github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Lightweight Kubernetes
64,540 Commits
32 Branches
881 Tags
633 MiB
Go 92.3%
Shell 6.7%
HCL 0.5%
Ruby 0.4%
 
 
 
 
Go to file
Kubernetes Submit Queue f0b207df2d
Merge pull request #62856 from liggitt/node-authorizer-contention-benchmark 
Automatic merge from submit-queue (batch tested with PRs 62409, 62856). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add node authorizer contention benchmark

* Makes the node authorization benchmark run in parallel
* Runs the tests a second time with a background goroutine pushing graph modifications at a rate of 100x per second (to test authorization performance with contention on the graph lock).

Graph modifications come from the informers watching objects relevant to node authorization, and only fire when a relevant change is made (for example, most node updates do not trigger a graph modification, only ones which change the node's config source configmap reference; most pod updates do not trigger a graph modification, only ones that set the pod's nodeName or uid)

The results do not indicate bottlenecks in the authorizer, even under higher-than-expected write contention.

```
$ go test ./plugin/pkg/auth/authorizer/node/ -run foo -bench 'Authorization' -benchmem -v
goos: darwin
goarch: amd64
pkg: k8s.io/kubernetes/plugin/pkg/auth/authorizer/node
BenchmarkAuthorization/allowed_node_configmap-8                                 596 ns/op   529 B/op   11 allocs/op    3000000
BenchmarkAuthorization/allowed_configmap-8                                      609 ns/op   529 B/op   11 allocs/op    3000000
BenchmarkAuthorization/allowed_secret_via_pod-8                                 586 ns/op   529 B/op   11 allocs/op    3000000
BenchmarkAuthorization/allowed_shared_secret_via_pod-8                        18202 ns/op   542 B/op   11 allocs/op     100000
BenchmarkAuthorization/disallowed_node_configmap-8                              900 ns/op   691 B/op   17 allocs/op    2000000
BenchmarkAuthorization/disallowed_configmap-8                                   868 ns/op   693 B/op   17 allocs/op    2000000
BenchmarkAuthorization/disallowed_secret_via_pod-8                              875 ns/op   693 B/op   17 allocs/op    2000000
BenchmarkAuthorization/disallowed_shared_secret_via_pvc-8                      1215 ns/op   948 B/op   22 allocs/op    1000000
BenchmarkAuthorization/disallowed_pvc-8                                         912 ns/op   693 B/op   17 allocs/op    2000000
BenchmarkAuthorization/disallowed_pv-8                                         1137 ns/op   834 B/op   19 allocs/op    2000000
BenchmarkAuthorization/disallowed_attachment_-_no_relationship-8                892 ns/op   677 B/op   16 allocs/op    2000000
BenchmarkAuthorization/disallowed_attachment_-_feature_disabled-8               236 ns/op   208 B/op    2 allocs/op   10000000
BenchmarkAuthorization/allowed_attachment_-_feature_enabled-8                   723 ns/op   593 B/op   12 allocs/op    2000000

BenchmarkAuthorization/contentious_allowed_node_configmap-8                     726 ns/op   529 B/op   11 allocs/op    2000000
BenchmarkAuthorization/contentious_allowed_configmap-8                          698 ns/op   529 B/op   11 allocs/op    2000000
BenchmarkAuthorization/contentious_allowed_secret_via_pod-8                     778 ns/op   529 B/op   11 allocs/op    2000000
BenchmarkAuthorization/contentious_allowed_shared_secret_via_pod-8            21406 ns/op   638 B/op   13 allocs/op     100000
BenchmarkAuthorization/contentious_disallowed_node_configmap-8                 1135 ns/op   692 B/op   17 allocs/op    1000000
BenchmarkAuthorization/contentious_disallowed_configmap-8                      1239 ns/op   691 B/op   17 allocs/op    1000000
BenchmarkAuthorization/contentious_disallowed_secret_via_pod-8                 1043 ns/op   692 B/op   17 allocs/op    1000000
BenchmarkAuthorization/contentious_disallowed_shared_secret_via_pvc-8          1404 ns/op   950 B/op   22 allocs/op    1000000
BenchmarkAuthorization/contentious_disallowed_pvc-8                            1177 ns/op   693 B/op   17 allocs/op    1000000
BenchmarkAuthorization/contentious_disallowed_pv-8                             1295 ns/op   834 B/op   19 allocs/op    1000000
BenchmarkAuthorization/contentious_disallowed_attachment_-_no_relationship-8   1170 ns/op   676 B/op   16 allocs/op    1000000
BenchmarkAuthorization/contentious_disallowed_attachment_-_feature_disabled-8   262 ns/op   208 B/op    2 allocs/op   10000000
BenchmarkAuthorization/contentious_allowed_attachment_-_feature_enabled-8       790 ns/op   593 B/op   12 allocs/op    2000000

