Skip to content

Commit 2689526

Browse files
xdu31xdu31
authored
Add tests for EKS Pod Identity (#489)
1 parent 2180bca commit 2689526

File tree

8 files changed

+489
-20
lines changed

8 files changed

+489
-20
lines changed

tests/assets/eks-pod-identity/config.yaml

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
{{$namespacePrefix := DefaultParam .CL2_NAMESPACE_PREFIX "default"}}
2+
{{$namespaceCount := DefaultParam .CL2_NAMESPACE_COUNT 1}}
3+
{{$totalEksPodIdentityPods := DefaultParam .CL2_EKS_POD_IDENTITY_PODS 5000}}
4+
{{$timeoutEksPodIdentityPodCreation := DefaultParam .CL2_TIMEOUT_EKS_POD_IDENTITY_POD_CREATION "5m"}}
5+
{{$defaultQps := DefaultParam .CL2_DEFAULT_QPS 500}}
6+
{{$defaultBurst := DefaultParam .CL2_DEFAULT_BURST 1000}}
7+
{{$uniformQps := DefaultParam .CL2_UNIFORM_QPS 500}}
8+
9+
{{$SCHEDULER_THROUGHPUT_THRESHOLD := DefaultParam .CL2_SCHEDULER_THROUGHPUT_THRESHOLD 100}}
10+
11+
name: eks-pod-identity
12+
tuningSets:
13+
# default is a tuningset that is meant to be used when we don't have any specific requirements on pace of operations.
14+
- name: default
15+
globalQPSLoad:
16+
qps: {{$defaultQps}}
17+
burst: {{$defaultBurst}}
18+
- name: UniformQPS
19+
qpsLoad:
20+
qps: {{$uniformQps}}
21+
steps:
22+
- name: Creating eks pod identity measurements
23+
measurements:
24+
- Identifier: EksPodIdentityPodStartupLatency
25+
Method: PodStartupLatency
26+
Params:
27+
action: start
28+
labelSelector: group = eks-pod-identity
29+
threshold: 300s
30+
- Identifier: EksPodIdentity
31+
# TODO: Move to SchedulingThroughputPrometheus which requires cl2 prom stack setup as pre-req
32+
Method: SchedulingThroughput
33+
Params:
34+
action: start
35+
labelSelector: group = eks-pod-identity
36+
measurmentInterval: 1s
37+
# a pod identity association with (namespace: default, sa: default) is created as prerequisite
38+
- name: create eks pod identity pods
39+
phases:
40+
- namespaceRange:
41+
min: 1
42+
max: {{$namespaceCount}}
43+
baseName: {{$namespacePrefix}}
44+
replicasPerNamespace: {{$totalEksPodIdentityPods}}
45+
tuningSet: UniformQPS
46+
objectBundle:
47+
- basename: eks-pod-identity
48+
objectTemplatePath: pod-default.yaml
49+
templateFillMap:
50+
Group: eks-pod-identity
51+
- name: Waiting for eks pod identity pods to be created
52+
measurements:
53+
- Identifier: WaitForEksPodIdentityPods
54+
Method: WaitForRunningPods
55+
Params:
56+
action: gather
57+
timeout: {{$timeoutEksPodIdentityPodCreation}}
58+
desiredPodCount: {{$totalEksPodIdentityPods}}
59+
labelSelector: group = eks-pod-identity
60+
- name: Collecting eks pod identity measurements
61+
measurements:
62+
- Identifier: EksPodIdentityPodStartupLatency
63+
Method: PodStartupLatency
64+
Params:
65+
action: gather
66+
- Identifier: EksPodIdentity
67+
Method: SchedulingThroughput
68+
Params:
69+
action: gather
70+
enableViolations: true
71+
threshold: {{$SCHEDULER_THROUGHPUT_THRESHOLD}}
72+
- name: Delete eks pod identity pods
73+
phases:
74+
- namespaceRange:
75+
min: 1
76+
max: {{$namespaceCount}}
77+
baseName: {{$namespacePrefix}}
78+
replicasPerNamespace: 0
79+
tuningSet: default
80+
objectBundle:
81+
- basename: eks-pod-identity
82+
objectTemplatePath: pod-default.yaml
83+
templateFillMap:
84+
Group: eks-pod-identity

tests/assets/eks-pod-identity/pia-trust-policy.json

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
{
2+
"Version": "2012-10-17",
3+
"Statement": [
4+
{
5+
"Effect": "Allow",
6+
"Principal": {
7+
"Service": "beta.pods.eks.aws.internal"
8+
},
9+
"Action": [
10+
"sts:AssumeRole",
11+
"sts:TagSession"
12+
]
13+
}
14+
]
15+
}

