Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

network policy workload #117

Merged
merged 1 commit into from
Nov 26, 2024
Merged

network policy workload #117

merged 1 commit into from
Nov 26, 2024

Conversation

venkataanil
Copy link
Contributor

Network policy testing touches 3 key areas

  1. Template to include all network policy configuration options
  2. Latency measurement through connection testing
  3. Flow tracking through Convergence tracker

This PR is adding templates which proposed unified approach to add namespace and pod selectors, CIDRs, single ports and port ranges. CIDRs and egress will be added in next patch.

Legacy network policy templates will be retired and removed once this new approach gets stabilized.

This PR depends on following kube-burner and images PRs for connection testing
cloud-bulldozer/images#13
cloud-bulldozer/images#12
kube-burner/kube-burner#679

A follow up PR will be submitted for adding Converagnce tracker
tool support.

More details are added in README.md

@venkataanil venkataanil requested review from a team as code owners October 3, 2024 09:07
@venkataanil
Copy link
Contributor Author

lint errors are related kube-burner dependeny. So ignore them for now.

}

// create proxy pod with route
func deployAssets(uuid string, clientSet kubernetes.Interface, restConfig *rest.Config) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move all these assets to the config as well? If we intent to run them at start only once we can do that by either of the options below

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Vishnu. Initially I was doing the same
https://github.com/venkataanil/files/blob/master/kube-burrner-netpol/network-policy.yml#L11
However, the route will be used inside core kube-burner measurement code, so earlier I was manually adding it in the core kube-burner measurement code
https://github.com/venkataanil/files/blob/master/kube-burrner-netpol/netpol_latency.go#L65

Now kube-burner-ocp creates it and passes it as environment variable https://github.com/kube-burner/kube-burner-ocp/pull/117/files#diff-43d885d93cbe44660401e7017fb54c6cfe09507946b9374ad7d7b0a0485e5143R172
This env variable is consumed in the template
https://github.com/kube-burner/kube-burner-ocp/pull/117/files#diff-22fffda545f823bb596360df5ac5fffdbd6b233b9b662a67ddd506d48162d677R11
Finally core kube-burner measurement code reads from the config file https://github.com/kube-burner/kube-burner/pull/679/files#diff-a6045e2aa0d1b86a2c266acf164b4102c828a73863f6212d7eff79a34be53e04R496

I was following similar approach of service_latency.go https://github.com/kube-burner/kube-burner/blob/main/pkg/measurements/service_latency.go#L73
However I couldn't directly define deploy_assets() which creates this proxy route in
pkg/measurements/netpol_latency.go (https://github.com/kube-burner/kube-burner/pull/679/files#diff-a6045e2aa0d1b86a2c266acf164b4102c828a73863f6212d7eff79a34be53e04) as "route" resource belongs to ocp and not k8s. So I needed to move it to kube-burner-ocp.

I can move it to template if there is a way measurement code pkg/measurements/netplo_latency.go get this route information.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the detailed explanation. My concern was to just move these assets creation to the top of the workload config file in a desired order but not to kube-burner core repo.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is moved now.

@venkataanil venkataanil force-pushed the netpol branch 3 times, most recently from 3e6c3e4 to 8805386 Compare October 16, 2024 08:58
@venkataanil venkataanil force-pushed the netpol branch 3 times, most recently from ae47648 to ad4cbc2 Compare November 19, 2024 14:30
Copy link
Contributor

@mohit-sheth mohit-sheth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @venkataanil, lgtm

Copy link
Contributor

@vishnuchalla vishnuchalla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm with pre-requisite kube-burner/kube-burner#679

@venkataanil
Copy link
Contributor Author

@vishnuchalla kube-burner/kube-burner#679 got merged. Do we need for a new kube-burner release to get this merged?

Network policy testing touches 2 key areas
1. Template to include all network policy configuration options
2. Latency measurement through connection testing

This PR is adding templates which proposed unified approach to add
namespace and pod selectors, CIDRs, single ports and port ranges.

Legacy network policy templates will be retired and removed once
this new approach gets stabilized.

This PR depends on following kube-burner for connection testing
kube-burner/kube-burner#679

More details are added in README.md

Signed-off-by: venkataanil <[email protected]>
@mohit-sheth mohit-sheth merged commit 1ef0b6c into kube-burner:main Nov 26, 2024
4 checks passed
@rsevilla87
Copy link
Member

@vishnuchalla kube-burner/kube-burner#679 got merged. Do we need for a new kube-burner release to get this merged?

yes, https://github.com/kube-burner/kube-burner/releases/tag/v1.11.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants