Add tests for EKS Pod Identity #489
Conversation
|
Please let me know once this has been tested. |
xdu31
force-pushed
the
eks-pod-identity
branch
from
2b7c24e to
310f106
Compare
| - name: endpoint | ||
| default: "" | ||
| - name: namespace-prefix | ||
| default: "default" |
There was a problem hiding this comment.
why do we need this ? can we add description to this ?
| default: "" | ||
| - name: namespace-prefix | ||
| default: "default" | ||
| - name: namespaces |
There was a problem hiding this comment.
How about namespace-count ? or something that tells its the count of namespaces
| MANAGED_POLICY_ARN="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" | ||
| TRUST_POLICY_FILE="pia-trust-policy.json" | ||
| # create a trust policy json file | ||
| cat > $TRUST_POLICY_FILE <<EOF |
There was a problem hiding this comment.
let's put trust policy under assets here https://github.com/awslabs/kubernetes-iteration-toolkit/tree/main/tests/assets and provide a url to pull it from there ?
we want to decouple this from the task def.
| aws eks $ENDPOINT_FLAG --region $(params.region) list-pod-identity-associations --cluster-name $(params.cluster-name) --query 'associations' | ||
| echo "waiting for 30 seconds..." | ||
| sleep 30 |
There was a problem hiding this comment.
is there a better way to know pod-identity-association went through than sleeping before we proceed ?
There was a problem hiding this comment.
We have synced up offline on this. The answer is no, currently there is not an interface on this
| if [ -n "$(params.endpoint)" ]; then | ||
| ENDPOINT_FLAG="--endpoint $(params.endpoint)" | ||
| fi | ||
| aws eks $ENDPOINT_FLAG create-addon --cluster-name $(params.cluster-name) --addon-name eks-pod-identity-agent --addon-version v1.3.5-eksbuild.2 |
There was a problem hiding this comment.
let's not hardcode the addon version as its going to change. Let's take that as a param and have it defaulted to this.
| default: "5000" | ||
| - name: cl2-default-qps | ||
| description: "default qps" | ||
| default: "500" |
There was a problem hiding this comment.
let's use the regular defaults, so there is no queueing for this if the server side has lower value than this. We can pass more aggressive ones in Pipeline params depending on type of cluster we test it on ?
| params: | ||
| - name: giturl | ||
| description: "git url to clone the package" | ||
| default: https://github.com/xdu31/perf-tests.git |
There was a problem hiding this comment.
let's not have forked branches of this. Its hard to maintain. Is there a plan to upstream whatever change you have ?
You can have this file under assets- https://github.com/kubernetes/perf-tests/blob/1df9f0af35a123c12a3324295774379411e1efb0/clusterloader2/testing/eks-pod-identity/pod-default.yaml
and copy it into CL2 before building it, so you have access.
And also, this config here is just bringing up the pods not measuring any pod start up latencies.
I think you can just use this for your test purposes - https://github.com/kubernetes/perf-tests/blob/master/clusterloader2/testing/scheduler-throughput/config.yaml and supply your pod-default.
There was a problem hiding this comment.
I think you can just use this for your test purposes - https://github.com/kubernetes/perf-tests/blob/master/clusterloader2/testing/scheduler-throughput/config.yaml and supply your pod-default.
We can't use the same pod spec, we need to know the namespaces before hand so we can create the pod identity associations before this load tests, I definitely evaluated the option to re-use this
There was a problem hiding this comment.
I'm not sure if upstream will agree to merge this, since this is eks specific test, and I can try to push for the merge and let's not make this the blocker, since we already use forked repo in some other tests, e.g https://github.com/awslabs/kubernetes-iteration-toolkit/blob/main/tests/tasks/generators/clusterloader/load.yaml#L12
|
Summary of what @xdu31 and I synced offline: Next steps for this PR
|
| - name: cl2-default-qps | ||
| default: "500" | ||
| - name: cl2-default-burst | ||
| default: "1000" |
There was a problem hiding this comment.
lets not use this as default :D , it way above normal values.
There was a problem hiding this comment.
just changed the values
| - name: cl2-default-burst | ||
| default: "400" | ||
| - name: cl2-uniform-qps | ||
| default: "500" |
There was a problem hiding this comment.
let's change this to 200 too to begin with. This is what your config is using https://github.com/awslabs/kubernetes-iteration-toolkit/pull/489/files#diff-d2d660edac904aa96e330bfae7bf67ef6885190877c5ab7668f0f157057da03fR45
xdu31
force-pushed
the
eks-pod-identity
branch
2 times, most recently
from
581fbed to
22c334d
Compare
|
LGTM! Thank you. |
|
/lgtm |
2 participants
Issue #, if available:
Description of changes:
Add tests for EKS Pod Identity
Create a pipeline for testing EKS Pod Identity, after managed node group creation, create a Pod Identity Association in the default namespace on default service account, and then run load tests with Pod Identity.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.