istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/ambient/untaint/main_test.go (about) 1 //go:build integ 2 // +build integ 3 4 // Copyright Istio Authors 5 // 6 // Licensed under the Apache License, Version 2.0 (the "License"); 7 // you may not use this file except in compliance with the License. 8 // You may obtain a copy of the License at 9 // 10 // http://www.apache.org/licenses/LICENSE-2.0 11 // 12 // Unless required by applicable law or agreed to in writing, software 13 // distributed under the License is distributed on an "AS IS" BASIS, 14 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 // See the License for the specific language governing permissions and 16 // limitations under the License. 17 18 package untaint 19 20 import ( 21 "context" 22 "testing" 23 24 corev1 "k8s.io/api/core/v1" 25 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 27 "istio.io/istio/pkg/test/framework" 28 "istio.io/istio/pkg/test/framework/components/istio" 29 "istio.io/istio/pkg/test/framework/label" 30 "istio.io/istio/pkg/test/framework/resource" 31 "istio.io/istio/tests/integration/security/util/cert" 32 ) 33 34 const ( 35 Captured = "captured" 36 ) 37 38 var i istio.Instance 39 40 func TestMain(m *testing.M) { 41 // nolint: staticcheck 42 framework. 43 NewSuite(m). 44 RequireMinVersion(24). 45 Label(label.IPv4). // https://github.com/istio/istio/issues/41008 46 Setup(func(t resource.Context) error { 47 t.Settings().Ambient = true 48 return nil 49 }). 50 Setup(istio.Setup(&i, func(ctx resource.Context, cfg *istio.Config) { 51 // can't deploy VMs without eastwest gateway 52 ctx.Settings().SkipVMs() 53 cfg.DeployEastWestGW = false 54 cfg.ControlPlaneValues = ` 55 components: 56 cni: 57 namespace: "kube-system" 58 values: 59 pilot: 60 taint: 61 enabled: true 62 namespace: "kube-system" 63 env: 64 PILOT_ENABLE_NODE_UNTAINT_CONTROLLERS: "true" 65 ztunnel: 66 terminationGracePeriodSeconds: 5 67 env: 68 SECRET_TTL: 5m 69 70 gateways: 71 istio-ingressgateway: 72 enabled: false 73 istio-egressgateway: 74 enabled: false 75 76 ` 77 }, cert.CreateCASecretAlt)). 78 Teardown(untaintNodes). 79 Run() 80 } 81 82 func taintNodes(t resource.Context) error { 83 nodeC := t.Clusters().Default().Kube().CoreV1().Nodes() 84 nodes, err := nodeC.List(context.TODO(), metav1.ListOptions{}) 85 if err != nil { 86 return err 87 } 88 89 Outer: 90 for _, node := range nodes.Items { 91 for _, taint := range node.Spec.Taints { 92 if taint.Key == "cni.istio.io/not-ready" { 93 continue Outer 94 } 95 } 96 node.Spec.Taints = append(node.Spec.Taints, corev1.Taint{ 97 Key: "cni.istio.io/not-ready", 98 Value: "true", 99 Effect: corev1.TaintEffectNoSchedule, 100 }) 101 _, err := nodeC.Update(context.TODO(), &node, metav1.UpdateOptions{}) 102 if err != nil { 103 return err 104 } 105 } 106 107 return nil 108 } 109 110 // Untaint nodes if the test failed, so we restore the cluster to a usable state. 111 func untaintNodes(t resource.Context) { 112 nodeC := t.Clusters().Default(). 113 Kube().CoreV1().Nodes() 114 nodes, err := nodeC.List(context.TODO(), metav1.ListOptions{}) 115 if err != nil { 116 // TODO: log 117 return 118 } 119 120 for _, node := range nodes.Items { 121 var taints []corev1.Taint 122 for _, taint := range node.Spec.Taints { 123 if taint.Key == "cni.istio.io/not-ready" { 124 continue 125 } 126 taints = append(taints, taint) 127 } 128 if len(taints) != len(node.Spec.Taints) { 129 node.Spec.Taints = taints 130 _, err := nodeC.Update(context.TODO(), &node, metav1.UpdateOptions{}) 131 if err != nil { 132 panic(err) 133 } 134 } 135 } 136 }