Generate server xDS label selector

tools/run_tests/xds_test_driver/bin/run_td_setup.py

@@ -81,27 +81,39 @@ def main(argv):
             elif security_mode == 'mtls':
                 logger.info('Setting up mtls')
                 td.setup_for_grpc(server_xds_host, server_xds_port)
-                td.setup_server_security(server_port, tls=True, mtls=True)
-                td.setup_client_security(namespace,
-                                         server_name,
+                td.setup_server_security(server_namespace=namespace,
+                                         server_name=server_name,
+                                         server_port=server_port,
+                                         tls=True,
+                                         mtls=True)
+                td.setup_client_security(server_namespace=namespace,
+                                         server_name=server_name,
                                          tls=True,
                                          mtls=True)
 
             elif security_mode == 'tls':
                 logger.info('Setting up tls')
                 td.setup_for_grpc(server_xds_host, server_xds_port)
-                td.setup_server_security(server_port, tls=True, mtls=False)
-                td.setup_client_security(namespace,
-                                         server_name,
+                td.setup_server_security(server_namespace=namespace,
+                                         server_name=server_name,
+                                         server_port=server_port,
+                                         tls=True,
+                                         mtls=False)
+                td.setup_client_security(server_namespace=namespace,
+                                         server_name=server_name,
                                          tls=True,
                                          mtls=False)
 
             elif security_mode == 'plaintext':
                 logger.info('Setting up plaintext')
                 td.setup_for_grpc(server_xds_host, server_xds_port)
-                td.setup_server_security(server_port, tls=False, mtls=False)
-                td.setup_client_security(namespace,
-                                         server_name,
+                td.setup_server_security(server_namespace=namespace,
+                                         server_name=server_name,
+                                         server_port=server_port,
+                                         tls=False,
+                                         mtls=False)
+                td.setup_client_security(server_namespace=namespace,
+                                         server_name=server_name,
                                          tls=False,
                                          mtls=False)
 

tools/run_tests/xds_test_driver/framework/infrastructure/traffic_director.py

@@ -309,14 +309,22 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
                                service_port,
                                backend_protocol=backend_protocol)
 
-    def setup_server_security(self, server_port, *, tls, mtls):
+    def setup_server_security(self,
+                              *,
+                              server_namespace,
+                              server_name,
+                              server_port,
+                              tls=True,
+                              mtls=True):
         self.create_server_tls_policy(tls=tls, mtls=mtls)
-        self.create_endpoint_config_selector(server_port)
+        self.create_endpoint_config_selector(server_namespace=server_namespace,
+                                             server_name=server_name,
+                                             server_port=server_port)
 
     def setup_client_security(self,
+                              *,
                               server_namespace,
                               server_name,
-                              *,
                               tls=True,
                               mtls=True):
         self.create_client_tls_policy(tls=tls, mtls=mtls)
@@ -368,14 +376,15 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
         self.netsec.delete_server_tls_policy(name)
         self.server_tls_policy = None
 
-    def create_endpoint_config_selector(self, server_port):
+    def create_endpoint_config_selector(self, server_namespace, server_name,
+                                        server_port):
         name = self._ns_name(self.ENDPOINT_CONFIG_SELECTOR_NAME)
         logger.info('Creating Endpoint Config Selector %s', name)
 
         # todo(sergiitk): user server config value
         endpoint_matcher_labels = [{
-            "labelName": "version",
-            "labelValue": "production"
+            "labelName": "app",
+            "labelValue": f"{server_namespace}-{server_name}"
         }]
         port_selector = {"ports": [str(server_port)]}
 

tools/run_tests/xds_test_driver/framework/xds_k8s_testcase.py

@@ -239,11 +239,13 @@ class SecurityXdsKubernetesTestCase(XdsKubernetesTestCase):
 
     def setupSecurityPolicies(self, *, server_tls, server_mtls, client_tls,
                               client_mtls):
-        self.td.setup_client_security(self.server_namespace,
-                                      self.server_name,
+        self.td.setup_client_security(server_namespace=self.server_namespace,
+                                      server_name=self.server_name,
                                       tls=client_tls,
                                       mtls=client_mtls)
-        self.td.setup_server_security(self.server_port,
+        self.td.setup_server_security(server_namespace=self.server_namespace,
+                                      server_name=self.server_name,
+                                      server_port=self.server_port,
                                       tls=server_tls,
                                       mtls=server_mtls)
 

tools/run_tests/xds_test_driver/kubernetes-manifests/server-secure.deployment.yaml

@@ -58,7 +58,7 @@ spec:
             - "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
             - "--vpc-network-name=${network_name}"
             - "--include-psm-security-experimental"
-            - "--node-metadata-experimental=version=production"
+            - "--node-metadata-experimental=app=${namespace_name}-${deployment_name}"
           resources:
             limits:
               cpu: 100m