constellation/.github/actions/e2e_benchmark/action.yml
Daniel Weiße 66aa8a8d52
ci: adjust performance benchmark to run on different attestation variants (#3129)
* Create perf bench artifacts based on attestation variant, not CSP
* Enable perf bench on gcp-sev-snp, azure-tdx and AWS

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-04 13:23:07 +02:00

221 lines
7.7 KiB
YAML

name: benchmark
description: "Run benchmarks"
inputs:
cloudProvider:
description: "Which cloud provider to use."
required: true
attestationVariant:
description: "Which attestation variant to use."
required: true
kubeconfig:
description: "The kubeconfig of the cluster to test."
required: true
awsOpenSearchDomain:
description: "AWS OpenSearch Endpoint Domain to upload the results."
required: false
awsOpenSearchUsers:
description: "AWS OpenSearch User to upload the results."
required: false
awsOpenSearchPwd:
description: "AWS OpenSearch Password to upload the results."
required: false
artifactNameSuffix:
description: "Suffix for artifact naming."
required: true
encryptionSecret:
description: 'The secret to use for encrypting the artifact.'
required: true
runs:
using: "composite"
steps:
- name: Setup python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.10"
- name: Install kubestr
shell: bash
env:
KUBESTR_VER: "0.4.37"
run: |
HOSTOS="$(go env GOOS)"
HOSTARCH="$(go env GOARCH)"
curl -fsSLO https://github.com/kastenhq/kubestr/releases/download/v${KUBESTR_VER}/kubestr_${KUBESTR_VER}_${HOSTOS}_${HOSTARCH}.tar.gz
tar -xzf kubestr_${KUBESTR_VER}_${HOSTOS}_${HOSTARCH}.tar.gz
install kubestr /usr/local/bin
- name: Checkout k8s-bench-suite
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0
repository: "edgelesssys/k8s-bench-suite"
ref: 67c64c854841165b778979375444da1c02e02210
path: k8s-bench-suite
- name: Run FIO benchmark
shell: bash
env:
KUBECONFIG: ${{ inputs.kubeconfig }}
run: |
if [[ "${{ inputs.cloudProvider }}" == "azure" ]]
then
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fio-benchmark
allowVolumeExpansion: true
allowedTopologies: []
mountOptions: []
parameters:
skuname: StandardSSD_LRS
cachingMode: None
provisioner: azuredisk.csi.confidential.cloud
reclaimPolicy: Delete
volumeBindingMode: Immediate
EOF
fi
if [[ "${{ inputs.cloudProvider }}" == "gcp" ]]
then
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fio-benchmark
provisioner: gcp.csi.confidential.cloud
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
type: pd-balanced
EOF
fi
if [[ "${{ inputs.cloudProvider }}" == "aws" ]]
then
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fio-benchmark
parameters:
type: gp3
provisioner: aws.csi.confidential.cloud
allowVolumeExpansion: true
reclaimPolicy: Delete
volumeBindingMode: Immediate
EOF
fi
mkdir -p out
kubestr fio -e "out/fio-constellation-${{ inputs.attestationVariant }}.json" -o json -s fio-benchmark -z 400Gi -f .github/actions/e2e_benchmark/fio.ini
- name: Upload raw FIO benchmark results
if: (!env.ACT)
uses: ./.github/actions/artifact_upload
with:
path: "out/fio-constellation-${{ inputs.attestationVariant }}.json"
name: "fio-constellation-${{ inputs.artifactNameSuffix }}.json"
encryptionSecret: ${{ inputs.encryptionSecret }}
- name: Run knb benchmark
shell: bash
env:
KUBECONFIG: ${{ inputs.kubeconfig }}
TERM: xterm-256color
run: |
workers="$(kubectl get nodes -o name -l '!node-role.kubernetes.io/control-plane')"
echo -e "Found workers:\n$workers"
server="$(echo "$workers" | tail +1 | head -1 | cut -d '/' -f2)"
echo "Server: $server"
client="$(echo "$workers" | tail +2 | head -1 | cut -d '/' -f2)"
echo "Client: $client"
k8s-bench-suite/knb -f "out/knb-constellation-${{ inputs.attestationVariant }}.json" -o json --server-node "$server" --client-node "$client"
- name: Upload raw knb benchmark results
if: (!env.ACT)
uses: ./.github/actions/artifact_upload
with:
path: "out/knb-constellation-${{ inputs.attestationVariant }}.json"
name: "knb-constellation-${{ inputs.artifactNameSuffix }}.json"
encryptionSecret: ${{ inputs.encryptionSecret }}
- name: Parse results, create diagrams and post the progression summary
shell: bash
env:
# Original result directory
BENCH_RESULTS: out/
# Working directory containing the previous results as JSON and to contain the graphs
BDIR: benchmarks
CSP: ${{ inputs.cloudProvider }}
ATTESTATION_VARIANT: ${{ inputs.attestationVariant }}
run: |
mkdir -p benchmarks
python .github/actions/e2e_benchmark/evaluate/parse.py
- name: Upload benchmark results to action run
if: (!env.ACT)
uses: ./.github/actions/artifact_upload
with:
path: >
benchmarks/constellation-${{ inputs.attestationVariant }}.json
name: "benchmarks-${{ inputs.artifactNameSuffix }}"
encryptionSecret: ${{ inputs.encryptionSecret }}
- name: Assume AWS role to retrieve and update benchmarks in S3
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks
aws-region: us-east-2
- name: Set S3 artifact store
shell: bash
env:
ARTIFACT_BUCKET_CONSTELLATION: "edgeless-artifact-store/constellation"
run: echo S3_PATH=s3://${ARTIFACT_BUCKET_CONSTELLATION}/benchmarks >> $GITHUB_ENV
- name: Get previous benchmark records from S3
shell: bash
run: |
if aws s3 cp "${S3_PATH}/constellation-${{ inputs.attestationVariant }}.json" ./ --no-progress
then
mv "constellation-${{ inputs.attestationVariant }}.json" "benchmarks/constellation-${{ inputs.attestationVariant }}-previous.json"
else
echo "::warning::Couldn't retrieve previous benchmark records from s3"
fi
- name: Compare results
shell: bash
env:
# Paths to benchmark results as JSON of the previous run and the current run
PREV_BENCH: benchmarks/constellation-${{ inputs.attestationVariant }}-previous.json
CURR_BENCH: benchmarks/constellation-${{ inputs.attestationVariant }}.json
run: |
if [[ -f "$PREV_BENCH" ]]; then
# Fails if the results are outside the threshold range
python .github/actions/e2e_benchmark/evaluate/compare.py >> $GITHUB_STEP_SUMMARY
fi
- name: Upload benchmark results to OpenSearch
if: (!env.ACT)
shell: bash
env:
OPENSEARCH_DOMAIN: ${{ inputs.awsOpenSearchDomain }}
OPENSEARCH_USER: ${{ inputs.awsOpenSearchUsers }}
OPENSEARCH_PWD: ${{ inputs.awsOpenSearchPwd }}
run: |
curl -XPOST \
-u "${OPENSEARCH_USER}:${OPENSEARCH_PWD}" \
"${OPENSEARCH_DOMAIN}/benchmarks-${{ inputs.attestationVariant }}-$(date '+%Y')"/_doc \
--data-binary @benchmarks/constellation-${{ inputs.attestationVariant }}.json \
-H 'Content-Type: application/json'
- name: Update benchmark records in S3
if: github.ref_name == 'main'
shell: bash
run: |
aws s3 cp benchmarks/constellation-${{ inputs.attestationVariant }}.json ${S3_PATH}/constellation-${{ inputs.attestationVariant }}.json