From 872351a5af632c21edc6ff85b29ec2805fe6abb0 Mon Sep 17 00:00:00 2001
From: John Howard <howardjohn@google.com>
Date: Thu, 28 Feb 2019 17:35:53 -0800
Subject: [PATCH] Refactor e2e yaml value files (#12076)

* Refactor e2e yaml value files

This change involes:
* renaming uses of old make target
* adding all generated files to gitignore
* create new target to build all e2e yaml files and another for the demo
files that are included in release
* move all testing value files, and example value files, to folders
* create value files for tests that were using --set

* Fix reference to values-e2e.yaml

* Fix typo

* Add readme and fix test failures

* Fix integration tests file

* Enable core dump for auth sds test

* Actually use coredump

* Move istio minimal - needed for docs

* resolve conflict
---
 .circleci/config.yml                          |  18 +-
 .gitignore                                    |   5 +
 Makefile                                      | 161 +++---------------
 .../helm/istio/example-values/README.md       |   5 +
 .../values-istio-example-sds-vault.yaml       |   0
 .../values-istio-gateways.yaml                |   0
 .../values-istio-googleca.yaml                |   0
 .../values-istio-multicluster-gateways.yaml   |   0
 .../helm/istio/test-values/README.md          |   7 +
 .../istio/{ => test-values}/values-e2e.yaml   |   4 +
 .../values-istio-auth-mcp.yaml                |   0
 .../values-istio-auth-multicluster.yaml       |   0
 .../values-istio-auth-non-mcp.yaml            |   7 +
 .../test-values/values-istio-auth-sds.yaml    |  23 +++
 .../{ => test-values}/values-istio-auth.yaml  |   0
 .../{ => test-values}/values-istio-mcp.yaml   |   0
 .../values-istio-multicluster.yaml            |   0
 .../test-values/values-istio-non-mcp.yaml     |   2 +
 .../values-istio-one-namespace-auth.yaml      |   0
 ...lues-istio-one-namespace-trust-domain.yaml |   0
 .../values-istio-one-namespace.yaml           |   0
 .../istio/{ => test-values}/values-istio.yaml |   0
 install/updateVersion.sh                      |  12 +-
 .../components/environment/kube/settings.go   |   2 +-
 release/create_release_archives.sh            |  26 ++-
 tests/istio.mk                                |  44 ++---
 26 files changed, 127 insertions(+), 189 deletions(-)
 create mode 100644 install/kubernetes/helm/istio/example-values/README.md
 rename install/kubernetes/helm/istio/{ => example-values}/values-istio-example-sds-vault.yaml (100%)
 rename install/kubernetes/helm/istio/{ => example-values}/values-istio-gateways.yaml (100%)
 rename install/kubernetes/helm/istio/{ => example-values}/values-istio-googleca.yaml (100%)
 rename install/kubernetes/helm/istio/{ => example-values}/values-istio-multicluster-gateways.yaml (100%)
 create mode 100644 install/kubernetes/helm/istio/test-values/README.md
 rename install/kubernetes/helm/istio/{ => test-values}/values-e2e.yaml (87%)
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-auth-mcp.yaml (100%)
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-auth-multicluster.yaml (100%)
 create mode 100644 install/kubernetes/helm/istio/test-values/values-istio-auth-non-mcp.yaml
 create mode 100644 install/kubernetes/helm/istio/test-values/values-istio-auth-sds.yaml
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-auth.yaml (100%)
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-mcp.yaml (100%)
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-multicluster.yaml (100%)
 create mode 100644 install/kubernetes/helm/istio/test-values/values-istio-non-mcp.yaml
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-one-namespace-auth.yaml (100%)
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-one-namespace-trust-domain.yaml (100%)
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio-one-namespace.yaml (100%)
 rename install/kubernetes/helm/istio/{ => test-values}/values-istio.yaml (100%)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index a89968583578..b757c1810092 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -162,7 +162,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -201,7 +201,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -236,7 +236,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_e2e_test_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -270,7 +270,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_e2e_test_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -309,7 +309,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -369,7 +369,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -406,7 +406,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -440,7 +440,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
@@ -497,7 +497,7 @@ jobs:
               # Should only happen when re-running a job, and the workspace is gone
               time make build test-bins
             fi
-            make docker.all generate_yaml
+            make docker.all generate_e2e_yaml
       - run: bin/testEnvRootMinikube.sh wait
       - run: docker images
       - run:
diff --git a/.gitignore b/.gitignore
index de0de611222a..0ad490a53c88 100644
--- a/.gitignore
+++ b/.gitignore
@@ -57,6 +57,11 @@ install/kubernetes/istio-multicluster.yaml
 install/kubernetes/istio-remote.yaml
 install/kubernetes/istio-mcp.yaml
 install/kubernetes/istio-auth-mcp.yaml
+install/kubernetes/istio-auth-non-mcp.yaml
+install/kubernetes/istio-auth-sds.yaml
+install/kubernetes/istio-init.yaml
+install/kubernetes/istio-non-mcp.yaml
+install/kubernetes/istio-minimal.yaml
 install/kubernetes/helm/istio/requirements.lock
 samples/bookinfo/platform/consul/bookinfo.sidecars.yaml
 *.orig
diff --git a/Makefile b/Makefile
index e13ccddb0342..7868e1a76766 100644
--- a/Makefile
+++ b/Makefile
@@ -630,16 +630,6 @@ $(HELM):
 $(HOME)/.helm:
 	$(HELM) init --client-only
 
