New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test images: Adds Windows Container images support (part 1) #76838
test images: Adds Windows Container images support (part 1) #76838
Conversation
/assign @mkumatag |
test/images/resource-consumer/consume-cpu/consume_cpu_windows.go
Outdated
Show resolved
Hide resolved
2b1c11b
to
d6913c3
Compare
/retest |
d6913c3
to
b34f482
Compare
/retest |
/cc @PatrickLang |
cc @dims |
/assign @listx |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First of all thanks for this PR. Just got few minutes to review and here are my review comments, will take some more time later to review in detail.
One very basic question I have is: who will build the windows images on that remote machine? Will that machine will be accessible for whoever is building/pushing images now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First of all thanks for this PR. Just got few minutes to review and here are my review comments, will take some more time later to review in detail.
One very basic question I have is: who will build the windows images on that remote machine? Will that machine will be accessible for whoever is building/pushing images now.
Are you speaking conceptually, or in practice? Basically, through this PR, the Linux build node will be able to send the docker build / push commands remotely to the Windows build node.
The goal is to also have Windows images built in the same process that builds and publishes the images to gcr.io/kubernetes-e2e-test-images
. AFAIK, only Google folks have the rights to push those images there, so they will have to also create a Windows build node that is able to push to that repository.
test/images/README.md
Outdated
@@ -0,0 +1,113 @@ | |||
# Building Kubernetes test images |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:) docs are good
changing the image naming template is also a breaking change imo, I'm not sure we should be doing that. Surely there are consumers of the named images? |
this really needs to be something managed under wg-k8s-infra, it's not sustainable to have to borrow your node every time we need to push these (also the push is automated now anyhow ...?) |
Today if I do |
So, the REMOTE_DOCKER_URL bits are not too big IMO. They were smaller originally when the idea was to simply have a single Windows node build the images for all other Windows versions using the As an additional note, it is a lot easier to build go Windows binaries on Linux than on Windows; I've had issues with this in the past. Plus, having the REMOTE_DOCKER_URL bits in And finally, now it's a single bash script, which is easier to maintain rather than having an additional PowerShell script for the image building on the Windows nodes (from my experience, people tend not to touch something like this).
Yes you can. Basically, the
Well, we can drop that if needed, even though I wouldn't be a fan of doing som Having soo many "images" for just one image feels bloat-y. And I don't know how is it breaking. Those are test images, so they should only be used for testing purposes. And additionally, we're not going to touch any of the already published images; they're still going to be there untouched. Plus, since we now have the Image Promoter, those new images are going to be published in a different registry.
There is a resource group sponsored by Microsoft on Azure and under sig-windows, so it's not my node(s). And I've made changes to to this PR to allow the Image Promoter to use those Windows build nodes (see
No, not really. You can either build and push only for Linux images, or both Linux and Windows images. The only case in which you can build only Windows images is if the image's BASEIMAGE file only contains |
c855ea4
to
91dc590
Compare
/retest |
/test pull-kubernetes-e2e-kind |
Hello @claudiubelu ! |
/lgtm @smourapina - we're still blocked on reviews for e2e/testing. If you can help ping SIG-Testing too that would help |
@listx is there any more concern about this PR? |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: claudiubelu, listx, PatrickLang The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test pull-kubernetes-e2e-gce |
@claudiubelu: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
A previous PR (kubernetes#76838) introduced the ability to build and publish Windows Test Images to kubernetes/test/images/image-util.sh. Additionally, that PR also configured the Image Promoter to use a few Windows Remote Docker build nodes to build the Windows Test Images, however, there is a minor issue: the build container has a different $HOME folder than expected (is: /builder/home, expected: /root - since it's the root user), and the Remote Docker credentials are mounted in /root. Because of that, image-build.sh cannot find the credentials it needs. This will have to be properly fixed, but for now, we can just skip the Windows image building part.
What type of PR is this?
/kind feature
/sig testing
/sig windows
What this PR does / why we need it:
Adds Windows support to the
test/images/image-util.sh
script.Adds support for building test images for multiple Windows versions, as we have to support both LTS and SAC channels. In order to build Windows container images for multiple OS versions,
--isolation=hyperv
is required. However, not all clouds / nodes supports or have it enabled by default, which is why we're going to rely on having multiple nodes to build the Windows images, until this issue is addressed.All Windows images will be based on the images:
mcr.microsoft.com/windows/servercore:ltsc2019
,mcr.microsoft.com/windows/servercore:1903
,mcr.microsoft.com/windows/servercore:1909
). There are a couple of features that are needed from this image, especially powershell.A Windows node with Docker installed is required to build Windows images. The connection URL to it must be set in the
REMOTE_DOCKER_URL_${os_version}
env variable. Additionally, the authentication to the remote docker node is done through certificates, which must be found in~/.docker-${os-version}
.By default, the
REMOTE_DOCKER_URL_${os_version}
env variable is set to""
in the Makefile, and because of it, theimage-util.sh
script will skip building and pushing Windows images.Added
GOOS
argument to the go build process in order to be able to build Windows binaries. Additionally, theOS
env variable was added to the images Makefiles (default value islinux
) in order to maintain default behaviour.Some images require a different
Dockerfile
for Windows images, since they have different ways of installing dependencies. Because of this, if a image needs to be built for Windows, it will first check for aDockerfile_windows
file instead of the default one. If there isn't one, it means that the sameDockerfile
can be used for both Windows and Linux.Added
busybox
image for Windows. Most Windows images will be based on it, which will help reduce the command line differences between Linux and Windows, but not entirely.Adds a README explaining the image building process, including the Windows Container image building process.
Changes the image naming template from:
to
The previous naming template would generate a plethora of images (
Ai * N
images, where Ai is the number of OS/architectures for the image i and N is the number of images), while the new naming template will reduce the number of images to N.The new template also includes the OS name, as we plan to integrate Windows images into the manifest lists as well.
When building images, their
REGISTRY
can be set to a custom one, instead of the defaultgcr.io/kubernetes-e2e-test-images
. Some images are based on other images we're already building(e.g.:
kitten
,nautilus
), but their base images are set in the default registry name, which can be undesirable. This PR will allow theimage-util.sh
script to configure theREGISTRY
for those images.Windows images will require other base images, and thus, we will need to explicitly specify the OS type a base image is for in order to avoid confusion or errors. The
BASEIMAGE
entries now have an OS prefix.Bumps the image versions in order to avoid breaking any currently built images and breaking the CIs.
Enables the Image Promoter to use Windows build nodes to build the Windows test images.
Which issue(s) this PR fixes:
Fixes #77268
Special notes for your reviewer:
Does this PR introduce a user-facing change?: