From caf477deb87d58f6affb902c5a66b7d7194681a8 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Tue, 25 Jun 2024 15:11:53 +0200 Subject: [PATCH 1/2] feat: kustomization per driver Signed-off-by: Ross Fairbanks --- kustomize/falco-driver/ebpf/daemonset.yaml | 2 +- .../ebpf/falco-event-generator.yaml | 36 ------------------ .../falco-driver/ebpf/kustomization.yaml | 6 +++ kustomize/falco-driver/ebpf/redis.yaml | 37 ------------------- kustomize/falco-driver/ebpf/stress-ng.yaml | 32 ---------------- kustomize/falco-driver/kmod/daemonset.yaml | 2 +- .../kmod/falco-event-generator.yaml | 36 ------------------ .../falco-driver/kmod/kustomization.yaml | 6 +++ kustomize/falco-driver/kmod/redis.yaml | 37 ------------------- kustomize/falco-driver/kmod/stress-ng.yaml | 32 ---------------- .../falco-driver/modern_ebpf/daemonset.yaml | 2 +- .../modern_ebpf/falco-event-generator.yaml | 36 ------------------ .../modern_ebpf/kustomization.yaml | 6 +++ kustomize/falco-driver/modern_ebpf/redis.yaml | 37 ------------------- .../falco-driver/modern_ebpf/stress-ng.yaml | 32 ---------------- kustomize/kustomization.yaml | 20 ---------- 16 files changed, 21 insertions(+), 338 deletions(-) delete mode 100644 kustomize/falco-driver/ebpf/falco-event-generator.yaml create mode 100644 kustomize/falco-driver/ebpf/kustomization.yaml delete mode 100644 kustomize/falco-driver/ebpf/redis.yaml delete mode 100644 kustomize/falco-driver/ebpf/stress-ng.yaml delete mode 100644 kustomize/falco-driver/kmod/falco-event-generator.yaml create mode 100644 kustomize/falco-driver/kmod/kustomization.yaml delete mode 100644 kustomize/falco-driver/kmod/redis.yaml delete mode 100644 kustomize/falco-driver/kmod/stress-ng.yaml delete mode 100644 kustomize/falco-driver/modern_ebpf/falco-event-generator.yaml create mode 100644 kustomize/falco-driver/modern_ebpf/kustomization.yaml delete mode 100644 kustomize/falco-driver/modern_ebpf/redis.yaml delete mode 100644 kustomize/falco-driver/modern_ebpf/stress-ng.yaml delete mode 100644 kustomize/kustomization.yaml diff --git a/kustomize/falco-driver/ebpf/daemonset.yaml b/kustomize/falco-driver/ebpf/daemonset.yaml index bd74d34..415f594 100644 --- a/kustomize/falco-driver/ebpf/daemonset.yaml +++ b/kustomize/falco-driver/ebpf/daemonset.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: falco-driver-ebpf spec: nodeSelector: - cncf-project-sub: "falco-driver-ebpf" + node-role.kubernetes.io/benchmark: "true" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists diff --git a/kustomize/falco-driver/ebpf/falco-event-generator.yaml b/kustomize/falco-driver/ebpf/falco-event-generator.yaml deleted file mode 100644 index 59ded28..0000000 --- a/kustomize/falco-driver/ebpf/falco-event-generator.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: falco-event-generator-driver-ebpf - namespace: falco - labels: - app: falco-event-generator -spec: - replicas: 1 - selector: - matchLabels: - app: falco-event-generator - template: - metadata: - labels: - app: falco-event-generator - spec: - nodeSelector: - cncf-project-sub: "falco-driver-ebpf" - containers: - - name: falco-event-generator - securityContext: - {} - image: "falcosecurity/event-generator:latest" - imagePullPolicy: IfNotPresent - command: - - /bin/event-generator - - run - - ^syscall - - --loop - env: - - name: FALCO_EVENT_GENERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - diff --git a/kustomize/falco-driver/ebpf/kustomization.yaml b/kustomize/falco-driver/ebpf/kustomization.yaml new file mode 100644 index 0000000..5ff4e20 --- /dev/null +++ b/kustomize/falco-driver/ebpf/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../falco-generic +- configmap.yaml +- daemonset.yaml diff --git a/kustomize/falco-driver/ebpf/redis.yaml b/kustomize/falco-driver/ebpf/redis.yaml deleted file mode 100644 index 0674d98..0000000 --- a/kustomize/falco-driver/ebpf/redis.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-driver-ebpf - namespace: falco - labels: - app: redis -spec: - replicas: 1 - selector: - matchLabels: - app: redis - template: - metadata: - labels: - app: redis - spec: - nodeSelector: - cncf-project-sub: "falco-driver-ebpf" - containers: - - name: redis-app - image: redis:7.2.3-alpine - ports: - - containerPort: 6379 # default redis port - # https://redis.io/docs/management/optimization/benchmarks/ - # redis-benchmark-* containers are in same pod w/ shared network namespace - # Run in safety infinite loop in addition to using -l flag - - name: redis-benchmark-1 - image: redis:7.2.3-alpine - command: ["/bin/sh"] - args: - - -c - - >- - while true; do - redis-benchmark -h localhost -l -n 100 -c 4; - sleep 5; - done diff --git a/kustomize/falco-driver/ebpf/stress-ng.yaml b/kustomize/falco-driver/ebpf/stress-ng.yaml deleted file mode 100644 index 9ea679d..0000000 --- a/kustomize/falco-driver/ebpf/stress-ng.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: stress-ng-driver-ebpf - namespace: falco - labels: - app: stress-ng -spec: - replicas: 1 - selector: - matchLabels: - app: stress-ng - template: - metadata: - labels: - app: stress-ng - spec: - nodeSelector: - cncf-project-sub: "falco-driver-ebpf" - containers: - # https://wiki.ubuntu.com/Kernel/Reference/stress-ng - - name: stress-ng-1 - image: ubuntu:22.04 - command: ["/bin/bash", "-c"] - args: - - | - apt-get update && - apt-get install -y stress-ng && - while true; do - stress-ng --matrix 1 -t 1m - sleep 5 - done diff --git a/kustomize/falco-driver/kmod/daemonset.yaml b/kustomize/falco-driver/kmod/daemonset.yaml index 5a658f5..7f9bea5 100644 --- a/kustomize/falco-driver/kmod/daemonset.yaml +++ b/kustomize/falco-driver/kmod/daemonset.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: falco-driver-kmod spec: nodeSelector: - cncf-project-sub: "falco-driver-kmod" + node-role.kubernetes.io/benchmark: "true" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists diff --git a/kustomize/falco-driver/kmod/falco-event-generator.yaml b/kustomize/falco-driver/kmod/falco-event-generator.yaml deleted file mode 100644 index b51d7fd..0000000 --- a/kustomize/falco-driver/kmod/falco-event-generator.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: falco-event-generator--driver-kmod - namespace: falco - labels: - app: falco-event-generator -spec: - replicas: 1 - selector: - matchLabels: - app: falco-event-generator - template: - metadata: - labels: - app: falco-event-generator - spec: - nodeSelector: - cncf-project-sub: "falco-driver-kmod" - containers: - - name: falco-event-generator - securityContext: - {} - image: "falcosecurity/event-generator:latest" - imagePullPolicy: IfNotPresent - command: - - /bin/event-generator - - run - - ^syscall - - --loop - env: - - name: FALCO_EVENT_GENERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - diff --git a/kustomize/falco-driver/kmod/kustomization.yaml b/kustomize/falco-driver/kmod/kustomization.yaml new file mode 100644 index 0000000..5ff4e20 --- /dev/null +++ b/kustomize/falco-driver/kmod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../falco-generic +- configmap.yaml +- daemonset.yaml diff --git a/kustomize/falco-driver/kmod/redis.yaml b/kustomize/falco-driver/kmod/redis.yaml deleted file mode 100644 index 966947b..0000000 --- a/kustomize/falco-driver/kmod/redis.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-driver-kmod - namespace: falco - labels: - app: redis -spec: - replicas: 1 - selector: - matchLabels: - app: redis - template: - metadata: - labels: - app: redis - spec: - nodeSelector: - cncf-project-sub: "falco-driver-kmod" - containers: - - name: redis-app - image: redis:7.2.3-alpine - ports: - - containerPort: 6379 # default redis port - # https://redis.io/docs/management/optimization/benchmarks/ - # redis-benchmark-* containers are in same pod w/ shared network namespace - # Run in safety infinite loop in addition to using -l flag - - name: redis-benchmark-1 - image: redis:7.2.3-alpine - command: ["/bin/sh"] - args: - - -c - - >- - while true; do - redis-benchmark -h localhost -l -n 100 -c 4; - sleep 5; - done diff --git a/kustomize/falco-driver/kmod/stress-ng.yaml b/kustomize/falco-driver/kmod/stress-ng.yaml deleted file mode 100644 index 725230b..0000000 --- a/kustomize/falco-driver/kmod/stress-ng.