This document outlines the process and results of a load test demonstrating the performance impact of a Kyverno policy using GCTX. The goal is to showcase the improved efficiency achieved through GCTX.
Demonstration Overview:
This demo will:
- Setup a Kubernetes environment: A local Kubernetes cluster is created with limited resources to simulate a resource-constrained environment.
- Deploy Kyverno: The policy engine used for enforcement is installed.
- Apply a GCTX-enabled policy: The target Kyverno policy that utilizes GCTX is applied to the cluster.
- Run a load test: A comparison of performance is made with and without the applied GCTX enabled policy.
- Review results: Performance metrics, specifically HTTP request time, will be presented and compared.
Setup Instructions
Follow these steps to replicate the demonstration:
-
Create a Local Kubernetes Cluster (Kind):
kind create cluster
This command will create a local Kubernetes cluster using Kind.
-
Limit CPU Resources:
docker update --cpus=1 kind-control-plane
This limits the control plane CPU, simulating a resource-constrained environment.
-
Install Kyverno:
helm repo add kyverno https://kyverno.github.io/kyverno/ helm repo update helm install kyverno kyverno/kyverno -n kyverno --create-namespace
Follow Kyverno's official installation instructions to install Kyverno on the cluster.
-
Install K6.io command line
The K6.io tool is used for performance and load testing. Follow the instructions to install the command line for your platform: https://grafana.com/docs/k6/latest/set-up/install-k6/.
-
Run the load tests with the policy which makes API calls :
make test-api-call
This command executes the load test using the original policy.
-
Run the load tests with the policy which uses a Gobal Context :
make test-gctx
This applies the policy using a global context to cache namespaces.
The following results compare the average HTTP request time with and without GCTX enabled policy under load.
With API Calls:
http_req_duration... avg=3.72s min=3.34ms med=3.99s max=5.37s p(90)=4.03s p(95)=4.17sWith Global Context:
http_req_duration... avg=337.49ms min=3.31ms med=300.35ms max=805.96ms p(90)=693.94ms p(95)=795.19msUsing Global Context in the Kyverno policy significantly improved performance, reducing the average request time from 3.72 seconds to 337 milliseconds. This demonstrates the positive impact of using the global context and reducing API calls for policy enforcement efficiency.
Key Takeaways:
- The Global Context optimizes policy execution by reducing API calls, leading to faster response times.
- The load test simulates an environment for performance analysis. It can be easily customized for different scenarios.
- These results highlight the benefits of Global Context in resource-constrained Kubernetes environments.