--- BENCH: BenchmarkAuthorization
   node_authorizer_test.go:592: graph modifications during non-contention test: 0
   node_authorizer_test.go:589: graph modifications during contention test: 6301
   node_authorizer_test.go:590: <1ms=5507, <10ms=128, <25ms=43, <50ms=65, <100ms=135, <250ms=328, <500ms=93, <1000ms=2, >1000ms=0
PASS
ok     k8s.io/kubernetes/plugin/pkg/auth/authorizer/node   112.616s
```

```release-note
NONE
```
 		2018-04-23 01:35:14 -07:00
.github Link to vulnerabilitiy disclosure process from the issue template 2018-04-17 10:39:24 -07:00
Godeps Update github.com/stretchr/testify to v1.2.1 2018-04-19 10:00:31 -04:00
api Merge pull request #62523 from wackxu/ldoc 2018-04-19 14:50:21 -07:00
build Merge pull request #50899 from WanLinghao/rollout_pause 2018-04-20 15:05:37 -07:00
cluster Merge pull request #62409 from rajansandeep/corednsscaler 2018-04-23 01:35:07 -07:00
cmd Merge pull request #61324 from pospispa/60764-K8s-1.10-StorageObjectInUseProtection-downgrade-issue 2018-04-20 17:23:17 -07:00
docs Merge pull request #62523 from wackxu/ldoc 2018-04-19 14:50:21 -07:00
examples Merge pull request #58349 from humblec/patch-2 2018-03-20 18:34:35 -07:00
hack Merge pull request #62858 from deads2k/cli-32-more-record-02 2018-04-19 15:54:25 -07:00
logo
pkg Merge pull request #62886 from msau42/fix-localssd-fsgroup 2018-04-20 20:06:13 -07:00
plugin Merge pull request #62856 from liggitt/node-authorizer-contention-benchmark 2018-04-23 01:35:14 -07:00
staging Merge pull request #62649 from liggitt/loopback-routing 2018-04-20 15:34:12 -07:00
test Merge pull request #62765 from wgliang/master.pob-name-conflict 2018-04-20 17:23:23 -07:00
third_party kazel: skip third_party/etcd.* 2018-04-11 16:46:36 -07:00
translations Merge pull request #61817 from xuhuilong/master 2018-04-11 10:41:24 -07:00
vendor Update github.com/stretchr/testify to v1.2.1 2018-04-19 10:00:31 -04:00
.bazelrc
.generated_files
.gitattributes Hide generated files only on github 2018-01-22 10:58:48 +01:00
.gitignore fix all the typos across the project 2018-02-11 11:04:14 +08:00
.kazelcfg.json
BUILD.bazel
CHANGELOG-1.2.md
CHANGELOG-1.3.md fix the format for github error 2018-01-31 14:49:29 +08:00
CHANGELOG-1.4.md fix the format for github error 2018-02-02 18:44:27 +08:00
CHANGELOG-1.5.md fix typo in kubeadm 2018-02-06 13:48:18 +08:00
CHANGELOG-1.6.md Fix typo 2018-02-01 19:11:19 +08:00
CHANGELOG-1.7.md Update CHANGELOG-1.7.md for v1.7.16. 2018-04-04 13:07:30 +00:00
CHANGELOG-1.8.md Update CHANGELOG-1.8.md for v1.8.11. 2018-04-05 13:15:26 -07:00
CHANGELOG-1.9.md Update CHANGELOG-1.9.md for v1.9.7. 2018-04-19 12:19:02 -04:00
CHANGELOG-1.10.md Merge pull request #61891 from zhangxiaoyu-zidif/patch-9 2018-04-22 08:08:40 -07:00
CHANGELOG-1.11.md Add CHANGELOG-1.11.md for v1.11.0-alpha.1. 2018-04-19 20:10:59 +00:00
CHANGELOG.md Marks 1.10 as the current release 2018-03-26 17:08:54 -07:00
CONTRIBUTING.md
LICENSE
Makefile
Makefile.generated_files
OWNERS root OWNERS: escape backslashes 2018-04-13 10:42:22 -07:00
OWNERS_ALIASES Merge pull request #62281 from juanvallejo/jvallejo/sig-cli-reviewers 2018-04-09 16:00:11 -07:00
README.md Update README.md 2018-02-11 04:34:01 +00:00
SUPPORT.md
WORKSPACE
code-of-conduct.md
labels.yaml

README.md

Kubernetes

Submit Queue Widget GoDoc Widget CII Best Practices

Kubernetes is an open source system for managing containerized applications across multiple hosts; providing basic mechanisms for deployment, maintenance, and scaling of applications.

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.

Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF). If you are a company that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's involved and how Kubernetes plays a role, read the CNCF announcement.

To start using Kubernetes

See our documentation on kubernetes.io.

Try our interactive tutorial.

Take a free course on Scalable Microservices with Kubernetes.

To start developing Kubernetes

The community repository hosts all information about building Kubernetes from source, how to contribute code and documentation, who to contact about what, etc.

If you want to build Kubernetes right away there are two options:

You have a working Go environment.
$ go get -d k8s.io/kubernetes
$ cd $GOPATH/src/k8s.io/kubernetes
$ make
You have a working Docker environment.
$ git clone https://github.com/kubernetes/kubernetes
$ cd kubernetes
$ make quick-release

For the full story, head over to the developer's documentation.

Support

If you need support, start with the troubleshooting guide, and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another.

Analytics