diff --git a/helm/ingress-azure/crds/azureapplicationgatewayrewrite.yaml b/helm/ingress-azure/crds/azureapplicationgatewayrewrite.yaml index 45f5e62b7..852e19192 100644 --- a/helm/ingress-azure/crds/azureapplicationgatewayrewrite.yaml +++ b/helm/ingress-azure/crds/azureapplicationgatewayrewrite.yaml @@ -3,7 +3,6 @@ kind: CustomResourceDefinition metadata: name: azureapplicationgatewayrewrites.appgw.ingress.azure.io annotations: - "helm.sh/hook": crd-install "api-approved.kubernetes.io": "https://github.com/Azure/application-gateway-kubernetes-ingress/pull/1272" spec: group: appgw.ingress.azure.io diff --git a/helm/ingress-azure/crds/azureingressprohibitedtarget.yaml b/helm/ingress-azure/crds/azureingressprohibitedtarget.yaml index 4ab667398..5c7e83f0c 100644 --- a/helm/ingress-azure/crds/azureingressprohibitedtarget.yaml +++ b/helm/ingress-azure/crds/azureingressprohibitedtarget.yaml @@ -3,7 +3,6 @@ kind: CustomResourceDefinition metadata: name: azureingressprohibitedtargets.appgw.ingress.k8s.io annotations: - "helm.sh/hook": crd-install "api-approved.kubernetes.io": "https://github.com/Azure/application-gateway-kubernetes-ingress/pull/1272" spec: group: appgw.ingress.k8s.io diff --git a/helm/ingress-azure/templates/NOTES.txt b/helm/ingress-azure/templates/NOTES.txt index 702dc6e3a..a37cd814a 100644 --- a/helm/ingress-azure/templates/NOTES.txt +++ b/helm/ingress-azure/templates/NOTES.txt @@ -33,7 +33,7 @@ Configuration Details: - Verbosity level: {{ .Values.verbosityLevel }} {{- if .Values.appgw }} {{- if .Values.appgw.shared }} - - Multi-cluster / Shared App Gateway is enabled; Use "kubectl get AzureIngressProhibitedTargets" to view and modify config + - Shared App Gateway is enabled; Use "kubectl get AzureIngressProhibitedTargets" to view and modify config {{- end }} {{- end }} {{- if .Values.armAuth }} diff --git a/helm/ingress-azure/templates/crds.yaml b/helm/ingress-azure/templates/crds.yaml index 1b0994f60..83b275ac3 100644 --- a/helm/ingress-azure/templates/crds.yaml +++ b/helm/ingress-azure/templates/crds.yaml @@ -1,9 +1,5 @@ {{- if .Values.appgw -}} {{- if .Values.appgw.shared -}} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} - {{ $.Files.Get $path }} ---- -{{- end }} {{- $watchNamespace := .Values.kubernetes.watchNamespace -}} {{- if not .Values.appgw.prohibitedTargets }} apiVersion: appgw.ingress.k8s.io/v1 diff --git a/pkg/appgw/cleanup.go b/pkg/appgw/cleanup.go index 858a529fd..eb01c572e 100644 --- a/pkg/appgw/cleanup.go +++ b/pkg/appgw/cleanup.go @@ -6,11 +6,29 @@ package appgw import ( + "fmt" "strings" n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" ) +// CleanUpPathRulesAddedByAGIC removes path rules that are created by AGIC +func (c *appGwConfigBuilder) CleanUpPathRulesAddedByAGIC() { + pathRuleNamePrefix := fmt.Sprintf("%s%s-", agPrefix, prefixPathRule) + + // Remove path rules that are created by AGIC + for _, pathMap := range *c.appGw.URLPathMaps { + var pathRulesAddedManually []n.ApplicationGatewayPathRule + for _, pathRule := range *pathMap.PathRules { + if !strings.HasPrefix(*pathRule.Name, pathRuleNamePrefix) { + pathRulesAddedManually = append(pathRulesAddedManually, pathRule) + } + } + + pathMap.PathRules = &pathRulesAddedManually + } +} + // CleanUpUnusedDefaults removes the default backend and default http settings if they are not used by any ingress func (c *appGwConfigBuilder) CleanUpUnusedDefaults() { if !c.isPoolUsed(DefaultBackendAddressPoolName) { diff --git a/pkg/appgw/cleanup_test.go b/pkg/appgw/cleanup_test.go new file mode 100644 index 000000000..7717e42d7 --- /dev/null +++ b/pkg/appgw/cleanup_test.go @@ -0,0 +1,53 @@ +// ------------------------------------------------------------------------------------------- +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// -------------------------------------------------------------------------------------------- + +package appgw + +import ( + n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2021-03-01/network" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Cleanup", func() { + Context("CleanUpPathRules", func() { + var c *appGwConfigBuilder + agicAddedPathRule := generatePathRuleName("test", "test", 0, 0) + userAddedPathRule := "user-added-path-rule" + + BeforeEach(func() { + c = &appGwConfigBuilder{ + appGw: n.ApplicationGateway{ + ApplicationGatewayPropertiesFormat: &n.ApplicationGatewayPropertiesFormat{ + URLPathMaps: &[]n.ApplicationGatewayURLPathMap{ + { + ApplicationGatewayURLPathMapPropertiesFormat: &n.ApplicationGatewayURLPathMapPropertiesFormat{ + PathRules: &[]n.ApplicationGatewayPathRule{ + { + Name: &agicAddedPathRule, + }, + { + Name: &userAddedPathRule, + }, + }, + }, + }, + }, + }, + }, + } + }) + + It("should remove path rules that are created by AGIC", func() { + c.CleanUpPathRulesAddedByAGIC() + + Expect(*c.appGw.URLPathMaps).To(HaveLen(1)) + + pathRule := *(*c.appGw.URLPathMaps)[0].PathRules + Expect(pathRule).To(HaveLen(1)) + Expect(*pathRule[0].Name).To(Equal(userAddedPathRule)) + }) + }) +}) diff --git a/pkg/appgw/requestroutingrules.go b/pkg/appgw/requestroutingrules.go index a449d9323..e016ccf4b 100755 --- a/pkg/appgw/requestroutingrules.go +++ b/pkg/appgw/requestroutingrules.go @@ -30,6 +30,8 @@ func (c *appGwConfigBuilder) RequestRoutingRules(cbCtx *ConfigBuilderContext) er requestRoutingRules, pathMaps := c.getRules(cbCtx) if cbCtx.EnvVariables.EnableBrownfieldDeployment { + c.CleanUpPathRulesAddedByAGIC() + rCtx := brownfield.NewExistingResources(c.appGw, cbCtx.ProhibitedTargets, nil) { // PathMaps we obtained from App Gateway - we segment them into ones AGIC is and is not allowed to change. diff --git a/scripts/e2e/cmd/runner/environment.go b/scripts/e2e/cmd/runner/environment.go index 00be8c454..8a3fee97b 100644 --- a/scripts/e2e/cmd/runner/environment.go +++ b/scripts/e2e/cmd/runner/environment.go @@ -23,6 +23,9 @@ const ( // AppGwNameVarName is the name of the applicationGatewayName AppGwNameVarName = "applicationGatewayName" + // PublicIPAddressNameVarName is the name of the publicIPAddressName + PublicIPAddressNameVarName = "publicIPAddressName" + // KubeConfigVarName is the name of the KUBECONFIG KubeConfigVarName = "KUBECONFIG" @@ -41,6 +44,7 @@ type EnvVariables struct { SubscriptionID string ResourceGroupName string AppGwName string + PublicIPAddressName string SubResourceNamePrefix string KubeConfigFilePath string ObjectID string @@ -53,6 +57,7 @@ func GetEnv() *EnvVariables { SubscriptionID: os.Getenv(SubscriptionIDVarName), ResourceGroupName: os.Getenv(ResourceGroupNameVarName), AppGwName: os.Getenv(AppGwNameVarName), + PublicIPAddressName: os.Getenv(PublicIPAddressNameVarName), SubResourceNamePrefix: os.Getenv(SubResourceNamePrefixVarName), KubeConfigFilePath: GetEnvironmentVariable(KubeConfigVarName, "~/.kube/config", nil), ObjectID: os.Getenv(ObjectIDVarName), diff --git a/scripts/e2e/cmd/runner/helper.go b/scripts/e2e/cmd/runner/helper.go index 9b371f685..cce604942 100644 --- a/scripts/e2e/cmd/runner/helper.go +++ b/scripts/e2e/cmd/runner/helper.go @@ -121,6 +121,35 @@ func getApplicationGatewaysClient() (*n.ApplicationGatewaysClient, error) { return &client, nil } +func getPublicIPAddressesClient() (*n.PublicIPAddressesClient, error) { + env := GetEnv() + + settings, err := auth.GetSettingsFromEnvironment() + if err != nil { + return nil, err + } + + client := n.NewPublicIPAddressesClientWithBaseURI(settings.Environment.ResourceManagerEndpoint, GetEnv().SubscriptionID) + var authorizer autorest.Authorizer + if env.AzureAuthLocation != "" { + // https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authorization#use-file-based-authentication + authorizer, err = auth.NewAuthorizerFromFile(n.DefaultBaseURI) + } else { + authorizer, err = settings.GetAuthorizer() + } + if err != nil { + return nil, err + } + + client.Authorizer = authorizer + err = client.AddToUserAgent(UserAgent) + if err != nil { + return nil, err + } + + return &client, nil +} + func getRoleAssignmentsClient() (*a.RoleAssignmentsClient, error) { env := GetEnv() @@ -842,6 +871,29 @@ func getGateway() (*n.ApplicationGateway, error) { return &gateway, nil } +func getPublicIPAddress() (*n.PublicIPAddress, error) { + env := GetEnv() + + klog.Info("preparing public ip client") + client, err := getPublicIPAddressesClient() + if err != nil { + return nil, err + } + + publicIP, err := client.Get( + context.TODO(), + env.ResourceGroupName, + env.PublicIPAddressName, + "", + ) + + if err != nil { + return nil, err + } + + return &publicIP, nil +} + func supportsNetworkingV1IngressPackage(client clientset.Interface) bool { version119, _ := version.ParseGeneric("v1.19.0") diff --git a/scripts/e2e/cmd/runner/networking-v1-lfu_one_namespace_one_ingress_test.go b/scripts/e2e/cmd/runner/networking-v1-lfu_one_namespace_one_ingress_test.go index 1c9c447d3..163aa6eeb 100644 --- a/scripts/e2e/cmd/runner/networking-v1-lfu_one_namespace_one_ingress_test.go +++ b/scripts/e2e/cmd/runner/networking-v1-lfu_one_namespace_one_ingress_test.go @@ -11,10 +11,8 @@ package runner import ( "context" "fmt" - "strings" "time" - "github.com/Azure/go-autorest/autorest/to" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -43,33 +41,8 @@ var _ = Describe("networking-v1-LFU", func() { cleanUp(clientset) }) - It("[prohibited-target-test] prohibited service should be available to be accessed", func() { - // get ip address for 1 ingress - klog.Info("Getting public IP from blacklisted Ingress...") - publicIP, _ := getPublicIP(clientset, "test-brownfield-ns") - Expect(publicIP).ToNot(Equal("")) - - //prohibited service will be kept by agic - url_blacklist := fmt.Sprintf("http://%s/blacklist", publicIP) - _, err = makeGetRequest(url_blacklist, "brownfield-blacklist-ns.host", 200, true) - Expect(err).To(BeNil()) - - //delete namespaces for blacklist testing - deleteOptions := metav1.DeleteOptions{ - GracePeriodSeconds: to.Int64Ptr(0), - } - - klog.Info("Delete namespaces test-brownfield-ns after blacklist testing...") - err = clientset.CoreV1().Namespaces().Delete(context.TODO(), "test-brownfield-ns", deleteOptions) - Expect(err).To(BeNil()) - }) - - It("[sub-resource-prefix] should be use the sub-resource-prefix to prefix sub-resources", func() { - env := GetEnv() - klog.Infof("'subResourceNamePrefix': %s", env.SubResourceNamePrefix) - Expect(env.SubResourceNamePrefix).ToNot(Equal(""), "Please make sure that environment variable 'subResourceNamePrefix' is set") - - namespaceName := "e2e-sub-resource-prefix" + It("[prohibited-target-test] prohibited target should be available to be accessed", func() { + namespaceName := "e2e-prohibited-target" ns := &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: namespaceName, @@ -79,26 +52,38 @@ var _ = Describe("networking-v1-LFU", func() { _, err = clientset.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{}) Expect(err).To(BeNil()) - SSLE2ERedirectYamlPath := "testdata/networking-v1/one-namespace-one-ingress/ssl-e2e-redirect/app.yaml" - klog.Info("Applying yaml: ", SSLE2ERedirectYamlPath) - err = applyYaml(clientset, crdClient, namespaceName, SSLE2ERedirectYamlPath) + appYamlPath := "testdata/networking-v1/one-namespace-one-ingress/prohibited-target/app.yaml" + klog.Info("Applying yaml: ", appYamlPath) + err = applyYaml(clientset, crdClient, namespaceName, appYamlPath) Expect(err).To(BeNil()) time.Sleep(30 * time.Second) - gateway, err := getGateway() + // get ip address for 1 ingress + klog.Info("Getting public IP of the app gateway") + ip, err := getPublicIPAddress() + Expect(err).To(BeNil()) + + publicIP := *ip.IPAddress + klog.Infof("Public IP: %s", publicIP) + + protectedPath := fmt.Sprintf("http://%s/landing/", publicIP) + _, err = makeGetRequest(protectedPath, "www.microsoft.com", 302, true) Expect(err).To(BeNil()) - prefixUsed := false - for _, listener := range *gateway.HTTPListeners { - klog.Infof("checking listener %s for %s", *listener.Name, env.SubResourceNamePrefix) - if strings.HasPrefix(*listener.Name, env.SubResourceNamePrefix) { - klog.Infof("found %s that uses the prefix", *listener.Name) - prefixUsed = true - break - } - } + ingressPath := fmt.Sprintf("http://%s/aspnet", publicIP) + _, err = makeGetRequest(ingressPath, "www.microsoft.com", 200, true) + Expect(err).To(BeNil()) - Expect(prefixUsed).To(BeTrue(), "%s wasn't used for naming the sub-resource of app gateway. Currently, this check looks at HTTP listener only", env.SubResourceNamePrefix) + klog.Info("Deleting yaml: ", appYamlPath) + err = deleteYaml(clientset, crdClient, namespaceName, appYamlPath) + Expect(err).To(BeNil()) + time.Sleep(30 * time.Second) + + _, err = makeGetRequest(protectedPath, "www.microsoft.com", 302, true) + Expect(err).To(BeNil()) + + _, err = makeGetRequest(ingressPath, "www.microsoft.com", 502, true) + Expect(err).To(BeNil()) }) AfterEach(func() { diff --git a/scripts/e2e/cmd/runner/networking-v1-mfu_one_namespace_many_ingresses_test.go b/scripts/e2e/cmd/runner/networking-v1-mfu_one_namespace_many_ingresses_test.go index 64f5838fc..d1f9c7b06 100644 --- a/scripts/e2e/cmd/runner/networking-v1-mfu_one_namespace_many_ingresses_test.go +++ b/scripts/e2e/cmd/runner/networking-v1-mfu_one_namespace_many_ingresses_test.go @@ -267,7 +267,7 @@ var _ = Describe("networking-v1-MFU", func() { } return len(exampleComListeners) == 2 - }, 60*time.Second, 5*time.Second).Should(BeTrue()) + }, 10*time.Minute, 5*time.Second).Should(BeTrue()) // Check that both listeners have the same frontend port klog.Info("Checking that both listeners have the same frontend port...") diff --git a/scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/prohibited-target/app.yaml b/scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/prohibited-target/app.yaml new file mode 100644 index 000000000..40b923b39 --- /dev/null +++ b/scripts/e2e/cmd/runner/testdata/networking-v1/one-namespace-one-ingress/prohibited-target/app.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aspnet +spec: + selector: + matchLabels: + app: aspnet + replicas: 1 + template: + metadata: + labels: + app: aspnet + spec: + containers: + - name: aspnet + imagePullPolicy: IfNotPresent + image: mcr.microsoft.com/dotnet/samples:aspnetapp + ports: + - containerPort: 8080 + resources: + requests: + cpu: 10m + memory: 10Mi + limits: + cpu: 100m + memory: 100Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: aspnet +spec: + selector: + app: aspnet + ports: + - protocol: TCP + port: 80 + targetPort: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: aspnet + annotations: + appgw.ingress.kubernetes.io/backend-path-prefix: "/" + +spec: + ingressClassName: "azure-application-gateway" + rules: + - host: www.microsoft.com + http: + paths: + - path: /aspnet + backend: + service: + name: aspnet + port: + number: 80 + pathType: Prefix diff --git a/scripts/e2e/cmd/runner/testdata/networking-v1/prohibited-target/test-prohibit-backend.yaml b/scripts/e2e/cmd/runner/testdata/networking-v1/prohibited-target/test-prohibit-backend.yaml deleted file mode 100644 index 2569f942b..000000000 --- a/scripts/e2e/cmd/runner/testdata/networking-v1/prohibited-target/test-prohibit-backend.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: test-brownfield-ns ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: brownfield-blacklist-deployment - namespace: test-brownfield-ns -spec: - selector: - matchLabels: - app: ws-app - replicas: 2 - template: - metadata: - labels: - app: ws-app - spec: - containers: - - name: brownfield-blacklist-app - imagePullPolicy: Always - image: docker.io/kennethreitz/httpbin - ports: - - containerPort: 80 - livenessProbe: - httpGet: - path: /status/200 - port: 80 - initialDelaySeconds: 3 - periodSeconds: 3 - imagePullSecrets: - - name: acr-creds ---- -apiVersion: v1 -kind: Service -metadata: - name: brownfield-blacklist-service - namespace: test-brownfield-ns -spec: - selector: - app: ws-app - ports: - - protocol: TCP - port: 80 - targetPort: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: brownfield-blacklist-ingress - namespace: test-brownfield-ns - annotations: - kubernetes.io/ingress.class: azure/application-gateway - appgw.ingress.kubernetes.io/backend-path-prefix: "/" -spec: - rules: - - host: brownfield-blacklist-ns.host - http: - paths: - - path: /blacklist - backend: - service: - name: brownfield-blacklist-service - port: - number: 80 - pathType: Exact diff --git a/scripts/e2e/helm-config-with-prohibited-rules.yaml b/scripts/e2e/helm-config-with-prohibited-rules.yaml index b7263cb92..0681a09c6 100644 --- a/scripts/e2e/helm-config-with-prohibited-rules.yaml +++ b/scripts/e2e/helm-config-with-prohibited-rules.yaml @@ -1,10 +1,10 @@ appgw: shared: true prohibitedTargets: - - name: prohibit-backend-ns - hostname: brownfield-blacklist-ns.host + - name: www.microsoft.com + hostname: www.microsoft.com paths: - - "/blacklist/*" + - "/landing/*" armAuth: type: aadPodIdentity diff --git a/scripts/e2e/helper.sh b/scripts/e2e/helper.sh index 7bc0a9fd1..928ca4f59 100644 --- a/scripts/e2e/helper.sh +++ b/scripts/e2e/helper.sh @@ -1,5 +1,3 @@ -export subResourceNamePrefix="fake-prod-" - function DeleteOtherAGICVersions() { [[ -z "${version}" ]] && ( echo "version is not set" @@ -17,13 +15,9 @@ function InstallAGIC() { echo "version is not set" exit 1 ) - # Using 'applicationGatewayName' without providing 'subscription' and 'resource group' will make AGIC use values from azure.json - [[ -z "${applicationGatewayName}" ]] && ( - echo "applicationGatewayName is not set" - exit 1 - ) - [[ -z "${applicationGatewaySubnetPrefix}" ]] && ( - echo "applicationGatewaySubnetPrefix is not set" + + [[ -z "${applicationGatewayId}" ]] && ( + echo "applicationGatewayId is not set" exit 1 ) [[ -z "${identityResourceId}" ]] && ( @@ -49,26 +43,18 @@ function InstallAGIC() { # AAD pod identity is taking time to assign identity. Timeout is set to 120 sec helm upgrade --install agic-${version} staging/ingress-azure \ - --set appgw.name=${applicationGatewayName} \ - --set appgw.subnetPrefix=${applicationGatewaySubnetPrefix} \ - --set appgw.subResourceNamePrefix=${subResourceNamePrefix} \ + -f ./helm-config-with-prohibited-rules.yaml \ + --set appgw.applicationGatewayID=${applicationGatewayId} \ --set armAuth.type=workloadIdentity \ --set armAuth.identityClientID=${identityClientId} \ - --set rbac.enabled=true \ - --set appgw.shared=false \ --set kubernetes.ingressClass="$1" \ --timeout 120s \ --wait \ -n agic \ --version ${version} - - # apply backends to test prohibited target, wait for 90s to apply appgw config - kubectl apply -f cmd/runner/testdata/extensions-v1beta1/prohibited-target/test-prohibit-backend.yaml || true - kubectl apply -f cmd/runner/testdata/networking-v1/prohibited-target/test-prohibit-backend.yaml || true - sleep 30 } -function SetupSharedBackend() { +function SetupApplicationGateway() { [[ -z "${version}" ]] && ( echo "version is not set" exit 1 @@ -86,21 +72,71 @@ function SetupSharedBackend() { exit 1 ) - # install agic with shared enabled - helm upgrade --install agic-${version} staging/ingress-azure \ - -f ./helm-config-with-prohibited-rules.yaml \ - --set appgw.applicationGatewayID=${applicationGatewayId} \ - --set appgw.subResourceNamePrefix=${subResourceNamePrefix} \ - --set armAuth.type=workloadIdentity \ - --set armAuth.identityClientID=${identityClientId} \ - --set kubernetes.ingressClass="$1" \ - --timeout 120s \ - --wait \ - -n agic \ - --version ${version} + gatewayName=$(echo $applicationGatewayId | cut -d'/' -f9) + groupName=$(echo $applicationGatewayId | cut -d'/' -f5) + + az network application-gateway probe create \ + --gateway-name $gatewayName \ + --resource-group $groupName \ + --name msProbe \ + --path / \ + --protocol Https \ + --host www.microsoft.com \ + --interval 30 \ + --timeout 30 \ + --threshold 3 + + az network application-gateway http-settings create \ + --gateway-name $gatewayName \ + --resource-group $groupName \ + --name msSettings \ + --port 443 \ + --protocol Https \ + --cookie-based-affinity Disabled \ + --timeout 30 \ + --probe msProbe \ + --path "/" + + az network application-gateway address-pool create \ + --gateway-name $gatewayName \ + --resource-group $groupName \ + --name msPool \ + --servers www.microsoft.com + + az network application-gateway address-pool create \ + --gateway-name $gatewayName \ + --resource-group $groupName \ + --name msEmpty + + az network application-gateway url-path-map create \ + --gateway-name $gatewayName \ + --resource-group $groupName \ + --name msPathMap \ + --rule-name msPathRule \ + --paths "/landing/*" \ + --address-pool msPool \ + --default-address-pool msEmpty \ + --http-settings msSettings \ + --default-http-settings msSettings + + az network application-gateway http-listener create \ + --gateway-name $gatewayName \ + --resource-group $groupName \ + --name msListener \ + --frontend-ip appGatewayFrontendIP \ + --frontend-port fake-prod-fp-80 \ + --host-names www.microsoft.com \ - # get all the prohibited target config - kubectl get AzureIngressProhibitedTargets -n agic -o yaml + az network application-gateway rule create \ + --gateway-name $gatewayName \ + --resource-group $groupName \ + --name msRule \ + --http-settings msSettings \ + --address-pool msPool \ + --http-listener msListener \ + --rule-type PathBasedRouting \ + --url-path-map msPathMap \ + --priority 1 } function EvaluateTestStatus() { diff --git a/scripts/e2e/run-e2e.sh b/scripts/e2e/run-e2e.sh index dfed3bddf..89d87fd02 100755 --- a/scripts/e2e/run-e2e.sh +++ b/scripts/e2e/run-e2e.sh @@ -3,16 +3,14 @@ set -ex . helper.sh -# install -InstallAGIC +SetupApplicationGateway -# set up shared backend -SetupSharedBackend +InstallAGIC # run test go mod init || true go mod tidy -go test -v -timeout 240m -tags e2e ./... >testoutput.txt || true +go test -v -timeout 240m -tags e2e ./... || true mv ./cmd/runner/report.xml report.e2e.xml # install with custom tag @@ -21,7 +19,4 @@ InstallAGIC "custom-ingress-class" go test -v -timeout 240m -tags e2eingressclass ./... || true mv ./cmd/runner/report.xml report.e2eingressclass.xml -# print test logs -cat testoutput.txt - EvaluateTestStatus