This was staring at me yesterday, and I even commented that "huh,
there's got to be something wrong with the firewall rules, but then
job/kubernetes-e2e-gce/1002/tapResults/ made it obvious: If you have
two e2e jobs running at the same time in the same project (hint:
Jenkins does), they'll race with each other, since resource names are
project scoped.
And a config description. This doesn't yet have much - first want to
make sure I can do the build job. Next I'll submit the e2e script with
its twiddles and switch those over. (After going to 3 e2es, I think
it's finally time for version control.)
This exposes the proper v1beta3 API endpoint when the user specifies
the --runtime_config=api/v1beta3 argument to the apiserver. v1beta3
is still considered experimental and subject to change.
--runtime_config is a map of string keys and values, that can be
specified by providing
--runtime_config=a=b,b=c,d,e
Only the key must be specified, the value can be omitted.
Enables v1beta3 in hack/local-up-cluster.sh and hack/test-cmd.sh
Scheduler uses Reflector from pkg/client/cache.
It defines some helper classes.
I'd like to use those helpers with pkg/client/cache
in kube-proxy and kubelet too.
There are quite a few 'composite literal uses unkeyed fields' errors that I have kept out of this patch.
And there's a couple where vet just seems confused. These are the easiest ones.
What I really want is
https://github.com/GoogleCloudPlatform/kubernetes/issues/2953, but
haven't had a chance to code that yet. Maybe it's time. (Then I'd
remove the provider-specific test and just say "is it > 0.7.2, or does
it claim to be capable of something from the future?" The latter
covers the HEAD server case .. though just bumping the server version
immediately after release might also accomplish that, too.)
After this DNS is resolvable from the host, if the DNS server is targetted
explicitly. This does NOT add the cluster DNS to the host's resolv.conf. That
is a larger problem, with distro-specific tie-ins and circular deps.
Add test artifacts to the build. This lets you do:
tar -xzf kubernetes.tar.gz
tar -xzf kubernetes-test.tar.gz
cd kubernetes
go run ./hack/e2e.go -up -test -down
without having a git checkout.
by adding support for testing official release versions and writing a
simple script to first bring up and test the old version before
upgrading it and testing it again. Related to supporting in-place
upgrades of masters (#2524).
Make each test available for execution --times times. Acts like a
multi-deck shoe. (Otherwise this is easily scriptable outside the
e2e.go command).
Useful for "I want to walk away for a few hours leaving some end-to-ends
running", until we have more stress tests. Also useful for detecting
flakes.
Reporting is changed to break out Passed, Flaky and Failed. I chose to
keep all three lines even if --times isn't on, just for consistency in
scraping. Similarly, it always outputs the counts now. A report looks
like:
2014/12/09 07:31:21 Passed tests: goe2e.sh[100/100] guestbook.sh[100/100] private.sh[100/100] services.sh[100/100]
2014/12/09 07:31:21 Flaky tests: basic.sh[99/100] certs.sh[99/100] monitoring.sh[98/100] pd.sh[98/100] update.sh[98/100]
2014/12/09 07:31:21 Failed tests:
2014/12/09 07:31:21 8 test(s) failed.
Replaces the client public interface but leaves old references to "minions"
for a later refactor. Selects the path "nodes" for v1beta3 and "minions"
for older versions.
Currently, we run the e2e tests in whatever order readdir happens to
return, which is random on some filesystems, name sorted on others,
create order on others, etc. Eventually, we may want to be
automatically hermetic between e2e tests (especially as we introduce
more resource destructive tests), but until then, it would be useful
if we permute the test order randomly between runs to ensure that
developers don't accidentally rely on a particular order. This
introduces a form of forced hermeticism, since improper state cleanup
from one test may not perturb a given test, but there's probably *a*
test in the suite that the order will perturb, so the RNG will find
that order eventually.
Adds logging of the generated seed, and an --orderseed argument that
can be used to re-run in the same order. Also sorts the pass/fail list
now for easier human reading.
Minor usability nuisance: If you run:
go run hack/e2e.go -v -test
.. and you don't happen to have an up e2e cluster, it should fail
fast, rather than chugging through every test and having them fall
over.
This commit brings two main changes, notably:
Two new options that can be set as environment variables
- DOCKER_OPTS: any arbitrary set of docker options. Example: --tlsverify
- DOCKER_NATIVE: This forces the use of the native docker available.
This is most useful if you're on OS X and do not want
to use boot2docker.
Now uses 'docker cp' instead of tar piping to transfer files. This
currently must be done by copying the binaries off of the docker volume
and into a local filesystem (/tmp) before a docker cp is done. This
workaround will no longer be necessary after bug fix
https://github.com/docker/docker/pull/8509 makes it into stable.
This was necessary because the tar | tar method was creating corrupted
archives on OS X even with the < /dev/null workaround.
This change refactors the way Kubelet's DockerPuller handles the docker config credentials to utilize a new credentialprovider library.
The credentialprovider library is based on several of the files from the Kubelet's dockertools directory, but supports a new pluggable model for retrieving a .dockercfg-compatible JSON blob with credentials.
With this change, the Kubelet will lazily ask for the docker config from a set of DockerConfigProvider extensions each time it needs a credential.
