Adds CRC deployment automation and CI documentation #268
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: perdasilva The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
perdasilva
force-pushed
the
tools_and_docs
branch
from
1b073df to
be0f5db
Compare
|
/retest-required |
1 similar comment
|
/retest-required |
scripts/crc-deploy.sh
Outdated
|
|
||
| # Set kubeconfig to CRC if necessary | ||
| export KUBECONFIG=${KUBECONFIG:-${HOME}/.crc/machines/crc/kubeconfig} | ||
| KUBE_ADMIN_PASSWORD=$(tr -d '\n' < "${HOME}/.crc/machines/crc/kubeadmin-password") |
There was a problem hiding this comment.
IIRC there's a dedicated crc console --credentials command that might be better to parse?
This is what I have locally as an alias:
$ alias crc_l
crc_l='eval $(crc console --credentials | cut -d" -f2- | grep -v developer | tr -d ")'There was a problem hiding this comment.
Oh, found an even nicer way: crc console --credentials -o json | jq -r .clusterConfig.adminCredentials.password
scripts/crc-deploy.sh
Outdated
| # Create port-forward to CRC registry | ||
| kubectl port-forward -n ${OPENSHIFT_REGISTRY_NAMESPACE} svc/${IMAGE_REGISTRY_SVC} ${IMAGE_REGISTRY_PORT}:${IMAGE_REGISTRY_PORT} > /dev/null 2>&1 & | ||
| PORT_FWD_PID=$! | ||
|
|
||
| # Remember to close the port-forward | ||
| trap 'kill "${PORT_FWD_PID}"' EXIT | ||
|
|
||
| # give port-forward a second | ||
| # I found that without this docker login would not work | ||
| # as if it couldn't reach the docker server | ||
| sleep 1 | ||
|
|
||
| oc whoami -t | docker login localhost:5000 --username user --password-stdin | ||
|
|
||
| # Push olm image | ||
| echo "Pushing olm image" | ||
| docker tag olm:test localhost:5000/openshift/olm:test | ||
| docker push localhost:5000/openshift/olm:test | ||
|
|
||
| # Push registry image | ||
| echo "Pushing registry image" | ||
| docker tag opm:test localhost:5000/openshift/opm:test | ||
| docker push localhost:5000/openshift/opm:test |
There was a problem hiding this comment.
Maybe this can be thrown in a function if we're trapping signals and require cleanup?
There was a problem hiding this comment.
Also variable to track any of the opm/olm test images?
| make manifests | ||
| git add . | ||
| git status | ||
| git commit --amend --allow-empty --no-edit --trailer "Upstream-repository: ${remote}" --trailer "Upstream-commit: ${rc}" |
There was a problem hiding this comment.
Note: the --trailer command requires new git versions. I saw locally that I needed to build git from source as f34 (f35?) didn't have this in the dnf stack.
There was a problem hiding this comment.
Do you happen to know from which version --trailer was introduced? I'm having trouble finding it. I could put in a check and a link.
|
/retest-required |
|
/test all |
perdasilva
force-pushed
the
tools_and_docs
branch
2 times, most recently
from
85a5852 to
36e984b
Compare
|
/retest |
|
/retest-required |
perdasilva
force-pushed
the
tools_and_docs
branch
from
36e984b to
7fd8f2a
Compare
|
/retest |
perdasilva
force-pushed
the
tools_and_docs
branch
2 times, most recently
from
3ecbf71 to
d2bbe5e
Compare
| # CRC_E2E_VALUES is already set in this script and exported | ||
| ./scripts/generate_crds_manifests.sh | ||
|
|
||
| # Apply patches |
There was a problem hiding this comment.
I think we should apply the OLM CRD manifests first and then apply the psm and profiler deployments.
There was a problem hiding this comment.
Interestingly enough, it looks like do the exact opposite in the context of CVO run levels looking at our root manifests directory: https://github.com/openshift/operator-framework-olm/tree/master/manifests.
There was a problem hiding this comment.
@dinhxuanvu that's right. I'm updating the script to pipe to sort. Then it should apply everything in priority order. Good catch! The comment here was stale. What I was doing before was deleting them in reverse priority order then applying them in priority order. But then I discovered replace.
