diff --git a/charts/http-client/templates/deployment.yaml b/charts/http-client/templates/deployment.yaml index b6c4e50..bcfeaa2 100644 --- a/charts/http-client/templates/deployment.yaml +++ b/charts/http-client/templates/deployment.yaml @@ -29,9 +29,17 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: williamyeh/hey + image: ubuntu imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/bin/sleep", "3650d"] + command: ["bash"] + args: + - "-c" + - | + apt-get update && apt-get install curl iproute2 tcpdump iputils-ping -y; + ip link add link net1 name net1.5 type vlan id 5; + ip link set dev net1.5 up; + ip addr add 172.178.1.150/24 dev net1.5; + /bin/sleep infinity; resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/charts/http-client/values.yaml b/charts/http-client/values.yaml index 617869b..a690f80 100644 --- a/charts/http-client/values.yaml +++ b/charts/http-client/values.yaml @@ -20,14 +20,21 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -podAnnotations: {} +podAnnotations: + k8s.v1.cni.cncf.io/networks: '[ { "name": "argo-network", "ips": ["10.20.22.34/24"] } ]' # sidecar.istio.io/componentLogLevel: "lua:debug" # sidecar.istio.io/logLevel: "debug" podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW +# add: ["SYS_ADMIN"] # capabilities: # drop: # - ALL diff --git a/charts/http-server/templates/deployment.yaml b/charts/http-server/templates/deployment.yaml index 2a526ea..883c4ce 100644 --- a/charts/http-server/templates/deployment.yaml +++ b/charts/http-server/templates/deployment.yaml @@ -35,6 +35,15 @@ spec: - name: http containerPort: {{ .Values.service.port }} protocol: TCP + command: ["bash"] + args: + - "-c" + - | + apt-get update && apt-get install curl iproute2 tcpdump iputils-ping -y; + ip link add link net1 name net1.6 type vlan id 6; + ip link set dev net1.6 up; + ip addr add 10.20.20.20/24 dev net1.6; + ./run.sh; resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/charts/http-server/templates/gateway.yaml b/charts/http-server/templates/gateway.yaml deleted file mode 100644 index e4540fc..0000000 --- a/charts/http-server/templates/gateway.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: {{ include "http-server.fullname" . }} -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" diff --git a/charts/http-server/templates/virtualservice.yaml b/charts/http-server/templates/virtualservice.yaml deleted file mode 100644 index bef4c01..0000000 --- a/charts/http-server/templates/virtualservice.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ include "http-server.fullname" . }} - labels: - {{- include "http-server.labels" . | nindent 4 }} -spec: - hosts: - - "*" - gateways: - - {{ include "http-server.fullname" . }} - http: - - route: - - destination: - host: {{ include "http-server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - port: - number: {{ .Values.service.port }} diff --git a/charts/http-server/values.yaml b/charts/http-server/values.yaml index ceb2a3f..f12f20b 100644 --- a/charts/http-server/values.yaml +++ b/charts/http-server/values.yaml @@ -20,15 +20,21 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -podAnnotations: {} +podAnnotations: + k8s.v1.cni.cncf.io/networks: '[ { "name": "argo-network", "ips": ["10.20.21.234/24"] } ]' # sidecar.istio.io/componentLogLevel: "lua:debug" # sidecar.istio.io/logLevel: "debug" podSecurityContext: {} # fsGroup: 2000 -securityContext: {} - # capabilities: +securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW + # add: ["SYS_ADMIN"] # drop: # - ALL # readOnlyRootFilesystem: true diff --git a/scripts/traffic/start-http-traffic.sh b/scripts/traffic/start-http-traffic.sh index b9eeed3..4bc9baf 100755 --- a/scripts/traffic/start-http-traffic.sh +++ b/scripts/traffic/start-http-traffic.sh @@ -6,60 +6,63 @@ DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)" source "$DIR/../helm/commands.sh" -if (( $(kubectl get namespace | grep -c http-server) == 0 )); then - kubectl create namespace http-server -fi -if [ "$AMBIENT" == true ]; then - kubectl label namespace http-server istio.io/dataplane-mode=ambient - kubectl label namespace http-server istio-injection- -else - kubectl label namespace http-server istio-injection=enabled - kubectl label namespace http-server istio.io/dataplane-mode- -fi +#if (( $(kubectl get namespace | grep -c http-server) == 0 )); then +# kubectl create namespace http-server +#fi +#if [ "${AMBIENT:-}" == true ]; then +# kubectl label namespace http-server istio.io/dataplane-mode=ambient +# kubectl label namespace http-server istio-injection- +#else +# kubectl label namespace http-server istio-injection=enabled +# kubectl label namespace http-server istio.io/dataplane-mode- +#fi +# +#if (( $(kubectl get namespace | grep -c http-client) == 0 )); then +# kubectl create namespace http-client +#fi +#if [ "${AMBIENT:-}" == true ]; then +# kubectl label namespace http-client istio.io/dataplane-mode=ambient +# kubectl label namespace http-client istio-injection- +#else +# kubectl label namespace http-client istio-injection=enabled +# kubectl label namespace http-client istio.io/dataplane-mode- +#fi +# +#if (( $(kubectl get namespace | grep -c openshift) > 0 )); then +# kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-server +# kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-client +#fi +#kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \ +# --namespace http-server +#kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \ +# --namespace http-client -if (( $(kubectl get namespace | grep -c http-client) == 0 )); then - kubectl create namespace http-client -fi -if [ "$AMBIENT" == true ]; then - kubectl label namespace http-client istio.io/dataplane-mode=ambient - kubectl label namespace http-client istio-injection- -else - kubectl label namespace http-client istio-injection=enabled - kubectl label namespace http-client istio.io/dataplane-mode- -fi - -if (( $(kubectl get namespace | grep -c openshift) > 0 )); then - kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-server - kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-client -fi -kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \ - --namespace http-server -kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \ - --namespace http-client +#kubectl apply -f "$DIR/multus-bridge.yaml" --namespace http-server +#kubectl apply -f "$DIR/multus-bridge.yaml" --namespace ztna helm-upgrade http-server "$DIR/../../charts/http-server" \ - "${HTTP_SERVER_VALUES:-}" --namespace http-server + "${HTTP_SERVER_VALUES:-}" --namespace ztna helm-upgrade http-client "$DIR/../../charts/http-client" \ - "${HTTP_CLIENT_VALUES:-}" --namespace http-client - -FAILED=0 -while true; do - while read -r POD; do - RET_CODE=0 - (kubectl exec -n http-client -c http-client "$POD" \ - -- wget -O /dev/null http://http-server.http-server.svc.cluster.local:8000/get) || RET_CODE=$? - if [ "$RET_CODE" != 0 ]; then - FAILED=1 - break - fi - done < <(kubectl get pods -n http-client -l app.kubernetes.io/name=http-client -o json | \ - jq -r '.items[].metadata.name') - - if [ "$FAILED" == 1 ]; then - FAILED=0 - continue - fi - break + "${HTTP_CLIENT_VALUES:-}" --namespace ztna - sleep 5 -done +#FAILED=0 +#while true; do +# while read -r POD; do +# RET_CODE=0 +# (kubectl exec -n http-client -c http-client "$POD" \ +# -- wget -O /dev/null http://http-server.http-server.svc.cluster.local:8000/get) || RET_CODE=$? +# if [ "$RET_CODE" != 0 ]; then +# FAILED=1 +# break +# fi +# done < <(kubectl get pods -n http-client -l app.kubernetes.io/name=http-client -o json | \ +# jq -r '.items[].metadata.name') +# +# if [ "$FAILED" == 1 ]; then +# FAILED=0 +# continue +# fi +# break +# +# sleep 5 +#done