chore: Fix gardener integration job (#1378)

kyma-project · Aug 23, 2024 · 95c8025 · 95c8025
1 parent aae5255
commit 95c8025
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 7 deletions.
diff --git a/.github/workflows/branch-integration.yml b/.github/workflows/branch-integration.yml
@@ -51,7 +51,7 @@ jobs:
       uses: actions/upload-artifact@v4
       if: success() || failure()
       with:
-        name: ${{ github.job }}-report
+        name: ${{ github.job }}-${{ matrix.k8s_version }}-report
         path: junit-report*.xml
 
     - name: Send slack message on failure

diff --git a/hack/deploy-istio.sh b/hack/deploy-istio.sh
@@ -1,6 +1,14 @@
 #!/usr/bin/env bash
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
 source .env
 
+ISTIOD_DEPLOYMENT_NAME="istiod"
+ISTIO_NAMESPACE="istio-system"
+
 readonly ISTIO_VERSION=${ISTIO_VERSION:-$ENV_ISTIO_VERSION}
 
 function apply_istio_telemetry() {
@@ -9,7 +17,7 @@ apiVersion: telemetry.istio.io/v1
 kind: Telemetry
 metadata:
   name: access-config
-  namespace: istio-system
+  namespace: "$ISTIO_NAMESPACE"
 spec:
   accessLogging:
     - providers:
@@ -21,8 +29,12 @@ spec:
 EOF
 }
 
+function is_istio_telemetry_crd_available() {
+  kubectl get crd telemetries.telemetry.istio.io &> /dev/null
+}
+
 function is_istio_telemetry_apply_successful() {
-  kubectl get telemetries.telemetry.istio.io access-config -n istio-system &> /dev/null
+  kubectl get telemetries.telemetry.istio.io access-config -n "$ISTIO_NAMESPACE" &> /dev/null
 }
 
 function ensure_istio_telemetry() {
@@ -31,7 +43,11 @@ function ensure_istio_telemetry() {
 
   for ((attempts=1; attempts<=MAX_ATTEMPTS; attempts++)); do
     echo "Attempting to create Istio Telemetry (Attempt $attempts)..."
-    apply_istio_telemetry
+
+    if is_istio_telemetry_crd_available; then
+      echo "Istio crd available, trying to apply telemetry..."
+      apply_istio_telemetry
+    fi
 
     if is_istio_telemetry_apply_successful; then
       echo "Istio Telemetry created successfully!"
@@ -95,14 +111,54 @@ function ensure_peer_authentication() {
   exit 1
 }
 
+function check_istiod_is_ready() {
+  MAX_ATTEMPTS=10
+  DELAY_SECONDS=30
+
+  for ((attempts=1; attempts<=MAX_ATTEMPTS; attempts++)); do
+    echo "Checking istiod deployment status"
+    check=$(check_istiod_deployment_ready)
+    echo "$check"
+
+    if [ "$check" == "ready" ]; then
+      echo "Isiod running successfully!"
+      return
+    else
+      kubectl get pods -n "$ISTIO_NAMESPACE"
+      echo "Istiod is not ready. Checking again in $DELAY_SECONDS seconds..."
+      sleep $DELAY_SECONDS
+    fi
+  done
+
+  echo "Maximum attempts reached. Telemetry manager is not ready!"
+  exit 1
+}
+
+function check_istiod_deployment_ready() {
+    DESIRED=$(kubectl get deployment "$ISTIOD_DEPLOYMENT_NAME" -n "$ISTIO_NAMESPACE" -o jsonpath='{.spec.replicas}')
+    CURRENT=$(kubectl get deployment "$ISTIOD_DEPLOYMENT_NAME"  -n "$ISTIO_NAMESPACE" -o jsonpath='{.status.readyReplicas}')
+    if [ "$CURRENT" == "$DESIRED" ]; then
+        echo "ready"
+    else
+        echo "not ready"
+    fi
+}
+
 function main() {
   kubectl apply -f "https://github.com/kyma-project/istio/releases/download/$ISTIO_VERSION/istio-manager.yaml"
   kubectl apply -f "https://github.com/kyma-project/istio/releases/download/$ISTIO_VERSION/istio-default-cr.yaml"
+  check_istiod_is_ready
   ensure_istio_telemetry
-  ensure_peer_authentication default istio-system STRICT
+  ensure_peer_authentication default "$ISTIO_NAMESPACE" STRICT
 
-  kubectl create namespace istio-permissive-mtls
-  kubectl label namespace istio-permissive-mtls istio-injection=enabled --overwrite
+  kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: istio-permissive-mtls
+  labels:
+    istio-injection: enabled
+EOF
   ensure_peer_authentication default istio-permissive-mtls PERMISSIVE
 }
 

diff --git a/hack/wait-for-namespaces.sh b/hack/wait-for-namespaces.sh
@@ -1,4 +1,9 @@
 #!/usr/bin/env bash
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # must be set if you want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
 
 CURRENT_COMMIT=$(git rev-parse --abbrev-ref HEAD)
 TAG_LIST=$(git tag --sort=-creatordate)