k8s.io/perf-tests/clusterloader2@v0.0.0-20240304094227-64bdb12da87e/testing/access-tokens/config.yaml (about) 1 # Stress testing access token validation 2 # 3 # Targeting 2 000 tokens with 5 000 total QPS for 5k node cluster, so it's 2.5 4 # QPS per token. 5 # 6 # For this test number of tokens is not changed with number of nodes. 7 # By default, those 2 000 tokens are are assigned to 80 service accounts, with 8 # 25 tokens each. There is 1:1 mapping between deployments and service 9 # accounts, so 80 deployments is generated, each with one pod. 10 # 11 # For smaller cluster, we scale down lineary QPS per token to 12 # 2.5 * (Number of nodes)/(5 000). This results in 1 QPS per node, if there is 13 # 2 000 tokens. 14 # 15 # Structure and mapping: 16 # * For each namespace (by default 1), we are generating service accounts and 17 # deployments (by default 80). 18 # * For each service account we are generating tokens (by default 25). 19 # * For each deployment we are creating pods (by default 1) and for those pods 20 # we are mounting all tokens generated from linked service account. 21 # * Each pod is running a number of clients equal to number of assigned tokens. 22 # 23 # When defining your own parameters: 24 # Number of tokens = ${namespaces} * ${serviceAccounts} * ${tokensPerServiceAccount} 25 # Total QPS = Number of tokens * ${replicas} * ${qpsPerWorker} 26 # 27 # For default values in 5k cluster this means: 28 # Number of tokens = 1 * 80 * 25 = 2000 29 # Total QPS = 2000 * 1 * 2.5 = 5000 30 31 # Size of test variables 32 {{$namespaces := DefaultParam .CL2_ACCESS_TOKENS_NAMESPACES 1}} 33 {{$serviceAccounts := DefaultParam .CL2_ACCESS_TOKENS_SERVICE_ACCOUNTS 80}} 34 {{$tokensPerServiceAccount := DefaultParam .CL2_ACCESS_TOKENS_TOKENS_PER_SERVICE_ACCOUNT 25}} 35 {{$replicas := DefaultParam .CL2_ACCESS_TOKENS_REPLICAS 1}} 36 {{$qpsPerWorker := DefaultParam .CL2_ACCESS_TOKENS_QPS (MultiplyFloat 2.5 (DivideFloat .Nodes 5000))}} 37 38 # TestMetrics measurement variables 39 {{$ENABLE_SYSTEM_POD_METRICS:= DefaultParam .ENABLE_SYSTEM_POD_METRICS true}} 40 {{$ENABLE_RESTART_COUNT_CHECK := DefaultParam .ENABLE_RESTART_COUNT_CHECK true}} 41 {{$RESTART_COUNT_THRESHOLD_OVERRIDES:= DefaultParam .RESTART_COUNT_THRESHOLD_OVERRIDES ""}} 42 43 # Configs 44 {{$ALLOWED_SLOW_API_CALLS := DefaultParam .CL2_ALLOWED_SLOW_API_CALLS 0}} 45 46 name: access-tokens 47 namespace: 48 number: {{$namespaces}} 49 tuningSets: 50 - name: Sequence 51 parallelismLimitedLoad: 52 parallelismLimit: 1 53 steps: 54 - name: Starting measurements 55 measurements: 56 - Identifier: APIResponsivenessPrometheus 57 Method: APIResponsivenessPrometheus 58 Params: 59 action: start 60 - Identifier: TestMetrics 61 Method: TestMetrics 62 Params: 63 action: start 64 systemPodMetricsEnabled: {{$ENABLE_SYSTEM_POD_METRICS}} 65 restartCountThresholdOverrides: {{YamlQuote $RESTART_COUNT_THRESHOLD_OVERRIDES 4}} 66 enableRestartCountCheck: {{$ENABLE_RESTART_COUNT_CHECK}} 67 allowedSlowCalls: {{$ALLOWED_SLOW_API_CALLS}} 68 69 - name: Creating ServiceAccounts 70 phases: 71 - namespaceRange: 72 min: 1 73 max: {{$namespaces}} 74 replicasPerNamespace: 1 75 tuningSet: Sequence 76 objectBundle: 77 - basename: service-account-getter 78 objectTemplatePath: role.yaml 79 - namespaceRange: 80 min: 1 81 max: {{$namespaces}} 82 replicasPerNamespace: {{$serviceAccounts}} 83 tuningSet: Sequence 84 objectBundle: 85 - basename: account 86 objectTemplatePath: serviceAccount.yaml 87 - basename: account 88 objectTemplatePath: roleBinding.yaml 89 templateFillMap: 90 RoleName: service-account-getter 91 92 - name: Creating Tokens 93 phases: 94 {{range $i := Loop $serviceAccounts}} 95 - namespaceRange: 96 min: 1 97 max: {{$namespaces}} 98 replicasPerNamespace: {{$tokensPerServiceAccount}} 99 tuningSet: Sequence 100 objectBundle: 101 - basename: account-{{$i}} 102 objectTemplatePath: token.yaml 103 {{end}} 104 105 106 - name: Starting measurement for waiting for pods 107 measurements: 108 - Identifier: WaitForRunningPods 109 Method: WaitForControlledPodsRunning 110 Params: 111 action: start 112 apiVersion: apps/v1 113 kind: Deployment 114 labelSelector: group = access-tokens 115 operationTimeout: 15m 116 117 - name: Creating pods 118 phases: 119 - namespaceRange: 120 min: 1 121 max: {{$namespaces}} 122 replicasPerNamespace: {{$serviceAccounts}} 123 tuningSet: Sequence 124 objectBundle: 125 - basename: account 126 objectTemplatePath: deployment.yaml 127 templateFillMap: 128 QpsPerWorker: {{$qpsPerWorker}} 129 Replicas: {{$replicas}} 130 Tokens: {{$tokensPerServiceAccount}} 131 132 - name: Waiting for pods to be running 133 measurements: 134 - Identifier: WaitForRunningPods 135 Method: WaitForControlledPodsRunning 136 Params: 137 action: gather 138 139 - name: Wait 5min 140 measurements: 141 - Identifier: Wait 142 Method: Sleep 143 Params: 144 duration: 5m 145 146 - name: Deleting pods 147 phases: 148 - namespaceRange: 149 min: 1 150 max: {{$namespaces}} 151 replicasPerNamespace: 0 152 tuningSet: Sequence 153 objectBundle: 154 - basename: account 155 objectTemplatePath: deployment.yaml 156 templateFillMap: 157 QpsPerWorker: {{$qpsPerWorker}} 158 Replicas: {{$replicas}} 159 Tokens: {{$tokensPerServiceAccount}} 160 161 - name: Waiting for pods to be deleted 162 measurements: 163 - Identifier: WaitForRunningPods 164 Method: WaitForControlledPodsRunning 165 Params: 166 action: gather 167 168 - name: Collecting measurements 169 measurements: 170 - Identifier: APIResponsivenessPrometheus 171 Method: APIResponsivenessPrometheus 172 Params: 173 action: gather 174 enableViolations: true 175 - Identifier: TestMetrics 176 Method: TestMetrics 177 Params: 178 action: gather 179 systemPodMetricsEnabled: {{$ENABLE_SYSTEM_POD_METRICS}} 180 restartCountThresholdOverrides: {{YamlQuote $RESTART_COUNT_THRESHOLD_OVERRIDES 4}} 181 enableRestartCountCheck: {{$ENABLE_RESTART_COUNT_CHECK}}