Add a task for creating a GKE cluster for e2e tests 🧪 #436
Conversation
tekton-robot
added
the
size/L
|
@ixdy this might be relevant to your interests! I'm trying to replicate more kubetest functionality in Tekton Tasks. Also if you happen to know of anything else that is done to the clusters kubetest creates that I've missed plz lemme know. |
bobcatfish
force-pushed
the
create_e2e_gke
branch
from
62bcb66
to
d6fe893
Compare
|
/test pull-tekton-catalog-integration-tests |
gke-e2e-cluster-create/0.1/README.md
Outdated
| @@ -0,0 +1,43 @@ | |||
| # GKE End to End Cluster Create | |||
There was a problem hiding this comment.
Any reason the name and tags all include "e2e" and "end to end"? This seems much more broadly useful than the end to end tests, even though that's what you're using it for.
There was a problem hiding this comment.
I wasn't sure what else to call it - i thought it would be doing more e2e specific stuff, but I guess the only thing is the firewall? Maybe that's a reasonable firewall to start a cluster off with? I'm happy to just call it create GKE cluster!
| # Create a network and a new cluster | ||
| gcloud compute networks create $UNIQUE_NAME --project $(params.project-name) --subnet-mode=auto | ||
| gcloud beta container clusters create \ |
There was a problem hiding this comment.
Why do we need to use beta here?
There was a problem hiding this comment.
i don't know! thats what kubetest was doing but ill remove it and if that still works then 👍
| # Configure gcloud to use the provided project and service account | ||
| gcloud auth activate-service-account --key-file=$(workspaces.gcp-service-account.path)/$(params.private-key-path) | ||
| gcloud config set project $(params.project-name) |
There was a problem hiding this comment.
Is this call really required? you pass --project on every command below anyway.
There was a problem hiding this comment.
oh yeah good point
plus this command always gives me this weird warning about the project not existing which is just not true :D
| --allow=tcp:22,tcp:80,tcp:8080,tcp:30000-32767,udp:30000-32767 \ | ||
| --target-tags=$INSTANCE_TAG | ||
| printf $UNIQUE_NAME > /tekton/results/cluster-name |
| spec: | ||
| resources: | ||
| requests: | ||
| storage: 5Gi |
There was a problem hiding this comment.
not sure it matters, but the kubeconfig probably won't be 5 gigs :)
There was a problem hiding this comment.
but how do you know
| --allow=tcp:22,tcp:80,tcp:8080,tcp:30000-32767,udp:30000-32767 \ | ||
| --target-tags=$INSTANCE_TAG | ||
| printf $UNIQUE_NAME > /tekton/results/cluster-name |
There was a problem hiding this comment.
Oooh one other one - the cluster name by itself isn't actually that useful - you generally need the region/zone to access it as well. Would that make sense as a result too? Or I guess we maybe don't need it since it's a param.
There was a problem hiding this comment.
whatever you think is best! it feels a bit weird to replicated something that is passed in as a param but if you think it's worth it, ill do it!
(maybe one day we'll have some kind of "cluster info" result type that will have all of this info?)
|
ps @dlorenc do you wanna be an OWNER of this Task? no pressure :D |
As part of tektoncd#373 I'm continuing to create Tasks that we can use to run tests for items in the catalog. This Task creates a cluster within a GKE project and is based on the way we create clusters for the existing end to end tests we have in Tekton, which are themselves based on Knative, when are THEMselves based on k8s. These tests all use a tool called kubetest, which is responsible for invoking boskos (see tektoncd#408) and creating a GKE cluster (https://github.com/kubernetes/test-infra/tree/master/kubetest). This Task attempts to create a cluster in the same way, which based on the output in the end to end logs seems to consist of creating the cluster and setting up a firewall for it. I'm not sure if this belongs in the catalog itself since it is specific to our own end to end tests and isn't as generic as other catalog tests, so if we want to move this into the test directory that seems fine, but I also think it could be an okay addition to the catalog on its own (esp if other k8s based projects that test against GKE want to use it.)
