otterize · omris94 · May 23, 2024 · Mar 24, 2024 · Mar 24, 2024 · Mar 24, 2024
diff --git a/.github/workflow-helpers/kind-intents.yaml b/.github/workflow-helpers/kind-intents.yaml
@@ -0,0 +1,12 @@
+apiVersion: k8s.otterize.com/v1alpha3
+kind: ClientIntents
+metadata:
+  name: client
+  namespace:  otterize-tutorial-npol
+spec:
+  service:
+    kind: Deployment
+    name: client
+  calls:
+    - name: server
+      kind: Service
diff --git a/.github/workflows/netpol-e2e-test.yaml b/.github/workflows/netpol-e2e-test.yaml
@@ -372,11 +372,140 @@ jobs:
 
 
 
+
+  e2e-test-intents-with-kind-after-pods-with-egress:
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+
+      - name: Start minikube
+        uses: medyagh/setup-minikube@master
+        with:
+          start-args: "--network-plugin=cni --cni=calico"
+
+      - name: Load images from GitHub Artifacts
+        if: github.repository != 'otterize/intents-operator' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != 'otterize/intents-operator')
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ env.REGISTRY }}_${{ github.actor }}_intents-operator_${{ github.sha }}.tar
+
+      - name: Load Docker image
+        if: github.repository != 'otterize/intents-operator' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != 'otterize/intents-operator')
+        run: |-
+          docker image load -i intents-operator.tar
+          minikube image load ${{ env.REGISTRY }}/${{ github.actor }}/intents-operator:${{ github.sha }}
+
+      - name: Login to GCR
+        if: (github.event_name == 'push' && github.repository == 'otterize/intents-operator') || github.event.pull_request.head.repo.full_name == 'otterize/intents-operator'
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: _json_key_base64
+          password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}}
+
+      - name: Load Docker images from GCR
+        if: (github.event_name == 'push' && github.repository == 'otterize/intents-operator') || github.event.pull_request.head.repo.full_name == 'otterize/intents-operator'
+        run: |-
+          docker pull ${{ env.REGISTRY }}/intents-operator:${{ inputs.operator-tag }}
+          minikube image load ${{ env.REGISTRY }}/intents-operator:${{ inputs.operator-tag }}
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+
+      - name: Wait for Calico startup
+        run: |-
+          kubectl wait pods -n kube-system -l k8s-app=calico-kube-controllers --for condition=Ready --timeout=90s
+          kubectl wait pods -n kube-system -l k8s-app=calico-node --for condition=Ready --timeout=90s
+          kubectl wait pods -n kube-system -l k8s-app=calico-kube-controllers --for condition=Ready --timeout=90s
+
+      - name: Install Otterize
+        run: |-
+          OPERATOR_FLAGS="--set-string intentsOperator.operator.repository=${{ env.REGISTRY }} --set-string intentsOperator.operator.image=${{ inputs.operator-image }} --set-string intentsOperator.operator.tag=${{ inputs.operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never"
+          TELEMETRY_FLAG="--set global.telemetry.enabled=false"
+          EGRESS_FLAG="--set intentsOperator.operator.enableEgressNetworkPolicyCreation=true"
+          helm dep up ./helm-charts/otterize-kubernetes
+          helm install otterize ./helm-charts/otterize-kubernetes -n otterize-system --create-namespace $OPERATOR_FLAGS $TELEMETRY_FLAG $EGRESS_FLAG
+
+
+      - name: Deploy Tutorial services
+        run: |-
+          kubectl apply -f https://docs.otterize.com/code-examples/automate-network-policies/all.yaml
+
+      - name: Wait for Otterize
+        run: |-
+          kubectl wait pods -n otterize-system -l app=intents-operator --for condition=Ready --timeout=360s
+          # wait for webhook to be ready
+          POD_IP=`kubectl get pod -l app=intents-operator -n otterize-system -o=jsonpath='{.items[0].status.podIP}'`
+          kubectl wait -n otterize-system --for=jsonpath='{.subsets[0].addresses[0].ip}'=$POD_IP endpoints/intents-operator-webhook-service
