-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Let Kaniko E2E test work with a KO_DOCKER_REPO env #4401
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cc @vdemeester |
a766e09
to
1a64c95
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds ok, I just need to validate that it works fine on our OpenShift CI 😅
8ee2448
to
88681e9
Compare
d5247e3
to
6c0e090
Compare
/test pull-tekton-pipeline-alpha-integration-tests |
6c0e090
to
1b6305c
Compare
/test pull-tekton-pipeline-unit-tests |
If test runner set a KO_DOCKER_REPO variable, use it, so we run the tests against an external container registry. If not set, the kaniko tests will spin up its own local registry. Bring back the GCP secret support so this works in the existing CI, but also supports the case where KO_DOCKER_REPO points to a container registry where no secret required, like in the kind based tests. Add a "test_setup" function to the e2e script, which is picked up after the setup of the cluster, which provisions a GCP service account to be used by tests via the GCP_SERVICE_ACCOUNT_KEY_PATH env variable. Since the local registry runs on HTTP (not HTTPS), the local registry approach does not work for the helm test as the kubelet tries to use HTTPS. If KO_DOCKER_REPO is not specified we either fail or skip the test (no change in behaviour) depending on the value of missingKoFatal This setup makes it easier to run E2E tests in different environments, where a registry may or may not be available. Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>
1b6305c
to
cdec71d
Compare
@afrittoli: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
1 similar comment
@afrittoli: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Creating a service account with the right permissions to run the tests does not seem to work:
|
/hold |
@vdemeester I think this would be ok as:
cc @barthy1 |
just fyi I've tested the proposed code with s390x nightly pipeline test suite (pure k8s, KO_DOCKER_REPO is specified and remote, registry is HTTP). Everything works perfectly. |
Issues go stale after 90d of inactivity. /lifecycle stale Send feedback to tektoncd/plumbing. |
@afrittoli: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Stale issues rot after 30d of inactivity. /lifecycle rotten Send feedback to tektoncd/plumbing. |
Rotten issues close after 30d of inactivity. /close Send feedback to tektoncd/plumbing. |
@tekton-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Changes
If test runner set a KO_DOCKER_REPO variable, use it, so we run the tests
against an external container registry. If not set, the kaniko tests
will spin up its own local registry. Bring back the GCP secret support
so this works in the existing CI, but also supports the case where
KO_DOCKER_REPO points to a container registry where no secret required,
like in the kind based tests.
Add a "test_setup" function to the e2e script, which is picked up after
the setup of the cluster, which provisions a GCP service account to be
used by tests via the GCP_SERVICE_ACCOUNT_KEY_PATH env variable.
Since the local registry runs on HTTP (not HTTPS), the local registry
approach does not work for the helm test as the kubelet tries to use
HTTPS. If KO_DOCKER_REPO is not specified we either fail or skip the
test (no change in behaviour) depending on the value of missingKoFatal
This setup makes it easier to run E2E tests in different environments,
where a registry may or may not be available.
Signed-off-by: Andrea Frittoli andrea.frittoli@uk.ibm.com
/kind misc
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
functionality, content, code)
Release Notes