From bb3a24005072272cc575bb08f2a5d2315c0e5875 Mon Sep 17 00:00:00 2001 From: sanamsarath Date: Wed, 26 Feb 2025 05:23:38 +0000 Subject: [PATCH 1/6] Added network policy test setup and supporting tools --- clusterloader2/cmd/clusterloader.go | 1 + .../network-policy/manifests/clusterrole.yaml | 7 + .../dep-test-client-policy-creation.yaml | 5 +- .../policy-egress-allow-target-pods.yaml | 62 ++ .../network-policy-enforcement-latency.go | 82 ++- .../manifests/allow_apiserver_np.yaml | 22 + .../manifests/client_deploy.yaml | 49 ++ .../manifests/clusterrole.yaml | 8 + .../manifests/clusterrolebinding.yaml | 12 + .../manifests/network_policy.yaml | 75 +++ .../manifests/serviceaccount.yaml | 5 + .../manifests/target_deploy.yaml | 41 ++ .../network-policy-soak/np_soak_measurment.go | 531 ++++++++++++++++++ .../gatherers/container_resource_gatherer.go | 26 +- .../0prometheus-operator-service.yaml | 1 + .../prometheus-podMonitorCiliumEnvoy.yaml | 25 + .../network-policy-soak/Readme.txt | 18 + .../network-policy-soak/config.yaml | 219 ++++++++ .../network-policy-soak/scale-overrides.yaml | 30 + .../network-policy-soak/soak-overrides.yaml | 30 + .../network-policy-soak/stress-overrides.yaml | 26 + .../testing/network-policy/overrides.yaml | 21 + .../network-policy/pod-creation-config.yaml | 240 ++++++++ .../policy-creation-config.yaml | 244 ++++++++ .../network-policy/target_deployment.yaml | 51 ++ network/benchmarks/netloader/Dockerfile | 21 + network/benchmarks/netloader/Makefile | 17 + network/benchmarks/netloader/cmd/netloader.go | 28 + network/benchmarks/netloader/go.mod | 57 ++ network/benchmarks/netloader/go.sum | 173 ++++++ .../netloader/pkg/metrics/metrics.go | 19 + .../netloader/pkg/test-client/client.go | 211 +++++++ .../netloader/pkg/test-client/http_metrics.go | 47 ++ network/benchmarks/netloader/util/utils.go | 47 ++ .../Makefile | 2 +- .../network-policy-enforcement-latency/go.mod | 99 +++- .../network-policy-enforcement-latency/go.sum | 257 +++++++-- .../pkg/utils/utils.go | 13 + .../test-client/client.go | 55 +- 39 files changed, 2780 insertions(+), 97 deletions(-) create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/allow_apiserver_np.yaml create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrole.yaml create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrolebinding.yaml create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/network_policy.yaml create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/serviceaccount.yaml create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml create mode 100644 clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go create mode 100644 clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumEnvoy.yaml create mode 100644 clusterloader2/testing/network-policy/network-policy-soak/Readme.txt create mode 100644 clusterloader2/testing/network-policy/network-policy-soak/config.yaml create mode 100644 clusterloader2/testing/network-policy/network-policy-soak/scale-overrides.yaml create mode 100644 clusterloader2/testing/network-policy/network-policy-soak/soak-overrides.yaml create mode 100644 clusterloader2/testing/network-policy/network-policy-soak/stress-overrides.yaml create mode 100644 clusterloader2/testing/network-policy/overrides.yaml create mode 100644 clusterloader2/testing/network-policy/pod-creation-config.yaml create mode 100644 clusterloader2/testing/network-policy/policy-creation-config.yaml create mode 100644 clusterloader2/testing/network-policy/target_deployment.yaml create mode 100644 network/benchmarks/netloader/Dockerfile create mode 100644 network/benchmarks/netloader/Makefile create mode 100644 network/benchmarks/netloader/cmd/netloader.go create mode 100644 network/benchmarks/netloader/go.mod create mode 100644 network/benchmarks/netloader/go.sum create mode 100644 network/benchmarks/netloader/pkg/metrics/metrics.go create mode 100644 network/benchmarks/netloader/pkg/test-client/client.go create mode 100644 network/benchmarks/netloader/pkg/test-client/http_metrics.go create mode 100644 network/benchmarks/netloader/util/utils.go diff --git a/clusterloader2/cmd/clusterloader.go b/clusterloader2/cmd/clusterloader.go index f6eab3ec17..8106bd62af 100644 --- a/clusterloader2/cmd/clusterloader.go +++ b/clusterloader2/cmd/clusterloader.go @@ -49,6 +49,7 @@ import ( _ "k8s.io/perf-tests/clusterloader2/pkg/measurement/common/dns" _ "k8s.io/perf-tests/clusterloader2/pkg/measurement/common/network" _ "k8s.io/perf-tests/clusterloader2/pkg/measurement/common/network-policy" + _ "k8s.io/perf-tests/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak" _ "k8s.io/perf-tests/clusterloader2/pkg/measurement/common/probes" _ "k8s.io/perf-tests/clusterloader2/pkg/measurement/common/slos" ) diff --git a/clusterloader2/pkg/measurement/common/network-policy/manifests/clusterrole.yaml b/clusterloader2/pkg/measurement/common/network-policy/manifests/clusterrole.yaml index 8f46cc2050..3dd39507ef 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/manifests/clusterrole.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/manifests/clusterrole.yaml @@ -9,3 +9,10 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["networkpolicies"] verbs: ["get"] +- apiGroups: ["cilium.io"] + resources: ["ciliumclusterwidenetworkpolicies"] + verbs: ["get", "list", "watch"] +- apiGroups: ["cilium.io"] + resources: ["ciliumnetworkpolicies"] + verbs: ["get", "list", "watch"] + diff --git a/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml b/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml index ce0222ed20..32c708f74e 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml @@ -34,7 +34,8 @@ spec: name: npdelaymetrics protocol: TCP imagePullPolicy: Always - image: gcr.io/k8s-staging-perf-tests/network-policy-enforcement-latency/policy-creation-enforcement-latency:v0.0.1 + # image: gcr.io/k8s-staging-perf-tests/network-policy-enforcement-latency/policy-creation-enforcement-latency:v0.0.1 + image: docker.io/sanamsarath/policy-creation-enforcement-latency:v0.0.1 command: - sh - -c @@ -46,6 +47,8 @@ spec: -MaxTargets={{.MaxTargets}} -MetricsPort={{.MetricsPort}} -AllowPolicyName={{.AllowPolicyName}} + -np_type={{.NetworkPolicy_Type}} + -np_namespace={{.Namespace}} # change this value according to the namespace where the policy is created, verify policy-egress-allow-target-pods.yaml resources: requests: cpu: 200m diff --git a/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml b/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml index 02ac99878a..788ef4e373 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml @@ -1,3 +1,61 @@ +{{ if eq .NetworkPolicy_Type "cnp" }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{.Name}} + namespace: {{.ClientNamespace}} # since this policy is egress, the namespace is the client namespace + labels: + type: {{.TypeLabelValue}} +spec: + endpointSelector: + matchLabels: + type: {{.TypeLabelValue}} + egress: + - toEndpoints: + - matchLabels: + net-pol-test: {{.TargetLabelValue}} +{{if .OnlyTargetNamespace}} + k8s:io.kubernetes.pod.namespace: {{.TargetNamespace}} +{{end}} +{{if .L7Enabled}} + toPorts: + - ports: + - port: "{{.TargetPort}}" + protocol: TCP + rules: + http: + - method: GET + path: / +{{end}} +{{else if .NetworkPolicy_Type "ccnp" }} +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy +metadata: + name: {{.Name}} + labels: + type: {{.TypeLabelValue}} +spec: + endpointSelector: + matchLabels: + type: {{.TypeLabelValue}} + egress: + - toEndpoints: + - matchLabels: + net-pol-test: {{.TargetLabelValue}} +{{if .OnlyTargetNamespace}} + k8s:io.kubernetes.pod.namespace: {{.TargetNamespace}} +{{end}} +{{if .L7Enabled}} + toPorts: + - ports: + - port: "{{.TargetPort}}" + protocol: TCP + rules: + http: + - method: GET + path: / +{{end}} +{{else}} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -22,4 +80,8 @@ spec: kubernetes.io/metadata.name: {{.TargetNamespace}} {{else}} namespaceSelector: {} + ports: + - port: "{{.TargetPort}}" + protocol: TCP {{end}} +{{end}} \ No newline at end of file diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go index dd34580a2e..2d4b725d1d 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go @@ -27,6 +27,7 @@ import ( "golang.org/x/time/rate" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" clientset "k8s.io/client-go/kubernetes" "k8s.io/klog/v2" "k8s.io/perf-tests/clusterloader2/pkg/framework" @@ -111,6 +112,12 @@ type networkPolicyEnforcementMeasurement struct { // testClientNodeSelectorValue is value key for the node label on which the // test client pods should run. testClientNodeSelectorValue string + // np type is the type of network policy to be created, default is k8s. + npType string + // l7Enabled is a flag to enable L7 policies. + l7Enabled bool + // l7 port + l7Port int } // Execute - Available actions: @@ -215,6 +222,21 @@ func (nps *networkPolicyEnforcementMeasurement) initializeMeasurement(config *me return fmt.Errorf("cannot initialize the %q, no namespaces with prefix %q exist", networkPolicyEnforcementName, testNamespacePrefix) } + // Get the network policy type + if nps.npType, err = util.GetStringOrDefault(config.Params, "networkPolicyType", "k8s"); err != nil { + return fmt.Errorf("failed to get network policy type, error: %v", err) + } + + // Get the L7 enabled flag + if nps.l7Enabled, err = util.GetBoolOrDefault(config.Params, "l7Enabled", false); err != nil { + klog.Infof("Failed to get L7 enabled flag, error: %v", err) + } + + // Get the L7 port + if nps.l7Port, err = util.GetIntOrDefault(config.Params, "l7Port", 80); err != nil { + klog.Infof("Failed to get L7 port, error: %v", err) + } + return nil } @@ -386,9 +408,10 @@ func (nps *networkPolicyEnforcementMeasurement) createPolicyAllowAPIServer() err func (nps *networkPolicyEnforcementMeasurement) createPolicyToTargetPods(policyName, targetNamespace, testType string, allowForTargetPods bool) error { templateMap := map[string]interface{}{ - "Name": policyName, - "Namespace": nps.testClientNamespace, - "TypeLabelValue": testType, + "Name": policyName, + "Namespace": nps.testClientNamespace, + "TypeLabelValue": testType, + "ClientNamespace": nps.testClientNamespace, } if allowForTargetPods { @@ -404,6 +427,14 @@ func (nps *networkPolicyEnforcementMeasurement) createPolicyToTargetPods(policyN templateMap["OnlyTargetNamespace"] = false } + templateMap["NetworkPolicy_Type"] = nps.npType + + // if L7 enabled, then add the L7 parameters to templateMap + if nps.l7Enabled { + templateMap["L7Enabled"] = nps.l7Enabled + templateMap["TargetPort"] = nps.l7Port + } + if err := nps.framework.ApplyTemplatedManifests(manifestsFS, policyEgressTargetPodsFilePath, templateMap); err != nil { return fmt.Errorf("error while creating allow egress to pods network policy: %v", err) } @@ -420,6 +451,7 @@ func (nps *networkPolicyEnforcementMeasurement) createTestClientDeployments(temp templateMap["Name"] = fmt.Sprintf("%s-%s-%d", testType, netPolicyTestClientName, i) templateMap["TargetNamespace"] = ns templateMap["AllowPolicyName"] = fmt.Sprintf("%s-%d", allowPolicyName, i) + templateMap["NetworkPolicy_Type"] = nps.npType if err := nps.framework.ApplyTemplatedManifests(manifestsFS, deploymentFilePath, templateMap); err != nil { return fmt.Errorf("error while creating test client deployment: %v", err) @@ -528,13 +560,55 @@ func (nps *networkPolicyEnforcementMeasurement) deleteClusterRoleAndBinding() er return nps.k8sClient.RbacV1().ClusterRoleBindings().Delete(context.TODO(), netPolicyTestClientName, metav1.DeleteOptions{}) } +func (nps *networkPolicyEnforcementMeasurement) deleteNetworkPolicies() error { + klog.V(2).Infof("Deleting Cilium network policies for measurement %q", networkPolicyEnforcementName) + + dynamicClient := nps.framework.GetDynamicClients().GetClient() + + switch nps.npType { + case "k8s": + return nil + case "ccnp": + // Define the GVR for CiliumClusterwideNetworkPolicy + ccnpGVR := schema.GroupVersionResource{ + Group: "cilium.io", + Version: "v2", + Resource: "ciliumclusterwidenetworkpolicies", + } + + if err := dynamicClient.Resource(ccnpGVR).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector: fmt.Sprintf("type=%s", policyCreationTest)}); err != nil { + klog.Warningf("failed to delete CiliumClusterwideNetworkPolicy of type %s, error: %v", policyCreationTest, err) + } + + if err := dynamicClient.Resource(ccnpGVR).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector: fmt.Sprintf("type=%s", podCreationTest)}); err != nil { + klog.Warningf("failed to delete CiliumClusterwideNetworkPolicy of type %s, error: %v", podCreationTest, err) + } + case "cnp": + // Define the GVR for CiliumNetworkPolicy + cnpGVR := schema.GroupVersionResource{ + Group: "cilium.io", + Version: "v2", + Resource: "ciliumnetworkpolicies", + } + + if err := dynamicClient.Resource(cnpGVR).Namespace(nps.testClientNamespace).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{}); err != nil { + klog.Warningf("failed to delete CiliumNetworkPolicy in ns:%s, error: %v", nps.testClientNamespace, err) + } + } + return nil +} + func (nps *networkPolicyEnforcementMeasurement) cleanUp() error { if nps.k8sClient == nil { return fmt.Errorf("cleanup skipped - the measurement is not running") } if err := nps.deleteClusterRoleAndBinding(); err != nil { - return err + klog.Warningf("Failed to delete ClusterRole and ClusterRoleBinding, error: %v", err) + } + + if err := nps.deleteNetworkPolicies(); err != nil { + klog.Warningf("Failed to delete network policies, error: %v", err) } klog.V(2).Infof("Deleting namespace %q for measurement %q", nps.testClientNamespace, networkPolicyEnforcementName) diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/allow_apiserver_np.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/allow_apiserver_np.yaml new file mode 100644 index 0000000000..93c54d6ade --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/allow_apiserver_np.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{.Name}} + namespace: {{.Namespace}} + labels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} +spec: + podSelector: + matchLabels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + policyTypes: + - Egress + egress: + - ports: + - port: 443 + protocol: TCP + - port: 80 + protocol: TCP + to: + - ipBlock: + cidr: {{.KubeAPIServerIP}}/32 diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml new file mode 100644 index 0000000000..4dc9d8c040 --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + name: {{.UniqueName}} + namespace: {{.ClientNamespace}} +spec: + replicas: {{.Replicas}} + selector: + matchLabels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + template: + metadata: + labels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + spec: + nodeSelector: + node: "client" + serviceAccountName: {{.ClientName}}-sa + containers: + - image: acnpublic.azurecr.io/sanamsarath/netloader:0.7 + name: netloader + args: + - "--dest_labelSelector={{.TargetLabelKey}}={{.TargetLabelValue}}" + - "--namespace={{.TargetNamespace}}" + - "--duration={{.Duration}}" + - "--interval=1" + - "--workers={{.Workers}}" + - "--destPort={{.TargetPort}}" + - "--destPath={{.TargetPath}}" + resources: + requests: + cpu: "20m" + memory: "40Mi" + tolerations: + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 900 + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 900 + - key: "slo" + operator: "Equal" + value: "true" + effect: "NoSchedule" + diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrole.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrole.yaml new file mode 100644 index 0000000000..a389592d47 --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrole.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{.Name}}-cr +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] \ No newline at end of file diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrolebinding.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrolebinding.yaml new file mode 100644 index 0000000000..56c434f1a2 --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{.Name}}-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{.Name}}-cr +subjects: +- kind: ServiceAccount + name: {{.Name}}-sa + namespace: {{.Namespace}} \ No newline at end of file diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/network_policy.