+          # wait for CRD update
+          kubectl wait --for=jsonpath='{.spec.conversion.webhook.clientConfig.service.namespace}'=otterize-system customresourcedefinitions/clientintents.k8s.otterize.com
+
+
+      - name: Wait for Tutorial services
+        run: |-
+          kubectl wait pods -n otterize-tutorial-npol -l app=client --for condition=Ready --timeout=180s
+          kubectl wait pods -n otterize-tutorial-npol -l app=client-other --for condition=Ready --timeout=180s
+          kubectl wait pods -n otterize-tutorial-npol -l app=server --for condition=Ready --timeout=180s
+
+      - name: Before apply intents
+        run: |-
+          CLI1_POD=`kubectl get pod --selector app=client -n otterize-tutorial-npol -o json | jq -r ".items[0].metadata.name"`
+          CLI2_POD=`kubectl get pod --selector app=client-other -n otterize-tutorial-npol -o json | jq -r ".items[0].metadata.name"`
+          echo Client: $CLI1_POD      client_other: $CLI2_POD
+          source .github/workflows/test-bashrc.sh
+
+          # using 14 because the log repeat itself every 14 lines
+          echo check client log
+          wait_for_log $CLI1_POD 10 "Hi, I am the server, you called, may I help you?"
+
+          echo check client other log
+          wait_for_log $CLI2_POD 10 "Hi, I am the server, you called, may I help you?"
+
+      - name: Apply intents and test connectivity
+        run: |-
+          CLI1_POD=`kubectl get pod --selector app=client -n otterize-tutorial-npol -o json | jq -r ".items[0].metadata.name"`
+          CLI2_POD=`kubectl get pod --selector app=client-other -n otterize-tutorial-npol -o json | jq -r ".items[0].metadata.name"`          
+          echo Client: $CLI1_POD      client_other: $CLI2_POD
+          source .github/workflows/test-bashrc.sh
+
+          echo "Apply intents"
+          apply_intents_and_wait_for_webhook ./.github/workflow-helpers/kind-intents.yaml
+          echo "Intents applied"
+
+          # should not work at first because there is no allow DNS netpol
+          echo "check client log - should get timed out because it is missing DNS allow netpol"
+          wait_for_log $CLI1_POD 10 "curl timed out"
+
+          # should be blocked (using 3 because the log should repeat itself every 3 lines)
+          echo "check client other log - should get timed out because it does not have an applied intent"
+          wait_for_log $CLI2_POD 10 "curl timed out"
+
+          echo "apply allow DNS netpol"
+          kubectl apply -f .github/workflow-helpers/allowDNS.yaml -n otterize-tutorial-npol
+
+           # should work because there is an applied intent and allowDNS netpol
+          echo "check client log - should work because there is an applied intent and allowDNS netpol"
+          wait_for_log $CLI1_POD 10 "Hi, I am the server, you called, may I help you?"
+
+           # should be blocked (using 3 because the log should repeat itself every 3 lines)
+          echo "check client other log - should get timed out because it does not have an applied intent"
+          wait_for_log $CLI2_POD 10 "curl timed out"
+
+
+
+
+
+
   e2e-test:
     needs:
       - e2e-test-intents-after-pods
       - e2e-test-intents-before-pods
       - e2e-test-intents-after-pods-with-egress
+      - e2e-test-intents-with-kind-after-pods-with-egress
     runs-on: ubuntu-latest
     steps:
       - run: |-

diff --git a/src/operator/Makefile b/src/operator/Makefile
@@ -138,7 +138,8 @@ deploy: manifests copy-manifests-to-helm helm-dependency
 deploy-local: manifests copy-manifests-to-helm helm-dependency ## Deploy images built locally into the cluster.
 	helm upgrade --install -n otterize-system --create-namespace otterize $(OTTERIZE_HELM_CHART_DIR) \
 	--set intentsOperator.operator.tag=$(LOCAL_IMAGE_TAG) \
-	--set intentsOperator.operator.pullPolicy=Never
+	--set intentsOperator.operator.pullPolicy=Never \
+	--set global.telemetry.enabled=false
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.