Skip to main content

Running performance tests on the SPIRL server

spirl-perf is a tool to run performance tests on the SPIRL server that simulate load with a large number of SPIRL agents. With spirl-perf you can simulate agents logging in to the SPIRL server and agents requesting an x509 SVID.

Installing spirl-perf

In a new working directory, use one of the following commands to download spirl-perf

# Linux amd64
curl -o spirl-perf-v0.1.3.tar.gz https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-perf/v0.1.3/spirl-perf-v0.1.3-linux-amd64.tar.gz && tar -zxvf spirl-perf-v0.1.3.tar.gz

# Linux arm64
curl -o spirl-perf-v0.1.3.tar.gz https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-perf/v0.1.3/spirl-perf-v0.1.3-linux-arm64.tar.gz && tar -zxvf spirl-perf-v0.1.3.tar.gz

# macOS amd64
curl -o spirl-perf-v0.1.3.tar.gz https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-perf/v0.1.3/spirl-perf-v0.1.3-darwin-amd64.tar.gz && tar -zxvf spirl-perf-v0.1.3.tar.gz

# macOS arm64
curl -o spirl-perf-v0.1.3.tar.gz https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-perf/v0.1.3/spirl-perf-v0.1.3-darwin-arm64.tar.gz && tar -zxvf spirl-perf-v0.1.3.tar.gz

# Windows i386
curl -o spirl-perf-v0.1.3.tar.gz https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-perf/v0.1.3/spirl-perf-v0.1.3-windows-386.zip && tar -zxvf spirl-perf-v0.1.3.tar.gz

# Windows amd64
curl -o spirl-perf-v0.1.3.tar.gz https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-perf/v0.1.3/spirl-perf-v0.1.3-windows-amd64.zip && tar -zxvf spirl-perf-v0.1.3.tar.gz

You should now have the spirl-perf utility available!

$ ./spirl-perf --summary
Available commands:
    spirl-perf login              Run a test where agents send login requests to the td server
    spirl-perf mint-x509-svids    Run a test where agents send mint x509 requests to the td server

SPIRL cluster setup

To run spirl-perf you will need to create a new cluster for your trust-domain. For example, with spirlctl the following command adds a cluster called test-cluster to the example.com trust domain:

spirlctl cluster add test-cluster --platform k8s --trust-domain example.com --cluster-version-key-pem --no-deploy
Successfully added cluster "test-cluster" to trust domain "example.com"
Cluster Version ID: cv-vjdkept680
Cluster Version Key written to: test-cluster.cv-vjdkept680.key.pem
Agent system deployment written to: test-cluster.cv-vjdkept680.system.yaml

You must specify the flags --no-deploy and --cluster-version-key-pem so that the spirl-agent is not deployed to a kubernetes cluster and the cluster version key is written to a file on disk.

You will need the Cluster Version ID and the Cluster Version Key file later.

Next find the agent endpoint for your trust domain:

spirlctl trust-domain info example.com

The endpoint is listed under SPIRL Agent Endpoint.

Note: If you are using self-hosted SPIRL servers you will not see the SPIRL Agent Endpoint in the command above. For self-hosted SPIRL Servers the SPIRL Agent Endpoint refers to the endpoint on the trust domain servers to which SPIRL agents establish their connections.

Test agent login

Using the information gathered in the previous step, you can use spirl-perf to run a performance test that simulates agents logging in to the SPIRL server.

./spirl-perf login --spirl-endpoint SPIRL_AGENT_ENDPOINT --cluster-version-key-file PATH_TO_CLUSTER_VERSION_KEY_FILE --cluster-version-id CLUSTER_VERSION_ID --duration 5s --print-summary

This will run the test for 5 seconds and then print a summary of the time it took each simulated agent to log in to the server.

Login events occur at the agent level, not for each workload. When testing logins, you typically only need one request per node.

Note: By default spirl-perf will connect to the agent endpoint using TLS. If the endpoint does not use TLS use the flag --enable-tls=false to connect without TLS.

Use ./spirl-perf login --help to see more documentation and learn how to modify the number of simulated agents or increase the requests per second per agent.

Test agents requesting an x509 SVID

Using the information gathered, you can use spirl-perf to run a performance test that simulates agents requesting an x509 SVID from the SPIRL server.

./spirl-perf mint-x509-svid --spirl-endpoint SPIRL_AGENT_ENDPOINT --cluster-version-key-file PATH_TO_CLUSTER_VERSION_KEY_FILE --cluster-version-id CLUSTER_VERSION_ID --duration 5s --print-summary

This will run the test for 5 seconds and then print a summary of the time it took each simulated agent to get an x509 SVID from the server.

Each workload will request an SVID when it restarts. Therefore, you should simulate one request per workload when using this test.

Use ./spirl-perf mint-x509-svid --help to see more documentation and learn how to modify the number of simulated agents or increase the requests per second per agent.

Understanding Command Parameters

  • --num-agents: Represents the number of nodes supporting the pods. For example, if you have 1000 pods distributed across 50 nodes, use --num-agents 50.
  • --rps: Requests per second per agent. To simulate all pods restarting simultaneously, set this to (total number of pods) / (number of agents). For example, with 1000 pods on 50 nodes, use --rps 20.
  • --duration: Determines the approximate duration of the test. Note that if there are bottlenecks, the actual test duration may be longer.