Security perf

pipelines/system/new-pipeline-test.yml

@@ -1,25 +1,134 @@
 trigger: none
+schedules:
+  # Azure Small Scale(10) Schedule
+  - cron: "0 2 * * *"
+    displayName: "2:00 AM Daily"
+    branches:
+      include:
+        - main
+    always: true
+  # Azure Medium Scale(500) Schedule
+  - cron: "0 11 * * *"
+    displayName: "Every day at 11:00 AM"
+    branches:
+      include:
+        - main
+    always: true
+  # Azure Large Scale(1000) Schedule
+  - cron: "0 23 * * *"
+    displayName: "Every day at 11:00 PM"
+    branches:
+      include:
+        - main
+    always: true
 
 variables:
-  SCENARIO_TYPE: <scenario-type>
-  SCENARIO_NAME: <scenario-name>
+  SCENARIO_TYPE: perf-eval
+  SCENARIO_NAME: security-perf
 
 stages:
-  - stage: <stage-name> # format: <cloud>[_<region>]+ (e.g. azure_eastus2, aws_eastus_westus)
+  - stage: azure_eastus2_small_scale
+    condition: |
+        or(
+          eq(variables['Build.CronSchedule.DisplayName'], '2:00 AM Daily'),
+          eq(variables['Build.Reason'], 'Manual')
+        )
     dependsOn: []
     jobs:
-      - template: /jobs/competitive-test.yml # must keep as is
+      - template: /jobs/competitive-test.yml
         parameters:
-          cloud: <cloud> # e.g. azure, aws
-          regions: # list of regions
-            - region1 # e.g. eastus2
-          topology: <topology> # e.g. cluster-autoscaler
-          engine: <engine> # e.g. clusterloader2
-          matrix: # list of test parameters to customize the provisioned resources
-            <case-name>:
-              <key1>: <value1>
-              <key2>: <value2>
-          max_parallel: <number of concurrent jobs> # required
-          credential_type: service_connection # required
+          cloud: azure
+          regions:
+            - eastus2
+          engine: clusterloader2
+          engine_input:
+            image: "ghcr.io/azure/clusterloader2:v20250423"
+          topology: cluster-autoscaler
+          matrix:
+            small-scale-on-demand:
+              cpu_per_node: 4
+              node_count: 11
+              pod_count: 110
+              scale_up_timeout: "15m"
+              scale_down_timeout: "15m"
+              node_label_selector: "cas = dedicated"
+              node_selector: "{cas: dedicated}"
+              loop_count: 5
+              warmup_deployment: false
+              capacity_type: on-demand
+          max_parallel: 1
+          timeout_in_minutes: 360
+          credential_type: service_connection
+          ssh_key_enabled: false
+
+  - stage: azure_australiaeast_medium_scale
+    condition: |
+        or(
+          eq(variables['Build.CronSchedule.DisplayName'], 'Every day at 11:00 AM'),
+          eq(variables['Build.Reason'], 'Manual')
+        )
+    dependsOn: []
+    jobs:
+      - template: /jobs/competitive-test.yml
+        parameters:
+          cloud: azure
+          regions:
+            - australiaeast
+          terraform_input_file_mapping:
+            - australiaeast: "scenarios/perf-eval/security-perf/terraform-inputs/azure.tfvars"
+          engine: clusterloader2
+          engine_input:
+            image: "ghcr.io/azure/clusterloader2:v20250423"
+          topology: cluster-autoscaler
+          matrix:
+            medium-scale-on-demand:
+              cpu_per_node: 2
+              node_count: 501
+              pod_count: 501
+              scale_up_timeout: "40m"
+              scale_down_timeout: "40m"
+              node_label_selector: "cas = dedicated"
+              node_selector: "{cas: dedicated}"
+              loop_count: 1
+              warmup_deployment: false
+              capacity_type: on-demand
+          max_parallel: 1
+          timeout_in_minutes: 360
+          credential_type: service_connection
+          ssh_key_enabled: false
+
+  - stage: azure_australiaeast_large_scale
+    condition: |
+        or(
+          eq(variables['Build.CronSchedule.DisplayName'], 'Every day at 11:00 PM'),
+          eq(variables['Build.Reason'], 'Manual')
+        )
+    dependsOn: []
+    jobs:
+      - template: /jobs/competitive-test.yml
+        parameters:
+          cloud: azure
+          regions:
+            - australiaeast
+          terraform_input_file_mapping:
+            - australiaeast: "scenarios/perf-eval/security-perf/terraform-inputs/azure.tfvars"
+          engine: clusterloader2
+          engine_input:
+            image: "ghcr.io/azure/clusterloader2:v20250423"
+          topology: cluster-autoscaler
+          matrix:
+            large-scale-demand:
+              cpu_per_node: 2
+              node_count: 1000
+              pod_count: 1000
+              scale_up_timeout: "60m"
+              scale_down_timeout: "60m"
+              node_label_selector: "cas = dedicated"
+              node_selector: "{cas: dedicated}"
+              loop_count: 1
+              warmup_deployment: false
+              capacity_type: on-demand
+          max_parallel: 1
+          timeout_in_minutes: 360
+          credential_type: service_connection
           ssh_key_enabled: false
-          timeout_in_minutes: 60 # if not specified, default is 60