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: stress-ng-driver-kmod - namespace: falco - labels: - app: stress-ng -spec: - replicas: 1 - selector: - matchLabels: - app: stress-ng - template: - metadata: - labels: - app: stress-ng - spec: - nodeSelector: - cncf-project-sub: "falco-driver-kmod" - containers: - # https://wiki.ubuntu.com/Kernel/Reference/stress-ng - - name: stress-ng-1 - image: ubuntu:22.04 - command: ["/bin/bash", "-c"] - args: - - | - apt-get update && - apt-get install -y stress-ng && - while true; do - stress-ng --matrix 1 -t 1m - sleep 5 - done diff --git a/kustomize/falco-driver/modern_ebpf/daemonset.yaml b/kustomize/falco-driver/modern_ebpf/daemonset.yaml index 460d39c..7016d0a 100644 --- a/kustomize/falco-driver/modern_ebpf/daemonset.yaml +++ b/kustomize/falco-driver/modern_ebpf/daemonset.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: falco-driver-modern-ebpf spec: nodeSelector: - cncf-project-sub: "falco-driver-modern-ebpf" + node-role.kubernetes.io/benchmark: "true" tolerations: - key: node-role.kubernetes.io/control-plane operator: Exists diff --git a/kustomize/falco-driver/modern_ebpf/falco-event-generator.yaml b/kustomize/falco-driver/modern_ebpf/falco-event-generator.yaml deleted file mode 100644 index 0781717..0000000 --- a/kustomize/falco-driver/modern_ebpf/falco-event-generator.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: falco-event-generator-driver-modern-ebpf - namespace: falco - labels: - app: falco-event-generator -spec: - replicas: 1 - selector: - matchLabels: - app: falco-event-generator - template: - metadata: - labels: - app: falco-event-generator - spec: - nodeSelector: - cncf-project-sub: "falco-driver-modern-ebpf" - containers: - - name: falco-event-generator - securityContext: - {} - image: "falcosecurity/event-generator:latest" - imagePullPolicy: IfNotPresent - command: - - /bin/event-generator - - run - - ^syscall - - --loop - env: - - name: FALCO_EVENT_GENERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - diff --git a/kustomize/falco-driver/modern_ebpf/kustomization.yaml b/kustomize/falco-driver/modern_ebpf/kustomization.yaml new file mode 100644 index 0000000..5ff4e20 --- /dev/null +++ b/kustomize/falco-driver/modern_ebpf/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../falco-generic +- configmap.yaml +- daemonset.yaml diff --git a/kustomize/falco-driver/modern_ebpf/redis.yaml b/kustomize/falco-driver/modern_ebpf/redis.yaml deleted file mode 100644 index b706dae..0000000 --- a/kustomize/falco-driver/modern_ebpf/redis.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-driver-modern-ebpf - namespace: falco - labels: - app: redis -spec: - replicas: 1 - selector: - matchLabels: - app: redis - template: - metadata: - labels: - app: redis - spec: - nodeSelector: - cncf-project-sub: "falco-driver-modern-ebpf" - containers: - - name: redis-app - image: redis:7.2.3-alpine - ports: - - containerPort: 6379 # default redis port - # https://redis.io/docs/management/optimization/benchmarks/ - # redis-benchmark-* containers are in same pod w/ shared network namespace - # Run in safety infinite loop in addition to using -l flag - - name: redis-benchmark-1 - image: redis:7.2.3-alpine - command: ["/bin/sh"] - args: - - -c - - >- - while true; do - redis-benchmark -h localhost -l -n 100 -c 4; - sleep 5; - done diff --git a/kustomize/falco-driver/modern_ebpf/stress-ng.yaml b/kustomize/falco-driver/modern_ebpf/stress-ng.yaml deleted file mode 100644 index 143bc1b..0000000 --- a/kustomize/falco-driver/modern_ebpf/stress-ng.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: stress-ng-driver-modern-ebpf - namespace: falco - labels: - app: stress-ng -spec: - replicas: 1 - selector: - matchLabels: - app: stress-ng - template: - metadata: - labels: - app: stress-ng - spec: - nodeSelector: - cncf-project-sub: "falco-driver-modern-ebpf" - containers: - # https://wiki.ubuntu.com/Kernel/Reference/stress-ng - - name: stress-ng-1 - image: ubuntu:22.04 - command: ["/bin/bash", "-c"] - args: - - | - apt-get update && - apt-get install -y stress-ng && - while true; do - stress-ng --matrix 1 -t 1m - sleep 5 - done diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml deleted file mode 100644 index bede2f5..0000000 --- a/kustomize/kustomization.