Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use private key fixtures for kubeadm unit tests #98664

Merged
merged 1 commit into from Feb 1, 2021
Merged

Use private key fixtures for kubeadm unit tests #98664

merged 1 commit into from Feb 1, 2021

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Feb 1, 2021
edited

xref #98486

alternative to #98638

Private

Does this PR introduce a user-facing change?:

NONE

results in a ~75% speedup of kubeadm unit tests on my machine:

before:

time go test -race ./cmd/kubeadm/app/... -count=1
?   	k8s.io/kubernetes/cmd/kubeadm/app	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm	0.234s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/fuzzer	0.855s
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1	0.277s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2	0.382s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation	0.536s
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/output	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/output/fuzzer	0.336s
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/output/scheme	[no test files]
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/output/v1alpha1	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd	74.887s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/alpha	9.308s
?   	k8s.io/kubernetes/cmd/kubeadm/app/cmd/options	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases	0.188s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/init	56.250s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/join	0.609s [no tests to run]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/reset	0.476s
?   	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/upgrade/node	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow	0.054s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/upgrade	4.927s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/util	0.581s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/componentconfigs	0.530s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/constants	0.337s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/discovery	0.404s
?   	k8s.io/kubernetes/cmd/kubeadm/app/discovery/file	[no test files]
?   	k8s.io/kubernetes/cmd/kubeadm/app/discovery/https	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/discovery/token	0.854s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/features	0.073s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/images	0.195s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns	0.536s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy	1.263s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo	0.348s
?   	k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/certs	115.806s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal	23.032s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/controlplane	12.430s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/copycerts	22.606s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/etcd	0.558s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig	40.051s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/kubelet	0.607s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/markcontrolplane	3.931s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/patchnode	1.904s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade	61.283s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig	0.789s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/preflight	0.505s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util	0.850s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient	3.110s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/certs	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/config	12.294s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/config/strict	0.683s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/crypto	0.265s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/dryrun	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/etcd	1.055s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/image	0.052s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/initsystem	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig	0.458s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/output	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/patches	0.255s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil	28.259s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin	0.077s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/runtime	0.449s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/staticpod	0.661s

real	2m51.579s
user	14m32.353s
sys	1m7.601s

after:

time go test -race ./cmd/kubeadm/app/... -count=1
?   	k8s.io/kubernetes/cmd/kubeadm/app	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm	0.220s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/fuzzer	0.615s
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/scheme	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1	0.271s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2	0.172s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/validation	0.364s
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/output	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/apis/output/fuzzer	0.252s
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/output/scheme	[no test files]
?   	k8s.io/kubernetes/cmd/kubeadm/app/apis/output/v1alpha1	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd	11.400s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/alpha	5.724s
?   	k8s.io/kubernetes/cmd/kubeadm/app/cmd/options	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases	0.345s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/init	4.112s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/join	0.486s [no tests to run]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/reset	0.454s
?   	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/upgrade/node	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow	0.074s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/upgrade	1.508s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/cmd/util	0.388s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/componentconfigs	0.585s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/constants	0.166s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/discovery	0.340s
?   	k8s.io/kubernetes/cmd/kubeadm/app/discovery/file	[no test files]
?   	k8s.io/kubernetes/cmd/kubeadm/app/discovery/https	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/discovery/token	0.986s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/features	0.082s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/images	0.272s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns	0.689s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/proxy	1.286s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/clusterinfo	0.419s
?   	k8s.io/kubernetes/cmd/kubeadm/app/phases/bootstraptoken/node	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/certs	4.831s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/certs/renewal	5.559s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/controlplane	0.842s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/copycerts	2.154s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/etcd	0.504s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/kubeconfig	1.398s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/kubelet	0.545s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/markcontrolplane	3.888s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/patchnode	1.909s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/upgrade	16.321s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig	0.483s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/preflight	0.435s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util	0.370s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient	2.840s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/certs	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/config	14.375s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/config/strict	0.367s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/crypto	0.151s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/dryrun	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/etcd	0.712s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/image	0.058s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/initsystem	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig	0.272s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/output	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/patches	0.187s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil	16.039s
?   	k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil/testing	[no test files]
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin	0.065s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/runtime	0.116s
ok  	k8s.io/kubernetes/cmd/kubeadm/app/util/staticpod	0.301s

real	0m44.183s
user	3m10.531s
sys	0m29.574s

/cc @neolit123

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Feb 1, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Feb 1, 2021
@liggitt liggitt mentioned this pull request Feb 1, 2021
Merged
@liggitt
Copy link
Member Author

liggitt commented Feb 1, 2021

/retest

neolit123
neolit123 reviewed Feb 1, 2021
View reviewed changes
Copy link
Member

@neolit123 neolit123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks a lot for this PR.
it looks like a much more sophisticated and correct approach compared to mine in:
#98638

cmd/kubeadm/app/phases/upgrade/staticpods_test.go
@@ -442,7 +443,7 @@ func TestStaticPodControlPlane(t *testing.T) {
for i := range tests {
rt := tests[i]
t.Run(rt.description, func(t *testing.T) {
t.Parallel()
pkiutiltesting.Reset()
Copy link
Member

@neolit123 neolit123 Feb 1, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wondering, were the tests here and TestRenewCertsByComponent racy or should not run pkiutiltesting based test in parallel (it does have a lock for its functions)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These tests were made parallel in order to speed them up, but the reason they were slow was private key generation, not artificial waits in the tests. Running in parallel didn't help in CPU or random-constrained environments.

When using pkiutil/testing, we want a test to run, asking for private keys, then reset for the next test. Otherwise another test's Reset() could result in already-used private keys being handed out again to a still-running parallel test

cmd/kubeadm/app/util/pkiutil/testing/testing.go
switch keyType {
case x509.ECDSA:
ecdsa++
keyName = fmt.Sprintf("%d.ecdsa", ecdsa)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we include pre-generated *.ecdsa files under testdata too?

yet, i can only find one tests that is using ECDSA, so currently it would not impact the performance:

kubernetes/cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go

Lines 130 to 138 in 88a05df

name: "has ServerAuth ECDSA",
config: CertConfig{
Config: certutil.Config{
CommonName: "test",
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
},
PublicKeyAlgorithm: x509.ECDSA,
},
expected: true,

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seemed better to leave the unit tests in the pkiutil package alone (we don't want to replace NewPrivateKey when we're trying to test NewPrivateKey, etc)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is set up to only pre-generate the fixtures for private keys that are actually used, so I'd leave this as is for now

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, understood.

cmd/kubeadm/app/util/pkiutil/testing/testing.go
if !more {
break
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

call stack manipulation often needs unit tests on it's own, but this looks fine to me.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the failure mode if this can't positively find a Test function in its stack is to fall back to default non-fixture behavior, which seems ok

@neolit123
Copy link
Member

thanks for the comments!

/lgtm
/kind cleanup
/priority important-longterm
/triage accepted

@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 1, 2021
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 1, 2021
@liggitt liggitt mentioned this pull request Feb 1, 2021
Closed
18 tasks
@liggitt
Copy link
Member Author

liggitt commented Feb 1, 2021

/retest

@k8s-ci-robot k8s-ci-robot merged commit 6e50e64 into kubernetes:master Feb 1, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Feb 1, 2021
@liggitt liggitt deleted the kubeadm-key-fixtures branch February 2, 2021 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neolit123 neolit123 neolit123 left review comments

Assignees

@neolit123 neolit123

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note-none Denotes a PR that doesn't merit a release note. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@liggitt @k8s-ci-robot @neolit123