# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. {{- if .Values.loadGenerator.create }} {{- if .Values.serviceAccounts.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.loadGenerator.name }} namespace: {{.Release.Namespace}} {{- if not .Values.serviceAccounts.annotationsOnlyForCartservice }} {{- with .Values.serviceAccounts.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} --- {{- end }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Values.loadGenerator.name }} namespace: {{ .Release.Namespace }} labels: app: {{ .Values.loadGenerator.name }} spec: selector: matchLabels: app: {{ .Values.loadGenerator.name }} replicas: 1 template: metadata: labels: app: {{ .Values.loadGenerator.name }} annotations: sidecar.istio.io/rewriteAppHTTPProbers: "true" spec: {{- if .Values.serviceAccounts.create }} serviceAccountName: {{ .Values.loadGenerator.name }} {{- else }} serviceAccountName: default {{- end }} terminationGracePeriodSeconds: 5 restartPolicy: Always {{- if .Values.securityContext.enable }} securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 {{- if .Values.seccompProfile.enable }} seccompProfile: type: {{ .Values.seccompProfile.type }} {{- end }} {{- end }} {{- if .Values.loadGenerator.checkFrontendInitContainer }} initContainers: - command: - /bin/sh - -exc - | MAX_RETRIES=12 RETRY_INTERVAL=10 for i in $(seq 1 $MAX_RETRIES); do echo "Attempt $i: Pinging frontend: ${FRONTEND_ADDR}..." STATUSCODE=$(wget --server-response http://${FRONTEND_ADDR} 2>&1 | awk '/^ HTTP/{print $2}') if [ $STATUSCODE -eq 200 ]; then echo "Frontend is reachable." exit 0 fi echo "Error: Could not reach frontend - Status code: ${STATUSCODE}" sleep $RETRY_INTERVAL done echo "Failed to reach frontend after $MAX_RETRIES attempts." exit 1 name: frontend-check securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true image: busybox:latest@sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f env: - name: FRONTEND_ADDR value: "{{ .Values.frontend.name }}:80" {{- end }} containers: - name: main securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true image: {{ .Values.images.repository }}/{{ .Values.loadGenerator.name }}:{{ .Values.images.tag | default .Chart.AppVersion }} env: - name: FRONTEND_ADDR value: "{{ .Values.frontend.name }}:80" - name: USERS value: "10" - name: RATE value: "1" resources: {{- toYaml .Values.loadGenerator.resources | nindent 10 }} {{- if .Values.networkPolicies.create }} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ .Values.loadGenerator.name }} namespace: {{ .Release.Namespace }} labels: app: {{ .Values.loadGenerator.name }} spec: podSelector: matchLabels: app: {{ .Values.loadGenerator.name }} policyTypes: - Egress egress: - {} {{- end }} {{- if .Values.sidecars.create }} --- apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name: {{ .Values.loadGenerator.name }} namespace: {{ .Release.Namespace }} spec: workloadSelector: labels: app: {{ .Values.loadGenerator.name }} egress: - hosts: - istio-system/* - ./{{ .Values.frontend.name }}.{{ .Release.Namespace }}.svc.cluster.local {{- if .Values.opentelemetryCollector.create }} - ./{{ .Values.opentelemetryCollector.name }}.{{ .Release.Namespace }}.svc.cluster.local {{- end }} {{- end }} {{- end }}