NOTE: In the snippets below, it is assumed that folder-id setting is already set in yc
yc config set folder-id 'my_folder_id'
if not, you may always pass --folder-id my_folder_id
argument to yc
You need to configure proper infrastructure for load testing agents and testing targets if you haven`t done it before.
For cloud agent you will need a service account with role loadtesting.generatorClient
. One service account may be used with multiple agents within a single folder.
Create new service account:
$ YC_LT_SERVICE_ACCOUNT_ID=$(yc iam service-account create --name sa-loadagent --format json | jq -r ".id")
Add role to service account:
$ FOLDER_ID=$(yc config get folder-id)
$ yc resource-manager folder add-access-binding $FOLDER_ID \
--service-account-id $YC_LT_SERVICE_ACCOUNT_ID \
--role loadtesting.generatorClient
For load testing agents to operate, it requires to have an access to Yandex Cloud API Gateway from agent subnet. By default single VPC network with subnets for each zone is present in each folder.
See NAT Gateway docs for more details.
Ensure you have a network in the folder:
$ YC_VPC_NETWORK_ID=$(yc vpc network list --format json | jq -r ".[0] | .id")
Create NAT Gateway and route to Internet
$ YC_NAT_GATEWAY_ID=$(yc vpc gateway create --name load-agents-gateway --format json | jq -r ".id")
$ yc vpc route-table create \
--name=load-agents-route-table \
--network-id=$YC_VPC_NETWORK_ID \
--route destination=,gateway-id=$YC_NAT_GATEWAY_ID
Typically, the load testing agent and test target are deployed in separate networks. If you do this, configure security groups to allow traffic from agent to target and from agents to API Gateway.
Create new security group for load testing agent:
$ AGENT_SG_ID=$(yc vpc security-group create --format json \
--name sg-load-testing-agents \
--rule "direction=egress,protocol=tcp,v4-cidrs=[],from-port=0,to-port=65535" \
--network-id $YC_VPC_NETWORK_ID | jq -r ".id")
Create new security group for test target with rule to allow all traffic from agents:
$ yc vpc security-group create \
--name sg-load-testing-targets \
--rule "direction=ingress,protocol=any,security-group-id=$AGENT_SG_ID,from-port=0,to-port=65535" \
--network-id $YC_VPC_NETWORK_ID
First you need to pick a zone where agent should be provisioned. In general, you want the same zone where your target is deployed.
$ LT_ZONE_ID=ru-central1-a
$ yc vpc network list-subnets $YC_VPC_NETWORK_ID --format json | jq ".[] | select(.zone_id == \"$LT_ZONE_ID\") | {\"id\",\"name\"}"
"id": "e9bt0v**************",
"name": "lt-net-ru-central1-a"
$ SUBNET_ZONE_A_ID=e9bt0v**************
Finally we can create new agent.
$ yc loadtesting agent create \
--name my-agent \
--labels origin=default,label-key=label-value \
--zone $LT_ZONE_ID \
--network-interface subnet-id=$SUBNET_ZONE_A_ID,security-group-ids=$AGENT_SG_ID \
--cores 2 \
--memory 2G \
--service-account-id $YC_LT_SERVICE_ACCOUNT_ID
See agents benchmark to adjust agents CPU and RAM for your needs.
To access the load testing agent VM via ssh, you need a security group rule for incoming traffic on port 22:
# use your v4-cidrs to limit ip addresses allowed to connect
$ yc vpc security-group update-rules $AGENT_SG_ID \
--add-rule "direction=ingress,port=22,protocol=tcp,v4-cidrs=[]"
Also you need to specify your public ssh key in metadata when creating new agent:
$ SSH_PUB_FILE_PATH=/path/to/ssh/
$ cat $SSH_PUB_FILE_PATH # ensure file path is correct
$ SSH_USERNAME=agent-root
$ cat > agent-metadata-user-data.yaml <<EOF
ssh_pwauth: 'no'
- groups: sudo
shell: /bin/bash
$ yc loadtesting agent create \
--name my-agent \
--zone $LT_ZONE_ID \
--network-interface subnet-id=$SUBNET_ZONE_A_ID,security-group-ids=$AGENT_SG_ID \
--cores 2 \
--memory 2G \
--service-account-id $YC_LT_SERVICE_ACCOUNT_ID \
--metadata-from-file user-data=agent-metadata-user-data.yaml
The user-data
metadata option accepts cloud-init configs. Feel free to customize your agent VM with additional software.
If you don't have ssh key yet, create one:
$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_ed25519
Your public key has been saved in /home/username/.ssh/
$ SSH_PUB_FILE_PATH=/home/username/.ssh/