From 7a3c700399048ea37cb306cdf695d503b6948745 Mon Sep 17 00:00:00 2001 From: xdu31 Date: Wed, 26 Feb 2025 13:45:35 -0800 Subject: [PATCH 1/5] Add tests for EKS Pod Identity --- ...awscli-cl2-load-with-addons-slos.yaml.orig | 325 ++++++++++++++++++ ...awscli-eks-cl2-load-with-pod-identity.yaml | 270 +++++++++++++++ .../clusterloader/load-pod-identity.yaml | 163 +++++++++ .../tasks/setup/eks/awscli-cp-with-vpc.yaml | 27 +- .../eks/awscli-pod-identity-association.yaml | 87 +++++ .../tasks/teardown/awscli-eks.yaml | 21 +- 6 files changed, 876 insertions(+), 17 deletions(-) create mode 100644 tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig create mode 100644 tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml create mode 100644 tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml create mode 100644 tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml diff --git a/tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig b/tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig new file mode 100644 index 00000000..a0be9a2f --- /dev/null +++ b/tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig @@ -0,0 +1,325 @@ +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: awscli-eks-cl2loadtest-with-addons-slos + namespace: scalability +spec: + finally: + - name: teardown + params: + - name: cluster-name + value: $(params.cluster-name) + - name: endpoint + value: $(params.endpoint) + - name: slack-hook + value: $(params.slack-hook) + - name: slack-message + value: $(params.slack-message) job completed + - name: service-role-stack-name + value: $(params.cluster-name)-service-role + - name: node-role-stack-name + value: $(params.cluster-name)-node-role + - name: launch-template-stack-name + value: $(params.cluster-name)-launch-template + - name: namespace-count + value: $(params.namespace-count) + retries: 10 + taskRef: + kind: Task + name: awscli-eks-cluster-teardown + params: + - name: cluster-name + type: string + - name: endpoint + type: string + - name: desired-nodes + type: string + - name: pods-per-node + type: string + - name: nodes-per-namespace + type: string + - name: cl2-load-test-throughput + type: string + - name: results-bucket + type: string + - default: "" + name: slack-hook + type: string + - name: slack-message + type: string + - name: amp-workspace-id + type: string + - name: vpc-cfn-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/amazon-eks-vpc.json" + type: string + - name: ng-cfn-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_group_launch_template.json" + type: string + - name: kubernetes-version + type: string + - default: https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_service_role.json + name: service-role-cfn-url + type: string + - default: https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_role.json + name: node-role-cfn-url + type: string + - name: namespace-prefix + default: "default" + description: "The prefix of namespaces for EKS Pod Identity test." + - name: namespace-count + default: "1" + description: "The number of namespaces for EKS Pod Identity test." + - name: pia-trust-policy-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/pia-trust-policy.json" + type: string + - name: pia-test-config-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/config.yaml" + - name: pia-test-pod-spec-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/pod-default.yaml" + - name: cl2-eks-pod-identity-pods + default: "5000" + - name: cl2-default-qps + default: "200" + - name: cl2-default-burst + default: "400" + - name: cl2-uniform-qps + default: "200" + - name: timeout-pia-pod-creation + default: "10m" + tasks: + - name: slack-notification + params: + - name: slack-hook + value: $(params.slack-hook) + - name: slack-message + value: $(params.slack-message) job kicked off + taskRef: + kind: Task + name: slack-notification + - name: create-cluster-service-role + params: + - name: stack-name + value: $(params.cluster-name)-service-role + - name: role-cfn-url + value: $(params.service-role-cfn-url) + - name: role-name + value: $(params.cluster-name)-service-role + runAfter: + - slack-notification + taskRef: + kind: Task + name: awscli-role-create + - name: awscli-vpc-create + params: + - name: stack-name + value: $(params.cluster-name) + - name: vpc-cfn-url + value: $(params.vpc-cfn-url) + taskRef: + kind: Task + name: awscli-vpc-create + - name: create-cluster-node-role + params: + - name: stack-name + value: $(params.cluster-name)-node-role + - name: role-cfn-url + value: $(params.node-role-cfn-url) + - name: role-name + value: $(params.cluster-name)-node-role + runAfter: + - slack-notification + taskRef: + kind: Task + name: awscli-role-create + - name: create-eks-cluster + params: + - name: cluster-name + value: $(params.cluster-name) + - name: service-role-name + value: $(params.cluster-name)-service-role + - name: endpoint + value: $(params.endpoint) + - name: vpc-stack-name + value: $(params.cluster-name) + - name: kubernetes-version + value: $(params.kubernetes-version) + retries: 3 + runAfter: + - create-cluster-node-role + - create-cluster-service-role + - awscli-vpc-create + taskRef: + kind: Task + name: awscli-eks-cluster-create-with-vpc-stack + workspaces: + - name: config + workspace: config + - name: create-launch-template + params: + - name: cluster-name + value: $(params.cluster-name) + - name: stack-name + value: $(params.cluster-name)-launch-template + - name: kubernetes-version + value: "$(params.kubernetes-version)" + - name: ng-cfn-url + value: "$(params.ng-cfn-url)" + - name: endpoint + value: $(params.endpoint) + runAfter: + - create-eks-cluster + taskRef: + kind: Task + name: awscli-eks-cfn-launch-template + workspaces: + - name: config + workspace: config + - name: create-mng-monitoring-nodes + params: + - name: cluster-name + value: $(params.cluster-name) + - name: host-cluster-node-role-name + value: $(params.cluster-name)-node-role + - name: endpoint + value: $(params.endpoint) + - name: desired-nodes + value: "1" + - name: max-nodes + value: "1" + - name: host-instance-types + value: "m5.12xlarge m5.16xlarge r5.12xlarge r5.16xlarge c5.12xlarge c5.18xlarge" + - name: host-taints + value: key=monitoring,value=true,effect=NO_SCHEDULE + - name: nodegroup-prefix + value: monitoring- + runAfter: + - create-launch-template + taskRef: + kind: Task + name: awscli-eks-nodegroup-create + workspaces: + - name: config + workspace: config + - name: create-mng-nodes + params: + - name: cluster-name + value: $(params.cluster-name) + - name: desired-nodes + value: $(params.desired-nodes) + - name: host-cluster-node-role-name + value: $(params.cluster-name)-node-role + - name: endpoint + value: $(params.endpoint) + runAfter: + - create-mng-monitoring-nodes + taskRef: + kind: Task + name: awscli-eks-nodegroup-create + workspaces: + - name: config + workspace: config + - name: create-pod-identity-association + params: + - name: cluster-name + value: $(params.cluster-name) + - name: endpoint + value: $(params.endpoint) + - name: namespace-prefix + value: $(params.namespace-prefix) + - name: namespace-count + value: $(params.namespace-count) + - name: pia-trust-policy-url + value: $(params.pia-trust-policy-url) + runAfter: + - create-mng-nodes + taskRef: + kind: Task + name: awscli-eks-pia-create + workspaces: + - name: config + workspace: config + - name: generate-eks-pod-identity + params: + - name: cl2-eks-pod-identity-pods + value: $(params.cl2-eks-pod-identity-pods) + - name: cl2-default-qps + value: $(params.cl2-default-qps) + - name: cl2-default-burst + value: $(params.cl2-default-burst) + - name: cl2-uniform-qps + value: $(params.cl2-uniform-qps) + - name: results-bucket + value: $(params.results-bucket) + - name: nodes + value: $(params.desired-nodes) + - name: cluster-name + value: $(params.cluster-name) + - name: namespace-prefix + value: $(params.namespace-prefix) + - name: namespace-count + value: $(params.namespace-count) + - name: pia-test-config-url + value: $(params.pia-test-config-url) + - name: pia-test-pod-spec-url + value: $(params.pia-test-pod-spec-url) + - name: timeout-pia-pod-creation + value: $(params.timeout-pia-pod-creation) + - name: amp-workspace-id + value: '$(params.amp-workspace-id)' + runAfter: + - create-pod-identity-association + taskRef: + kind: Task + name: load-pod-identity + workspaces: + - name: source + workspace: