Federation e2e support for AWS #27791
Conversation
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
3 similar comments
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
k8s-github-robot
added
size/M
| @@ -22,7 +22,11 @@ spec: | |||
| - --etcd-servers=http://localhost:2379 | |||
| - --service-cluster-ip-range={{.FEDERATION_SERVICE_CIDR}} | |||
| - --secure-port=443 | |||
| {{if eq .KUBERNETES_PROVIDER "aws"}} | |||
| - --external-hostname={{.FEDERATION_API_HOST}} | |||
There was a problem hiding this comment.
I am not sure why is this AWS specific.
There was a problem hiding this comment.
What does not work if we do not set this?
Reading the documentation, I get the impression that if its a public IP, we can set it to external-hostname.
And if its a cluster IP, we can set it to advertise-address.
There was a problem hiding this comment.
IIRC, it's something to do with the automatic certificate generation logic and AWS loadbalancers giving your DNS names instead of IP addresses.
There was a problem hiding this comment.
IIUC, the DNS name is cluster internal only? Doesnt seem right to set it as external-hostname.
cc @lavalamp
|
ok to test @kubernetes/sig-cluster-federation |
|
Looking at the logs, federation apiserver test passed, and the 2 federation service tests failed. Those 2 tests are failing on GCE as well right now. federation apiserver test passing means that bring up worked fine. So this is good! |
|
Awesome! Thanks for this @colhom. I'll take a deeper look into the logs to confirm that the reasons for those two tests failures are the same reasons for failures on GCE and GKE. If so, we already have fixes in the works. |
|
@colhom FYI manual GKE validation was done by Kelsey Hightower recently. See: https://github.com/kelseyhightower/kubernetes-cluster-federation |
|
@colhom You seem to be running as an old version of the tests, as the line numbers in your log file don't line up with the line numbers in upstream/master:HEAD. Could you perhaps rebase and rerun? Note also that you're probably running into #27802 which is now merged. So all-in-all, a rebase and rebuild would be very useful right now. |
| @@ -135,6 +135,30 @@ function create-federation-api-objects { | |||
| fi | |||
| sleep 5 | |||
| done | |||
|
|
|||
| # Poll until DNS record for federation-apiserver is propagated | |||
There was a problem hiding this comment.
What happens if we do not wait?
There was a problem hiding this comment.
kubectl will fail because the DNS name for the ELB could not be resolved. I guess we could soak that up by retrying kubectl for a few minutes, but this seems more explicit.
colhom
force-pushed
the
gke-aws-federation
branch
from
3a14e1b to
5bacc48
Compare
|
@quinton-hoole rebased, I'll let you know how it goes. |
|
GCE e2e build/test passed for commit 5bacc48. |
|
@colhom How do your results look after the rebase? |
ghost
added
the
priority/important-soon
| @@ -1491,7 +1491,7 @@ function test-build-release { | |||
| # Assumed vars: | |||
| # Variables from config.sh | |||
| function test-setup { | |||
| "${KUBE_ROOT}/cluster/kube-up.sh" | |||
| . "${KUBE_ROOT}/cluster/kube-up.sh" | |||
There was a problem hiding this comment.
Without it, subsequent calls to things like detect-security-group will fail as VPC_ID is set within kube-up and hence will not be availabile if kube-up.sh executes in a sub-process.
ghost
added
release-note
ghost
added
lgtm
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e build/test passed for commit 5bacc48. |
|
Automatic merge from submit-queue |
|
Our e2e tests on jenkins are failing right now and I suspect this is the culprit. cc @kubernetes/sig-cluster-federation |
|
Verified that the test turned red right after this PR was merged. |
Automatic merge from submit-queue Revert "Federation e2e supports aws" Reverting #27791 to get our Jenkins tests green again. cc @kubernetes/sig-cluster-federation
|
@colhom Have you managed to figure out what went wrong here? |
|
Sorry, just saw your comments on #28030. We'll have to fix the nslookup issue. |
Automatic merge from submit-queue Revert "Federation e2e supports aws" Reverting kubernetes#27791 to get our Jenkins tests green again. cc @kubernetes/sig-cluster-federation (cherry picked from commit e93608c)
I've observed e2e test failures on the two local runs I did, but the framework seems to come up successfully. logs. Ideas on this?
I'm in the process of validating GKE as well, and will modify the title if it succeeds.
\cc @nikhiljindal @quinton-hoole