From 80d1d926caf60ad07abb0bcc6527f7be2814e52d Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Fri, 2 Aug 2019 11:18:02 -0700 Subject: [PATCH] add profiling flags --- .gitignore | 1 + init.go | 49 ++++++++++++++++++++++++++++++++++++++ main.go | 15 +++++++++++- pkg/webhooks/validation.go | 2 +- scripts/compile-image.sh | 2 +- 5 files changed, 66 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f63e37052a..fe301c5536 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ Gopkg.lock kyverno gh-pages/public _output +coverage.txt diff --git a/init.go b/init.go index 7e172ce1e6..81701a90bb 100644 --- a/init.go +++ b/init.go @@ -2,6 +2,10 @@ package main import ( "fmt" + "math/rand" + "time" + + "github.com/pkg/profile" "github.com/golang/glog" client "github.com/nirmata/kyverno/pkg/dclient" @@ -51,3 +55,48 @@ func initTLSPemPair(configuration *rest.Config, client *client.Client) (*tls.Tls glog.Infoln("Using existing TLS key/certificate pair") return tlsPair, nil } + +var prof interface { + Stop() +} + +func enableProfiling(cpu, memory bool) interface { + Stop() +} { + + file := "/opt/nirmata/kyverno/" + randomString(6) + if cpu { + glog.Infof("Enable cpu profiling ...") + prof = profile.Start(profile.CPUProfile, profile.ProfilePath(file)) + } else if memory { + glog.Infof("Enable memory profiling ...") + prof = profile.Start(profile.MemProfile, profile.ProfilePath(file)) + } + + return prof +} + +func disableProfiling(p interface{ Stop() }) { + if p != nil { + p.Stop() + } +} + +// generate random string +const charset = "abcdefghijklmnopqrstuvwxyz" + + "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" + +var seededRand *rand.Rand = rand.New( + rand.NewSource(time.Now().UnixNano())) + +func stringWithCharset(length int, charset string) string { + b := make([]byte, length) + for i := range b { + b[i] = charset[seededRand.Intn(len(charset))] + } + return string(b) +} + +func randomString(length int) string { + return stringWithCharset(length, charset) +} diff --git a/main.go b/main.go index 0d2b1a83e1..75c9b8e2c4 100644 --- a/main.go +++ b/main.go @@ -21,11 +21,15 @@ var ( kubeconfig string serverIP string filterK8Resources string + cpu bool + memory bool ) func main() { defer glog.Flush() printVersionInfo() + prof = enableProfiling(cpu, memory) + clientConfig, err := createClientConfig(kubeconfig) if err != nil { glog.Fatalf("Error building kubeconfig: %v\n", err) @@ -83,15 +87,24 @@ func main() { } server.RunAsync() + <-stopCh - server.Stop() genControler.Stop() eventController.Stop() annotationsController.Stop() policyController.Stop() + disableProfiling(prof) + server.Stop() } func init() { + // profiling feature gate + // cpu and memory profiling cannot be enabled at same time + // if both cpu and memory are enabled + // by default is to profile cpu + flag.BoolVar(&cpu, "cpu", false, "cpu profilling feature gate, default to false || cpu and memory profiling cannot be enabled at the same time") + flag.BoolVar(&memory, "memory", false, "memory profilling feature gate, default to false || cpu and memory profiling cannot be enabled at the same time") + flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.") flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.") flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"") diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go index 93c13955cc..b444c4c11c 100644 --- a/pkg/webhooks/validation.go +++ b/pkg/webhooks/validation.go @@ -101,7 +101,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1 // If Validation fails then reject the request ok, msg := isAdmSuccesful(policyInfos) // violations are created if "audit" flag is set - // and if there are any then we dont bock the resource creation + // and if there are any then we dont block the resource creation // Even if one the policy being applied if !ok && toBlock(policyInfos) { diff --git a/scripts/compile-image.sh b/scripts/compile-image.sh index 58a9db8e42..988c63f60d 100755 --- a/scripts/compile-image.sh +++ b/scripts/compile-image.sh @@ -18,7 +18,7 @@ dep ensure -v || exit 2 echo "# Building executable ${project_name}..." chmod +x scripts/update-codegen.sh scripts/update-codegen.sh -CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ${project_name} . || exit 3 +make build || exit 3 echo "# Building docker image ${hub_user_name}/${project_name}:${version}" cat < Dockerfile