source + - name: results + workspace: results + - name: config + workspace: config + - name: generate + params: + - name: cluster-name + value: $(params.cluster-name) + - name: pods-per-node + value: $(params.pods-per-node) + - name: nodes-per-namespace + value: $(params.nodes-per-namespace) + - name: cl2-load-test-throughput + value: $(params.cl2-load-test-throughput) + - name: results-bucket + value: $(params.results-bucket) + - name: nodes + value: $(params.desired-nodes) + - name: amp-workspace-id + value: $(params.amp-workspace-id) + runAfter: + - generate-eks-pod-identity + taskRef: + kind: Task + name: load-slos + workspaces: + - name: source + workspace: source + - name: results + workspace: results + - name: config + workspace: config + - name: cw-metrics + params: + - name: dimensions + value: $(params.desired-nodes) + - name: value + value: $(tasks.generate.results.datapoint) + - name: namespace + value: $(params.kubernetes-version) + runAfter: + - generate-eks-pod-identity + taskRef: + kind: Task + name: cloudwatch + workspaces: + - name: source + - name: results + - name: config diff --git a/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml b/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml new file mode 100644 index 00000000..28abcff5 --- /dev/null +++ b/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml @@ -0,0 +1,270 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: awscli-eks-cl2loadtest-with-pod-identity + namespace: scalability +spec: + params: + - name: cluster-name + - name: endpoint + default: https://api.beta.us-west-2.wesley.amazonaws.com + - name: desired-nodes + default: "1000" + - name: cl2-eks-pod-identity-pods + default: "5000" + - name: cl2-default-qps + default: "500" + - name: cl2-default-burst + default: "1000" + - name: cl2-uniform-qps + default: "500" + - name: namespace-prefix + default: "default" + - name: namespaces + default: "1" + - name: results-bucket + - name: slack-hook + - name: slack-message + - name: vpc-cfn-url + - name: ng-cfn-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_group_launch_template.json" + type: string + - name: kubernetes-version + default: "1.31" + - name: amp-workspace-id + default: "" + - name: service-role-cfn-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_service_role.json" + - name: node-role-cfn-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_role.json" + tasks: + - name: slack-notification + params: + - name: slack-hook + value: $(params.slack-hook) + - name: slack-message + value: "$(params.slack-message) job kicked off" + taskRef: + kind: Task + name: slack-notification + - name: awscli-vpc-create + params: + - name: stack-name + value: $(params.cluster-name) + - name: vpc-cfn-url + value: "$(params.vpc-cfn-url)" + taskRef: + kind: Task + name: awscli-vpc-create + - name: create-cluster-service-role + params: + - name: stack-name + value: $(params.cluster-name)-service-role + - name: role-cfn-url + value: $(params.service-role-cfn-url) + - name: role-name + value: "$(params.cluster-name)-service-role" + taskRef: + kind: Task + name: awscli-role-create + - name: create-cluster-node-role + params: + - name: stack-name + value: $(params.cluster-name)-node-role + - name: role-cfn-url + value: $(params.node-role-cfn-url) + - name: role-name + value: "$(params.cluster-name)-node-role" + taskRef: + kind: Task + name: awscli-role-create + - name: create-eks-cluster + params: + - name: cluster-name + value: $(params.cluster-name) + - name: service-role-name + value: "$(params.cluster-name)-service-role" + - name: endpoint + value: $(params.endpoint) + - name: vpc-stack-name + value: $(params.cluster-name) + - name: kubernetes-version + value: "$(params.kubernetes-version)" + runAfter: + - create-cluster-node-role + - create-cluster-service-role + - awscli-vpc-create + taskRef: + kind: Task + name: awscli-eks-cluster-create-with-vpc-stack + workspaces: + - name: config + workspace: config + - name: create-cfn-launch-template + params: + - name: cluster-name + value: $(params.cluster-name) + - name: stack-name + value: $(params.cluster-name)-launch-template + - name: kubernetes-version + value: "$(params.kubernetes-version)" + - name: ng-cfn-url + value: "$(params.ng-cfn-url)" + - name: endpoint + value: $(params.endpoint) + runAfter: + - create-eks-cluster + taskRef: + kind: Task + name: awscli-eks-cfn-launch-template + workspaces: + - name: config + workspace: config + - name: create-mng-monitoring-nodes + params: + - name: cluster-name + value: $(params.cluster-name) + - name: host-cluster-node-role-name + value: "$(params.cluster-name)-node-role" + - name: endpoint + value: $(params.endpoint) + - name: desired-nodes + value: "1" + - name: max-nodes + value: "1" + - name: host-instance-types + value: "m5.4xlarge" + - name: host-taints + value: "key=monitoring,value=true,effect=NO_SCHEDULE" + - name: nodegroup-prefix + value: "monitoring-" + runAfter: + - create-cfn-launch-template + taskRef: + kind: Task + name: awscli-eks-nodegroup-create + workspaces: + - name: config + workspace: config + - name: install-fluentbit-addon + params: + - name: cluster-name + value: $(params.cluster-name) + runAfter: + - create-mng-monitoring-nodes + taskRef: + kind: Task + name: eks-addon-fluentbit + workspaces: + - name: config + workspace: config + - name: create-mng-nodes + params: + - name: cluster-name + value: $(params.cluster-name) + - name: desired-nodes + value: $(params.desired-nodes) + - name: host-cluster-node-role-name + value: "$(params.cluster-name)-node-role" + - name: endpoint + value: $(params.endpoint) + runAfter: + - install-fluentbit-addon + taskRef: + kind: Task + name: awscli-eks-nodegroup-create + workspaces: + - name: config + workspace: config + - name: create-pod-identity-association + params: + - name: cluster-name + value: $(params.cluster-name) + - name: endpoint + value: $(params.endpoint) + - name: namespace-prefix + value: $(params.namespace-prefix) + - name: namespaces + value: $(params.namespaces) + runAfter: + - create-mng-nodes + taskRef: + kind: Task + name: awscli-eks-pia-create + workspaces: + - name: config + workspace: config + - name: generate + params: + - name: cl2-eks-pod-identity-pods + value: $(params.cl2-eks-pod-identity-pods) + - name: cl2-default-qps + value: $(params.cl2-default-qps) + - name: cl2-default-burst + value: $(params.cl2-default-burst) + - name: cl2-uniform-qps + value: $(params.cl2-uniform-qps) + - name: results-bucket + value: $(params.results-bucket) + - name: nodes + value: $(params.desired-nodes) + - name: cluster-name + value: $(params.cluster-name) + - name: namespace-prefix + value: $(params.namespace-prefix) + - name: namespaces + value: $(params.namespaces) + - name: amp-workspace-id + value: '$(params.amp-workspace-id)' + runAfter: + - create-pod-identity-association + taskRef: + kind: Task + name: load-pod-identity + workspaces: + - name: source + workspace: source + - name: results + workspace: results + - name: config + workspace: config + - name: cw-metrics + params: + - name: dimensions + value: $(params.desired-nodes) + - name: value + value: $(tasks.generate.results.datapoint) + - name: namespace + value: $(params.kubernetes-version) + runAfter: + - generate + taskRef: + kind: Task + name: cloudwatch + finally: + - name: teardown + retries: 10 # To deal with throttling during deletion + params: + - name: cluster-name + value: $(params.cluster-name) + - name: endpoint + value: $(params.endpoint) + - name: namespaces + value: $(params.namespaces) + - name: slack-hook + value: $(params.slack-hook) + - name: slack-message + value: "$(params.slack-message) job completed" + - name: service-role-stack-name + value: $(params.cluster-name)-service-role + - name: node-role-stack-name + value: $(params.cluster-name)-node-role + - name: launch-template-stack-name + value: $(params.cluster-name)-launch-template + taskRef: + kind: Task + name: awscli-eks-cluster-teardown + workspaces: + - name: source + - name: results + - name: config diff --git a/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml new file mode 100644 index 00000000..2b24ecb3 --- /dev/null +++ b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml @@ -0,0 +1,163 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: load-pod-identity + namespace: scalability +spec: + description: "clusterloader2 