Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve initServiceaccount by calculating once per service and reducing the lock time #47817

Merged
merged 6 commits into from
Nov 14, 2023
Merged

Improve initServiceaccount by calculating once per service and reducing the lock time #47817

merged 6 commits into from
Nov 14, 2023

Conversation

hzxuzhonghu
Copy link
Member

@hzxuzhonghu hzxuzhonghu commented Nov 10, 2023
edited by istio-policy-bot
Loading

Please provide a description of this PR:

@hzxuzhonghu hzxuzhonghu requested review from a team as code owners November 10, 2023 08:04
@istio-testing istio-testing added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Nov 10, 2023
@istio-testing istio-testing added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 10, 2023
@hzxuzhonghu
Copy link
Member Author

hzxuzhonghu commented Nov 10, 2023
edited
Loading

with new

cpu: Intel(R) Xeon(R) Gold 6278C CPU @ 2.60GHz
BenchmarkInitServiceAccounts
BenchmarkInitServiceAccounts-4   	  124957	      8981 ns/op	    3840 B/op	      55 allocs/op
PASS
ok  	istio.io/istio/pilot/pkg/model	1.245s

Without this patch

Running tool: /usr/local/go/bin/go test -benchmem -run=^$ -bench ^BenchmarkInitServiceAccounts$ istio.io/istio/pilot/pkg/model -v -count=1

goos: linux
goarch: amd64
pkg: istio.io/istio/pilot/pkg/model
cpu: Intel(R) Xeon(R) Gold 6278C CPU @ 2.60GHz
BenchmarkInitServiceAccounts
BenchmarkInitServiceAccounts-4   	   51085	     22953 ns/op	    8640 B/op	     135 allocs/op
PASS
ok  	istio.io/istio/pilot/pkg/model	1.435s

@hzxuzhonghu hzxuzhonghu added the release-notes-none Indicates a PR that does not require release notes. label Nov 10, 2023
@hzxuzhonghu
Copy link
Member Author

/retest

@ramaraochavali
Copy link
Contributor

there seems to be no diff with benchmark?

@hzxuzhonghu
Copy link
Member Author

Sorry i copied wrong data

@hzxuzhonghu
Copy link
Member Author

@ramaraochavali updated in the above

howardjohn
howardjohn reviewed Nov 10, 2023
View reviewed changes
pilot/pkg/model/push_context.go
}
sa := sets.SortedList(spiffe.ExpandWithTrustDomains(accounts, ps.Mesh.TrustDomainAliases))
key := serviceAccountKey{
hostname: svc.Hostname,
namespace: svc.Attributes.Namespace,
port: port.Port,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Canwe remove the entire loop over ports now?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure, can do it

pilot/pkg/model/push_context.go Outdated
var accounts sets.String
func() {
// First get endpoint level service accounts
shard, f := env.EndpointIndex.ShardsForService(string(svc.Hostname), svc.Attributes.Namespace)
if f {
shard.RLock()
defer shard.RUnlock()
accounts = shard.ServiceAccounts
// copy here to reduce the lock time, the copy cost can be ignored
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why can it be ignored?

This seems less efficient; we always copy and before sometimes we avoided a copy. Benchmark shows this as well (its faster because of the port change)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because nornally there are very small number of sas, so i say that

@istio-testing istio-testing added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 13, 2023
@hzxuzhonghu
Copy link
Member Author

/retest

@hzxuzhonghu
Copy link
Member Author

/test integ-security-multicluster

@hzxuzhonghu
Copy link
Member Author

/test all

@istio-testing istio-testing merged commit 0c27990 into istio:master Nov 14, 2023
@hzxuzhonghu hzxuzhonghu deleted the sa branch November 14, 2023 11:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@howardjohn howardjohn howardjohn approved these changes

Assignees
No one assigned
Labels
release-notes-none Indicates a PR that does not require release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hzxuzhonghu @ramaraochavali @howardjohn @istio-testing