Skip to content
Open
152 changes: 152 additions & 0 deletions perfkitbenchmarker/data/cluster/swap_encryption_daemonset.yaml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ ds_name }}
namespace: {{ ds_namespace }}
labels:
app: {{ ds_label }}
spec:
selector:
matchLabels:
app: {{ ds_label }}
template:
metadata:
labels:
app: {{ ds_label }}
spec:
hostPID: true
hostNetwork: true
# Pin to the benchmark nodepool — never schedule on the dummy default pool.
nodeSelector:
pkb_nodepool: {{ benchmark_nodepool }}
tolerations:
- operator: Exists
containers:
- name: benchmark
image: {{ image }}
command:
- bash
- -c
- |
echo "[pkb] Installing benchmark measurement tools..."
# Phase 1+2 tools: fio (raw-device I/O), stress-ng (CPU overhead),
# cryptsetup/mdadm (dm-crypt inspection), sysstat (vmstat/pidstat),
# nvme-cli (NVMe telemetry), cgroup-tools (cgroup v1 guard).
# Phase 3b tools: gcc/make/etc. (kernel build inside memory cap).
# Redis/memtier/esrally/opensearch are NOT installed here —
# those workloads run in separate PKB benchmark pods (Phase 3a, 3c)
# per Ajay review comment r3457826290.
PKB_APT_OK=0
for _attempt in 1 2 3; do
apt-get update -qq 2>&1 || true
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq \
fio \
stress-ng \
cryptsetup \
mdadm \
sysstat \
nvme-cli \
cgroup-tools \
util-linux \
gcc \
make \
bc \
flex \
bison \
libelf-dev \
libssl-dev \
2>&1 && PKB_APT_OK=1 && break
echo "[pkb] apt-get attempt $_attempt failed, retrying in 15s..." >&2
sleep 15
done
if [ "$PKB_APT_OK" != "1" ] || \
! command -v fio >/dev/null 2>&1 || \
! command -v stress-ng >/dev/null 2>&1; then
echo "[pkb] FATAL: critical tools (fio, stress-ng) not installed" >&2
exit 1
fi
echo "[pkb] fio: $(fio --version 2>&1 | head -1)"
echo "[pkb] stress-ng: $(stress-ng --version 2>&1 | head -1)"
echo "[pkb] Verifying swap device is active..."
PKB_SWAP_FOUND=0
for _attempt in $(seq 1 30); do
if awk 'NR>1{found=1} END{exit !found}' /proc/swaps 2>/dev/null; then
PKB_SWAP_DEV=$(awk 'NR==2{print $1}' /proc/swaps)
echo "[pkb] Swap device active: $PKB_SWAP_DEV"
PKB_SWAP_FOUND=1
break
fi
echo "[pkb] Waiting for swap device (attempt $_attempt/30)..." >&2
sleep 5
done
if [ "$PKB_SWAP_FOUND" != "1" ]; then
echo "[pkb] WARNING: no active swap device after 150s — " \
"check linuxConfig.swapConfig / kubelet swap config." >&2
fi
echo "[pkb] Pre-fetching kernel source for Phase 3b build workload..."
PKB_KVER="{{ kernel_version }}"
PKB_KROOT="/mnt/stateful_partition/pkb_kernel"
PKB_KTARBALL="$PKB_KROOT/linux-$PKB_KVER.tar.xz"
PKB_KSRC="$PKB_KROOT/linux-$PKB_KVER"
PKB_KURL="https://cdn.kernel.org/pub/linux/kernel/v${PKB_KVER%%.*}.x/linux-$PKB_KVER.tar.xz"
mkdir -p "$PKB_KROOT"
if [ ! -f "$PKB_KTARBALL" ]; then
wget -q --timeout=300 -O "$PKB_KTARBALL" "$PKB_KURL" 2>&1 || \
echo "[pkb] WARNING: kernel tarball download failed" >&2
fi
if [ -f "$PKB_KTARBALL" ] && [ ! -d "$PKB_KSRC" ]; then
echo "[pkb] Extracting kernel source (xz, may take ~60 s)..."
tar -xf "$PKB_KTARBALL" -C "$PKB_KROOT" 2>&1 || \
echo "[pkb] WARNING: kernel source extraction failed" >&2
fi
echo "[pkb] Benchmark tools ready. Writing ready sentinel."
touch /tmp/pkb_ready
sleep infinity
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN", "IPC_LOCK"]
resources:
requests:
memory: "512Mi"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: dev
mountPath: /dev
- name: sys
mountPath: /sys
- name: run
mountPath: /run
- name: proc-host
mountPath: /proc-host
readOnly: true
- name: stateful-partition
mountPath: /mnt/stateful_partition
- name: lib-modules
mountPath: /lib/modules
readOnly: true
volumes:
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: run
hostPath:
path: /run
- name: proc-host
hostPath:
path: /proc
- name: stateful-partition
hostPath:
path: /mnt/stateful_partition
type: DirectoryOrCreate
- name: lib-modules
hostPath:
path: /lib/modules
type: Directory
Loading