Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secretless stability tests have been run with v1.7.1 #1353

Closed
izgeri opened this issue Oct 14, 2020 · 3 comments
Closed

Secretless stability tests have been run with v1.7.1 #1353

izgeri opened this issue Oct 14, 2020 · 3 comments
Assignees
@sgnn7
Labels
component/secretless-broker kind/performance triage/wont-fix

Comments

@izgeri
Copy link
Contributor

izgeri commented Oct 14, 2020
edited
Loading

Secretless 4-day long-time stability tests have been run to verify that the new authn-k8s client included in #1352 works as expected under load over a long time.

The master branch of the project should be used for this test (please note the specific commit hash here).

#1344 should be merged before kicking off this test.

Recreating connections should be turned on so that the Conjur access token is regularly used during the test to retrieve Conjur secrets; this will verify that the access token remains valid over the test period.

Desired outcome: the test run completes after 4 days with no errors.

Details on the XA env are available here.

AC:

  • The Secretless 4 day Juxtaposer test run (using recreated connections) is kicked off using the master branch local build of Secretless post Consume version 0.19.0 of conjur-authn-k8s-client #1352 merge
  • The 4 day test run completes, and the outcome of the test run is posted on this issue
@sgnn7
Copy link
Contributor

sgnn7 commented Oct 29, 2020

Conjur provider authn-k8s logs seem not adequately useful anymore in assessing the state of Secretless. The log snippet below are from a working authn-k8s state but the log messages do not make it apparent as there are no success messages displayed:

2020/10/29 15:40:22 Info: Conjur provider using Kubernetes authenticator-based authentication
2020/10/29 15:40:22 Info: Conjur provider is authenticating as host/conjur/authn-k8s/openshift/sxa/apps/sxa-app/service_account/secretless-xa ...
ERROR: 2020/10/29 15:40:32.827713 file.go:42: CAKC033 Timed out after waiting for 10 seconds for file to exist: /etc/conjur/ssl/client.pem
ERROR: 2020/10/29 15:40:32.827772 authenticator.go:210: CAKC015 Login failed
2020/10/29 15:40:32 Info: Conjur provider received an error on authenticate: CAKC015 Login failed
2020/10/29 15:40:35 Info: Conjur provider is authenticating as host/conjur/authn-k8s/openshift/sxa/apps/sxa-app/service_account/secretless-xa ...
ERROR: 2020/10/29 15:40:45.219280 file.go:42: CAKC033 Timed out after waiting for 10 seconds for file to exist: /etc/conjur/ssl/client.pem
ERROR: 2020/10/29 15:40:45.219306 authenticator.go:210: CAKC015 Login failed
2020/10/29 15:40:45 Info: Conjur provider received an error on authenticate: CAKC015 Login failed
2020/10/29 15:40:50 Info: Conjur provider is authenticating as host/conjur/authn-k8s/openshift/sxa/apps/sxa-app/service_account/secretless-xa ...

@izgeri izgeri changed the title Secretless stability tests have been run Secretless stability tests have been run with v1.7.1 Oct 29, 2020
@izgeri
Copy link
Contributor Author

izgeri commented Nov 30, 2020

  • 1hr, 10 threads, recreate=True
  • 6hr, 2, threads, recreate=True
  • 96hr, 10 thread, recreate=False

@izgeri
Copy link
Contributor Author

izgeri commented May 10, 2021

Note: we didn't perform these tests, as we're in the middle of redesigning our benchmarks.

@izgeri izgeri closed this as completed May 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgnn7 sgnn7

Labels
component/secretless-broker kind/performance triage/wont-fix
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sgnn7 @izgeri