Remove Public Endpoint from K8s Platform

Author: harrryr

.github/workflows/java-k8s-e2e-test.yml

@@ -125,35 +125,11 @@ jobs:
             -var="patch_image_arn=${{ env.PATCH_IMAGE_ARN }}" \
             -var="release_testing_ecr_account=${{ env.RELEASE_TESTING_ECR_ACCOUNT }}"
 
-      - name: Get Remote Service IP
+      - name: Get Main and Remote Service IP
         run: |
+          echo MAIN_SERVICE_IP="$(aws ssm get-parameter --region ${{ env.E2E_TEST_AWS_REGION }} --name main-service-ip-${{ env.TESTING_ID }} | jq -r '.Parameter.Value')" >> $GITHUB_ENV
           echo REMOTE_SERVICE_IP="$(aws ssm get-parameter --region ${{ env.E2E_TEST_AWS_REGION }} --name remote-service-ip-${{ env.TESTING_ID }} | jq -r '.Parameter.Value')" >> $GITHUB_ENV
 
-      - name: Wait for app endpoint to come online
-        id: endpoint-check
-        run: |
-          attempt_counter=0
-          max_attempts=30
-          until $(curl --output /dev/null --silent --head --fail http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/); do
-            if [ ${attempt_counter} -eq ${max_attempts} ];then
-              echo "Max attempts reached"
-              exit 1
-            fi
-          
-            printf '.'
-            attempt_counter=$(($attempt_counter+1))
-            sleep 10
-          done
-      # This steps increases the speed of the validation by creating the telemetry data in advance
-      # It is run after the gradle build to give the app time to initialize after the pods become ready
-      - name: Call all test APIs
-        continue-on-error: true
-        run: |
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/outgoing-http-call"; echo
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/aws-sdk-call?ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}"; echo
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/remote-service?ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}"; echo
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/client-call"; echo
-
       - name: Initiate Gradlew Daemon
         if: steps.initiate-gradlew == 'failure'
         uses: ./.github/workflows/actions/execute_and_retry
@@ -169,7 +145,7 @@ jobs:
         id: log-validation
         run: ./gradlew validator:run --args='-c java/k8s/log-validation.yml
           --testing-id ${{ env.TESTING_ID }}
-          --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100
+          --endpoint http://${{ env.MAIN_SERVICE_IP }}:8080
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}
@@ -186,7 +162,7 @@ jobs:
         if: (success() || steps.log-validation.outcome == 'failure') && !cancelled()
         run: ./gradlew validator:run --args='-c java/k8s/metric-validation.yml
           --testing-id ${{ env.TESTING_ID }}
-          --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100
+          --endpoint http://${{ env.MAIN_SERVICE_IP }}:8080
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}
@@ -204,7 +180,7 @@ jobs:
         if: (success() || steps.log-validation.outcome == 'failure' || steps.metric-validation.outcome == 'failure') && !cancelled()
         run: ./gradlew validator:run --args='-c java/k8s/trace-validation.yml
           --testing-id ${{ env.TESTING_ID }}
-          --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100
+          --endpoint http://${{ env.MAIN_SERVICE_IP }}:8080
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}

.github/workflows/python-k8s-e2e-test.yml

@@ -125,36 +125,11 @@ jobs:
             -var="patch_image_arn=${{ env.PATCH_IMAGE_ARN }}" \
             -var="release_testing_ecr_account=${{ env.RELEASE_TESTING_ECR_ACCOUNT }}"
 
-      - name: Get Remote Service IP
+      - name: Get Main and Remote Service IP
         run: |
+          echo MAIN_SERVICE_IP="$(aws ssm get-parameter --region ${{ env.E2E_TEST_AWS_REGION }} --name python-main-service-ip-${{ env.TESTING_ID }} | jq -r '.Parameter.Value')" >> $GITHUB_ENV
           echo REMOTE_SERVICE_IP="$(aws ssm get-parameter --region us-east-1 --name python-remote-service-ip-${{ env.TESTING_ID }} | jq -r '.Parameter.Value')" >> $GITHUB_ENV
 
