From 7782916a97ba6e1e29f2d679369cbdcd5ed86a2b Mon Sep 17 00:00:00 2001 From: Dorde Lapcevic Date: Fri, 5 Jan 2024 12:24:19 +0000 Subject: [PATCH] Fix YAML injections in the network policy enforcement test --- .../dep-test-client-pod-creation.yaml | 4 ++-- .../dep-test-client-policy-creation.yaml | 4 ++-- .../policy-egress-allow-target-pods.yaml | 2 +- .../network-policy/manifests/policy-load.yaml | 2 +- .../network-policy-enforcement-latency.go | 21 ++----------------- clusterloader2/testing/load/daemonset.yaml | 5 ++--- clusterloader2/testing/load/deployment.yaml | 3 +-- .../net-policy-enforcement-latency.yaml | 6 ++---- 8 files changed, 13 insertions(+), 34 deletions(-) diff --git a/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-pod-creation.yaml b/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-pod-creation.yaml index f97c21c5aa..5928ec074c 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-pod-creation.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-pod-creation.yaml @@ -21,9 +21,9 @@ spec: # Use separate nodes to avoid consuming CPU/Memory resources on default # nodes where all deployments of the performance test run. nodeSelector: - {{.TestClientNodeSelectorKey}}: {{.TestClientNodeSelectorValue}} + test-np: {{.TestClientNodeSelectorValue}} tolerations: - - key: {{.TestClientNodeSelectorKey}} + - key: test-np operator: Equal value: {{.TestClientNodeSelectorValue}} effect: NoSchedule diff --git a/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml b/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml index 126707e9df..ce0222ed20 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/manifests/dep-test-client-policy-creation.yaml @@ -21,9 +21,9 @@ spec: # Use separate nodes to avoid consuming CPU/Memory resources on default # nodes where all deployments of the performance test run. nodeSelector: - {{.TestClientNodeSelectorKey}}: {{.TestClientNodeSelectorValue}} + test-np: {{.TestClientNodeSelectorValue}} tolerations: - - key: {{.TestClientNodeSelectorKey}} + - key: test-np operator: Equal value: {{.TestClientNodeSelectorValue}} effect: NoSchedule diff --git a/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml b/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml index 4a24972e83..02ac99878a 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-egress-allow-target-pods.yaml @@ -15,7 +15,7 @@ spec: - to: - podSelector: matchLabels: - {{.TargetLabelKey}}: {{.TargetLabelValue}} + net-pol-test: {{.TargetLabelValue}} {{if .OnlyTargetNamespace}} namespaceSelector: matchLabels: diff --git a/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-load.yaml b/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-load.yaml index e3b815f42d..28cdcfc0ed 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-load.yaml +++ b/clusterloader2/pkg/measurement/common/network-policy/manifests/policy-load.yaml @@ -8,7 +8,7 @@ metadata: spec: podSelector: matchLabels: - {{.PodSelectorLabelKey}}: {{.PodSelectorLabelValue}} + name: {{.PodSelectorLabelValue}} policyTypes: - Egress egress: diff --git a/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go b/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go index af3a939fe6..dd34580a2e 100644 --- a/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go +++ b/clusterloader2/pkg/measurement/common/network-policy/network-policy-enforcement-latency.go @@ -45,7 +45,7 @@ Deploy the test clients (setup and run) with "testType" flag set to Deploy the test clients (setup and run) with "testType" flag set to "pod-creation", before creating the target pods. Target pods are all pods that have the specified label: -{ targetLabelKey: targetLabelValue }. +{ net-pol-test: targetLabelValue }. The test is set up by this measurement, by creating the required resources, including the network policy enforcement latency test client pods that are measuring the latencies and generating metrics for them. @@ -98,9 +98,6 @@ type networkPolicyEnforcementMeasurement struct { framework *framework.Framework // testClientNamespace is the namespace of the test client pods. testClientNamespace string - // targetLabelKey is the key for the label selector of target pods to apply - // network policies on and measure the latency to become reachable. - targetLabelKey string // targetLabelValue is the value for the label selector of target pods to // apply network policies on and measure the latency to become reachable. targetLabelValue string @@ -111,9 +108,6 @@ type networkPolicyEnforcementMeasurement struct { // creation latency test, to compare pod creation reachability latency with // and without network policies. baseline bool - // testClientNodeSelectorKey is the key for the node label on which the test - // client pods should run. - testClientNodeSelectorKey string // testClientNodeSelectorValue is value key for the node label on which the // test client pods should run. testClientNodeSelectorValue string @@ -185,10 +179,6 @@ func (nps *networkPolicyEnforcementMeasurement) initializeMeasurement(config *me } var err error - if nps.targetLabelKey, err = util.GetString(config.Params, "targetLabelKey"); err != nil { - return err - } - if nps.targetLabelValue, err = util.GetString(config.Params, "targetLabelValue"); err != nil { return err } @@ -201,10 +191,6 @@ func (nps *networkPolicyEnforcementMeasurement) initializeMeasurement(config *me return err } - if nps.testClientNodeSelectorKey, err = util.GetString(config.Params, "testClientNodeSelectorKey"); err != nil { - return err - } - if nps.testClientNodeSelectorValue, err = util.GetString(config.Params, "testClientNodeSelectorValue"); err != nil { return err } @@ -283,12 +269,11 @@ func (nps *networkPolicyEnforcementMeasurement) run(config *measurement.Config) templateMap := map[string]interface{}{ "Namespace": nps.testClientNamespace, "TestClientLabel": netPolicyTestClientName, - "TargetLabelSelector": fmt.Sprintf("%s = %s", nps.targetLabelKey, nps.targetLabelValue), + "TargetLabelSelector": fmt.Sprintf("net-pol-test = %s", nps.targetLabelValue), "TargetPort": targetPort, "MetricsPort": metricsPort, "ServiceAccountName": netPolicyTestClientName, "MaxTargets": maxTargets, - "TestClientNodeSelectorKey": nps.testClientNodeSelectorKey, "TestClientNodeSelectorValue": nps.testClientNodeSelectorValue, } @@ -403,7 +388,6 @@ func (nps *networkPolicyEnforcementMeasurement) createPolicyToTargetPods(policyN templateMap := map[string]interface{}{ "Name": policyName, "Namespace": nps.testClientNamespace, - "TargetLabelKey": nps.targetLabelKey, "TypeLabelValue": testType, } @@ -479,7 +463,6 @@ func (nps *networkPolicyEnforcementMeasurement) createLoadPolicies(config *measu templateMapForTargetPods := map[string]interface{}{ "Name": fmt.Sprintf("%s-%d", podSelectorLabelValue, nsIdx), "Namespace": ns, - "PodSelectorLabelKey": "name", "PodSelectorLabelValue": podSelectorLabelValue, "CIDR": baseCidr, } diff --git a/clusterloader2/testing/load/daemonset.yaml b/clusterloader2/testing/load/daemonset.yaml index 40bc24690f..5c69397693 100644 --- a/clusterloader2/testing/load/daemonset.yaml +++ b/clusterloader2/testing/load/daemonset.yaml @@ -5,7 +5,6 @@ {{$RUN_ON_ARM_NODES := DefaultParam .CL2_RUN_ON_ARM_NODES false}} {{$ENABLE_NETWORK_POLICY_ENFORCEMENT_LATENCY_TEST := DefaultParam .CL2_ENABLE_NETWORK_POLICY_ENFORCEMENT_LATENCY_TEST false}} -{{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY "test"}} {{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE "net-policy-client"}} apiVersion: apps/v1 @@ -42,7 +41,7 @@ spec: memory: "20M" priorityClassName: daemonset-priorityclass-0 # Name is autogenerated, hence the -0 prefix. terminationGracePeriodSeconds: 1 - tolerations: + tolerations: {{if $RUN_ON_ARM_NODES}} - key: "kubernetes.io/arch" operator: Equal @@ -50,7 +49,7 @@ spec: effect: NoSchedule {{end}} {{if $ENABLE_NETWORK_POLICY_ENFORCEMENT_LATENCY_TEST}} - - key: {{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY}} + - key: test-np operator: Equal value: {{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE}} effect: NoSchedule diff --git a/clusterloader2/testing/load/deployment.yaml b/clusterloader2/testing/load/deployment.yaml index b580acafde..02facca994 100644 --- a/clusterloader2/testing/load/deployment.yaml +++ b/clusterloader2/testing/load/deployment.yaml @@ -9,7 +9,6 @@ {{$RUN_ON_ARM_NODES := DefaultParam .CL2_RUN_ON_ARM_NODES false}} {{$EnableNetworkPolicyEnforcementLatencyTest := DefaultParam .EnableNetworkPolicyEnforcementLatencyTest false}} -{{$TargetLabelKey := DefaultParam .TargetLabelKey "net-pol-test"}} {{$TargetLabelValue := DefaultParam .TargetLabelValue "enforcement-latency"}} # Run a server pod for network policy enforcement latency test only on every Nth pod. # Default every third pod. @@ -38,7 +37,7 @@ spec: dns-test: dnsperfgo {{else}} {{if $RunNetPolicyTest}} - {{$TargetLabelKey}}: {{$TargetLabelValue}} + net-pol-test: {{$TargetLabelValue}} {{end}} {{end}} spec: diff --git a/clusterloader2/testing/load/modules/network-policy/net-policy-enforcement-latency.yaml b/clusterloader2/testing/load/modules/network-policy/net-policy-enforcement-latency.yaml index c3023369e1..5f0be5af3b 100644 --- a/clusterloader2/testing/load/modules/network-policy/net-policy-enforcement-latency.yaml +++ b/clusterloader2/testing/load/modules/network-policy/net-policy-enforcement-latency.yaml @@ -1,7 +1,6 @@ {{$NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE := DefaultParam .CL2_NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE false}} {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY "net-pol-test"}} {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE "enforcement-latency"}} -{{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY "test"}} {{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE "net-policy-client"}} {{$NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LATENCY_MAX_TARGET_PODS_PER_NS 100}} {{$NET_POLICY_ENFORCEMENT_LOAD_COUNT := DefaultParam .CL2_NET_POLICY_ENFORCEMENT_LOAD_COUNT 1000}} @@ -27,10 +26,9 @@ steps: targetLabelKey: {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_KEY}} targetLabelValue: {{$NET_POLICY_ENFORCEMENT_LATENCY_TARGET_LABEL_VALUE}} baseline: {{$NETWORK_POLICY_ENFORCEMENT_LATENCY_BASELINE}} - testClientNodeSelectorKey: {{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_KEY}} testClientNodeSelectorValue: {{$NET_POLICY_ENFORCEMENT_LATENCY_NODE_LABEL_VALUE}} {{end}} - + {{if $run}} - name: "Run pod creation network policy enforcement latency measurement (testType={{$testType}})" measurements: @@ -45,7 +43,7 @@ steps: policyLoadQPS: {{$NET_POLICY_ENFORCEMENT_LOAD_QPS}} policyLoadTargetBaseName: {{$NET_POLICY_ENFORCEMENT_LOAD_TARGET_NAME}} {{end}} - + {{if $complete}} - name: "Complete pod creation network policy enforcement latency measurement (testType={{$testType}})" measurements: