Standardizes loadgen behavior for Istio mTLS=STRICT (#279)

* Adds liveness probe annotation, moves loadgen initcontainer into main

* cleanup

* cleanup

* updated wrong manifests

* respond to comments
This commit is contained in:
Megan O'Keefe 2019-12-16 09:30:23 -05:00 committed by GitHub
parent 61dd04992b
commit 8cfb88bf2f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 28 additions and 31 deletions

View file

@ -212,35 +212,28 @@ by deploying the [release manifest](./release) directly to an existing cluster.
--istio-config=auth=MTLS_PERMISSIVE --istio-config=auth=MTLS_PERMISSIVE
``` ```
> NOTE: If you need to enable `MTLS_STRICT` mode, you will need to update 2. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
> several manifest files:
>
> - `kubernetes-manifests/frontend.yaml`: delete "livenessProbe" and
> "readinessProbe" fields.
> - `kubernetes-manifests/loadgenerator.yaml`: delete "initContainers" field.
1. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
by [following this guide](https://cloud.google.com/istio/docs/istio-on-gke/installing#enabling_tracing_and_logging). by [following this guide](https://cloud.google.com/istio/docs/istio-on-gke/installing#enabling_tracing_and_logging).
1. Install the automatic sidecar injection (annotate the `default` namespace 3. Install the automatic sidecar injection (annotate the `default` namespace
with the label): with the label):
```sh ```sh
kubectl label namespace default istio-injection=enabled kubectl label namespace default istio-injection=enabled
``` ```
1. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory. 4. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
(This is required only once.) (This is required only once.)
```sh ```sh
kubectl apply -f ./istio-manifests kubectl apply -f ./istio-manifests
``` ```
1. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`. 5. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.
1. Run `kubectl get pods` to see pods are in a healthy and ready state. 6. Run `kubectl get pods` to see pods are in a healthy and ready state.
1. Find the IP address of your Istio gateway Ingress or Service, and visit the 7. Find the IP address of your Istio gateway Ingress or Service, and visit the
application. application.
```sh ```sh

View file

@ -24,6 +24,8 @@ spec:
metadata: metadata:
labels: labels:
app: frontend app: frontend
annotations:
sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec: spec:
containers: containers:
- name: server - name: server

View file

@ -11,7 +11,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -25,20 +24,11 @@ spec:
metadata: metadata:
labels: labels:
app: loadgenerator app: loadgenerator
annotations:
sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec: spec:
terminationGracePeriodSeconds: 5 terminationGracePeriodSeconds: 5
restartPolicy: Always restartPolicy: Always
initContainers:
- name: wait-frontend
image: alpine:3.6
command: ['sh', '-c', 'set -x; apk add --no-cache curl &&
until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
echo "waiting for http://${FRONTEND_ADDR}";
sleep 2;
done;']
env:
- name: FRONTEND_ADDR
value: "frontend:80"
containers: containers:
- name: main - name: main
image: loadgenerator image: loadgenerator

View file

@ -15,4 +15,7 @@ COPY --from=builder /install /usr/local
COPY . . COPY . .
RUN chmod +x ./loadgen.sh RUN chmod +x ./loadgen.sh
RUN apt-get -qq update \
&& apt-get install -y --no-install-recommends \
curl
ENTRYPOINT ./loadgen.sh ENTRYPOINT ./loadgen.sh

View file

@ -24,4 +24,13 @@ if [[ -z "${FRONTEND_ADDR}" ]]; then
fi fi
set -x set -x
# if one request to the frontend fails, then exit
STATUSCODE=$(curl --silent --output /dev/stderr --write-out "%{http_code}" http://${FRONTEND_ADDR})
if test $STATUSCODE -ne 200; then
echo "Error: Could not reach frontend - Status code: ${STATUSCODE}"
exit 1
fi
# else, run loadgen
locust --host="http://${FRONTEND_ADDR}" --no-web -c "${USERS:-10}" 2>&1 locust --host="http://${FRONTEND_ADDR}" --no-web -c "${USERS:-10}" 2>&1