istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/GKE.md

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/GKE.md (about)

     1  # Running end-to-end (E2E) tests on your own Kubernetes cluster
     2  
     3  * [Step 1: Set up GCP](#step-1-setup-gcp)
     4  * [Step 2: Set up a cluster](#step-2-setup-a-cluster)
     5  * [Step 3: Set up Istio environment variables](#step-3-setup-istio-environment-variables)
     6  
     7  ## Step 1: Set up GCP
     8  
     9  This section walks you through the one-time set-up for creating and configuring a Google Cloud Platform (GCP) project.
    10  
    11  ### Install Google Cloud SDK
    12  
    13  If you haven't already installed the Google Cloud SDK, follow the instructions [here](https://cloud.google.com/sdk/). If you're not
    14  sure if you have it installed, you can check with:
    15  
    16  ```bash
    17  which gcloud
    18  ```
    19  
    20  ### Create a project
    21  
    22  If you haven't already, [create a Google Cloud Project](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
    23  
    24  ### Configure GCE/GKE Service Account
    25  
    26  You must grant your default compute service account the correct permissions before creating the deployment.
    27  Otherwise, the installation will fail.
    28  
    29  > Note the **Project Number** for your project by visiting the [Dashboard Page](https://console.cloud.google.com/homehttps://console.cloud.google.com/home) of Google Cloud Console.
    30  
    31  Navigate to the [IAM section](https://console.cloud.google.com/permissions/projectpermissions)
    32  of the Google Cloud Console and make sure that your default compute service account (by default
    33  `[PROJECT_NUMBER]-compute@developer.gserviceaccount.com`) includes the following roles:
    34  
    35  * **Kubernetes Engine Admin** (`roles/container.admin`)
    36  * **Editor** (`roles/editor`, included by default)
    37  
    38  ## Step 2: Set up a cluster
    39  
    40  The following steps are automated with the script `create_cluster_gke.sh` located in this directory. To create a cluster with the script, simply run:
    41  
    42  ```bash
    43  ./tests/integration/create_cluster_gke.sh -c ${CLUSTER_NAME}
    44  ```
    45  
    46  To list the options for the script, you can get help via `-h`:
    47  
    48  ```bash
    49  ./tests/integration/create_cluster_gke.sh -h
    50  ```
    51  
    52  ### Create the cluster
    53  
    54  E2E tests require a Kubernetes cluster. You can create one using the Google Container Engine using the following command:
    55  
    56  ```bash
    57  gcloud container clusters \
    58    create ${CLUSTER_NAME} \
    59    --zone ${ZONE} \
    60    --project ${PROJECT_ID} \
    61    --cluster-version ${CLUSTER_VERSION} \
    62    --machine-type ${MACHINE_TYPE} \
    63    --num-nodes ${NUM_NODES} \
    64    --enable-kubernetes-alpha \
    65    --no-enable-legacy-authorization
    66   ```
    67  
    68  * `CLUSTER_NAME`: Whatever suits your fancy, 'istio-e2e' is a good choice.
    69  * `ZONE`: 'us-central1-f' is a good value to use.
    70  * `PROJECT_ID`: is the ID of the GCP project that will house the cluster. You get a project by visiting [GCP](https://console.cloud.google.com).
    71  * `CLUSTER_VERSION`: 1.7.3 or later.
    72  * `MACHINE_TYPE`: Use 'n1-standard-4'
    73  * `NUM_NODES`: Use 3.
    74  * `no-enable-legacy-authorization`: Optional, needed if you want to test RBAC.
    75  
    76  ### Get cluster credentials
    77  
    78  ```bash
    79  gcloud container clusters get-credentials ${CLUSTER_NAME} \
    80     --zone ${ZONE} --project ${PROJECT_ID}
    81  ```
    82  
    83  ### Grant admin permission
    84  
    85  ```bash
    86  kubectl create clusterrolebinding myname-cluster-admin-binding \
    87     --clusterrole=cluster-admin \
    88     --user=$(gcloud config get-value core/account)
    89  ```
    90  
    91  ## Step 3: Set up Istio environment variables
    92  
    93  ### Option 1: Build your own images
    94  
    95  You can set the **HUB** and **TAG** environment variables to point to your own Docker registry.
    96  Additionally, you can also set **GS_BUCKET** to use a different Google Storage Bucket than the default one
    97  (you need write permissions) it allows you to customize Makefile rules.
    98  
    99  For example:
   100  
   101  ```bash
   102  export HUB=myname
   103  export TAG=latest
   104  export GS_BUCKET=mybucket
   105  ```
   106  
   107  Then you can build and push the docker images to your registry:
   108  
   109  ```bash
   110  # Build images on the local docker.
   111  make docker
   112  
   113  # Push images to docker registry
   114  make push
   115  ```
   116  
   117  On MacOS, you need to set the target operating system before building the images
   118  
   119  ```bash
   120  GOOS=linux make docker push
   121  ```
   122  
   123  ### Option 2: Use pre-built Istio images
   124  
   125  In this case, you'll need to specify the image SHA in the `TAG` environment variable. You can pick any SHA available from the [published build releases](https://github.com/istio/istio/wiki/Dev%20Builds) or the `latest` for latest released dev images.
   126  
   127  ```bash
   128  export HUB="gcr.io/istio-testing"
   129  export TAG="latest"
   130  ```