diff --git a/api/v1alpha2/conditions.go b/api/v1alpha2/conditions.go index a23b08dabf..de13e5205b 100644 --- a/api/v1alpha2/conditions.go +++ b/api/v1alpha2/conditions.go @@ -45,6 +45,9 @@ var conditionReasons = map[ConditionReason]conditionMeta{ ConditionReasonIngressGatewayRestartSucceeded: {Type: ConditionTypeReady, Status: metav1.ConditionFalse, Message: ConditionReasonIngressGatewayRestartSucceededMessage}, ConditionReasonIngressGatewayRestartFailed: {Type: ConditionTypeReady, Status: metav1.ConditionFalse, Message: ConditionReasonIngressGatewayRestartFailedMessage}, + + ConditionReasonEgressGatewayRestartSucceeded: {Type: ConditionTypeReady, Status: metav1.ConditionFalse, Message: ConditionReasonEgressGatewayRestartSucceededMessage}, + ConditionReasonEgressGatewayRestartFailed: {Type: ConditionTypeReady, Status: metav1.ConditionFalse, Message: ConditionReasonEgressGatewayRestartFailedMessage}, } type conditionMeta struct { diff --git a/api/v1alpha2/istio_merge.go b/api/v1alpha2/istio_merge.go index 413ec2c6bc..4ada423444 100644 --- a/api/v1alpha2/istio_merge.go +++ b/api/v1alpha2/istio_merge.go @@ -216,6 +216,7 @@ func (i *Istio) mergeResources(op iopv1alpha1.IstioOperator) (iopv1alpha1.IstioO if i.Spec.Components == nil { return op, nil } + if i.Spec.Components.IngressGateway != nil { if op.Spec.Components == nil { op.Spec.Components = &v1alpha1.IstioComponentSetSpec{} @@ -226,15 +227,38 @@ func (i *Istio) mergeResources(op iopv1alpha1.IstioOperator) (iopv1alpha1.IstioO if op.Spec.Components.IngressGateways[0].K8S == nil { op.Spec.Components.IngressGateways[0].K8S = &v1alpha1.KubernetesResourcesSpec{} } - if i.Spec.Components.IngressGateway.K8s != nil { err := mergeK8sConfig(op.Spec.Components.IngressGateways[0].K8S, *i.Spec.Components.IngressGateway.K8s) if err != nil { return op, err } } + } + if i.Spec.Components.EgressGateway != nil { + if op.Spec.Components == nil { + op.Spec.Components = &v1alpha1.IstioComponentSetSpec{} + } + if len(op.Spec.Components.EgressGateways) == 0 { + op.Spec.Components.EgressGateways = append(op.Spec.Components.EgressGateways, &v1alpha1.GatewaySpec{}) + } + if op.Spec.Components.EgressGateways[0].K8S == nil { + op.Spec.Components.EgressGateways[0].K8S = &v1alpha1.KubernetesResourcesSpec{} + } + if i.Spec.Components.EgressGateway.K8s != nil { + err := mergeK8sConfig(op.Spec.Components.EgressGateways[0].K8S, *i.Spec.Components.EgressGateway.K8s) + if err != nil { + return op, err + } + } + if i.Spec.Components.EgressGateway.Enabled != nil { + if op.Spec.Components.EgressGateways[0].Enabled == nil { + op.Spec.Components.EgressGateways[0].Enabled = &wrapperspb.BoolValue{} + } + op.Spec.Components.EgressGateways[0].Enabled.Value = *i.Spec.Components.EgressGateway.Enabled + } } + if i.Spec.Components.Pilot != nil { if op.Spec.Components == nil { op.Spec.Components = &v1alpha1.IstioComponentSetSpec{} diff --git a/api/v1alpha2/istio_structs.go b/api/v1alpha2/istio_structs.go index 048e963fdf..397eb59ddb 100644 --- a/api/v1alpha2/istio_structs.go +++ b/api/v1alpha2/istio_structs.go @@ -32,6 +32,8 @@ type Components struct { Cni *CniComponent `json:"cni,omitempty"` // Proxy defines component configuration for Istio proxy sidecar Proxy *ProxyComponent `json:"proxy,omitempty"` + // +kubebuilder:validation:Optional + EgressGateway *EgressGateway `json:"egressGateway,omitempty"` } // KubernetesResourcesConfig is a subset of https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec @@ -112,3 +114,11 @@ type ResourceClaims struct { // +kubebuilder:validation:Pattern=`^[0-9]+(((\.[0-9]+)?(E|P|T|G|M|k|Ei|Pi|Ti|Gi|Mi|Ki|m)?)|(e[0-9]+))$` Memory *string `json:"memory,omitempty"` } + +// EgressGateway defines configuration for Istio egressGateway +type EgressGateway struct { + // +kubebuilder:validation:Optional + K8s *KubernetesResourcesConfig `json:"k8s"` + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty"` +} diff --git a/api/v1alpha2/istio_types.go b/api/v1alpha2/istio_types.go index 604a74bb34..e7ff8d7c0d 100644 --- a/api/v1alpha2/istio_types.go +++ b/api/v1alpha2/istio_types.go @@ -86,6 +86,12 @@ const ( ConditionReasonIngressGatewayRestartSucceededMessage = "Istio Ingress Gateway restart succeeded" ConditionReasonIngressGatewayRestartFailed ConditionReason = "IngressGatewayRestartFailed" ConditionReasonIngressGatewayRestartFailedMessage = "Istio Ingress Gateway restart failed" + + // egress gateway + ConditionReasonEgressGatewayRestartSucceeded ConditionReason = "EgressGatewayRestartSucceeded" + ConditionReasonEgressGatewayRestartSucceededMessage = "Istio Egress Gateway restart succeeded" + ConditionReasonEgressGatewayRestartFailed ConditionReason = "EgressGatewayRestartFailed" + ConditionReasonEgressGatewayRestartFailedMessage = "Istio Egress Gateway restart failed" ) type ReasonWithMessage struct { diff --git a/api/v1alpha2/merge_test.go b/api/v1alpha2/merge_test.go index 64ccd02ca8..3355a23652 100644 --- a/api/v1alpha2/merge_test.go +++ b/api/v1alpha2/merge_test.go @@ -526,6 +526,88 @@ var _ = Describe("Merge", func() { }) }) + Context("EgressGateway", func() { + Context("When Istio CR has 500m configured for CPU and 500Mi for memory limits", func() { + It("should set CPU limits to 500m and 500Mi for memory in IOP", func() { + //given + iop := iopv1alpha1.IstioOperator{ + Spec: &operatorv1alpha1.IstioOperatorSpec{}, + } + cpuLimit := "500m" + memoryLimit := "500Mi" + enabled := true + + istioCR := Istio{Spec: IstioSpec{Components: &Components{ + EgressGateway: &EgressGateway{ + Enabled: &enabled, + K8s: &KubernetesResourcesConfig{ + Resources: &Resources{ + Limits: &ResourceClaims{ + Cpu: &cpuLimit, + Memory: &memoryLimit, + }, + }, + }, + }}}} + + // when + out, err := istioCR.MergeInto(iop) + + // then + Expect(err).ShouldNot(HaveOccurred()) + + iopCpuLimit := out.Spec.Components.EgressGateways[0].K8S.Resources.Limits["cpu"] + Expect(iopCpuLimit).To(Equal(cpuLimit)) + + iopMemoryLimit := out.Spec.Components.EgressGateways[0].K8S.Resources.Limits["memory"] + Expect(iopMemoryLimit).To(Equal(memoryLimit)) + + iopEnabled := out.Spec.Components.EgressGateways[0].Enabled.GetValue() + Expect(iopEnabled).To(Equal(enabled)) + }) + }) + + Context("When Istio CR has 500m configured for CPU and 500Mi for memory requests", func() { + It("should set CPU requests to 500m and 500Mi for memory in IOP", func() { + //given + iop := iopv1alpha1.IstioOperator{ + Spec: &operatorv1alpha1.IstioOperatorSpec{}, + } + cpuRequests := "500m" + memoryRequests := "500Mi" + enabled := true + + istioCR := Istio{Spec: IstioSpec{Components: &Components{ + EgressGateway: &EgressGateway{ + Enabled: &enabled, + K8s: &KubernetesResourcesConfig{ + Resources: &Resources{ + Requests: &ResourceClaims{ + Cpu: &cpuRequests, + Memory: &memoryRequests, + }, + }, + }, + }}}} + + // when + out, err := istioCR.MergeInto(iop) + + // then + Expect(err).ShouldNot(HaveOccurred()) + + iopCpuRequests := out.Spec.Components.EgressGateways[0].K8S.Resources.Requests["cpu"] + Expect(iopCpuRequests).To(Equal(cpuRequests)) + + iopMemoryRequests := out.Spec.Components.EgressGateways[0].K8S.Resources.Requests["memory"] + Expect(iopMemoryRequests).To(Equal(memoryRequests)) + + iopEnabled := out.Spec.Components.EgressGateways[0].Enabled.GetValue() + Expect(iopEnabled).To(Equal(enabled)) + }) + }) + }) + Context("Strategy", func() { It("should update RollingUpdate when it is present in Istio CR", func() { //given diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go index 3b0e8b6fd8..581d91e9b2 100644 --- a/api/v1alpha2/zz_generated.deepcopy.go +++ b/api/v1alpha2/zz_generated.deepcopy.go @@ -115,6 +115,11 @@ func (in *Components) DeepCopyInto(out *Components) { *out = new(ProxyComponent) (*in).DeepCopyInto(*out) } + if in.EgressGateway != nil { + in, out := &in.EgressGateway, &out.EgressGateway + *out = new(EgressGateway) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Components. @@ -163,6 +168,31 @@ func (in *Config) DeepCopy() *Config { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressGateway) DeepCopyInto(out *EgressGateway) { + *out = *in + if in.K8s != nil { + in, out := &in.K8s, &out.K8s + *out = new(KubernetesResourcesConfig) + (*in).DeepCopyInto(*out) + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGateway. +func (in *EgressGateway) DeepCopy() *EgressGateway { + if in == nil { + return nil + } + out := new(EgressGateway) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Experimental) DeepCopyInto(out *Experimental) { *out = *in diff --git a/config/crd/bases/operator.kyma-project.io_istios.yaml b/config/crd/bases/operator.kyma-project.io_istios.yaml index d7c436b4d4..b0de3706e4 100644 --- a/config/crd/bases/operator.kyma-project.io_istios.yaml +++ b/config/crd/bases/operator.kyma-project.io_istios.yaml @@ -1022,6 +1022,86 @@ spec: required: - k8s type: object + egressGateway: + description: EgressGateway defines configuration for Istio egressGateway + properties: + enabled: + type: boolean + k8s: + description: KubernetesResourcesConfig is a subset of https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec + properties: + hpaSpec: + description: HPASpec defines configuration for HorizontalPodAutoscaler + properties: + maxReplicas: + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + minReplicas: + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + type: object + resources: + description: 'Resources define Kubernetes resources configuration: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + limits: + properties: + cpu: + pattern: ^([0-9]+m?|[0-9]\.[0-9]{1,3})$ + type: string + memory: + pattern: ^[0-9]+(((\.[0-9]+)?(E|P|T|G|M|k|Ei|Pi|Ti|Gi|Mi|Ki|m)?)|(e[0-9]+))$ + type: string + type: object + requests: + properties: + cpu: + pattern: ^([0-9]+m?|[0-9]\.[0-9]{1,3})$ + type: string + memory: + pattern: ^[0-9]+(((\.[0-9]+)?(E|P|T|G|M|k|Ei|Pi|Ti|Gi|Mi|Ki|m)?)|(e[0-9]+))$ + type: string + type: object + type: object + strategy: + description: Strategy defines rolling update strategy + properties: + rollingUpdate: + description: 'RollingUpdate defines configuration + for rolling updates: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + pattern: ^[0-9]+%?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: must not be negative, more than 2147483647 + or an empty string + rule: '(type(self) == int ? self >= 0 && self + <= 2147483647: self.size() >= 0)' + maxUnavailable: + anyOf: + - type: integer + - type: string + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: must not be negative, more than 2147483647 + or an empty string + rule: '(type(self) == int ? self >= 0 && self + <= 2147483647: self.size() >= 0)' + type: object + required: + - rollingUpdate + type: object + type: object + type: object ingressGateway: description: IngressGateway defines component configurations for Istio Ingress Gateway diff --git a/docs/release-notes/1.12.0.md b/docs/release-notes/1.12.0.md new file mode 100644 index 0000000000..59b6697ba0 --- /dev/null +++ b/docs/release-notes/1.12.0.md @@ -0,0 +1,2 @@ +## New Features +- Extend Istio custom resource