task to run various types of cl2 tests on a given cluster." + params: + - name: giturl + description: "git url to clone the package" + default: https://github.com/xdu31/perf-tests.git + - name: cl2-branch + description: "The branch of clusterloader2 you want to use" + default: "eks-pod-identity" + - name: cl2-eks-pod-identity-pods + description: "pods for testing eks pod identity service" + default: "5000" + - name: cl2-default-qps + description: "default qps" + default: "500" + - name: cl2-default-burst + description: "default burst" + default: "1000" + - name: cl2-uniform-qps + description: "uniform qps" + default: "500" + - name: nodes + description: "number of dataplane nodes to run the load test against" + default: "1000" + - name: results-bucket + description: "Results bucket with path of s3 to upload results" + - name: region + default: "us-west-2" + description: The region where the cluster is in. + - name: cluster-name + description: "The name of the EKS cluster you want to spin" + - name: namespace-prefix + default: "default" + description: "The namespace prefix" + - name: namespaces + default: "1" + description: "The number of namespaces" + - name: amp-workspace-id + description: The AMP workspace ID where remote write needs to happen. + default: "" + results: + - name: datapoint + description: Stores the CL2 result that can be consumed by other tasks (e.g. cloudwatch) + - name: s3_result + description: Stores the S3 result path after compute + workspaces: + - name: source + mountPath: /src/k8s.io/ + - name: results + - name: config + mountPath: /config/ + stepTemplate: + env: + - name: KUBECONFIG + value: /config/kubeconfig + steps: + - name: git-clone + image: alpine/git + workingDir: $(workspaces.source.path) + script: | + git clone $(params.giturl) + cd $(workspaces.source.path)/perf-tests/ + git fetch origin --verbose --tags + git checkout $(params.cl2-branch) + git branch + - name: prepare-loadtest + image: golang:1.23 + workingDir: $(workspaces.source.path) + script: | + S3_RESULT_PATH=$(params.results-bucket) + echo $S3_RESULT_PATH > $(results.s3_result.path) + echo "S3 Path: $S3_RESULT_PATH" + cat > "$(workspaces.source.path)/overrides.yaml" <> $(workspaces.source.path)/perf-tests/clusterloader2/pkg/prometheus/manifests/prometheus-prometheus.yaml + containers: + - name: aws-sigv4-proxy-sidecar + image: public.ecr.aws/aws-observability/aws-sigv4-proxy:1.0 + args: + - --name + - aps + - --region + - $(params.region) + - --host + - aps-workspaces.$(params.region).amazonaws.com + - --port + - :8005 + ports: + - name: aws-sigv4-proxy + containerPort: 8005 + remoteWrite: + - url: http://localhost:8005/workspaces/$(params.amp-workspace-id)/api/v1/remote_write + queueConfig: + capacity: 2500 + maxSamplesPerSend: 1000 + maxShards: 200 + externalLabels: + cluster_name: $(params.cluster-name) + s3_path: $S3_RESULT_PATH + EOF + cat $(workspaces.source.path)/perf-tests/clusterloader2/pkg/prometheus/manifests/prometheus-prometheus.yaml + cat << EOF >> $(workspaces.source.path)/perf-tests/clusterloader2/pkg/prometheus/manifests/0prometheus-operator-deployment.yaml + tolerations: + - key: monitoring + operator: Exists + effect: NoSchedule + EOF + cat $(workspaces.source.path)/perf-tests/clusterloader2/pkg/prometheus/manifests/0prometheus-operator-deployment.yaml + fi + # Building clusterloader2 binary + cd $(workspaces.source.path)/perf-tests/clusterloader2/ + GOOS=linux CGO_ENABLED=0 go build -v -o ./clusterloader ./cmd + - name: run-loadtest + image: alpine/k8s:1.30.2 + onError: continue + script: | + #!/bin/bash + if [ -n "$(params.amp-workspace-id)" ]; then + export ENABLE_PROMETHEUS_SERVER=true + export PROMETHEUS_PVC_STORAGE_CLASS=gp2 + export PROMETHEUS_SCRAPE_KUBE_PROXY=false + export PROMETHEUS_KUBE_PROXY_SELECTOR_KEY=k8s-app + export PROMETHEUS_SCRAPE_APISERVER_ONLY=true + fi + cat $(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity/config.yaml + cd $(workspaces.source.path)/perf-tests/clusterloader2/ + ENABLE_EXEC_SERVICE=false ./clusterloader --kubeconfig=$KUBECONFIG --testconfig=$(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity/config.yaml --testoverrides=$(workspaces.source.path)/overrides.yaml --nodes=$(params.nodes) --provider=eks --report-dir=$(workspaces.results.path) --alsologtostderr --v=2 + exit_code=$? + if [ $exit_code -eq 0 ]; then + echo "1" | tee $(results.datapoint.path) + else + echo "0" | tee $(results.datapoint.path) + fi + exit $exit_code + timeout: 30000s + - name: upload-results + image: amazon/aws-cli + workingDir: $(workspaces.results.path) + script: | + S3_RESULT_PATH=$(cat $(results.s3_result.path)) + echo "S3 Path: $S3_RESULT_PATH" + aws sts get-caller-identity + # we expect to see all files from loadtest that clusterloader2 outputs here in this dir + ls -larth + aws s3 cp . s3://$S3_RESULT_PATH/ --recursive diff --git a/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml b/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml index 2751af91..b04a02aa 100644 --- a/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml +++ b/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml @@ -3,11 +3,11 @@ apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: awscli-eks-cluster-create-with-vpc-stack - namespace: scalability + namespace: scalability spec: description: | Create an EKS cluster. - This Task can be used to create an EKS cluster for a given service role, region in an AWS account + This Task can be used to create an EKS cluster for a given service role, region in an AWS account params: - name: cluster-name description: The name of the EKS cluster you want to spin. @@ -53,11 +53,11 @@ spec: echo "subnets=$subnets" sg=$(aws cloudformation --region $(params.region) describe-stacks --stack-name $(params.vpc-stack-name) --query='Stacks[].Outputs[?OutputKey==`SecurityGroups`].OutputValue' --output text) echo "securitygroup=$sg" - + if [ "$CREATED_CLUSTER" == "" ]; then aws eks create-cluster --name $(params.cluster-name) --region $(params.region) --kubernetes-version $(params.kubernetes-version) --role-arn $SERVICE_ROLE_ARN --resources-vpc-config subnetIds=$subnets,securityGroupIds=$sg $ENDPOINT_FLAG fi - aws eks $ENDPOINT_FLAG --region $(params.region) wait cluster-active --name $(params.cluster-name) + aws eks $ENDPOINT_FLAG --region $(params.region) wait cluster-active --name $(params.cluster-name) - name: write-kubeconfig image: alpine/k8s:1.23.7 script: | @@ -69,8 +69,8 @@ spec: - name: install-addons-and-validate image: alpine/k8s:1.23.7 script: | - # enable PD on the cluster - kubectl api-versions + # enable PD on the cluster + kubectl api-versions kubectl api-resources # Apiserver is not recongnizing deamonset for sometime inconsistently, need to see if livez/readyz are healthy while true; do date && kubectl get --raw "/readyz" --v=10 && break ; sleep 5; done @@ -110,11 +110,10 @@ spec: } }' -n kube-system kubectl scale --replicas 1000 deploy coredns -n kube-system - #ToDo - remove these comments after experimentation - # Install EKS Pod Identity Agent - # ENDPOINT_FLAG="" - # if [ -n "$(params.endpoint)" ]; then - # ENDPOINT_FLAG="--endpoint $(params.endpoint)" - # fi - # aws eks $ENDPOINT_FLAG create-addon --cluster-name $(params.cluster-name) --addon-name eks-pod-identity-agent --addon-version v1.0.0-eksbuild.1 - # aws eks $ENDPOINT_FLAG --region $(params.region) wait cluster-active --name $(params.cluster-name) \ No newline at end of file + # Install EKS Pod Identity Agent + ENDPOINT_FLAG="" + if [ -n "$(params.endpoint)" ]; then + ENDPOINT_FLAG="--endpoint $(params.endpoint)" + fi + aws eks $ENDPOINT_FLAG create-addon --cluster-name $(params.cluster-name) --addon-name eks-pod-identity-agent --addon-version v1.3.5-eksbuild.2 + aws eks $ENDPOINT_FLAG --region $(params.region) wait cluster-active --name $(params.cluster-name) diff --git a/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml b/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml new file mode 100644 index 00000000..da46cbf2 --- /dev/null +++ b/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: awscli-eks-pia-create + namespace: scalability +spec: + description: | + Create an EKS Pod Identity Association for a given cluster. + This Task can be used to create an EKS Pod Identity Association for namespace default and service account default. + params: + - name: cluster-name + description: The name of the EKS cluster you want to create an EKS Pod Identity Association for. + - name: region + default: "us-west-2" + description: The region where the cluster is in. + - name: endpoint + default: "" + - name: namespace-prefix + default: "default" + - name: namespaces + default: "1" + workspaces: + - name: config + mountPath: /config/ + stepTemplate: + env: + - name: KUBECONFIG + value: /config/kubeconfig + steps: + - name: write-kubeconfig + image: alpine/k8s:1.31.5 + script: | + ENDPOINT_FLAG="" + if [ -n "$(params.endpoint)" ]; then + ENDPOINT_FLAG="--endpoint $(params.endpoint)" + fi + aws eks $ENDPOINT_FLAG update-kubeconfig --name $(params.cluster-name) --region $(params.region) + - name: create-pia + image: alpine/k8s:1.31.5 + script: | + ENDPOINT_FLAG="" + if [ -n "$(params.endpoint)" ]; then + ENDPOINT_FLAG="--endpoint $(params.endpoint)" + fi + + MANAGED_POLICY_ARN="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" + TRUST_POLICY_FILE="pia-trust-policy.json" + # create a trust policy json file + cat > $TRUST_POLICY_FILE </dev/null) + if [ "$PIA_ROLE_EXISTS" == "$PIA_ROLE_NAME" ]; then + aws iam detach-role-policy --role-name $PIA_ROLE_NAME --policy-arn $MANAGED_POLICY_ARN + aws iam delete-role --role-name $PIA_ROLE_NAME + echo "Role $PIA_ROLE_NAME deleted successfully." + else + echo "Role $PIA_ROLE_NAME does not exist, no action needed." + fi + done - name: teardown-eks-role-stack image: alpine/k8s:1.23.7 script: | @@ -59,7 +74,7 @@ spec: image: alpine/k8s:1.23.7 script: | #!/bin/bash - aws sts get-caller-identity + aws sts get-caller-identity # Check if the stack exists aws cloudformation --region $(params.region) describe-stacks --stack-name $(params.cluster-name) if [ $? -ne 0 ]; then @@ -69,7 +84,7 @@ spec: echo "Deleting stack $(params.cluster-name)..." fi #Deletes the CFN stack - aws cloudformation delete-stack --region $(params.region) --stack-name $(params.cluster-name) + aws cloudformation delete-stack --region $(params.region) --stack-name $(params.cluster-name) # Wait for the stack to be deleted aws cloudformation wait stack-delete-complete --region $(params.region) --stack-name $(params.cluster-name) - echo "Stack deleted successfully!" \ No newline at end of file + echo "Stack deleted successfully!" From 5b9d697a6aec2025247da0f60eaf8117fc677a26 Mon Sep 17 00:00:00 2001 From: xdu31 Date: Fri, 28 Feb 2025 19:59:51 -0800 Subject: [PATCH 2/5] Review comments --- tests/assets/pia-trust-policy.json | 15 ++++++++++++++ ...awscli-eks-cl2-load-with-pod-identity.yaml | 20 ++++++++++++------- .../clusterloader/load-pod-identity.yaml | 16 +++++++-------- .../tasks/setup/eks/awscli-cp-with-vpc.yaml | 5 ++++- .../eks/awscli-pod-identity-association.yaml | 9 +++++++-- .../tasks/teardown/awscli-eks.yaml | 7 ++++--- 6 files changed, 51 insertions(+), 21 deletions(-) create mode 100644 tests/assets/pia-trust-policy.json diff --git a/tests/assets/pia-trust-policy.json b/tests/assets/pia-trust-policy.json new file mode 100644 index 00000000..49458bfa --- /dev/null +++ b/tests/assets/pia-trust-policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "beta.pods.eks.aws.internal" + }, + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ] + } + ] +} diff --git a/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml b/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml index 28abcff5..e5bd4c06 100644 --- a/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml +++ b/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml @@ -20,8 +20,10 @@ spec: default: "500" - name: namespace-prefix default: "default" - - name: namespaces + description: "The prefix of namespaces for EKS Pod Identity test." + - name: namespace-count default: "1" + description: "The number of namespaces for EKS Pod Identity test." - name: results-bucket - name: slack-hook - name: slack-message @@ -37,6 +39,8 @@ spec: default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_service_role.json" - name: node-role-cfn-url default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_role.json" + - name: pia-trust-policy-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/pia-trust-policy.json" tasks: - name: slack-notification params: @@ -184,8 +188,10 @@ spec: value: $(params.endpoint) - name: namespace-prefix value: $(params.namespace-prefix) - - name: namespaces - value: $(params.namespaces) + - name: namespace-count + value: $(params.namespace-count) + - name: pia-trust-policy-url + value: $(params.pia-trust-policy-url) runAfter: - create-mng-nodes taskRef: @@ -212,8 +218,8 @@ spec: value: $(params.cluster-name) - name: namespace-prefix value: $(params.namespace-prefix) - - name: namespaces - value: $(params.namespaces) + - name: namespace-count + value: $(params.namespace-count) - name: amp-workspace-id value: '$(params.amp-workspace-id)' runAfter: @@ -249,8 +255,8 @@ spec: value: $(params.cluster-name) - name: endpoint value: $(params.endpoint) - - name: namespaces - value: $(params.namespaces) + - name: namespace-count + value: $(params.namespace-count) - name: slack-hook value: $(params.slack-hook) - name: slack-message diff --git a/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml index 2b24ecb3..196015d3 100644 --- a/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml +++ b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml @@ -15,19 +15,19 @@ spec: default: "eks-pod-identity" - name: cl2-eks-pod-identity-pods description: "pods for testing eks pod identity service" - default: "5000" + default: "2000" - name: cl2-default-qps description: "default qps" default: "500" - name: cl2-default-burst description: "default burst" - default: "1000" + default: "800" - name: cl2-uniform-qps description: "uniform qps" - default: "500" + default: "400" - name: nodes description: "number of dataplane nodes to run the load test against" - default: "1000" + default: "800" - name: results-bucket description: "Results bucket with path of s3 to upload results" - name: region @@ -37,10 +37,10 @@ spec: description: "The name of the EKS cluster you want to spin" - name: namespace-prefix default: "default" - description: "The namespace prefix" - - name: namespaces + description: "The prefix of namespaces for EKS Pod Identity test." + - name: namespace-count default: "1" - description: "The number of namespaces" + description: "The number of namespaces for EKS Pod Identity test" - name: amp-workspace-id description: The AMP workspace ID where remote write needs to happen. default: "" @@ -82,7 +82,7 @@ spec: CL2_DEFAULT_BURST: $(params.cl2-default-burst) CL2_UNIFORM_QPS: $(params.cl2-uniform-qps) CL2_NAMESPACE_PREFIX: $(params.namespace-prefix) - CL2_NAMESPACES: $(params.namespaces) + CL2_NAMESPACE_COUNT: $(params.namespace-count) CL2_PROMETHEUS_NODE_SELECTOR: "eks.amazonaws.com/nodegroup: monitoring-$(params.cluster-name)-nodes-1" EOL cat $(workspaces.source.path)/overrides.yaml diff --git a/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml b/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml index b04a02aa..a04c507d 100644 --- a/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml +++ b/tests/tekton-resources/tasks/setup/eks/awscli-cp-with-vpc.yaml @@ -27,6 +27,9 @@ spec: - name: aws-ebs-csi-driver-version default: release-1.13 description: The release version for aws ebs csi driver. + - name: aws-pod-identity-agent-version + default: v1.3.5-eksbuild.2 + description: The release version for aws pod identity agent. workspaces: - name: config mountPath: /config/ @@ -115,5 +118,5 @@ spec: if [ -n "$(params.endpoint)" ]; then ENDPOINT_FLAG="--endpoint $(params.endpoint)" fi - aws eks $ENDPOINT_FLAG create-addon --cluster-name $(params.cluster-name) --addon-name eks-pod-identity-agent --addon-version v1.3.5-eksbuild.2 + aws eks $ENDPOINT_FLAG create-addon --cluster-name $(params.cluster-name) --addon-name eks-pod-identity-agent --addon-version $(params.aws-pod-identity-agent-version) aws eks $ENDPOINT_FLAG --region $(params.region) wait cluster-active --name $(params.cluster-name) diff --git a/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml b/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml index da46cbf2..0cea0fab 100644 --- a/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml +++ b/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml @@ -18,8 +18,12 @@ spec: default: "" - name: namespace-prefix default: "default" - - name: namespaces + description: "The prefix of namespaces for EKS Pod Identity test." + - name: namespace-count default: "1" + description: "The number of namespaces for EKS Pod Identity test." + - name: pia-trust-policy-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/pia-trust-policy.json" workspaces: - name: config mountPath: /config/ @@ -47,6 +51,7 @@ spec: MANAGED_POLICY_ARN="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" TRUST_POLICY_FILE="pia-trust-policy.json" # create a trust policy json file + curl -s $(params.pia-trust-policy-url) -o ./$TRUST_POLICY_FILE cat > $TRUST_POLICY_FILE </dev/null) if [ "$PIA_ROLE_EXISTS" == "$PIA_ROLE_NAME" ]; then From 88e1632709f099880226a91f791ba3421d3921ae Mon Sep 17 00:00:00 2001 From: xdu31 Date: Wed, 5 Mar 2025 13:32:54 -0800 Subject: [PATCH 3/5] Refactoring to use awscli-cl2-load-with-addons-slos pipeline --- tests/assets/eks-pod-identity/config.yaml | 84 ++++++ .../pia-trust-policy.json | 0 .../assets/eks-pod-identity/pod-default.yaml | 15 + .../eks/awscli-cl2-load-with-addons-slos.yaml | 89 +++++- ...awscli-eks-cl2-load-with-pod-identity.yaml | 276 ------------------ .../clusterloader/load-pod-identity.yaml | 18 +- .../eks/awscli-pod-identity-association.yaml | 19 +- 7 files changed, 203 insertions(+), 298 deletions(-) create mode 100644 tests/assets/eks-pod-identity/config.yaml rename tests/assets/{ => eks-pod-identity}/pia-trust-policy.json (100%) create mode 100644 tests/assets/eks-pod-identity/pod-default.yaml delete mode 100644 tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml diff --git a/tests/assets/eks-pod-identity/config.yaml b/tests/assets/eks-pod-identity/config.yaml new file mode 100644 index 00000000..eebfe684 --- /dev/null +++ b/tests/assets/eks-pod-identity/config.yaml @@ -0,0 +1,84 @@ +{{$namespacePrefix := DefaultParam .CL2_NAMESPACE_PREFIX "default"}} +{{$namespaceCount := DefaultParam .CL2_NAMESPACE_COUNT 1}} +{{$totalEksPodIdentityPods := DefaultParam .CL2_EKS_POD_IDENTITY_PODS 5000}} +{{$timeoutEksPodIdentityPodCreation := DefaultParam .CL2_TIMEOUT_EKS_POD_IDENTITY_POD_CREATION "5m"}} +{{$defaultQps := DefaultParam .CL2_DEFAULT_QPS 500}} +{{$defaultBurst := DefaultParam .CL2_DEFAULT_BURST 1000}} +{{$uniformQps := DefaultParam .CL2_UNIFORM_QPS 500}} + +{{$SCHEDULER_THROUGHPUT_THRESHOLD := DefaultParam .CL2_SCHEDULER_THROUGHPUT_THRESHOLD 300}} + +name: eks-pod-identity +tuningSets: +# default is a tuningset that is meant to be used when we don't have any specific requirements on pace of operations. +- name: default + globalQPSLoad: + qps: {{$defaultQps}} + burst: {{$defaultBurst}} +- name: UniformQPS + qpsLoad: + qps: {{$uniformQps}} +steps: +- name: Creating eks pod identity measurements + measurements: + - Identifier: EksPodIdentityPodStartupLatency + Method: PodStartupLatency + Params: + action: start + labelSelector: group = eks-pod-identity + threshold: 10s + - Identifier: EksPodIdentity +# TODO: Move to SchedulingThroughputPrometheus which requires cl2 prom stack setup as pre-req + Method: SchedulingThroughput + Params: + action: start + labelSelector: group = eks-pod-identity + measurmentInterval: 1s +# a pod identity association with (namespace: default, sa: default) is created as prerequisite +- name: create eks pod identity pods + phases: + - namespaceRange: + min: 1 + max: {{$namespaceCount}} + baseName: {{$namespacePrefix}} + replicasPerNamespace: {{$totalEksPodIdentityPods}} + tuningSet: UniformQPS + objectBundle: + - basename: eks-pod-identity + objectTemplatePath: pod-default.yaml + templateFillMap: + Group: eks-pod-identity +- name: Waiting for eks pod identity pods to be created + measurements: + - Identifier: WaitForEksPodIdentityPods + Method: WaitForRunningPods + Params: + action: gather + timeout: {{$timeoutEksPodIdentityPodCreation}} + desiredPodCount: {{$totalEksPodIdentityPods}} + labelSelector: group = eks-pod-identity +- name: Collecting eks pod identity measurements + measurements: + - Identifier: EksPodIdentityPodStartupLatency + Method: PodStartupLatency + Params: + action: gather + - Identifier: EksPodIdentity + Method: SchedulingThroughput + Params: + action: gather + enableViolations: true + threshold: {{$SCHEDULER_THROUGHPUT_THRESHOLD}} +- name: Delete eks pod identity pods + phases: + - namespaceRange: + min: 1 + max: {{$namespaceCount}} + baseName: {{$namespacePrefix}} + replicasPerNamespace: 0 + tuningSet: default + objectBundle: + - basename: eks-pod-identity + objectTemplatePath: pod-default.yaml + templateFillMap: + Group: eks-pod-identity diff --git a/tests/assets/pia-trust-policy.json b/tests/assets/eks-pod-identity/pia-trust-policy.json similarity index 100% rename from tests/assets/pia-trust-policy.json rename to tests/assets/eks-pod-identity/pia-trust-policy.json diff --git a/tests/assets/eks-pod-identity/pod-default.yaml b/tests/assets/eks-pod-identity/pod-default.yaml new file mode 100644 index 00000000..4816cd87 --- /dev/null +++ b/tests/assets/eks-pod-identity/pod-default.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + generateName: eks-pod-identity-pod-churn- + labels: + group: {{.Group}} +spec: + containers: + - image: registry.k8s.io/pause:3.9 + name: pause + initContainers: + - name: app-init + image: amazon/aws-cli:latest + command: ["/bin/sh"] + args: ["-c", "aws sts get-caller-identity"] diff --git a/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml b/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml index e96bb90c..d1142d2b 100644 --- a/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml +++ b/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml @@ -21,6 +21,8 @@ spec: value: $(params.cluster-name)-node-role - name: launch-template-stack-name value: $(params.cluster-name)-launch-template + - name: namespace-count + value: $(params.namespace-count) retries: 10 taskRef: kind: Task @@ -61,6 +63,29 @@ spec: - default: https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_role.json name: node-role-cfn-url type: string + - name: namespace-prefix + default: "default" + description: "The prefix of namespaces for EKS Pod Identity test." + - name: namespace-count + default: "1" + description: "The number of namespaces for EKS Pod Identity test." + - name: pia-trust-policy-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/pia-trust-policy.json" + type: string + - name: pia-test-config-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/config.yaml" + - name: pia-test-pod-spec-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/pod-default.yaml" + - name: cl2-eks-pod-identity-pods + default: "5000" + - name: cl2-default-qps + default: "500" + - name: cl2-default-burst + default: "1000" + - name: cl2-uniform-qps + default: "500" + - name: timeout-pia-pod-creation + default: "5m" tasks: - name: slack-notification params: @@ -221,6 +246,66 @@ spec: workspace: results - name: config workspace: config + - name: create-pod-identity-association + params: + - name: cluster-name + value: $(params.cluster-name) + - name: endpoint + value: $(params.endpoint) + - name: namespace-prefix + value: $(params.namespace-prefix) + - name: namespace-count + value: $(params.namespace-count) + - name: pia-trust-policy-url + value: $(params.pia-trust-policy-url) + runAfter: + - generate + taskRef: + kind: Task + name: awscli-eks-pia-create + workspaces: + - name: config + workspace: config + - name: generate-eks-pod-identity + params: + - name: cl2-eks-pod-identity-pods + value: $(params.cl2-eks-pod-identity-pods) + - name: cl2-default-qps + value: $(params.cl2-default-qps) + - name: cl2-default-burst + value: $(params.cl2-default-burst) + - name: cl2-uniform-qps + value: $(params.cl2-uniform-qps) + - name: results-bucket + value: $(params.results-bucket) + - name: nodes + value: $(params.desired-nodes) + - name: cluster-name + value: $(params.cluster-name) + - name: namespace-prefix + value: $(params.namespace-prefix) + - name: namespace-count + value: $(params.namespace-count) + - name: pia-test-config-url + value: $(params.pia-test-config-url) + - name: pia-test-pod-spec-url + value: $(params.pia-test-pod-spec-url) + - name: timeout-pia-pod-creation + value: $(params.timeout-pia-pod-creation) + - name: amp-workspace-id + value: '$(params.amp-workspace-id)' + runAfter: + - create-pod-identity-association + taskRef: + kind: Task + name: load-pod-identity + workspaces: + - name: source + workspace: source + - name: results + workspace: results + - name: config + workspace: config - name: cw-metrics params: - name: dimensions @@ -230,11 +315,11 @@ spec: - name: namespace value: $(params.kubernetes-version) runAfter: - - generate + - generate-eks-pod-identity taskRef: kind: Task name: cloudwatch workspaces: - name: source - name: results - - name: config \ No newline at end of file + - name: config diff --git a/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml b/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml deleted file mode 100644 index e5bd4c06..00000000 --- a/tests/tekton-resources/pipelines/eks/awscli-eks-cl2-load-with-pod-identity.yaml +++ /dev/null @@ -1,276 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: awscli-eks-cl2loadtest-with-pod-identity - namespace: scalability -spec: - params: - - name: cluster-name - - name: endpoint - default: https://api.beta.us-west-2.wesley.amazonaws.com - - name: desired-nodes - default: "1000" - - name: cl2-eks-pod-identity-pods - default: "5000" - - name: cl2-default-qps - default: "500" - - name: cl2-default-burst - default: "1000" - - name: cl2-uniform-qps - default: "500" - - name: namespace-prefix - default: "default" - description: "The prefix of namespaces for EKS Pod Identity test." - - name: namespace-count - default: "1" - description: "The number of namespaces for EKS Pod Identity test." - - name: results-bucket - - name: slack-hook - - name: slack-message - - name: vpc-cfn-url - - name: ng-cfn-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_group_launch_template.json" - type: string - - name: kubernetes-version - default: "1.31" - - name: amp-workspace-id - default: "" - - name: service-role-cfn-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_service_role.json" - - name: node-role-cfn-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_role.json" - - name: pia-trust-policy-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/pia-trust-policy.json" - tasks: - - name: slack-notification - params: - - name: slack-hook - value: $(params.slack-hook) - - name: slack-message - value: "$(params.slack-message) job kicked off" - taskRef: - kind: Task - name: slack-notification - - name: awscli-vpc-create - params: - - name: stack-name - value: $(params.cluster-name) - - name: vpc-cfn-url - value: "$(params.vpc-cfn-url)" - taskRef: - kind: Task - name: awscli-vpc-create - - name: create-cluster-service-role - params: - - name: stack-name - value: $(params.cluster-name)-service-role - - name: role-cfn-url - value: $(params.service-role-cfn-url) - - name: role-name - value: "$(params.cluster-name)-service-role" - taskRef: - kind: Task - name: awscli-role-create - - name: create-cluster-node-role - params: - - name: stack-name - value: $(params.cluster-name)-node-role - - name: role-cfn-url - value: $(params.node-role-cfn-url) - - name: role-name - value: "$(params.cluster-name)-node-role" - taskRef: - kind: Task - name: awscli-role-create - - name: create-eks-cluster - params: - - name: cluster-name - value: $(params.cluster-name) - - name: service-role-name - value: "$(params.cluster-name)-service-role" - - name: endpoint - value: $(params.endpoint) - - name: vpc-stack-name - value: $(params.cluster-name) - - name: kubernetes-version - value: "$(params.kubernetes-version)" - runAfter: - - create-cluster-node-role - - create-cluster-service-role - - awscli-vpc-create - taskRef: - kind: Task - name: awscli-eks-cluster-create-with-vpc-stack - workspaces: - - name: config - workspace: config - - name: create-cfn-launch-template - params: - - name: cluster-name - value: $(params.cluster-name) - - name: stack-name - value: $(params.cluster-name)-launch-template - - name: kubernetes-version - value: "$(params.kubernetes-version)" - - name: ng-cfn-url - value: "$(params.ng-cfn-url)" - - name: endpoint - value: $(params.endpoint) - runAfter: - - create-eks-cluster - taskRef: - kind: Task - name: awscli-eks-cfn-launch-template - workspaces: - - name: config - workspace: config - - name: create-mng-monitoring-nodes - params: - - name: cluster-name - value: $(params.cluster-name) - - name: host-cluster-node-role-name - value: "$(params.cluster-name)-node-role" - - name: endpoint - value: $(params.endpoint) - - name: desired-nodes - value: "1" - - name: max-nodes - value: "1" - - name: host-instance-types - value: "m5.4xlarge" - - name: host-taints - value: "key=monitoring,value=true,effect=NO_SCHEDULE" - - name: nodegroup-prefix - value: "monitoring-" - runAfter: - - create-cfn-launch-template - taskRef: - kind: Task - name: awscli-eks-nodegroup-create - workspaces: - - name: config - workspace: config - - name: install-fluentbit-addon - params: - - name: cluster-name - value: $(params.cluster-name) - runAfter: - - create-mng-monitoring-nodes - taskRef: - kind: Task - name: eks-addon-fluentbit - workspaces: - - name: config - workspace: config - - name: create-mng-nodes - params: - - name: cluster-name - value: $(params.cluster-name) - - name: desired-nodes - value: $(params.desired-nodes) - - name: host-cluster-node-role-name - value: "$(params.cluster-name)-node-role" - - name: endpoint - value: $(params.endpoint) - runAfter: - - install-fluentbit-addon - taskRef: - kind: Task - name: awscli-eks-nodegroup-create - workspaces: - - name: config - workspace: config - - name: create-pod-identity-association - params: - - name: cluster-name - value: $(params.cluster-name) - - name: endpoint - value: $(params.endpoint) - - name: namespace-prefix - value: $(params.namespace-prefix) - - name: namespace-count - value: $(params.namespace-count) - - name: pia-trust-policy-url - value: $(params.pia-trust-policy-url) - runAfter: - - create-mng-nodes - taskRef: - kind: Task - name: awscli-eks-pia-create - workspaces: - - name: config - workspace: config - - name: generate - params: - - name: cl2-eks-pod-identity-pods - value: $(params.cl2-eks-pod-identity-pods) - - name: cl2-default-qps - value: $(params.cl2-default-qps) - - name: cl2-default-burst - value: $(params.cl2-default-burst) - - name: cl2-uniform-qps - value: $(params.cl2-uniform-qps) - - name: results-bucket - value: $(params.results-bucket) - - name: nodes - value: $(params.desired-nodes) - - name: cluster-name - value: $(params.cluster-name) - - name: namespace-prefix - value: $(params.namespace-prefix) - - name: namespace-count - value: $(params.namespace-count) - - name: amp-workspace-id - value: '$(params.amp-workspace-id)' - runAfter: - - create-pod-identity-association - taskRef: - kind: Task - name: load-pod-identity - workspaces: - - name: source - workspace: source - - name: results - workspace: results - - name: config - workspace: config - - name: cw-metrics - params: - - name: dimensions - value: $(params.desired-nodes) - - name: value - value: $(tasks.generate.results.datapoint) - - name: namespace - value: $(params.kubernetes-version) - runAfter: - - generate - taskRef: - kind: Task - name: cloudwatch - finally: - - name: teardown - retries: 10 # To deal with throttling during deletion - params: - - name: cluster-name - value: $(params.cluster-name) - - name: endpoint - value: $(params.endpoint) - - name: namespace-count - value: $(params.namespace-count) - - name: slack-hook - value: $(params.slack-hook) - - name: slack-message - value: "$(params.slack-message) job completed" - - name: service-role-stack-name - value: $(params.cluster-name)-service-role - - name: node-role-stack-name - value: $(params.cluster-name)-node-role - - name: launch-template-stack-name - value: $(params.cluster-name)-launch-template - taskRef: - kind: Task - name: awscli-eks-cluster-teardown - workspaces: - - name: source - - name: results - - name: config diff --git a/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml index 196015d3..319af731 100644 --- a/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml +++ b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml @@ -9,10 +9,10 @@ spec: params: - name: giturl description: "git url to clone the package" - default: https://github.com/xdu31/perf-tests.git + default: https://github.com/kubernetes/perf-tests.git - name: cl2-branch description: "The branch of clusterloader2 you want to use" - default: "eks-pod-identity" + default: "master" - name: cl2-eks-pod-identity-pods description: "pods for testing eks pod identity service" default: "2000" @@ -41,6 +41,12 @@ spec: - name: namespace-count default: "1" description: "The number of namespaces for EKS Pod Identity test" + - name: pia-test-config-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/config.yaml" + - name: pia-test-pod-spec-url + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/pod-default.yaml" + - name: timeout-pia-pod-creation + default: "5m" - name: amp-workspace-id description: The AMP workspace ID where remote write needs to happen. default: "" @@ -83,6 +89,7 @@ spec: CL2_UNIFORM_QPS: $(params.cl2-uniform-qps) CL2_NAMESPACE_PREFIX: $(params.namespace-prefix) CL2_NAMESPACE_COUNT: $(params.namespace-count) + CL2_TIMEOUT_EKS_POD_IDENTITY_POD_CREATION: $(params.timeout-pia-pod-creation) CL2_PROMETHEUS_NODE_SELECTOR: "eks.amazonaws.com/nodegroup: monitoring-$(params.cluster-name)-nodes-1" EOL cat $(workspaces.source.path)/overrides.yaml @@ -140,8 +147,15 @@ spec: export PROMETHEUS_KUBE_PROXY_SELECTOR_KEY=k8s-app export PROMETHEUS_SCRAPE_APISERVER_ONLY=true fi + + #prepare eks pod identity load test config + mkdir -p $(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity + curl -s $(params.pia-test-config-url) -o $(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity/config.yaml + curl -s $(params.pia-test-pod-spec-url) -o $(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity/pod-default.yaml cat $(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity/config.yaml + cat $(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity/pod-default.yaml cd $(workspaces.source.path)/perf-tests/clusterloader2/ + ENABLE_EXEC_SERVICE=false ./clusterloader --kubeconfig=$KUBECONFIG --testconfig=$(workspaces.source.path)/perf-tests/clusterloader2/testing/eks-pod-identity/config.yaml --testoverrides=$(workspaces.source.path)/overrides.yaml --nodes=$(params.nodes) --provider=eks --report-dir=$(workspaces.results.path) --alsologtostderr --v=2 exit_code=$? if [ $exit_code -eq 0 ]; then diff --git a/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml b/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml index 0cea0fab..a569c702 100644 --- a/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml +++ b/tests/tekton-resources/tasks/setup/eks/awscli-pod-identity-association.yaml @@ -23,7 +23,7 @@ spec: default: "1" description: "The number of namespaces for EKS Pod Identity test." - name: pia-trust-policy-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/pia-trust-policy.json" + default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/pia-trust-policy.json" workspaces: - name: config mountPath: /config/ @@ -52,23 +52,6 @@ spec: TRUST_POLICY_FILE="pia-trust-policy.json" # create a trust policy json file curl -s $(params.pia-trust-policy-url) -o ./$TRUST_POLICY_FILE - cat > $TRUST_POLICY_FILE < Date: Mon, 10 Mar 2025 09:26:34 -0700 Subject: [PATCH 4/5] Use normal bundle QPS --- tests/assets/eks-pod-identity/config.yaml | 2 +- .../pipelines/eks/awscli-cl2-load-with-addons-slos.yaml | 8 ++++---- .../tasks/generators/clusterloader/load-pod-identity.yaml | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/assets/eks-pod-identity/config.yaml b/tests/assets/eks-pod-identity/config.yaml index eebfe684..617fcdcd 100644 --- a/tests/assets/eks-pod-identity/config.yaml +++ b/tests/assets/eks-pod-identity/config.yaml @@ -26,7 +26,7 @@ steps: Params: action: start labelSelector: group = eks-pod-identity - threshold: 10s + threshold: 300s - Identifier: EksPodIdentity # TODO: Move to SchedulingThroughputPrometheus which requires cl2 prom stack setup as pre-req Method: SchedulingThroughput diff --git a/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml b/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml index d1142d2b..045fde89 100644 --- a/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml +++ b/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml @@ -79,13 +79,13 @@ spec: - name: cl2-eks-pod-identity-pods default: "5000" - name: cl2-default-qps - default: "500" + default: "200" - name: cl2-default-burst - default: "1000" + default: "400" - name: cl2-uniform-qps - default: "500" + default: "200" - name: timeout-pia-pod-creation - default: "5m" + default: "10m" tasks: - name: slack-notification params: diff --git a/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml index 319af731..d4936f78 100644 --- a/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml +++ b/tests/tekton-resources/tasks/generators/clusterloader/load-pod-identity.yaml @@ -18,13 +18,13 @@ spec: default: "2000" - name: cl2-default-qps description: "default qps" - default: "500" + default: "200" - name: cl2-default-burst description: "default burst" - default: "800" + default: "400" - name: cl2-uniform-qps description: "uniform qps" - default: "400" + default: "200" - name: nodes description: "number of dataplane nodes to run the load test against" default: "800" From b3ece89d708822b8e8980240841148f7473d40c3 Mon Sep 17 00:00:00 2001 From: xdu31 Date: Mon, 10 Mar 2025 14:58:15 -0700 Subject: [PATCH 5/5] Move pod identity tests before cl2 --- tests/assets/eks-pod-identity/config.yaml | 2 +- ...awscli-cl2-load-with-addons-slos.yaml.orig | 325 ------------------ .../eks/awscli-cl2-load-with-addons-slos.yaml | 58 ++-- 3 files changed, 30 insertions(+), 355 deletions(-) delete mode 100644 tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig diff --git a/tests/assets/eks-pod-identity/config.yaml b/tests/assets/eks-pod-identity/config.yaml index 617fcdcd..f62bae8b 100644 --- a/tests/assets/eks-pod-identity/config.yaml +++ b/tests/assets/eks-pod-identity/config.yaml @@ -6,7 +6,7 @@ {{$defaultBurst := DefaultParam .CL2_DEFAULT_BURST 1000}} {{$uniformQps := DefaultParam .CL2_UNIFORM_QPS 500}} -{{$SCHEDULER_THROUGHPUT_THRESHOLD := DefaultParam .CL2_SCHEDULER_THROUGHPUT_THRESHOLD 300}} +{{$SCHEDULER_THROUGHPUT_THRESHOLD := DefaultParam .CL2_SCHEDULER_THROUGHPUT_THRESHOLD 100}} name: eks-pod-identity tuningSets: diff --git a/tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig b/tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig deleted file mode 100644 index a0be9a2f..00000000 --- a/tests/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml.orig +++ /dev/null @@ -1,325 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: awscli-eks-cl2loadtest-with-addons-slos - namespace: scalability -spec: - finally: - - name: teardown - params: - - name: cluster-name - value: $(params.cluster-name) - - name: endpoint - value: $(params.endpoint) - - name: slack-hook - value: $(params.slack-hook) - - name: slack-message - value: $(params.slack-message) job completed - - name: service-role-stack-name - value: $(params.cluster-name)-service-role - - name: node-role-stack-name - value: $(params.cluster-name)-node-role - - name: launch-template-stack-name - value: $(params.cluster-name)-launch-template - - name: namespace-count - value: $(params.namespace-count) - retries: 10 - taskRef: - kind: Task - name: awscli-eks-cluster-teardown - params: - - name: cluster-name - type: string - - name: endpoint - type: string - - name: desired-nodes - type: string - - name: pods-per-node - type: string - - name: nodes-per-namespace - type: string - - name: cl2-load-test-throughput - type: string - - name: results-bucket - type: string - - default: "" - name: slack-hook - type: string - - name: slack-message - type: string - - name: amp-workspace-id - type: string - - name: vpc-cfn-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/amazon-eks-vpc.json" - type: string - - name: ng-cfn-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_group_launch_template.json" - type: string - - name: kubernetes-version - type: string - - default: https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_service_role.json - name: service-role-cfn-url - type: string - - default: https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks_node_role.json - name: node-role-cfn-url - type: string - - name: namespace-prefix - default: "default" - description: "The prefix of namespaces for EKS Pod Identity test." - - name: namespace-count - default: "1" - description: "The number of namespaces for EKS Pod Identity test." - - name: pia-trust-policy-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/pia-trust-policy.json" - type: string - - name: pia-test-config-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/config.yaml" - - name: pia-test-pod-spec-url - default: "https://raw.githubusercontent.com/awslabs/kubernetes-iteration-toolkit/main/tests/assets/eks-pod-identity/eks-pod-identity/pod-default.yaml" - - name: cl2-eks-pod-identity-pods - default: "5000" - - name: cl2-default-qps - default: "200" - - name: cl2-default-burst - default: "400" - - name: cl2-uniform-qps - default: "200" - - name: timeout-pia-pod-creation - default: "10m" - tasks: - - name: slack-notification - params: - - name: slack-hook - value: $(params.slack-hook) - - name: slack-message - value: $(params.slack-message) job kicked off - taskRef: - kind: Task - name: slack-notification - - name: create-cluster-service-role - params: - - name: stack-name - value: $(params.cluster-name)-service-role - - name: role-cfn-url - value: $(params.service-role-cfn-url) - - name: role-name - value: $(params.cluster-name)-service-role - runAfter: - - slack-notification - taskRef: - kind: Task - name: awscli-role-create - - name: awscli-vpc-create - params: - - name: stack-name - value: $(params.cluster-name) - - name: vpc-cfn-url - value: $(params.vpc-cfn-url) - taskRef: - kind: Task - name: awscli-vpc-create - - name: create-cluster-node-role - params: - - name: stack-name - value: $(params.cluster-name)-node-role - - name: role-cfn-url - value: $(params.node-role-cfn-url) - - name: role-name - value: $(params.cluster-name)-node-role - runAfter: - - slack-notification - taskRef: - kind: Task - name: awscli-role-create - - name: create-eks-cluster - params: - - name: cluster-name - value: $(params.cluster-name) - - name: service-role-name - value: $(params.cluster-name)-service-role - - name: endpoint - value: $(params.endpoint) - - name: vpc-stack-name - value: $(params.cluster-name) - - name: kubernetes-version - value: $(params.kubernetes-version) - retries: 3 - runAfter: - - create-cluster-node-role - - create-cluster-service-role - - awscli-vpc-create - taskRef: - kind: Task - name: awscli-eks-cluster-create-with-vpc-stack - workspaces: - - name: config - workspace: config - - name: create-launch-template - params: - - name: cluster-name - value: $(params.cluster-name) - - name: stack-name - value: $(params.cluster-name)-launch-template - - name: kubernetes-version - value: "$(params.kubernetes-version)" - - name: ng-cfn-url - value: "$(params.ng-cfn-url)" - - name: endpoint - value: $(params.endpoint) - runAfter: - - create-eks-cluster - taskRef: - kind: Task - name: awscli-eks-cfn-launch-template - workspaces: - - name: config - workspace: config - - name: create-mng-monitoring-nodes - params: - - name: cluster-name - value: $(params.cluster-name) - - name: host-cluster-node-role-name - value: $(params.cluster-name)-node-role - - name: endpoint - value: $(params.endpoint) - - name: desired-nodes - value: "1" - - name: max-nodes - value: "1" - - name: host-instance-types - value: "m5.12xlarge m5.16xlarge r5.12xlarge r5.16xlarge c5.12xlarge c5.18xlarge" - - name: host-taints - value: key=monitoring,value=true,effect=NO_SCHEDULE - - name: nodegroup-prefix - value: monitoring- - runAfter: - - create-launch-template - taskRef: - kind: Task - name: awscli-eks-nodegroup-create - workspaces: - - name: config - workspace: config - - name: create-mng-nodes - params: - - name: cluster-name - value: $(params.cluster-name) - - name: desired-nodes - value: $(params.desired-nodes) - - name: host-cluster-node-role-name - value: $(params.cluster-name)-node-role - - name: endpoint - value: $(params.endpoint) - runAfter: - - create-mng-monitoring-nodes - taskRef: - kind: Task - name: awscli-eks-nodegroup-create - workspaces: - - name: config - workspace: config - - name: create-pod-identity-association - params: - - name: cluster-name - value: $(params.cluster-name) - - name: endpoint - value: $(params.endpoint) - - name: namespace-prefix - value: $(params.namespace-prefix) - - name: namespace-count - value: $(params.namespace-count) - - name: pia-trust-policy-url - value: $(params.pia-trust-policy-url) - runAfter: - - create-mng-nodes - taskRef: - kind: Task - name: awscli-eks-pia-create - workspaces: - - name: config - workspace: config - - name: generate-eks-pod-identity - params: - - name: cl2-eks-pod-identity-pods - value: $(params.cl2-eks-pod-identity-pods) - - name: cl2-default-qps - value: $(params.cl2-default-qps) - - name: cl2-default-burst - value: $(params.cl2-default-burst) - - name: cl2-uniform-qps - value: $(params.cl2-uniform-qps) - - name: results-bucket - value: $(params.results-bucket) - - name: nodes - value: $(params.desired-nodes) - - name: cluster-name - value: $(params.cluster-name) - - name: namespace-prefix - value: $(params.namespace-prefix) - - name: namespace-count - value: $(params.namespace-count) - - name: pia-test-config-url - value: $(params.pia-test-config-url) - - name: pia-test-pod-spec-url - value: $(params.pia-test-pod-spec-url) - - name: timeout-pia-pod-creation - value: $(params.timeout-pia-pod-creation) - - name: amp-workspace-id - value: '$(params.amp-workspace-id)' - runAfter: - - create-pod-identity-association - taskRef: - kind: Task - name: load-pod-identity - workspaces: - - name: source - workspace: source - - name: results - workspace: results - - name: config - workspace: config - - name: generate - params: - - name: cluster-name - value: $(params.cluster-name) - - name: pods-per-node - value: $(params.pods-per-node) - - name: nodes-per-namespace - value: $(params.nodes-per-namespace) - - name: cl2-load-test-throughput - value: $(params.cl2-load-test-throughput) - - name: results-bucket - value: $(params.results-bucket) - - name: nodes - value: $(params.desired-nodes) - - name: amp-workspace-id - value: $(params.amp-workspace-id) - runAfter: - - generate-eks-pod-identity - taskRef: - kind: Task - name: load-slos - workspaces: - - name: source - workspace: source - - name: results - workspace: results - - name: config - workspace: config - - name: cw-metrics - params: - - name: dimensions - value: $(params.desired-nodes) - - name: value - value: $(tasks.generate.results.datapoint) - - name: namespace - value: $(params.kubernetes-version) - runAfter: - - generate-eks-pod-identity - taskRef: - kind: Task - name: cloudwatch - workspaces: - - name: source - - name: results - - name: config diff --git a/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml b/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml index 045fde89..a0be9a2f 100644 --- a/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml +++ b/tests/tekton-resources/pipelines/eks/awscli-cl2-load-with-addons-slos.yaml @@ -218,34 +218,6 @@ spec: workspaces: - name: config workspace: config - - name: generate - params: - - name: cluster-name - value: $(params.cluster-name) - - name: pods-per-node - value: $(params.pods-per-node) - - name: nodes-per-namespace - value: $(params.nodes-per-namespace) - - name: cl2-load-test-throughput - value: $(params.cl2-load-test-throughput) - - name: results-bucket - value: $(params.results-bucket) - - name: nodes - value: $(params.desired-nodes) - - name: amp-workspace-id - value: $(params.amp-workspace-id) - runAfter: - - create-mng-nodes - taskRef: - kind: Task - name: load-slos - workspaces: - - name: source - workspace: source - - name: results - workspace: results - - name: config - workspace: config - name: create-pod-identity-association params: - name: cluster-name @@ -259,7 +231,7 @@ spec: - name: pia-trust-policy-url value: $(params.pia-trust-policy-url) runAfter: - - generate + - create-mng-nodes taskRef: kind: Task name: awscli-eks-pia-create @@ -306,6 +278,34 @@ spec: workspace: results - name: config workspace: config + - name: generate + params: + - name: cluster-name + value: $(params.cluster-name) + - name: pods-per-node + value: $(params.pods-per-node) + - name: nodes-per-namespace + value: $(params.nodes-per-namespace) + - name: cl2-load-test-throughput + value: $(params.cl2-load-test-throughput) + - name: results-bucket + value: $(params.results-bucket) + - name: nodes + value: $(params.desired-nodes) + - name: amp-workspace-id + value: $(params.amp-workspace-id) + runAfter: + - generate-eks-pod-identity + taskRef: + kind: Task + name: load-slos + workspaces: + - name: source + workspace: source + - name: results + workspace: results + - name: config + workspace: config - name: cw-metrics params: - name: dimensions