bobcatfish
force-pushed
the
create_e2e_gke
branch
from
d6fe893
to
2d5ea2c
Compare
|
Ready for another look @dlorenc ! |
|
/lgtm |
|
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
As part of tektoncd#373 I'm continuing to create Tasks that we can use to run tests for items in the catalog. The goal of the 2 Tasks in this commit is to install Tekton Pipelines into a cluster that was created using the Task added in tektoncd#436. There are a couple of options different from what I did in this commit which I'd like people's opinions on: 1. I went to a lot of trouble to make it so that Pipelines can be installed with just a kubectl command, specifically creating a user with cluster admin priviledges. If instead I used a container with gcloud, I could use the same approach as other GKE specific Tasks, but I wanted to make the install Task not tied to GKE. I also had to give the prow-account more priviledges in all of our boskos projects for this to work :grimace:. So my question is: is this worth it, or am I better off just creating a GKE specific Task for installing Tekton Pipelines that uses gcloud to auth? 2. If we DO want a super generic Task, how useful is this Task that just applies a Tekton yaml? Would we be better off with a generic kubectl task that I could feed the exact arguments for installing Tekton Pipelines? The other confusion I ran into here (which I am going to follow up with @sbwsg about!) is around service accounts vs. secrets. The GKE Tasks I've made so far rely on secrets provided via workspaces, but I feel like it's not clear if it makes sense to go that route, or to rely on service accounts. In the meantime this approach is at least consistent with tektoncd#436.
As part of tektoncd#373 I'm continuing to create Tasks that we can use to run tests for items in the catalog. The goal of the 2 Tasks in this commit is to install Tekton Pipelines into a cluster that was created using the Task added in tektoncd#436. There are a couple of options different from what I did in this commit which I'd like people's opinions on: 1. I went to a lot of trouble to make it so that Pipelines can be installed with just a kubectl command, specifically creating a user with cluster admin priviledges. If instead I used a container with gcloud, I could use the same approach as other GKE specific Tasks, but I wanted to make the install Task not tied to GKE. I also had to give the prow-account more priviledges in all of our boskos projects for this to work :grimace:. So my question is: is this worth it, or am I better off just creating a GKE specific Task for installing Tekton Pipelines that uses gcloud to auth? 2. If we DO want a super generic Task, how useful is this Task that just applies a Tekton yaml? Would we be better off with a generic kubectl task that I could feed the exact arguments for installing Tekton Pipelines? The other confusion I ran into here (which I am going to follow up with @sbwsg about!) is around service accounts vs. secrets. The GKE Tasks I've made so far rely on secrets provided via workspaces, but I feel like it's not clear if it makes sense to go that route, or to rely on service accounts. In the meantime this approach is at least consistent with tektoncd#436.
Changes
As part of #373 I'm continuing to create Tasks that we can use to run
tests for items in the catalog. This Task creates a cluster within a GKE
project and is based on the way we create clusters for the existing end
to end tests we have in Tekton, which are themselves based on Knative,
when are THEMselves based on k8s. These tests all use a tool called
kubetest, which is responsible for invoking boskos (see #408) and
creating a GKE cluster
(https://github.com/kubernetes/test-infra/tree/master/kubetest).
This Task attempts to create a cluster in the same way, which based on the
output in the end to end logs seems to consist of creating the cluster
and setting up a firewall for it.
I'm not sure if this belongs in the catalog itself since it is specific
to our own end to end tests and isn't as generic as other catalog tests,
so if we want to move this into the test directory that seems fine, but
I also think it could be an okay addition to the catalog on its own (esp
if other k8s based projects that test against GKE want to use it.)
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
File path follows
<kind>/<name>/<version>/name.yamlHas
README.mdat<kind>/<name>/<version>/README.mdHas mandatory
metadata.labels-app.kubernetes.io/versionthe same as the<version>of the resourceHas mandatory
metadata.annotationstekton.dev/pipelines.minVersionmandatory
spec.descriptionfollows the conventionSee the contribution guide
for more details.