-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Network policy testing touches 2 key areas 1. Template to include all network policy configuration options 2. Latency measurement through connection testing This PR is adding templates which proposed unified approach to add namespace and pod selectors, CIDRs, single ports and port ranges. Legacy network policy templates will be retired and removed once this new approach gets stabilized. This PR depends on following kube-burner for connection testing kube-burner/kube-burner#679 More details are added in README.md Signed-off-by: venkataanil <[email protected]>
- Loading branch information
1 parent
f9b61da
commit ae47648
Showing
10 changed files
with
512 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
kind: NetworkPolicy | ||
apiVersion: networking.k8s.io/v1 | ||
metadata: | ||
name: egress-{{.Iteration}}-{{.Replica}} | ||
spec: | ||
{{- $lpList := list }} | ||
{{- range $lp, $e := until $.local_pods }} | ||
{{- $nextPod := add 1 $lp }} | ||
{{- $lps := (toString $nextPod)}} | ||
{{- $lpList = append $lpList $lps }} | ||
{{- end }} | ||
{{- $lpNames := toJson $lpList }} | ||
podSelector: | ||
matchExpressions: | ||
- key: num | ||
operator: In | ||
values: {{$lpNames}} | ||
egress: | ||
{{- $peerPodIdx := mul $.Replica .pod_selectors .peer_namespaces}} | ||
{{- $peerPodIdx = div (sub $peerPodIdx 1) $.namespaces}} | ||
{{- $peerPodIdx = mul $peerPodIdx .peer_pods}} | ||
{{- $peerPodList := list }} | ||
{{- range $lp, $e := until $.peer_pods }} | ||
{{- $nextPod := add 1 $lp $peerPodIdx }} | ||
{{- if gt $nextPod $.pods_per_namespace }} | ||
{{- $nextPod = add (mod $nextPod $.pods_per_namespace) 1 }} | ||
{{- end }} | ||
{{- $lps := (toString $nextPod)}} | ||
{{- $peerPodList = append $peerPodList $lps }} | ||
{{- end }} | ||
{{- $peerPodNames := toJson $peerPodList }} | ||
{{- $peerNsIdx := add (mul $.Iteration .pod_selectors .netpols_per_namespace .peer_namespaces) (mul (sub $.Replica 1) .pod_selectors .peer_namespaces) 1}} | ||
{{- range $ps, $e := until $.pod_selectors }} | ||
{{- $nsStart := add $peerNsIdx (mul $ps $.peer_namespaces) }} | ||
{{- $nsList := list }} | ||
{{- range $i, $v := until $.peer_namespaces }} | ||
{{- $nextNs := add $nsStart $i }} | ||
{{- if ge $nextNs $.namespaces }} | ||
{{- $nextNs = mod $nextNs $.namespaces }} | ||
{{- end }} | ||
{{- $next_namespace := print "network-policy-perf-" $nextNs }} | ||
{{- $nsList = append $nsList $next_namespace }} | ||
{{- end }} | ||
{{- $nsNames := toJson $nsList }} | ||
- to: | ||
- namespaceSelector: | ||
matchExpressions: | ||
- key: kubernetes.io/metadata.name | ||
operator: In | ||
values: {{$nsNames}} | ||
podSelector: | ||
matchExpressions: | ||
- key: num | ||
operator: In | ||
values: {{$peerPodNames}} | ||
ports: | ||
{{- $single_port := 8079 }} | ||
{{- range $i, $e := until $.single_ports }} | ||
{{- $single_port = add $single_port 1 }} | ||
- protocol: TCP | ||
port: {{$single_port}} | ||
{{- end }} | ||
{{- $rangeStart := 5000 }} | ||
{{- range $i, $e := until $.port_ranges }} | ||
{{- $rangeEnd := add $rangeStart 5 }} | ||
- protocol: TCP | ||
port: {{$rangeStart}} | ||
endPort: {{$rangeEnd}} | ||
{{ $rangeStart = add $rangeStart 10}} | ||
{{- end }} | ||
{{- end }} | ||
{{- $subnetStartIdx := add (mul $.Replica $.cidr_rules) 1 }} | ||
{{- range $i, $e := until .cidr_rules }} | ||
{{- $subnetIdx := add $subnetStartIdx $i }} | ||
- to: | ||
- ipBlock: | ||
cidr: {{GetSubnet24 (int $subnetIdx) }} | ||
ports: | ||
{{- $single_port := 1000 }} | ||
{{- range $i, $e := until $.single_ports }} | ||
{{- $single_port = add $single_port 1 }} | ||
- protocol: TCP | ||