-# create istio-remote.yaml
-istio-remote.yaml: $(HELM) $(HOME)/.helm
-	cat install/kubernetes/namespace.yaml > install/kubernetes/$@
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/$@
-	$(HELM) template --name=istio --namespace=istio-system \
-		--values install/kubernetes/helm/istio/values-istio-remote.yaml \
-		--set istio_cni.enabled=${ENABLE_ISTIO_CNI} \
-		${EXTRA_HELM_SETTINGS} \
-		install/kubernetes/helm/istio >> install/kubernetes/$@
-
 # create istio-init.yaml
 istio-init.yaml: $(HELM) $(HOME)/.helm
 	cat install/kubernetes/namespace.yaml > install/kubernetes/$@
@@ -649,9 +639,9 @@ istio-init.yaml: $(HELM) $(HOME)/.helm
 		--set global.hub=${HUB} \
 		install/kubernetes/helm/istio-init >> install/kubernetes/$@
 
-# creates istio.yaml istio-auth.yaml istio-one-namespace.yaml istio-one-namespace-auth.yaml istio-one-namespace-trust-domain.yaml
+# creates istio-demo.yaml istio-demo-auth.yaml istio-remote.yaml
 # Ensure that values-$filename is present in install/kubernetes/helm/istio
-isti%.yaml: $(HELM) $(HOME)/.helm
+istio-demo.yaml istio-demo-auth.yaml istio-remote.yaml istio-minimal.yaml: $(HELM) $(HOME)/.helm
 	cat install/kubernetes/namespace.yaml > install/kubernetes/$@
 	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/$@
 	$(HELM) template \
@@ -668,50 +658,28 @@ isti%.yaml: $(HELM) $(HOME)/.helm
 		--values install/kubernetes/helm/istio/values-$@ \
 		install/kubernetes/helm/istio >> install/kubernetes/$@
 
