Deploy Traffic Generator #140
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
harrryr
force-pushed
the
traffic-generator-image
branch
from
365f88d to
180d016
Compare
This was referenced Jul 28, 2024
harrryr
force-pushed
the
traffic-generator-image
branch
from
6bb93af to
45653ca
Compare
harrryr
force-pushed
the
traffic-generator-image
branch
from
a9dfc39 to
074f4b7
Compare
harrryr
force-pushed
the
traffic-generator-image
branch
from
074f4b7 to
783328f
Compare
majanjua-amzn
approved these changes
Jul 29, 2024
harrryr
added a commit
that referenced
this pull request
Jul 30, 2024
*Issue description:* This is a part of two series of PR to remove public endpoints for E2E testing to comply with security best practices. - [Deploy Traffic Generator](#140) - [Remove Public Endpoints from Canaries](#141) Since the public endpoints will be removed, we are unable to call the sample app APIs directly from the workflow. Therefore, we will be using a traffic generator that is installed alongside the sample app applications to call the APIs *K8s* The K8s cluster has been updated to stop exposing the 30100 port. Additionally, once this PR has been merged to main, we will need to update the security groups of the EC2 instances containing the K8s cluster to close all traffic other than from SSH. The SSH traffic will still be needed for the E2E test to be able to update the K8s cluster inside the EC2 instances. *EC2* The security group for the EC2 instances will be updated to only allow inbound traffic from SSH and other EC2 instances in the same security group. Merge this PR first, then update the security group configuration. *Description of changes:* - Deploy the traffic generator in the sample app namespace. - Stop exposing port 30100 for K8s - Stop creating ingress port for the EKS - Install traffic generator in the main ec2 instance and run it in the background for EC2 - Remove HttpCaller from the validator and update the trace validator to search for traces using filters rather than traceId Test was done by running the a workflow in a playground k8s cluster with the security group configured to only allow SSH traffic. Full workflow run: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10167440327 Test run with new security group for EC2: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10135108011 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue description:
This is a part of four series of PR to remove public endpoints for E2E testing to comply with security best practices.
Since the public endpoints will be removed, we are unable to call the sample app APIs directly from the workflow. Therefore, we will be using a traffic generator that is installed alongside the sample app applications to call the APIs
This PR will be responsible for creating the traffic generator as well as saving them to private ECR and S3 bucket.
The private ECR will be used by EKS and K8s platform while the S3 bucket will be used by EC2 Platforms.
The traffic generator will first wait while it receives the appropriate environment variable. Once that is received, it will ping the API endpoints every minute. There is some additional logic depending on which canary it is running for.
Test run: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10118562925
Test run after comment: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10148623963
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.