Skip to main content

Kubernetes Annotations

Below are all the relevant Kubernetes annotations for Speedscale.

Sidecar Annotations

These annotations relate to the proxy sidecar that Speedscale attaches to your workload with operator v1.

AnnotationDescriptionSupported Values
sidecar.speedscale.com/injectAdd the sidecar to your: deployment, job, stateful set or daemon set.Boolean
Default: "false"
sidecar.speedscale.com/insert-init-firstAdd Speedscale's init container as the first in the list on the target workload.Boolean
Default: "false"
sidecar.speedscale.com/capture-modeSidecar capture mode. The only supported value is proxy (default)
  • proxy
  • Default: proxy
sidecar.speedscale.com/capture-node-trafficConfigure inbound traffic originating from underlying Kubernetes node on which a pod is running to be routed through the proxy. The default behavior is to ignore inbound Kubernetes node traffic (e.g. readiness and liveness checks). Only valid if capture-mode is proxy and proxy-type is transparent, ignored otherwise.Boolean
Default: "false"
sidecar.speedscale.com/proxy-typeType of proxy the sidecar should operate as. Only valid if capture-mode is proxy, ignored otherwise.
  • transparent
  • reverse
  • forward
  • dual
  • Default: transparent
sidecar.speedscale.com/proxy-protocolSet the protocol for reverse, forward, or dual proxy types. Not valid if proxy-type is transparent.
  • tcp (only applies to reverse/inbound)
  • http
  • socks
  • tcp:http
  • tcp:socks
sidecar.speedscale.com/proxy-hostSet the host where you want to forward traffic. Only valid if capture-mode is proxyString
sidecar.speedscale.com/proxy-portSet the port where you want to forward traffic. Only valid if capture-mode is proxyString
sidecar.speedscale.com/proxy-in-portSets the PROXY_IN_PORT environment variable. Only valid if capture-mode is proxyString
sidecar.speedscale.com/proxy-out-portSets the PROXY_OUT_PORT environment variable. Only valid if capture-mode is proxyString
sidecar.speedscale.com/tls-outEnables or disables TLS outbound interception.
  • "true"
  • "false"
  • Default: "true"
sidecar.speedscale.com/tls-in-secretKubernetes secret with the TLS keys to use for inbound traffic, these keys will be exposed to API clients. Enables TLS inbound interception (see more details below).String
sidecar.speedscale.com/tls-in-privateFilename of the TLS Inbound Private key.String
Default: tls.key
sidecar.speedscale.com/tls-in-publicFilename of the TLS Inbound Public cert.String
Default: tls.crt
sidecar.speedscale.com/tls-mutual-secretKubernetes secret with the TLS keys to use for outbound Mutual TLS traffic.String
sidecar.speedscale.com/tls-mutual-privateFilename of the Mutual TLS Private Key.String
Default: tls.key
sidecar.speedscale.com/tls-mutual-publicFilename of the Mutual TLS Public cert.String
Default: tls.crt
sidecar.speedscale.com/ignore-src-ipsIPv4 addresses or IPv4 CIDR blocks for inbound traffic that should not be routed through the proxy. Only valid if capture-mode is proxy and proxy-type is transparent, ignored otherwise.Comma separated string.
Example: sidecar.speedscale.com/ignore-src-ips: "10.10.0.40,10.200.10.0/24"
sidecar.speedscale.com/ignore-src-hostsSource hostnames for inbound traffic that should not be routed through the proxy. Only valid if capture-mode is proxy and proxy-type is transparent, ignored otherwise. Wildcards are not currently supported.Comma separated string.
Example: sidecar.speedscale.com/ignore-src-hosts: "example.com,mysvc.internal"
sidecar.speedscale.com/ignore-dst-ipsDestination IPv4 addresses or IPv4 CIDR blocks for outbound traffic that should not be routed through the proxy. Only valid if capture-mode is proxy and proxy-type is transparent, ignored otherwise.Comma separated string.
Wildcards are not currently supported.
Example: sidecar.speedscale.com/ignore-dst-ips: "10.10.0.40,10.200.10.0/24"
sidecar.speedscale.com/ignore-dst-hostsDestination hostnames for outbound traffic that should not be routed through the proxy. Only valid if capture-mode is proxy and proxy-type is transparent, ignored otherwise. Wildcards are not currently supported.Comma separated string.
Wildcards are not currently supported.
Example: sidecar.speedscale.com/ignore-dst-hosts: "example.com,mysvc.internal"
sidecar.speedscale.com/ignore-loopbackIgnore any traffic whose target is a loopback interface. This has the effect of discarding pod-local traffic. Only valid when proxy-type is transparentBoolean
Default: "false"
sidecar.speedscale.com/track-loopbackTrack and redirect outbound traffic depending on its destination interface. Normal external traffic will be redirected to PROXY_OUT_PORT but traffic directed at a loopback interface will be redirected to PROXY_IN_PORT. Enable this setting if you need to capture port forwarded traffi. Only valid when proxy-type is transparentBoolean
Default: "false"
sidecar.speedscale.com/cpu-limitCPU limit for Speedscales proxy sidecarCPU resource units
sidecar.speedscale.com/cpu-requestCPU request for Speedscales proxy sidecarCPU resource units
sidecar.speedscale.com/memory-limitMemory limit for Speedscales proxy sidecarMemory resource units
sidecar.speedscale.com/memory-requestMemory request for Speedscales proxy sidecarMemory resource units
sidecar.speedscale.com/kube-api-supportUse this setting so your pod can see egress calls to the kube api server.Boolean
Default: "false"