This change provides common implementations of DockerConfigProvider for:
- "Default": load .dockercfg from disk
- "Caching": wraps another provider in a cache that expires after a pre-specified lifetime.
GCP-only:
- "google-dockercfg": reads a .dockercfg from a GCE instance's metadata
- "google-dockercfg-url": reads a .dockercfg from a URL specified in a GCE instance's metadata.
- "google-container-registry": reads an access token from GCE metadata into a password field.
Also fix up cert generation. It was failing during the first salt highstate when trying to chown the certs as the apiserver user didn't exist yet. Fix this by creating a 'kube-cert' group and chgrping the files to that. Then make the apiserver a member of that group.
Fixes#2365Fixes#2368
apiserver becomes kube-apiserver
controller-manager -> kube-controller-manager
scheduler and proxy similarly.
Only thing I promise is that right now hack/build-go.sh and
build/release.sh exit with 0. That's it. Who knows if any of this
actually works....
It's actually used unset a couple of lines after this patch, but this
just resolves it in one place instead of calling
$(kube::golang::host_platform) twice.
Because of Fedora's crazy packaging guidelines, go install basically
isn't allowed. So allow us to use go build instead of go install.
test-integration also needs to accept the flag to be able to pass it
along to the build function.
* Rewrite a bunch of the hack/ directory with modular reusable bash libraries.
* Have 'build/*' build on 'hack/*'. The stuff in build now just runs hack/* in a docker container.
* Use a docker data container to enable faster incremental builds.
* Standardize output to _output/{local,dockerized}/bin/OS/ARCH/*. This regularized placement makes cross compilation work.
* Move travis specific scripts under hack/travis
With new dockerized incremental builds, I can do a no-op `make quick-release` in ~30s. This is a significant improvement.
test-cmd runs a 127.0.0.1 version of the apiservers, but does not
set --public_address_override, which means it can fail on some systems
(like Macs) which don't expose a bindable external port by default.
Since reachability is not necessary for test-cmd.sh today, set
public_address_override to 127.0.0.1
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
Proper quoting, error checks, use $KUBE_* variables when applicable, trap to do
cleanup on all errors, call cleanup explicitly on successful exit.
Tested:
- Ran it manually to completion, test run successful.
- Interrupted it during the run, checked that $? was non-zero, etcd was killed.
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
This doesn't fix anything broken. But we have config-go which exports
KUBE_REPO_ROOT and KUBE_TARGET. Using those means the test scripts can
be more easily moved around the repo and still work. Especially in
hack/test-integration.sh where we use hack/build-go.sh which is going
to use KUBE_TARGET to place the binary, then we use a different method
to find/execute the binary...
If this is set, and it normally shouldn't be, the config file will not
add the in tree Godeps to the GOPATH. So all of them must be solved by
the KUBE_EXTRA_GOPATH
This fixes `hack/test-go.sh pkg/apiserver -test.run=<a_specific_test_name>`
which was broken by PR #1116.
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
add usage
verify flag value for -i is numeric
allow multiple targets on the command line
actually capture coverage output
fix lingering GOFLAGS undef issue
fix issue with -i not working at all: ((x++)) returns 1 when x is 0, which is
incompatible with "set -e"
Set the values of major and minor version based on the output of the
`git describe` command, which uses annotated tags as source of
versioning information.
Minor will get a "+" appended whenever the annotated tag does not match
the tree exactly (including when the tree is dirty.) So that only
official releases will have a "bare" minor version, all others will have
a "+" to indicate the binaries contain changes from the released version
in minor.
(This is similar to how versions of development builds of the Linux
kernel work.)
Tested:
- With no annotated tags:
$ hack/build-go.sh
$ _output/go/bin/kubecfg -version=raw
version.Info{Major:"0", Minor:"1+", GitVersion:"v0.1+", GitCommit:"7d29873bdee87efacaace30ab3602297cacf1b4f", GitTreeState:"clean"}
- Tagging current version on a clean git tree:
$ git tag -a -m 'Test tag v2.3' v2.3
$ hack/build-go.sh
$ _output/go/bin/kubecfg -version=raw
version.Info{Major:"2", Minor:"3", GitVersion:"v2.3", GitCommit:"7d29873bdee87efacaace30ab3602297cacf1b4f", GitTreeState:"clean"}
- Tagging current version on a dirty git tree:
$ git tag -a -m 'Test tag v2.3' v2.3
$ touch test.txt # this is enough to mark the tree as dirty
$ hack/build-go.sh
$ _output/go/bin/kubecfg -version=raw
version.Info{Major:"2", Minor:"3+", GitVersion:"v2.3-dirty", GitCommit:"7d29873bdee87efacaace30ab3602297cacf1b4f", GitTreeState:"dirty"}
- Tagging a previous version on a clean tree:
$ git tag -a -m 'Test tag v2.3' v2.3 HEAD~5
$ hack/build-go.sh
$ _output/go/bin/kubecfg -version=raw
version.Info{Major:"2", Minor:"3+", GitVersion:"v2.3-6-g7d29873bdee87e", GitCommit:"7d29873bdee87efacaace30ab3602297cacf1b4f", GitTreeState:"clean"}
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
Clayton Coleman