GoogleCloudPlatform/k8s-metadata-proxy

Name: k8s-metadata-proxy

Owner: Google Cloud Platform

Description: null

Created: 2017-10-12 19:34:24.0

Updated: 2018-05-20 23:08:17.0

Pushed: 2018-03-02 00:17:26.0

Homepage: null

Size: 234

Language: Go

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

k8s-metadata-proxy

This repo contains a simple proxy for serving concealed metadata to container workloads running in kubernetes/kubernetes on a GCE VM.

Performance

This proxy has been benchmarked at requiring no more than 25Mi memory. With such a constraint and effectively no cpu constraint, it can serve 200 concurrent requests indefinitely at around 700 qps:

bectl describe pod metadata-proxy-v0.1-xxxxx
]
ainers:
tadata-proxy:
[...]
Limits:
  cpu: 500m
  memory: 25Mi
Requests:
  cpu: 500m
  memory: 25Mi
]

 -n 200000 -c 200 -H 'Metadata-Flavor:Google' http://127.0.0.1:988/computeMetadata/v1/instance/service-accounts/default/token
 is ApacheBench, Version 2.3 <$Revision: 1604373 $>
right 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
nsed to The Apache Software Foundation, http://www.apache.org/

]

er Software:        Metadata
er Hostname:        127.0.0.1
er Port:            988

ment Path:          /computeMetadata/v1/instance/service-accounts/default/token
ment Length:        202 bytes

urrency Level:      200
 taken for tests:   251.792 seconds
lete requests:      200000
ed requests:        0
l transferred:      86000000 bytes
 transferred:       40400000 bytes
ests per second:    794.31 [#/sec] (mean)
 per request:       251.792 [ms] (mean)
 per request:       1.259 [ms] (mean, across all concurrent requests)
sfer rate:          333.55 [Kbytes/sec] received

ection Times (ms)
          min  mean[+/-sd] median   max
ect:        0    0  17.5      0    1003
essing:    42  251  60.5    247     959
ing:       42  251  60.6    246     958
l:         42  252  62.5    247    1212

entage of the requests served within a certain time (ms)
%    247
%    271
%    288
%    298
%    329
%    357
%    396
%    423
%   1212 (longest request)

Under cpu constraint, the qps goes down to about 50, but the pod serves all requests successfully:

bectl describe pod metadata-proxy-v0.1-xxxxx
]
ainers:
tadata-proxy:
[...]
Limits:
  cpu: 30m
  memory: 25Mi
Requests:
  cpu: 30m
  memory: 25Mi
]

 -n 200000 -c 200 -H 'Metadata-Flavor:Google' http://127.0.0.1:988/computeMetadata/v1/instance/service-accounts/default/token
 is ApacheBench, Version 2.3 <$Revision: 1604373 $>
right 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
nsed to The Apache Software Foundation, http://www.apache.org/

]

er Software:        Metadata
er Hostname:        127.0.0.1
er Port:            988

ment Path:          /computeMetadata/v1/instance/service-accounts/default/token
ment Length:        202 bytes

urrency Level:      200
 taken for tests:   3592.015 seconds
lete requests:      200000
ed requests:        0
l transferred:      86000000 bytes
 transferred:       40400000 bytes
ests per second:    55.68 [#/sec] (mean)
 per request:       3592.015 [ms] (mean)
 per request:       17.960 [ms] (mean, across all concurrent requests)
sfer rate:          23.38 [Kbytes/sec] received

ection Times (ms)
          min  mean[+/-sd] median   max
ect:        0    1  32.4      0    1004
essing:   892 3590 633.2   3593    8102
ing:      892 3581 630.2   3504    7999
l:        899 3591 634.3   3595    8102

entage of the requests served within a certain time (ms)
%   3595
%   3798
%   3901
%   4000
%   4300
%   4602
%   5200
%   5699
%   8102 (longest request)

Above 200 concurrent requests, it starts resetting connections, but does not go above 25MiB memory.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.