vbatts/microservices-demo
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Standardizes loadgen behavior for Istio mTLS=STRICT (#279)

Browse source 
* Adds liveness probe annotation, moves loadgen initcontainer into main

* cleanup

* cleanup

* updated wrong manifests

* respond to comments
This commit is contained in:
Megan O'Keefe 2019-12-16 09:30:23 -05:00 committed by GitHub
parent 61dd04992b
commit 8cfb88bf2f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 28 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -8,4 +8,4 @@ pkg/
.vs/ .vs/
.idea .idea
.skaffold-*.yaml .skaffold-*.yaml
.kubernetes-manifests-*/ .kubernetes-manifests-*/

19
README.md
View file

@ -212,35 +212,28 @@ by deploying the [release manifest](./release) directly to an existing cluster.
--istio-config=auth=MTLS_PERMISSIVE --istio-config=auth=MTLS_PERMISSIVE
``` ```
> NOTE: If you need to enable `MTLS_STRICT` mode, you will need to update 2. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
> several manifest files:
>
> - `kubernetes-manifests/frontend.yaml`: delete "livenessProbe" and
> "readinessProbe" fields.
> - `kubernetes-manifests/loadgenerator.yaml`: delete "initContainers" field.
1. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
by [following this guide](https://cloud.google.com/istio/docs/istio-on-gke/installing#enabling_tracing_and_logging). by [following this guide](https://cloud.google.com/istio/docs/istio-on-gke/installing#enabling_tracing_and_logging).
1. Install the automatic sidecar injection (annotate the `default` namespace 3. Install the automatic sidecar injection (annotate the `default` namespace
with the label): with the label):
```sh ```sh
kubectl label namespace default istio-injection=enabled kubectl label namespace default istio-injection=enabled
``` ```
1. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory. 4. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
(This is required only once.) (This is required only once.)
```sh ```sh
kubectl apply -f ./istio-manifests kubectl apply -f ./istio-manifests
``` ```
1. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`. 5. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.
1. Run `kubectl get pods` to see pods are in a healthy and ready state. 6. Run `kubectl get pods` to see pods are in a healthy and ready state.
1. Find the IP address of your Istio gateway Ingress or Service, and visit the 7. Find the IP address of your Istio gateway Ingress or Service, and visit the
application. application.
```sh ```sh

2
kubernetes-manifests/frontend.yaml
View file

@ -24,6 +24,8 @@ spec:
metadata: metadata:
labels: labels:
app: frontend app: frontend
annotations:
sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec: spec:
containers: containers:
- name: server - name: server

16
kubernetes-manifests/loadgenerator.yaml
View file

@ -11,7 +11,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -25,20 +24,11 @@ spec:
metadata: metadata:
labels: labels:
app: loadgenerator app: loadgenerator
annotations:
sidecar.istio.io/rewriteAppHTTPProbers: "true"
spec: spec:
terminationGracePeriodSeconds: 5 terminationGracePeriodSeconds: 5
restartPolicy: Always restartPolicy: Always
initContainers:
- name: wait-frontend
image: alpine:3.6
command: ['sh', '-c', 'set -x; apk add --no-cache curl &&
until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
echo "waiting for http://${FRONTEND_ADDR}";
sleep 2;
done;']
env:
- name: FRONTEND_ADDR
value: "frontend:80"
containers: containers:
- name: main - name: main
image: loadgenerator image: loadgenerator
@ -53,4 +43,4 @@ spec:
memory: 256Mi memory: 256Mi
limits: limits:
cpu: 500m cpu: 500m
memory: 512Mi memory: 512Mi

8
release/kubernetes-manifests.yaml
View file

@ -450,9 +450,9 @@ spec:
initContainers: initContainers:
- name: wait-frontend - name: wait-frontend
image: alpine:3.6 image: alpine:3.6
command: ['sh', '-c', 'set -x; apk add --no-cache curl && command: ['sh', '-c', 'set -x; apk add --no-cache curl &&
until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
echo "waiting for http://${FRONTEND_ADDR}"; echo "waiting for http://${FRONTEND_ADDR}";
sleep 2; sleep 2;
done;'] done;']
env: env:
@ -683,4 +683,4 @@ spec:
- name: grpc - name: grpc
port: 9555 port: 9555
targetPort: 9555 targetPort: 9555
--- ---

3
src/loadgenerator/Dockerfile
View file

@ -15,4 +15,7 @@ COPY --from=builder /install /usr/local
COPY . . COPY . .
RUN chmod +x ./loadgen.sh RUN chmod +x ./loadgen.sh
RUN apt-get -qq update \
&& apt-get install -y --no-install-recommends \
curl
ENTRYPOINT ./loadgen.sh ENTRYPOINT ./loadgen.sh

9
src/loadgenerator/loadgen.sh
View file

@ -24,4 +24,13 @@ if [[ -z "${FRONTEND_ADDR}" ]]; then
fi fi
set -x set -x
# if one request to the frontend fails, then exit
STATUSCODE=$(curl --silent --output /dev/stderr --write-out "%{http_code}" http://${FRONTEND_ADDR})
if test $STATUSCODE -ne 200; then
echo "Error: Could not reach frontend - Status code: ${STATUSCODE}"
exit 1
fi
# else, run loadgen
locust --host="http://${FRONTEND_ADDR}" --no-web -c "${USERS:-10}" 2>&1 locust --host="http://${FRONTEND_ADDR}" --no-web -c "${USERS:-10}" 2>&1