Skip to content

releng: Configure kubernetes-build prototype jobs to use the GCB builder #14788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 22, 2019
Merged

releng: Configure kubernetes-build prototype jobs to use the GCB builder #14788

merged 1 commit into from
Oct 22, 2019

Conversation

@justaugustus
Copy link
Member

@justaugustus justaugustus commented Oct 15, 2019
edited
Loading

With #14747 merged and kubernetes/release#900 in flight, we'll have the ability to submit Google Cloud Build (GCB) jobs, which mimic the kubernetes_build scenario that runs in the ci-kubernetes-build and ci-kubernetes-build-fast test jobs.

The intent here is to vet this new test setup, while also starting to seed build artifacts in the CNCF-sponsored k8s-staging-release-test GCP project.

/hold

Doing this so we can leverage credentials that actually have access to
write to the k8s-staging-release-test GCS buckets.

ref: https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/ci-kubernetes-shadow-build/1184196943560052740, https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/ci-kubernetes-shadow-build-fast/1184206760995459074

W1015 20:56:48.455] Run: ('../release/push-build.sh', '--nomock', '--verbose', '--ci', '--release-kind=kubernetes', '--bucket=k8s-staging-release-test', '--docker-registry=gcr.io/k8s-staging-release-test', '--extra-publish-file=k8s-master', '--allow-dup')
I1015 20:56:48.560] push-build.sh: BEGIN main on 23f1240c-ef86-11e9-90f3-324215531d4f Tue Oct 15 20:56:48 UTC 2019
I1015 20:56:48.560] 
I1015 20:56:48.604] 
I1015 20:56:48.609] push-build.sh is running a *REAL* push!!
I1015 20:56:48.615] 
I1015 20:56:48.618] 
I1015 20:56:48.621] ================================================================================
I1015 20:56:48.626] CHECK PREREQUISITES
I1015 20:56:48.629] ================================================================================
I1015 20:56:48.633] 
I1015 20:56:48.646] Checking/setting cloud tools: OK
I1015 20:56:50.750] Check release bucket k8s-staging-release-test: 
I1015 20:56:50.750] push-build.sh::main(): release::gcs::check_release_bucket k8s-staging-release-test
I1015 20:56:52.646] Checking write access to bucket k8s-staging-release-test: 
I1015 20:56:52.647] push-build.sh::release::gcs::check_release_bucket(): touch /tmp/push-build.sh-gcs-write.280970
I1015 20:56:52.652] 
I1015 20:56:52.653] push-build.sh::release::gcs::check_release_bucket(): /google-cloud-sdk/bin/gsutil cp /tmp/push-build.sh-gcs-write.280970 gs://k8s-staging-release-test
I1015 20:56:53.693] Copying file:///tmp/push-build.sh-gcs-write.280970 [Content-Type=application/octet-stream]...
I1015 20:56:53.784] / [0 files][    0.0 B/    0.0 B]                                                
AccessDeniedException: 403 pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com does not have storage.objects.create access to k8s-staging-release-test/push-build.sh-gcs-write.280970.
I1015 20:56:53.912] FAILED: You do not have access/write permission on k8s-staging-release-test. Unable
I1015 20:56:53.912] to continue.
I1015 20:56:53.915] FAILED
I1015 20:56:53.918] 
I1015 20:56:53.921] push-build.sh: DONE main on 23f1240c-ef86-11e9-90f3-324215531d4f Tue Oct 15 20:56:53 UTC 2019 in 5s
W1015 20:56:53.941] Traceback (most recent call last):
W1015 20:56:53.941]   File "/workspace/./test-infra/jenkins/../scenarios/kubernetes_build.py", line 165, in <module>
W1015 20:56:53.942]     main(ARGS)
W1015 20:56:53.942]   File "/workspace/./test-infra/jenkins/../scenarios/kubernetes_build.py", line 137, in main
W1015 20:56:53.942]     check(args.push_build_script, *push_build_args)
W1015 20:56:53.942]   File "/workspace/./test-infra/jenkins/../scenarios/kubernetes_build.py", line 32, in check
W1015 20:56:53.942]     subprocess.check_call(cmd)
W1015 20:56:53.942]   File "/usr/lib/python2.7/subprocess.py", line 186, in check_call
W1015 20:56:53.942]     raise CalledProcessError(retcode, cmd)
W1015 20:56:53.942] subprocess.CalledProcessError: Command '('../release/push-build.sh', '--nomock', '--verbose', '--ci', '--release-kind=kubernetes', '--bucket=k8s-staging-release-test', '--docker-registry=gcr.io/k8s-staging-release-test', '--extra-publish-file=k8s-master', '--allow-dup')' returned non-zero exit status 1
E1015 20:56:53.943] Command failed
I1015 20:56:53.943] process 507 exited with code 1 after 56.9m
E1015 20:56:53.943] FAIL: ci-kubernetes-shadow-build

