diff options
Diffstat (limited to 'spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb')
-rw-r--r-- | spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb | 223 |
1 files changed, 0 insertions, 223 deletions
diff --git a/spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb b/spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb deleted file mode 100644 index f26177a56d0..00000000000 --- a/spec/services/clusters/kubernetes/configure_istio_ingress_service_spec.rb +++ /dev/null @@ -1,223 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Clusters::Kubernetes::ConfigureIstioIngressService, '#execute' do - include KubernetesHelpers - - let(:cluster) { create(:cluster, :project, :provided_by_gcp) } - let(:api_url) { 'https://kubernetes.example.com' } - let(:project) { cluster.project } - let(:environment) { create(:environment, project: project) } - let(:cluster_project) { cluster.cluster_project } - let(:namespace) { "#{project.name}-#{project.id}-#{environment.slug}" } - let(:kubeclient) { cluster.kubeclient } - - subject do - described_class.new( - cluster: cluster - ).execute - end - - before do - stub_kubeclient_discover_istio(api_url) - stub_kubeclient_create_secret(api_url, namespace: namespace) - stub_kubeclient_put_secret(api_url, "#{namespace}-token", namespace: namespace) - - stub_kubeclient_get_secret( - api_url, - metadata_name: "#{namespace}-token", - token: Base64.encode64('sample-token'), - namespace: namespace - ) - - stub_kubeclient_get_secret( - api_url, - metadata_name: 'istio-ingressgateway-ca-certs', - namespace: 'istio-system' - ) - - stub_kubeclient_get_secret( - api_url, - metadata_name: 'istio-ingressgateway-certs', - namespace: 'istio-system' - ) - - stub_kubeclient_put_secret(api_url, 'istio-ingressgateway-ca-certs', namespace: 'istio-system') - stub_kubeclient_put_secret(api_url, 'istio-ingressgateway-certs', namespace: 'istio-system') - stub_kubeclient_get_gateway(api_url, 'knative-ingress-gateway', namespace: 'knative-serving') - stub_kubeclient_put_gateway(api_url, 'knative-ingress-gateway', namespace: 'knative-serving') - end - - context 'without a serverless_domain_cluster' do - it 'configures gateway to use PASSTHROUGH' do - subject - - expect(WebMock).to have_requested(:put, api_url + '/apis/networking.istio.io/v1alpha3/namespaces/knative-serving/gateways/knative-ingress-gateway').with( - body: hash_including( - apiVersion: "networking.istio.io/v1alpha3", - kind: "Gateway", - metadata: { - generation: 1, - labels: { - "networking.knative.dev/ingress-provider" => "istio", - "serving.knative.dev/release" => "v0.7.0" - }, - name: "knative-ingress-gateway", - namespace: "knative-serving", - selfLink: "/apis/networking.istio.io/v1alpha3/namespaces/knative-serving/gateways/knative-ingress-gateway" - }, - spec: { - selector: { - istio: "ingressgateway" - }, - servers: [ - { - hosts: ["*"], - port: { - name: "http", - number: 80, - protocol: "HTTP" - } - }, - { - hosts: ["*"], - port: { - name: "https", - number: 443, - protocol: "HTTPS" - }, - tls: { - mode: "PASSTHROUGH" - } - } - ] - } - ) - ) - end - end - - context 'with a serverless_domain_cluster' do - let(:serverless_domain_cluster) { create(:serverless_domain_cluster) } - let(:certificate) { OpenSSL::X509::Certificate.new(serverless_domain_cluster.certificate) } - - before do - cluster.application_knative = serverless_domain_cluster.knative - end - - it 'configures certificates' do - subject - - expect(serverless_domain_cluster.reload.key).not_to be_blank - expect(serverless_domain_cluster.reload.certificate).not_to be_blank - - expect(certificate.subject.to_s).to include(serverless_domain_cluster.knative.hostname) - - expect(certificate.not_before).to be_within(1.minute).of(Time.current) - expect(certificate.not_after).to be_within(1.minute).of(Time.current + 1000.years) - - expect(WebMock).to have_requested(:put, api_url + '/api/v1/namespaces/istio-system/secrets/istio-ingressgateway-ca-certs').with( - body: hash_including( - metadata: { - name: 'istio-ingressgateway-ca-certs', - namespace: 'istio-system' - }, - type: 'Opaque' - ) - ) - - expect(WebMock).to have_requested(:put, api_url + '/api/v1/namespaces/istio-system/secrets/istio-ingressgateway-certs').with( - body: hash_including( - metadata: { - name: 'istio-ingressgateway-certs', - namespace: 'istio-system' - }, - type: 'kubernetes.io/tls' - ) - ) - end - - it 'configures gateway to use MUTUAL' do - subject - - expect(WebMock).to have_requested(:put, api_url + '/apis/networking.istio.io/v1alpha3/namespaces/knative-serving/gateways/knative-ingress-gateway').with( - body: { - apiVersion: "networking.istio.io/v1alpha3", - kind: "Gateway", - metadata: { - generation: 1, - labels: { - "networking.knative.dev/ingress-provider" => "istio", - "serving.knative.dev/release" => "v0.7.0" - }, - name: "knative-ingress-gateway", - namespace: "knative-serving", - selfLink: "/apis/networking.istio.io/v1alpha3/namespaces/knative-serving/gateways/knative-ingress-gateway" - }, - spec: { - selector: { - istio: "ingressgateway" - }, - servers: [ - { - hosts: ["*"], - port: { - name: "http", - number: 80, - protocol: "HTTP" - } - }, - { - hosts: ["*"], - port: { - name: "https", - number: 443, - protocol: "HTTPS" - }, - tls: { - mode: "MUTUAL", - privateKey: "/etc/istio/ingressgateway-certs/tls.key", - serverCertificate: "/etc/istio/ingressgateway-certs/tls.crt", - caCertificates: "/etc/istio/ingressgateway-ca-certs/cert.pem" - } - } - ] - } - } - ) - end - end - - context 'when there is an error' do - before do - cluster.application_knative = create(:clusters_applications_knative) - - allow_next_instance_of(described_class) do |instance| - allow(instance).to receive(:configure_passthrough).and_raise(error) - end - end - - context 'Kubeclient::HttpError' do - let(:error) { Kubeclient::HttpError.new(404, nil, nil) } - - it 'puts Knative into an errored state' do - subject - - expect(cluster.application_knative).to be_errored - expect(cluster.application_knative.status_reason).to eq('Kubernetes error: 404') - end - end - - context 'StandardError' do - let(:error) { RuntimeError.new('something went wrong') } - - it 'puts Knative into an errored state' do - subject - - expect(cluster.application_knative).to be_errored - expect(cluster.application_knative.status_reason).to eq('Failed to update.') - end - end - end -end |