Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate binary promotion #2624

Closed
justinsb opened this issue Aug 27, 2021 · 9 comments
Closed

Automate binary promotion #2624

justinsb opened this issue Aug 27, 2021 · 9 comments
Assignees
@justaugustus @ameukam
Labels
area/artifacts Issues or PRs related to the hosting of release artifacts for subprojects area/release-eng Issues or PRs related to the Release Engineering subproject priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/release Categorizes an issue or PR as relevant to SIG Release.
Milestone
v1.23

Comments

@justinsb
Copy link
Member

Opening per discussion with @ameukam in kOps office hours today.

We have jobs that automatically promote container images (that I believe are defined here. The kOps project has been running the binary promoter for about a year+ now, including proposing artifacts etc, but we have run it by hand.

The binary promoter was originally developed alongside the container-image-promoter, but has since moved into the release project (cc @justaugustus )

Now that we have more projects wanting to do binary promotion (e.g. the CSI project), and given that kOps has been using it successfully, we should complete the automation here by running the promotion itself automatically.

I think we "just" need to create appropriate jobs that mirror the CIP jobs but run the binary promoter instead.
@ameukam
Copy link
Member

ameukam commented Aug 27, 2021

/area artifacts
/sig release
/area release-eng
/milestone v1.23

/assign

@k8s-ci-robot k8s-ci-robot added area/artifacts Issues or PRs related to the hosting of release artifacts for subprojects sig/release Categorizes an issue or PR as relevant to SIG Release. area/release-eng Issues or PRs related to the Release Engineering subproject labels Aug 27, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Aug 27, 2021
@justaugustus
Copy link
Member

@justinsb @ameukam -- Let's see if we can find some time to catch up next week on this.

I'll start poking on the RelEng side:
/assign

@ameukam ameukam mentioned this issue Aug 30, 2021
Closed
@justaugustus justaugustus mentioned this issue Aug 31, 2021
Merged
@justaugustus
Copy link
Member

I'll start poking on the RelEng side:
/assign

Starting here: kubernetes/test-infra#23416

@justaugustus justaugustus mentioned this issue Aug 31, 2021
Merged
@justaugustus justaugustus mentioned this issue Aug 31, 2021
Merged
@justaugustus
Copy link
Member

justaugustus commented Aug 31, 2021
edited
Loading

Status:

Slack thread: https://kubernetes.slack.com/archives/CJH2GBF7Y/p1630416874004700

This was referenced Aug 31, 2021
Merged
Merged
Merged
Merged
Merged
@justaugustus
Copy link
Member

Status comment is here, but just to say a little more...

I've restored all of the promotion tools to the CIP repo, which is easier to do now that bazel has been removed (thanks @tylerferrara + @listx).

kpromo images build in presubmit (test env) and postsubmit (staging env).

There's a test periodic job for file promotion, which is analogous to the image promoter periodic (but uses debug values).

I tried a few things locally just to check out the outputs...

Release file(s) (do exist in prod)

time docker run -v $(pwd):/workspace -it gcr.io/k8s-staging-artifact-promoter/kpromo-amd64:v0.1.0-1 run files --filestores=/workspace/filestores/k8s-staging-kops/filepromoter-manifest.yaml --files=/workspace/manifests/k8s-staging-kops/1.21.1.yaml --dry-run=true
********** START (DRY RUN) **********
INFO processing destination "gs://k8s-artifacts-prod/binaries/kops/"
INFO listing files in bucket k8s-staging-kops with prefix "kops/releases/"
INFO listing files in bucket k8s-artifacts-prod with prefix "binaries/kops/"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/darwin/amd64/kops"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/darwin/amd64/kops.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/dns-controller-amd64.tar.gz"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/dns-controller-amd64.tar.gz.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/dns-controller-arm64.tar.gz"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/dns-controller-arm64.tar.gz.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/images.tar.gz"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/images.tar.gz.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kops-controller-amd64.tar.gz"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kops-controller-amd64.tar.gz.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kops-controller-arm64.tar.gz"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kops-controller-arm64.tar.gz.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kube-apiserver-healthcheck-amd64.tar.gz"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kube-apiserver-healthcheck-amd64.tar.gz.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kube-apiserver-healthcheck-arm64.tar.gz"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/images/kube-apiserver-healthcheck-arm64.tar.gz.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/channels"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/channels.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/kops"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/kops.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/nodeup"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/nodeup.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/protokube"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/amd64/protokube.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/channels"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/channels.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/kops"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/kops.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/nodeup"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/nodeup.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/protokube"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/linux/arm64/protokube.sha256"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/windows/amd64/kops.exe"
INFO metadata match for "gs://k8s-artifacts-prod/binaries/kops/1.21.1/windows/amd64/kops.exe.sha256"
********** FINISHED (DRY RUN) **********
docker run -v $(pwd):/workspace -it  run files   --dry-run=true  0.13s user 0.11s system 8% cpu 2.627 total

