Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 152 additions & 0 deletions perfkitbenchmarker/data/cluster/swap_encryption_daemonset.yaml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ ds_name }}
namespace: {{ ds_namespace }}
labels:
app: {{ ds_label }}
spec:
selector:
matchLabels:
app: {{ ds_label }}
template:
metadata:
labels:
app: {{ ds_label }}
spec:
hostPID: true
hostNetwork: true
# Pin to the benchmark nodepool — never schedule on the dummy default pool.
nodeSelector:
pkb_nodepool: {{ benchmark_nodepool }}
tolerations:
- operator: Exists
containers:
- name: benchmark
image: {{ image }}
command:
- bash
- -c
- |
echo "[pkb] Installing benchmark measurement tools..."
# Phase 1+2 tools: fio (raw-device I/O), stress-ng (CPU overhead),
# cryptsetup/mdadm (dm-crypt inspection), sysstat (vmstat/pidstat),
# nvme-cli (NVMe telemetry), cgroup-tools (cgroup v1 guard).
# Phase 3b tools: gcc/make/etc. (kernel build inside memory cap).
# Redis/memtier/esrally/opensearch are NOT installed here —
# those workloads run in separate PKB benchmark pods (Phase 3a, 3c)
# per Ajay review comment r3457826290.
PKB_APT_OK=0
for _attempt in 1 2 3; do
apt-get update -qq 2>&1 || true
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq \
fio \
stress-ng \
cryptsetup \
mdadm \
sysstat \
nvme-cli \
cgroup-tools \
util-linux \
gcc \
make \
bc \
flex \
bison \
libelf-dev \
libssl-dev \
2>&1 && PKB_APT_OK=1 && break
echo "[pkb] apt-get attempt $_attempt failed, retrying in 15s..." >&2
sleep 15
done
if [ "$PKB_APT_OK" != "1" ] || \
! command -v fio >/dev/null 2>&1 || \
! command -v stress-ng >/dev/null 2>&1; then
echo "[pkb] FATAL: critical tools (fio, stress-ng) not installed" >&2
exit 1
fi
echo "[pkb] fio: $(fio --version 2>&1 | head -1)"
echo "[pkb] stress-ng: $(stress-ng --version 2>&1 | head -1)"
echo "[pkb] Verifying swap device is active..."
PKB_SWAP_FOUND=0
for _attempt in $(seq 1 30); do
if awk 'NR>1{found=1} END{exit !found}' /proc/swaps 2>/dev/null; then
PKB_SWAP_DEV=$(awk 'NR==2{print $1}' /proc/swaps)
echo "[pkb] Swap device active: $PKB_SWAP_DEV"
PKB_SWAP_FOUND=1
break
fi
echo "[pkb] Waiting for swap device (attempt $_attempt/30)..." >&2
sleep 5
done
if [ "$PKB_SWAP_FOUND" != "1" ]; then
echo "[pkb] WARNING: no active swap device after 150s — " \
"check linuxConfig.swapConfig / kubelet swap config." >&2
fi
echo "[pkb] Pre-fetching kernel source for Phase 3b build workload..."
PKB_KVER="{{ kernel_version }}"
PKB_KROOT="/mnt/stateful_partition/pkb_kernel"
PKB_KTARBALL="$PKB_KROOT/linux-$PKB_KVER.tar.xz"
PKB_KSRC="$PKB_KROOT/linux-$PKB_KVER"
PKB_KURL="https://cdn.kernel.org/pub/linux/kernel/v${PKB_KVER%%.*}.x/linux-$PKB_KVER.tar.xz"
mkdir -p "$PKB_KROOT"
if [ ! -f "$PKB_KTARBALL" ]; then
wget -q --timeout=300 -O "$PKB_KTARBALL" "$PKB_KURL" 2>&1 || \
echo "[pkb] WARNING: kernel tarball download failed" >&2
fi
if [ -f "$PKB_KTARBALL" ] && [ ! -d "$PKB_KSRC" ]; then
echo "[pkb] Extracting kernel source (xz, may take ~60 s)..."
tar -xf "$PKB_KTARBALL" -C "$PKB_KROOT" 2>&1 || \
echo "[pkb] WARNING: kernel source extraction failed" >&2
fi
echo "[pkb] Benchmark tools ready. Writing ready sentinel."
touch /tmp/pkb_ready
sleep infinity
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN", "IPC_LOCK"]
resources:
requests:
memory: "512Mi"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: dev
mountPath: /dev
- name: sys
mountPath: /sys
- name: run
mountPath: /run
- name: proc-host
mountPath: /proc-host
readOnly: true
- name: stateful-partition
mountPath: /mnt/stateful_partition
- name: lib-modules
mountPath: /lib/modules
readOnly: true
volumes:
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: run
hostPath:
path: /run
- name: proc-host
hostPath:
path: /proc
- name: stateful-partition
hostPath:
path: /mnt/stateful_partition
type: DirectoryOrCreate
- name: lib-modules
hostPath:
path: /lib/modules
type: Directory
Loading