run TSB test as part of the normal conformance bucket #15707
Conversation
openshift-merge-robot
added
the
size/L
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
openshift-merge-robot
added
the
approved
| @@ -51,7 +51,8 @@ pushd "${OS_ROOT}" > /dev/null | |||
| examples/sample-app \ | |||
| examples/prometheus/... \ | |||
| examples/hello-openshift \ | |||
| examples/jenkins/... | |||
| examples/jenkins/... \ | |||
| examples/templateservicebroker/... | |||
There was a problem hiding this comment.
if this is fundamental to the product, even "examples" doesn't seem like the right location. Do we have any other templates being used in this way? where do they live?
There was a problem hiding this comment.
if this is fundamental to the product, even "examples" doesn't seem like the right location. Do we have any other templates being used in this way? where do they live?
I asked @sdodson about where to put them. He asked to have it here.
| // this is weird, but we have to ignore this error in case some of this already exists (race between tests and the like) | ||
| //o.Expect(err).NotTo(o.HaveOccurred()) | ||
| err = WaitForDaemonSetStatus(tsbOC.AdminKubeClient(), &extensions.DaemonSet{ObjectMeta: metav1.ObjectMeta{Name: "apiserver", Namespace: tsbNS}}) | ||
| o.Expect(err).NotTo(o.HaveOccurred()) |
There was a problem hiding this comment.
can any part of this be shared w/ what cluster up is doing? i'm worried we're going to end up with 3 different "install the TSB" codepaths:
- cluster up
- extended tests
- ansible
There was a problem hiding this comment.
can any part of this be shared w/ what cluster up is doing? i'm worried we're going to end up with 3 different "install the TSB" codepaths:
cluster up
extended tests
ansible
Basing them on the same template resolves most problems. Obviously you have at least two paths, since ansible is written in python.
Then you're just talking about test code versus cmd line code. Given the differences in how errors are detected and handled, along with the differences in client accessibility, I'm guessing I could roughly double the total size of code from both halves to try to abstract out the difference and create a new level of abstraction to eliminate the duplication.
I recommend keeping it like this. Share a template, run the logic in a way that is "normal" in its domain.
There was a problem hiding this comment.
[grumbling acquiescence goes here]
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
| } | ||
|
|
||
| // we're trying to test the TSB, not the service. We're outside all the normal networks. Run a portforward to a particular |
There was a problem hiding this comment.
@bparees @jim-minter hopefully you never have to mess with this, but you should be aware that this is portforward and why.
There was a problem hiding this comment.
still wondering if we should be biting the bullet and putting a route in the template for when someone inevitably wants to run the SC off-cluster anyway. Is there a compelling reason not to?
There was a problem hiding this comment.
still wondering if we should be biting the bullet and putting a route in the template for when someone inevitably wants to run the SC off-cluster anyway. Is there a compelling reason not to?
I'm unclear on the off cluster case. It's possible, but not easy, to run an aggregated api server off cluster. You really think its likely that someone will want to do this? Even if I had a router, I'm not sure our e2e tests set up dns in a way that will make the route dns name work here.
I'd rather see that scoped as a different piece work and I'd suggest trying limit the exposure of your server as much as possible. I would have gone in the other direction and tried to set up network ingress rules
There was a problem hiding this comment.
I can envision someone running the SC in one cluster, talking to brokers in a different cluster. Admittedly there are some auth issues to deal with (what identify is provided by the SC when it calls the TSB?) but it's certainly part of the conceptual architecture of the SC/SB model.
Anyway yes it can wait, I just figured it would remove this port forwarding complexity at the same time, thus a net win.
There was a problem hiding this comment.
Anyway yes it can wait, I just figured it would remove this port forwarding complexity at the same time, thus a net win.
Are you familiar with how the routers are built in our e2e envs? I'm not, so I'd prefer a followup.
| // wait to get back healthy from the tsb | ||
| healthResponse := "" | ||
| err = wait.Poll(e2e.Poll, 2*time.Minute, func() (bool, error) { | ||
| resp, err := tsbclient.Client().Get("https://" + svc.Spec.ClusterIP + "/healthz") |
There was a problem hiding this comment.
do daemonsets have readiness checks? this seems like it should be a readiness check in the template.
