Hack test apps for multus testing

charts/http-client/templates/deployment.yaml

@@ -29,9 +29,17 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: williamyeh/hey
+          image: ubuntu
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["/bin/sleep", "3650d"]
+          command: ["bash"]
+          args:
+          - "-c"
+          - |
+            apt-get update && apt-get install curl iproute2 tcpdump iputils-ping -y;
+            ip link add link net1 name net1.5 type vlan id 5;
+            ip link set dev net1.5 up;
+            ip addr add 172.178.1.150/24 dev net1.5;
+            /bin/sleep infinity;
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

charts/http-client/values.yaml

@@ -20,14 +20,21 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
-podAnnotations: {}
+podAnnotations:
+  k8s.v1.cni.cncf.io/networks:  '[ { "name": "argo-network", "ips": ["10.20.22.34/24"] } ]'
 #  sidecar.istio.io/componentLogLevel: "lua:debug"
 #  sidecar.istio.io/logLevel: "debug"
 
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  privileged: true
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+#    add: ["SYS_ADMIN"]
   # capabilities:
   #   drop:
   #   - ALL

charts/http-server/templates/deployment.yaml

@@ -35,6 +35,15 @@ spec:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
+          command: ["bash"]
+          args:
+          - "-c"
+          - |
+            apt-get update && apt-get install curl iproute2 tcpdump iputils-ping -y;
+            ip link add link net1 name net1.6 type vlan id 6;
+            ip link set dev net1.6 up;
+            ip addr add 10.20.20.20/24 dev net1.6;
+            ./run.sh;
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

charts/http-server/values.yaml

@@ -20,15 +20,21 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
-podAnnotations: {}
+podAnnotations:
+  k8s.v1.cni.cncf.io/networks:  '[ { "name": "argo-network", "ips": ["10.20.21.234/24"] } ]'
 #  sidecar.istio.io/componentLogLevel: "lua:debug"
 #  sidecar.istio.io/logLevel: "debug"
 
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
-  # capabilities:
+securityContext:
+  privileged: true
+  capabilities:
+    add:
+      - NET_ADMIN
+      - NET_RAW
+  #   add: ["SYS_ADMIN"]
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true

scripts/traffic/start-http-traffic.sh

@@ -6,60 +6,63 @@ DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)"
 
 source "$DIR/../helm/commands.sh"
 
-if (( $(kubectl get namespace | grep -c http-server) == 0 )); then
-  kubectl create namespace http-server
-fi
-if [ "$AMBIENT" == true ]; then
-  kubectl label namespace http-server istio.io/dataplane-mode=ambient
-  kubectl label namespace http-server istio-injection-
-else
-  kubectl label namespace http-server istio-injection=enabled
-  kubectl label namespace http-server istio.io/dataplane-mode-
-fi
+#if (( $(kubectl get namespace | grep -c http-server) == 0 )); then
+#  kubectl create namespace http-server
+#fi
+#if [ "${AMBIENT:-}" == true ]; then
+#  kubectl label namespace http-server istio.io/dataplane-mode=ambient
+#  kubectl label namespace http-server istio-injection-
+#else
+#  kubectl label namespace http-server istio-injection=enabled
+#  kubectl label namespace http-server istio.io/dataplane-mode-
+#fi
+#
+#if (( $(kubectl get namespace | grep -c http-client) == 0 )); then
+#  kubectl create namespace http-client
+#fi
+#if [ "${AMBIENT:-}" == true ]; then
+#  kubectl label namespace http-client istio.io/dataplane-mode=ambient
+#  kubectl label namespace http-client istio-injection-
+#else
+#  kubectl label namespace http-client istio-injection=enabled
+#  kubectl label namespace http-client istio.io/dataplane-mode-
+#fi
+#
+#if (( $(kubectl get namespace | grep -c openshift) > 0 )); then
+#  kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-server
+#  kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-client
+#fi
+#kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \
+#  --namespace http-server
+#kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \
+#  --namespace http-client
 
-if (( $(kubectl get namespace | grep -c http-client) == 0 )); then
-  kubectl create namespace http-client
-fi
-if [ "$AMBIENT" == true ]; then
-  kubectl label namespace http-client istio.io/dataplane-mode=ambient
-  kubectl label namespace http-client istio-injection-
-else
-  kubectl label namespace http-client istio-injection=enabled
-  kubectl label namespace http-client istio.io/dataplane-mode-
-fi
-
-if (( $(kubectl get namespace | grep -c openshift) > 0 )); then
-  kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-server
-  kubectl apply -f "$DIR/../istio/net-attach-def.yaml" --namespace http-client
-fi
-kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \
-  --namespace http-server
-kubectl apply -f ../private-resources/aspenmesh-pull-secret.yaml \
-  --namespace http-client
+#kubectl apply -f "$DIR/multus-bridge.yaml" --namespace http-server
+#kubectl apply -f "$DIR/multus-bridge.yaml" --namespace ztna
 
 helm-upgrade http-server "$DIR/../../charts/http-server" \
-  "${HTTP_SERVER_VALUES:-}" --namespace http-server
+  "${HTTP_SERVER_VALUES:-}" --namespace ztna
 helm-upgrade http-client "$DIR/../../charts/http-client" \
-  "${HTTP_CLIENT_VALUES:-}" --namespace http-client
-
-FAILED=0
-while true; do
-  while read -r POD; do
-    RET_CODE=0
-    (kubectl exec -n http-client -c http-client "$POD" \
-      -- wget -O /dev/null http://http-server.http-server.svc.cluster.local:8000/get) || RET_CODE=$?
-    if [ "$RET_CODE" != 0 ]; then
-      FAILED=1
-      break
-    fi
-  done < <(kubectl get pods -n http-client -l app.kubernetes.io/name=http-client -o json | \
-    jq -r '.items[].metadata.name')
-
-  if [ "$FAILED" == 1 ]; then
-    FAILED=0
-    continue
-  fi
-  break
+  "${HTTP_CLIENT_VALUES:-}" --namespace ztna
 
-  sleep 5
-done
+#FAILED=0
+#while true; do
+#  while read -r POD; do
+#    RET_CODE=0
+#    (kubectl exec -n http-client -c http-client "$POD" \
+#      -- wget -O /dev/null http://http-server.http-server.svc.cluster.local:8000/get) || RET_CODE=$?
+#    if [ "$RET_CODE" != 0 ]; then
+#      FAILED=1
+#      break
+#    fi
+#  done < <(kubectl get pods -n http-client -l app.kubernetes.io/name=http-client -o json | \
+#    jq -r '.items[].metadata.name')
+#
+#  if [ "$FAILED" == 1 ]; then
+#    FAILED=0
+#    continue
+#  fi
+#  break
+#
+#  sleep 5
+#done