-generate_yaml: $(HELM) $(HOME)/.helm istio-init.yaml
-	./install/updateVersion.sh -a ${HUB},${TAG} >/dev/null 2>&1
-	cat install/kubernetes/namespace.yaml > install/kubernetes/istio.yaml
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/istio.yaml
-	$(HELM) template \
-		--name=istio \
-		--namespace=istio-system \
-		--set global.hub=${HUB} \
-		--set global.tag=${TAG} \
-		--set global.imagePullPolicy=$(PULL_POLICY) \
-		--set global.mtls.enabled=false \
-		--set global.controlPlaneSecurityEnabled=false \
-		--set global.proxy.enableCoreDump=${ENABLE_COREDUMP} \
-		--set istio_cni.enabled=${ENABLE_ISTIO_CNI} \
-		--set gateways.istio-egressgateway.enabled=true \
-		--set global.outboundTrafficPolicy.mode=REGISTRY_ONLY \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		${EXTRA_HELM_SETTINGS} \
-		install/kubernetes/helm/istio >> install/kubernetes/istio.yaml
-
-	cat install/kubernetes/namespace.yaml > install/kubernetes/istio-auth.yaml
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/istio-auth.yaml
-	$(HELM) template \
-		--name=istio \
-		--namespace=istio-system \
-		--set global.hub=${HUB} \
-    --set global.tag=${TAG} \
-		--set global.imagePullPolicy=$(PULL_POLICY) \
-		--set global.mtls.enabled=true \
-		--set global.controlPlaneSecurityEnabled=true \
-		--set global.proxy.enableCoreDump=${ENABLE_COREDUMP} \
-		--set istio_cni.enabled=${ENABLE_ISTIO_CNI} \
-		--set gateways.istio-egressgateway.enabled=true \
-		--set global.outboundTrafficPolicy.mode=REGISTRY_ONLY \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		${EXTRA_HELM_SETTINGS} \
-		install/kubernetes/helm/istio >> install/kubernetes/istio-auth.yaml
-
-generate_yaml_coredump: export ENABLE_COREDUMP=true
-generate_yaml_coredump:
-	$(MAKE) generate_yaml
-
-# TODO(howardjohn) clean all of this up
-istio-auth-mcp.yaml:
+e2e_files = istio-auth-non-mcp.yaml \
+			istio-auth-sds.yaml \
+			istio-non-mcp.yaml \
+			istio.yaml \
+			istio-auth.yaml \
+			istio-auth-mcp.yaml \
+			istio-auth-multicluster.yaml \
+			istio-mcp.yaml \
+			istio-one-namespace.yaml \
+			istio-one-namespace-auth.yaml \
+			istio-one-namespace-trust-domain.yaml \
+			istio-multicluster.yaml \
+
+.PHONY: generate_e2e_yaml generate_e2e_yaml_coredump
+generate_e2e_yaml: $(e2e_files)
+
+generate_e2e_yaml_coredump: export ENABLE_COREDUMP=true
+generate_e2e_yaml_coredump:
+	$(MAKE) generate_e2e_yaml
+
+# Create yaml files for e2e tests. Applies values-e2e.yaml, then values-$filename.yaml
+$(e2e_files): $(HELM) $(HOME)/.helm istio-init.yaml
 	cat install/kubernetes/namespace.yaml > install/kubernetes/$@
 	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/$@
 	$(HELM) template \
@@ -723,84 +691,9 @@ istio-auth-mcp.yaml:
 		--set global.proxy.enableCoreDump=${ENABLE_COREDUMP} \
 		--set istio_cni.enabled=${ENABLE_ISTIO_CNI} \
 		${EXTRA_HELM_SETTINGS} \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		--values install/kubernetes/helm/istio/values-istio-auth-mcp.yaml \
-		install/kubernetes/helm/istio >> install/kubernetes/istio-auth-mcp.yaml
-
-# TODO(sdake) All this copy and paste needs to go.  This is easy to wrap up in
-#             isti%.yaml macro with value files per test scenario.  Will handle
-#             as a followup PR.
-generate_e2e_test_yaml: $(HELM) $(HOME)/.helm istio-init.yaml
-	#./install/updateVersion.sh -a ${HUB},${TAG} >/dev/null 2>&1
-	cat install/kubernetes/namespace.yaml > install/kubernetes/istio.yaml
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/istio.yaml
-	$(HELM) template --set global.tag=${TAG} \
-		--name=istio \
-		--namespace=istio-system \
-		--set global.hub=${HUB} \
-		--set global.proxy.enableCoreDump=${ENABLE_COREDUMP} \
-		--set gateways.istio-egressgateway.enabled=true \
-		--set global.outboundTrafficPolicy.mode=REGISTRY_ONLY \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		${EXTRA_HELM_SETTINGS} \
-		install/kubernetes/helm/istio >> install/kubernetes/istio.yaml
-
-	cat install/kubernetes/namespace.yaml > install/kubernetes/istio-auth.yaml
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/istio-auth.yaml
-	$(HELM) template --set global.tag=${TAG} \
-		--name=istio \
-		--namespace=istio-system \
-		--set global.hub=${HUB} \
-		--set global.mtls.enabled=true \
-		--set global.controlPlaneSecurityEnabled=true \
-		--set global.proxy.enableCoreDump=${ENABLE_COREDUMP} \
-		--set gateways.istio-egressgateway.enabled=true \
-		--set global.outboundTrafficPolicy.mode=REGISTRY_ONLY \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		${EXTRA_HELM_SETTINGS} \
-		install/kubernetes/helm/istio >> install/kubernetes/istio-auth.yaml
-
-	cat install/kubernetes/namespace.yaml > install/kubernetes/istio-non-mcp.yaml
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/istio-non-mcp.yaml
-	$(HELM) template --set global.tag=${TAG} \
-		--name=istio \
-		--namespace=istio-system \
-		--set global.hub=${HUB} \
-		--set global.proxy.enableCoreDump=${ENABLE_COREDUMP} \
-		--set global.useMCP=false \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		${EXTRA_HELM_SETTINGS} \
-		install/kubernetes/helm/istio >> install/kubernetes/istio-non-mcp.yaml
-
-	cat install/kubernetes/namespace.yaml > install/kubernetes/istio-auth-non-mcp.yaml
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/istio-auth-non-mcp.yaml
-	$(HELM) template --set global.tag=${TAG} \
-		--name=istio \
-		--namespace=istio-system \
-		--set global.hub=${HUB} \
-		--set global.mtls.enabled=true \
-		--set global.controlPlaneSecurityEnabled=true \
-		--set global.proxy.enableCoreDump=${ENABLE_COREDUMP} \
-		--set global.useMCP=false \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		${EXTRA_HELM_SETTINGS} \
-		install/kubernetes/helm/istio >> install/kubernetes/istio-auth-non-mcp.yaml
-
-	cat install/kubernetes/namespace.yaml > install/kubernetes/istio-auth-sds.yaml
-	cat install/kubernetes/helm/istio-init/files/crd-* >> install/kubernetes/istio-auth-sds.yaml
-	$(HELM) template --set global.tag=${TAG} \
-		--name=istio \
-		--namespace=istio-system \
-		--set global.hub=${HUB} \
-		--set global.mtls.enabled=true \
-		--set global.proxy.enableCoreDump=true \
-		--set istio_cni.enabled=${ENABLE_ISTIO_CNI} \
-		--set gateways.istio-egressgateway.enabled=true \
-		--set global.outboundTrafficPolicy.mode=REGISTRY_ONLY \
-		${EXTRA_HELM_SETTINGS} \
-		--values install/kubernetes/helm/istio/values-e2e.yaml \
-		--values install/kubernetes/helm/istio/values-istio-sds-auth.yaml \
-		install/kubernetes/helm/istio >> install/kubernetes/istio-auth-sds.yaml
+		--values install/kubernetes/helm/istio/test-values/values-e2e.yaml \
+		--values install/kubernetes/helm/istio/test-values/values-$@ \
+		install/kubernetes/helm/istio >> install/kubernetes/$@
 
 # files generated by the default invocation of updateVersion.sh
 FILES_TO_CLEAN+=install/consul/istio.yaml \
diff --git a/install/kubernetes/helm/istio/example-values/README.md b/install/kubernetes/helm/istio/example-values/README.md
new file mode 100644
index 000000000000..74fedcb6073b
--- /dev/null
+++ b/install/kubernetes/helm/istio/example-values/README.md
@@ -0,0 +1,5 @@
+# Example Values
+
+These files provide various example values for different Istio setups.
+
+To use them, [read the docs](https://istio.io/docs/setup/kubernetes/helm-install/) and add the flag `--values example-file.yaml`.
diff --git a/install/kubernetes/helm/istio/values-istio-example-sds-vault.yaml b/install/kubernetes/helm/istio/example-values/values-istio-example-sds-vault.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-example-sds-vault.yaml
rename to install/kubernetes/helm/istio/example-values/values-istio-example-sds-vault.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-gateways.yaml b/install/kubernetes/helm/istio/example-values/values-istio-gateways.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-gateways.yaml
rename to install/kubernetes/helm/istio/example-values/values-istio-gateways.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-googleca.yaml b/install/kubernetes/helm/istio/example-values/values-istio-googleca.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-googleca.yaml
rename to install/kubernetes/helm/istio/example-values/values-istio-googleca.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-multicluster-gateways.yaml b/install/kubernetes/helm/istio/example-values/values-istio-multicluster-gateways.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-multicluster-gateways.yaml
rename to install/kubernetes/helm/istio/example-values/values-istio-multicluster-gateways.yaml
diff --git a/install/kubernetes/helm/istio/test-values/README.md b/install/kubernetes/helm/istio/test-values/README.md
new file mode 100644
index 000000000000..8e5ff277cb22
--- /dev/null
+++ b/install/kubernetes/helm/istio/test-values/README.md
@@ -0,0 +1,7 @@
+# Test Values
+
+These files are intended to be used to install Istio for E2E tests.
+
+The rendered files can be generated with `make generate_e2e_yaml`.
+
+These files will all have `values-e2e.yaml` applied to them *first*, so if there are settings there that should not be included in the test the must be overridden.
diff --git a/install/kubernetes/helm/istio/values-e2e.yaml b/install/kubernetes/helm/istio/test-values/values-e2e.yaml
similarity index 87%
rename from install/kubernetes/helm/istio/values-e2e.yaml
rename to install/kubernetes/helm/istio/test-values/values-e2e.yaml
index 5aa12704822d..737cc53592fe 100644
--- a/install/kubernetes/helm/istio/values-e2e.yaml
+++ b/install/kubernetes/helm/istio/test-values/values-e2e.yaml
@@ -12,6 +12,8 @@ global:
     enableCoreDump: true
 
   disablePolicyChecks: false
+  outboundTrafficPolicy:
+    mode: REGISTRY_ONLY
 
 prometheus:
   scrapeInterval: 5s
@@ -19,6 +21,8 @@ prometheus:
 gateways:
   istio-ingressgateway:
     autoscaleMax: 1
+  istio-egressgateway:
+    enabled: true
 
 mixer:
   policy:
diff --git a/install/kubernetes/helm/istio/values-istio-auth-mcp.yaml b/install/kubernetes/helm/istio/test-values/values-istio-auth-mcp.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-auth-mcp.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-auth-mcp.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-auth-multicluster.yaml b/install/kubernetes/helm/istio/test-values/values-istio-auth-multicluster.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-auth-multicluster.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-auth-multicluster.yaml
diff --git a/install/kubernetes/helm/istio/test-values/values-istio-auth-non-mcp.yaml b/install/kubernetes/helm/istio/test-values/values-istio-auth-non-mcp.yaml
new file mode 100644
index 000000000000..4401aa509d16
--- /dev/null
+++ b/install/kubernetes/helm/istio/test-values/values-istio-auth-non-mcp.yaml
@@ -0,0 +1,7 @@
+global:
+  mtls:
+    enabled: true
+
+  controlPlaneSecurityEnabled: true
+
+  useMCP: false
\ No newline at end of file
diff --git a/install/kubernetes/helm/istio/test-values/values-istio-auth-sds.yaml b/install/kubernetes/helm/istio/test-values/values-istio-auth-sds.yaml
new file mode 100644
index 000000000000..a01172645c22
--- /dev/null
+++ b/install/kubernetes/helm/istio/test-values/values-istio-auth-sds.yaml
@@ -0,0 +1,23 @@
+global:
+  controlPlaneSecurityEnabled: false
+
+  mtls:
+    # Default setting for service-to-service mtls. Can be set explicitly using
+    # destination rules or service annotations.
+    enabled: true
+
+  sds:
+    enabled: true
+    udsPath: "unix:/var/run/sds/uds_path"
+    useNormalJwt: true
+
+  proxy:
+    enableCoreDump: true
+
+nodeagent:
+  enabled: true
+  image: node-agent-k8s
+  env:
+    CA_PROVIDER: "Citadel"
+    CA_ADDR: "istio-citadel:8060"
+    VALID_TOKEN: true
\ No newline at end of file
diff --git a/install/kubernetes/helm/istio/values-istio-auth.yaml b/install/kubernetes/helm/istio/test-values/values-istio-auth.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-auth.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-auth.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-mcp.yaml b/install/kubernetes/helm/istio/test-values/values-istio-mcp.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-mcp.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-mcp.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-multicluster.yaml b/install/kubernetes/helm/istio/test-values/values-istio-multicluster.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-multicluster.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-multicluster.yaml
diff --git a/install/kubernetes/helm/istio/test-values/values-istio-non-mcp.yaml b/install/kubernetes/helm/istio/test-values/values-istio-non-mcp.yaml
new file mode 100644
index 000000000000..66b236b32ff1
--- /dev/null
+++ b/install/kubernetes/helm/istio/test-values/values-istio-non-mcp.yaml
@@ -0,0 +1,2 @@
+global:
+  useMCP: false
\ No newline at end of file
diff --git a/install/kubernetes/helm/istio/values-istio-one-namespace-auth.yaml b/install/kubernetes/helm/istio/test-values/values-istio-one-namespace-auth.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-one-namespace-auth.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-one-namespace-auth.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-one-namespace-trust-domain.yaml b/install/kubernetes/helm/istio/test-values/values-istio-one-namespace-trust-domain.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-one-namespace-trust-domain.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-one-namespace-trust-domain.yaml
diff --git a/install/kubernetes/helm/istio/values-istio-one-namespace.yaml b/install/kubernetes/helm/istio/test-values/values-istio-one-namespace.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio-one-namespace.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio-one-namespace.yaml
diff --git a/install/kubernetes/helm/istio/values-istio.yaml b/install/kubernetes/helm/istio/test-values/values-istio.yaml
similarity index 100%
rename from install/kubernetes/helm/istio/values-istio.yaml
rename to install/kubernetes/helm/istio/test-values/values-istio.yaml
diff --git a/install/updateVersion.sh b/install/updateVersion.sh
index 6cf8d91184b5..0b08533185b4 100755
--- a/install/updateVersion.sh
+++ b/install/updateVersion.sh
@@ -148,15 +148,9 @@ function gen_file() {
 }
 
 function gen_istio_files() {
-    if [[ -n ${ISTIO_RELEASE:-} ]]; then
-        for target in istio-demo.yaml istio-demo-auth.yaml; do
-            gen_file $target "${DEST_DIR}"
-        done
-    else
-        for target in istio.yaml istio-auth.yaml istio-one-namespace.yaml istio-one-namespace-auth.yaml istio-one-namespace-trust-domain.yaml istio-multicluster.yaml istio-auth-multicluster.yaml istio-remote.yaml istio-mcp.yaml istio-auth-mcp.yaml;do
-            gen_file $target "${DEST_DIR}"
-        done
-    fi
+    for target in istio-demo.yaml istio-demo-auth.yaml; do
+        gen_file $target "${DEST_DIR}"
+    done
 }
 
 function update_istio_install_docker() {
diff --git a/pkg/test/framework/runtime/components/environment/kube/settings.go b/pkg/test/framework/runtime/components/environment/kube/settings.go
index 68ac4ba4d173..cabbd915a576 100644
--- a/pkg/test/framework/runtime/components/environment/kube/settings.go
+++ b/pkg/test/framework/runtime/components/environment/kube/settings.go
@@ -42,7 +42,7 @@ const (
 	DefaultSystemNamespace = "istio-system"
 
 	// DefaultValuesFile for Istio Helm deployment.
-	DefaultValuesFile = "values-istio-mcp.yaml"
+	DefaultValuesFile = "test-values/values-istio-mcp.yaml"
 
 	// LatestTag value
 	LatestTag = "latest"
diff --git a/release/create_release_archives.sh b/release/create_release_archives.sh
index 46cb2f0d0410..90c069696599 100755
--- a/release/create_release_archives.sh
+++ b/release/create_release_archives.sh
@@ -140,28 +140,26 @@ find tools -type f -not -name "githubContrib*" -not -name ".*" -exec "${CP}" --p
 popd
 
 for unwanted_manifest in \
+    istio-auth-non-mcp.yaml \
+    istio-auth-sds.yaml \
+    istio-non-mcp.yaml \
+    istio.yaml \
+    istio-auth.yaml \
+    istio-auth-mcp.yaml \
+    istio-auth-multicluster.yaml \
+    istio-mcp.yaml \
     istio-one-namespace.yaml \
     istio-one-namespace-auth.yaml \
     istio-one-namespace-trust-domain.yaml \
-    istio-multicluster.yaml \
-    istio-auth-multicluster.yaml \
-    istio.yaml \
-    addons/zipkin.yaml \
-    istio-auth.yaml \
-    istio-remote.yaml; do
+    istio-remote.yaml \
+    istio-minimal.yaml \
+    addons/zipkin.yaml; do
   rm -f "${COMMON_FILES_DIR}/install/kubernetes/${unwanted_manifest}"
 done
 
 ls -l  "${COMMON_FILES_DIR}/install/kubernetes/"
 
-
-for unwanted_values_yaml in \
-    values-istio.yaml \
-    values-istio-one-namespace.yaml \
-    values-istio-one-namespace-auth.yaml \
-    values-istio-auth.yaml; do
-  rm -f "${COMMON_FILES_DIR}/install/kubernetes/helm/istio/${unwanted_values_yaml}"
-done
+rm -rf "${COMMON_FILES_DIR}/install/kubernetes/helm/istio/test-values/"
 
 ls -l  "${COMMON_FILES_DIR}/install/kubernetes/helm/istio"
 
diff --git a/tests/istio.mk b/tests/istio.mk
index c7db41d70263..56a8f4680b7e 100644
--- a/tests/istio.mk
+++ b/tests/istio.mk
@@ -65,40 +65,40 @@ DEFAULT_EXTRA_E2E_ARGS += --galley_hub=${HUB}
 
 EXTRA_E2E_ARGS ?= ${DEFAULT_EXTRA_E2E_ARGS}
 
-e2e_simple: istioctl generate_yaml e2e_simple_run
+e2e_simple: istioctl generate_e2e_yaml e2e_simple_run
 
 e2e_simple_cni: istioctl
 e2e_simple_cni: export ENABLE_ISTIO_CNI=true
 e2e_simple_cni: export EXTRA_HELM_SETTINGS=--set istio-cni.excludeNamespaces={} --set istio-cni.pullPolicy=IfNotPresent --set istio-cni.tag=$(ISTIO_CNI_DOCKER_TAG) --set istio-cni.hub=$(ISTIO_CNI_DOCKER_HUB)
 e2e_simple_cni: export E2E_ARGS+=--kube_inject_configmap=istio-sidecar-injector
-e2e_simple_cni: generate_yaml e2e_simple_run
+e2e_simple_cni: generate_e2e_yaml e2e_simple_run
 
-e2e_simple_noauth: istioctl generate_yaml e2e_simple_noauth_run
+e2e_simple_noauth: istioctl generate_e2e_yaml e2e_simple_noauth_run
 
-e2e_mixer: istioctl generate_e2e_test_yaml e2e_mixer_run
+e2e_mixer: istioctl generate_e2e_yaml e2e_mixer_run
 
-e2e_galley: istioctl generate_yaml e2e_galley_run
+e2e_galley: istioctl generate_e2e_yaml e2e_galley_run
 
-e2e_dashboard: istioctl generate_e2e_test_yaml e2e_dashboard_run
+e2e_dashboard: istioctl generate_e2e_yaml e2e_dashboard_run
 
-e2e_bookinfo: istioctl generate_yaml e2e_bookinfo_run
+e2e_bookinfo: istioctl generate_e2e_yaml e2e_bookinfo_run
 
-e2e_stackdriver: istioctl generate_yaml e2e_stackdriver_run
+e2e_stackdriver: istioctl generate_e2e_yaml e2e_stackdriver_run
 
-e2e_all: istioctl generate_yaml e2e_all_run
+e2e_all: istioctl generate_e2e_yaml e2e_all_run
 
 # *_run targets do not rebuild the artifacts and test with whatever is given
 
 e2e_simple_run: out_dir
 	set -o pipefail; go test -v -timeout 25m ./tests/e2e/tests/simple -args --auth_enable=true \
 	--egress=false --ingress=false \
-	--valueFile values-e2e.yaml \
+	--valueFile test-values/values-e2e.yaml \
 	--rbac_enable=false --cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
 
 e2e_simple_noauth_run: out_dir
 	set -o pipefail; go test -v -timeout 25m ./tests/e2e/tests/simple -args --auth_enable=false \
 	--egress=false --ingress=false \
-	--valueFile values-e2e.yaml \
+	--valueFile test-values/values-e2e.yaml \
 	--rbac_enable=false --cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
 
 e2e_mixer_run: out_dir
@@ -134,7 +134,7 @@ e2e_all_run_junit_report:
 	$(MAKE) with_junit_report TARGET=e2e_all_run
 
 # The pilot tests cannot currently be part of e2e_all, since they requires some additional flags.
-e2e_pilot: out_dir istioctl generate_yaml
+e2e_pilot: out_dir istioctl generate_e2e_yaml
 	go test -v -timeout 25m ./tests/e2e/tests/pilot ${E2E_ARGS} ${EXTRA_E2E_ARGS}
 
 e2e_pilotv2_v1alpha3: | istioctl test/local/noauth/e2e_pilotv2
@@ -157,28 +157,28 @@ CAPTURE_LOG=| tee -a ${OUT_DIR}/tests/build-log.txt
 out_dir:
 	@mkdir -p ${OUT_DIR}/{logs,tests}
 
-test/local/auth/e2e_simple: out_dir generate_yaml
+test/local/auth/e2e_simple: out_dir generate_e2e_yaml
 	set -o pipefail; go test -v -timeout 25m ./tests/e2e/tests/simple -args --auth_enable=true \
 	--egress=false --ingress=false \
 	--rbac_enable=false --use_local_cluster --cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
 
-test/local/noauth/e2e_simple: out_dir generate_yaml
+test/local/noauth/e2e_simple: out_dir generate_e2e_yaml
 	set -o pipefail; go test -v -timeout 25m ./tests/e2e/tests/simple -args --auth_enable=false \
 	--egress=false --ingress=false \
 	--rbac_enable=false --use_local_cluster --cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
 
-test/local/e2e_mixer: out_dir generate_e2e_test_yaml
+test/local/e2e_mixer: out_dir generate_e2e_yaml
 	set -o pipefail; go test -v -timeout 35m ./tests/e2e/tests/mixer \
 	--auth_enable=false --egress=false --ingress=false --rbac_enable=false \
 	--cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
 
-test/local/e2e_galley: out_dir istioctl generate_yaml
+test/local/e2e_galley: out_dir istioctl generate_e2e_yaml
 	set -o pipefail; go test -v -timeout 25m ./tests/e2e/tests/galley -args \
 	-use_local_cluster -cluster_wide --use_galley_config_validator -test.v ${E2E_ARGS} ${EXTRA_E2E_ARGS} \
 	${CAPTURE_LOG}
 
 # v1alpha3+envoyv2 test without MTLS
-test/local/noauth/e2e_pilotv2: out_dir generate_yaml_coredump
+test/local/noauth/e2e_pilotv2: out_dir generate_e2e_yaml_coredump
 	set -o pipefail; go test -v -timeout ${E2E_TIMEOUT}m ./tests/e2e/tests/pilot \
 		--auth_enable=false --ingress=false --rbac_enable=true --cluster_wide \
 		${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
@@ -186,7 +186,7 @@ test/local/noauth/e2e_pilotv2: out_dir generate_yaml_coredump
 	set -o pipefail; go test -v -timeout ${E2E_TIMEOUT}m ./tests/e2e/tests/controller ${CAPTURE_LOG}
 
 # v1alpha3+envoyv2 test with MTLS
-test/local/auth/e2e_pilotv2: out_dir generate_yaml_coredump
+test/local/auth/e2e_pilotv2: out_dir generate_e2e_yaml_coredump
 	set -o pipefail; go test -v -timeout ${E2E_TIMEOUT}m ./tests/e2e/tests/pilot \
 		--auth_enable=true --ingress=false --rbac_enable=true --cluster_wide \
 		${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
@@ -194,7 +194,7 @@ test/local/auth/e2e_pilotv2: out_dir generate_yaml_coredump
 	set -o pipefail; go test -v -timeout ${E2E_TIMEOUT}m ./tests/e2e/tests/controller ${CAPTURE_LOG}
 
 # test with MTLS using key/cert distributed through SDS
-test/local/auth/e2e_sds_pilotv2: out_dir generate_e2e_test_yaml
+test/local/auth/e2e_sds_pilotv2: out_dir generate_e2e_yaml_coredump
 	set -o pipefail; go test -v -timeout ${E2E_TIMEOUT}m ./tests/e2e/tests/pilot \
 		--auth_enable=true --auth_sds_enable=true  --ingress=false --rbac_enable=true --cluster_wide \
 		${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
@@ -209,18 +209,18 @@ test/local/cloudfoundry/e2e_pilotv2: out_dir
 		${CAPTURE_LOG}
 	sudo iptables -t nat -F
 
-test/local/auth/e2e_bookinfo_envoyv2: out_dir generate_yaml
+test/local/auth/e2e_bookinfo_envoyv2: out_dir generate_e2e_yaml
 	set -o pipefail; go test -v -timeout 25m ./tests/e2e/tests/bookinfo \
 		--auth_enable=true --egress=true --ingress=false --rbac_enable=false \
 		--cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
 
-test/local/auth/e2e_bookinfo_trustdomain: out_dir generate_yaml
+test/local/auth/e2e_bookinfo_trustdomain: out_dir generate_e2e_yaml
 	set -o pipefail; go test -v -timeout 25m ./tests/e2e/tests/bookinfo \
 		--auth_enable=true --trust_domain_enable --egress=true --ingress=false --rbac_enable=false \
 		--cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}
 
 test/local/noauth/e2e_mixer_envoyv2: export EXTRA_HELM_SETTINGS=--set mixer.adapters.stdio.enabled=false
-test/local/noauth/e2e_mixer_envoyv2: out_dir generate_e2e_test_yaml
+test/local/noauth/e2e_mixer_envoyv2: out_dir generate_e2e_yaml
 	set -o pipefail; go test -v -timeout 35m ./tests/e2e/tests/mixer \
 	--auth_enable=false --egress=false --ingress=false --rbac_enable=false \
 	--cluster_wide ${E2E_ARGS} ${T} ${EXTRA_E2E_ARGS} ${CAPTURE_LOG}