Add support for grpc_set_header
This commit is contained in:
Manuel de Brito Fontes
parent
7ef8a0a775
commit
ff3e182350
13 changed files with 248 additions and 46 deletions
|
|
@ -45,7 +45,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
It("should return status code 200 when no authentication is configured", func() {
|
||||
host := "auth"
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
It("should return status code 503 when authentication is configured with an invalid secret", func() {
|
||||
host := "auth"
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -106,7 +106,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -143,7 +143,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -181,7 +181,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
@ -230,7 +230,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Alias", func() {
|
|||
Expect(s).NotTo(BeNil())
|
||||
Expect(s.ObjectMeta).NotTo(BeNil())
|
||||
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
bi, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bi).NotTo(BeNil())
|
||||
|
||||
|
|
|
|||
63
test/e2e/annotations/grpc.go
Normal file
63
test/e2e/annotations/grpc.go
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package annotations
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"k8s.io/ingress-nginx/test/e2e/framework"
|
||||
)
|
||||
|
||||
var _ = framework.IngressNginxDescribe("Annotations - grpc", func() {
|
||||
f := framework.NewDefaultFramework("grpc")
|
||||
|
||||
BeforeEach(func() {
|
||||
err := f.NewGRPCFortuneTellerDeployment()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
|
||||
Context("when grpc is enabled", func() {
|
||||
It("should use grpc_pass in the configuration file", func() {
|
||||
host := "grpc"
|
||||
|
||||
annotations := map[string]string{
|
||||
"nginx.ingress.kubernetes.io/grpc-backend": "true",
|
||||
}
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "fortune-teller", 50051, &annotations))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring(fmt.Sprintf("server_name %v", host))) &&
|
||||
Expect(server).ShouldNot(ContainSubstring("return 503"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring("grpc_pass")) &&
|
||||
Expect(server).Should(ContainSubstring("grpc_set_header")) &&
|
||||
Expect(server).ShouldNot(ContainSubstring("proxy_pass"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
@ -39,7 +39,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
Context("when lua-resty-waf is enabled", func() {
|
||||
It("should return 403 for a malicious request that matches a default WAF rule and 200 for other requests", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "active"})
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "active"})
|
||||
|
||||
url := fmt.Sprintf("%s?msg=<A href=\"http://mysite.com/\">XSS</A>", f.IngressController.HTTPURL)
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
@ -52,7 +52,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
It("should not apply ignored rulesets", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf": "active",
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf-ignore-rulesets": "41000_sqli, 42000_xss"})
|
||||
|
||||
|
|
@ -67,7 +67,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
It("should apply configured extra rules", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf": "active",
|
||||
"nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules": `[=[
|
||||
{ "access": [
|
||||
|
|
@ -106,7 +106,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
Context("when lua-resty-waf is not enabled", func() {
|
||||
It("should return 200 even for a malicious request", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{})
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{})
|
||||
|
||||
url := fmt.Sprintf("%s?msg=<A href=\"http://mysite.com/\">XSS</A>", f.IngressController.HTTPURL)
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
@ -119,7 +119,7 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
It("should run in simulate mode", func() {
|
||||
host := "foo"
|
||||
createIngress(f, host, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "simulate"})
|
||||
createIngress(f, host, "http-svc", 80, map[string]string{"nginx.ingress.kubernetes.io/lua-resty-waf": "simulate"})
|
||||
|
||||
url := fmt.Sprintf("%s?msg=<A href=\"http://mysite.com/\">XSS</A>", f.IngressController.HTTPURL)
|
||||
resp, _, errs := gorequest.New().
