Merge pull request #62080 from agau4779/ingress-http2-e2e

Automatic merge from submit-queue (batch tested with PRs 60102, 59970, 60021, 62011, 62080). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

[GCE] Ingress HTTP2 e2e test

**What this PR does / why we need it**:
- Adds e2e test for bringing up an HTTP2 Ingress, converting it to HTTPS, then back to HTTP2
- Update echoserver image to 1.10

**Release note**:
```release-note
NONE
```

cluster/gce/manifests/e2e-image-puller.manifest

@@ -34,7 +34,7 @@ spec:
       k8s.gcr.io/busybox:1.24
       k8s.gcr.io/dnsutils:e2e
       k8s.gcr.io/e2e-net-amd64:1.0
-      k8s.gcr.io/echoserver:1.6
+      k8s.gcr.io/echoserver:1.10
       k8s.gcr.io/eptest:0.1
       k8s.gcr.io/fakegitserver:0.1
       k8s.gcr.io/galera-install:0.1

test/e2e/framework/ingress_utils.go

@@ -1612,7 +1612,7 @@ func generateBacksideHTTPSDeploymentSpec() *extensions.Deployment {
 					Containers: []v1.Container{
 						{
 							Name:  "echoheaders-https",
-							Image: "k8s.gcr.io/echoserver:1.9",
+							Image: "k8s.gcr.io/echoserver:1.10",
 							Ports: []v1.ContainerPort{{
 								ContainerPort: 8443,
 								Name:          "echo-443",

test/e2e/network/ingress.go

@@ -382,6 +382,39 @@ var _ = SIGDescribe("Loadbalancing: L7", func() {
 			// TODO(nikhiljindal): Check the instance group annotation value and verify with a multizone cluster.
 		})
 
+		It("should be able to switch between HTTPS and HTTP2 modes", func() {
+			httpsScheme := "request_scheme=https"
+
+			By("Create a basic HTTP2 ingress")
+			jig.CreateIngress(filepath.Join(framework.IngressManifestPath, "http2"), ns, map[string]string{}, map[string]string{})
+			jig.WaitForIngress(true)
+
+			address, err := jig.WaitForIngressAddress(jig.Client, jig.Ingress.Namespace, jig.Ingress.Name, framework.LoadBalancerPollTimeout)
+
+			By(fmt.Sprintf("Polling on address %s and verify the backend is serving HTTP2", address))
+			detectHttpVersionAndSchemeTest(f, jig, address, "request_version=2", httpsScheme)
+
+			By("Switch backend service to use HTTPS")
+			svcList, err := f.ClientSet.CoreV1().Services(ns).List(metav1.ListOptions{})
+			Expect(err).NotTo(HaveOccurred())
+			for _, svc := range svcList.Items {
+				svc.Annotations[framework.ServiceApplicationProtocolKey] = `{"http2":"HTTPS"}`
+				_, err = f.ClientSet.CoreV1().Services(ns).Update(&svc)
+				Expect(err).NotTo(HaveOccurred())
+			}
+			detectHttpVersionAndSchemeTest(f, jig, address, "request_version=1.1", httpsScheme)
+
+			By("Switch backend service to use HTTP2")
+			svcList, err = f.ClientSet.CoreV1().Services(ns).List(metav1.ListOptions{})
+			Expect(err).NotTo(HaveOccurred())
+			for _, svc := range svcList.Items {
+				svc.Annotations[framework.ServiceApplicationProtocolKey] = `{"http2":"HTTP2"}`
+				_, err = f.ClientSet.CoreV1().Services(ns).Update(&svc)
+				Expect(err).NotTo(HaveOccurred())
+			}
+			detectHttpVersionAndSchemeTest(f, jig, address, "request_version=2", httpsScheme)
+		})
+
 		// TODO: Implement a multizone e2e that verifies traffic reaches each
 		// zone based on pod labels.
 	})
@@ -840,3 +873,25 @@ func executeBacksideBacksideHTTPSTest(f *framework.Framework, jig *framework.Ing
 	})
 	Expect(err).NotTo(HaveOccurred(), "Failed to verify backside re-encryption ingress")
 }
+
+func detectHttpVersionAndSchemeTest(f *framework.Framework, jig *framework.IngressTestJig, address, version, scheme string) {
+	timeoutClient := &http.Client{Timeout: framework.IngressReqTimeout}
+	resp := ""
+	err := wait.PollImmediate(framework.LoadBalancerPollInterval, framework.LoadBalancerPollTimeout, func() (bool, error) {
+		resp, err := framework.SimpleGET(timeoutClient, fmt.Sprintf("http://%s", address), "")
+		if err != nil {
+			framework.Logf("SimpleGET failed: %v", err)
+			return false, nil
+		}
+		if !strings.Contains(resp, version) {
+			framework.Logf("Waiting for transition to HTTP/2")
+			return false, nil
+		}
+		if !strings.Contains(resp, scheme) {
+			return false, nil
+		}
+		framework.Logf("Poll succeeded, request was served by HTTP2")
+		return true, nil
+	})
+	Expect(err).NotTo(HaveOccurred(), fmt.Sprintf("Failed to get %s or %s, response body: %s", version, scheme, resp))
+}

