Extended Load: NetworkPolicies

This is most likely no-op until we turn on some Network Policy Provider that will start enfocring these network policies. It should be pretty straightforward to turn on Calico both in GKE and in GCE. This should be done separately to isolate any potential performance impact of tuning it just on. Ref. kubernetes#704
mm4tt · Jul 31, 2019 · 67f7a40 · 67f7a40
1 parent f2b8e3d
commit 67f7a40
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 0 deletions.
diff --git a/clusterloader2/testing/load/experimental/extended_config.yaml b/clusterloader2/testing/load/experimental/extended_config.yaml
@@ -18,6 +18,7 @@
 {{$ENABLE_PROBES := DefaultParam .ENABLE_PROBES false}}
 {{$ENABLE_CONFIGMAPS := DefaultParam .ENABLE_CONFIGMAPS false}}
 {{$ENABLE_SECRETS := DefaultParam .ENABLE_SECRETS false}}
+{{$ENABLE_NETWORKPOLICIES := DefaultParam .ENABLE_NETWORKPOLICIES false}}
 #Variables
 {{$namespaces := DivideInt .Nodes $NODES_PER_NAMESPACE}}
 {{$totalPods := MultiplyInt $namespaces $NODES_PER_NAMESPACE $PODS_PER_NODE}}
@@ -143,6 +144,10 @@ steps:
     - basename: big-deployment
       objectTemplatePath: secret.yaml
     {{end}}
+    {{if $ENABLE_NETWORKPOLICIES}}
+    - basename: big-deployment
+      objectTemplatePath: networkpolicy.yaml
+    {{end}}
     - basename: big-deployment
       objectTemplatePath: deployment.yaml
       templateFillMap:
@@ -163,6 +168,10 @@ steps:
     - basename: medium-deployment
       objectTemplatePath: secret.yaml
     {{end}}
+    {{if $ENABLE_NETWORKPOLICIES}}
+    - basename: medium-deployment
+      objectTemplatePath: networkpolicy.yaml
+    {{end}}
     - basename: medium-deployment
       objectTemplatePath: deployment.yaml
       templateFillMap:
@@ -183,6 +192,10 @@ steps:
     - basename: small-deployment
       objectTemplatePath: secret.yaml
     {{end}}
+    {{if $ENABLE_NETWORKPOLICIES}}
+    - basename: small-deployment
+      objectTemplatePath: networkpolicy.yaml
+    {{end}}
     - basename: small-deployment
       objectTemplatePath: deployment.yaml
       templateFillMap:
@@ -261,6 +274,10 @@ steps:
     - basename: big-deployment
       objectTemplatePath: secret.yaml
     {{end}}
+    {{if $ENABLE_NETWORKPOLICIES}}
+    - basename: big-deployment
+      objectTemplatePath: networkpolicy.yaml
+    {{end}}
   - namespaceRange:
       min: 1
       max: {{$namespaces}}
@@ -277,6 +294,10 @@ steps:
     - basename: medium-deployment
       objectTemplatePath: secret.yaml
     {{end}}
+    {{if $ENABLE_NETWORKPOLICIES}}
+    - basename: medium-deployment
+      objectTemplatePath: networkpolicy.yaml
+    {{end}}
   - namespaceRange:
       min: 1
       max: {{$namespaces}}
@@ -293,6 +314,10 @@ steps:
     - basename: small-deployment
       objectTemplatePath: secret.yaml
     {{end}}
+    {{if $ENABLE_NETWORKPOLICIES}}
+    - basename: small-deployment
+      objectTemplatePath: networkpolicy.yaml
+    {{end}}
 
 - name: Waiting for Deployments to be deleted
   measurements:

diff --git a/clusterloader2/testing/load/experimental/networkpolicy.yaml b/clusterloader2/testing/load/experimental/networkpolicy.yaml
@@ -0,0 +1,19 @@
+{{if eq (Mod .Index 10) 0}} # Create for only 10% of deployments
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{.Name}}
+spec:
+  podSelector:
+    matchLabels:
+      name: {{.BaseName}}-{{.Index}}
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 10.0.0.0/24
+      ports:
+        - protocol: TCP
+          port: 8080
+{{end}}
diff --git a/clusterloader2/testing/load/experimental/overrides/enable_networkpolicies.yaml b/clusterloader2/testing/load/experimental/overrides/enable_networkpolicies.yaml
@@ -0,0 +1 @@
+ENABLE_NETWORKPOLICIES: true