with Egress Gateway [#1178](https://github.com/kyma-project/istio/pull/1178) diff --git a/docs/user/04-00-istio-custom-resource.md b/docs/user/04-00-istio-custom-resource.md index 2e06038c7e..d269d99afb 100644 --- a/docs/user/04-00-istio-custom-resource.md +++ b/docs/user/04-00-istio-custom-resource.md @@ -17,34 +17,41 @@ This table lists all the possible parameters of Istio CR together with their des ### Spec -| Parameter | Type | Description | -|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **compatibilityMode** | bool | Enables compatibility mode in Istio. See [Compatibility Mode](./00-10-istio-version.md#compatibility-mode). | -| **components.cni** | object | Defines component configuration for Istio CNI DaemonSet. | -| **components.cni.k8s.affinity** | object | Affinity is a group of affinity scheduling rules. To learn more, read about affininty in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Affinity). | -| **components.cni.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). For more information, read about Resources in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources ). | -| **components.ingressGateway** | object | Defines component configurations for Istio Ingress Gateway. | -| **components.ingressGateway.k8s.hpaSpec** | object | Defines configuration for HorizontalPodAutoscaler. | -| **components.ingressGateway.k8s.hpaSpec.maxReplicas** | integer | Specifies the upper limit for the number of Pods that can be set by the autoscaler. It cannot be smaller than **MinReplicas**. | -| **components.ingressGateway.k8s.hpaSpec.minReplicas** | integer | Specifies the lower limit for the number of replicas to which the autoscaler can scale down. By default, it is set to 1 Pod. The value can be set to 0 if the alpha feature gate `HPAScaleToZero` is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. | -| **components.ingressGateway.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). To learn more, read the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources). | -| **components.ingressGateway.k8s.strategy** | object | Defines the rolling update strategy. To learn more, read about DeploymentStrategy in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#DeploymentStrategy). | -| **components.pilot** | object | Defines component configuration for Istiod. | -| **components.pilot.k8s.hpaSpec** | object | Defines configuration for HorizontalPodAutoscaler. | -| **components.pilot.k8s.hpaSpec.maxReplicas** | integer | Specifies the upper limit for the number of Pods that can be set by the autoscaler. It cannot be smaller than **MinReplicas**. | +| Parameter | Type | Description | +|-------------------------------------------------------------|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **compatibilityMode** | bool | Enables compatibility mode in Istio. See [Compatibility Mode](./00-10-istio-version.md#compatibility-mode). | +| **components.cni** | object | Defines component configuration for Istio CNI DaemonSet. | +| **components.cni.k8s.affinity** | object | Affinity is a group of affinity scheduling rules. To learn more, read about affininty in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Affinity). | +| **components.cni.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). For more information, read about Resources in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources ). | +| **components.ingressGateway** | object | Defines component configurations for Istio Ingress Gateway. | +| **components.ingressGateway.k8s.hpaSpec** | object | Defines configuration for HorizontalPodAutoscaler. | +| **components.ingressGateway.k8s.hpaSpec.maxReplicas** | integer | Specifies the upper limit for the number of Pods that can be set by the autoscaler. It cannot be smaller than **MinReplicas**. | +| **components.ingressGateway.k8s.hpaSpec.minReplicas** | integer | Specifies the lower limit for the number of replicas to which the autoscaler can scale down. By default, it is set to 1 Pod. The value can be set to 0 if the alpha feature gate `HPAScaleToZero` is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. | +| **components.ingressGateway.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). To learn more, read the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources). | +| **components.ingressGateway.k8s.strategy** | object | Defines the rolling update strategy. To learn more, read about DeploymentStrategy in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#DeploymentStrategy). | +| **components.egressGateway** | object | Defines component configurations for Istio Egress Gateway. | +| **components.egressGateway.enabled** | bool | Enables Istio Egress Gateway. | +| **components.egressGateway.k8s.hpaSpec** | object | Defines configuration for HorizontalPodAutoscaler. | +| **components.egressGateway.k8s.hpaSpec.maxReplicas** | integer | Specifies the upper limit for the number of Pods that can be set by the autoscaler. It cannot be smaller than **MinReplicas**. | +| **components.egressGateway.k8s.hpaSpec.minReplicas** | integer | Specifies the lower limit for the number of replicas to which the autoscaler can scale down. By default, it is set to 1 Pod. The value can be set to 0 if the alpha feature gate `HPAScaleToZero` is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. | +| **components.egressGateway.