Signed-off-by: Stephen Augustus saugustus@vmware.com

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 15, 2019
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/config Issues or PRs related to code in /config area/release-eng Issues or PRs related to the Release Engineering subproject sig/release Categorizes an issue or PR as relevant to SIG Release. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Oct 15, 2019
@justaugustus justaugustus force-pushed the shadow-build branch 2 times, most recently from e427bc3 to ce58f9a Compare October 21, 2019 06:11
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 21, 2019
@justaugustus justaugustus changed the title releng: Move shadow kubernetes builds to test-infra-trusted cluster releng: Configure shadow kubernetes builds to use the GCB builder image Oct 21, 2019
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 21, 2019
@justaugustus
Copy link
Member Author

justaugustus commented Oct 21, 2019

I think this is ready for review:
/assign @Katharine @tpepper @calebamiles
cc: @kubernetes/release-engineering

@Katharine
Copy link
Member

Katharine commented Oct 21, 2019
edited
Loading

/lgtm

I'll approve when the corresponding PR merges.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 21, 2019
@justaugustus justaugustus mentioned this pull request Oct 21, 2019
Merged
tpepper
tpepper suggested changes Oct 21, 2019
View reviewed changes
config/jobs/image-pushing/k8s-staging-release-test.yaml Outdated
annotations:
fork-per-release: "true"
fork-per-release-generic-suffix: "true"
testgrid-dashboards: sig-release-shadow-master-blocking
Copy link

@tpepper tpepper Oct 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of the word "shadow" seems a bit opaque once you come at this PR from the perspective of seeing it on testgrid. Is there a more plainly descriptive name it might have?

Copy link

@tpepper tpepper Oct 22, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe sig-release-prototype-master-blocking?

Copy link
Member Author

@justaugustus justaugustus Oct 22, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that. Will make the changes shortly.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 21, 2019
@justaugustus justaugustus changed the title releng: Configure shadow kubernetes builds to use the GCB builder image releng: Configure kubernetes-build prototype jobs to use the GCB builder Oct 22, 2019
@tpepper
Copy link

tpepper commented Oct 22, 2019

lgtm

@justaugustus
releng: Configure kubernetes-build prototype jobs to use the GCB builder
c2e1035 
The "image-builder" image now supports submitting "--no-source" GCB
builds. This PR leverages the new builder image to mimic the
kubernetes-build scenario via GCB instead of using the long-deprecated
bootstrap image.

Signed-off-by: Stephen Augustus <saugustus@vmware.com>
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 22, 2019
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Oct 22, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justaugustus, Katharine

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 22, 2019
@k8s-ci-robot k8s-ci-robot merged commit 315f04b into kubernetes:master Oct 22, 2019
@k8s-ci-robot k8s-ci-robot added this to the v1.17 milestone Oct 22, 2019
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Oct 22, 2019

@justaugustus: Updated the job-config configmap in namespace default using the following files:

  • key k8s-staging-release-test.yaml using file config/jobs/image-pushing/k8s-staging-release-test.yaml
  • key shadow-builds.yaml using file ``

In response to this:

With #14747 merged and kubernetes/release#900 in flight, we'll have the ability to submit Google Cloud Build (GCB) jobs, which mimic the kubernetes_build scenario that runs in the ci-kubernetes-build and ci-kubernetes-build-fast test jobs.

The intent here is to vet this new test setup, while also starting to seed build artifacts in the CNCF-sponsored k8s-staging-release-test GCP project.

