Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rebuild gvisor image for integration tests #4717

Merged
merged 26 commits into from
Aug 16, 2019
Merged

Rebuild gvisor image for integration tests #4717

merged 26 commits into from
Aug 16, 2019

Conversation

priyawadhwa
Copy link

@priyawadhwa priyawadhwa commented Jul 8, 2019
edited
Loading

We should rebuild the gvisor image for integration tests, so that if
changes are made to the gvisor image they are tested. I added an
environment variable that, when set, will change the expected gvisor
image repo.

should unblock #4494

Rebuild gvisor image for integration tests
a8f1ed7 
We should rebuild the gvisor image for integration tests, so that if
changes are made to the gvisor image they are tested. I added an
environment variable that, when set, will change the expected gvisor
image repo.
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 8, 2019
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 8, 2019
@priyawadhwa priyawadhwa mentioned this pull request Jul 8, 2019
Merged
@medyagh
Copy link
Member

medyagh commented Jul 8, 2019

@minikube-bot OK to test

medyagh
medyagh reviewed Jul 8, 2019
View reviewed changes
pkg/minikube/constants/constants.go Outdated
@@ -430,6 +430,9 @@ const (
GvisorContainerdShimURL = "https://github.com/google/gvisor-containerd-shim/releases/download/v0.0.1-rc.0/gvisor-containerd-shim-v0.0.1-rc.0.linux-amd64"
// GvisorURL is the url to download gvisor
GvisorURL = "https://storage.googleapis.com/gvisor/releases/nightly/2018-12-07/runsc"

// MinikubeGvisorAddonImageRepo is the environment variable set by integration tests to change the gvisor image repo.
MinikubeGvisorAddonImageRepo = "MINIKUBE_GVISOR_ADDON_IMAGE_REPO"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to add set this evn to hack/jenkins/ bash files?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so since I set the environment variable programatically & only for the gvisor tests.

ianlewis
ianlewis suggested changes Jul 8, 2019
View reviewed changes
pkg/minikube/assets/addons.go Outdated
}{
Arch: a,
ExoticArch: ea,
ImageRepository: cfg.ImageRepository,
GvisorImageRepo: os.Getenv(constants.MinikubeGvisorAddonImageRepo),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this not require normal addon users to set this environment variable? Seems like that would require an update to the docs. I'd prefer if it defaulted to cfg.ImageRepository

Copy link
Author

@priyawadhwa priyawadhwa Jul 9, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the default value is gcr.io/k8s-skaffold, users should never have to set the environment variable, since it should be empty. This way, they should always be using the latest version of the gvisor image.

I opted out of using cfg.ImageRepository because that repo would be applied to other images minikube pulls as well (storage provisioner, etc), which wouldn't exist.

This way, if the env variable is set (which should only happen in integration tests), then only in that case will a non-default gvisor image will be used.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking some folks would want to override the image repo globally. My thought was to use GvisorImageRepo if it is set, but use ImageRepository if it's not set (i.e. go back to current behavior)

ianlewis
ianlewis suggested changes Jul 9, 2019
View reviewed changes
pkg/minikube/assets/addons.go Outdated
}{
Arch: a,
ExoticArch: ea,
ImageRepository: cfg.ImageRepository,
GvisorImageRepo: os.Getenv(constants.MinikubeGvisorAddonImageRepo),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking some folks would want to override the image repo globally. My thought was to use GvisorImageRepo if it is set, but use ImageRepository if it's not set (i.e. go back to current behavior)

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 9, 2019
ianlewis
ianlewis suggested changes Jul 10, 2019
View reviewed changes
pkg/gvisor/enable.go Outdated
@@ -44,6 +44,7 @@ const (
// 3. copies necessary containerd config files
// 4. restarts containerd
func Enable() error {
return fmt.Errorf("local image used correctly")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this was for debugging? I would have thought that Go would complain about unreachable code when compiling.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, I want to make sure minikube actually pulls the locally built gvisor image, so tests should fail with this error

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently it fails with compile error so you may want to remove the code after this line if you are intentionally returning an error.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are you seeing the compile error? If I run make out/gvisor-addon locally the binary does compile, and running the docker image from make gvisor-addon-image gives me:

minikube$ docker run gcr.io/k8s-minikube/gvisor-addon:latest
2019/07/10 23:20:28 local image used correctly

