Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recreate the k8s-authenticated-test GCP project as k8s-staging-authenticated-test on kubernetes.io GCP Org #5854

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Recreate the k8s-authenticated-test GCP project as k8s-staging-authenticated-test on kubernetes.io GCP Org #5854

wants to merge 1 commit into from
+141 −0

Conversation

upodroid
Copy link
Member

Fixes: kubernetes/kubernetes#97026
Part of #1458

The following tests in k/k are failing quite frequently on kops clusters and for anyone who doesn't run e2e tests on specific projects.

[sig-apps] ReplicaSet should serve a basic image on each replica with a private image
[sig-apps] ReplicationController should serve a basic image on each replica with a private image

Sample failure:
https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-gce-cni-cilium-k8s-ci/1702296867670331392

This particular image gcr.io/k8s-authenticated-test/agnhost:2.6 is pulled for testing and runs in a google.com GCP org.

We can't get rid of these tests till the in-tree Kubelet auth providers are gone.

I'm proposing the images live in a new location that is owned by the community and the images can be pulled by any google service account.

The new pull location for the image will be us-central1.docker.pkg.dev/k8s-staging-authenticated-test/images/agnhost:2.6

/cc @dims @ameukam @BenTheElder

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ labels Sep 15, 2023
@upodroid upodroid changed the title Recreate k8s-authenticated-test GCP project as k8s-staging-authenticated-test on kubernetes.io GCP Org Recreate the k8s-authenticated-test GCP project as k8s-staging-authenticated-test on kubernetes.io GCP Org Sep 15, 2023
@k8s-ci-robot k8s-ci-robot added area/infra Infrastructure management, infrastructure design, code in infra/ area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. labels Sep 15, 2023
@ameukam
Copy link
Member

ameukam commented Sep 15, 2023

I wonder if we want to migrate this registry. There was a conversation about removing the tests using gcr/k8s-authenticated-test .
Do we want input from sig-node before doing this ? @dims @BenTheElder

@upodroid
Copy link
Member Author

most recent convo https://kubernetes.slack.com/archives/C7J9RP96G/p1694796571586009

@upodroid
Copy link
Member Author

/sig testing

@k8s-ci-robot k8s-ci-robot added the sig/testing Categorizes an issue or PR as relevant to SIG Testing. label Sep 18, 2023
@aojea
Copy link
Member

aojea commented Sep 19, 2023

/assign @aojea

@BenTheElder
Copy link
Member

I would prefer to see an alternative as I think trying to host a permanent authenticated image endpoint is a liability (also don't forget when something like this happens now old release tests are broken)

We can't get rid of these tests till the in-tree Kubelet auth providers are gone.

I don't think that's true, again you can pass generic auth that isn't specific to say, GCP, by way of e.g. a secret in a namespace. That's generic and I don't see that being ripped out of tree.

Suggestions:

  • Run a local registry in the cluster (see past discussion though of why this may not work portably due to k8s networking)
  • Custom app similar to registry.k8s.io and the tiniest image possible w/ custom auth (lots of extra work / infra for one test ...)
  • This PR or something similar (... but acknowledge that it's likely to break in the future)

@upodroid
Copy link
Member Author

Suggestions:

  • Run a local registry in the cluster (see past discussion though of why this may not work portably due to k8s networking)
  • Custom app similar to registry.k8s.io and the tiniest image possible w/ custom auth (lots of extra work / infra for one test ...)
  • This PR or something similar (... but acknowledge that it's likely to break in the future)

Let's go with the 3rd option and revisit this problem in the future. I don't see anyone who is ready to do 1 and 2. Replacing kube-up clusters is a better use of our time than doing a ton of extra work for a test that shouldn't even be there in the first place.

@ameukam
Copy link
Member

ameukam commented Oct 2, 2023

@aojea Any concern about picking the third option ?

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 22, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle rotten
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Feb 21, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@upodroid upodroid reopened this May 15, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: upodroid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 15, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@upodroid upodroid reopened this Aug 22, 2024
@k8s-ci-robot k8s-ci-robot added the area/infra/gcp Issues or PRs related to Kubernetes GCP infrastructure label Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ameukam ameukam Awaiting requested review from ameukam

@BenTheElder BenTheElder Awaiting requested review from BenTheElder

@dims dims Awaiting requested review from dims

Assignees

@aojea aojea

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra/gcp Issues or PRs related to Kubernetes GCP infrastructure area/infra Infrastructure management, infrastructure design, code in infra/ area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migrate private registry e2e tests away from gcr.io/k8s-authenticated-test
6 participants
@upodroid @ameukam @aojea @BenTheElder @k8s-triage-robot @k8s-ci-robot