-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kops: Add a kops-updown job #681
Conversation
{provider-env} | ||
{job-env} | ||
{post-env} | ||
if ! curl -fsS --retry 3 -o "$WORKSPACE/kops.url" "https://storage.googleapis.com/kops-ci/bin/latest-ci.txt"; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This logic seems too complicated to live inside the yaml...
Will you move this into a script and add it to the kubekins-e2e image like we do with e2e-runner.sh
, e2e.go
, etc?
https://github.com/kubernetes/test-infra/blob/master/jenkins/e2e-image/Dockerfile
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The part that's really messy without doing this inline is setting the NODEUP_URL
. I need to save both the NODEUP_URL export and the kops binary. I can do it ssh-agent -c
style and have the binary spit out the necessary exports, but it's dirty.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should talk about this. I think it defeats the purpose. To most of us writing these jobs, you've got the yaml
, which is super transparent, you've got e2e-runner.sh
, which is anything but transparent, and then you hit e2e.go
. This is a super minor setup/download, all things considered, but you didn't want it in e2e.go
, where it would be obvious and easy to maintain in go
. It's not easy to maintain in e2e-runner.sh
, which is actually the next most obvious place to put it, because I need to plumb an env variable through. It's not easy to maintain in a separate binary, because I end up writing yaml
code that looks like this:
if ! kops-download.sh $WORKSPACE/kops $WORKSPACE/kops.env; then
echo "Can't retrieve kops" >&2
exit 1
fi
. $WORKSPACE/kops.env
That's about two lines less complicated than the yaml
code I wrote already, which is only noisy because of the rigorous error checking that a ton of the other yaml
shell code doesn't do. Furthermore, neither case is dockerized, which is kind of bad, but not the worst thing in the world. So, in conclusion, I think this should either stay in the yaml
or move down into e2e.go
, and not get lost in some inscrutable morass in the middle.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As for what I mean by error checking, this section of bash is easily rewritten as:
export KOPS_URL=$(curl -fsS --retry 3 https://storage.googleapis.com/kops-ci/bin/latest-ci.txt)"
curl -fsS --retry 3 -o "${WORKSPACE}/kops" "${KOPS_URL}/linux/amd64/kops"
export NODEUP_URL="${KOPS_URL}/linux/amd64/nodeup"
But it's missing the error checking, because bash eats errors on export FOO=$()
even on errexit
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The example code you give is still too complex for yaml. Conditional logic is complicated and therefore belongs in its own script, which jenkins job can call unconditionally:
kops-runner.sh
if ! kops-download.sh $WORKSPACE/kops; then
exit 1
fi
# Whatever complex stuff you want
. $WORKSPACE/kops.env
timeout {runner}
kops-aws.yaml
export KUBERNETES_PROVIDER="aws" # Pretty soon we will disallow this complexity too
bash <(curl -fsS --retry 3 "https://raw.githubusercontent.com/kubernetes/test-infra/master/jenkins/kops-runner.sh") # Pretty soon we will automatically and always checkout test-infra at master
Now it is trivial for me to test out changes: call kops-runner.sh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did it a little differently than you described and just overrode the e2e-runner.sh
in dockerized-e2e-runner.sh
, then bundled it in the Docker image. WDYT? (Testing the normal path in kubernetes/kubernetes#33700 right now.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
builders: | ||
- activate-gce-service-account | ||
- shell: | | ||
{provider-env} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any interest in saving us all some pain and place provider-env
and job-env
here inline?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to have more jobs, but moving the provider-env
is easy enough.
job-env: | | ||
export GINKGO_TEST_ARGS="--ginkgo.focus=\[k8s.io\]\sNetworking.*\[Conformance\]" | ||
export GINKGO_PARALLEL="y" | ||
export PROJECT="fake-project-ignored" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm? Sadly I think this will cause our tooling to validate that fake-project-ignored has the right IAM bindings :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's really not easy for me to test this, but the last time I ran something through e2e-runner without PROJECT
set correctly, it shit a brick. Do you want to create a project that we can assign to non-projects?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I can fix e2e-runner
. It just needs a provider check around the PROJECT
check.