|
||||
|
|
@ -138,14 +138,14 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
|
|||
})
|
||||
})
|
||||
|
||||
func createIngress(f *framework.Framework, host string, annotations map[string]string) {
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, &annotations))
|
||||
func createIngress(f *framework.Framework, host, service string, port int, annotations map[string]string) {
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, service, port, &annotations))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
|
||||
err = f.WaitForNginxServer(host,
|
||||
func(server string) bool {
|
||||
return Expect(server).Should(ContainSubstring("server_name foo")) &&
|
||||
return Expect(server).Should(ContainSubstring(fmt.Sprintf("server_name %v", host))) &&
|
||||
Expect(server).ShouldNot(ContainSubstring("return 503"))
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
|
|
|||
|
|
@ -385,7 +385,7 @@ func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name
|
|||
}
|
||||
|
||||
// NewSingleIngress creates a simple ingress rule
|
||||
func NewSingleIngress(name, path, host, ns string, annotations *map[string]string) *extensions.Ingress {
|
||||
func NewSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress {
|
||||
if annotations == nil {
|
||||
annotations = &map[string]string{}
|
||||
}
|
||||
|
|
@ -412,8 +412,8 @@ func NewSingleIngress(name, path, host, ns string, annotations *map[string]strin
|
|||
{
|
||||
Path: path,
|
||||
Backend: extensions.IngressBackend{
|
||||
ServiceName: "http-svc",
|
||||
ServicePort: intstr.FromInt(80),
|
||||
ServiceName: service,
|
||||
ServicePort: intstr.FromInt(port),
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
125
test/e2e/framework/grpc_fortune_teller.go
Normal file
125
test/e2e/framework/grpc_fortune_teller.go
Normal file
|
|
@ -0,0 +1,125 @@
|
|||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package framework
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
extensions "k8s.io/api/extensions/v1beta1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/fields"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
)
|
||||
|
||||
// NewGRPCFortuneTellerDeployment creates a new single replica
|
||||
// deployment of the fortune teller image in a particular namespace
|
||||
func (f *Framework) NewGRPCFortuneTellerDeployment() error {
|
||||
return f.NewNewGRPCFortuneTellerDeploymentWithReplicas(1)
|
||||
}
|
||||
|
||||
// NewNewGRPCFortuneTellerDeploymentWithReplicas creates a new deployment of the
|
||||
// fortune teller image in a particular namespace. Number of replicas is configurable
|
||||
func (f *Framework) NewNewGRPCFortuneTellerDeploymentWithReplicas(replicas int32) error {
|
||||
deployment := &extensions.Deployment{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "fortune-teller",
|
||||
Namespace: f.IngressController.Namespace,
|
||||
},
|
||||
Spec: extensions.DeploymentSpec{
|
||||
Replicas: NewInt32(replicas),
|
||||
Selector: &metav1.LabelSelector{
|
||||
MatchLabels: map[string]string{
|
||||
"app": "fortune-teller",
|
||||
},
|
||||
},
|
||||
Template: corev1.PodTemplateSpec{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Labels: map[string]string{
|
||||
"app": "fortune-teller",
|
||||
},
|
||||
},
|
||||
Spec: corev1.PodSpec{
|
||||
TerminationGracePeriodSeconds: NewInt64(0),
|
||||
Containers: []corev1.Container{
|
||||
{
|
||||
Name: "fortune-teller",
|
||||
Image: "quay.io/kubernetes-ingress-controller/grpc-fortune-teller:0.1",
|
||||
Env: []corev1.EnvVar{},
|
||||
Ports: []corev1.ContainerPort{
|
||||
{
|
||||
Name: "grpc",
|
||||
ContainerPort: 50051,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
d, err := f.EnsureDeployment(deployment)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if d == nil {
|
||||
return fmt.Errorf("unexpected error creating deployement for fortune-teller")
|
||||
}
|
||||
|
||||
err = WaitForPodsReady(f.KubeClientSet, 5*time.Minute, int(replicas), f.IngressController.Namespace, metav1.ListOptions{
|
||||
LabelSelector: fields.SelectorFromSet(fields.Set(d.Spec.Template.ObjectMeta.Labels)).String(),
|
||||
})
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to wait for to become ready")
|
||||
}
|
||||
|
||||
service := &corev1.Service{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "fortune-teller",
|
||||
Namespace: f.IngressController.Namespace,
|
||||
},
|
||||
Spec: corev1.ServiceSpec{
|
||||
Ports: []corev1.ServicePort{
|
||||
{
|
||||
Name: "grpc",
|
||||
Port: 50051,
|
||||
TargetPort: intstr.FromInt(50051),
|
||||
Protocol: "TCP",
|
||||
},
|
||||
},
|
||||
Selector: map[string]string{
|
||||
"app": "fortune-teller",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
s, err := f.EnsureService(service)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if s == nil {
|
||||
return fmt.Errorf("unexpected error creating service for fortune-teller deployment")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -364,7 +364,7 @@ func enableDynamicConfiguration(namespace string, kubeClientSet kubernetes.Inter
|
|||
}
|
||||
|
||||
func ensureIngress(f *framework.Framework, host string) (*extensions.Ingress, error) {
|
||||
return f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, &map[string]string{
|
||||
return f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, &map[string]string{
|
||||
"nginx.ingress.kubernetes.io/load-balance": "ewma",
|
||||
}))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ var _ = framework.IngressNginxDescribe("Proxy Protocol", func() {
|
|||
err := f.UpdateNginxConfigMapData(setting, "true")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ var _ = framework.IngressNginxDescribe("Server Tokens", func() {
|
|||
err := f.UpdateNginxConfigMapData(serverTokens, "false")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(serverTokens, "/", serverTokens, f.IngressController.Namespace, nil))
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(serverTokens, "/", serverTokens, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(ing).NotTo(BeNil())
|
||||
|
||||
|
|
|
|||
|
|
@ -177,7 +177,7 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
|
|||
})
|
||||
|
||||
func tlsEndpoint(f *framework.Framework, host string) (*tls.Config, error) {
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ var _ = framework.IngressNginxDescribe("SSL", func() {
|
|||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, nil))
|
||||
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(ing).ToNot(BeNil())
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue