-
Notifications
You must be signed in to change notification settings - Fork 20
Remove Public Endpoint from Canaries #141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cb96512
to
506fc2d
Compare
506fc2d
to
a455ddc
Compare
a455ddc
to
beb2b5d
Compare
This was referenced Jul 28, 2024
harrryr
added a commit
that referenced
this pull request
Jul 29, 2024
*Issue description:* This is a part of four series of PR to remove public endpoints for E2E testing to comply with security best practices. - [Deploy Traffic Generator](#140) - [Remove Public Endpoints from K8s](#141) - [Remove Public Endpoints from EKS](#139) - [Remove Public Endpoints from EC2](#144) Since the public endpoints will be removed, we are unable to call the sample app APIs directly from the workflow. Therefore, we will be using a traffic generator that is installed alongside the sample app applications to call the APIs This PR will be responsible for creating the traffic generator as well as saving them to private ECR and S3 bucket. The private ECR will be used by EKS and K8s platform while the S3 bucket will be used by EC2 Platforms. The traffic generator will first wait while it receives the appropriate environment variable. Once that is received, it will ping the API endpoints every minute. There is some additional logic depending on which canary it is running for. Test run: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10118562925 Test run after comment: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10148623963 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
*Issue description:* *Description of changes:* *Ensure you've run the following tests on your changes and include the link below:* To do so, create a `test.yml` file with `name: Test` and workflow description to test your changes, then remove the file for your PR. Link your test run in your PR description. This process is a short term solution while we work on creating a staging environment for testing. NOTE: TESTS RUNNING ON A SINGLE EKS CLUSTER CANNOT BE RUN IN PARALLEL. See the [needs](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds) keyword to run tests in succession. - Run Java EKS on `e2e-playground` in us-east-1 and eu-central-2 - Run Python EKS on `e2e-playground` in us-east-1 and eu-central-2 - Run metric limiter on EKS cluster `e2e-playground` in us-east-1 and eu-central-2 - Run EC2 tests in all regions - Run K8s on a separate K8s cluster (check IAD test account for master node endpoints; these will change as we create and destroy clusters for OS patching) By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove pwd and other testing artifacts everywhere
validator/src/test/test-resources/trace/actual/example-trace-document.json
Outdated
Show resolved
Hide resolved
356345b
to
89703b2
Compare
535506f
to
2036f87
Compare
majanjua-amzn
approved these changes
Jul 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue description:
This is a part of two series of PR to remove public endpoints for E2E testing to comply with security best practices.
Since the public endpoints will be removed, we are unable to call the sample app APIs directly from the workflow. Therefore, we will be using a traffic generator that is installed alongside the sample app applications to call the APIs
K8s
The K8s cluster has been updated to stop exposing the 30100 port. Additionally, once this PR has been merged to main, we will need to update the security groups of the EC2 instances containing the K8s cluster to close all traffic other than from SSH. The SSH traffic will still be needed for the E2E test to be able to update the K8s cluster inside the EC2 instances.
EC2
The security group for the EC2 instances will be updated to only allow inbound traffic from SSH and other EC2 instances in the same security group. Merge this PR first, then update the security group configuration.
Description of changes:
Test was done by running the a workflow in a playground k8s cluster with the security group configured to only allow SSH traffic.
Full workflow run: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10167440327
Test run with new security group for EC2: https://github.com/aws-observability/aws-application-signals-test-framework/actions/runs/10135108011
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.