tests/assets/eks-pod-identity/pod-default.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
apiVersion: v1
2+
kind: Pod
3+
metadata:
4+
generateName: eks-pod-identity-pod-churn-
5+
labels:
6+
group: {{.Group}}
7+
spec:
8+
containers:
9+
- image: registry.k8s.io/pause:3.9
10+
name: pause
11+
initContainers:
12+
- name: app-init
13+
image: amazon/aws-cli:latest
14+
command: ["/bin/sh"]
15+
args: ["-c", "aws sts get-caller-identity"]

tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml

Lines changed: 88 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ spec:
2121
value: $(params.cluster-name)-node-role
2222
- name: launch-template-stack-name
2323
value: $(params.cluster-name)-launch-template
24+
- name: namespace-count
25+
value: $(params.namespace-count)
2426
retries: 10
2527
taskRef:
2628
kind: Task
@@ -61,6 +63,29 @@ spec:
6163
- default: https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_role.json
6264
name: node-role-cfn-url
6365
type: string
66+
- name: namespace-prefix
67+
default: "default"
68+
description: "The prefix of namespaces for EKS Pod Identity test."
69+
- name: namespace-count
70+
default: "1"
71+
description: "The number of namespaces for EKS Pod Identity test."
72+
- name: pia-trust-policy-url
73+
default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/pia-trust-policy.json"
74+
type: string
75+
- name: pia-test-config-url
76+
default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/config.yaml"
77+
- name: pia-test-pod-spec-url
78+
default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/pod-default.yaml"
79+
- name: cl2-eks-pod-identity-pods
80+
default: "5000"
81+
- name: cl2-default-qps
82+
default: "200"
83+
- name: cl2-default-burst
84+
default: "400"
85+
- name: cl2-uniform-qps
86+
default: "200"
87+
- name: timeout-pia-pod-creation
88+
default: "10m"
6489
tasks:
6590
- name: slack-notification
6691
params:
@@ -193,6 +218,66 @@ spec:
193218
workspaces:
194219
- name: config
195220
workspace: config
221+
- name: create-pod-identity-association
222+
params:
223+
- name: cluster-name
224+
value: $(params.cluster-name)
225+
- name: endpoint
226+
value: $(params.endpoint)
227+
- name: namespace-prefix
228+
value: $(params.namespace-prefix)
229+
- name: namespace-count
230+
value: $(params.namespace-count)
231+
- name: pia-trust-policy-url
232+
value: $(params.pia-trust-policy-url)
233+
runAfter:
234+
- create-mng-nodes
235+
taskRef:
236+
kind: Task
237+
name: awscli-eks-pia-create
238+
workspaces:
239+
- name: config
240+
workspace: config
241+
- name: generate-eks-pod-identity
242+
params:
243+
- name: cl2-eks-pod-identity-pods
244+
value: $(params.cl2-eks-pod-identity-pods)
245+
- name: cl2-default-qps
246+
value: $(params.cl2-default-qps)
247+
- name: cl2-default-burst
248+
value: $(params.cl2-default-burst)
249+
- name: cl2-uniform-qps
250+
value: $(params.cl2-uniform-qps)
251+
- name: results-bucket
252+
value: $(params.results-bucket)
253+
- name: nodes
254+
value: $(params.desired-nodes)
255+
- name: cluster-name
256+
value: $(params.cluster-name)
257+
- name: namespace-prefix
258+
value: $(params.namespace-prefix)
259+
- name: namespace-count
260+
value: $(params.namespace-count)
261+
- name: pia-test-config-url
262+
value: $(params.pia-test-config-url)
263+
- name: pia-test-pod-spec-url
264+
value: $(params.pia-test-pod-spec-url)
265+
- name: timeout-pia-pod-creation
266+
value: $(params.timeout-pia-pod-creation)
267+
- name: amp-workspace-id
268+
value: '$(params.amp-workspace-id)'
269+
runAfter:
270+
- create-pod-identity-association
271+
taskRef:
272+
kind: Task
273+
name: load-pod-identity
274+
workspaces:
275+
- name: source
276+
workspace: source
277+
- name: results
278+
workspace: results
279+
- name: config
280+
workspace: config
196281
- name: generate
197282
params:
198283
- name: cluster-name
@@ -210,7 +295,7 @@ spec:
210295
- name: amp-workspace-id
211296
value: $(params.amp-workspace-id)
212297
runAfter:
213-
- create-mng-nodes
298+
- generate-eks-pod-identity
214299
taskRef:
215300
kind: Task
216301
name: load-slos
@@ -230,11 +315,11 @@ spec:
230315
- name: namespace
231316
value: $(params.kubernetes-version)
232317
runAfter:
233-
- generate
318+
- generate-eks-pod-identity
234319
taskRef:
235320
kind: Task
236321
name: cloudwatch
237322
workspaces:
238323
- name: source
239324
- name: results
240-
- name: config
325+
- name: config

0 commit comments

Comments
 (0)