Skip to content

Policy add deny rule test and benchmark #35714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 9, 2024
Merged

Policy add deny rule test and benchmark #35714

merged 2 commits into from
Nov 9, 2024

Conversation

jrajahalme
Copy link
Member

@jrajahalme jrajahalme commented Nov 3, 2024
edited
Loading

This is a partial backport of #33313, backporting only the new test and benchmark. This is being backported for comparison purposes between 1.16 and the forthcoming 1.17.

Add test and benchmark with a mix of deny and allow CIDR rules.
Add identity for each CIDR so that 'toMapState' has some work to do.

Run the new benchmark like this:

$ go test ./pkg/policy/... -bench BenchmarkRegenerateCIDRDenyPolicyRules -run ^$

Note: To run just the matching benchmark and run no tests, -run ^$ is used as ^$ is a regular expression that does not match any tests.

@jrajahalme jrajahalme added kind/backports This PR provides functionality previously merged into master. backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. affects/v1.16 This issue affects v1.16 branch labels Nov 3, 2024
@jrajahalme jrajahalme requested a review from a team as a code owner November 3, 2024 12:12
@jrajahalme
policy: Generalize bootstrapRepo for different sets of identities
2e10cb4 
[ upstream commit 4c6af59 ]

Change bootstrapRepo to not generate identities directly, but via the
passed in rule generation function. This way the generated identities can
be tailored for the rules being used. This becomes useful with additional
CIDR tests.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme
policy: Add deny rule test and benchmark
71032d6 
[ upstream commit 6363913 ]

Add test and benchmark with a mix of deny and allow CIDR rules.

Add identity for each CIDR so that 'toMapState' has some work to do.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme jrajahalme force-pushed the policy-add-deny-rule-test-and-benchmark branch from 7f6da65 to 71032d6 Compare November 3, 2024 12:20
@jrajahalme
Copy link
Member Author

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 7, 2024
@jrajahalme jrajahalme added this pull request to the merge queue Nov 9, 2024
Merged via the queue into cilium:v1.16 with commit 0958b44 Nov 9, 2024
59 checks passed
@jrajahalme jrajahalme deleted the policy-add-deny-rule-test-and-benchmark branch November 9, 2024 16:28
@cilium-release-bot cilium-release-bot bot mentioned this pull request Nov 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@youngnick youngnick youngnick approved these changes

Assignees
No one assigned
Labels
affects/v1.16 This issue affects v1.16 branch backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jrajahalme @youngnick