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/network_policy.yaml new file mode 100644 index 0000000000..26bbece505 --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/network_policy.yaml @@ -0,0 +1,75 @@ +{{ if eq .NetworkPolicy_Type "cnp" }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: {{.Name}} + namespace: {{.ClientNamespace}} + labels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} +spec: + endpointSelector: + matchLabels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + egress: + - toEndpoints: + - matchLabels: + {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + k8s:io.kubernetes.pod.namespace: {{.TargetNamespace}} + toPorts: + - ports: + - port: "{{.TargetPort}}" + protocol: TCP + rules: + http: + - method: GET + path: {{.TargetPath}} +{{else if .NetworkPolicy_Type "ccnp" }} +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy +metadata: + name: {{.Name}} + labels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} +spec: + endpointSelector: + matchLabels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + egress: + - toEndpoints: + - matchLabels: + {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + k8s:io.kubernetes.pod.namespace: {{.TargetNamespace}} + toPorts: + - ports: + - port: "{{.TargetPort}}" + protocol: TCP + rules: + http: + - method: GET + path: {{.TargetPath}} +{{else}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{.Name}} + namespace: {{.ClientNamespace}} + labels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} +spec: + podSelector: + matchLabels: + {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + policyTypes: + - Egress + egress: + - to: + - podSelector: + matchLabels: + {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{.TargetNamespace}} + ports: + port: "{{.TargetPort}}" + protocol: TCP +{{end}} diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/serviceaccount.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/serviceaccount.yaml new file mode 100644 index 0000000000..f38ef20e23 --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.Name}}-sa + namespace: {{.Namespace}} \ No newline at end of file diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml new file mode 100644 index 0000000000..0ee94bc766 --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + name: {{.TargetName}} + namespace: {{.TargetNamespace}} +spec: + replicas: {{.Replicas}} + selector: + matchLabels: + {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + template: + metadata: + labels: + app: target + spec: + nodeSelector: + slo: "true" + containers: + - image: acnpublic.azurecr.io/sanamsarath/h2playground:0.3 + name: nginx + ports: + - containerPort: {{.TargetPort}} + resources: + requests: + cpu: "15m" + memory: "30Mi" + tolerations: + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 900 + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 900 + - key: "slo" + operator: "Equal" + value: "true" + effect: "NoSchedule" \ No newline at end of file diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go new file mode 100644 index 0000000000..77b4739260 --- /dev/null +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go @@ -0,0 +1,531 @@ +package networkpolicysoak + +import ( + "context" + "embed" + "fmt" + "math" + "strconv" + "strings" + "time" + + api_corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/kubernetes" + "k8s.io/klog/v2" + "k8s.io/perf-tests/clusterloader2/pkg/framework" + "k8s.io/perf-tests/clusterloader2/pkg/framework/client" + "k8s.io/perf-tests/clusterloader2/pkg/measurement" + measurementutil "k8s.io/perf-tests/clusterloader2/pkg/measurement/util" + "k8s.io/perf-tests/clusterloader2/pkg/measurement/util/gatherers" + "k8s.io/perf-tests/clusterloader2/pkg/util" +) + +const ( + // file paths + networkPolicySoakMeasurementName = "NetworkPolicySoakMeasurement" + serviceAccountFilePath = "manifests/serviceaccount.yaml" + clusterRoleFilePath = "manifests/clusterrole.yaml" + clusterRoleBindingFilePath = "manifests/clusterrolebinding.yaml" + netPolFilePath = "manifests/network_policy.yaml" + clientFilePath = "manifests/client_deploy.yaml" + targetFilePath = "manifests/target_deploy.yaml" + APIserverFilePath = "manifests/allow_apiserver_np.yaml" + + // variables + clientNamespace = "np-soak-client" + clientName = "np-soak-client" // all the k8s resources will be prefixed with this name + targetName = "np-soak-target" // all the deployments in target namespaces will be named with np-soak-target + apiserverNPName = "allow-egress-apiserver" +) + +//go:embed manifests +var manifestsFS embed.FS + +type NetworkPolicySoakMeasurement struct { + isRunning bool + testDuration time.Duration + k8sClient kubernetes.Interface + framework *framework.Framework + targetNamespaces []string + targetLabelKey string + targetLabelVal string + clientLabelKey string + clientLabelVal string + targetReplicasPerNs int + clientReplicasPerDep int + targetPort int + targetPath string + testEndTime time.Time + workerPerClient int + npType string + // gatherers + gatherers *gatherers.ContainerResourceGatherer +} + +func createNetworkPolicySoakMeasurement() measurement.Measurement { + return &NetworkPolicySoakMeasurement{} +} + +func init() { + measurement.Register(networkPolicySoakMeasurementName, createNetworkPolicySoakMeasurement) +} + +func (m *NetworkPolicySoakMeasurement) Execute(config *measurement.Config) ([]measurement.Summary, error) { + action, err := util.GetString(config.Params, "action") + if err != nil { + return nil, err + } + + switch action { + case "start": + return m.start(config) + case "gather": + return m.gather() + default: + return nil, fmt.Errorf("unknown action: %s", action) + } +} + +func (m *NetworkPolicySoakMeasurement) start(config *measurement.Config) ([]measurement.Summary, error) { + if m.isRunning { + return nil, fmt.Errorf("phase: start, %s: measurement already running", m.String()) + } + + if err := m.initialize(config); err != nil { + return nil, err + } + + // create the client namespace + if err := client.CreateNamespace(m.k8sClient, clientNamespace); err != nil { + return nil, fmt.Errorf("phase: start, %s: failed to create namespace %s: %v", m.String(), clientNamespace, err) + } + + // deploy the RBAC resources + if err := m.deployRBACResources(); err != nil { + return nil, err + } + + // deploy the target pods + if err := m.deployTargetPods(); err != nil { + return nil, err + } + + // deploy the network policy to allow traffic from client to API server + if err := m.deployAPIServerNetworkPolicy(); err != nil { + return nil, err + } + + // deploy the network policy to allow traffic from client to target pods + if err := m.deployNetworkPolicy(); err != nil { + return nil, err + } + + // deploy the client pods + if err := m.deployClientPods(); err != nil { + return nil, err + } + + // start envoy resource gatherer + if err := m.envoyResourceGather(); err != nil { + return nil, err + } + + m.isRunning = true + return nil, nil +} + +func (m *NetworkPolicySoakMeasurement) initialize(config *measurement.Config) error { + // initialization + m.k8sClient = config.ClusterFramework.GetClientSets().GetClient() + m.framework = config.ClusterFramework + + namespaceList, err := m.k8sClient.CoreV1().Namespaces().List(context.TODO(), metav1.ListOptions{}) + if err != nil { + return fmt.Errorf("phase: start, %s: failed to list namespaces: %v", m.String(), err) + } + + // target namespaces are automanagered by the framework + // capture all the target namespaces + targetNamespacePrefix := m.framework.GetAutomanagedNamespacePrefix() + for _, ns := range namespaceList.Items { + if strings.HasPrefix(ns.Name, targetNamespacePrefix) { + m.targetNamespaces = append(m.targetNamespaces, ns.Name) + } + } + + if len(m.targetNamespaces) == 0 { + return fmt.Errorf("phase: start, %s: no target namespaces found, verify config", m.String()) + } + + // parse the config params + if m.targetLabelKey, err = util.GetString(config.Params, "targetLabelKey"); err != nil { + return fmt.Errorf("phase: start, %s: failed to get target label key: %v", m.String(), err) + } + + if m.targetLabelVal, err = util.GetString(config.Params, "targetLabelValue"); err != nil { + return fmt.Errorf("phase: start, %s: failed to get target label value: %v", m.String(), err) + } + + if m.clientLabelKey, err = util.GetString(config.Params, "clientLabelKey"); err != nil { + return fmt.Errorf("phase: start, %s: failed to get client label key: %v", m.String(), err) + } + + if m.clientLabelVal, err = util.GetString(config.Params, "clientLabelValue"); err != nil { + return fmt.Errorf("phase: start, %s: failed to get client label value: %v", m.String(), err) + } + + if m.targetReplicasPerNs, err = util.GetIntOrDefault(config.Params, "targetReplicasPerNs", 1); err != nil { + return fmt.Errorf("phase: start, %s: failed to get target replicas per namespace: %v", m.String(), err) + } + + if m.clientReplicasPerDep, err = util.GetIntOrDefault(config.Params, "clientReplicasPerDep", 1); err != nil { + return fmt.Errorf("phase: start, %s: failed to get client replicas per deployment: %v", m.String(), err) + } + + if m.targetPort, err = util.GetIntOrDefault(config.Params, "targetPort", 80); err != nil { + return fmt.Errorf("phase: start, %s: failed to get target port: %v", m.String(), err) + } + + if m.targetPath, err = util.GetStringOrDefault(config.Params, "targetPath", "/"); err != nil { + return fmt.Errorf("phase: start, %s: failed to get target path: %v", m.String(), err) + } + + if m.testDuration, err = util.GetDuration(config.Params, "testDuration"); err != nil { + return fmt.Errorf("phase: start, %s: failed to get test duration: %v", m.String(), err) + } + + if m.workerPerClient, err = util.GetIntOrDefault(config.Params, "workerPerClient", 1); err != nil { + return fmt.Errorf("phase: start, %s: failed to get worker per client: %v", m.String(), err) + } + + if m.npType, err = util.GetStringOrDefault(config.Params, "npType", "k8s"); err != nil { + return fmt.Errorf("phase: start, %s: failed to get network policy type: %v", m.String(), err) + } + + return nil +} + +func (m *NetworkPolicySoakMeasurement) deployRBACResources() error { + templateMap := map[string]interface{}{ + "Name": clientName, + "Namespace": clientNamespace, + } + + // create the service account + if err := m.framework.ApplyTemplatedManifests(manifestsFS, serviceAccountFilePath, templateMap); err != nil { + return fmt.Errorf("phase: start, %s: failed to apply service account manifest: %v", m.String(), err) + } + + // create the cluster role + if err := m.framework.ApplyTemplatedManifests(manifestsFS, clusterRoleFilePath, templateMap); err != nil { + return fmt.Errorf("phase: start, %s: failed to apply cluster role manifest: %v", m.String(), err) + } + + // create the cluster role binding + if err := m.framework.ApplyTemplatedManifests(manifestsFS, clusterRoleBindingFilePath, templateMap); err != nil { + return fmt.Errorf("phase: start, %s: failed to apply cluster role binding manifest: %v", m.String(), err) + } + + return nil +} + +func (m *NetworkPolicySoakMeasurement) deployTargetPods() error { + templateMap := map[string]interface{}{ + "TargetName": targetName, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "Replicas": m.targetReplicasPerNs, + "TargetPort": m.targetPort, + } + + depBatchSize := 50 + for i := 0; i < len(m.targetNamespaces); i += depBatchSize { + end := i + depBatchSize + if end > len(m.targetNamespaces) { + end = len(m.targetNamespaces) + } + for _, ns := range m.targetNamespaces[i:end] { + templateMap["TargetNamespace"] = ns + if err := m.framework.ApplyTemplatedManifests(manifestsFS, targetFilePath, templateMap); err != nil { + return fmt.Errorf("phase: start, %s NS: %s, failed to apply target deployment manifest: %v", m.String(), ns, err) + } + } + + // Wait for the current batch deployments to be ready. + labelSelector := fmt.Sprintf("%s=%s", m.targetLabelKey, m.targetLabelVal) + batchPodCount := (end - i) * m.targetReplicasPerNs + waitDuration := math.Max(60.0, float64(batchPodCount)*0.5) + targetWaitCtx, targetWaitCancel := context.WithTimeout(context.TODO(), time.Duration(waitDuration)*time.Second) + // desired pod count is the number of deployments until now * replicas per deployment + desiredPodCount := end * m.targetReplicasPerNs + if err := m.waitForDeploymentPodsReady(targetWaitCtx, desiredPodCount, labelSelector); err != nil { + klog.Warningf("phase: start, %s: failed to wait for target pods to be ready: %v", m.String(), err) + } + targetWaitCancel() // Explicitly cancel the context immediately after waiting. + } + + return nil +} + +func (m *NetworkPolicySoakMeasurement) deployAPIServerNetworkPolicy() error { + + if policy, err := m.k8sClient.NetworkingV1().NetworkPolicies(clientNamespace).Get(context.TODO(), apiserverNPName, metav1.GetOptions{}); err == nil && policy != nil { + // network policy already exists + klog.Warningf("Network policy %s already exists, skipping deployment", apiserverNPName) + return nil + } + + // get the API server IP address + var kubeAPIServerIP string + if endpoints, err := m.k8sClient.CoreV1().Endpoints(api_corev1.NamespaceDefault).Get(context.TODO(), "kubernetes", metav1.GetOptions{}); err != nil { + return fmt.Errorf("phase: start, %s: failed to get API server endpoint: %v", m.String(), err) + } else { + if len(endpoints.Subsets) == 0 || len(endpoints.Subsets[0].Addresses) == 0 { + return fmt.Errorf("phase: start, %s: failed to get API server IP address", m.String()) + } + kubeAPIServerIP = endpoints.Subsets[0].Addresses[0].IP + } + + templateMap := map[string]interface{}{ + "Name": apiserverNPName, + "Namespace": clientNamespace, + "ClientLabelKey": m.clientLabelKey, + "ClientLabelValue": m.clientLabelVal, + "KubeAPIServerIP": kubeAPIServerIP, + } + + if err := m.framework.ApplyTemplatedManifests(manifestsFS, APIserverFilePath, templateMap); err != nil { + return fmt.Errorf("phase: start, %s: failed to apply API server network policy manifest: %v", m.String(), err) + } + return nil +} + +func (m *NetworkPolicySoakMeasurement) deployNetworkPolicy() error { + + templateMap := map[string]interface{}{ + "ClientNamespace": clientNamespace, + "ClientLabelKey": m.clientLabelKey, + "ClientLabelValue": m.clientLabelVal, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "TargetPort": strconv.Itoa(m.targetPort), + "TargetPath": m.targetPath, + "NetworkPolicy_Type": m.npType, + } + + for _, ns := range m.targetNamespaces { + templateMap["TargetNamespace"] = ns + templateMap["Name"] = ns // use the target namespace name as the network policy name + + if err := m.framework.ApplyTemplatedManifests(manifestsFS, netPolFilePath, templateMap); err != nil { + return fmt.Errorf("phase: start, %s NS: %s, failed to apply network policy manifest: %v", m.String(), err, ns) + } + } + return nil +} + +func (m *NetworkPolicySoakMeasurement) deployClientPods() error { + // Usually server/target pods replicas are not large, so they should be up and running in a short time + klog.Infof("Deploying client pods") + + // convert the test duration to seconds + duration := int(m.testDuration.Seconds()) + + templateMap := map[string]interface{}{ + "ClientName": clientName, + "ClientNamespace": clientNamespace, + "ClientLabelKey": m.clientLabelKey, + "ClientLabelValue": m.clientLabelVal, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "TargetPort": m.targetPort, + "TargetPath": m.targetPath, + "Duration": duration, + "Replicas": m.clientReplicasPerDep, + "Workers": m.workerPerClient, + } + + clientBatchSize := 50 + for i := 0; i < len(m.targetNamespaces); i += clientBatchSize { + end := i + clientBatchSize + if end > len(m.targetNamespaces) { + end = len(m.targetNamespaces) + } + for _, ns := range m.targetNamespaces[i:end] { + templateMap["TargetNamespace"] = ns + templateMap["UniqueName"] = ns // use target namespace name as unique name + if err := m.framework.ApplyTemplatedManifests(manifestsFS, clientFilePath, templateMap); err != nil { + return fmt.Errorf("phase: start, %s NS: %s, failed to apply client deployment manifest: %v", m.String(), ns, err) + } + } + + // Wait for the current batch client pods to be ready. + labelSelector := fmt.Sprintf("%s=%s", m.clientLabelKey, m.clientLabelVal) + batchPodCount := (end - i) * m.clientReplicasPerDep + waitDuration := math.Max(60.0, float64(batchPodCount)*0.5) + clientWaitCtx, clientWaitCancel := context.WithTimeout(context.TODO(), time.Duration(waitDuration)*time.Second) + // desired pod count is the number of deployments until now * replicas per deployment + desiredPodCount := end * m.clientReplicasPerDep + if err := m.waitForDeploymentPodsReady(clientWaitCtx, desiredPodCount, labelSelector); err != nil { + klog.Warningf("phase: start, %s: failed to wait for client pods to be ready: %v", m.String(), err) + } + clientWaitCancel() // cancel context immediately after waiting + } + + m.testEndTime = time.Now().Add(m.testDuration) + return nil +} + +// Wait for the deployment pods be to be ready +func (m *NetworkPolicySoakMeasurement) waitForDeploymentPodsReady(ctx context.Context, desiredPodCount int, labelSelector string) error { + // get the selector for the pods + selector := util.NewObjectSelector() + if labelSelector == "" { + return fmt.Errorf("label selector is empty") + } + selector.LabelSelector = labelSelector + + options := &measurementutil.WaitForPodOptions{ + DesiredPodCount: func() int { return desiredPodCount }, + CallerName: m.String(), + WaitForPodsInterval: 2 * time.Second, + } + + podStore, err := measurementutil.NewPodStore(m.k8sClient, selector) + if err != nil { + return err + } + + _, err = measurementutil.WaitForPods(ctx, podStore, options) + if err != nil { + return err + } + + return nil +} + +func (m *NetworkPolicySoakMeasurement) gather() ([]measurement.Summary, error) { + if !m.isRunning { + return nil, fmt.Errorf("phase: gather, %s: measurement not running", m.String()) + } + + // wait for the test to complete + klog.Infof("phase: gather, %s: waiting for the test run to complete...", m.String()) + time.Sleep(time.Until(m.testEndTime)) + klog.Infof("phase: gather, %s: test run completed", m.String()) + + // stop gathering resource usage + if m.gatherers == nil { + klog.Warningf("phase: gather, %s: gatherer not initialized. Envoy resource usage not collected", m.String()) + } + + // stop gathering resource usage + summary, err := m.gatherers.StopAndSummarize([]int{50, 90, 99, 100}) + if err != nil { + return nil, fmt.Errorf("phase: gather, %s: failed to stop gathering resource usage: %v", m.String(), err) + } + + content, err := util.PrettyPrintJSON(summary) + if err != nil { + return nil, fmt.Errorf("phase: gather, %s: failed to pretty print resource usage summary: %v", m.String(), err) + } + + resourceSummary := measurement.CreateSummary(networkPolicySoakMeasurementName, "json", content) + return []measurement.Summary{resourceSummary}, nil +} + +func (m *NetworkPolicySoakMeasurement) envoyResourceGather() error { + if m.gatherers != nil { + return fmt.Errorf("phase: gather, %s: resource gatherer already initialized, not expected", m.String()) + } + + // api server IP address + host := m.framework.GetClusterConfig().GetMasterIP() + + // namespace + namespace := "kube-system" + + // label selector + labelSelector := "name=cilium-envoy" + + // resource gatherer options + options := gatherers.ResourceGathererOptions{ + InKubemark: m.framework.GetClusterConfig().Provider.Features().IsKubemarkProvider, + ResourceDataGatheringPeriod: 60 * time.Second, + MasterResourceDataGatheringPeriod: 60 * time.Second, + Nodes: gatherers.AllNodes, + } + + gatherers, err := gatherers.NewResourceUsageGatherer(m.k8sClient, + host, + m.framework.GetClusterConfig().KubeletPort, + m.framework.GetClusterConfig().Provider, + options, + namespace, + labelSelector) + if err != nil { + return fmt.Errorf("phase: gather, %s: failed to create resource gatherer: %v", m.String(), err) + } + m.gatherers = gatherers + + // start gathering resource usage + go m.gatherers.StartGatheringData() + + return nil +} + +func (m *NetworkPolicySoakMeasurement) Dispose() { + // delete RBAC resources + if err := m.k8sClient.RbacV1().ClusterRoleBindings().Delete(context.TODO(), fmt.Sprintf("%s-crb", clientName), metav1.DeleteOptions{}); err != nil { + klog.Errorf("phase: gather, %s: failed to delete cluster role binding: %v", m.String(), err) + } + + if err := m.k8sClient.RbacV1().ClusterRoles().Delete(context.TODO(), fmt.Sprintf("%s-cr", clientName), metav1.DeleteOptions{}); err != nil { + klog.Errorf("phase: gather, %s: failed to delete cluster role: %v", m.String(), err) + } + + if err := m.k8sClient.CoreV1().ServiceAccounts(clientNamespace).Delete(context.TODO(), fmt.Sprintf("%s-sa", clientName), metav1.DeleteOptions{}); err != nil { + klog.Errorf("phase: gather, %s: failed to delete service account: %v", m.String(), err) + } + + // Define the GVR for CiliumClusterwideNetworkPolicy + cnpGVR := schema.GroupVersionResource{ + Group: "cilium.io", + Version: "v2", + Resource: "ciliumnetworkpolicies", + } + // delete cilium network policies in all the client namespaces + dynamicClient := m.framework.GetDynamicClients().GetClient() + if err := dynamicClient.Resource(cnpGVR).Namespace(clientNamespace).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{}); err != nil { + klog.Errorf("phase: gather, %s: failed to delete cilium network policies: %v", m.String(), err) + } + + // delete client pods + if err := m.k8sClient.AppsV1().Deployments(clientNamespace).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{}); err != nil { + klog.Errorf("phase: gather, %s: failed to delete client deployments: %v", m.String(), err) + } + + // delte client namespace + if err := m.k8sClient.CoreV1().Namespaces().Delete(context.TODO(), clientNamespace, metav1.DeleteOptions{}); err != nil { + klog.Errorf("phase: gather, %s: failed to delete namespace %s: %v", m.String(), clientNamespace, err) + } + + // clear target deployments from all the target namespaces using label selector + labelSelector := fmt.Sprintf("%s=%s", m.targetLabelKey, m.targetLabelVal) + for _, ns := range m.targetNamespaces { + if err := m.k8sClient.AppsV1().Deployments(ns).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector: labelSelector}); err != nil { + klog.Errorf("phase: gather, %s NS: %s, failed to delete target deployments: %v", m.String(), ns, err) + } + } + + // stop gatherers + if m.gatherers != nil { + m.gatherers.Dispose() + } +} + +func (m *NetworkPolicySoakMeasurement) String() string { + return networkPolicySoakMeasurementName +} diff --git a/clusterloader2/pkg/measurement/util/gatherers/container_resource_gatherer.go b/clusterloader2/pkg/measurement/util/gatherers/container_resource_gatherer.go index c7e787d9ac..0508cb9f91 100644 --- a/clusterloader2/pkg/measurement/util/gatherers/container_resource_gatherer.go +++ b/clusterloader2/pkg/measurement/util/gatherers/container_resource_gatherer.go @@ -81,7 +81,7 @@ func isDaemonPod(pod *corev1.Pod) bool { } // NewResourceUsageGatherer creates new instance of ContainerResourceGatherer -func NewResourceUsageGatherer(c clientset.Interface, host string, port int, provider provider.Provider, options ResourceGathererOptions, namespace string) (*ContainerResourceGatherer, error) { +func NewResourceUsageGatherer(c clientset.Interface, host string, port int, provider provider.Provider, options ResourceGathererOptions, namespace string, podLabelSelector ...string) (*ContainerResourceGatherer, error) { g := ContainerResourceGatherer{ client: c, isRunning: true, @@ -103,12 +103,26 @@ func NewResourceUsageGatherer(c clientset.Interface, host string, port int, prov provider: provider, }) } else { - listOptions := metav1.ListOptions{ResourceVersion: "0"} - pods, err := c.CoreV1().Pods(namespace).List(context.TODO(), listOptions) - if err != nil { - return nil, fmt.Errorf("listing pods error: %v", err) + var pods []corev1.Pod + podlistOptions := metav1.ListOptions{ResourceVersion: "0"} + if len(podLabelSelector) > 0 { + for _, selector := range podLabelSelector { + podlistOptions.LabelSelector = selector + podList, err := c.CoreV1().Pods(namespace).List(context.TODO(), podlistOptions) + if err != nil { + return nil, fmt.Errorf("listing pods error: %v", err) + } + pods = append(pods, podList.Items...) + } + } else { + podList, err := c.CoreV1().Pods(namespace).List(context.TODO(), podlistOptions) + if err != nil { + return nil, fmt.Errorf("listing pods error: %v", err) + } + pods = podList.Items } + listOptions := metav1.ListOptions{ResourceVersion: "0"} nodeList, err := c.CoreV1().Nodes().List(context.TODO(), listOptions) if err != nil { return nil, fmt.Errorf("listing nodes error: %v", err) @@ -122,7 +136,7 @@ func NewResourceUsageGatherer(c clientset.Interface, host string, port int, prov } nodesToConsider := make(map[string]bool) - for _, pod := range pods.Items { + for _, pod := range pods { if (options.Nodes == MasterAndNonDaemons) && !masterNodes.Has(pod.Spec.NodeName) && isDaemonPod(&pod) { continue } diff --git a/clusterloader2/pkg/prometheus/manifests/0prometheus-operator-service.yaml b/clusterloader2/pkg/prometheus/manifests/0prometheus-operator-service.yaml index 03204129c2..09f9ff366e 100644 --- a/clusterloader2/pkg/prometheus/manifests/0prometheus-operator-service.yaml +++ b/clusterloader2/pkg/prometheus/manifests/0prometheus-operator-service.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: 0.46.0 + k8s-app: prometheus-operator name: prometheus-operator namespace: monitoring spec: diff --git a/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumEnvoy.yaml b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumEnvoy.yaml new file mode 100644 index 0000000000..bc1f0b9853 --- /dev/null +++ b/clusterloader2/pkg/prometheus/manifests/default/prometheus-podMonitorCiliumEnvoy.yaml @@ -0,0 +1,25 @@ +{{$PROMETHEUS_SCRAPE_CILIUM_ENVOY := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_ENVOY false}} +{{$PROMETHEUS_SCRAPE_CILIUM_ENVOY_PORT := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_ENVOY_PORT "envoy-metrics"}} +{{$PROMETHEUS_SCRAPE_CILIUM_ENVOY_INTERVAL := DefaultParam .CL2_PROMETHEUS_SCRAPE_CILIUM_ENVOY_INTERVAL "30s"}} + +{{if $PROMETHEUS_SCRAPE_CILIUM_ENVOY }} + +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + k8s-app: cilium-envoy + name: cilium-envoy-pods + namespace: monitoring +spec: + podMetricsEndpoints: + - interval: {{ $PROMETHEUS_SCRAPE_CILIUM_ENVOY_INTERVAL }} + port: {{ $PROMETHEUS_SCRAPE_CILIUM_ENVOY_PORT }} + jobLabel: k8s-app + selector: + matchLabels: + k8s-app: cilium-envoy + namespaceSelector: + matchNames: + - kube-system +{{end}} diff --git a/clusterloader2/testing/network-policy/network-policy-soak/Readme.txt b/clusterloader2/testing/network-policy/network-policy-soak/Readme.txt new file mode 100644 index 0000000000..424335c2ec --- /dev/null +++ b/clusterloader2/testing/network-policy/network-policy-soak/Readme.txt @@ -0,0 +1,18 @@ +# test setup details - +# All the client pods will be deployed in single test namespace +# Server pods will be spread accross different namespaces +# clients, servers, NPs are grouped +# each group will have + * M clients - 1 deployment yaml, M replicas, in test namespace + * N servers - 1 deployment yaml, M replicas, in Server custom namespace + * Network policy - 1 egress Network policy to allow M clients to N servers +# Number of groups = Number of Network Policies = Number of Server NS's + +# Command to run cilium l7 network policy soak, change the paths to config files below accordingly. +./clusterloader --provider=aks --kubeconfig=/home/sarathsa/.kube/config --testconfig=/home/sarathsa/work/perf-tests/clusterloader2/testing/network-policy/network-policy-soak/config.yaml --v=5 --enable-prometheus-server=True --prometheus-storage-class-provisioner=disk.csi.azure.com --prometheus-pvc-storage-class=default --report-dir=/tmp/load-test/network-policy/http-soak1 --testoverrides=/home/sarathsa/work/perf-tests/clusterloader2/testing/network-policy/network-policy-soak/overrides.yaml 2>&1 | tee /tmp/load-test/network-policy/http-soak1/logs.txt + + +# Test setup parameters are defined in overrides.yaml and the config for the test setup are defined in config.yaml + +# Test code path - perf-tests/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests +# yaml files for test objects are defined - perf-tests/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests \ No newline at end of file diff --git a/clusterloader2/testing/network-policy/network-policy-soak/config.yaml b/clusterloader2/testing/network-policy/network-policy-soak/config.yaml new file mode 100644 index 0000000000..32af581b5c --- /dev/null +++ b/clusterloader2/testing/network-policy/network-policy-soak/config.yaml @@ -0,0 +1,219 @@ +{{$NUMBER_OF_SERVERS_PER_Group := DefaultParam .CL2_NUMBER_OF_SERVERS_PER_GROUP 2}} +{{$NUMBER_OF_CLIENTS_PER_Group := DefaultParam .CL2_NUMBER_OF_CLIENTS_PER_GROUP 1}} +{{$NUMBER_OF_GROUPS := DefaultParam .CL2_NUMBER_OF_GROUPS 2}} +{{$TARGET_PORT := DefaultParam .CL2_TARGET_PORT 80}} +{{$WORKERS_PER_CLIENT := DefaultParam .CL2_WORKERS_PER_CLIENT 5}} +{{$DURATION := DefaultParam .CL2_DURATION 600}} +{{$Network_Policy_Type := DefaultParam .CL2_NETWORK_POLICY_TYPE "k8s"}} +{{$SOAK_TEST := DefaultParam .CL2_SOAK_TEST false}} +namespace: + number: {{$NUMBER_OF_GROUPS}} + prefix: slo + deleteStaleNamespaces: true + deleteAutomanagedNamespaces: true + enableExistingNamespaces: false +steps: +# 1. start cilium agent metrics +# 2. start cilium envoy metrics +# 3. start resource usage metrics (cpu, memory usage of Envoy) +# 4. start network performance measurement (setup and run) +# 5. gather network performance measurement (wait and gather results) +# 6. gather resource usage metrics +# 7. gather cilium envoy metrics +# 8. gather cilium agent metrics + +# 1. start cilium agent metrics +- name: Cilium Agent Metrics + measurements: + - Identifier: CiliumAgentAverageCPUUsage + Method: GenericPrometheusQuery + Params: + action: start + metricName: cilium_average_cpu_usage + metricVersion: v1 + unit: cpu + queries: + - name: Perc99 + query: quantile(0.99, avg_over_time(rate(cilium_process_cpu_seconds_total[1m])[%v:])) + - name: Perc90 + query: quantile(0.90, avg_over_time(rate(cilium_process_cpu_seconds_total[1m])[%v:])) + - name: Perc50 + query: quantile(0.50, avg_over_time(rate(cilium_process_cpu_seconds_total[1m])[%v:])) + - Identifier: CiliumAgentAvgMemUsage + Method: GenericPrometheusQuery + Params: + action: start + metricName: cilium_avg_memory_usage + metricVersion: v1 + unit: MB + queries: + - name: Perc99 + query: quantile(0.99, avg_over_time(cilium_process_resident_memory_bytes[%v:]) / 1024 / 1024) + - name: Perc90 + query: quantile(0.90, avg_over_time(cilium_process_resident_memory_bytes[%v:]) / 1024 / 1024) + - name: Perc50 + query: quantile(0.5, avg_over_time(cilium_process_resident_memory_bytes[%v:]) / 1024 / 1024) + - Identifier: CiliumAgentMaxCPUUsage + Method: GenericPrometheusQuery + Params: + action: start + metricName: cilium_max_cpu_usage + metricVersion: v1 + unit: cpu + enableViolations: true + queries: + - name: Perc99 + query: quantile(0.99, max_over_time(rate(cilium_process_cpu_seconds_total[1m])[%v:])) + - name: Perc90 + query: quantile(0.90, max_over_time(rate(cilium_process_cpu_seconds_total[1m])[%v:])) + - name: Perc50 + query: quantile(0.50, max_over_time(rate(cilium_process_cpu_seconds_total[1m])[%v:])) + - Identifier: CiliumAgentMaxMemUsage + Method: GenericPrometheusQuery + Params: + action: start + metricName: cilium_max_memory_usage + metricVersion: v1 + unit: MB + enableViolations: true + queries: + - name: Perc99 + query: quantile(0.99, max_over_time(cilium_process_resident_memory_bytes[%v:]) / 1024 / 1024) + - name: Perc90 + query: quantile(0.90, max_over_time(cilium_process_resident_memory_bytes[%v:]) / 1024 / 1024) + - name: Perc50 + query: quantile(0.5, max_over_time(cilium_process_resident_memory_bytes[%v:]) / 1024 / 1024) + - Identifier: CiliumAgentL7Policy + Method: GenericPrometheusQuery + Params: + action: start + metricName: cilium_l7_policy + metricVersion: v1 + unit: count + queries: + - name: cilium_l7_received + query: sum(increase(cilium_policy_l7_total{proxy_type="envoy", rule="received"}[%v:])) + - name: cilium_l7_forwarded + query: sum(increase(cilium_policy_l7_total{proxy_type="envoy", rule="forwarded"}[%v:])) + - name: cilium_l7_failed + query: sum(increase(cilium_policy_l7_total{proxy_type="envoy", rule!