[Feature] adoption of ingress traffic control (#167)

* remove vscode local configuration

* ingress controller setup

* jaeger setup changed to support ingress

* cleanup oke setup script, removing loadbalancing provisioning

* change main setup to provisioning NGINX Ingress Controller and Jaeger

* change frontend service descriptor from LB to ClusterIP and http protocol

* include frontend ingress object descriptor

* change frontend deploy script to provisioning service and ingress objects

* change frontend undeploy script to cleanup service and ingress

* change main test script to obtain the ingress external IP

* order helidon ingress declaration required for scaling test

* change scaling test script to deploy ingress for test and get the external IP

* adjust jaeger url

* change main perf script to get ingress external ip

* change polyglot perf script to get ingress external ip

* removing inventory-springboot from deploy sequence

Author: Paulo Alberto Simoes

.gitignore

@@ -471,8 +471,9 @@ $RECYCLE.BIN/
 ##
 ## Visual Studio Code
 ##
+.vscode/
 .vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
+#!.vscode/settings.json
+#!.vscode/tasks.json
+#!.vscode/launch.json
+#!.vscode/extensions.json

grabdish/deploy.sh

@@ -2,7 +2,8 @@
 # Copyright (c) 2021 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
-MS="frontend-helidon order-helidon supplier-helidon-se inventory-helidon inventory-springboot"
+#MS="frontend-helidon order-helidon supplier-helidon-se inventory-helidon inventory-springboot"
+MS="frontend-helidon order-helidon supplier-helidon-se inventory-helidon"
 for s in $MS; do 
     echo ________________________________________
     echo "Deploying $s..."

grabdish/frontend-helidon/deploy.sh

@@ -21,3 +21,9 @@ if [ -z "$1" ]; then
 else
     kubectl apply -f <(istioctl kube-inject -f $SCRIPT_DIR/frontend-helidon-deployment-$CURRENTTIME.yaml) -n msdataworkshop
 fi
+
+# Provision Frontend Service
+kubectl create -f $SCRIPT_DIR/frontend-service.yaml -n msdataworkshop
+
+# Provision Frontend Ingress
+kubectl create -f $SCRIPT_DIR/frontend-ingress.yaml -n msdataworkshop

grabdish/frontend-helidon/frontend-ingress.yaml

@@ -0,0 +1,26 @@
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grabdish-frontend-ingress
+  namespace: msdataworkshop
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
+    #nginx.ingress.kubernetes.io/rewrite-target: /$1
+    #nginx.ingress.kubernetes.io/backend-protocol: "https"
+    #nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    #nginx.ingress.kubernetes.io/add-base-url: "true"
+spec:
+  tls:
+  - secretName: ssl-certificate-secret
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: frontend
+            port:
+              number: 80         

grabdish/frontend-helidon/frontend-service.yaml

@@ -8,14 +8,15 @@ metadata:
   name: frontend
   labels:
     app: frontend
-  annotations:
-    service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443"
-    service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl-certificate-secret
+  #annotations:
+  #  service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443"
+  #  service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl-certificate-secret
 spec:
-  type: LoadBalancer
+  #type: LoadBalancer
+  type: ClusterIP
   ports:
-  - port: 443
-    name: https
+  - port: 80
+    name: http
     targetPort: 8080
   selector:
     app: frontend

grabdish/frontend-helidon/undeploy.sh

@@ -5,4 +5,11 @@
 
 echo delete frontend deployment and service...
 
+# Delete Frontend Ingress
+kubectl delete -f $SCRIPT_DIR/frontend-ingress.yaml -n msdataworkshop
+
+# Delete Frontend Service
+kubectl delete -f $SCRIPT_DIR/frontend-service.yaml -n msdataworkshop
+
+
 kubectl delete deployment frontend-helidon -n msdataworkshop

grabdish/ingress/nginx/ingress-nginx-helm-values4oci.yaml

@@ -0,0 +1,60 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/index.md
+##
+controller:
+  # https://github.com/kubernetes/ingress-nginx
+  # https://github.com/kubernetes/ingress-nginx/blob/main/stable.txt
+  # Adopting the last stable version : controller-v0.49.0
+  image:
+    tag: "v0.49.0"
+    pullPolicy: Always
+
+  metrics: 
+    enabled: true
+
+  # Define requests resources to avoid probe issues due to CPU utilization in busy nodes
+  # ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903
+  # Ideally, there should be no limits.
+  # https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/
+  resources:
+#    limits:
+#      cpu: 200m
+#      memory: 256Mi
+    requests:
+      cpu: 100m
+      memory: 90Mi
+
+  service:
+    annotations:
+      service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443"
+      service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl-certificate-secret
+      service.beta.kubernetes.io/oci-load-balancer-shape: "flexible"
+      service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "10"
+      service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"
+
+#    enableHttp: false
+#    enableHttps: true
+
+    ## Set external traffic policy to: "Local" to preserve source IP on
+    ## providers supporting it
+    ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+    externalTrafficPolicy: "Local"
+
+    # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
+    # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+    # sessionAffinity: ""
+
+    # specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified,
+    # the service controller allocates a port from your cluster’s NodePort range.
+    # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    # healthCheckNodePort: 0
+
+#    ports:
+#      http: 80
+#      https: 443
+
+    targetPorts:
+      http: http
+      https: http
+
+#    type: LoadBalancer

grabdish/ingress/nginx/ingress-nginx-namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx
+  labels:
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/instance: ingress-nginx

grabdish/ingress/nginx/ingress-nginx-setup.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+# Copyright (c) 2021 Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# Fail on error
+set -e
+
+# Add NGINX Ingress Controller Repo to Helm
+while ! state_done NGINX_HELM_REPO; do
+  if helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx 2>$GRABDISH_LOG/nginx_repo_err; then
+    helm repo update
+    state_set_done NGINX_HELM_REPO
+  else
+    echo "Add NGINX to Helm Repo failed.  Retrying..."
+    cat $GRABDISH_LOG/nginx_repo_err
+    sleep 10
+  fi
+done
+
+# Create Ingress NGINX Namespace
+while ! state_done NGINX_NAMESPACE; do
+  if kubectl create -f $GRABDISH_HOME/ingress/nginx/ingress-nginx-namespace.yaml 2>$GRABDISH_LOG/nginx_ingress_ns_err; then
+    state_set_done NGINX_NAMESPACE
+  else
+    echo "Failed to create Ingress NGINX namespace.  Retrying..."
+    sleep 5
+  fi
+done
+
+# Create SSL Secret
+while ! state_done SSL_SECRET_INGRESS; do
+  if kubectl create secret tls ssl-certificate-secret --key $GRABDISH_HOME/tls/tls.key --cert $GRABDISH_HOME/tls/tls.crt -n ingress-nginx; then
+    state_set_done SSL_SECRET_INGRESS
+  else
+    echo "Ingress SSL Secret creation failed.  Retrying..."
+    sleep 5
+  fi
+done
+
+# Provision Ingress Controller
+while ! state_done NGINX_INGRESS_SETUP; do
+  if helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --values $GRABDISH_HOME/ingress/nginx/ingress-nginx-helm-values4oci.yaml 2>$GRABDISH_LOG/nginx_ingress_err; then
+    state_set_done NGINX_INGRESS_SETUP
+  else
+    echo "Ingress Controller installation failed.  Retrying..."
+    cat $GRABDISH_LOG/nginx_ingress_err
+    sleep 10
+  fi
+done
+
+
+# Get LB ENDPOINT
+#ip_pattern='^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$'
+#while ! state_done NGINX_LB_ENDPOINT; do
+#  NGINX_LB_ENDPOINT=$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o "go-template={{range .status.loadBalancer.ingress}}{{or .ip .hostname}}{{end}}")
+#  if [[ ! $NGINX_LB_ENDPOINT == $ip_pattern ]]
+#    state_set NGINX_LB_ENDPOINT "$NGINX_LB_ENDPOINT"
+#  else
+#    echo "Invalid IP [$NGINX_LB_ENDPOINT]"    
+#    exit
+#  fi
+#done
+
+state_set_done NGINX_INGRESS_SETUP_DONE