test/e2e/network/scale/ingress.go

@@ -440,7 +440,7 @@ func generateScaleTestBackendDeploymentSpec(numReplicas int32) *extensions.Deplo
 					Containers: []v1.Container{
 						{
 							Name:  scaleTestBackendName,
-							Image: "gcr.io/google_containers/echoserver:1.6",
+							Image: "gcr.io/google_containers/echoserver:1.10",
 							Ports: []v1.ContainerPort{{ContainerPort: 8080}},
 							ReadinessProbe: &v1.Probe{
 								Handler: v1.Handler{

test/e2e/testing-manifests/ingress/http/rc.yaml

@@ -11,7 +11,7 @@ spec:
     spec:
       containers:
       - name: echoheaders
-        image: k8s.gcr.io/echoserver:1.6
+        image: k8s.gcr.io/echoserver:1.10
         ports:
         - containerPort: 8080
         readinessProbe:

test/e2e/testing-manifests/ingress/http2/ing.yaml

@@ -0,0 +1,9 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: echomap
+spec:
+  # kubemci requires a default backend.
+  backend:
+    serviceName: echoheaders
+    servicePort: 443

test/e2e/testing-manifests/ingress/http2/rc.yaml

@@ -0,0 +1,16 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: echoheaders
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: echoheaders
+    spec:
+      containers:
+      - name: echoheaders
+        image: k8s.gcr.io/echoserver:1.10
+        ports:
+        - containerPort: 8443

test/e2e/testing-manifests/ingress/http2/svc.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+      service.alpha.kubernetes.io/app-protocols: '{"http2":"HTTP2"}'
+  name: echoheaders
+  labels:
+    app: echoheaders
+spec:
+  type: NodePort
+  ports:
+  - port: 443
+    targetPort: 8443
+    protocol: TCP
+    name: http2
+  selector:
+    app: echoheaders

test/e2e/testing-manifests/ingress/pre-shared-cert/rc.yaml

@@ -11,6 +11,6 @@ spec:
     spec:
       containers:
       - name: echoheaders-https
-        image: gcr.io/google_containers/echoserver:1.6
+        image: gcr.io/google_containers/echoserver:1.10
         ports:
         - containerPort: 8080

test/e2e/testing-manifests/ingress/static-ip-2/rc.yaml

@@ -11,6 +11,6 @@ spec:
     spec:
       containers:
       - name: echoheaders-https
-        image: k8s.gcr.io/echoserver:1.6
+        image: k8s.gcr.io/echoserver:1.10
         ports:
         - containerPort: 8080

test/e2e/testing-manifests/ingress/static-ip/rc.yaml

@@ -11,6 +11,6 @@ spec:
     spec:
       containers:
       - name: echoheaders-https
-        image: k8s.gcr.io/echoserver:1.6
+        image: k8s.gcr.io/echoserver:1.10
         ports:
         - containerPort: 8080

test/utils/image/manifest.go

@@ -57,7 +57,7 @@ var (
 	CudaVectorAdd            = ImageConfig{e2eRegistry, "cuda-vector-add", "1.0", true}
 	Dnsutils                 = ImageConfig{e2eRegistry, "dnsutils", "1.0", true}
 	DNSMasq                  = ImageConfig{gcRegistry, "k8s-dns-dnsmasq", "1.14.5", true}
-	EchoServer               = ImageConfig{gcRegistry, "echoserver", "1.6", false}
+	EchoServer               = ImageConfig{gcRegistry, "echoserver", "1.10", false}
 	EntrypointTester         = ImageConfig{e2eRegistry, "entrypoint-tester", "1.0", true}
 	E2ENet                   = ImageConfig{gcRegistry, "e2e-net", "1.0", true}
 	Fakegitserver            = ImageConfig{e2eRegistry, "fakegitserver", "1.0", true}