~"received|forwarded"}[%v:])) +# 2. start cilium envoy metrics +- name: Starting cilium envoy metrics for http load test + measurements: + - Identifier: HTTPPerfCiliumEnvoyMetrics + Method: GenericPrometheusQuery + Params: + action: start + metricName: "cilium_envoy_http_metrics" + metricVersion: v1 + unit: s + queries: + - name: envoy_http_requests_total + query: sum(increase(envoy_http_rq_total{envoy_http_conn_manager_prefix="proxy"}[%v:])) + - name: envoy_http_requests_rate + query: avg(rate(envoy_http_rq_total{envoy_http_conn_manager_prefix="proxy"}[%v:]) unless rate(envoy_http_rq_total{envoy_http_conn_manager_prefix="proxy"}[%v:]) == 0) + - name: envoy_downstream_connections_total + query: sum(increase(envoy_listener_downstream_cx_total{envoy_listener_address!~"^(0\\.0\\.0\\.0_9964|127\\.0\\.0\\.1_9878)$"}[%v:])) + - name: envoy_downstream_connections_rate + query: avg(rate(envoy_listener_downstream_cx_total{envoy_listener_address!~"^(0\\.0\\.0\\.0_9964|127\\.0\\.0\\.1_9878)$"}[%v:]) unless rate(envoy_listener_downstream_cx_total{envoy_listener_address!~"^(0\\.0\\.0\\.0_9964|127\\.0\\.0\\.1_9878)$"}[%v:]) == 0) + - name: envoy_upstream_connections_total + query: sum(increase(envoy_cluster_upstream_cx_total{envoy_cluster_name="egress-cluster"}[%v:])) + - name: envoy_upstream_connections_rate + query: avg(rate(envoy_cluster_upstream_cx_total{envoy_cluster_name="egress-cluster"}[%v:]) unless rate(envoy_cluster_upstream_cx_total{envoy_cluster_name="egress-cluster"}[%v:]) == 0) + - name: envoy_memory_allocated_max + query: max(max_over_time(envoy_server_memory_allocated[%v:])) / 1024 / 1024 + - name: envoy_memory_heap_size_max + query: max(max_over_time(envoy_server_memory_heap_size[%v:])) / 1024 / 1024 +# 4. start network performance measurement (setup and run) +- name: Network Policy Soak Test - Start + measurements: + - Identifier: NetworkPolicySoakMeasurement + Method: NetworkPolicySoakMeasurement + Params: + action: start + targetLabelKey: app + targetLabelValue: target + clientLabelKey: app + clientLabelValue: client + targetReplicasPerNs: {{$NUMBER_OF_SERVERS_PER_Group}} + clientReplicasPerDep: {{$NUMBER_OF_CLIENTS_PER_Group}} + targetPort: {{$TARGET_PORT}} + targetPath: / + testDuration: "{{$DURATION}}" + workerPerClient: {{$WORKERS_PER_CLIENT}} + npType: {{$Network_Policy_Type}} +# 5. gather network performance measurement (wait and gather results) +- name: Network Policy Soak Test - Gather Results + measurements: + - Identifier: NetworkPolicySoakMeasurement + Method: NetworkPolicySoakMeasurement + Params: + action: gather #gather will wait for the soak test to finish +# 7. gather cilium envoy metrics +- name: "gathering cilium envoy metrics for http load test" + measurements: + - Identifier: HTTPPerfCiliumEnvoyMetrics + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +# 8. gather cilium agent metrics +- name: Cilium Metrics + measurements: + - Identifier: CiliumAgentAverageCPUUsage + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true + - Identifier: CiliumAgentAvgMemUsage + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true + - Identifier: CiliumAgentMaxCPUUsage + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true + - Identifier: CiliumAgentMaxMemUsage + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true + - Identifier: CiliumAgentL7Policy + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +# IF SOAK_TEST, GATHER ENVOY MEMORY METRICS 1 HOUR AFTER THE TEST +# TO VERIFY MEMORY LEAKS +{{if $SOAK_TEST }} +- name: Starting Soak metrics collection + measurements: + - Identifier: SoakPerfCiliumEnvoyMetrics + Method: GenericPrometheusQuery + Params: + action: start + metricName: "cilium_envoy_soak_metrics" + metricVersion: v1 + unit: s + queries: + - name: envoy_memory_allocated_max + query: max(max_over_time(envoy_server_memory_allocated[3600s:])) / 1024 / 1024 + - name: envoy_memory_heap_size_max + query: max(max_over_time(envoy_server_memory_heap_size[3600s:])) / 1024 / 1024 +# sleep for 1 hour (3600s) +- name: Sleep + measurements: + - Identifier: Sleep + Method: Sleep + Params: + duration: "3600s" +- name: Soak Envoy Memory Metrics + measurements: + - Identifier: SoakPerfCiliumEnvoyMetrics + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +{{end}} diff --git a/clusterloader2/testing/network-policy/network-policy-soak/scale-overrides.yaml b/clusterloader2/testing/network-policy/network-policy-soak/scale-overrides.yaml new file mode 100644 index 0000000000..3d08d7a7e8 --- /dev/null +++ b/clusterloader2/testing/network-policy/network-policy-soak/scale-overrides.yaml @@ -0,0 +1,30 @@ +# Goal: More number of endpoints and more number of policies. Load is not important +# setup: More number of clients and servers. duration 3 hours - 10800 seconds +# scale table +# | # of clients | # of servers | # of policies | # of Nodes | +# | 20000 | 20000 | 1000 | 1000 -- large +# | 2000 | 2000 | 1000 | 100 -- small + +# prometheus parameters +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT: true +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL: 30s +CL2_PROMETHEUS_SCRAPE_CILIUM_ENVOY: true +CL2_PROMETHEUS_TOLERATE_MASTER: true +CL2_PROMETHEUS_MEMORY_LIMIT_FACTOR: 30.0 +CL2_PROMETHEUS_MEMORY_SCALE_FACTOR: 30.0 +CL2_PROMETHEUS_NODE_SELECTOR: "prometheus: \"true\"" + +# test parameters +# No. of clients = CL2_NUMBER_OF_CLIENTS_PER_GROUP * CL2_NUMBER_OF_GROUPS +# No. of servers = CL2_NUMBER_OF_SERVERS_PER_GROUP * CL2_NUMBER_OF_GROUPS +# for scale test, we will increase the number of clients and servers to +# scale the cluster and keep the number of workers per client limted. +# small scale test - 2000 clients, 2000 servers, 1000 policies +# large scale test - 20000 clients, 20000 servers, 1000 policies +CL2_NUMBER_OF_CLIENTS_PER_GROUP: 20 +CL2_NUMBER_OF_SERVERS_PER_GROUP: 20 +CL2_NUMBER_OF_GROUPS: 1000 +CL2_TARGET_PORT: 8080 +CL2_WORKERS_PER_CLIENT: 5 +CL2_DURATION: 10800s # 3 hours +CL2_NETWORK_POLICY_TYPE: cnp \ No newline at end of file diff --git a/clusterloader2/testing/network-policy/network-policy-soak/soak-overrides.yaml b/clusterloader2/testing/network-policy/network-policy-soak/soak-overrides.yaml new file mode 100644 index 0000000000..76ad2eb316 --- /dev/null +++ b/clusterloader2/testing/network-policy/network-policy-soak/soak-overrides.yaml @@ -0,0 +1,30 @@ +# Goal: Similar to scale test run for long duration +# setup: duration 2 days - 172800 seconds +# scale table +# | # of clients | # of servers | # of policies | # of Nodes | +# | 2000 | 2000 | 2000 | 100 + +# prometheus parameters +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT: true +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL: 30s +CL2_PROMETHEUS_SCRAPE_CILIUM_ENVOY: true +CL2_PROMETHEUS_TOLERATE_MASTER: true +CL2_PROMETHEUS_MEMORY_LIMIT_FACTOR: 30.0 +CL2_PROMETHEUS_MEMORY_SCALE_FACTOR: 30.0 +CL2_PROMETHEUS_NODE_SELECTOR: "prometheus: \"true\"" + +# test parameters +# No. of clients = CL2_NUMBER_OF_CLIENTS_PER_GROUP * CL2_NUMBER_OF_GROUPS +# No. of servers = CL2_NUMBER_OF_SERVERS_PER_GROUP * CL2_NUMBER_OF_GROUPS +# for scale test, we will increase the number of clients and servers to +# scale the cluster and keep the number of workers per client limted. +# small scale test - 2000 clients, 2000 servers, 1000 policies +# large scale test - 20000 clients, 20000 servers, 1000 policies +CL2_NUMBER_OF_CLIENTS_PER_GROUP: 10 +CL2_NUMBER_OF_SERVERS_PER_GROUP: 10 +CL2_NUMBER_OF_GROUPS: 1000 +CL2_TARGET_PORT: 8080 +CL2_WORKERS_PER_CLIENT: 5 +CL2_DURATION: 86400s # 1 day +CL2_NETWORK_POLICY_TYPE: cnp +CL2_SOAK_TEST: true \ No newline at end of file diff --git a/clusterloader2/testing/network-policy/network-policy-soak/stress-overrides.yaml b/clusterloader2/testing/network-policy/network-policy-soak/stress-overrides.yaml new file mode 100644 index 0000000000..ab9329c528 --- /dev/null +++ b/clusterloader2/testing/network-policy/network-policy-soak/stress-overrides.yaml @@ -0,0 +1,26 @@ +# Goal: test Envoy and Cilium agent limits by overloading. +# setup: deploy all the client (load generator) pods on one node and spread the server pods +# equal number of clients and servers but more workers per client to generate more load + +# prometheus parameters +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT: true +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL: 30s +CL2_PROMETHEUS_SCRAPE_CILIUM_ENVOY: true +CL2_PROMETHEUS_TOLERATE_MASTER: true +CL2_PROMETHEUS_MEMORY_LIMIT_FACTOR: 30.0 +CL2_PROMETHEUS_MEMORY_SCALE_FACTOR: 30.0 +CL2_PROMETHEUS_NODE_SELECTOR: "prometheus: \"true\"" + +# test parameters +# No. of clients = CL2_NUMBER_OF_CLIENTS_PER_GROUP * CL2_NUMBER_OF_GROUPS +# No. of servers = CL2_NUMBER_OF_SERVERS_PER_GROUP * CL2_NUMBER_OF_GROUPS +# for stress test, we will try to keep # of clients and # of servers limited +# but increase the number of workers per client to generate more load. +# 50 workers per client * 20 clients = 1000rps. +CL2_NUMBER_OF_CLIENTS_PER_GROUP: 1 +CL2_NUMBER_OF_SERVERS_PER_GROUP: 2 +CL2_NUMBER_OF_GROUPS: 20 +CL2_TARGET_PORT: 8080 +CL2_WORKERS_PER_CLIENT: 50 +CL2_DURATION: 10800s # 3 hours +CL2_NETWORK_POLICY_TYPE: cnp \ No newline at end of file diff --git a/clusterloader2/testing/network-policy/overrides.yaml b/clusterloader2/testing/network-policy/overrides.yaml new file mode 100644 index 0000000000..9afe911565 --- /dev/null +++ b/clusterloader2/testing/network-policy/overrides.yaml @@ -0,0 +1,21 @@ +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT: true +CL2_PROMETHEUS_SCRAPE_CILIUM_AGENT_INTERVAL: 30s +CL2_PROMETHEUS_SCRAPE_CILIUM_ENVOY: true +CL2_PROMETHEUS_TOLERATE_MASTER: true +CL2_PROMETHEUS_MEMORY_LIMIT_FACTOR: 30.0 +CL2_PROMETHEUS_MEMORY_SCALE_FACTOR: 30.0 +CL2_PROMETHEUS_NODE_SELECTOR: "prometheus: \"true\"" +###NETWORK POLICY PARAMETERS +CL2_ENABLE_NETWORK_POLICY_ENFORCEMENT_LATENCY_TEST: true +CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY: net-pol-test +CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE: enforcement-latency +CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY: test +CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE: net-policy-client +CL2_NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS: 10 +CL2_NET_POLICY_ENFORCEMENT_LOAD_COUNT: 5000 +CL2_NET_POLICY_ENFORCEMENT_LOAD_QPS: 100 +CL2_NUMBER_OF_SERVERS: 19 # per namespace +CL2_NUMBER_OF_CLIENTS: 2 # not used +CL2_NET_POLICY_TYPE: cnp +CL2_NET_POLICY_L7_ENABLED: true +CL2_TARGET_NAMESPACE_COUNT: 550 \ No newline at end of file diff --git a/clusterloader2/testing/network-policy/pod-creation-config.yaml b/clusterloader2/testing/network-policy/pod-creation-config.yaml new file mode 100644 index 0000000000..8ebf3b3a6a --- /dev/null +++ b/clusterloader2/testing/network-policy/pod-creation-config.yaml @@ -0,0 +1,240 @@ +{{$NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE := DefaultParam .CL2_NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE false}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY "net-pol-test"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE "enforcement-latency"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY "test"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE "net-policy-client"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS 5}} +{{$NET_POLICY_ENFORCEMENT_LOAD_COUNT := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LOAD_COUNT 1000}} +{{$NET_POLICY_ENFORCEMENT_LOAD_QPS := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LOAD_QPS 10}} +{{$NET_POLICY_ENFORCEMENT_LOAD_TARGET_NAME := DefaultParam .CL2_POLICY_ENFORCEMENT_LOAD_TARGET_NAME "small-deployment"}} +{{$NET_POLICY_TYPE := DefaultParam .CL2_NET_POLICY_TYPE "k8s"}} +{{$NET_POLICY_L7_ENABLED := DefaultParam .CL2_NET_POLICY_L7_ENABLED false}} +{{$CILIUM_POLICY_IMPORTS_ERROR_THRESHOLD := DefaultParam .CL2_CILIUM_POLICY_IMPORTS_ERROR_THRESHOLD 0}} +{{$CILIUM_ENDPOINT_REGEN_FAIL_PERC_THRESHOLD := DefaultParam .CL2_CILIUM_ENDPOINT_REGEN_FAIL_PERC_THRESHOLD 0.01}} +{{$NUMBER_OF_SERVERS := DefaultParam .CL2_NUMBER_OF_SERVERS 5}} +{{$TARGET_GROUP := DefaultParam .CL2_TARGET_GROUP "service-discovery"}} +{{$TARGET_NAMESPACE_COUNT := DefaultParam .CL2_TARGET_NAMESPACE_COUNT 1}} + +name: network_policy_performance +namespace: + number: {{$TARGET_NAMESPACE_COUNT}} + prefix: slo + deleteStaleNamespaces: true + deleteAutomanagedNamespaces: true + enableExistingNamespaces: false +tuningSets: +- name: Uniform1qps + qpsLoad: + qps: 1 +steps: +# 1. start cilium agent metrics for pod creation latency +# 2. start cilium envoy metrics for pod creation latency +# 3. start pod creation network policy enforcement latency metrics +# 4. setup network pod creation policy enforcement latency measurement +# 4. run pod creation policy enforcement latency measurement test-type +# 5. start target deployments for pod creation policy enforcement latency measurement +# 6. Wait for target deployments to be ready +# 7. Sleep for 60s (buffer for client pods to measure policy enforcement latency for new target deployments) +# 8. Gather cilium agent metrics for pod creation latency +# 9. Gather cilium envoy metrics for pod creation latency +# 10. Gather pod creation network policy enforcement latency metrics +# 11. Complete pod creation network policy enforcement latency measurement + +# 1. start cilium agent metrics for pod creation - policy enforcement latency +- name: "starting cilium agent metrics during pod creation - policy enforcement latency measurement" + measurements: + - Identifier: PodCreationLatencyMetricsCilium + Method: GenericPrometheusQuery + Params: + action: start + metricName: "Cilium Agent Pod Creation Policy Enforcement Latency" + metricVersion: v1 + unit: s + queries: + # Cilium agent metrics that are related to network policies. + - name: Number of times a policy import has failed + query: sum(cilium_policy_import_errors_total) + threshold: {{$CILIUM_POLICY_IMPORTS_ERROR_THRESHOLD}} + - name: Failed endpoint regenerations percentage + query: sum(cilium_endpoint_regenerations_total{outcome="fail"}) / sum(cilium_endpoint_regenerations_total) * 100 + threshold: {{$CILIUM_ENDPOINT_REGEN_FAIL_PERC_THRESHOLD}} + - name: Policy regeneration time - Perc50 + query: histogram_quantile(0.50, sum(cilium_policy_regeneration_time_stats_seconds_bucket{scope="total"}) by (le)) + - name: Policy regeneration time - Perc99 + query: histogram_quantile(0.99, sum(cilium_policy_regeneration_time_stats_seconds_bucket{scope="total"}) by (le)) + - name: Time between a policy change and it being fully deployed into the datapath - Perc50 + query: histogram_quantile(0.50, sum(cilium_policy_implementation_delay_bucket) by (le)) + - name: Time between a policy change and it being fully deployed into the datapath - Perc99 + query: histogram_quantile(0.99, sum(cilium_policy_implementation_delay_bucket) by (le)) + - name: Latency of policy update trigger - Perc50 + query: histogram_quantile(0.50, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="latency"}) by (le)) + - name: Latency of policy update trigger - Perc99 + query: histogram_quantile(0.99, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="latency"}) by (le)) + - name: Duration of policy update trigger - Perc50 + query: histogram_quantile(0.50, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="duration"}) by (le)) + - name: Duration of policy update trigger - Perc99 + query: histogram_quantile(0.99, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="duration"}) by (le)) + - name: Endpoint regeneration latency - Perc50 + query: histogram_quantile(0.50, sum(cilium_endpoint_regeneration_time_stats_seconds_bucket{scope="total"}) by (le)) + - name: Number of policies currently loaded + query: avg(cilium_policy) + - name: Number of endpoints labeled by policy enforcement status + query: sum(cilium_policy_endpoint_enforcement_status) +# 2. start cilium envoy metrics during pod creation - policy enforcement latency measurement +- name: "starting cilium envoy metrics for pod creation - policy enforcement latency measurement" + measurements: + - Identifier: PodCreationLatencyMetricsCiliumEnvoy + Method: GenericPrometheusQuery + Params: + action: start + metricName: "Ciliu Envoy Pod Creation Policy Enforcement Latency" + metricVersion: v1 + unit: s + queries: + - name: Envoy http requests - TargetCount + query: sum(envoy_http_rq_total) + - name: Envoy rate of http requests + query: avg(rate(envoy_http_rq_total[%v])) +# 3. start pod creation policy enforcement latency metrics +- name: "starting network pod creation metrics" + measurements: + - Identifier: PodCreationLatencyMetrics + Method: GenericPrometheusQuery + Params: + action: start + metricName: "Pod Creation Policy Enforcement Latency Metrics" + metricVersion: v1 + unit: s + queries: + - name: PodCreationReachability - TargetCount + query: sum(pod_creation_reachability_latency_seconds_count) + - name: PodCreationReachability - Perc50 + query: histogram_quantile(0.5, sum(rate(pod_creation_reachability_latency_seconds_bucket[%v])) by (le)) + - name: PodCreationReachability - Perc90 + query: histogram_quantile(0.9, sum(rate(pod_creation_reachability_latency_seconds_bucket[%v])) by (le)) + - name: PodCreationReachability - Perc95 + query: histogram_quantile(0.95, sum(rate(pod_creation_reachability_latency_seconds_bucket[%v])) by (le)) + - name: PodCreationReachability - Perc99 + query: histogram_quantile(0.99, sum(rate(pod_creation_reachability_latency_seconds_bucket[%v])) by (le)) + - name: PodIpAssignedLatency - TargetCount + query: sum(pod_ip_address_assigned_latency_seconds_count) + - name: PodIpAssignedLatency - Perc50 + query: histogram_quantile(0.50, sum(rate(pod_ip_address_assigned_latency_seconds_bucket[%v])) by (le)) + - name: PodIpAssignedLatency - Perc90 + query: histogram_quantile(0.90, sum(rate(pod_ip_address_assigned_latency_seconds_bucket[%v])) by (le)) + - name: PodIpAssignedLatency - Perc95 + query: histogram_quantile(0.95, sum(rate(pod_ip_address_assigned_latency_seconds_bucket[%v])) by (le)) + - name: PodIpAssignedLatency - Perc99 + query: histogram_quantile(0.99, sum(rate(pod_ip_address_assigned_latency_seconds_bucket[%v])) by (le)) +# 4. setup pod creation policy enforcement latency measurement +- name: "Setup pod creation policy enforcement latency measurement" + measurements: + - Identifier: NetworkPolicyEnforcement + Method: NetworkPolicyEnforcement + Params: + action: setup + targetLabelKey: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY}} + targetLabelValue: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE}} + testClientNodeSelectorKey: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY}} + testClientNodeSelectorValue: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE}} + targetPort: 80 + networkPolicyType: {{.CL2_NET_POLICY_TYPE}} + l7Enabled: {{.CL2_NET_POLICY_L7_ENABLED}} +# 5. run pod creation policy enforcement latency measurement test-type +- name: "Run pod creation network policy enforcement latency measurement" + measurements: + - Identifier: NetworkPolicyEnforcement + Method: NetworkPolicyEnforcement + Params: + action: run + testType: pod-creation + targetPort: 80 + maxTargets: {{$NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS}} + policyLoadCount: {{$NET_POLICY_ENFORCEMENT_LOAD_COUNT}} + policyLoadQPS: {{$NET_POLICY_ENFORCEMENT_LOAD_QPS}} + policyLoadTargetBaseName: {{$NET_POLICY_ENFORCEMENT_LOAD_TARGET_NAME}} + networkPolicyType: {{$NET_POLICY_TYPE}} + l7Enabled: {{$NET_POLICY_L7_ENABLED}} +# 6. start target deployments for pod creation policy enforcement latency measurement +- name: "Start target deployments" + measurements: + - Method: WaitForControlledPodsRunning + Instances: + - Identifier: WaitForControlledPodsRunning + Params: + apiVersion: apps/v1 + kind: Deployment + Params: + action: start + checkIfPodsAreUpdated: true + labelSelector: group={{$TARGET_GROUP}} + operationTimeout: 20m + apiVersion: apps/v1 +- name: "Create target deployments" + phases: + - namespaceRange: + min: 1 + max: {{$TARGET_NAMESPACE_COUNT}} + replicasPerNamespace: 1 + tuningSet: Uniform1qps + objectBundle: + - basename: target-deployment + objectTemplatePath: target_deployment.yaml + templateFillMap: + Replicas: {{$NUMBER_OF_SERVERS}} + TargetLabelKey: {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY}} + TargetLabelValue: {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE}} + SvcName: small-service + Group: {{$TARGET_GROUP}} + deploymentLabel: start +# 7. Wait for target deployments to be ready +- name: "Wait for target deployments to be ready" + measurements: + - Identifier: WaitForControlledPodsRunning + Method: WaitForControlledPodsRunning + Params: + action: gather + refreshInterval: 15s +# sleep for 10s - buffer for client pods to measure policy enforcement latency for new target deployments +# and publish the metrics +- name: "Sleep for 10s" + measurements: + - Identifier: Sleep + Method: Sleep + Params: + action: sleep + duration: 10s +# 8. Gather cilium agent metrics for pod creation latency +- name: "Gathering cilium metrics for pod creation latency" + measurements: + - Identifier: PodCreationLatencyMetricsCilium + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +# 9. Gather cilium envoy metrics for pod creation latency +- name: "Gathering cilium envoy metrics for pod creation latency" + measurements: + - Identifier: PodCreationLatencyMetricsCiliumEnvoy + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +# 10. Gather network pod creation metrics +- name: "Gathering pod creation policy enforcement latency metrics" + measurements: + - Identifier: PodCreationLatencyMetrics + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +- name: "Complete pod creation network policy enforcement latency measurement" + measurements: + - Identifier: NetworkPolicyEnforcement + Method: NetworkPolicyEnforcement + Params: + action: complete + testType: pod-creation + + + diff --git a/clusterloader2/testing/network-policy/policy-creation-config.yaml b/clusterloader2/testing/network-policy/policy-creation-config.yaml new file mode 100644 index 0000000000..f5ea21aab8 --- /dev/null +++ b/clusterloader2/testing/network-policy/policy-creation-config.yaml @@ -0,0 +1,244 @@ +{{$NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE := DefaultParam .CL2_NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE false}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY "net-pol-test"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE "enforcement-latency"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY "test"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE "net-policy-client"}} +{{$NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS 5}} +{{$NET_POLICY_ENFORCEMENT_LOAD_COUNT := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LOAD_COUNT 10}} +{{$NET_POLICY_ENFORCEMENT_LOAD_QPS := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LOAD_QPS 10}} +{{$NET_POLICY_ENFORCEMENT_LOAD_TARGET_NAME := DefaultParam .CL2_POLICY_ENFORCEMENT_LOAD_TARGET_NAME "small-deployment"}} +{{$NET_POLICY_TYPE := DefaultParam .CL2_NET_POLICY_TYPE "k8s"}} +{{$NET_POLICY_L7_ENABLED := DefaultParam .CL2_NET_POLICY_L7_ENABLED false}} +{{$CILIUM_POLICY_IMPORTS_ERROR_THRESHOLD := DefaultParam .CL2_CILIUM_POLICY_IMPORTS_ERROR_THRESHOLD 0}} +{{$CILIUM_ENDPOINT_REGEN_FAIL_PERC_THRESHOLD := DefaultParam .CL2_CILIUM_ENDPOINT_REGEN_FAIL_PERC_THRESHOLD 0.01}} +{{$NUMBER_OF_SERVERS := DefaultParam .CL2_NUMBER_OF_SERVERS 5}} +{{$TARGET_GROUP := DefaultParam .CL2_TARGET_GROUP "service-discovery"}} +{{$TARGET_NAMESPACE_COUNT := DefaultParam .CL2_TARGET_NAMESPACE_COUNT 1}} + +name: network_policy_performance +namespace: + number: {{$TARGET_NAMESPACE_COUNT}} + prefix: slo + deleteStaleNamespaces: true + deleteAutomanagedNamespaces: true + enableExistingNamespaces: false +tuningSets: +- name: Uniform1qps + qpsLoad: + qps: 1 +steps: +# start +# 1. cilium agent metrics for network policy enforcement latency +# 2. cilium envoy metrics for network policy enforcement latency +# 3. start policy enforcement latency metrics +# 4. Setup policy enforcement latency measurement +# 5. Start target deployments +# 6. Create target deployments +# 7. Wait for target deployments to be ready +# 8. Run network policy enforcement latency measurement test-type 'policy-creation' +# 9. Gather cilium agent metrics for network policy enforcement latency +# 10. Gather cilium envoy metrics for network policy enforcement latency +# 11. Gather policy enforcement latency metrics +# 12. Complete policy enforcement latency measurement + +# 1. cilium agent metrics for network policy enforcement latency +- name: "cilium agent metrics for network policy enforcement latency" + measurements: + - Identifier: PolicyEnforcementLatencyCiliumMetrics + Method: GenericPrometheusQuery + Params: + action: start + metricName: "Cilium Agent Network Policy Enforcement Latency" + metricVersion: v1 + unit: s + queries: + - name: Number of times a policy import has failed + query: sum(cilium_policy_import_errors_total) + threshold: {{$CILIUM_POLICY_IMPORTS_ERROR_THRESHOLD}} + - name: Failed endpoint regenerations percentage + query: sum(cilium_endpoint_regenerations_total{outcome="fail"}) / sum(cilium_endpoint_regenerations_total) * 100 + threshold: {{$CILIUM_ENDPOINT_REGEN_FAIL_PERC_THRESHOLD}} + - name: Policy regeneration time - Perc50 + query: histogram_quantile(0.50, sum(cilium_policy_regeneration_time_stats_seconds_bucket{scope="total"}) by (le)) + - name: Policy regeneration time - Perc99 + query: histogram_quantile(0.99, sum(cilium_policy_regeneration_time_stats_seconds_bucket{scope="total"}) by (le)) + - name: Policy Implementation Delay into the datapath - Perc50 + query: histogram_quantile(0.50, sum(cilium_policy_implementation_delay_bucket) by (le)) + - name: Policy Implementation Delay into the datapath - Perc99 + query: histogram_quantile(0.99, sum(cilium_policy_implementation_delay_bucket) by (le)) + - name: Latency of policy update trigger - Perc50 + query: histogram_quantile(0.50, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="latency"}) by (le)) + - name: Latency of policy update trigger - Perc99 + query: histogram_quantile(0.99, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="latency"}) by (le)) + - name: Duration of policy update trigger - Perc50 + query: histogram_quantile(0.50, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="duration"}) by (le)) + - name: Duration of policy update trigger - Perc99 + query: histogram_quantile(0.99, sum(cilium_triggers_policy_update_call_duration_seconds_bucket{type="duration"}) by (le)) + - name: Endpoint regeneration latency - Perc50 + query: histogram_quantile(0.50, sum(cilium_endpoint_regeneration_time_stats_seconds_bucket{scope="total"}) by (le)) + - name: Number of policies currently loaded + query: avg(cilium_policy) + - name: Number of endpoints labeled by policy enforcement status + query: sum(cilium_policy_endpoint_enforcement_status) +# 2. cilium envoy metrics for network policy enforcement latency +- name: "cilium envoy metrics for network policy enforcement latency" + measurements: + - Identifier: PolicyEnforcementLatencyCiliumEnvoyMetrics + Method: GenericPrometheusQuery + Params: + action: start + metricName: "Cilium Envoy Network Policy Enforcement Latency" + metricVersion: v1 + unit: s + queries: + - name: Envoy http requests - TargetCount + query: sum(envoy_http_rq_total) + - name: Envoy rate of http requests + query: avg(rate(envoy_http_rq_total[%v])) +# 3. start policy enforcement latency metrics +- name: "starting policy enforcement metrics, network policy type - {{.CL2_NET_POLICY_TYPE}}" + measurements: + - Identifier: PolicyEnforcementLatencyMetrics + Method: GenericPrometheusQuery + Params: + action: start + metricName: "Network Policy Enforcement Latency" + metricVersion: v1 + unit: s + queries: + - name: PolicyCreation - TargetCount + query: sum(policy_enforcement_latency_policy_creation_seconds_count) + - name: PolicyCreation - Perc50 + query: histogram_quantile(0.5, sum(policy_enforcement_latency_policy_creation_seconds_bucket) by (le)) + - name: PolicyCreation - Perc90 + query: histogram_quantile(0.9, sum(policy_enforcement_latency_policy_creation_seconds_bucket) by (le)) + - name: PolicyCreation - Perc95 + query: histogram_quantile(0.95, sum(policy_enforcement_latency_policy_creation_seconds_bucket) by (le)) + - name: PolicyCreation - Perc99 + query: histogram_quantile(0.99, sum(policy_enforcement_latency_policy_creation_seconds_bucket) by (le)) +# resource usage measurement +- name: "Resource Usage" + measurements: + - Identifier: ResourceUsageSummary + Method: ResourceUsageSummary + Params: + action: start +# 4. Setup policy enforcement latency measurement +- name: "Setup network policy enforcement latency measurement" + measurements: + - Identifier: NetworkPolicyEnforcement + Method: NetworkPolicyEnforcement + Params: + action: setup + targetLabelKey: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY}} + targetLabelValue: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE}} + testClientNodeSelectorKey: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY}} + testClientNodeSelectorValue: {{.CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE}} + networkPolicyType: {{$NET_POLICY_TYPE}} + l7Enabled: {{$NET_POLICY_L7_ENABLED}} + targetPort: 80 + baseline: {{$NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE}} +# 5. Start target deployments +- name: "Start target deployments" + measurements: + - Method: WaitForControlledPodsRunning + Instances: + - Identifier: WaitForControlledPodsRunning + Params: + apiVersion: apps/v1 + kind: Deployment + Params: + action: start + checkIfPodsAreUpdated: true + labelSelector: group={{$TARGET_GROUP}} + operationTimeout: 20m + apiVersion: apps/v1 +- name: "Create target deployments" + phases: + - namespaceRange: + min: 1 + max: {{$TARGET_NAMESPACE_COUNT}} + replicasPerNamespace: 1 + tuningSet: Uniform1qps + objectBundle: + - basename: target-deployment + objectTemplatePath: target_deployment.yaml + templateFillMap: + Replicas: {{$NUMBER_OF_SERVERS}} + TargetLabelKey: {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY}} + TargetLabelValue: {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE}} + SvcName: small-service + Group: {{$TARGET_GROUP}} + deploymentLabel: start +# 7. Wait for target deployments to be ready +- name: "Wait for target deployments to be ready" + measurements: + - Identifier: WaitForControlledPodsRunning + Method: WaitForControlledPodsRunning + Params: + action: gather + refreshInterval: 15s +# 8. Run network policy enforcement latency measurement test-type 'policy-creation' +- name: "Run network policy enforcement latency measurement test-type 'policy-creation'" + measurements: + - Identifier: NetworkPolicyEnforcement + Method: NetworkPolicyEnforcement + Params: + action: run + testType: policy-creation + targetPort: 80 + networkPolicyType: cilium + l7Enabled: true + maxTargets: {{$NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS}} + policyLoadCount: {{$NET_POLICY_ENFORCEMENT_LOAD_COUNT}} + policyLoadQPS: {{$NET_POLICY_ENFORCEMENT_LOAD_QPS}} + policyLoadTargetBaseName: {{$NET_POLICY_ENFORCEMENT_LOAD_TARGET_NAME}} +# 9. Gather cilium agent metrics for network policy enforcement latency +- name: "Gather cilium agent metrics for network policy enforcement latency" + measurements: + - Identifier: PolicyEnforcementLatencyCiliumMetrics + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +# 10. Gather cilium envoy metrics for network policy enforcement latency +- name: "Gather cilium envoy metrics for network policy enforcement latency" + measurements: + - Identifier: PolicyEnforcementLatencyCiliumEnvoyMetrics + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +# 11. Gather policy enforcement latency metrics +- name: "Gather policy enforcement latency metrics" + measurements: + - Identifier: PolicyEnforcementLatencyMetrics + Method: GenericPrometheusQuery + Params: + action: gather + enableViolations: true +# gather resource usage measurement +- name: "Resource Usage Summary" + measurements: + - Identifier: ResourceUsageSummary + Method: ResourceUsageSummary + Params: + action: gather + enableViolations: true +- name: Sleep + measurements: + - Identifier: sleep + Method: Sleep + Params: + duration: 60s +# 12. Complete policy enforcement latency measurement +- name: "Complete pod creation network policy enforcement latency measurement" + measurements: + - Identifier: NetworkPolicyEnforcement + Method: NetworkPolicyEnforcement + Params: + action: complete + testType: policy-creation + + + diff --git a/clusterloader2/testing/network-policy/target_deployment.yaml b/clusterloader2/testing/network-policy/target_deployment.yaml new file mode 100644 index 0000000000..d45723d943 --- /dev/null +++ b/clusterloader2/testing/network-policy/target_deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.Name}} + labels: + group: {{.Group}} + svc: {{.SvcName}} +spec: + replicas: {{.Replicas}} + selector: + matchLabels: + name: policy-load-{{.Name}} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 20% + maxSurge: 20% + template: + metadata: + labels: + name: policy-load-{{.Name}} + group: {{.Group}} + svc: {{.SvcName}} + restart: {{.deploymentLabel}} + net-pol-test: {{.TargetLabelValue}} + spec: + nodeSelector: + slo: "true" + hostNetwork: false + containers: + - image: acnpublic.azurecr.io/scaletest/nginx:latest + name: nginx-server + ports: + - containerPort: 80 + resources: + requests: + cpu: 10m + memory: 25Mi + tolerations: + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 900 + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 900 + - key: "slo" + operator: "Equal" + value: "true" + effect: "NoSchedule" \ No newline at end of file diff --git a/network/benchmarks/netloader/Dockerfile b/network/benchmarks/netloader/Dockerfile new file mode 100644 index 0000000000..406e58883a --- /dev/null +++ b/network/benchmarks/netloader/Dockerfile @@ -0,0 +1,21 @@ +# Build image +FROM golang:1.23 AS build-env + +ARG gopkg=k8s.io/perf-tests/network/benchmarks/netloader +ADD ["./", "/go/src/${gopkg}"] +WORKDIR /go/src/${gopkg} +RUN ls -la + +RUN CGO_ENABLED=0 go build -o /netloader ./cmd + +# Runtime image +FROM alpine:3.20 +# install curl +RUN apk add --no-cache curl + +COPY --from=build-env /netloader /netloader + +#Make sure that when compiled on debian, the binary will run on alpine +RUN mkdir -p /lib64 && ln -s /lib/ld-musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 + +ENTRYPOINT ["/netloader"] \ No newline at end of file diff --git a/network/benchmarks/netloader/Makefile b/network/benchmarks/netloader/Makefile new file mode 100644 index 0000000000..69fc544784 --- /dev/null +++ b/network/benchmarks/netloader/Makefile @@ -0,0 +1,17 @@ +USERNAME ?= sanamsarath +PROJECT ?= netloader +REGISTRY ?= acnpublic.azurecr.io +IMG ?= $(USERNAME)/$(PROJECT) +TAG ?= 0.7 + +all: push + +.PHONY: build +build: + docker build --pull -t $(REGISTRY)/$(IMG):$(TAG) . + @echo "Built $(IMG):$(TAG)" + +.PHONY: push +push: build + docker push $(REGISTRY)/$(IMG):$(TAG) + @echo "Pushed $(IMG):$(TAG)" diff --git a/network/benchmarks/netloader/cmd/netloader.go b/network/benchmarks/netloader/cmd/netloader.go new file mode 100644 index 0000000000..9224f4f1c7 --- /dev/null +++ b/network/benchmarks/netloader/cmd/netloader.go @@ -0,0 +1,28 @@ +package main + +// simple http load gen tool - takes arguements for target label selectors and namespace, duration of the run, number of concurrent threads, dest port number please + +import ( + "os" + "os/signal" + "syscall" + + "k8s.io/klog" + client "k8s.io/perf-tests/network/benchmarks/netloader/pkg/test-client" +) + +// main function +func main() { + klog.Info("Starting netloader") + defer klog.Info("Shutting down netloader") + + // main stop channel + mainStopCh := make(chan os.Signal, 1) + testClient, err := client.NewTestClient(mainStopCh) + if err != nil { + klog.Fatalf("Failed to create test client: %v", err) + } + + signal.Notify(mainStopCh, syscall.SIGINT, syscall.SIGTERM) + testClient.Run() +} diff --git a/network/benchmarks/netloader/go.mod b/network/benchmarks/netloader/go.mod new file mode 100644 index 0000000000..3efbd3f0cd --- /dev/null +++ b/network/benchmarks/netloader/go.mod @@ -0,0 +1,57 @@ +module k8s.io/perf-tests/network/benchmarks/netloader + +go 1.23.3 + +require ( + github.com/prometheus/client_golang v1.20.5 + k8s.io/api v0.32.1 + k8s.io/apimachinery v0.32.1 + k8s.io/client-go v0.32.1 + k8s.io/klog v1.0.0 +) + +require ( + github.com/beorn7/perks v1.0.1 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.17.9 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/x448/float16 v0.8.4 // indirect + golang.org/x/net v0.30.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/time v0.7.0 // indirect + google.golang.org/protobuf v1.35.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/network/benchmarks/netloader/go.sum b/network/benchmarks/netloader/go.sum new file mode 100644 index 0000000000..69eadd389a --- /dev/null +++ b/network/benchmarks/netloader/go.sum @@ -0,0 +1,173 @@ +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/network/benchmarks/netloader/pkg/metrics/metrics.go b/network/benchmarks/netloader/pkg/metrics/metrics.go new file mode 100644 index 0000000000..926ffba385 --- /dev/null +++ b/network/benchmarks/netloader/pkg/metrics/metrics.go @@ -0,0 +1,19 @@ +package metrics + +import ( + "fmt" + "net/http" + + "github.com/prometheus/client_golang/prometheus/promhttp" +) + +// start metrics server +func StartMetricsServer(port, path string) error { + // start metrics server + http.Handle(path, promhttp.Handler()) + err := http.ListenAndServe(":"+port, nil) + if err != nil { + return fmt.Errorf("failed to start metrics server: %v", err) + } + return nil +} diff --git a/network/benchmarks/netloader/pkg/test-client/client.go b/network/benchmarks/netloader/pkg/test-client/client.go new file mode 100644 index 0000000000..859b32540b --- /dev/null +++ b/network/benchmarks/netloader/pkg/test-client/client.go @@ -0,0 +1,211 @@ +package client + +import ( + "context" + "crypto/tls" + "flag" + "net" + "net/http" + "os" + "strconv" + "sync" + "time" + + "golang.org/x/net/http2" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + clientset "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "k8s.io/klog" + "k8s.io/perf-tests/network/benchmarks/netloader/pkg/metrics" + utils "k8s.io/perf-tests/network/benchmarks/netloader/util" +) + +type TestClient struct { + dest_labelSelector string + namespace string + duration time.Duration + interval time.Duration + concurrentThreads int + destPort int + destPath string + stopChan chan os.Signal + HttpMetrics *HttpMetrics + iplookup *utils.Iplookup + httpClient *http.Client +} + +func NewTestClient(stopCh chan os.Signal) (*TestClient, error) { + client := &TestClient{ + stopChan: stopCh, + HttpMetrics: NewHttpMetrics(), + httpClient: &http.Client{ + Transport: &http2.Transport{ + AllowHTTP: true, + DialTLS: func(network, addr string, cfg *tls.Config) (net.Conn, error) { + return net.Dial(network, addr) + }, + }, + }, + } + return client, nil +} + +// parse command line arguments +func (c *TestClient) parse() error { + var dest_labelSelector string + var namespace string + var duration int + var interval int + var concurrentThreads int + var destPort int + var destPath string + + flag.StringVar(&dest_labelSelector, "dest_labelSelector", "app=target", "destination label selector") + flag.StringVar(&namespace, "namespace", "default", "namespace") + flag.IntVar(&duration, "duration", 60, "duration of the run in seconds") + flag.IntVar(&interval, "interval", 1, "interval between requests") + flag.IntVar(&concurrentThreads, "workers", 10, "number of concurrent threads") + flag.IntVar(&destPort, "destPort", 80, "destination port number") + flag.StringVar(&destPath, "destPath", "/", "destination path") + + flag.Parse() + + c.dest_labelSelector = dest_labelSelector + c.namespace = namespace + c.duration = time.Duration(duration) * time.Second + c.interval = time.Duration(interval) * time.Second + c.concurrentThreads = concurrentThreads + c.destPort = destPort + c.destPath = destPath + + klog.Infof("dest_labelSelector: %s, namespace: %s, duration: %v, interval: %v, concurrentThreads: %d, destPort: %d, destPath: %s", c.dest_labelSelector, c.namespace, c.duration, c.interval, c.concurrentThreads, c.destPort, c.destPath) + return nil +} + +func (c *TestClient) Run() { + // parse command line arguments + _ = c.parse() + + // start metrics server + go func() { + klog.Info("Starting metrics server") + + if err := metrics.StartMetricsServer("8080", "/metrics"); err != nil { + klog.Fatalf("Failed to start metrics server: %v", err) + } + }() + + // start the test + c.startTest() + + // Wait for the stop signal + klog.Info("Going to Idlestate") + <-c.stopChan + klog.Info("Received stop signal") +} + +func (c *TestClient) startTest() { + // get k8s config + config, err := rest.InClusterConfig() + if err != nil { + klog.Fatalf("Failed to get k8s config: %v", err) + } + + // create k8s client + k8sClient, err := clientset.NewForConfig(config) + if err != nil { + klog.Fatalf("Failed to create k8s client: %v", err) + } + + // get the list of pods + podList, err := k8sClient.CoreV1().Pods(c.namespace).List(context.Background(), metav1.ListOptions{LabelSelector: c.dest_labelSelector, Limit: 128}) + if err != nil { + klog.Fatalf("Failed to get pod list: %v", err) + } + + // get the list of pod IPs + podIps := utils.GetPodIPs(podList) + if len(podIps) == 0 { + klog.Fatalf("No pods found with label selector %s", c.dest_labelSelector) + } + + c.iplookup = utils.NewIplookup(podIps) + ctx, cancel := context.WithTimeout(context.Background(), c.duration) + defer cancel() + + // new common channel to send ip addresses to workers + ipChan := make(chan string, c.concurrentThreads) + + var wg sync.WaitGroup + + wg.Add(1) + go func() { + defer wg.Done() + ticker := time.NewTicker(c.interval).C + for { + select { + case <-ticker: + ip := c.iplookup.GetIp() + // broadcast ip to all workers + for i := 0; i < c.concurrentThreads; i++ { + select { + case ipChan <- ip: + default: + // skip if channel is full + } + } + case <-ctx.Done(): + klog.Info("Load duration expired, stopping ticker") + return + } + } + }() + + for i := 0; i < c.concurrentThreads; i++ { + wg.Add(1) + // pass ipChan directly to worker + go c.worker(&wg, ctx, ipChan) + } + + wg.Wait() +} + +// update worker signature to receive string +func (c *TestClient) worker(wg *sync.WaitGroup, ctx context.Context, ipChan <-chan string) { + defer wg.Done() + destPort := strconv.Itoa(c.destPort) + for { + select { + case <-ctx.Done(): + klog.Info("Load duration expired, stopping worker") + return + case ip := <-ipChan: + // url + url := "http://" + ip + ":" + destPort + c.destPath + + // start time + start := time.Now() + + // make the http request + resp, err := c.httpClient.Get(url) + if err != nil { + klog.Errorf("http request failed: %v", err) + // Inc total and fail counters + c.HttpMetrics.requestsTotal.WithLabelValues("total").Inc() + c.HttpMetrics.requestsFail.WithLabelValues("fail").Inc() + continue + } + + // record the latency - optional via env var + if os.Getenv("RECORD_LATENCY") == "true" { + latency := time.Since(start).Seconds() + c.HttpMetrics.latencies.WithLabelValues(ip).Observe(latency) + } + + // Inc total and success counters + c.HttpMetrics.requestsTotal.WithLabelValues("total").Inc() + c.HttpMetrics.requestsSuccess.WithLabelValues("success").Inc() + resp.Body.Close() + } + } +} diff --git a/network/benchmarks/netloader/pkg/test-client/http_metrics.go b/network/benchmarks/netloader/pkg/test-client/http_metrics.go new file mode 100644 index 0000000000..16b4ba745f --- /dev/null +++ b/network/benchmarks/netloader/pkg/test-client/http_metrics.go @@ -0,0 +1,47 @@ +package client + +import ( + "github.com/prometheus/client_golang/prometheus" +) + +// HttpMetrics +type HttpMetrics struct { + requestsTotal *prometheus.CounterVec + requestsSuccess *prometheus.CounterVec + requestsFail *prometheus.CounterVec + latencies *prometheus.HistogramVec +} + +// NewHttpMetrics +func NewHttpMetrics() *HttpMetrics { + requestsTotal := prometheus.NewCounterVec(prometheus.CounterOpts{ + Name: "http_requests_total", + Help: "Total number of HTTP requests", + }, []string{"count"}) + + requestsSuccess := prometheus.NewCounterVec(prometheus.CounterOpts{ + Name: "http_requests_success", + Help: "Total number of successful HTTP requests", + }, []string{"count"}) + + requestsFail := prometheus.NewCounterVec(prometheus.CounterOpts{ + Name: "http_requests_fail", + Help: "Total number of failed HTTP requests", + }, []string{"count"}) + + latencies := prometheus.NewHistogramVec(prometheus.HistogramOpts{ + Name: "http_request_latency_seconds", + Help: "HTTP request latency in seconds", + Buckets: prometheus.DefBuckets, + }, []string{"endpoint"}) + + // Register the metrics with Prometheus + prometheus.MustRegister(requestsTotal, requestsSuccess, requestsFail, latencies) + + return &HttpMetrics{ + requestsTotal: requestsTotal, + requestsSuccess: requestsSuccess, + requestsFail: requestsFail, + latencies: latencies, + } +} diff --git a/network/benchmarks/netloader/util/utils.go b/network/benchmarks/netloader/util/utils.go new file mode 100644 index 0000000000..1d3b215f2b --- /dev/null +++ b/network/benchmarks/netloader/util/utils.go @@ -0,0 +1,47 @@ +package util + +import ( + "sync" + + corev1 "k8s.io/api/core/v1" + "k8s.io/klog" +) + +// Iplookup - thread safe ip address lookup +type Iplookup struct { + IpList []string + lock sync.Mutex +} + +// NewIplookup +func NewIplookup(IpList []string) *Iplookup { + return &Iplookup{ + IpList: IpList, + } +} + +// GetIp +func (i *Iplookup) GetIp() string { + // get the lock to make this thread safe + i.lock.Lock() + defer i.lock.Unlock() + // get the first ip from the list + // and move it to the end + ip := i.IpList[0] + i.IpList = append(i.IpList[1:], ip) + return ip +} + +// get pod ip addresses from list of pods +func GetPodIPs(podList *corev1.PodList) []string { + var podIPs []string + for _, pod := range podList.Items { + // if pod is not ready, or ip is empty, skip + if pod.Status.Phase != corev1.PodRunning || pod.Status.PodIP == "" { + klog.Warningf("Pod %s is not ready, skipping", pod.Name) + continue + } + podIPs = append(podIPs, pod.Status.PodIP) + } + return podIPs +} diff --git a/network/tools/network-policy-enforcement-latency/Makefile b/network/tools/network-policy-enforcement-latency/Makefile index 6dfd6465cc..50ac7a2b4f 100644 --- a/network/tools/network-policy-enforcement-latency/Makefile +++ b/network/tools/network-policy-enforcement-latency/Makefile @@ -1,4 +1,4 @@ -REGISTRY ?= gcr.io/k8s-staging-perf-tests/network-policy-enforcement-latency +REGISTRY ?= docker.io/sanamsarath POD_CREATION_IMAGE_NAME ?= pod-creation-reachability-latency POD_CREATION_PATH ?= $(POD_CREATION_IMAGE_NAME) diff --git a/network/tools/network-policy-enforcement-latency/go.mod b/network/tools/network-policy-enforcement-latency/go.mod index 535c18dd81..c43ab5c3a1 100644 --- a/network/tools/network-policy-enforcement-latency/go.mod +++ b/network/tools/network-policy-enforcement-latency/go.mod @@ -1,56 +1,113 @@ module k8s.io/perf-tests/network/tools/network-policy-enforcement-latency -go 1.22.4 +go 1.23.0 + +toolchain go1.23.3 require ( + github.com/cilium/cilium v1.17.0 github.com/prometheus/client_golang v1.20.5 - k8s.io/api v0.31.3 - k8s.io/apimachinery v0.31.3 - k8s.io/client-go v0.31.3 + k8s.io/api v0.32.0 + k8s.io/apimachinery v0.32.0 + k8s.io/client-go v0.32.0 k8s.io/klog v1.0.0 k8s.io/klog/v2 v2.130.1 ) require ( + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/cilium/ebpf v0.17.1 // indirect + github.com/cilium/hive v0.0.0-20250121145729-e67f66eb0375 // indirect + github.com/cilium/proxy v0.0.0-20241115112946-fb67566cbd95 // indirect + github.com/cilium/statedb v0.3.4 // indirect + github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-openapi/analysis v0.23.0 // indirect + github.com/go-openapi/errors v0.22.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/loads v0.22.0 // indirect + github.com/go-openapi/runtime v0.28.0 // indirect + github.com/go-openapi/spec v0.21.0 // indirect + github.com/go-openapi/strfmt v0.23.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/validate v0.24.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect + github.com/gopacket/gopacket v1.3.1 // indirect + github.com/hashicorp/hcl v1.0.1-vault-5 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.9 // indirect + github.com/mackerelio/go-osstat v0.2.5 // indirect + github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/oklog/ulid v1.3.1 // indirect + github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect + github.com/pelletier/go-toml/v2 v2.2.2 // indirect + github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect + github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/common v0.61.