WIP Testing only

.github/workflows/kind-e2e.yaml

@@ -87,17 +87,17 @@ jobs:
       fail-fast: false # Keep running if one leg fails.
       matrix:
         k8s-version:
-        - v1.26.x
-        - v1.27.x
+#        - v1.26.x
+#        - v1.27.x
         - v1.28.x
 
         ingress:
-        - kourier
+#        - kourier
         - kourier-tls
-        - istio
-        - istio-tls
-        - istio-ambient
-        - contour
+#        - istio
+#        - istio-tls
+#        - istio-ambient
+#        - contour
         # Disabled due to consistent failures
         # - gateway_istio
 
@@ -113,22 +113,22 @@ jobs:
         #   test-flags: -enable-alpha
         #   namespace-resources: httproute
 
-        - ingress: contour
-          namespace-resources: httpproxy
-
-        - ingress: istio
-          namespace-resources: virtualservices
-
-        - ingress: istio-tls
-          ingress-class: istio
-          namespace-resources: virtualservices
-          enable-tls: 1
-
-        - ingress: istio-ambient
-          namespace-resources: virtualservices
-          ingress-class: istio
-          ambient: 1
-
+#        - ingress: contour
+#          namespace-resources: httpproxy
+#
+#        - ingress: istio
+#          namespace-resources: virtualservices
+#
+#        - ingress: istio-tls
+#          ingress-class: istio
+#          namespace-resources: virtualservices
+#          enable-tls: 1
+#
+#        - ingress: istio-ambient
+#          namespace-resources: virtualservices
+#          ingress-class: istio
+#          ambient: 1
+#
         - ingress: kourier-tls
           ingress-class: kourier
           enable-tls: 1
@@ -217,8 +217,6 @@ jobs:
         echo "SYSTEM_NAMESPACE=$SYSTEM_NAMESPACE" >> $GITHUB_ENV
         echo "GATEWAY_OVERRIDE=$GATEWAY_OVERRIDE" >> $GITHUB_ENV
         echo "GATEWAY_NAMESPACE_OVERRIDE=$GATEWAY_NAMESPACE_OVERRIDE" >> $GITHUB_ENV
-        echo "CA_CERT=$CA_CERT" >> $GITHUB_ENV
-        echo "SERVER_NAME=$SERVER_NAME" >> $GITHUB_ENV
 
     - name: Test ${{ matrix.test-suite }}
       run: |

pkg/reconciler/route/resources/ingress_test.go

@@ -1228,6 +1228,7 @@ func TestMakeIngressTLS(t *testing.T) {
 		Hosts:           []string{"test.default.example.com", "v1.test.default.example.com"},
 		SecretName:      "route-1234",
 		SecretNamespace: system.Namespace(),
+		Visibility:      netv1alpha1.IngressVisibilityExternalIP,
 	}
 	hostNames := []string{"test.default.example.com", "v1.test.default.example.com"}
 	got := MakeIngressTLS(cert, hostNames, netv1alpha1.IngressVisibilityExternalIP)

pkg/reconciler/route/route.go

@@ -340,7 +340,7 @@ func (c *Reconciler) clusterLocalDomainTLS(ctx context.Context, r *v1.Route, tc
 			r.Status.MarkCertificateReady(cert.Name)
 			tls = append(tls, resources.MakeIngressTLS(cert, localDomains.List(), netv1alpha1.IngressVisibilityClusterLocal))
 		} else {
-			r.Status.MarkCertificateNotReady(cert.Name)
+			r.Status.MarkCertificateNotReady(cert)
 		}
 
 		for s, _ := range localDomains {

test/e2e-common.sh

@@ -325,9 +325,9 @@ function install() {
     YTT_FILES+=("${REPO_ROOT_DIR}/test/config/resource-quota/resource-quota.yaml")
   fi
 
-  if (( ENABLE_TLS )); then
-    YTT_FILES+=("${REPO_ROOT_DIR}/test/config/tls/cert-secret.yaml")
-  fi
+#  if (( ENABLE_TLS )); then
+#    YTT_FILES+=("${REPO_ROOT_DIR}/test/config/tls/cert-secret.yaml")
+#  fi
 
   local ytt_result=$(mktemp)
   local ytt_post_install_result=$(mktemp)
@@ -381,16 +381,15 @@ function install() {
   fi
 
   if (( ENABLE_TLS )); then
-    echo "Patch to config-network to enable internal encryption"
-    toggle_feature system-internal-tls Enabled config-network
+    echo "Patch to config-network to enable encryption features"
+    toggle_feature system-internal-tls enabled config-network
+
+    # This is currently only supported by kourier
     if [[ "$INGRESS_CLASS" == "kourier.ingress.networking.knative.dev" ]]; then
-      echo "Point Kourier local gateway to custom server certificates"
-      toggle_feature cluster-cert-secret server-certs config-kourier
-      # This needs to match the name of Secret in test/config/tls/cert-secret.yaml
-      export CA_CERT=ca-cert
-      # This needs to match $san from test/config/tls/generate.sh
-      export SERVER_NAME=knative.dev
+      toggle_feature certificate-class knative-selfsigned.certificate.networking.knative.dev config-network
+      toggle_feature cluster-local-domain-tls enabled config-network
     fi
+
     echo "Restart activator to mount the certificates"
     kubectl delete pod -n ${SYSTEM_NAMESPACE} -l app=activator
     kubectl wait --timeout=60s --for=condition=Available deployment  -n ${SYSTEM_NAMESPACE} activator

test/e2e-tests.sh

@@ -63,23 +63,28 @@ if (( SHORT )); then
   GO_TEST_FLAGS+=" -short"
 fi
 
+#go_test_e2e -timeout=30m \
+#  ${GO_TEST_FLAGS} \
+#  ./test/conformance/api/... \
+#  ./test/conformance/runtime/... \
+#  ./test/e2e \
+#  ${E2E_TEST_FLAGS} || failed=1
+#
+#toggle_feature tag-header-based-routing Enabled
+#go_test_e2e -timeout=2m ./test/e2e/tagheader ${E2E_TEST_FLAGS} || failed=1
+#toggle_feature tag-header-based-routing Disabled
+#
+#toggle_feature allow-zero-initial-scale true config-autoscaler || fail_test
+#go_test_e2e -timeout=2m ./test/e2e/initscale ${E2E_TEST_FLAGS} || failed=1
+#toggle_feature allow-zero-initial-scale false config-autoscaler || fail_test
+#
+#go_test_e2e -timeout=2m ./test/e2e/domainmapping ${E2E_TEST_FLAGS} || failed=1
 
-go_test_e2e -timeout=30m \
-  ${GO_TEST_FLAGS} \
-  ./test/conformance/api/... \
-  ./test/conformance/runtime/... \
-  ./test/e2e \
-  ${E2E_TEST_FLAGS} || failed=1
-
-toggle_feature tag-header-based-routing Enabled
-go_test_e2e -timeout=2m ./test/e2e/tagheader ${E2E_TEST_FLAGS} || failed=1
-toggle_feature tag-header-based-routing Disabled
-
-toggle_feature allow-zero-initial-scale true config-autoscaler || fail_test
-go_test_e2e -timeout=2m ./test/e2e/initscale ${E2E_TEST_FLAGS} || failed=1
-toggle_feature allow-zero-initial-scale false config-autoscaler || fail_test
-
-go_test_e2e -timeout=2m ./test/e2e/domainmapping ${E2E_TEST_FLAGS} || failed=1
+toggle_feature cluster-local-domain-tls enabled config-network || fail_test
+toggle_feature certificate-class knative-selfsigned.certificate.networking.knative.dev config-network || fail_test
+go_test_e2e -timeout=2m ./test/e2e/clusterlocaldomaintls ${E2E_TEST_FLAGS} || failed=1
+toggle_feature cluster-local-domain-tls disabled config-network || fail_test
+toggle_feature certificate-class '' config-network || fail_test
 
 toggle_feature system-internal-tls enabled config-network || fail_test
 toggle_feature "logging.enable-request-log" true config-observability || fail_test
@@ -93,10 +98,6 @@ toggle_feature request-log-template '' config-observability || fail_test
 # with the current implementation, Activator is always in the request path, and needs to be restarted after configuring system-internal-tls
 restart_pod ${SYSTEM_NAMESPACE} "app=activator"
 
-toggle_feature cluster-local-domain-tls enabled config-network || fail_test
-go_test_e2e -timeout=2m ./test/e2e/clusterlocaldomaintls ${E2E_TEST_FLAGS} || failed=1
-toggle_feature cluster-local-domain-tls disabled config-network || fail_test
-
 kubectl get cm "config-gc" -n "${SYSTEM_NAMESPACE}" -o yaml > "${TMP_DIR}"/config-gc.yaml
 add_trap "kubectl replace cm 'config-gc' -n ${SYSTEM_NAMESPACE} -f ${TMP_DIR}/config-gc.yaml" SIGKILL SIGTERM SIGQUIT
 immediate_gc