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). To learn more, read the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources). | +| **components.egressGateway.k8s.strategy** | object | Defines the rolling update strategy. To learn more, read about DeploymentStrategy in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#DeploymentStrategy). | +| **components.pilot** | object | Defines component configuration for Istiod. | +| **components.pilot.k8s.hpaSpec** | object | Defines configuration for HorizontalPodAutoscaler. | +| **components.pilot.k8s.hpaSpec.maxReplicas** | integer | Specifies the upper limit for the number of Pods that can be set by the autoscaler. It cannot be smaller than **MinReplicas**. | | **components.pilot.k8s.hpaSpec.minReplicas** | integer | Specifies the lower limit for the number of replicas to which the autoscaler can scale down. By default, it is set to 1 Pod. The value can be set to `0` if the alpha feature gate `HPAScaleToZero` is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. | -| **components.pilot.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). For more information, read about Resources in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources). | -| **components.pilot.k8s.strategy** | object | Defines the rolling update strategy. To learn more, read about DeploymentStrategy in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#DeploymentStrategy). | -| **components.proxy** | object | Defines component configuration for the Istio proxy sidecar. | -| **components.proxy.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). To learn more, read about Resources in the [Istio documnetation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources). | -| **config** | object | Specifies the configuration for the Istio installation. | -| **config.authorizers** | \[\]authorizer | Specifies the list of external authorizers configured in the Istio service mesh config. | -| **config.numTrustedProxies** | integer | Specifies the number of trusted proxies deployed in front of the Istio gateway proxy. | -| **config.gatewayExternalTrafficPolicy** | string | Defines the external traffic policy for Istio Ingress Gateway Service. Valid configurations are `Local` or `Cluster`. The external traffic policy set to `Local` preserves the client IP in the request but also introduces the risk of unbalanced traffic distribution. | -| **experimental** | object | Defines additional experimental features that can be enabled in experimental builds. | -| **experimental.pilot** | object | Defines additional experimental features that can be enabled in Istio pilot component. | -| **experimental.pilot.enableAlphaGatewayAPI** | bool | Enables support for alpha Kubernetes Gateway API. | -| **experimental.pilot.enableMultiNetworkDiscoverGatewayAPI** | bool | Enables support for multi-network discovery in Kubernetes Gateway API. | +| **components.pilot.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). For more information, read about Resources in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources). | +| **components.pilot.k8s.strategy** | object | Defines the rolling update strategy. To learn more, read about DeploymentStrategy in the [Istio documentation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#DeploymentStrategy). | +| **components.proxy** | object | Defines component configuration for the Istio proxy sidecar. | +| **components.proxy.k8s.resources** | object | Defines [Kubernetes resources requests and limits configuration](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). To learn more, read about Resources in the [Istio documnetation](https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#Resources). | +| **config** | object | Specifies the configuration for the Istio installation. | +| **config.authorizers** | \[\]authorizer | Specifies the list of external authorizers configured in the Istio service mesh config. | +| **config.numTrustedProxies** | integer | Specifies the number of trusted proxies deployed in front of the Istio gateway proxy. | +| **config.gatewayExternalTrafficPolicy** | string | Defines the external traffic policy for Istio Ingress Gateway Service. Valid configurations are `Local` or `Cluster`. The external traffic policy set to `Local` preserves the client IP in the request but also introduces the risk of unbalanced traffic distribution. | +| **experimental** | object | Defines additional experimental features that can be enabled in experimental builds. | +| **experimental.pilot** | object | Defines additional experimental features that can be enabled in Istio pilot component. | +| **experimental.pilot.enableAlphaGatewayAPI** | bool | Enables support for alpha Kubernetes Gateway API. | +| **experimental.pilot.enableMultiNetworkDiscoverGatewayAPI** | bool | Enables support for multi-network discovery in Kubernetes Gateway API. | ### Authorizer @@ -97,23 +104,25 @@ See the possible values of the **status.state** field: See the possible values of the **status.conditions** fields: -| Istio CR's State | Type | Status | Reason | Message | -|--------------|--------------------------------|---------|-------------------------------------|------------------------------------------------------------------------------------------| -| `Ready` | `Ready` | `True` | `ReconcileSucceeded` | Reconciliation succeeded. | -| `Error` | `Ready` | `False` | `ReconcileFailed` | Reconciliation failed. | -| `Warning` | `Ready` | `False` | `OlderCRExists` | This Istio custom resource is not the oldest one and does not represent the module state. | -| `Processing` | `Ready` | `False` | `IstioInstallNotNeeded` | Istio installation is