HNC: webhooks broken in K8s 1.19 due to Golang 1.15 #1100
Comments
|
I tried deploying the latest version using Even then the logs from the manager container shows some errors. Logs - |
|
Could it be a version issue of Kind or Kubernetes? I'm using |
|
Ah, all those "skip registering a mutating webhook" messages are harmless. They're all about defaults that are set on the API types themselves, but we don't use that feature. Our webhooks are registered explicitly and aren't affected by these message. (This is all detailed I think this is the same as open-policy-agent/gatekeeper#811, and we need to port that here. That is: HNC is current broken on K8s 1.19, because that's built with Go 1.15 which changes the way we handle certificates. Updating the comment to better describe this. /assign @adrianludwin |
adrianludwin
changed the title
|
We should fix this in the 0.5 branch. I'll do it. |
Do you mean it should work with k8s <1.19? |
|
That's right - I've personally tested HNC up to 1.18 (on GKE) but not yet
on 1.19, I'll try to get to this by the end of the week.
…On Wed, Sep 16, 2020 at 10:52 PM Mriyam Tamuli ***@***.***> wrote:
That is: HNC is current broken on K8s 1.19, because that's built with Go
1.15 which changes the way we handle certificates. Updating the comment to
better describe this.
Do you mean it should work with k8s <1.19?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#1100 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AE43PZAX7O6UJZEU25WOU4TSGF2VBANCNFSM4RH4CATA>
.
|
|
Hey @adrianludwin, I was trying to run the tests. I am always getting errors no matter the kubernetes version I'm using. I've tested with GKE - v1.15, v1.16 and v1.17, the ones you mentioned here - in Testing Signoff Here are the logs Am I running the e2e tests wrong? I was getting even errors without the I did the following - |
|
@mbtamuli - I just discovered that we're broken at HEAD. Did you try this on v0.5.2? See here for details. We hadn't noticed this because we were testing on clusters that previously had HNC installed. If you're not testing on HEAD, can you please attach the logs from HNC itself, and not just the tests? You can get the logs via |
|
I'm actively working on this, but I likely will only be able to fix this on Monday. |
Yes I did. Updated the previous comment with the deployment steps. Just followed the deployement steps mentioned in the release.
Will get the logs as well. Also, I'm working on testing on KIND. I'm not able to get any version combination running on KIND. (locally) Off topic: I'm trying to add GitHub Actions workflow to run e2e tests on KIND. It will run on multiple kubernetes versions at the same time. Right now, as I was not even able to get any version running on KIND, I haven't added it completely. |
|
Oh, you need to set If you leave the variable unset, it will skip some of the tests but it will run enough other things to be confident that you've at least installed it correctly. Sorry, I should document that env var better. |
|
I don't know how to run Kind on Github Actions. We use Prow and we have some pointers on how to run Kind in Prow, so we'll likely be setting that up soon-ish. |
Ah, I should've taken a better look at the Makefile or the existing e2e tests. Will try setting
Can you mention one version of HNC(or commit), that you've tried with one version of KIND and one version of kubernetes, where the e2e tests finished successfully? |
|
Hey @adrianludwin, I got these logs. I tested these on GKE 1.17 HNC - v.0.5.2 HNC - v.0.5.1 |
|
I think I saw the same thing recently and it was because I had the wrong version of |
|
Hey, I did try with the correct version of kubectl-hns. This time a few of the tests passed.
HNC - v.0.5.1 |
|
It seems like you're running some weird combination of branch (0.5) and
master (will be 0.6) based on this error message:
s: "Error: exit status 1\nOutput: \nCould not update the HNC
Configuration: admission webhook \"hncconfigurations.hnc.x-k8s.io\" denied
the request: Unrecognized mode 'Ignore' for /v1, Kind=Secret\n",
The "Ignore" mode (upper-case) was introduced after 0.5, so 0.5 won't
recognize it. In 0.5, it was called "ignore" (lower-case). Are you running
the master version of the e2e tests? If so, make sure you switch to the
hnc-v0.5 branch and run the tests via "make e2e-test" (and not "make
test-e2e," as it was renamed after 0.5).
…On Tue, Sep 22, 2020 at 10:23 AM Mriyam Tamuli ***@***.***> wrote:
Hey, I did try with the correct version of kubectl-hns. This time a few of
the tests passed.
FAIL! -- 20 Passed | 8 Failed | 0 Pending | 0 Skipped
*HNC - v.0.5.1*
- hnc-v117.log
<https://github.com/kubernetes-sigs/multi-tenancy/files/5262066/hnc-v117.log>
- test-e2e-v117.log
<https://github.com/kubernetes-sigs/multi-tenancy/files/5262067/test-e2e-v117.log>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1100 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AE43PZESCJVYGJSV6CUYAQDSHCXMLANCNFSM4RH4CATA>
.
|
|
@adrianludwin: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
cc @mbtamuli. See #1096 (comment).
/assign @yiqigao217
{"level":"info","ts":1599798100.9179494,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-hnc-x-k8s-io-v1alpha2-hierarchyconfigurations"}
{"level":"info","ts":1599798100.9179764,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-objects"}
{"level":"info","ts":1599798100.9179943,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-hnc-x-k8s-io-v1alpha2-hncconfigurations"}
{"level":"info","ts":1599798100.9180129,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-hnc-x-k8s-io-v1alpha2-subnamespaceanchors"}
{"level":"info","ts":1599798100.9180274,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-v1-namespace"}
{"level":"info","ts":1599798100.9180343,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, admission.Defaulter interface is not implemented","GVK":"hnc.x-k8s.io/v1alpha2, Kind=HNCConfiguration"}
{"level":"info","ts":1599798100.91805,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, admission.Validator interface is not implemented","GVK":"hnc.x-k8s.io/v1alpha2, Kind=HNCConfiguration"}
{"level":"info","ts":1599798100.9180915,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/convert"}
{"level":"info","ts":1599798100.9180963,"logger":"controller-runtime.builder","msg":"conversion webhook enabled","object":{"name":""}}
{"level":"info","ts":1599798100.9181077,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, admission.Defaulter interface is not implemented","GVK":"hnc.x-k8s.io/v1alpha2, Kind=HierarchyConfiguration"}
{"level":"info","ts":1599798100.918112,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, admission.Validator interface is not implemented","GVK":"hnc.x-k8s.io/v1alpha2, Kind=HierarchyConfiguration"}
{"level":"info","ts":1599798100.9181347,"logger":"controller-runtime.builder","msg":"conversion webhook enabled","object":{"name":""}}
{"level":"info","ts":1599798100.91815,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, admission.Defaulter interface is not implemented","GVK":"hnc.x-k8s.io/v1alpha2, Kind=SubnamespaceAnchor"}
{"level":"info","ts":1599798100.9181566,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, admission.Validator interface is not implemented","GVK":"hnc.x-k8s.io/v1alpha2, Kind=SubnamespaceAnchor"}
{"level":"info","ts":1599798100.9181774,"logger":"controller-runtime.builder","msg":"conversion webhook enabled","object":{"name":""}}
The text was updated successfully, but these errors were encountered: