From 54575d2b6773a2777c643da9ef5dd350bfbdafe1 Mon Sep 17 00:00:00 2001 From: Stephen Soltesz Date: Fri, 24 Jun 2022 16:40:07 -0400 Subject: [PATCH 1/5] Try adding access proxy in front of responsiveness server --- .../experiments/responsiveness.jsonnet | 54 ++++++++++++++++++- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/k8s/daemonsets/experiments/responsiveness.jsonnet b/k8s/daemonsets/experiments/responsiveness.jsonnet index 3445a521..0b08369c 100644 --- a/k8s/daemonsets/experiments/responsiveness.jsonnet +++ b/k8s/daemonsets/experiments/responsiveness.jsonnet @@ -16,13 +16,13 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], containers: [ { args: [ - '-config-port=443', + '-config-port=4043', '-config-name=$(MLAB_NODE_NAME)', '-public-port=443', '-public-name=$(MLAB_NODE_NAME)', '-cert-file=/certs/tls.crt', '-key-file=/certs/tls.key', - '-listen-addr=0.0.0.0', + '-listen-addr=localhost', ], env: [ { @@ -33,6 +33,14 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], }, }, }, + { + name: 'PRIVATE_IP', + valueFrom: { + fieldRef: { + fieldPath: 'status.podIP', + }, + }, + }, ], image: 'soltesz/responsiveness-server:v0.1', name: 'responsiveness-server', @@ -47,6 +55,42 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], }, ], }, + { + image: "soltesz/access-proxy:v0.0.0", + name: "access-proxy", + args: [ + '-forward=http://0.0.0.0:443@http://localhost:4043', + '-token.required=false', + '-txcontroller.device=net1', + '-txcontroller.max-rate=1000000000', + '-token.machine=$(NODE_NAME)', + '-token.verify-key=/verify/jwk_sig_EdDSA_locate_20200409.pub', + '-cert=/certs/tls.crt', + '-key=/certs/tls.key', + ], + env: [ + { + name: 'MLAB_NODE_NAME', + valueFrom: { + fieldRef: { + fieldPath: 'spec.nodeName', + }, + }, + }, + ], + volumeMounts: [ + { + mountPath: '/certs', + name: 'measurement-lab-org-tls', + readOnly: true, + }, + { + mountPath: '/verify', + name: 'locate-verify-keys', + readOnly: true, + }, + ], + }, ], // Use host network to listen on the machine IP address without // registering an experiment index yet. @@ -58,6 +102,12 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], secretName: 'measurement-lab-org-tls', }, }, + { + name: 'locate-verify-keys', + secret: { + secretName: 'locate-verify-keys', + }, + }, ], }, }, From db0a3148cbdb16864cddcbf611b99ae27ceaac40 Mon Sep 17 00:00:00 2001 From: Stephen Soltesz Date: Fri, 24 Jun 2022 17:01:55 -0400 Subject: [PATCH 2/5] Listen on https --- k8s/daemonsets/experiments/responsiveness.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/daemonsets/experiments/responsiveness.jsonnet b/k8s/daemonsets/experiments/responsiveness.jsonnet index 0b08369c..4f381559 100644 --- a/k8s/daemonsets/experiments/responsiveness.jsonnet +++ b/k8s/daemonsets/experiments/responsiveness.jsonnet @@ -59,7 +59,7 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], image: "soltesz/access-proxy:v0.0.0", name: "access-proxy", args: [ - '-forward=http://0.0.0.0:443@http://localhost:4043', + '-forward=https://0.0.0.0:443@http://localhost:4043', '-token.required=false', '-txcontroller.device=net1', '-txcontroller.max-rate=1000000000', From 982b62e4c110da4b68465877a47ac17dc7122b4b Mon Sep 17 00:00:00 2001 From: Stephen Soltesz Date: Fri, 24 Jun 2022 17:24:15 -0400 Subject: [PATCH 3/5] Forward to https local port --- k8s/daemonsets/experiments/responsiveness.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/daemonsets/experiments/responsiveness.jsonnet b/k8s/daemonsets/experiments/responsiveness.jsonnet index 4f381559..f1ea6f0f 100644 --- a/k8s/daemonsets/experiments/responsiveness.jsonnet +++ b/k8s/daemonsets/experiments/responsiveness.jsonnet @@ -56,10 +56,10 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], ], }, { - image: "soltesz/access-proxy:v0.0.0", + image: "soltesz/access-proxy:v0.0.1", name: "access-proxy", args: [ - '-forward=https://0.0.0.0:443@http://localhost:4043', + '-forward=https://0.0.0.0:443@https://localhost:4043', '-token.required=false', '-txcontroller.device=net1', '-txcontroller.max-rate=1000000000', From f48719751cf5cb45698f2c59a603fb2079fba575 Mon Sep 17 00:00:00 2001 From: Stephen Soltesz Date: Fri, 24 Jun 2022 18:12:17 -0400 Subject: [PATCH 4/5] Log errors --- k8s/daemonsets/experiments/responsiveness.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/daemonsets/experiments/responsiveness.jsonnet b/k8s/daemonsets/experiments/responsiveness.jsonnet index f1ea6f0f..a8ca8e29 100644 --- a/k8s/daemonsets/experiments/responsiveness.jsonnet +++ b/k8s/daemonsets/experiments/responsiveness.jsonnet @@ -56,7 +56,7 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], ], }, { - image: "soltesz/access-proxy:v0.0.1", + image: "soltesz/access-proxy:v0.0.2", name: "access-proxy", args: [ '-forward=https://0.0.0.0:443@https://localhost:4043', From a50dcdab58090c4aa35afedb5611149c2623dec3 Mon Sep 17 00:00:00 2001 From: Stephen Soltesz Date: Fri, 24 Jun 2022 19:55:47 -0400 Subject: [PATCH 5/5] More logging --- k8s/daemonsets/experiments/responsiveness.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/daemonsets/experiments/responsiveness.jsonnet b/k8s/daemonsets/experiments/responsiveness.jsonnet index a8ca8e29..0e772742 100644 --- a/k8s/daemonsets/experiments/responsiveness.jsonnet +++ b/k8s/daemonsets/experiments/responsiveness.jsonnet @@ -56,7 +56,7 @@ exp.ExperimentNoIndex(expName, 'pusher-' + std.extVar('PROJECT_ID'), "none", [], ], }, { - image: "soltesz/access-proxy:v0.0.2", + image: "soltesz/access-proxy:v0.0.3", name: "access-proxy", args: [ '-forward=https://0.0.0.0:443@https://localhost:4043',