/hold

Doing this so we can leverage credentials that actually have access to
write to the k8s-staging-release-test GCS buckets.

ref: https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/ci-kubernetes-shadow-build/1184196943560052740, https://prow.k8s.io/view/gcs/kubernetes-jenkins/logs/ci-kubernetes-shadow-build-fast/1184206760995459074

W1015 20:56:48.455] Run: ('../release/push-build.sh', '--nomock', '--verbose', '--ci', '--release-kind=kubernetes', '--bucket=k8s-staging-release-test', '--docker-registry=gcr.io/k8s-staging-release-test', '--extra-publish-file=k8s-master', '--allow-dup')
I1015 20:56:48.560] push-build.sh: BEGIN main on 23f1240c-ef86-11e9-90f3-324215531d4f Tue Oct 15 20:56:48 UTC 2019
I1015 20:56:48.560] 
I1015 20:56:48.604] 
I1015 20:56:48.609] push-build.sh is running a *REAL* push!!
I1015 20:56:48.615] 
I1015 20:56:48.618] 
I1015 20:56:48.621] ================================================================================
I1015 20:56:48.626] CHECK PREREQUISITES
I1015 20:56:48.629] ================================================================================
I1015 20:56:48.633] 
I1015 20:56:48.646] Checking/setting cloud tools: OK
I1015 20:56:50.750] Check release bucket k8s-staging-release-test: 
I1015 20:56:50.750] push-build.sh::main(): release::gcs::check_release_bucket k8s-staging-release-test
I1015 20:56:52.646] Checking write access to bucket k8s-staging-release-test: 
I1015 20:56:52.647] push-build.sh::release::gcs::check_release_bucket(): touch /tmp/push-build.sh-gcs-write.280970
I1015 20:56:52.652] 
I1015 20:56:52.653] push-build.sh::release::gcs::check_release_bucket(): /google-cloud-sdk/bin/gsutil cp /tmp/push-build.sh-gcs-write.280970 gs://k8s-staging-release-test
I1015 20:56:53.693] Copying file:///tmp/push-build.sh-gcs-write.280970 [Content-Type=application/octet-stream]...
I1015 20:56:53.784] / [0 files][    0.0 B/    0.0 B]                                                
AccessDeniedException: 403 pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com does not have storage.objects.create access to k8s-staging-release-test/push-build.sh-gcs-write.280970.
I1015 20:56:53.912] FAILED: You do not have access/write permission on k8s-staging-release-test. Unable
I1015 20:56:53.912] to continue.
I1015 20:56:53.915] FAILED
I1015 20:56:53.918] 
I1015 20:56:53.921] push-build.sh: DONE main on 23f1240c-ef86-11e9-90f3-324215531d4f Tue Oct 15 20:56:53 UTC 2019 in 5s
W1015 20:56:53.941] Traceback (most recent call last):
W1015 20:56:53.941]   File "/workspace/./test-infra/jenkins/../scenarios/kubernetes_build.py", line 165, in <module>
W1015 20:56:53.942]     main(ARGS)
W1015 20:56:53.942]   File "/workspace/./test-infra/jenkins/../scenarios/kubernetes_build.py", line 137, in main
W1015 20:56:53.942]     check(args.push_build_script, *push_build_args)
W1015 20:56:53.942]   File "/workspace/./test-infra/jenkins/../scenarios/kubernetes_build.py", line 32, in check
W1015 20:56:53.942]     subprocess.check_call(cmd)
W1015 20:56:53.942]   File "/usr/lib/python2.7/subprocess.py", line 186, in check_call
W1015 20:56:53.942]     raise CalledProcessError(retcode, cmd)
W1015 20:56:53.942] subprocess.CalledProcessError: Command '('../release/push-build.sh', '--nomock', '--verbose', '--ci', '--release-kind=kubernetes', '--bucket=k8s-staging-release-test', '--docker-registry=gcr.io/k8s-staging-release-test', '--extra-publish-file=k8s-master', '--allow-dup')' returned non-zero exit status 1
E1015 20:56:53.943] Command failed
I1015 20:56:53.943] process 507 exited with code 1 after 56.9m
E1015 20:56:53.943] FAIL: ci-kubernetes-shadow-build

Signed-off-by: Stephen Augustus saugustus@vmware.com

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

This was referenced Oct 22, 2019
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cblecker cblecker Awaiting requested review from cblecker

@chases2 chases2 Awaiting requested review from chases2

2 more reviewers

@tpepper tpepper tpepper requested changes

@Katharine Katharine Katharine approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Katharine Katharine

@calebamiles calebamiles

@tpepper tpepper

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/config Issues or PRs related to code in /config area/release-eng Issues or PRs related to the Release Engineering subproject area/testgrid cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/release Categorizes an issue or PR as relevant to SIG Release. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

v1.17

Development

Successfully merging this pull request may close these issues.

5 participants

@justaugustus @Katharine @tpepper @k8s-ci-robot @calebamiles