Standardizes loadgen behavior for Istio mTLS=STRICT (#279)

* Adds liveness probe annotation, moves loadgen initcontainer into main * cleanup * cleanup * updated wrong manifests * respond to comments
2019-12-16 09:30:23 -05:00 · 2019-12-16 09:30:23 -05:00 · 8cfb88bf2f
parent 61dd04992b
commit 8cfb88bf2f
7 changed files with 28 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
@ -8,4 +8,4 @@ pkg/
 .vs/
 .idea
 .skaffold-*.yaml
-.kubernetes-manifests-*/
+.kubernetes-manifests-*/
--- a/README.md
+++ b/README.md
@ -212,35 +212,28 @@ by deploying the [release manifest](./release) directly to an existing cluster.
       --istio-config=auth=MTLS_PERMISSIVE
   ```

-   > NOTE: If you need to enable `MTLS_STRICT` mode, you will need to update
-   > several manifest files:
-   >
-   > - `kubernetes-manifests/frontend.yaml`: delete "livenessProbe" and
-   >   "readinessProbe" fields.
-   > - `kubernetes-manifests/loadgenerator.yaml`: delete "initContainers" field.
-
-1. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
+2. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
   by [following this guide](https://cloud.google.com/istio/docs/istio-on-gke/installing#enabling_tracing_and_logging).

-1. Install the automatic sidecar injection (annotate the `default` namespace
+3. Install the automatic sidecar injection (annotate the `default` namespace
   with the label):

   ```sh
   kubectl label namespace default istio-injection=enabled
   ```

-1. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
+4. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
   (This is required only once.)

   ```sh
   kubectl apply -f ./istio-manifests
   ```

-1. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.
+5. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.

-1. Run `kubectl get pods` to see pods are in a healthy and ready state.
+6. Run `kubectl get pods` to see pods are in a healthy and ready state.

-1. Find the IP address of your Istio gateway Ingress or Service, and visit the
+7. Find the IP address of your Istio gateway Ingress or Service, and visit the
   application.

   ```sh
--- a/kubernetes-manifests/frontend.yaml
+++ b/kubernetes-manifests/frontend.yaml
@ -24,6 +24,8 @@ spec:
    metadata:
      labels:
        app: frontend
+      annotations:
+        sidecar.istio.io/rewriteAppHTTPProbers: "true"
    spec:
      containers:
        - name: server
--- a/kubernetes-manifests/loadgenerator.yaml
+++ b/kubernetes-manifests/loadgenerator.yaml
@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -25,20 +24,11 @@ spec:
    metadata:
      labels:
        app: loadgenerator
+      annotations:
+        sidecar.istio.io/rewriteAppHTTPProbers: "true"
    spec:
      terminationGracePeriodSeconds: 5
      restartPolicy: Always
-      initContainers:
-      - name: wait-frontend
-        image: alpine:3.6
-        command: ['sh', '-c', 'set -x;  apk add --no-cache curl && 
-          until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do 
-            echo "waiting for http://${FRONTEND_ADDR}"; 
-            sleep 2;
-          done;']
-        env:
-        - name: FRONTEND_ADDR
-          value: "frontend:80"
      containers:
      - name: main
        image: loadgenerator
@ -53,4 +43,4 @@ spec:
            memory: 256Mi
          limits:
            cpu: 500m
-            memory: 512Mi
+            memory: 512Mi
--- a/release/kubernetes-manifests.yaml
+++ b/release/kubernetes-manifests.yaml
@ -450,9 +450,9 @@ spec:
      initContainers:
      - name: wait-frontend
        image: alpine:3.6
-        command: ['sh', '-c', 'set -x;  apk add --no-cache curl && 
-          until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do 
-            echo "waiting for http://${FRONTEND_ADDR}"; 
+        command: ['sh', '-c', 'set -x;  apk add --no-cache curl &&
+          until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
+            echo "waiting for http://${FRONTEND_ADDR}";
            sleep 2;
          done;']
        env:
@ -683,4 +683,4 @@ spec:
  - name: grpc
    port: 9555
    targetPort: 9555
---
+---
--- a/src/loadgenerator/Dockerfile
+++ b/src/loadgenerator/Dockerfile
@ -15,4 +15,7 @@ COPY --from=builder /install /usr/local

 COPY . .
 RUN chmod +x ./loadgen.sh
+RUN apt-get -qq update \
+    && apt-get install -y --no-install-recommends \
+        curl
 ENTRYPOINT ./loadgen.sh
--- a/src/loadgenerator/loadgen.sh
+++ b/src/loadgenerator/loadgen.sh
@ -24,4 +24,13 @@ if [[ -z "${FRONTEND_ADDR}" ]]; then
 fi

 set -x
+
+# if one request to the frontend fails, then exit
+STATUSCODE=$(curl --silent --output /dev/stderr --write-out "%{http_code}" http://${FRONTEND_ADDR})
+if test $STATUSCODE -ne 200; then
+    echo "Error: Could not reach frontend - Status code: ${STATUSCODE}"
+    exit 1
+fi
+
+# else, run loadgen
 locust --host="http://${FRONTEND_ADDR}" --no-web -c "${USERS:-10}" 2>&1