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect + github.com/sagikazarmark/locafero v0.4.0 // indirect + github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/sasha-s/go-deadlock v0.3.5 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect + github.com/sourcegraph/conc v0.3.0 // indirect + github.com/spf13/afero v1.11.0 // indirect + github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cobra v1.8.1 // indirect + github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect + github.com/spf13/viper v1.19.0 // indirect + github.com/subosito/gotenv v1.6.0 // indirect + github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 // indirect + github.com/vishvananda/netns v0.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.21.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.3.0 // indirect - google.golang.org/protobuf v1.34.2 // indirect + go.mongodb.org/mongo-driver v1.14.0 // indirect + go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/metric v1.32.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect + go.uber.org/dig v1.17.1 // indirect + go.uber.org/multierr v1.11.0 // indirect + go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect + golang.org/x/net v0.33.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect + golang.org/x/time v0.8.0 // indirect + golang.org/x/tools v0.28.0 // indirect + google.golang.org/protobuf v1.35.2 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/network/tools/network-policy-enforcement-latency/go.sum b/network/tools/network-policy-enforcement-latency/go.sum index eb585407d4..1856b30b73 100644 --- a/network/tools/network-policy-enforcement-latency/go.sum +++ b/network/tools/network-policy-enforcement-latency/go.sum @@ -1,30 +1,80 @@ +cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= +cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= +github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cilium/cilium v1.17.0 h1:WeR71cqrGN0nvn0QEzerGYHiKAYhs77QaXeOUU7UQUI= +github.com/cilium/cilium v1.17.0/go.mod h1:RPlqqedvumcC6VKrDI0fsJ+O1NWWFXQo1Fx3BhtnjFQ= +github.com/cilium/ebpf v0.17.1 h1:G8mzU81R2JA1nE5/8SRubzqvBMmAmri2VL8BIZPWvV0= +github.com/cilium/ebpf v0.17.1/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= +github.com/cilium/hive v0.0.0-20250121145729-e67f66eb0375 h1:EhoCO0AI3qJavnhfAls4w7VpVVpAr12wIh293sNA0hQ= +github.com/cilium/hive v0.0.0-20250121145729-e67f66eb0375/go.mod h1:pI2GJ1n3SLKIQVFrKF7W6A6gb6BQkZ+3Hp4PAEo5SuI= +github.com/cilium/proxy v0.0.0-20241115112946-fb67566cbd95 h1:iMn0++U3CDqoDINY5JLOhlPcjj3kW/xCmse+d+EZkOM= +github.com/cilium/proxy v0.0.0-20241115112946-fb67566cbd95/go.mod h1:/UoCz3gByKwF5gCHFMUhwmIN5/Pgmb8LTIrfBlmjGCo= +github.com/cilium/statedb v0.3.4 h1:nb5qNntmtaNljJD1r2s5zGOs62LP87AqLhFKIZH2rRE= +github.com/cilium/statedb v0.3.4/go.mod h1:hpcYZXvrOhmdBd02/N/WqxSjbeO2HYG8l3Z2fGq6Ioo= +github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 h1:f+CgYUy2YyZ2EX31QSqf3vwFiJJQSAMIQLn4d3QQYno= +github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744/go.mod h1:/e83AwqvNKpyg4n3C41qmnmj1x2G9DwzI+jb7GkF4lI= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM= +github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= +github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= +github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= +github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= +github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= +github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= @@ -35,29 +85,50 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gopacket/gopacket v1.3.1 h1:ZppWyLrOJNZPe5XkdjLbtuTkfQoxQ0xyMJzQCqtqaPU= +github.com/gopacket/gopacket v1.3.1/go.mod h1:3I13qcqSpB2R9fFQg866OOgzylYkZxLTmkvcXhvf6qg= +github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= +github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= +github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= +github.com/jsimonetti/rtnetlink/v2 v2.0.1 h1:xda7qaHDSVOsADNouv7ukSuicKZO7GgVUCXxpaIEIlM= +github.com/jsimonetti/rtnetlink/v2 v2.0.1/go.mod h1:7MoNYNbb3UaDHtF8udiJo/RH6VsTKP1pqKLUTVCvToE= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= +github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= +github.com/mackerelio/go-osstat v0.2.5 h1:+MqTbZUhoIt4m8qzkVoXUJg1EuifwlAJSk4Yl2GXh+o= +github.com/mackerelio/go-osstat v0.2.5/go.mod h1:atxwWF+POUZcdtR1wnsUcQxTytoHG4uhl2AKKzrOajY= +github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= +github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= +github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= +github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U= +github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -65,10 +136,21 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= -github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= +github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= +github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= +github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 h1:Dx7Ovyv/SFnMFw3fD4oEoeorXc6saIiQ23LrGLth0Gw= +github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -76,96 +158,157 @@ github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+ github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ= +github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= +github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= +github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= +github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= +github.com/sasha-s/go-deadlock v0.3.5 h1:tNCOEEDG6tBqrNDOX35j/7hL5FcFViG6awUGROb2NsU= +github.com/sasha-s/go-deadlock v0.3.5/go.mod h1:bugP6EGbdGYObIlx7pUZtWqlvo8k9H6vCBBsiChJQ5U= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= +github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= +github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= +github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace h1:9PNP1jnUjRhfmGMlkXHjYPishpcw4jpSt/V/xYY3FMA= +github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= +github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= +github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= +github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 h1:9fkQcQYvtTr9ayFXuMfDMVuDt4+BYG9FwsGLnrBde0M= +github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= +github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= +github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= +go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= +go.uber.org/dig v1.17.1 h1:Tga8Lz8PcYNsWsyHMZ1Vm0OQOUaJNDyvPImgbAu9YSc= +go.uber.org/dig v1.17.1/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M= +go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= -k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= -k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= +k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= +k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/network/tools/network-policy-enforcement-latency/pkg/utils/utils.go b/network/tools/network-policy-enforcement-latency/pkg/utils/utils.go index 8a3e837889..424da29246 100644 --- a/network/tools/network-policy-enforcement-latency/pkg/utils/utils.go +++ b/network/tools/network-policy-enforcement-latency/pkg/utils/utils.go @@ -27,6 +27,7 @@ import ( "sync" "time" + ciliumClientset "github.com/cilium/cilium/pkg/k8s/client/clientset/versioned" "k8s.io/apimachinery/pkg/api/meta" clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" @@ -75,6 +76,7 @@ type BaseTestClientConfig struct { MainStopChan chan os.Signal MetricsServer *http.Server K8sClient *clientset.Clientset + CiliumClient ciliumClientset.Interface } // HostConfig holds information about the pod specification where the @@ -108,6 +110,16 @@ func CreateBaseTestClientConfig(stopChan chan os.Signal) (*BaseTestClientConfig, return nil, fmt.Errorf("failed to create k8s client, error: %v", err) } + k8s_config, err := rest.InClusterConfig() + if err != nil { + return nil, err + } + + ciliumClient, err := ciliumClientset.NewForConfig(k8s_config) + if err != nil { + return nil, fmt.Errorf("failed to create cilium client, error: %v", err) + } + hostConfig := &HostConfig{} targetConfig := &TargetConfig{} @@ -130,6 +142,7 @@ func CreateBaseTestClientConfig(stopChan chan os.Signal) (*BaseTestClientConfig, TargetConfig: targetConfig, MainStopChan: stopChan, K8sClient: k8sClient, + CiliumClient: ciliumClient, } return config, nil diff --git a/network/tools/network-policy-enforcement-latency/policy-creation-enforcement-latency/test-client/client.go b/network/tools/network-policy-enforcement-latency/policy-creation-enforcement-latency/test-client/client.go index 9387c2dddf..b5c2bb5f97 100644 --- a/network/tools/network-policy-enforcement-latency/policy-creation-enforcement-latency/test-client/client.go +++ b/network/tools/network-policy-enforcement-latency/policy-creation-enforcement-latency/test-client/client.go @@ -39,15 +39,26 @@ type TestClient struct { // The name of the egress policy that allows traffic from test client pods to // target pods. allowPolicyName string + + // network policy namespace if not clusterwide + npNamespace string + // Used to cache policy creation time instead of getting it from API server on // every successful request. policyCreatedTime *utils.TimeWithLock + + // network policy type + np_type string } // NewTestClient creates a new test client based on the command flags. func NewTestClient(stopChan chan os.Signal) (*TestClient, error) { var allowPolicyName string + var np_namespace string + var np_type string flag.StringVar(&allowPolicyName, "AllowPolicyName", "", "The name of the egress policy that allows traffic from test client pods to target pods") + flag.StringVar(&np_type, "np_type", "k8s", "The type of network policy to be created k8s, cilium etc., (k8s, cnp, ccnp)") + flag.StringVar(&np_namespace, "np_namespace", "", "The namespace of the network policy") baseTestClientConfig, err := utils.CreateBaseTestClientConfig(stopChan) if err != nil { return nil, err @@ -56,6 +67,8 @@ func NewTestClient(stopChan chan os.Signal) (*TestClient, error) { testClient := &TestClient{ BaseTestClientConfig: baseTestClientConfig, allowPolicyName: allowPolicyName, + np_type: np_type, + npNamespace: np_namespace, } err = testClient.initialize() @@ -63,6 +76,11 @@ func NewTestClient(stopChan chan os.Signal) (*TestClient, error) { return nil, err } + // if np_type is cnp(cilium network policy) then np namespace should be provided + if testClient.np_type == "cnp" && testClient.npNamespace == "" { + return nil, fmt.Errorf("cilium network policy namespace is not provided") + } + return testClient, nil } @@ -162,13 +180,36 @@ func (c *TestClient) reportReachedTimeForPolicyCreation(target *utils.TargetSpec c.policyCreatedTime.Lock.Lock() if c.policyCreatedTime.Time == nil { - networkPolicy, err := c.K8sClient.NetworkingV1().NetworkPolicies(c.HostConfig.HostNamespace).Get(context.TODO(), c.allowPolicyName, metav1.GetOptions{}) - if err != nil { - klog.Warningf("Failed to get network policies for pod %q in namespace %q with IP %q: %v", target.Name, c.HostConfig.HostNamespace, target.IP, err) - failed = true - } else { - policyCreateTime = networkPolicy.GetCreationTimestamp().Time - c.policyCreatedTime.Time = &policyCreateTime + switch c.np_type { + case "k8s": + networkPolicy, err := c.K8sClient.NetworkingV1().NetworkPolicies(c.HostConfig.HostNamespace).Get(context.TODO(), c.allowPolicyName, metav1.GetOptions{}) + if err != nil { + klog.Warningf("Failed to get network policies for pod %q in namespace %q with IP %q: %v", target.Name, c.HostConfig.HostNamespace, target.IP, err) + failed = true + } else { + policyCreateTime = networkPolicy.GetCreationTimestamp().Time + c.policyCreatedTime.Time = &policyCreateTime + } + case "ccnp": + netPolicy, err := c.CiliumClient.CiliumV2().CiliumClusterwideNetworkPolicies().Get(context.TODO(), c.allowPolicyName, metav1.GetOptions{}) + if err != nil { + klog.Warningf("Failed to get cilium clusterwide network policies for pod %q in namespace %q with IP %q: %v", target.Name, c.HostConfig.HostNamespace, target.IP, err) + failed = true + } else { + policyCreateTime = netPolicy.GetCreationTimestamp().Time + c.policyCreatedTime.Time = &policyCreateTime + } + case "cnp": + netPolicy, err := c.CiliumClient.CiliumV2().CiliumNetworkPolicies(c.npNamespace).Get(context.TODO(), c.allowPolicyName, metav1.GetOptions{}) + if err != nil { + klog.Warningf("Failed to get cilium network policies for pod %q in namespace %q with IP %q: %v", target.Name, c.HostConfig.HostNamespace, target.IP, err) + failed = true + } else { + policyCreateTime = netPolicy.GetCreationTimestamp().Time + c.policyCreatedTime.Time = &policyCreateTime + } + default: + klog.Warningf("Invalid network policy type %q", c.np_type) } } else { policyCreateTime = *c.policyCreatedTime.Time From efc64c522d2ddb987db8aabd26252eeaca3041ce Mon Sep 17 00:00:00 2001 From: sanamsarath Date: Mon, 17 Mar 2025 16:40:18 +0000 Subject: [PATCH 2/6] feat: add resource gathering toggle to NetworkPolicySoakMeasurement --- .../network-policy-soak/np_soak_measurment.go | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go index 77b4739260..376590e2f8 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go @@ -61,7 +61,8 @@ type NetworkPolicySoakMeasurement struct { workerPerClient int npType string // gatherers - gatherers *gatherers.ContainerResourceGatherer + gatherers *gatherers.ContainerResourceGatherer + resourceGatheringEnabled bool } func createNetworkPolicySoakMeasurement() measurement.Measurement { @@ -128,8 +129,10 @@ func (m *NetworkPolicySoakMeasurement) start(config *measurement.Config) ([]meas } // start envoy resource gatherer - if err := m.envoyResourceGather(); err != nil { - return nil, err + if m.resourceGatheringEnabled { + if err := m.envoyResourceGather(); err != nil { + return nil, err + } } m.isRunning = true @@ -204,6 +207,10 @@ func (m *NetworkPolicySoakMeasurement) initialize(config *measurement.Config) er return fmt.Errorf("phase: start, %s: failed to get network policy type: %v", m.String(), err) } + if m.resourceGatheringEnabled, err = util.GetBoolOrDefault(config.Params, "resourceGatheringEnabled", true); err != nil { + return fmt.Errorf("phase: start, %s: failed to get resource gathering enabled: %v", m.String(), err) + } + return nil } @@ -416,6 +423,12 @@ func (m *NetworkPolicySoakMeasurement) gather() ([]measurement.Summary, error) { time.Sleep(time.Until(m.testEndTime)) klog.Infof("phase: gather, %s: test run completed", m.String()) + // if resource gathering is not enabled, skip the gathering + if !m.resourceGatheringEnabled { + klog.Infof("phase: gather, %s: resource gathering not enabled, skipping...", m.String()) + return nil, nil + } + // stop gathering resource usage if m.gatherers == nil { klog.Warningf("phase: gather, %s: gatherer not initialized. Envoy resource usage not collected", m.String()) @@ -453,8 +466,8 @@ func (m *NetworkPolicySoakMeasurement) envoyResourceGather() error { // resource gatherer options options := gatherers.ResourceGathererOptions{ InKubemark: m.framework.GetClusterConfig().Provider.Features().IsKubemarkProvider, - ResourceDataGatheringPeriod: 60 * time.Second, - MasterResourceDataGatheringPeriod: 60 * time.Second, + ResourceDataGatheringPeriod: 120 * time.Second, + MasterResourceDataGatheringPeriod: 120 * time.Second, Nodes: gatherers.AllNodes, } From 0453e30285c7f4b94a8e159c238b8a336963ae0a Mon Sep 17 00:00:00 2001 From: sanamsarath Date: Mon, 17 Mar 2025 23:45:12 +0000 Subject: [PATCH 3/6] fix: add delay in Dispose method to prevent API server throttling --- .../network-policy/network-policy-soak/np_soak_measurment.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go index 376590e2f8..affa3dfe17 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go @@ -531,6 +531,9 @@ func (m *NetworkPolicySoakMeasurement) Dispose() { if err := m.k8sClient.AppsV1().Deployments(ns).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector: labelSelector}); err != nil { klog.Errorf("phase: gather, %s NS: %s, failed to delete target deployments: %v", m.String(), ns, err) } + // add a delay to avoid API server throttling, + // wait for number of replicas per target namespace * 0.1 seconds + time.Sleep(time.Duration(m.targetReplicasPerNs) * 100 * time.Millisecond) } // stop gatherers From 4beea4431b023f657e4172eae069514f5fa06d05 Mon Sep 17 00:00:00 2001 From: sanamsarath Date: Tue, 18 Mar 2025 03:17:27 +0000 Subject: [PATCH 4/6] refactor: replace time.Sleep with timer in gather method and adjust delay in Dispose method --- .../network-policy-soak/np_soak_measurment.