Release file(s) (do NOT exist in prod)

time docker run -v $(pwd):/workspace -it gcr.io/k8s-staging-artifact-promoter/kpromo-amd64:v0.1.0-1 run files --filestores=/workspace/filestores/k8s-staging-kops/filepromoter-manifest.yaml --files=/workspace/manifests/k8s-staging-kops/1.23.0-alpha.1.yaml --dry-run=true
********** START (DRY RUN) **********
INFO processing destination "gs://k8s-artifacts-prod/binaries/kops/"
INFO listing files in bucket k8s-staging-kops with prefix "kops/releases/"
INFO listing files in bucket k8s-artifacts-prod with prefix "binaries/kops/"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/darwin/amd64/kops" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/darwin/amd64/kops"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/darwin/amd64/kops.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/darwin/amd64/kops.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/darwin/arm64/kops" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/darwin/arm64/kops"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/darwin/arm64/kops.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/darwin/arm64/kops.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/dns-controller-amd64.tar.gz" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/dns-controller-amd64.tar.gz"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/dns-controller-amd64.tar.gz.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/dns-controller-amd64.tar.gz.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/dns-controller-arm64.tar.gz" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/dns-controller-arm64.tar.gz"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/dns-controller-arm64.tar.gz.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/dns-controller-arm64.tar.gz.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/images.tar.gz" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/images.tar.gz"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/images.tar.gz.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/images.tar.gz.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kops-controller-amd64.tar.gz" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kops-controller-amd64.tar.gz"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kops-controller-amd64.tar.gz.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kops-controller-amd64.tar.gz.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kops-controller-arm64.tar.gz" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kops-controller-arm64.tar.gz"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kops-controller-arm64.tar.gz.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kops-controller-arm64.tar.gz.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kube-apiserver-healthcheck-amd64.tar.gz" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kube-apiserver-healthcheck-amd64.tar.gz"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kube-apiserver-healthcheck-amd64.tar.gz.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kube-apiserver-healthcheck-amd64.tar.gz.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kube-apiserver-healthcheck-arm64.tar.gz" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kube-apiserver-healthcheck-arm64.tar.gz"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/images/kube-apiserver-healthcheck-arm64.tar.gz.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/images/kube-apiserver-healthcheck-arm64.tar.gz.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/channels" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/channels"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/channels.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/channels.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/kops" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/kops"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/kops.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/kops.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/nodeup" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/nodeup"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/nodeup.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/nodeup.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/protokube" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/protokube"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/amd64/protokube.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/amd64/protokube.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/channels" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/channels"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/channels.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/channels.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/kops" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/kops"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/kops.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/kops.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/nodeup" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/nodeup"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/nodeup.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/nodeup.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/protokube" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/protokube"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/linux/arm64/protokube.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/linux/arm64/protokube.sha256"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/windows/amd64/kops.exe" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/windows/amd64/kops.exe"
COPY "gs://k8s-staging-kops/kops/releases/1.23.0-alpha.1/windows/amd64/kops.exe.sha256" to "gs://k8s-artifacts-prod/binaries/kops/1.23.0-alpha.1/windows/amd64/kops.exe.sha256"
********** FINISHED (DRY RUN) **********
docker run -v $(pwd):/workspace -it  run files   --dry-run=true  0.12s user 0.15s system 9% cpu 2.820 total

Full project directory

time docker run -v $(pwd):/workspace -it gcr.io/k8s-staging-artifact-promoter/kpromo-amd64:v0.1.0-1 run files --filestores=/workspace/filestores/k8s-staging-kops/filepromoter-manifest.yaml --files=/workspace/manifests/k8s-staging-kops --dry-run=true
********** START (DRY RUN) **********
INFO processing destination "gs://k8s-artifacts-prod/binaries/kops/"
INFO listing files in bucket k8s-staging-kops with prefix "kops/releases/"
INFO listing files in bucket k8s-artifacts-prod with prefix "binaries/kops/"
FATA run `kpromo run files`: error building operations: error building promotion operations for "gs://k8s-artifacts-prod/binaries/kops/": file "1.16.0/darwin/amd64/kops" not found in source ("gs://k8s-staging-kops/kops/releases/1.16.0/darwin/amd64/kops")
docker run -v $(pwd):/workspace -it  run files   --dry-run=true  0.14s user 0.13s system 9% cpu 2.830 total

tl;dr -- I see a few things to work on/ask questions about:

  • Ensuring restrictions on top-level prod writes
  • Support for multiple manifests (all staging projects) and multiple releases (per project)
  • Enable manifests with artifacts that no longer exist on staging buckets to be skipped (we expect the staging artifacts to age out)
    • We should still report the issue, and:
    • Probably still call this a failure if any of the assets in a single manifest are not found i.e., if there were supposed to be 10 files in a 1.16 release but we only find 1, the copy should be skipped and reported on
  • Should we allow backfill operations on a directory i.e., if the staging directory initially had 10 objects, but now has 15, do we care that 5 objects will be promoted on the next run?
    • Should this be configurable per project?

I'll be working on some of this in kubernetes-sigs/promo-tools#409.

@spiffxp
Copy link
Member

spiffxp commented Sep 2, 2021

/priority important-soon
/milestone v1.23

@k8s-ci-robot k8s-ci-robot added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Sep 2, 2021
This was referenced Sep 6, 2021
Merged
Merged
Merged
This was referenced Sep 7, 2021
Merged
Open
Closed
@justaugustus
Copy link
Member

So we're capturing the repo-specific particulars, I've opened kubernetes-sigs/promo-tools#413.

I was blocked on some account auth issues, but after chatting w/ @justinsb, I've validated some next steps.
Stay tuned!

This was referenced Sep 8, 2021
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@justaugustus
Copy link
Member

justaugustus commented Sep 13, 2021
edited
Loading

File promotion is live as of this weekend via kubernetes/test-infra#23571, https://github.com/kubernetes-sigs/k8s-container-image-promoter/releases/tag/v1.339.0, https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/ci-k8sio-file-promo/1437149962537275392.

Docs are here: #2711

Please add any follow-ups to kubernetes-sigs/promo-tools#413.
/close

@k8s-ci-robot
Copy link
Contributor

@justaugustus: Closing this issue.

In response to this:

File promotion is live as of this weekend via kubernetes/test-infra#23571.
Docs are here: #2711

Please add any follow-ups to kubernetes-sigs/promo-tools#413.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rifelpet rifelpet mentioned this issue Sep 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@justaugustus justaugustus

@ameukam ameukam

Labels
area/artifacts Issues or PRs related to the hosting of release artifacts for subprojects area/release-eng Issues or PRs related to the Release Engineering subproject priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/release Categorizes an issue or PR as relevant to SIG Release.
Projects
None yet
Milestone
v1.23
Development

No branches or pull requests
5 participants
@spiffxp @justinsb @justaugustus @ameukam @k8s-ci-robot