days-to-keep: 7 | ||
triggers: | ||
- reverse: | ||
jobs: '{trigger-job}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider removing as many of these as appropriate (we only trigger one way, we only define one version of emails)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've looked at this a little more, and this is basically stock boilerplate for any build triggered job template. If you want a wider cleanup, let's address it in another PR, but https://github.com/kubernetes/test-infra/blob/master/jenkins/job-configs/kubernetes-jenkins/kubernetes-e2e-gce.yaml and https://github.com/kubernetes/test-infra/blob/master/jenkins/job-configs/kubernetes-jenkins/kubernetes-e2e-gke.yaml both follow this. Am I missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kubernetes-e2e-gce.yaml has multiple values for trigger-job:
kubernetes-e2e-gce
uses kubernetes-build
while kubernetes-e2e-gce-federation uses kubernetes-federation-build
Your job has only one value for trigger-job right now, therefore the intermediate variable is unnecessary.
If you write jobs: 'kubernetes-build'
the next person has the information right in front of their eyes instead of needing to go hunt down where trigger-job is defined.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
I addressed some of the review comments and fixed up |
b4a9642
to
1116a9f
Compare
f561e5b
to
76852d2
Compare
@@ -61,6 +61,12 @@ if [[ "${KUBE_RUN_FROM_OUTPUT:-}" =~ ^[yY]$ ]]; then | |||
) | |||
fi | |||
|
|||
if [[ -n "${KUBE_E2E_RUNNER:-}" ]]; then | |||
docker_extra_args+=(\ | |||
--entrypoint="${KUBE_E2E_RUNNER}" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neat!
builders: | ||
- activate-gce-service-account | ||
- shell: | | ||
{provider-env} | ||
export KUBERNETES_PROVIDER="aws" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay! This looks MUCH better!!
builders: | ||
- activate-gce-service-account | ||
- shell: | | ||
export AWS_CONFIG_FILE="${{WORKSPACE}}/.aws/credentials" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one too :-D
{provider-env} | ||
{job-env} | ||
{post-env} | ||
if ! curl -fsS --retry 3 -o "$WORKSPACE/kops.url" "https://storage.googleapis.com/kops-ci/bin/latest-ci.txt"; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@@ -44,10 +44,11 @@ ENV FAIL_ON_GCP_RESOURCE_LEAK=true \ | |||
# JENKINS_AWS_CREDENTIALS_FILE | |||
|
|||
ADD ["e2e-runner.sh", \ | |||
"kops-e2e-runner.sh", \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you plan to add this file to the PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Woops. Fixed!
76852d2
to
ed84680
Compare
LGTM |
Note that we will need to push a new kubekins-e2e image for this (talk to @ixdy) |
Yup. I can do it, or someone else can. If this seems fine, merge and I can push a new image and suggest a new tag later (but it may not be until Monday if I'm doing it). |
Given that various pieces here do and do not run from head I'd suggest we wait until Monday morning when you are back to a) merge this PR and b) create the new image. I suspect if we merge now the aws tests will spend the rest of the week in a fail loop |
This is dipping a toe in the water. Companion to kubernetes/kubernetes#33518, and I won't merge it until that's in and a new docker image is pushed.
ed84680
to
9bc6f1c
Compare
I just rebased and I'm retesting this in kubernetes/kubernetes#33700 again. I'll merge when that seems clean, then propose a new tag. |
Merging, #33700 is collecting greens. |
Automatic merge from submit-queue. fix typo from unit test to unit tests
* Ignore blank line when counting pending jobs. * Fix race condition by looking at jobs, not pods. Pods may show up in all sort of ordering, so we may see 1 pod out of N completed, while the rest haven't been scheduled. If we look at jobs themselves and compare expected with completions we won't be surprised by the race. * Use custom column to avoid kubectl versioning. * Fix run-away line.
This is dipping a toe in the water. Companion to kubernetes/kubernetes#33518, and I won't merge it until that's in and a new docker image is pushed.
This change is