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go index affa3dfe17..f30eba7179 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go @@ -420,7 +420,10 @@ func (m *NetworkPolicySoakMeasurement) gather() ([]measurement.Summary, error) { // wait for the test to complete klog.Infof("phase: gather, %s: waiting for the test run to complete...", m.String()) - time.Sleep(time.Until(m.testEndTime)) + // Instead of: time.Sleep(time.Until(m.testEndTime)) + timer := time.NewTimer(time.Until(m.testEndTime)) + <-timer.C + // Optionally, call timer.Stop() if needed. klog.Infof("phase: gather, %s: test run completed", m.String()) // if resource gathering is not enabled, skip the gathering @@ -532,8 +535,8 @@ func (m *NetworkPolicySoakMeasurement) Dispose() { klog.Errorf("phase: gather, %s NS: %s, failed to delete target deployments: %v", m.String(), ns, err) } // add a delay to avoid API server throttling, - // wait for number of replicas per target namespace * 0.1 seconds - time.Sleep(time.Duration(m.targetReplicasPerNs) * 100 * time.Millisecond) + // wait for 500ms before deleting the next deployment + time.Sleep(500 * time.Millisecond) } // stop gatherers From 4c528a8cddc94d0e62c2ebee7cd04fd15c7dcb85 Mon Sep 17 00:00:00 2001 From: sanamsarath Date: Tue, 18 Mar 2025 05:21:14 +0000 Subject: [PATCH 5/6] refactor: reinitialize templateMap in deployTargetPods, deployNetworkPolicy, and deployClientPods to prevent memory spikes --- .../network-policy-soak/np_soak_measurment.go | 77 +++++++++---------- 1 file changed, 38 insertions(+), 39 deletions(-) diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go index f30eba7179..dc00eff0d5 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go @@ -239,14 +239,6 @@ func (m *NetworkPolicySoakMeasurement) deployRBACResources() error { } func (m *NetworkPolicySoakMeasurement) deployTargetPods() error { - templateMap := map[string]interface{}{ - "TargetName": targetName, - "TargetLabelKey": m.targetLabelKey, - "TargetLabelValue": m.targetLabelVal, - "Replicas": m.targetReplicasPerNs, - "TargetPort": m.targetPort, - } - depBatchSize := 50 for i := 0; i < len(m.targetNamespaces); i += depBatchSize { end := i + depBatchSize @@ -254,7 +246,17 @@ func (m *NetworkPolicySoakMeasurement) deployTargetPods() error { end = len(m.targetNamespaces) } for _, ns := range m.targetNamespaces[i:end] { - templateMap["TargetNamespace"] = ns + // Reinitialize templateMap inside the loop + // otherwise, it will be shared across iterations + // inside ApplyTemplatedManifests and will cause memory spikes. + templateMap := map[string]interface{}{ + "TargetName": targetName, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "Replicas": m.targetReplicasPerNs, + "TargetPort": m.targetPort, + "TargetNamespace": ns, + } if err := m.framework.ApplyTemplatedManifests(manifestsFS, targetFilePath, templateMap); err != nil { return fmt.Errorf("phase: start, %s NS: %s, failed to apply target deployment manifest: %v", m.String(), ns, err) } @@ -310,21 +312,19 @@ func (m *NetworkPolicySoakMeasurement) deployAPIServerNetworkPolicy() error { } func (m *NetworkPolicySoakMeasurement) deployNetworkPolicy() error { - - templateMap := map[string]interface{}{ - "ClientNamespace": clientNamespace, - "ClientLabelKey": m.clientLabelKey, - "ClientLabelValue": m.clientLabelVal, - "TargetLabelKey": m.targetLabelKey, - "TargetLabelValue": m.targetLabelVal, - "TargetPort": strconv.Itoa(m.targetPort), - "TargetPath": m.targetPath, - "NetworkPolicy_Type": m.npType, - } - for _, ns := range m.targetNamespaces { - templateMap["TargetNamespace"] = ns - templateMap["Name"] = ns // use the target namespace name as the network policy name + templateMap := map[string]interface{}{ + "ClientNamespace": clientNamespace, + "ClientLabelKey": m.clientLabelKey, + "ClientLabelValue": m.clientLabelVal, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "TargetPort": strconv.Itoa(m.targetPort), + "TargetPath": m.targetPath, + "NetworkPolicy_Type": m.npType, + "TargetNamespace": ns, + "Name": ns, // use the target namespace name as the network policy name + } if err := m.framework.ApplyTemplatedManifests(manifestsFS, netPolFilePath, templateMap); err != nil { return fmt.Errorf("phase: start, %s NS: %s, failed to apply network policy manifest: %v", m.String(), err, ns) @@ -340,20 +340,6 @@ func (m *NetworkPolicySoakMeasurement) deployClientPods() error { // convert the test duration to seconds duration := int(m.testDuration.Seconds()) - templateMap := map[string]interface{}{ - "ClientName": clientName, - "ClientNamespace": clientNamespace, - "ClientLabelKey": m.clientLabelKey, - "ClientLabelValue": m.clientLabelVal, - "TargetLabelKey": m.targetLabelKey, - "TargetLabelValue": m.targetLabelVal, - "TargetPort": m.targetPort, - "TargetPath": m.targetPath, - "Duration": duration, - "Replicas": m.clientReplicasPerDep, - "Workers": m.workerPerClient, - } - clientBatchSize := 50 for i := 0; i < len(m.targetNamespaces); i += clientBatchSize { end := i + clientBatchSize @@ -361,8 +347,21 @@ func (m *NetworkPolicySoakMeasurement) deployClientPods() error { end = len(m.targetNamespaces) } for _, ns := range m.targetNamespaces[i:end] { - templateMap["TargetNamespace"] = ns - templateMap["UniqueName"] = ns // use target namespace name as unique name + templateMap := map[string]interface{}{ + "ClientName": clientName, + "ClientNamespace": clientNamespace, + "ClientLabelKey": m.clientLabelKey, + "ClientLabelValue": m.clientLabelVal, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "TargetPort": m.targetPort, + "TargetPath": m.targetPath, + "Duration": duration, + "Replicas": m.clientReplicasPerDep, + "Workers": m.workerPerClient, + "TargetNamespace": ns, + "UniqueName": ns, // use target namespace name as unique name + } if err := m.framework.ApplyTemplatedManifests(manifestsFS, clientFilePath, templateMap); err != nil { return fmt.Errorf("phase: start, %s NS: %s, failed to apply client deployment manifest: %v", m.String(), ns, err) } From 7e3103a4d77ac62544d3458f91c231acdcb77371 Mon Sep 17 00:00:00 2001 From: sanamsarath Date: Thu, 20 Mar 2025 05:31:27 +0000 Subject: [PATCH 6/6] feat: enhance deployment manifests with dynamic labels for tracking and improve template management in deployment methods --- .../manifests/client_deploy.yaml | 4 + .../manifests/target_deploy.yaml | 6 +- .../network-policy-soak/np_soak_measurment.go | 115 ++++++++++-------- 3 files changed, 70 insertions(+), 55 deletions(-) diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml index 4dc9d8c040..eb50728a8b 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/client_deploy.yaml @@ -3,6 +3,8 @@ kind: Deployment metadata: labels: {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + # this is dynamically generated and used for group deployment and deletion tracking + {{ (StructuralData .ClientDeploymentLabelKey)}}: {{.ClientDeploymentLabelValue}} name: {{.UniqueName}} namespace: {{.ClientNamespace}} spec: @@ -10,10 +12,12 @@ spec: selector: matchLabels: {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + {{ (StructuralData .ClientDeploymentLabelKey)}}: {{.ClientDeploymentLabelValue}} template: metadata: labels: {{ (StructuralData .ClientLabelKey)}}: {{.ClientLabelValue}} + {{ (StructuralData .ClientDeploymentLabelKey)}}: {{.ClientDeploymentLabelValue}} spec: nodeSelector: node: "client" diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml index 0ee94bc766..74380dcb07 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/manifests/target_deploy.yaml @@ -3,6 +3,8 @@ kind: Deployment metadata: labels: {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + # this is dynamically generated and used for group deployment and deletion tracking + {{ (StructuralData .TargetDeploymentLabelKey)}}: {{.TargetDeploymentLabelValue}} name: {{.TargetName}} namespace: {{.TargetNamespace}} spec: @@ -10,10 +12,12 @@ spec: selector: matchLabels: {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + {{ (StructuralData .TargetDeploymentLabelKey)}}: {{.TargetDeploymentLabelValue}} template: metadata: labels: - app: target + {{ (StructuralData .TargetLabelKey)}}: {{.TargetLabelValue}} + {{ (StructuralData .TargetDeploymentLabelKey)}}: {{.TargetDeploymentLabelValue}} spec: nodeSelector: slo: "true" diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go index dc00eff0d5..e5020db006 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-soak/np_soak_measurment.go @@ -239,37 +239,42 @@ func (m *NetworkPolicySoakMeasurement) deployRBACResources() error { } func (m *NetworkPolicySoakMeasurement) deployTargetPods() error { + // Validate that the replica count is positive + if m.targetReplicasPerNs <= 0 { + return fmt.Errorf("phase: start, %s: invalid target replicas per namespace: %d", m.String(), m.targetReplicasPerNs) + } + depBatchSize := 50 for i := 0; i < len(m.targetNamespaces); i += depBatchSize { end := i + depBatchSize if end > len(m.targetNamespaces) { end = len(m.targetNamespaces) } + // Create a new template map per batch to avoid reuse issues. + batchTemplateMap := map[string]interface{}{ + "TargetName": targetName, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "Replicas": m.targetReplicasPerNs, + "TargetPort": m.targetPort, + // generate unique key and value for each deployment batch + // this will be used to wait for the pods to be ready by matching the label selector + "TargetDeploymentLabelKey": fmt.Sprintf("%s-%d", m.targetLabelKey, i), + "TargetDeploymentLabelValue": fmt.Sprintf("%s-%d", m.targetLabelVal, i), + } for _, ns := range m.targetNamespaces[i:end] { - // Reinitialize templateMap inside the loop - // otherwise, it will be shared across iterations - // inside ApplyTemplatedManifests and will cause memory spikes. - templateMap := map[string]interface{}{ - "TargetName": targetName, - "TargetLabelKey": m.targetLabelKey, - "TargetLabelValue": m.targetLabelVal, - "Replicas": m.targetReplicasPerNs, - "TargetPort": m.targetPort, - "TargetNamespace": ns, - } - if err := m.framework.ApplyTemplatedManifests(manifestsFS, targetFilePath, templateMap); err != nil { + batchTemplateMap["TargetNamespace"] = ns + if err := m.framework.ApplyTemplatedManifests(manifestsFS, targetFilePath, batchTemplateMap); err != nil { return fmt.Errorf("phase: start, %s NS: %s, failed to apply target deployment manifest: %v", m.String(), ns, err) } } // Wait for the current batch deployments to be ready. - labelSelector := fmt.Sprintf("%s=%s", m.targetLabelKey, m.targetLabelVal) - batchPodCount := (end - i) * m.targetReplicasPerNs - waitDuration := math.Max(60.0, float64(batchPodCount)*0.5) - targetWaitCtx, targetWaitCancel := context.WithTimeout(context.TODO(), time.Duration(waitDuration)*time.Second) - // desired pod count is the number of deployments until now * replicas per deployment - desiredPodCount := end * m.targetReplicasPerNs - if err := m.waitForDeploymentPodsReady(targetWaitCtx, desiredPodCount, labelSelector); err != nil { + labelSelector := fmt.Sprintf("%s=%s", batchTemplateMap["TargetDeploymentLabelKey"], batchTemplateMap["TargetDeploymentLabelValue"]) + desiredBatchPodCount := (end - i) * m.targetReplicasPerNs + waitSeconds := math.Max(60.0, float64(desiredBatchPodCount)*0.5) + targetWaitCtx, targetWaitCancel := context.WithTimeout(context.TODO(), time.Duration(waitSeconds)*time.Second) + if err := m.waitForDeploymentPodsReady(targetWaitCtx, desiredBatchPodCount, labelSelector); err != nil { klog.Warningf("phase: start, %s: failed to wait for target pods to be ready: %v", m.String(), err) } targetWaitCancel() // Explicitly cancel the context immediately after waiting. @@ -312,19 +317,19 @@ func (m *NetworkPolicySoakMeasurement) deployAPIServerNetworkPolicy() error { } func (m *NetworkPolicySoakMeasurement) deployNetworkPolicy() error { + templateMap := map[string]interface{}{ + "ClientNamespace": clientNamespace, + "ClientLabelKey": m.clientLabelKey, + "ClientLabelValue": m.clientLabelVal, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "TargetPort": strconv.Itoa(m.targetPort), + "TargetPath": m.targetPath, + "NetworkPolicy_Type": m.npType, + } for _, ns := range m.targetNamespaces { - templateMap := map[string]interface{}{ - "ClientNamespace": clientNamespace, - "ClientLabelKey": m.clientLabelKey, - "ClientLabelValue": m.clientLabelVal, - "TargetLabelKey": m.targetLabelKey, - "TargetLabelValue": m.targetLabelVal, - "TargetPort": strconv.Itoa(m.targetPort), - "TargetPath": m.targetPath, - "NetworkPolicy_Type": m.npType, - "TargetNamespace": ns, - "Name": ns, // use the target namespace name as the network policy name - } + templateMap["TargetNamespace"] = ns + templateMap["Name"] = ns // use the target namespace name as the network policy name if err := m.framework.ApplyTemplatedManifests(manifestsFS, netPolFilePath, templateMap); err != nil { return fmt.Errorf("phase: start, %s NS: %s, failed to apply network policy manifest: %v", m.String(), err, ns) @@ -339,42 +344,44 @@ func (m *NetworkPolicySoakMeasurement) deployClientPods() error { // convert the test duration to seconds duration := int(m.testDuration.Seconds()) - clientBatchSize := 50 for i := 0; i < len(m.targetNamespaces); i += clientBatchSize { end := i + clientBatchSize if end > len(m.targetNamespaces) { end = len(m.targetNamespaces) } + // Create a new template map per batch to avoid reuse issues. + batchTemplateMap := map[string]interface{}{ + "ClientName": clientName, + "ClientNamespace": clientNamespace, + "ClientLabelKey": m.clientLabelKey, + "ClientLabelValue": m.clientLabelVal, + "TargetLabelKey": m.targetLabelKey, + "TargetLabelValue": m.targetLabelVal, + "TargetPort": m.targetPort, + "TargetPath": m.targetPath, + "Duration": duration, + "Replicas": m.clientReplicasPerDep, + "Workers": m.workerPerClient, + // generate unique key and value for each deployment batch + // this will be used to wait for the pods to be ready by matching the label selector + "ClientDeploymentLabelKey": fmt.Sprintf("%s-%d", m.clientLabelKey, i), + "ClientDeploymentLabelValue": fmt.Sprintf("%s-%d", m.clientLabelVal, i), + } for _, ns := range m.targetNamespaces[i:end] { - templateMap := map[string]interface{}{ - "ClientName": clientName, - "ClientNamespace": clientNamespace, - "ClientLabelKey": m.clientLabelKey, - "ClientLabelValue": m.clientLabelVal, - "TargetLabelKey": m.targetLabelKey, - "TargetLabelValue": m.targetLabelVal, - "TargetPort": m.targetPort, - "TargetPath": m.targetPath, - "Duration": duration, - "Replicas": m.clientReplicasPerDep, - "Workers": m.workerPerClient, - "TargetNamespace": ns, - "UniqueName": ns, // use target namespace name as unique name - } - if err := m.framework.ApplyTemplatedManifests(manifestsFS, clientFilePath, templateMap); err != nil { + batchTemplateMap["TargetNamespace"] = ns + batchTemplateMap["UniqueName"] = ns // use the target namespace name as the deployment name + if err := m.framework.ApplyTemplatedManifests(manifestsFS, clientFilePath, batchTemplateMap); err != nil { return fmt.Errorf("phase: start, %s NS: %s, failed to apply client deployment manifest: %v", m.String(), ns, err) } } // Wait for the current batch client pods to be ready. - labelSelector := fmt.Sprintf("%s=%s", m.clientLabelKey, m.clientLabelVal) - batchPodCount := (end - i) * m.clientReplicasPerDep - waitDuration := math.Max(60.0, float64(batchPodCount)*0.5) + labelSelector := fmt.Sprintf("%s=%s", batchTemplateMap["ClientDeploymentLabelKey"], batchTemplateMap["ClientDeploymentLabelValue"]) + desiredBatchPodCount := (end - i) * m.clientReplicasPerDep + waitDuration := math.Max(60.0, float64(desiredBatchPodCount)*0.5) clientWaitCtx, clientWaitCancel := context.WithTimeout(context.TODO(), time.Duration(waitDuration)*time.Second) - // desired pod count is the number of deployments until now * replicas per deployment - desiredPodCount := end * m.clientReplicasPerDep - if err := m.waitForDeploymentPodsReady(clientWaitCtx, desiredPodCount, labelSelector); err != nil { + if err := m.waitForDeploymentPodsReady(clientWaitCtx, desiredBatchPodCount, labelSelector); err != nil { klog.Warningf("phase: start, %s: failed to wait for client pods to be ready: %v", m.String(), err) } clientWaitCancel() // cancel context immediately after waiting