[incubator/webpagetest-server] Add WebPageTest to k8s #3103
Conversation
55:4 error missing starting space in comment (comments) from |
…changed pod version
/assign @mattfarina |
I've created an Agent chart in #3130 It would take additional work to embed. It may also take upstream pull requests to fully embed as such I did not create the optional dependency |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a quick pass review. There are a few changes needed at first glance.
apiVersion: v1 | ||
description: A Helm chart for Kubernetes | ||
name: webpagetest-server | ||
version: 0.1.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fill in the maintainers of the chart. Their names should be the GitHub usernames.
| ------------------------------- | ------------------------------- | ---------------------------------------------------------- | | ||
| `image` | WebPageTest server image | `webpagetest/server:{VERSION}` | | ||
| `imagePullPolicy` | Image pull policy | `IfNotPresent` | | ||
| `ec2Locations.enabled` | Enables use of EC2 AMI's | `false` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you fill in details on why ec2 is listed here? Why would a chart be spinning up AMI in one of the public clouds? Would it be better to provide direction to using the agent chart?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Webpage test uses various browsers to performance test a website.
As I'm sure you can appreciate people want to test their site using multiple browsers on different platforms rather than just chrome/firefox on linux.
To the best of my knowledge you cannot have a windows container running on a linux host as such testing with chrome/firefox/ie on windows needs a solution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@timothyclarke First, I appreciate what webpagetest does. I'm a long time user. I remember when it launched. I appreciate the multi-platform capabilities.
That being said, Kubernetes is now adding support for Windows containers. This is a beta feature today. In the future (not expecting this now) you may be able to run windows containers to do that sort of testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that it is desirable to have this completely within k8s, I do feel strongly that we should not enforce that limit.
The current implementation allows for both a exclusively k8s solution and a hybrid k8s / AMI solution. Granted the current implementations of both the server and agent charts, as well as the wpt agent containers are only possible if you're happy with linux browsers. If you want windows browsers further work is probably needed in the wptagent repo to create a windows container.
My personal belief is that the hybrid solution would be of more benefit to most users even when using windows containers. My reasons are as follows.
- Your k8s cluster is in USA and you would like to perform some tests from Europe or AsiaPac.
- Different providers would require VPN's etc to extend the k8s cluster over multiple regions / multiple providers.
- Most places simply aren't that big, but may still have those requirements in an adhoc manner.
- It is easier to run an AMI in a remote region than to extend your k8s cluster to that region to perform an adhoc test.
This chart provides support for ingress resources. If you have an | ||
ingress controller installed on your cluster, such as [nginx-ingress](https://kubeapps.com/charts/stable/nginx-ingress) | ||
or [traefik](https://kubeapps.com/charts/stable/traefik) you can utilize | ||
the ingress controller to service your WordPress application. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wordpress? Seems like a copy and paste error. Wordpress shows up a few times in this PR.
# ingress.kubernetes.io/force-ssl-redirect: "true" | ||
# ingress.kubernetes.io/whitelist-source-range: '127.0.0.1/32,192.168.0.0/24' | ||
tls: | ||
# Secrets must be manually created in the namespace. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you look at the Wordpress chart you'll see a pattern for passing in or letting Helm create the secret for you. Could you take a look at that pattern?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did a helm create
, then copied the readme from the chart I had previously made a pull request on.
Is the issue
- I've added more example ingress annotations. I can remove those, however they are provided as an example due to the potential cost issue with using AMI's
- Is it the structure of the tls section. This is what
helm create
produces as a template.
If it's the latter I think the issue should be raised in the helm project so that thehelm create
command produces the desired starting point.
replicaCount: 1 | ||
image: | ||
repository: webpagetest/server | ||
tag: latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you use a tagged version? IfNotPresent
for a pullPolicy
with a latest
tag can cause problems.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pmeenan Can we get more tags on the webpagetest docker images? Currently there are only latest, release and fbpwa (which is 7 months old).
@mattfarina Can you clarify my understanding of the IfNotPresent
and latest
interaction. My understanding is that as soon as the cluster downloads a tag it will keep using that tag. In short If I get latest
today and then it is rebuilt tomorrow, then I redeploy the day after I will still have today's latest
, not tomorrow's latest
. Do you request I change this to Always
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@timothyclarke latest
presents a number of challenges with IfNotPresent
. For example, what if the test and production clusters are different. They could end up downloading and keeping two different versions. Imagine being able to debug issues there? Or, what if you want to use a newer version or even know what version you're using? The tag handling we've more recently talked about deals with this. Just want to make sure we share why it matters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update this to a tag in a similar manner to the agent?
## | ||
persistence: | ||
enabled: true | ||
## wordpress data Persistent Volume Storage Class |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this comment need to mention wordpress? Copy/paste mistake?
/assign mattfarina |
@timothyclarke Thanks for being patient as we talked this out. We did just that on the charts chat call today where several maintainers weighed in. We're ok with the ec2 bits and the general flow here. I'm going to go through with one last nit-pick pass. /ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for being patient. This chart is almost there and what I had left were some nits.
@@ -0,0 +1,63 @@ | |||
apiVersion: extensions/v1beta1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As with the agent version of this chart, can you update to apps/v1beta2
for the API version? Link to the docs is in the agent PR comment on this.
replicaCount: 1 | ||
image: | ||
repository: webpagetest/server | ||
tag: latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update this to a tag in a similar manner to the agent?
@@ -0,0 +1,37 @@ | |||
{{- if .Values.ec2Locations.enabled }} | |||
apiVersion: v1 | |||
kind: Secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm glad you're passing these credentials as a secret. One pattern we would like to see is allowing someone to set the secret outside the chart if they want. If they want the chart to create it they can have that as an option. For example, see the wordpress chart with tls secrets... https://github.com/kubernetes/charts/blob/master/stable/wordpress/values.yaml#L145
Could you look at something like this?
…ption of user created secret
Dockerhub is taking it's time creating the repo / build. As soon as I've got it working there I'll update |
OK everything should be good now. Thank you |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mattfarina, timothyclarke The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
This one currently relies on WPO-Foundation/webpagetest PR#1071
This is to run a webpagetest server instance in an existing k8s cluster. That server instance can spawn AMI's to run tests against the desired url