not needed. | -| `Processing` | `Ready` | `False` | `IstioInstallSucceeded` | Istio installation succeeded. | -| `Processing` | `Ready` | `False` | `IstioUninstallSucceeded` | Istio uninstallation succeded. | -| `Error` | `Ready` | `False` | `IstioInstallUninstallFailed` | Istio install or uninstall failed. | -| `Error` | `Ready` | `False` | `IstioCustomResourceMisconfigured` | Istio custom resource has invalid configuration. | -| `Warning` | `Ready` | `False` | `IstioCustomResourcesDangling` | Istio deletion blocked because of existing Istio custom resources. | -| `Processing` | `Ready` | `False` | `CustomResourcesReconcileSucceeded` | Custom resources reconciliation succeeded. | -| `Error` | `Ready` | `False` | `CustomResourcesReconcileFailed` | Custom resources reconciliation failed. | -| `Processing` | `ProxySidecarRestartSucceeded` | `True` | `ProxySidecarRestartSucceeded` | Proxy sidecar restart succeeded. | -| `Error` | `ProxySidecarRestartSucceeded` | `False` | `ProxySidecarRestartFailed` | Proxy sidecar restart failed. | -| `Processing` | `ProxySidecarRestartSucceeded` | `False` | `ProxySidecarPartiallySucceeded` | Proxy sidecar restart partially succeeded. | -| `Warning` | `ProxySidecarRestartSucceeded` | `False` | `ProxySidecarManualRestartRequired` | Proxy sidecar manual restart is required for some workloads. | -| `Processing` | `Ready` | `False` | `IngressGatewayReconcileSucceeded` | Istio Ingress Gateway reconciliation succeeded. | -| `Error` | `Ready` | `False` | `IngressGatewayReconcileFailed` | Istio Ingress Gateway reconciliation failed. | -| `Warning` | `Ready` | `False` | `IstioVersionUpdateNotAllowed` | Update to the new Istio version is not allowed. | \ No newline at end of file +| Istio CR's State | Type | Status | Reason | Message | +|------------------|--------------------------------|---------|-------------------------------------|-------------------------------------------------------------------------------------------| +| `Ready` | `Ready` | `True` | `ReconcileSucceeded` | Reconciliation succeeded. | +| `Error` | `Ready` | `False` | `ReconcileFailed` | Reconciliation failed. | +| `Warning` | `Ready` | `False` | `OlderCRExists` | This Istio custom resource is not the oldest one and does not represent the module state. | +| `Processing` | `Ready` | `False` | `IstioInstallNotNeeded` | Istio installation is not needed. | +| `Processing` | `Ready` | `False` | `IstioInstallSucceeded` | Istio installation succeeded. | +| `Processing` | `Ready` | `False` | `IstioUninstallSucceeded` | Istio uninstallation succeded. | +| `Error` | `Ready` | `False` | `IstioInstallUninstallFailed` | Istio install or uninstall failed. | +| `Error` | `Ready` | `False` | `IstioCustomResourceMisconfigured` | Istio custom resource has invalid configuration. | +| `Warning` | `Ready` | `False` | `IstioCustomResourcesDangling` | Istio deletion blocked because of existing Istio custom resources. | +| `Processing` | `Ready` | `False` | `CustomResourcesReconcileSucceeded` | Custom resources reconciliation succeeded. | +| `Error` | `Ready` | `False` | `CustomResourcesReconcileFailed` | Custom resources reconciliation failed. | +| `Processing` | `ProxySidecarRestartSucceeded` | `True` | `ProxySidecarRestartSucceeded` | Proxy sidecar restart succeeded. | +| `Error` | `ProxySidecarRestartSucceeded` | `False` | `ProxySidecarRestartFailed` | Proxy sidecar restart failed. | +| `Processing` | `ProxySidecarRestartSucceeded` | `False` | `ProxySidecarPartiallySucceeded` | Proxy sidecar restart partially succeeded. | +| `Warning` | `ProxySidecarRestartSucceeded` | `False` | `ProxySidecarManualRestartRequired` | Proxy sidecar manual restart is required for some workloads. | +| `Processing` | `Ready` | `False` | `IngressGatewayReconcileSucceeded` | Istio Ingress Gateway reconciliation succeeded. | +| `Error` | `Ready` | `False` | `IngressGatewayReconcileFailed` | Istio Ingress Gateway reconciliation failed. | +| `Processing` | `Ready` | `False` | `EgressGatewayReconcileSucceeded` | Istio Egress Gateway reconciliation succeeded. | +| `Error` | `Ready` | `False` | `EgressGatewayReconcileFailed` | Istio Egress Gateway reconciliation failed. | +| `Warning` | `Ready` | `False` | `IstioVersionUpdateNotAllowed` | Update to the new Istio version is not allowed. | diff --git a/internal/restarter/ingress_gateway.go b/internal/restarter/ingress_gateway.go index cb2a961710..b188c5570e 100644 --- a/internal/restarter/ingress_gateway.go +++ b/internal/restarter/ingress_gateway.go @@ -19,8 +19,8 @@ import ( ) const ( - namespace string = "istio-system" - deploymentName string = "istio-ingressgateway" + ingressNamespace string = "istio-system" + ingressDeploymentName string = "istio-ingressgateway" ) type IngressGatewayRestarter struct { @@ -65,7 +65,7 @@ func restartIngressGateway(ctx context.Context, k8sClient client.Client) error { ctrl.Log.Info("Restarting istio-ingressgateway") deployment := appsv1.Deployment{} - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: deploymentName}, &deployment) + err := k8sClient.Get(ctx, types.NamespacedName{Namespace: ingressNamespace, Name: ingressDeploymentName}, &deployment) if err != nil { // If ingress gateway deployment is missing, we should not fail, as it may have not yet been created // In that case, the upcoming creation of the deployment will do the same thing as we would require from the restart diff --git a/pkg/lib/sidecars/pods/get.go b/pkg/lib/sidecars/pods/get.go index 82c7b61d44..f7a8e3a838 100644 --- a/pkg/lib/sidecars/pods/get.go +++ b/pkg/lib/sidecars/pods/get.go @@ -120,7 +120,7 @@ func GetPodsToRestart(ctx context.Context, c client.Client, expectedImage Sideca func containsSidecar(pod v1.Pod) bool { // If the pod has one container it is not injected - // This skips IngressGateway pods, as those only have istio-proxy + // This skips IngressGateway and EgressGateway pods, as those only have istio-proxy if len(pod.Spec.Containers) == 1 { return false } diff --git a/tests/integration/features/configuration-suite/configuration.feature b/tests/integration/features/configuration-suite/configuration.feature index 3bd9e164e2..5031c49240 100644 --- a/tests/integration/features/configuration-suite/configuration.feature +++ b/tests/integration/features/configuration-suite/configuration.feature @@ -44,6 +44,12 @@ Feature: Configuration of Istio module And Istio CR "istio-sample" in namespace "kyma-system" has status "Ready" Then Request with header "X-Forwarded-For" with value "10.2.1.1,10.0.0.1" sent to httpbin should return "X-Envoy-External-Address" with value "10.2.1.1" + Scenario: Egress Gateway has correct configuration + When Template value "EgressGatewayEnabled" is set to "true" + And Istio CR "istio-sample" from "istio_cr_template" is applied in namespace "kyma-system" + And Istio CR "istio-sample" in namespace "kyma-system" has status "Ready" + Then "Deployment" "istio-egressgateway" in namespace "istio-system" is ready + Scenario: External authorizer When Template value "Namespace" is set to "default" And Istio CR "istio-sample" from "istio_cr_ext_authz_template" is applied in namespace "kyma-system" diff --git a/tests/integration/features/installation-suite/install.feature b/tests/integration/features/installation-suite/install.feature index 500764b476..6cbc3c57f3 100644 --- a/tests/integration/features/installation-suite/install.feature +++ b/tests/integration/features/installation-suite/install.feature @@ -31,6 +31,11 @@ Feature: Installing and uninstalling Istio module And Template value "IGMemoryLimit" is set to "1200Mi" And Template value "IGCPURequests" is set to "80m" And Template value "IGMemoryRequests" is set to "200Mi" + And Template value "EgressGatewayEnabled" is set to "true" + And Template value "EGCPULimit" is set to "1400m" + And Template value "EGMemoryLimit" is set to "1100Mi" + And Template value "EGCPURequests" is set to "70m" + And Template value "EGMemoryRequests" is set to "190Mi" When Istio CR "istio-sample" from "istio_cr_template" is applied in namespace "kyma-system" Then Istio CR "istio-sample" in namespace "kyma-system" has status "Ready" And Istio CR "istio-sample" in namespace "kyma-system" has condition with reason "ReconcileSucceeded" of type "Ready" and status "True" @@ -38,11 +43,14 @@ Feature: Installing and uninstalling Istio module And Namespace "istio-system" has "namespaces.warden.kyma-project.io/validate" label and "istios.operator.kyma-project.io/managed-by-disclaimer" annotation And "Deployment" "istiod" in namespace "istio-system" is ready And "Deployment" "istio-ingressgateway" in namespace "istio-system" is ready + And "Deployment" "istio-egressgateway" in namespace "istio-system" is ready And "DaemonSet" "istio-cni-node" in namespace "istio-system" is ready And "pilot" has "limits" set to cpu - "1200m" and memory - "1200Mi" And "pilot" has "requests" set to cpu - "15m" and memory - "200Mi" And "ingress-gateway" has "limits" set to cpu - "1500m" and memory - "1200Mi" And "ingress-gateway" has "requests" set to cpu - "80m" and memory - "200Mi" + And "egress-gateway" has "limits" set to cpu - "1400m" and memory - "1100Mi" + And "egress-gateway" has "requests" set to cpu - "70m" and memory - "190Mi" Scenario: Additional Istio resources are present Given Istio CR "istio-sample" from "istio_cr_template" is applied in namespace "kyma-system" diff --git a/tests/integration/scenario.go b/tests/integration/scenario.go index 54769cc9ba..0744dfba96 100644 --- a/tests/integration/scenario.go +++ b/tests/integration/scenario.go @@ -10,50 +10,50 @@ func initScenario(ctx *godog.ScenarioContext) { ctx.After(istioCrTearDown) t := steps.TemplatedIstioCr{} - ctx.Step(`^Evaluated cluster size is "([^"]*)"$`, steps.EvaluatedClusterSizeIs) - ctx.Step(`^Istio CRD is installed$`, steps.IstioCRDIsInstalled) - ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" has status "([^"]*)"$`, steps.IstioCRInNamespaceHasStatus) - ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" has condition with reason "([^"]*)" of type "([^"]*)" and status "([^"]*)"$`, steps.IstioCRInNamespaceHasStatusCondition) - ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" has description "([^"]*)"$`, steps.IstioCRInNamespaceHasDescription) - ctx.Step(`^Template value "([^"]*)" is set to "([^"]*)"$`, t.SetTemplateValue) - ctx.Step(`^Istio CR "([^"]*)" from "([^"]*)" is applied in namespace "([^"]*)"$`, t.IstioCRIsAppliedInNamespace) - ctx.Step(`^Istio CR "([^"]*)" from "([^"]*)" is updated in namespace "([^"]*)"$`, t.IstioCRIsUpdatedInNamespace) - ctx.Step(`^Namespace "([^"]*)" is "([^"]*)"$`, steps.NamespaceIsPresent) - ctx.Step(`^Namespace "([^"]*)" is created$`, steps.NamespaceIsCreated) - ctx.Step(`^Namespace "([^"]*)" has "([^"]*)" label and "([^"]*)" annotation`, steps.NamespaceHasLabelAndAnnotation) - ctx.Step(`^Istio CRDs "([^"]*)" be present on cluster$`, steps.IstioCRDsBePresentOnCluster) - ctx.Step(`^"([^"]*)" has "([^"]*)" set to cpu - "([^"]*)" and memory - "([^"]*)"$`, steps.IstioComponentHasResourcesSetToCpuAndMemory) - ctx.Step(`^Pod of deployment "([^"]*)" in namespace "([^"]*)" has container "([^"]*)" with resource "([^"]*)" set to cpu - "([^"]*)" and memory - "([^"]*)"$`, steps.DeploymentHasPodWithContainerResourcesSetToCpuAndMemory) + ctx.Step(`^"([^"]*)" "([^"]*)" in namespace "([^"]*)" is "([^"]*)"`, steps.ResourceIsPresent) ctx.Step(`^"([^"]*)" "([^"]*)" in namespace "([^"]*)" is deleted$`, steps.ResourceInNamespaceIsDeleted) + ctx.Step(`^"([^"]*)" "([^"]*)" in namespace "([^"]*)" is ready$`, steps.ResourceIsReady) ctx.Step(`^"([^"]*)" "([^"]*)" is deleted$`, steps.ClusterResourceIsDeleted) + ctx.Step(`^"([^"]*)" has "([^"]*)" set to cpu - "([^"]*)" and memory - "([^"]*)"$`, steps.IstioComponentHasResourcesSetToCpuAndMemory) ctx.Step(`^"([^"]*)" is not present on cluster$`, steps.ResourceNotPresent) - ctx.Step(`^Istio injection is "([^"]*)" in namespace "([^"]*)"$`, steps.SetIstioInjection) + ctx.Step(`^Access logging is enabled for the mesh using "([^"]*)" provider$`, steps.EnableAccessLogging) ctx.Step(`^Application "([^"]*)" in namespace "([^"]*)" has proxy with "([^"]*)" set to cpu - "([^"]*)" and memory - "([^"]*)"$`, steps.ApplicationHasProxyResourcesSetToCpuAndMemory) + ctx.Step(`^Application "([^"]*)" in namespace "([^"]*)" has required version of proxy$`, steps.ApplicationPodShouldHaveIstioProxyInRequiredVersion) ctx.Step(`^Application pod "([^"]*)" in namespace "([^"]*)" has Istio proxy "([^"]*)"$`, steps.ApplicationPodShouldHaveIstioProxy) + ctx.Step(`^Authorization policy "([^"]*)" in namespace "([^"]*)" with app selector "([^"]*)" is using extension provider "([^"]*)" for operation "([^"]*)"$`, steps.CreateAuthorizationPolicyExtAuthz) + ctx.Step(`^Container "([^"]*)" of "([^"]*)" "([^"]*)" in namespace "([^"]*)" has required version$`, steps.IstioResourceContainerHasRequiredVersion) ctx.Step(`^Destination rule "([^"]*)" in namespace "([^"]*)" with host "([^"]*)" exists$`, steps.CreateDestinationRule) - ctx.Step(`^Istio is manually uninstalled$`, steps.UninstallIstio) - ctx.Step(`^Httpbin application "([^"]*)" deployment is created in namespace "([^"]*)"$`, steps.CreateHttpbinApplication) + ctx.Step(`^Evaluated cluster size is "([^"]*)"$`, steps.EvaluatedClusterSizeIs) + ctx.Step(`^Ext-authz application "([^"]*)" deployment is created in namespace "([^"]*)"$`, steps.CreateExtAuthzApplication) ctx.Step(`^Httpbin application "([^"]*)" deployment is created in namespace "([^"]*)" with service port "([^"]*)"$`, steps.CreateHttpbinApplicationWithServicePort) - ctx.Step(`^Nginx application "([^"]*)" deployment is created in namespace "([^"]*)" with forward to "([^"]*)" and service port 80$`, steps.CreateNginxApplication) + ctx.Step(`^Httpbin application "([^"]*)" deployment is created in namespace "([^"]*)"$`, steps.CreateHttpbinApplication) + ctx.Step(`^Istio CR "([^"]*)" from "([^"]*)" is applied in namespace "([^"]*)"$`, t.IstioCRIsAppliedInNamespace) + ctx.Step(`^Istio CR "([^"]*)" from "([^"]*)" is updated in namespace "([^"]*)"$`, t.IstioCRIsUpdatedInNamespace) + ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" has condition with reason "([^"]*)" of type "([^"]*)" and status "([^"]*)"$`, steps.IstioCRInNamespaceHasStatusCondition) + ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" has description "([^"]*)"$`, steps.IstioCRInNamespaceHasDescription) + ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" has status "([^"]*)"$`, steps.IstioCRInNamespaceHasStatus) + ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" status update happened in the last 20 seconds$`, steps.IstioCrStatusUpdateHappened) + ctx.Step(`^Istio CRD is installed$`, steps.IstioCRDIsInstalled) + ctx.Step(`^Istio CRDs "([^"]*)" be present on cluster$`, steps.IstioCRDsBePresentOnCluster) + ctx.Step(`^Istio controller has been upgraded$`, steps.DeployIstioOperator) ctx.Step(`^Istio gateway "([^"]*)" is configured in namespace "([^"]*)"$`, steps.CreateIstioGateway) - ctx.Step(`^Virtual service "([^"]*)" exposing service "([^"]*)" by gateway "([^"]*)" is configured in namespace "([^"]*)"$`, steps.CreateVirtualService) - ctx.Step(`^Virtual service "([^"]*)" exposing service "([^"]*)" with port "([^"]*)" by gateway "([^"]*)" is configured in namespace "([^"]*)"$`, steps.CreateVirtualServiceWithPort) - ctx.Step(`^Request with header "([^"]*)" with value "([^"]*)" sent to httpbin should return "([^"]*)" with value "([^"]*)"$`, steps.ValidateHeader) - ctx.Step(`^Request to path "([^"]*)" should return "([^"]*)" with value "([^"]*)" in body$`, steps.ValidateHeaderInBody) + ctx.Step(`^Istio injection is "([^"]*)" in namespace "([^"]*)"$`, steps.SetIstioInjection) + ctx.Step(`^Istio is manually uninstalled$`, steps.UninstallIstio) + ctx.Step(`^Log of container "([^"]*)" in deployment "([^"]*)" in namespace "([^"]*)" contains "([^"]*)"$`, steps.ContainerLogContainsString) + ctx.Step(`^Namespace "([^"]*)" has "([^"]*)" label and "([^"]*)" annotation`, steps.NamespaceHasLabelAndAnnotation) + ctx.Step(`^Namespace "([^"]*)" is "([^"]*)"$`, steps.NamespaceIsPresent) + ctx.Step(`^Namespace "([^"]*)" is created$`, steps.NamespaceIsCreated) + ctx.Step(`^Nginx application "([^"]*)" deployment is created in namespace "([^"]*)" with forward to "([^"]*)" and service port 80$`, steps.CreateNginxApplication) + ctx.Step(`^OTEL Collector mock "([^"]*)" deployment is created in namespace "([^"]*)"$`, steps.CreateTelemetryCollectorMock) + ctx.Step(`^Pod of deployment "([^"]*)" in namespace "([^"]*)" has container "([^"]*)" with resource "([^"]*)" set to cpu - "([^"]*)" and memory - "([^"]*)"$`, steps.DeploymentHasPodWithContainerResourcesSetToCpuAndMemory) + ctx.Step(`^Request sent to exposed httpbin, should contain public client IP in "([^"]*)" header$`, steps.ValidatePublicClientIpInHeader) ctx.Step(`^Request to path "([^"]*)" should have response code "([^"]*)"$`, steps.ValidateResponseStatusCode) + ctx.Step(`^Request to path "([^"]*)" should return "([^"]*)" with value "([^"]*)" in body$`, steps.ValidateHeaderInBody) + ctx.Step(`^Request with header "([^"]*)" with value "([^"]*)" sent to httpbin should return "([^"]*)" with value "([^"]*)"$`, steps.ValidateHeader) ctx.Step(`^Request with header "([^"]*)" with value "([^"]*)" to path "([^"]*)" should have response code "([^"]*)"$`, steps.ValidateResponseCodeForRequestWithHeader) - ctx.Step(`^"([^"]*)" "([^"]*)" in namespace "([^"]*)" is "([^"]*)"`, steps.ResourceIsPresent) - ctx.Step(`^Request sent to exposed httpbin, should contain public client IP in "([^"]*)" header$`, steps.ValidatePublicClientIpInHeader) - ctx.Step(`^Access logging is enabled for the mesh using "([^"]*)" provider$`, steps.EnableAccessLogging) - ctx.Step(`^Log of container "([^"]*)" in deployment "([^"]*)" in namespace "([^"]*)" contains "([^"]*)"$`, steps.ContainerLogContainsString) - ctx.Step(`^Tracing is enabled for the mesh using provider "([^"]*)"$`, steps.EnableTracing) ctx.Step(`^Service is created for the otel collector "([^"]*)" in namespace "([^"]*)"$`, steps.CreateOpenTelemetryService) - ctx.Step(`^OTEL Collector mock "([^"]*)" deployment is created in namespace "([^"]*)"$`, steps.CreateTelemetryCollectorMock) - ctx.Step(`^Ext-authz application "([^"]*)" deployment is created in namespace "([^"]*)"$`, steps.CreateExtAuthzApplication) - ctx.Step(`^Authorization policy "([^"]*)" in namespace "([^"]*)" with app selector "([^"]*)" is using extension provider "([^"]*)" for operation "([^"]*)"$`, steps.CreateAuthorizationPolicyExtAuthz) - ctx.Step(`^"([^"]*)" "([^"]*)" in namespace "([^"]*)" is ready$`, steps.ResourceIsReady) - ctx.Step(`^Istio CR "([^"]*)" in namespace "([^"]*)" status update happened in the last 20 seconds$`, steps.IstioCrStatusUpdateHappened) - ctx.Step(`^Istio controller has been upgraded$`, steps.DeployIstioOperator) - ctx.Step(`^Application "([^"]*)" in namespace "([^"]*)" has required version of proxy$`, steps.ApplicationPodShouldHaveIstioProxyInRequiredVersion) - ctx.Step(`^Container "([^"]*)" of "([^"]*)" "([^"]*)" in namespace "([^"]*)" has required version$`, steps.IstioResourceContainerHasRequiredVersion) + ctx.Step(`^Template value "([^"]*)" is set to "([^"]*)"$`, t.SetTemplateValue) + ctx.Step(`^Tracing is enabled for the mesh using provider "([^"]*)"$`, steps.EnableTracing) + ctx.Step(`^Virtual service "([^"]*)" exposing service "([^"]*)" by gateway "([^"]*)" is configured in namespace "([^"]*)"$`, steps.CreateVirtualService) + ctx.Step(`^Virtual service "([^"]*)" exposing service "([^"]*)" with port "([^"]*)" by gateway "([^"]*)" is configured in namespace "([^"]*)"$`, steps.CreateVirtualServiceWithPort) } diff --git a/tests/integration/steps/istio.go b/tests/integration/steps/istio.go index 2ab9151cfc..f6e47d63e2 100644 --- a/tests/integration/steps/istio.go +++ b/tests/integration/steps/istio.go @@ -114,8 +114,24 @@ func getResourcesForIstioComponent(k8sClient client.Client, component, resourceT res.Memory = *igDeployment.Spec.Template.Spec.Containers[0].Resources.Requests.Memory() res.Cpu = *igDeployment.Spec.Template.Spec.Containers[0].Resources.Requests.Cpu() } + return &res, nil + + case "egress-gateway": + var egDeployment appsv1.Deployment + err := k8sClient.Get(context.Background(), types.NamespacedName{Name: "istio-egressgateway", Namespace: defaultIstioNamespace}, &egDeployment) + if err != nil { + return nil, err + } + if resourceType == "limits" { + res.Memory = *egDeployment.Spec.Template.Spec.Containers[0].Resources.Limits.Memory() + res.Cpu = *egDeployment.Spec.Template.Spec.Containers[0].Resources.Limits.Cpu() + } else { + res.Memory = *egDeployment.Spec.Template.Spec.Containers[0].Resources.Requests.Memory() + res.Cpu = *egDeployment.Spec.Template.Spec.Containers[0].Resources.Requests.Cpu() + } return &res, nil + case "pilot": var idDeployment appsv1.Deployment err := k8sClient.Get(context.Background(), types.NamespacedName{Name: "istiod", Namespace: defaultIstioNamespace}, &idDeployment) @@ -130,8 +146,8 @@ func getResourcesForIstioComponent(k8sClient client.Client, component, resourceT res.Memory = *idDeployment.Spec.Template.Spec.Containers[0].Resources.Requests.Memory() res.Cpu = *idDeployment.Spec.Template.Spec.Containers[0].Resources.Requests.Cpu() } - return &res, nil + default: return nil, fmt.Errorf("resources for component %s are not implemented", component) } diff --git a/tests/integration/steps/istio_cr_template.yaml b/tests/integration/steps/istio_cr_template.yaml index bf437c095f..9e20230556 100644 --- a/tests/integration/steps/istio_cr_template.yaml +++ b/tests/integration/steps/istio_cr_template.yaml @@ -38,6 +38,23 @@ spec: hpaSpec: maxReplicas: {{.IGMaxReplicas}} minReplicas: {{.IGMinReplicas}} + egressGateway: + enabled: {{.EgressGatewayEnabled}} + k8s: + resources: + limits: + cpu: {{.EGCPULimit}} + memory: {{.EGMemoryLimit}} + requests: + cpu: {{.EGCPURequests}} + memory: {{.EGMemoryRequests}} + strategy: + rollingUpdate: + maxSurge: {{.EGMaxSurge}} + maxUnavailable: {{.EGMaxUnavailable}} + hpaSpec: + maxReplicas: {{.EGMaxReplicas}} + minReplicas: {{.EGMinReplicas}} proxy: k8s: resources: