Standardizes loadgen behavior for Istio mTLS=STRICT (GoogleCloudPlatf…

…orm#279) * Adds liveness probe annotation, moves loadgen initcontainer into main * cleanup * cleanup * updated wrong manifests * respond to comments
yoki123 · Dec 16, 2019 · 8cfb88b · 8cfb88b
1 parent 61dd049
commit 8cfb88b
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 31 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,4 +8,4 @@ pkg/
 .vs/
 .idea
 .skaffold-*.yaml
-.kubernetes-manifests-*/
+.kubernetes-manifests-*/
diff --git a/README.md b/README.md
@@ -212,35 +212,28 @@ by deploying the [release manifest](./release) directly to an existing cluster.
        --istio-config=auth=MTLS_PERMISSIVE
    ```
 
-   > NOTE: If you need to enable `MTLS_STRICT` mode, you will need to update
-   > several manifest files:
-   >
-   > - `kubernetes-manifests/frontend.yaml`: delete "livenessProbe" and
-   >   "readinessProbe" fields.
-   > - `kubernetes-manifests/loadgenerator.yaml`: delete "initContainers" field.
-
-1. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
+2. (Optional) Enable Stackdriver Tracing/Logging with Istio Stackdriver Adapter
    by [following this guide](https://cloud.google.com/istio/docs/istio-on-gke/installing#enabling_tracing_and_logging).
 
-1. Install the automatic sidecar injection (annotate the `default` namespace
+3. Install the automatic sidecar injection (annotate the `default` namespace
    with the label):
 
    ```sh
    kubectl label namespace default istio-injection=enabled
    ```
 
-1. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
+4. Apply the manifests in [`./istio-manifests`](./istio-manifests) directory.
    (This is required only once.)
 
    ```sh
    kubectl apply -f ./istio-manifests
    ```
 
-1. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.
+5. Deploy the application with `skaffold run --default-repo=gcr.io/[PROJECT_ID]`.
 
-1. Run `kubectl get pods` to see pods are in a healthy and ready state.
+6. Run `kubectl get pods` to see pods are in a healthy and ready state.
 
-1. Find the IP address of your Istio gateway Ingress or Service, and visit the
+7. Find the IP address of your Istio gateway Ingress or Service, and visit the
    application.
 
    ```sh

diff --git a/kubernetes-manifests/frontend.yaml b/kubernetes-manifests/frontend.yaml
@@ -24,6 +24,8 @@ spec:
     metadata:
       labels:
         app: frontend
+      annotations:
+        sidecar.istio.io/rewriteAppHTTPProbers: "true"
     spec:
       containers:
         - name: server

diff --git a/kubernetes-manifests/loadgenerator.yaml b/kubernetes-manifests/loadgenerator.yaml
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,20 +24,11 @@ spec:
     metadata:
       labels:
         app: loadgenerator
+      annotations:
+        sidecar.istio.io/rewriteAppHTTPProbers: "true"
     spec:
       terminationGracePeriodSeconds: 5
       restartPolicy: Always
-      initContainers:
-      - name: wait-frontend
-        image: alpine:3.6
-        command: ['sh', '-c', 'set -x;  apk add --no-cache curl && 
-          until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do 
-            echo "waiting for http://${FRONTEND_ADDR}"; 
-            sleep 2;
-          done;']
-        env:
-        - name: FRONTEND_ADDR
-          value: "frontend:80"
       containers:
       - name: main
         image: loadgenerator
@@ -53,4 +43,4 @@ spec:
             memory: 256Mi
           limits:
             cpu: 500m
-            memory: 512Mi
+            memory: 512Mi
diff --git a/release/kubernetes-manifests.yaml b/release/kubernetes-manifests.yaml
@@ -450,9 +450,9 @@ spec:
       initContainers:
       - name: wait-frontend
         image: alpine:3.6
-        command: ['sh', '-c', 'set -x;  apk add --no-cache curl && 
-          until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do 
-            echo "waiting for http://${FRONTEND_ADDR}"; 
+        command: ['sh', '-c', 'set -x;  apk add --no-cache curl &&
+          until timeout -t 2 curl -f "http://${FRONTEND_ADDR}"; do
+            echo "waiting for http://${FRONTEND_ADDR}";
             sleep 2;
           done;']
         env:
@@ -683,4 +683,4 @@ spec:
   - name: grpc
     port: 9555
     targetPort: 9555
----
+---
diff --git a/src/loadgenerator/Dockerfile b/src/loadgenerator/Dockerfile
@@ -15,4 +15,7 @@ COPY --from=builder /install /usr/local
 
 COPY . .
 RUN chmod +x ./loadgen.sh
+RUN apt-get -qq update \
+    && apt-get install -y --no-install-recommends \
+        curl
 ENTRYPOINT ./loadgen.sh
diff --git a/src/loadgenerator/loadgen.sh b/src/loadgenerator/loadgen.sh
@@ -24,4 +24,13 @@ if [[ -z "${FRONTEND_ADDR}" ]]; then
 fi
 
 set -x
+
+# if one request to the frontend fails, then exit
+STATUSCODE=$(curl --silent --output /dev/stderr --write-out "%{http_code}" http://${FRONTEND_ADDR})
+if test $STATUSCODE -ne 200; then
+    echo "Error: Could not reach frontend - Status code: ${STATUSCODE}"
+    exit 1
+fi
+
+# else, run loadgen
 locust --host="http://${FRONTEND_ADDR}" --no-web -c "${USERS:-10}" 2>&1