Skip to content

Creates exemplary/representative pod fuzzer tool#3925

Open
seans3 wants to merge 5 commits intokubernetes:masterfrom
seans3:exemplary-pod-fuzzer
Open

Creates exemplary/representative pod fuzzer tool#3925
seans3 wants to merge 5 commits intokubernetes:masterfrom
seans3:exemplary-pod-fuzzer

Conversation

@seans3
Copy link
Copy Markdown

@seans3 seans3 commented Mar 23, 2026
edited
Loading

Examples:

From the fuzzer directory run:

1. High-concurrency 50k pod injection:

   go run cmd/main.go
     --base-pod templates/complex-daemonset.yaml \
     --namespace fuzz-test \
     --name-prefix representative-pod \
     --count 50000 \
     --concurrency 100
  1. Single fuzzed output pod for inspection:
   go run cmd/main.go
     --base-pod templates/complex-daemonset.yaml \
     --count 1 \
     --out-dir ./output-pod

Measuring the memory and performance impact of high-density metadata in the Kubernetes control plane requires objects that mirror production complexity. This PR introduces the Exemplary Pod Fuzzer, a specialized utility that replaces generic synthetic objects with high-fidelity "Sanitize & Clone" instances derived from real-world infrastructure manifests.

By ingesting real pod shapes and scrubbing all PII while preserving structural DNA—such as deep ManagedFields and dense container specs—the tool enables reproducible 50,000+ pod benchmarks. This framework is specifically tuned to validate kube-apiserver optimizations like string interning and field stripping under extreme object pressure.

Key Capabilities

  • Structural Fidelity: Preserves the exact volume mount depth, environment variable counts, and field ownership history of the base pod.
  • PII Sanitization: Automatically scrubs Names, UIDs, and OwnerReferences while ensuring RFC 1123 compliance and "fuzzed" tagging.
  • SSA Trie Fuzzing: Randomizes managedFields using both standard field paths (f:) and associative list entries (k:) to saturate API server logic.
  • Interning Stability: Uses a precomputed prototype cache to ensure generative strings are identical across pod batches, providing a "ground truth" for deduplication testing.
  • Safety & Isolation: Forces pods into a Pending state using invalid nodeSelectors and schedulerNames to isolate resource pressure to the control plane.

/kind feature

@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 23, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 23, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: seans3
Once this PR has been reviewed and has the lgtm label, please assign tosi3k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 23, 2026
@seans3 seans3 force-pushed the exemplary-pod-fuzzer branch from 001261e to fab4c54 Compare March 23, 2026 19:56
seans3 added 2 commits March 23, 2026 20:36
@seans3
Configure fuzzer as a standalone Go module and fix dependency issues
6afc17e 
- Implement local CreatePodWithRetries to remove k8s.io/kubernetes dependency.
- Initialize go.mod with k8s.io v0.32.1 dependencies.
- Update README and CLI flags to reflect standalone directory structure.

Examples:

1. High-concurrency 50k pod injection:
   go run cmd/main.go --base-pod templates/complex-daemonset.yaml --namespace fuzz-test --name-prefix representative-pod --count 50000 --concurrency 100

2. Single fuzzed output pod for inspection:
   go run cmd/main.go --base-pod templates/complex-daemonset.yaml --count 1 --out-dir ./output-pod
@seans3
Rename out-dir flag to output-dir to resolve linter conflict
c76b4df
@seans3 seans3 force-pushed the exemplary-pod-fuzzer branch from 187fe78 to c76b4df Compare March 23, 2026 20:52
@seans3
Copy link
Copy Markdown
Author

seans3 commented Mar 24, 2026

/cc @jpbetz
/cc @aaron-prindle

@seans3
Copy link
Copy Markdown
Author

seans3 commented Mar 24, 2026

/cc @serathius

@k8s-ci-robot k8s-ci-robot requested a review from serathius March 24, 2026 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shyamjvs shyamjvs Awaiting requested review from shyamjvs

@wojtek-t wojtek-t Awaiting requested review from wojtek-t

@aaron-prindle aaron-prindle Awaiting requested review from aaron-prindle

@jpbetz jpbetz Awaiting requested review from jpbetz

@serathius serathius Awaiting requested review from serathius

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seans3 @k8s-ci-robot