.Launch(t)
s.test(t, ct)
}
Some of these tests do mutate in their test()
phase, and while they use commonTopo
for the purpose of code sharing, they are not included in the "shared topo" tests in sharedtopology_test.go
.