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- falco-driver/modern_ebpf/configmap.yaml -- falco-driver/modern_ebpf/daemonset.yaml -- falco-driver/modern_ebpf/redis.yaml -- falco-driver/modern_ebpf/stress-ng.yaml -- falco-driver/modern_ebpf/falco-event-generator.yaml -- falco-driver/ebpf/configmap.yaml -- falco-driver/ebpf/daemonset.yaml -- falco-driver/ebpf/redis.yaml -- falco-driver/ebpf/stress-ng.yaml -- falco-driver/ebpf/falco-event-generator.yaml -- falco-driver/kmod/configmap.yaml -- falco-driver/kmod/daemonset.yaml -- falco-driver/kmod/redis.yaml -- falco-driver/kmod/stress-ng.yaml -- falco-driver/kmod/falco-event-generator.yaml -- falco-generic/serviceaccount.yaml -- falco-generic/falcoctl-configmap.yaml From 9e0c58ebc4437e223ae28d78125abbd00e9725e5 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Tue, 2 Jul 2024 16:40:48 +0200 Subject: [PATCH 2/2] fix: Move benchmarks to new directory Signed-off-by: Ross Fairbanks --- benchmark-tests/falco-event-generator.yaml | 35 ++++++++++++++++++++ benchmark-tests/redis.yaml | 37 ++++++++++++++++++++++ benchmark-tests/stress-ng.yaml | 32 +++++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 benchmark-tests/falco-event-generator.yaml create mode 100644 benchmark-tests/redis.yaml create mode 100644 benchmark-tests/stress-ng.yaml diff --git a/benchmark-tests/falco-event-generator.yaml b/benchmark-tests/falco-event-generator.yaml new file mode 100644 index 0000000..11617ea --- /dev/null +++ b/benchmark-tests/falco-event-generator.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: falco-event-generator + namespace: falco + labels: + app: falco-event-generator +spec: + replicas: 1 + selector: + matchLabels: + app: falco-event-generator + template: + metadata: + labels: + app: falco-event-generator + spec: + nodeSelector: + node-role.kubernetes.io/benchmark: "true" + containers: + - name: falco-event-generator + securityContext: + {} + image: "falcosecurity/event-generator:latest" + imagePullPolicy: IfNotPresent + command: + - /bin/event-generator + - run + - ^syscall + - --loop + env: + - name: FALCO_EVENT_GENERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace diff --git a/benchmark-tests/redis.yaml b/benchmark-tests/redis.yaml new file mode 100644 index 0000000..c744750 --- /dev/null +++ b/benchmark-tests/redis.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: falco + labels: + app: redis +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + nodeSelector: + node-role.kubernetes.io/benchmark: "true" + containers: + - name: redis-app + image: redis:7.2.3-alpine + ports: + - containerPort: 6379 # default redis port + # https://redis.io/docs/management/optimization/benchmarks/ + # redis-benchmark-* containers are in same pod w/ shared network namespace + # Run in safety infinite loop in addition to using -l flag + - name: redis-benchmark-1 + image: redis:7.2.3-alpine + command: ["/bin/sh"] + args: + - -c + - >- + while true; do + redis-benchmark -h localhost -l -n 100 -c 4; + sleep 5; + done diff --git a/benchmark-tests/stress-ng.yaml b/benchmark-tests/stress-ng.yaml new file mode 100644 index 0000000..18d4624 --- /dev/null +++ b/benchmark-tests/stress-ng.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stress-ng + namespace: falco + labels: + app: stress-ng +spec: + replicas: 1 + selector: + matchLabels: + app: stress-ng + template: + metadata: + labels: + app: stress-ng + spec: + nodeSelector: + node-role.kubernetes.io/benchmark: "true" + containers: + # https://wiki.ubuntu.com/Kernel/Reference/stress-ng + - name: stress-ng-1 + image: ubuntu:22.04 + command: ["/bin/bash", "-c"] + args: + - | + apt-get update && + apt-get install -y stress-ng && + while true; do + stress-ng --matrix 1 -t 1m + sleep 5 + done