Standardizes loadgen behavior for Istio mTLS=STRICT (#279)
* Adds liveness probe annotation, moves loadgen initcontainer into main * cleanup * cleanup * updated wrong manifests * respond to comments
This commit is contained in:
parent
61dd04992b
commit
8cfb88bf2f
7 changed files with 28 additions and 31 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -8,4 +8,4 @@ pkg/
|
|||
.vs/
|
||||
.idea
|
||||
.skaffold-*.yaml
|
||||
.kubernetes-manifests-*/
|
||||
.kubernetes-manifests-*/
|
19
README.md
19
README.md
|
@ -212,35 +212,28 @@ by deploying the [release manifest](./release) directly to an existing cluster.
|
|||
--istio-config=auth=MTLS_PERMISSIVE
|
||||
```
|
||||
|
||||
> NOTE: If you need to enable `MTLS_STRICT` mode, you will need to update
|
||||
> several manifest files:
|
||||
>
|
||||
> - `kubernetes-manifests/frontend.yaml`: delete "livenessProbe" and
|
||||
> "readinessProbe" fields.
|
||||
> - `kubernetes-manifests/loadgenerator.yaml`: delete "initContainers" field.
|
||||
|
||||
1. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
|
||||
2. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
|
||||
by [following this guide](https://cloud.google.com/istio/docs/istio-on-gke/installing#enabling_tracing_and_logging).
|
||||
|
||||
1. Install the automatic sidecar injection (annotate the `default` namespace
|
||||
3. Install the automatic sidecar injection (annotate the `default` namespace
|
||||
with the label):
|
||||
|
||||
```sh
|
||||
kubectl label namespace default istio-injection=enabled
|
||||
```
|
||||
|
||||
1. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
|
||||
4. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
|
||||
(This is required only once.)
|
||||
|
||||
```sh
|
||||
kubectl apply -f ./istio-manifests
|
||||
```
|
||||
|
||||
1. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.
|
||||
5. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.
|
||||
|
||||
1. Run `kubectl get pods` to see pods are in a healthy and ready state.
|
||||
6. Run `kubectl get pods` to see pods are in a healthy and ready state.
|
||||
|
||||
1. Find the IP address of your Istio gateway Ingress or Service, and visit the
|
||||
7. Find the IP address of your Istio gateway Ingress or Service, and visit the
|
||||
application.
|
||||
|
||||
```sh
|
||||
|
|
|
@ -24,6 +24,8 @@ spec:
|
|||
metadata:
|
||||
labels:
|
||||
app: frontend
|
||||
annotations:
|
||||
sidecar.istio.io/rewriteAppHTTPProbers: "true"
|
||||
spec:
|
||||
containers:
|
||||
- name: server
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
|
@ -25,20 +24,11 @@ spec:
|
|||
metadata:
|
||||
labels:
|
||||
app: loadgenerator
|
||||
annotations:
|
||||
sidecar.istio.io/rewriteAppHTTPProbers: "true"
|
||||
spec:
|
||||
terminationGracePeriodSeconds: 5
|
||||
restartPolicy: Always
|
||||
initContainers:
|
||||
- name: wait-frontend
|
||||
image: alpine:3.6
|
||||
command: ['sh', '-c', 'set -x; apk add --no-cache curl &&
|
||||
until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
|
||||
echo "waiting for http://${FRONTEND_ADDR}";
|
||||
sleep 2;
|
||||
done;']
|
||||
env:
|
||||
- name: FRONTEND_ADDR
|
||||
value: "frontend:80"
|
||||
containers:
|
||||
- name: main
|
||||
image: loadgenerator
|
||||
|
@ -53,4 +43,4 @@ spec:
|
|||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
memory: 512Mi
|
|
@ -450,9 +450,9 @@ spec:
|
|||
initContainers:
|
||||
- name: wait-frontend
|
||||
image: alpine:3.6
|
||||
command: ['sh', '-c', 'set -x; apk add --no-cache curl &&
|
||||
until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
|
||||
echo "waiting for http://${FRONTEND_ADDR}";
|
||||
command: ['sh', '-c', 'set -x; apk add --no-cache curl &&
|
||||
until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
|
||||
echo "waiting for http://${FRONTEND_ADDR}";
|
||||
sleep 2;
|
||||
done;']
|
||||
env:
|
||||
|
@ -683,4 +683,4 @@ spec:
|
|||
- name: grpc
|
||||
port: 9555
|
||||
targetPort: 9555
|
||||
---
|
||||
---
|
|
@ -15,4 +15,7 @@ COPY --from=builder /install /usr/local
|
|||
|
||||
COPY . .
|
||||
RUN chmod +x ./loadgen.sh
|
||||
RUN apt-get -qq update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
curl
|
||||
ENTRYPOINT ./loadgen.sh
|
||||
|
|
|
@ -24,4 +24,13 @@ if [[ -z "${FRONTEND_ADDR}" ]]; then
|
|||
fi
|
||||
|
||||
set -x
|
||||
|
||||
# if one request to the frontend fails, then exit
|
||||
STATUSCODE=$(curl --silent --output /dev/stderr --write-out "%{http_code}" http://${FRONTEND_ADDR})
|
||||
if test $STATUSCODE -ne 200; then
|
||||
echo "Error: Could not reach frontend - Status code: ${STATUSCODE}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# else, run loadgen
|
||||
locust --host="http://${FRONTEND_ADDR}" --no-web -c "${USERS:-10}" 2>&1
|
||||
|
|
Loading…
Reference in a new issue