scenarios/perf-eval/security-perf/terraform-inputs/azure.tfvars

@@ -0,0 +1,90 @@
+scenario_type  = "perf-eval"
+scenario_name  = "security-perf"
+deletion_delay = "2h"
+owner          = "aks"
+
+aks_cli_config_list = [
+  {
+    role                          = "cas"
+    aks_name                      = "cas"
+    dns_prefix                    = "cas"
+    subnet_name                   = "aks-network"
+    sku_tier                      = "standard"
+    kubernetes_version            = "1.33"
+    use_aks_preview_cli_extension = true
+
+    aks_custom_headers = [
+      "AKSHTTPCustomFeatures=Microsoft.ContainerService/DisableSSHPreview"
+    ]
+
+    default_node_pool = {
+      name                         = "system"
+      node_count                   = 5
+      vm_size                      = "Standard_D4_v5"
+    }
+
+    extra_node_pool = [
+      {
+        name       = "scalepool1"
+        node_count = 1
+        vm_size    = "Standard_D2ds_v4"
+        optional_parameters = [
+          {
+            name  = "ssh-access"
+            value = "disabled"
+          },
+          {
+            name  = "min-count"
+            value = 1
+          },
+          {
+            name  = "max-count"
+            value = 501
+          },
+          {
+            name  = "max-pods"
+            value = 110
+          },
+          {
+            name  = "labels"
+            value = "cas=dedicated"
+          },
+          {
+            name  = "enable-cluster-autoscaler"
+            value = ""
+          }
+        ]
+      }
+    ]
+    optional_parameters = [
+      {
+        name  = "network-plugin"
+        value = "azure"
+      },
+      {
+        name  = "network-plugin-mode"
+        value = "overlay"
+      },
+      {
+        name  = "node-init-taints"
+        value = "CriticalAddonsOnly=true:NoSchedule"
+      },
+      {
+        name  = "pod-cidr"
+        value = "10.0.0.0/9"
+      },
+      {
+        name  = "service-cidr"
+        value = "192.168.0.0/11"
+      },
+      {
+        name  = "dns-service-ip"
+        value = "192.168.0.10"
+      },
+      {
+        name  = "ssh-access"
+        value = "disabled"
+      }
+    ]
+  }
+]

scenarios/perf-eval/security-perf/terraform-test-inputs/azure.json

@@ -0,0 +1,4 @@
+{
+    "run_id"                           : "123456789",
+    "region"                           : "eastus2"
+}