Replay Annotations

These annotations control traffic replay for your workload with operator v1.

AnnotationDescriptionSupported Values
replay.speedscale.com/env-idName of the TrafficReplay Custom Resource tied to a replay for this workloadStrings, automatically assigned
replay.speedscale.com/snapshot-idID of the Snapshot that is used to recreate traffic.UUIDs for Snapshots
replay.speedscale.com/testconfig-idID of the test configuration used to recreate to traffic.String of valid test configuration.
Default: standard
replay.speedscale.com/build-tagLink a unique tag, build hash, etc. to the Speedscale report. That way you can connect the report results to the version of the code that was tested.String
replay.speedscale.com/modeDefines how a replay will test the system.
  • full-replay will deploy generators to recreate observed requests, and responders to recreate observed responses.
  • responder-only will create an infinitely running replay that responds to requests with observed responses.
  • generator-only will recreate obeserved requests to the system under replay.
  • Default: full-replay
replay.speedscale.com/timeoutSpecifies a timeout for a replay. Ignored when replay mode is responder-onlyDuration
replay.speedscale.com/secretsUse this setting to provide a list of secrets for the replay system to load (ex: JWT passwords).Comma separated list of strings
replay.speedscale.com/cleanupCleans up provisioned resources after a traffic replay.
  • inventory will remove objects related to Speedscale's replay of traffic once finished, as well as reverting changes to the workload.
  • all removes all replay objects, as well as the system under test.
  • none will leave all resources on the system after a test run.
  • Default: inventory
replay.speedscale.com/sut-urlUse this setting to override the URL the generator automatically determines (useful if you have customized your service definition).URL
replay.speedscale.com/collect-logsCollect logs from the system under test.Boolean
Default: "true"
replay.speedscale.com/generator-low-dataForces the generator into a high efficiency/low data output mode. This is ideal for high volume performance tests.Boolean
Default: "false"
replay.speedscale.com/responder-low-dataForces the responder into a high efficiency/low data output mode. This is ideal for high volume performance tests.Boolean
Default: "false"
note

The operator will remove all listed replay annotations from the workload during admission review and move them into an associated TrafficReplay Custom Resource. This prevents side effects such as the operator observing and executing the same replay after it has finished. It also allows subsequent runs of the same replay by applying the same manifests, or incorporating the annotations into a GitOps workflow.

Common Annotations

These annotations are common across workloads and Speedscale's Custom Resources.

AnnotationDescriptionSupported Values
operator.speedscale.com/ignoreInstructs the operator to skip processing of this workload regardless of any other Speedscale annotations. Changes made to a workload manually AFTER this annotation was added won’t be reverted by the operator.Boolean
Default: false
operator.speedscale.com/sutIndicates that this workload has a sidecar injected AND/OR replay running. (SUT stands for System Under Test)Boolean
operator.speedscale.com/managed-byUnique name of the operator instance which manages this workload or TrafficReplay CR. This is to prevent race conditions in cases where multiple Speedscale operators are installed to different namespaces.String
Sourced from INSTANCE_ID var in the operator’s ConfigMap