Makefile
Outdated
| echo "Building olm image" | ||
| IMG="olm:test" $(MAKE) build/olm-container | ||
| echo "Building opm image" | ||
| rm -rf bin |
There was a problem hiding this comment.
Any idea on why this rm command was needed between build steps?
There was a problem hiding this comment.
I'll add a comment. But basically, if we don't rm bin before building the opm container and the binaries are still in bin, it won't (re-)compile them and you'll end up with a binary that doesn't work inside the container =S
There was a problem hiding this comment.
I'm cleaning this up by adding a clean target and calling it before the build/*-container targets
perdasilva
force-pushed
the
tools_and_docs
branch
5 times, most recently
from
e90d0ad to
a262379
Compare
|
/retest-required |
1 similar comment
|
/retest-required |
|
/test e2e-gcp-olm-flaky |
Signed-off-by: perdasilva <[email protected]>
perdasilva
force-pushed
the
tools_and_docs
branch
from
a262379 to
810287b
Compare
|
/test e2e-gcp-olm-flaky |
| echo "Logging in as kubeadmin" | ||
| oc login -u "${KUBE_ADMIN_USER}" -p "${KUBE_ADMIN_PASSWORD}" > /dev/null |
There was a problem hiding this comment.
I just tried pulling down these changes, running locally, and I got hit with the following error:
$ make crc
...
echo "Deploying OLM"
Deploying OLM
./scripts/crc-deploy.sh
Deploying OLM to CRC
Logging in as kubeadmin
error: couldn't get https://127.0.0.1:42973/.well-known/oauth-authorization-server: unexpected response status 403
make: *** [Makefile:180: crc-deploy] Error 1Going to try and manually run the crc-deploy Makefile target and see whether that authentication issue is reproducible.
There was a problem hiding this comment.
Okay I figured out the issue: in the case where a user already has a defined $KUBECONFIG variable locally, and that kubeconfig contains many contexts', we're not changing the default context to the crc instance:
$ echo $KUBECONFIG
/home/tflannag/.kube/config
$ export KUBECONFIG=${KUBECONFIG:-${HOME}/.crc/machines/crc/kubeconfig}
$ echo $KUBECONFIG
/home/tflannag/.kube/config
$
$ KUBE_ADMIN_USER=$(crc console --credentials -o json | jq -r .clusterConfig.adminCredentials.username)
$ KUBE_ADMIN_PASSWORD=$(crc console --credentials -o json | jq -r .clusterConfig.adminCredentials.password)
$ oc login -u "${KUBE_ADMIN_USER}" -p "${KUBE_ADMIN_PASSWORD}" > /dev/null
Logging in as kubeadmin
error: couldn't get https://127.0.0.1:42973/.well-known/oauth-authorization-server: unexpected response status 403
$ crc status
CRC VM: Running
OpenShift: Running (v4.10.3)
Podman:
Disk Usage: 19.83GB of 32.74GB (Inside the CRC VM)
Cache Usage: 103.6GB
Cache Directory: /home/tflannag/.crc/cache
$ kubectx -c
kind-kind
$ # switch to the crc-admin context
$ kubectx crc-admin
$ oc login -u "${KUBE_ADMIN_USER}" -p "${KUBE_ADMIN_PASSWORD}" > /dev/null
$ echo $?
0
| ${YQ} write --inplace -s scripts/psm-operator-deployment.crc.e2e.patch.yaml manifests/0000_50_olm_06-psm-operator.deployment.yaml | ||
| ${YQ} write --inplace -s scripts/collect-profiles.crc.e2e.patch.yaml manifests/0000_50_olm_07-collect-profiles.cronjob.yaml |
There was a problem hiding this comment.
