Bug 1868976: jsonnet: configure SCCs

[s-urbaniak]

• I added CHANGELOG entry for this change.
• No user facing changes, so no entry in CHANGELOG was needed.

[openshift-ci-robot]

@s-urbaniak: This pull request references Bugzilla bug 1868976, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

WIP: Bug 1868976: jsonnet: configure SCCs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[lilic]

/retest

doesn't seem related.

[s-urbaniak]

/cc @openshift/openshift-team-monitoring

side note: i am in parallel working out where to place a sensible upgrade test for this in origin/e2e. I guess we cannot do an upgrade test here.

[s-urbaniak]

/retest

[s-urbaniak]

fwiw we already have an e2e test that at least tests Prometheus PVC:

cluster-monitoring-operator/test/e2e/prometheus_test.go

Lines 30 to 88 in f4b5b9b

	func TestPrometheusVolumeClaim(t *testing.T) {
	err := f.OperatorClient.WaitForStatefulsetRollout(&appsv1.StatefulSet{
	ObjectMeta: metav1.ObjectMeta{
	Name: "prometheus-k8s",
	Namespace: f.Ns,
	},
	})
	if err != nil {
	t.Fatal(err)
	}
	cm := &v1.ConfigMap{
	ObjectMeta: metav1.ObjectMeta{
	Name: "cluster-monitoring-config",
	Namespace: f.Ns,
	},
	Data: map[string]string{
	"config.yaml": `prometheusK8s:
	volumeClaimTemplate:
	spec:
	storageClassName: gp2
	resources:
	requests:
	storage: 2Gi
	`,
	},
	}
	if err := f.OperatorClient.CreateOrUpdateConfigMap(cm); err != nil {
	t.Fatal(err)
	}
	var lastErr error
	// Wait for persistent volume claim
	err = wait.Poll(time.Second, 5*time.Minute, func() (bool, error) {
	_, err := f.KubeClient.CoreV1().PersistentVolumeClaims(f.Ns).Get(context.TODO(), "prometheus-k8s-db-prometheus-k8s-0", metav1.GetOptions{})
	lastErr = errors.Wrap(err, "getting prometheus persistent volume claim failed")
	if err != nil {
	return false, nil
	}
	return true, nil
	})
	if err != nil {
	if err == wait.ErrWaitTimeout && lastErr != nil {
	err = lastErr
	}
	t.Fatal(err)
	}
	err = f.OperatorClient.WaitForStatefulsetRollout(&appsv1.StatefulSet{
	ObjectMeta: metav1.ObjectMeta{
	Name: "prometheus-k8s",
	Namespace: f.Ns,
	},
	})
	if err != nil {
	t.Fatal(err)
	}
	}

do you think it makes sense to add more PVC tests here, i.e. for alertmanager and user-workload-prometheus?

[simonpasquier]

Agree that additional tests for Alertmanager and UWM would be good to have.

[s-urbaniak]

@simonpasquier thanks for the suggestion! ptal if the place/wording lgty. I would submit the additional e2e tests as a follow-up if possible.

[s-urbaniak]

looking into the e2e failure, it seems to be related.

    --- FAIL: TestUserWorkloadMonitoring/enable_user_workload_monitoring,_assert_prometheus_rollout#01 (0.01s)

[s-urbaniak]

failure does seem to be unrelated, the failing test function fails at creating the configmap to turn on user workload monitoring:

    user_workload_monitoring_test.go:139: retrieving ConfigMap object failed: Get "https://api.ci-op-w6vf2c6m-a317e.origin-ci-int-aws.dev.rhcloud.com:6443/api/v1/namespaces/openshift-monitoring/configmaps/cluster-monitoring-config": dial tcp 54.243.39.215:6443: connect: connection refused
=== CONT  TestUserWorkloadMonitoring
    user_workload_monitoring_test.go:96: scenario "enable user workload monitoring, assert prometheus rollout" failed
...

[s-urbaniak]

/retest

[s-urbaniak]

/hold

[s-urbaniak]

thanos ruler is missing, thank you @simonpasquier for the OOB catch 👍

[s-urbaniak]

the more i think about it though, the more i believe we should add those e2e tests here 🤔 we are adding quite some settings to those statefulsets here, so let me amend the tests in this very PR.

[s-urbaniak]

/retest

[s-urbaniak]

I just found we already have PVC tests for alertmanager 😅

[s-urbaniak]

And we have also PVC tests for UWM Prometheus, adding a dedicated one for Thanos Ruler.

[s-urbaniak]

/hold cancel

[simonpasquier]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: s-urbaniak, simonpasquier

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [s-urbaniak,simonpasquier]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[s-urbaniak]

/test e2e-agnostic

[openshift-ci-robot]

@s-urbaniak: All pull requests linked via external trackers have merged:

• openshift/cluster-monitoring-operator#981

Bugzilla bug 1868976 has been moved to the MODIFIED state.

In response to this:

Bug 1868976: jsonnet: configure SCCs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[s-urbaniak]

/cherry-pick release-4.6

[openshift-cherrypick-robot]

@s-urbaniak: #981 failed to apply on top of branch "release-4.6":

Applying: jsonnet: configure SCCs
Using index info to reconstruct a base tree...
M	jsonnet/prometheus-user-workload.jsonnet
M	jsonnet/prometheus.jsonnet
Falling back to patching base and 3-way merge...
Auto-merging jsonnet/prometheus.jsonnet
CONFLICT (content): Merge conflict in jsonnet/prometheus.jsonnet
Auto-merging jsonnet/prometheus-user-workload.jsonnet
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 jsonnet: configure SCCs
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.