port: {{$single_port}} | ||
{{- end }} | ||
{{- $rangeStart := 5000 }} | ||
{{- range $i, $e := until $.port_ranges }} | ||
{{- $rangeEnd := add $rangeStart 5 }} | ||
- protocol: TCP | ||
port: {{$rangeStart}} | ||
endPort: {{$rangeEnd}} | ||
{{ $rangeStart = add $rangeStart 10}} | ||
{{- end }} | ||
{{- end }} | ||
policyTypes: | ||
- Egress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
kind: NetworkPolicy | ||
apiVersion: networking.k8s.io/v1 | ||
metadata: | ||
name: ingress-{{.Iteration}}-{{.Replica}} | ||
spec: | ||
{{- $lpList := list }} | ||
{{- range $lp, $e := until $.local_pods }} | ||
{{- $nextPod := add 1 $lp }} | ||
{{- $lps := (toString $nextPod)}} | ||
{{- $lpList = append $lpList $lps }} | ||
{{- end }} | ||
{{- $lpNames := toJson $lpList }} | ||
podSelector: | ||
matchExpressions: | ||
- key: num | ||
operator: In | ||
values: {{$lpNames}} | ||
ingress: | ||
{{- $peerPodIdx := mul $.Replica .pod_selectors .peer_namespaces}} | ||
{{- $peerPodIdx = div (sub $peerPodIdx 1) $.namespaces}} | ||
{{- $peerPodIdx = mul $peerPodIdx .peer_pods}} | ||
{{- $peerPodList := list }} | ||
{{- range $lp, $e := until $.peer_pods }} | ||
{{- $nextPod := add 1 $lp $peerPodIdx }} | ||
{{- if gt $nextPod $.pods_per_namespace }} | ||
{{- $nextPod = add (mod $nextPod $.pods_per_namespace) 1 }} | ||
{{- end }} | ||
{{- $lps := (toString $nextPod)}} | ||
{{- $peerPodList = append $peerPodList $lps }} | ||
{{- end }} | ||
{{- $peerPodNames := toJson $peerPodList }} | ||
{{- $peerNsIdx := add (mul $.Iteration .pod_selectors .netpols_per_namespace .peer_namespaces) (mul (sub $.Replica 1) .pod_selectors .peer_namespaces) 1}} | ||
{{- range $ps, $e := until $.pod_selectors }} | ||
{{- $nsStart := add $peerNsIdx (mul $ps $.peer_namespaces) }} | ||
{{- $nsList := list }} | ||
{{- range $i, $v := until $.peer_namespaces }} | ||
{{- $nextNs := add $nsStart $i }} | ||
{{- if ge $nextNs $.namespaces }} | ||
{{- $nextNs = mod $nextNs $.namespaces }} | ||
{{- end }} | ||
{{- $next_namespace := print "network-policy-perf-" $nextNs }} | ||
{{- $nsList = append $nsList $next_namespace }} | ||
{{- end }} | ||
{{- $nsNames := toJson $nsList }} | ||
- from: | ||
- namespaceSelector: | ||
matchExpressions: | ||
- key: kubernetes.io/metadata.name | ||
operator: In | ||
values: {{$nsNames}} | ||
podSelector: | ||
matchExpressions: | ||
- key: num | ||
operator: In | ||
values: {{$peerPodNames}} | ||
ports: | ||
{{- $single_port := 8079 }} | ||
{{- range $i, $e := until $.single_ports }} | ||
{{- $single_port = add $single_port 1 }} | ||
- protocol: TCP | ||
port: {{$single_port}} | ||
{{- end }} | ||
{{- $rangeStart := 5000 }} | ||
{{- range $i, $e := until $.port_ranges }} | ||
{{- $rangeEnd := add $rangeStart 5 }} | ||
- protocol: TCP | ||
port: {{$rangeStart}} | ||
endPort: {{$rangeEnd}} | ||
{{ $rangeStart = add $rangeStart 10}} | ||
{{- end }} | ||
{{- end }} | ||
{{- $subnetStartIdx := add (mul $.Replica $.cidr_rules) 1 }} | ||
{{- range $i, $e := until .cidr_rules }} | ||
{{- $subnetIdx := add $subnetStartIdx $i }} | ||
- from: | ||
- ipBlock: | ||
cidr: {{GetSubnet24 (int $subnetIdx) }} | ||
ports: | ||
{{- $single_port := 1000 }} | ||
{{- range $i, $e := until $.single_ports }} | ||
{{- $single_port = add $single_port 1 }} | ||
- protocol: TCP | ||
port: {{$single_port}} | ||
{{- end }} | ||
{{- $rangeStart := 5000 }} | ||
{{- range $i, $e := until $.port_ranges }} | ||
{{- $rangeEnd := add $rangeStart 5 }} | ||
- protocol: TCP | ||
port: {{$rangeStart}} | ||
endPort: {{$rangeEnd}} | ||
{{ $rangeStart = add $rangeStart 10}} | ||
{{- end }} | ||
{{- end }} | ||
policyTypes: | ||
- Ingress |
Oops, something went wrong.