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I'm seeing the error in Travis. Go's compiler complains if code is unreachable.
https://travis-ci.org/kubernetes/minikube/builds/557049237#L541

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad. It was go vet the provides the error. In any case, the code afterwards isn't used.

hack/jenkins/common.sh Show resolved Hide resolved
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: priyawadhwa
To complete the pull request process, please assign ra489
You can assign the PR to them by writing /assign @ra489 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@priyawadhwa priyawadhwa changed the title Rebuild gvisor image for integration tests [wip] Rebuild gvisor image for integration tests Jul 10, 2019
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 10, 2019
Priya Wadhwa added 2 commits July 10, 2019 14:13
Build and push the gvisor image, setting an environment variable
e6653b7 
which can be picked up during integration testing.

I opted to do it this way because the locally built gvisor image wasn't
being picked up by minikube, because the docker daemon wasn't
configured, since minikube isn't up and running yet. Even if the docker daemon was configured to point to
minikube, we wouldn't be able to build the gvisor-image from the test
itself.
Point docker daemon to minikube and rebuild docker image
3ffe2af
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 5, 2019
@priyawadhwa priyawadhwa mentioned this pull request Aug 5, 2019
Closed
@priyawadhwa
Copy link
Author

hey @ianlewis thanks for the ping! For a quick update: I've found a couple bugs while trying to fix this -- right now this is blocked on #4985, which is needed to make sure we are running the local version of the gvisor image to correctly test changes

Run "sudo ctr -n=k8s.io images import" instead of "ctr images import"…
ee4cbbb 
… which doesn't load the image into the runtime
@priyawadhwa priyawadhwa force-pushed the gvisor-image branch 2 times, most recently from 11b51cc to 6cd9b58 Compare August 8, 2019 19:49
@ianlewis
Copy link
Contributor

ianlewis commented Aug 9, 2019

@priyawadhwa Thanks for the update! Sounds like we open a can of worms!

@medyagh
Copy link
Member

medyagh commented Aug 16, 2019

PR looks good, only one test fails, but it might be a flake fail.

--- FAIL: TestContainerd (0.00s)
    --- FAIL: TestContainerd/GvisorRestart (1244.80s)
        containerd_test.go:59: waiting for gvisor controller to come up

I am gonna restart the KVM test
for furture reference the error is :

 22:41:54 | ! I0815 22:41:54.934127   24312 ssh_runner.go:101] SSH: sudo podman load -i /tmp/pause_3.1
 22:41:55 | ! W0815 22:41:55.145638   22225 exit.go:99] Wait failed: waiting for k8s-app=kube-proxy: timed out waiting for the condition
 22:41:55 | ! * 
 22:41:55 | ! X Wait failed: waiting for k8s-app=kube-proxy: timed out waiting for the condition
 22:41:55 | ! * 
 22:41:55 | ! * Sorry that minikube crashed. If this was unexpected, we would love to hear from you:
 22:41:55 | !   - https://github.com/kubernetes/minikube/issues/new/choose
 22:41:55 | > * Waiting for: apiserver proxy

@medyagh
Copy link
Member

medyagh commented Aug 16, 2019
edited
Loading

@priyawadhwa the PR looks good to me, are you okay with merging this PR ?

@priyawadhwa
Copy link
Author

@medyagh yah I think this should be ok!

@priyawadhwa priyawadhwa changed the title [wip] Rebuild gvisor image for integration tests Rebuild gvisor image for integration tests Aug 16, 2019
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 16, 2019
@medyagh
Copy link
Member

medyagh commented Aug 16, 2019

awesome thank you for fixing this !

@medyagh medyagh merged commit 021ca86 into kubernetes:master Aug 16, 2019
@priyawadhwa priyawadhwa deleted the gvisor-image branch August 19, 2019 17:50
@medyagh medyagh mentioned this pull request Aug 20, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ianlewis ianlewis ianlewis requested changes

@medyagh medyagh medyagh left review comments

@balopat balopat Awaiting requested review from balopat

@RA489 RA489 Awaiting requested review from RA489

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@priyawadhwa @medyagh @k8s-ci-robot @tstromberg @ianlewis