Add steps for running conformance tests on Envoy Gateway (#3266)

* Add steps for running conformance tests on Envoy Gateway

Signed-off-by: Arko Dasgupta <[email protected]>

* add `--allow-crds-mismatch`

Signed-off-by: Arko Dasgupta <[email protected]>

* fix license

Signed-off-by: Arko Dasgupta <[email protected]>

* mv create-cluster.sh to hack/implementations/common

Signed-off-by: Arko Dasgupta <[email protected]>

* run a specific test as an example

Signed-off-by: Arko Dasgupta <[email protected]>

---------

Signed-off-by: Arko Dasgupta <[email protected]>

Author: arkodg

hack/implementations/common/create-cluster.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+
+# Copyright 2024 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file contains code derived from Envoy Gateway,
+# https://github.com/envoyproxy/gateway
+# from the source file
+# https://github.com/envoyproxy/gateway/blob/main/tools/hack/create-cluster.sh
+# and is provided here subject to the following:
+# Copyright Envoy Gateway Authors
+# SPDX-License-Identifier: Apache-2.0
+
+set -euo pipefail
+
+# Setup default values
+CLUSTER_NAME=${CLUSTER_NAME:-"envoy-gateway"}
+METALLB_VERSION=${METALLB_VERSION:-"v0.13.10"}
+KIND_NODE_TAG=${KIND_NODE_TAG:-"v1.28.0"}
+NUM_WORKERS=${NUM_WORKERS:-""}
+
+
+KIND_CFG=$(cat <<-EOM
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+EOM
+)
+
+# https://kind.sigs.k8s.io/docs/user/quick-start/#multi-node-clusters
+if [[ -n "${NUM_WORKERS}" ]]; then
+for _ in $(seq 1 "${NUM_WORKERS}"); do
+  KIND_CFG+=$(printf "\n%s" "- role: worker")
+done
+fi
+
+## Check if kind cluster already exists.
+if kind get clusters | grep -q "${CLUSTER_NAME}"; then
+  echo "Cluster ${CLUSTER_NAME} already exists."
+else
+## Create kind cluster.
+if [[ -z "${KIND_NODE_TAG}" ]]; then
+  cat << EOF | kind create cluster --name "${CLUSTER_NAME}" --config -
+${KIND_CFG}
+EOF
+else
+  cat << EOF | kind create cluster --image "kindest/node:${KIND_NODE_TAG}" --name "${CLUSTER_NAME}" --config -
+${KIND_CFG}
+EOF
+fi
+fi
+
+
+## Install MetalLB.
+kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/"${METALLB_VERSION}"/config/manifests/metallb-native.yaml
+needCreate="$(kubectl get secret -n metallb-system memberlist --no-headers --ignore-not-found -o custom-columns=NAME:.metadata.name)"
+if [ -z "$needCreate" ]; then
+    kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+fi
+
+# Wait for MetalLB to become available.
+kubectl rollout status -n metallb-system deployment/controller --timeout 5m
+kubectl rollout status -n metallb-system daemonset/speaker --timeout 5m
+
+# Apply config with addresses based on docker network IPAM.
+subnet=$(docker network inspect kind | jq -r '.[].IPAM.Config[].Subnet | select(contains(":") | not)')
+# Assume default kind network subnet prefix of 16, and choose addresses in that range.
+address_first_octets=$(echo "${subnet}" | awk -F. '{printf "%s.%s",$1,$2}')
+address_range="${address_first_octets}.255.200-${address_first_octets}.255.250"
+kubectl apply -f - <<EOF
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  namespace: metallb-system
+  name: kube-services
+spec:
+  addresses:
+  - ${address_range}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: kube-services
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - kube-services
+EOF

hack/implementations/envoy-gateway/README.md

@@ -0,0 +1,50 @@
+# Running Conformance Tests for Envoy Gateway
+
+## Prerequisities
+
+Make sure you have these tools installed
+
+* [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+* [helm](https://helm.sh/docs/intro/install/)
+
+## (Optional) Step 1: Create kind cluster
+
+* Skip this step if you have an existing Kubernetes you would like to use.
+
+```shell script
+../common/create-cluster.sh
+```
+
+## Step 2: Install Envoy Gateway (`v0.0.0-latest`)
+
+```shell script
+helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace
+```
+
+## Step 3: Install the GatewayClass resource
+
+```shell script
+cat <<EOF | kubectl apply -f -
+kind: GatewayClass
+apiVersion: gateway.networking.k8s.io/v1
+metadata:
+  name: envoy-gateway
+spec:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+EOF
+```
+
+## Step 4: Run a specific conformance test
+
+```shell script
+go test -v ./conformance \
+--run TestConformance/TLSRouteSimpleSameNamespace \
+--gateway-class=envoy-gateway --supported-features=Gateway,TLSRoute \
+--allow-crds-mismatch
+```
+
+## (Optional) Step 4: Delete kind cluster
+
+```shell script
+kind delete cluster --name envoy-gateway
+```