Ran into another error while running this locally and manually setting the current kubecontext to crc-admin:
$ make crc-deploy
...
wrote ./tmp.hxG09zV0mc/chart/olm/templates/0000_50_olm_13-operatorgroup-default.yaml
wrote ./tmp.hxG09zV0mc/chart/olm/templates/0000_50_olm_13-operatorgroup-default.yaml
wrote ./tmp.hxG09zV0mc/chart/olm/templates/0000_90_olm_01-prometheus-rule.yaml
wrote ./tmp.hxG09zV0mc/chart/olm/templates/0000_90_olm_00-service-monitor.yaml
wrote ./tmp.hxG09zV0mc/chart/olm/templates/0000_90_olm_00-service-monitor.yaml
go run: no packages loaded from ./vendor/github.com/mikefarah/yq/v3/
make: *** [Makefile:180: crc-deploy] Error 1
| } | ||
|
|
||
| # YQ for applying yaml patches | ||
| YQ="go run ./vendor/github.com/mikefarah/yq/v3/" |
There was a problem hiding this comment.
See my earlier comment about running into issues when getting to the part in this workflow where we use yq. I tried running the following command locally thinking we might have support for overriding YQ:
$ make crc-deploy YQ=/usr/local/bin/yq
...
go run: no packages loaded from ./vendor/github.com/mikefarah/yq/v3/Maybe this is something we can override just like the KUBECONFIG environment variable?
There was a problem hiding this comment.
Andddd I tried manually overriding this in the crc-deploy.sh bash script and realized I have a v4 version locally:
$ make crc-deploy YQ=/usr/local/bin/yq
...
Error: write inplace cannot be used with split file
make: *** [Makefile:180: crc-deploy] Error 1
$ yq --version
yq (https://github.com/mikefarah/yq/) version 4.23.1There was a problem hiding this comment.
It looks like we're stranding some changes made while generating the CRC patches:
$ git status
modified: manifests/0000_50_olm_07-olm-operator.deployment.ibm-cloud-managed.yaml
modified: manifests/0000_50_olm_07-olm-operator.deployment.yaml
modified: manifests/0000_50_olm_08-catalog-operator.deployment.ibm-cloud-managed.yaml
modified: manifests/0000_50_olm_08-catalog-operator.deployment.yaml
modified: pkg/manifests/csv.yamlMaybe we need to wrap this in it's own function so we can enact a cleanup function (e.g. git restore manifests) when we run into a non-zero exit code?
|
/lgtm |
|
/override e2e-gcp Overriding as these changes don't affect anything in the product or pipeline |
|
@perdasilva: /override requires a failed status context or a job name to operate on.
Only the following contexts were expected:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/override ci/prow/e2e-gcp |
|
@timflannagan: /override requires a failed status context or a job name to operate on.
Only the following contexts were expected:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/override ci/prow/e2e-gcp |
|
@perdasilva: Overrode contexts on behalf of perdasilva: ci/prow/e2e-gcp, ci/prow/e2e-gcp-console-olm, ci/prow/e2e-upgrade In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@perdasilva: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Signed-off-by: Jordan Keister <[email protected]> Signed-off-by: Jordan Keister <[email protected]> Upstream-repository: api Upstream-commit: 028731a4f915f3a843634554ccc21d78b1d89859
Signed-off-by: Jordan Keister <[email protected]> Signed-off-by: Jordan Keister <[email protected]> Upstream-repository: api Upstream-commit: 028731a4f915f3a843634554ccc21d78b1d89859
Signed-off-by: Jordan Keister <[email protected]> Signed-off-by: Jordan Keister <[email protected]> Upstream-repository: api Upstream-commit: 028731a4f915f3a843634554ccc21d78b1d89859
Signed-off-by: Jordan Keister <[email protected]> Signed-off-by: Jordan Keister <[email protected]> Upstream-repository: api Upstream-commit: 028731a4f915f3a843634554ccc21d78b1d89859
Signed-off-by: Jordan Keister <[email protected]> Signed-off-by: Jordan Keister <[email protected]> Upstream-repository: api Upstream-commit: 028731a4f915f3a843634554ccc21d78b1d89859
Signed-off-by: Jordan Keister <[email protected]> Signed-off-by: Jordan Keister <[email protected]> Upstream-repository: api Upstream-commit: 028731a4f915f3a843634554ccc21d78b1d89859
This PR:
values-crc-e2e.yamlto adjust the images, arguments, and ImagePullPolicy of the deployments*.crc.e2e.yamlyaml patch files to patch additional olm manifests