There was a problem hiding this comment.
do daemonsets have readiness checks? this seems like it should be a readiness check in the template.
See #15681
There was a problem hiding this comment.
do daemonsets have readiness checks? this seems like it should be a readiness check in the template.
See #15681
A more detailed response: I'd like to have a test that checks the proper functioning of the template before I muck around it any more than I have to.
deads2k
force-pushed
the
tsb-13-e2e
branch
2 times, most recently
from
1fd0a4e to
77a8843
Compare
|
|
||
| if !exists { | ||
| e2e.Logf("Installing TSB onto the cluster for testing") | ||
| _, _, err := tsbOC.AsAdmin().WithoutNamespace().Run("create", "namespace").Args(tsbNS).Outputs() |
There was a problem hiding this comment.
do we run into trouble here if multiple tests run in parallel and run EnsureTSB at the same time?
There was a problem hiding this comment.
worth considering instantiating the tsb into the current / a separate throwaway namespace?
There was a problem hiding this comment.
hmm, maybe I'm just saying that the o.Expect(err).NotTo(o.HaveOccurred()) in 94 should be commented (or something) for the same reason as at 100
There was a problem hiding this comment.
hmm, maybe I'm just saying that the o.Expect(err).NotTo(o.HaveOccurred()) in 94 should be commented (or something) for the same reason as at 100
Yeah. This is all shim code until the installer sets this up for us.
| if pod == nil { | ||
| e2e.Failf("no ready pod found") | ||
| } | ||
| port, err := intframework.FindFreeLocalPort() |
There was a problem hiding this comment.
there's a race here between finding the port and binding to it
There was a problem hiding this comment.
there's a race here between finding the port and binding to it
Yes there is. In practice it's uncommon.
| } | ||
| port, err := intframework.FindFreeLocalPort() | ||
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
| portForwardCmd, _, _, err := tsbOC.AsAdmin().WithoutNamespace().Run("port-forward").Args("-n="+tsbNS, pod.Name, fmt.Sprintf("%d:8443", port)).Background() |
There was a problem hiding this comment.
the Background() will require the caller to defer a cleanup - not currently done, and suggest documenting this function to indicate the requirement as well
There was a problem hiding this comment.
oh, sorry, I see it's in the AfterEach. Doc would be good though
There was a problem hiding this comment.
h, sorry, I see it's in the AfterEach. Doc would be good though
doc'ed
|
/retest |
openshift-merge-robot
added
size/XL
|
I have rebased on #15677 since that is going to merge shortly. I have added a commit which disables front proxy auth and client cert auth on the TSB server until openshift/openshift-ansible#5056 is fixed. Aggregated api servers fail if they can't be proxied to (that's why this was failing), but the TSB can work without it for a little while. I will open a revert of that commit to be merged when the aggregation values are present. |
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
added
size/L
|
Let's see if images propagated. /retest |
|
The authentication changes were lgtm'd separately. Tagging this (finally). |
| @@ -340,6 +342,7 @@ var _ = g.Describe("[templates] templateservicebroker end-to-end test", func() { | |||
| } | |||
|
|
|||
| g.It("should pass an end-to-end test", func() { | |||
| framework.SkipIfProviderIs("gce") | |||
There was a problem hiding this comment.
@bparees did I somehow do this wrong?
deads2k
added
lgtm
|
/test end_to_end |
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
|
this test is still going to be valid when it finishes (nothing in queue, nothing merged). |
|
/retest |
|
/retest |
|
/test verify |
|
/test all |
|
/retest |
openshift-merge-robot
removed
the
lgtm
|
/retest |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
This updates the TSB test to run during the conformance run and make use of the example install template that cluster-up uses as well.
@bparees @jim-minter if this works, we can remove the extended template test, right?