feat(eval/k8s): add cached presidio and matching filter

evaluation/kubernetes/apps/prose-system/cached-presidio/app/deployment.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cached-presidio
+spec:
+  selector:
+    matchLabels:
+      app: cached-presidio
+  template:
+    metadata:
+      labels:
+        app: cached-presidio
+    spec:
+      containers:
+        - name: presidio
+          image: ghcr.io/dettanym/prose-presidio:main
+          imagePullPolicy: Always
+          env:
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: http://otlp.prose-system.svc.cluster.local:4318
+            - name: PRESIDIO_ENABLE_CACHE
+              value: "true"
+          resources:
+            requests:
+              cpu: 10m
+              memory: 500Mi
+            limits:
+              memory: 3Gi
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http

evaluation/kubernetes/apps/prose-system/cached-presidio/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: prose-system
+resources:
+  - deployment.yaml
+  - service.yaml

evaluation/kubernetes/apps/prose-system/cached-presidio/app/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cached-presidio
+spec:
+  selector:
+    app: cached-presidio
+  type: ClusterIP
+  ports:
+    - port: 3000
+      targetPort: http
+      protocol: TCP
+      name: http

evaluation/kubernetes/apps/prose-system/cached-presidio/ks.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-apps-prose-system-cached-presidio
+  namespace: flux-system
+spec:
+  path: ./evaluation/kubernetes/apps/prose-system/cached-presidio/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: prose-k8s-home-ops
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 3m

evaluation/kubernetes/apps/prose-system/kustomization.yaml

@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./namespace.yaml
+  - ./cached-presidio/ks.yaml
   - ./jaeger/ks.yaml
   - ./presidio/ks.yaml
   - ./prose/ks.yaml

evaluation/kubernetes/apps/samples/bookinfo/_template/filter/golang-filter.yaml

@@ -63,7 +63,7 @@ spec:
                     10.244.0.0/16
                   - # service range
                     10.96.0.0/12
-                presidio_url: http://presidio.prose-system.svc.cluster.local:3000/batchanalyze
+                presidio_url: "${presidio_url:=http://presidio.prose-system.svc.cluster.local:3000/batchanalyze}"
                 zipkin_url: http://zipkin.prose-system.svc.cluster.local:9411/api/v2/spans
                 opa_enforce: false
                 opa_config: |
@@ -160,7 +160,7 @@ spec:
                     10.244.0.0/16
                   - # service range
                     10.96.0.0/12
-                presidio_url: http://presidio.prose-system.svc.cluster.local:3000/batchanalyze
+                presidio_url: "${presidio_url:=http://presidio.prose-system.svc.cluster.local:3000/batchanalyze}"
                 zipkin_url: http://zipkin.prose-system.svc.cluster.local:9411/api/v2/spans
                 opa_enforce: false
                 opa_config: |

evaluation/kubernetes/apps/samples/bookinfo/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
   - ./plain
   - ./with-istio
   - ./with-passthrough-filter
+  - ./with-prose-cached-presidio-filter
   - ./with-prose-filter
   - ./with-prose-no-presidio-filter
   - ./with-tooling-filter

evaluation/kubernetes/apps/samples/bookinfo/with-prose-cached-presidio-filter/ks.yaml

@@ -0,0 +1,89 @@
+---
+apiVersion: v1
+kind: List
+extra:
+  filterName: &filterName prose
+  name: &name bookinfo-with-prose-cached-presidio-filter
+
+  baseSpec: &baseSpec
+    targetNamespace: *name
+    prune: true
+    sourceRef:
+      kind: GitRepository
+      name: prose-k8s-home-ops
+    wait: true
+    interval: 30m
+    retryInterval: 1m
+    timeout: 3m
+
+  filterSpec: &filterSpec
+    <<: *baseSpec
+    dependsOn:
+      - name: cluster-apps-istio-system-istiod
+    path: ./evaluation/kubernetes/apps/samples/bookinfo/_template/filter
+
+  baseFilterVars: &baseFilterVars
+    filter_name: *filterName
+    presidio_url: http://cached-presidio.prose-system.svc.cluster.local:3000/batchanalyze
+
+items:
+  - apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: *name
+      namespace: flux-system
+    spec:
+      <<: *baseSpec
+      dependsOn:
+        - name: bookinfo-envoy-prose-cached-presidio-filter-details
+        - name: bookinfo-envoy-prose-cached-presidio-filter-ratings
+        - name: bookinfo-envoy-prose-cached-presidio-filter-reviews
+        - name: bookinfo-envoy-prose-cached-presidio-filter-productpage
+      path: ./evaluation/kubernetes/apps/samples/bookinfo/_template/app
+      postBuild:
+        substitute:
+          ingress_name: *name
+  - apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: bookinfo-envoy-prose-cached-presidio-filter-details
+      namespace: flux-system
+    spec:
+      <<: *filterSpec
+      postBuild:
+        substitute:
+          <<: *baseFilterVars
+          app: details
+  - apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: bookinfo-envoy-prose-cached-presidio-filter-ratings
+      namespace: flux-system
+    spec:
+      <<: *filterSpec
+      postBuild:
+        substitute:
+          <<: *baseFilterVars
+          app: ratings
+  - apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: bookinfo-envoy-prose-cached-presidio-filter-reviews
+      namespace: flux-system
+    spec:
+      <<: *filterSpec
+      postBuild:
+        substitute:
+          <<: *baseFilterVars
+          app: reviews
+  - apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: bookinfo-envoy-prose-cached-presidio-filter-productpage
+      namespace: flux-system
+    spec:
+      <<: *filterSpec
+      postBuild:
+        substitute:
+          <<: *baseFilterVars
+          app: productpage

evaluation/kubernetes/apps/samples/bookinfo/with-prose-cached-presidio-filter/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  - ./ks.yaml

evaluation/kubernetes/apps/samples/bookinfo/with-prose-cached-presidio-filter/namespace.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bookinfo-with-prose-cached-presidio-filter
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+    istio-injection: enabled

evaluation/scripts/code/data.py

@@ -17,6 +17,7 @@
     "passthrough-filter",
     "tooling-filter",
     "prose-no-presidio-filter",
+    "prose-cached-presidio-filter",
     "prose-filter",
     # historical
     "prose-filter-97776ef1",

evaluation/scripts/collect-latencies.mts

@@ -47,6 +47,7 @@ const bookinfo_variants = new Set([
   "passthrough-filter",
   "tooling-filter",
   "prose-no-presidio-filter",
+  "prose-cached-presidio-filter",
   "prose-filter",
 ] as const)
 /**
@@ -55,13 +56,7 @@ const bookinfo_variants = new Set([
  * than one rate value. That is because with one variant, there is some weird
  * behavior where each second attack fails for most of the requests.
  */
-const test_only = new Set<VARIANT>([
-  "plain",
-  "istio",
-  "passthrough-filter",
-  "prose-no-presidio-filter",
-  "prose-filter",
-])
+const test_only = new Set<VARIANT>(["plain", "prose-cached-presidio-filter"])
 
 const TEST_RUNS = 10
 
@@ -132,8 +127,11 @@ await (async function main() {
   }
 
   echo`* start managing presidio`
-  await $`flux suspend kustomization cluster-apps-prose-system-prose`
-  await $`flux suspend kustomization cluster-apps-prose-system-presidio`
+  await Promise.all([
+    $`flux suspend kustomization cluster-apps-prose-system-prose`,
+    $`flux suspend kustomization cluster-apps-prose-system-presidio`,
+    $`flux suspend kustomization cluster-apps-prose-system-cached-presidio`,
+  ])
   await scale_specific_deployments(0, "prose-system", "presidio")
 
   echo`* suspend everything before the test`
@@ -161,8 +159,11 @@ await (async function main() {
 
   echo`* stop managing presidio`
   await scale_specific_deployments(1, "prose-system", "presidio")
-  await $`flux resume kustomization --wait=false cluster-apps-prose-system-prose`
-  await $`flux resume kustomization --wait=false cluster-apps-prose-system-presidio`
+  await Promise.all([
+    $`flux resume kustomization --wait=false cluster-apps-prose-system-prose`,
+    $`flux resume kustomization --wait=false cluster-apps-prose-system-presidio`,
+    $`flux resume kustomization --wait=false cluster-apps-prose-system-cached-presidio`,
+  ])
 
   const completion_time = current_timestamp()
   echo`* Completed at ${completion_time}`
@@ -294,11 +295,18 @@ async function run_test(
   // we will not bring all these pods down at the end of the test, but rather
   // restart them when needed. It means that this scale command would only
   // actually do something once at the beginning of the test.
-  await scale_specific_deployments(
-    metadata.workloadInfo.test_replicas,
-    "prose-system",
-    "presidio",
-  )
+  await Promise.all([
+    scale_specific_deployments(
+      metadata.workloadInfo.test_replicas,
+      "prose-system",
+      "presidio",
+    ),
+    scale_specific_deployments(
+      metadata.workloadInfo.test_replicas,
+      "prose-system",
+      "cached-presidio",
+    ),
+  ])
 
   echo`  - Scaling up deployments for '${metadata.workloadInfo.variant}' variant`
   await scale_deployments(
@@ -309,6 +317,9 @@ async function run_test(
   if (metadata.workloadInfo.variant === "prose-filter") {
     echo`  - Restarting presidio`
     await restart_pods("prose-system", "presidio")
+  } else if (metadata.workloadInfo.variant === "prose-cached-presidio-filter") {
+    echo`  - Restarting presidio`
+    await restart_pods("prose-system", "cached-presidio")
   }
 
   await sleep("1s")
@@ -324,6 +335,11 @@ async function run_test(
       "prose-system",
       "presidio",
     ),
+    wait_until_ready(
+      metadata.workloadInfo.test_replicas,
+      "prose-system",
+      "cached-presidio",
+    ),
   ])
 
   const warmups_file = path.join(

evaluation/scripts/plot-throughput-graphs.py

@@ -64,6 +64,7 @@
     "passthrough-filter",
     "tooling-filter",
     "prose-no-presidio-filter",
+    "prose-cached-presidio-filter",
     "prose-filter",
     # historical
     "prose-filter-97776ef1",
@@ -80,6 +81,7 @@
     "passthrough-filter": "brown",
     "tooling-filter": "pink",
     "prose-no-presidio-filter": "cyan",
+    "prose-cached-presidio-filter": "cyan",
     "prose-filter": "green",
     # historical
     "prose-filter-97776ef1": "green",
@@ -96,6 +98,7 @@
     "passthrough-filter": "K8s + Istio + PassthroughFilter",
     "tooling-filter": "K8s + Istio + PassthroughFilter with Buffer, Traces and singleton OPA instance",
     "prose-no-presidio-filter": "K8s + Istio + Prose - Presidio",
+    "prose-cached-presidio-filter": "K8s + Istio + Prose (Presidio with cache)",
     "prose-filter": "K8s + Istio + Prose",
     # historical
     "prose-filter-97776ef1": "K8s + Istio + Prose (opa per request)",