-      - name: Wait for app endpoint to come online
-        id: endpoint-check
-        run: |
-          attempt_counter=0
-          max_attempts=30
-          until $(curl --output /dev/null --silent --head --fail http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/); do
-            if [ ${attempt_counter} -eq ${max_attempts} ];then
-              echo "Max attempts reached"
-              exit 1
-            fi
-          
-            printf '.'
-            attempt_counter=$(($attempt_counter+1))
-            sleep 10
-          done
-
-      # This steps increases the speed of the validation by creating the telemetry data in advance
-      # It is run after the gradle build to give the app time to initialize after the pods become ready
-      - name: Call all test APIs
-        continue-on-error: true
-        run: |
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/outgoing-http-call"; echo
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/aws-sdk-call?ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}"; echo
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/remote-service?ip=${{ env.REMOTE_SERVICE_IP }}&testingId=${{ env.TESTING_ID }}"; echo
-          curl -S -s "http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100/client-call"; echo
-
       - name: Initiate Gradlew Daemon
         if: steps.initiate-gradlew == 'failure'
         uses: ./.github/workflows/actions/execute_and_retry
@@ -170,7 +145,7 @@ jobs:
         id: log-validation
         run: ./gradlew validator:run --args='-c python/k8s/log-validation.yml
           --testing-id ${{ env.TESTING_ID }}
-          --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100
+          --endpoint http://${{ env.MAIN_SERVICE_IP }}:8000
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}
@@ -187,7 +162,7 @@ jobs:
         if: (success() || steps.log-validation.outcome == 'failure') && !cancelled()
         run: ./gradlew validator:run --args='-c python/k8s/metric-validation.yml
           --testing-id ${{ env.TESTING_ID }}
-          --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100
+          --endpoint http://${{ env.MAIN_SERVICE_IP }}:8000
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}
@@ -205,7 +180,7 @@ jobs:
         if: (success() || steps.log-validation.outcome == 'failure' || steps.metric-validation.outcome == 'failure') && !cancelled()
         run: ./gradlew validator:run --args='-c python/k8s/trace-validation.yml
           --testing-id ${{ env.TESTING_ID }}
-          --endpoint http://${{ env.MAIN_SERVICE_ENDPOINT }}:30100
+          --endpoint http://${{ env.MAIN_SERVICE_IP }}:8000
           --region ${{ env.E2E_TEST_AWS_REGION }}
           --account-id ${{ env.ACCOUNT_ID }}
           --metric-namespace ${{ env.METRIC_NAMESPACE }}

terraform/java/k8s/cleanup/main.tf

@@ -32,7 +32,8 @@ resource "null_resource" "cleanup" {
       echo "LOG: Printing cluster state after cleanup"
       kubectl get pods -A
 
-      # Delete ssm parameter for remote service ip
+      # Delete ssm parameter for main and remote service ip
+      aws ssm delete-parameter --name main-service-ip-${var.test_id}
       aws ssm delete-parameter --name remote-service-ip-${var.test_id}
       EOF
     ]

terraform/java/k8s/deploy/main.tf

@@ -135,19 +135,35 @@ resource "null_resource" "deploy" {
       kubectl apply -f frontend-service-depl.yaml
       kubectl apply -f remote-service-depl.yaml
 
-      # Expose sample app on port 30100
-      echo "LOG: Exposing main sample app on port 30100"
-      kubectl expose deployment sample-app-deployment-${var.test_id} -n sample-app-namespace --type="NodePort" --port 8080
-      kubectl patch service sample-app-deployment-${var.test_id} -n sample-app-namespace --type='json' --patch='[{"op": "replace", "path": "/spec/ports/0/nodePort", "value":30100}]'
-
       # Wait for sample app to be reach ready state
       sleep 10
       kubectl wait --for=condition=Ready --request-timeout '5m' pod --all -n sample-app-namespace
 
-      # Emit remote service pod IP
+      # Emit main and remote service pod IP
       echo "LOG: Outputting remote service pod IP to SSM using put-parameter API"
+      aws ssm put-parameter --region ${var.aws_region} --name main-service-ip-${var.test_id} --type String --overwrite --value $(kubectl get pods -n sample-app-namespace --selector=app=sample-app -o jsonpath='{.items[0].status.podIP}')
       aws ssm put-parameter --region ${var.aws_region} --name remote-service-ip-${var.test_id} --type String --overwrite --value $(kubectl get pod --selector=app=remote-app -n sample-app-namespace -o jsonpath='{.items[0].status.podIP}')
 
+      # Deploy the traffic generator
+      kubectl create deployment -n sample-app-namespace traffic-generator \
+        --image=$ACCOUNT.dkr.ecr.${var.aws_region}.amazonaws.com/e2e-test-resource:traffic-generator \
+        --replicas=1
+
+      # Patch it with ImagePull always policy so that it pulls the latest image from the ECR
+      kubectl patch deployment -n sample-app-namespace traffic-generator --patch '{"spec": {"template": {"spec": {"containers": [{"name": "e2e-test-resource", "imagePullPolicy": "Always"}]}}}}'
+      kubectl patch deployment traffic-generator -n sample-app-namespace --type='json' -p='[{"op": "add", "path": "/spec/template/spec/imagePullSecrets", "value": [{"name": "ecr-secret"}]}]'
+                
+      # Add the appropriate environment variables to the traffic generator
+      kubectl set env -n sample-app-namespace deployment/traffic-generator MAIN_ENDPOINT=$(kubectl get pods -n sample-app-namespace --selector=app=sample-app -o jsonpath='{.items[0].status.podIP}'):8080
+      kubectl set env -n sample-app-namespace deployment/traffic-generator REMOTE_ENDPOINT=$(kubectl get pod --selector=app=remote-app -n sample-app-namespace -o jsonpath='{.items[0].status.podIP}')
+      kubectl set env -n sample-app-namespace deployment/traffic-generator ID=${var.test_id}
+      kubectl set env -n sample-app-namespace deployment/traffic-generator CANARY_TYPE=java-k8s
+       
+      # Restart the traffic generator with the new configuration          
+      kubectl get pods -n sample-app-namespace --no-headers | grep '^traffic-generator' | awk '{print $1}' | xargs kubectl delete pod -n sample-app-namespace
+      
+      sleep 10
+
       EOF
     ]
   }

terraform/python/k8s/cleanup/main.tf

@@ -46,7 +46,8 @@ resource "null_resource" "cleanup" {
       echo "LOG: Printing cluster state after cleanup"
       kubectl get pods -A
 
-      # Delete ssm parameter for remote service ip
+      # Delete ssm parameter for main and remote service ip
+      aws ssm delete-parameter --name python-main-service-ip-${var.test_id}
       aws ssm delete-parameter --name python-remote-service-ip-${var.test_id}
 
       EOF

terraform/python/k8s/deploy/main.tf

@@ -135,18 +135,34 @@ resource "null_resource" "deploy" {
       kubectl apply -f python-frontend-service-depl.yaml
       kubectl apply -f python-remote-service-depl.yaml
 
-      # Expose sample app on port 30100
-      echo "LOG: Exposing main sample app on port 30100"
-      kubectl expose deployment python-sample-app-deployment-${var.test_id} -n python-sample-app-namespace --type="NodePort" --port 8000
-      kubectl patch service python-sample-app-deployment-${var.test_id} -n python-sample-app-namespace --type='json' --patch='[{"op": "replace", "path": "/spec/ports/0/nodePort", "value":30100}]'
-
       echo "Wait for sample app to be reach ready state"
       sleep 10
       kubectl wait --for=condition=Ready --request-timeout '10m' pod --all -n python-sample-app-namespace
 
-      # Emit remote service pod IP
+      # Emit main and remote service pod IP
       echo "LOG: Outputting remote service pod IP to SSM using put-parameter API"
+      aws ssm put-parameter --region ${var.aws_region} --name python-main-service-ip-${var.test_id} --type String --overwrite --value $(kubectl get pod --selector=app=python-sample-app -n python-sample-app-namespace -o jsonpath='{.items[0].status.podIP}')
       aws ssm put-parameter --region ${var.aws_region} --name python-remote-service-ip-${var.test_id} --type String --overwrite --value $(kubectl get pod --selector=app=python-remote-app -n python-sample-app-namespace -o jsonpath='{.items[0].status.podIP}')
+
+      # Deploy the traffic generator
+      kubectl create deployment -n python-sample-app-namespace traffic-generator \
+        --image=$ACCOUNT.dkr.ecr.${var.aws_region}.amazonaws.com/e2e-test-resource:traffic-generator \
+        --replicas=1
+
+      # Patch it with ImagePull always policy so that it pulls the latest image from the ECR
+      kubectl patch deployment -n python-sample-app-namespace traffic-generator --patch '{"spec": {"template": {"spec": {"containers": [{"name": "e2e-test-resource", "imagePullPolicy": "Always"}]}}}}'
+      kubectl patch deployment traffic-generator -n python-sample-app-namespace --type='json' -p='[{"op": "add", "path": "/spec/template/spec/imagePullSecrets", "value": [{"name": "ecr-secret"}]}]'
+
+      # Add the appropriate environment variables to the traffic generator
+      kubectl set env -n python-sample-app-namespace deployment/traffic-generator MAIN_ENDPOINT=$(kubectl get pods -n python-sample-app-namespace --selector=app=python-sample-app -o jsonpath='{.items[0].status.podIP}'):8000
+      kubectl set env -n python-sample-app-namespace deployment/traffic-generator REMOTE_ENDPOINT=$(kubectl get pod -n python-sample-app-namespace --selector=app=python-remote-app -o jsonpath='{.items[0].status.podIP}')
+      kubectl set env -n python-sample-app-namespace deployment/traffic-generator ID=${var.test_id}
+      kubectl set env -n python-sample-app-namespace deployment/traffic-generator CANARY_TYPE=python-k8s
+
+      # Restart the traffic generator with the new configuration
+      kubectl get pods -n python-sample-app-namespace --no-headers | grep '^traffic-generator' | awk '{print $1}' | xargs kubectl delete pod -n python-sample-app-namespace
+
+      sleep 10
       EOF
     ]
   }

validator/src/main/java/com/amazon/aoc/callers/HttpCaller.java

@@ -15,7 +15,6 @@
 
 package com.amazon.aoc.helpers;
 
-import com.amazon.aoc.callers.ICaller;
 import com.amazon.aoc.fileconfigs.FileConfig;
 import com.amazon.aoc.models.Context;
 import com.amazonaws.services.cloudwatch.model.Dimension;
@@ -38,17 +37,11 @@ public class CWMetricHelper {
    *
    * @param context testing context
    * @param expectedMetric expected template
-   * @param caller http caller, none caller, could be null
    * @return list of metrics
    * @throws Exception when caller throws exception or template can not be found
    */
   public List<Metric> listExpectedMetrics(
-      Context context, FileConfig expectedMetric, ICaller caller) throws Exception {
-    // call endpoint
-    if (caller != null) {
-      caller.callSampleApp();
-    }
-
+      Context context, FileConfig expectedMetric) throws Exception {
     // get expected metrics as yaml from config
     String yamlExpectedMetrics = mustacheHelper.render(expectedMetric, context);