Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add conformance gate prow job #19173

Merged
merged 1 commit into from
Sep 28, 2020
Merged

add conformance gate prow job #19173

merged 1 commit into from
Sep 28, 2020

Conversation

zachmandeville
Copy link
Contributor

@zachmandeville zachmandeville commented Sep 10, 2020
edited
Loading

Summary

This PR introduces a job to check whether any stable endpoints promoted in the release are without conformance tests.

Background

It is a requirement that GA/stable API's have conformance tests. This requirement is hard to enforce and multiple releases have had stable endpoints promoted without tests. This creates technical debt for conformance,with test writers working on new tests to target API's from older releases. You can see this in this graph from APISnoop:
visualization(3)
where the orange bars in each release mark newly promoted endpoints without tests, and the accumulation of technical debt.

This job

This prow job uses the same APISnoop database to pull in the audit logs from the most recent runs of these two e2e jobs:

  • ci-kubernetes-e2e-gci-gce
  • ci-kubernetes-gce-conformance-latest
    It compares the endpoints hit by conformance tests in the audit logs to the endpoints defined in the open API spec, and lists any new GA endpoints that are not hit by a conformance test. If the list is empty, the job succeeds. If not, the job fails. One can then look at the bottom of the logs to find a list of untested endpoints.
    You can see an example of this job on prow.cncf.io.

This job is intended to ultimately work as a release blocking job, and so its configured to fit the release blocking criteria.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 10, 2020
@k8s-ci-robot
Copy link
Contributor

Welcome @zachmandeville!

It looks like this is your first PR to kubernetes/test-infra 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/test-infra has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot
Copy link
Contributor

Hi @zachmandeville. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Sep 10, 2020
@zachmandeville
Copy link
Contributor Author

/hold
/area conformance

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. area/conformance Issues or PRs related to kubernetes conformance tests area/jobs area/release-eng Issues or PRs related to the Release Engineering subproject sig/release Categorizes an issue or PR as relevant to SIG Release. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Sep 10, 2020
@zachmandeville
Copy link
Contributor Author

/assign @justaugustus

@dims
Copy link
Member

dims commented Sep 10, 2020

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 10, 2020
@hh
Copy link
Member

hh commented Sep 10, 2020

@zz Go ahead and specify the command as your startup script.

feiskyer
feiskyer reviewed Sep 11, 2020
View reviewed changes
config/jobs/kubernetes/sig-release/conformance-gate.yaml Outdated
spec:
containers:
- name: apisnoop-gate
image: zachboyofdestiny/snoopdb:gate
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we avoid using a personal image here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@feiskyer , yep! We just put in a change to APISnoop so that the new database it uses can be a part of the existing test-infra image builds for APISnoop. I opened a PR for this change here: #19234

When merged, I can update the container here to use this image.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@feiskyer , This job now uses an image from gcr.io/k8s-staging-apisnoop.

@spiffxp
Copy link
Member

spiffxp commented Sep 11, 2020

You can see an example of this job on prow.cncf.io:

  • the logs from a passing job( as 1.20.0 currently has no new untested endpoints)
  • the logs from a purposefully failing job(it looks at untested endpoints from prior releases)

Do you have a spyglass or gcsweb uri for those? They expired

BenTheElder
BenTheElder reviewed Sep 11, 2020
View reviewed changes
config/jobs/kubernetes/sig-release/conformance-gate.yaml Outdated
- name: postgres
containerPort: 5432
env:
- name: K8S_JOB
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW there are a number of standard environment variables present in kubernetes CI
https://github.com/kubernetes/test-infra/blob/master/prow/jobs.md#job-environment-variables

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, @BenTheElder! I updated the underlying image to use a standard env var, and removed my redundant one. This is part of commit a0c307c

@aojea
Copy link
Member

aojea commented Sep 11, 2020

2 questions:

  1. can we have another job to gate per percentage? i.e. fail if GA less than 75%, beta less than 50%
  2. can we use a different terminology to differentiate between API endpoints and the endpoints API?

@aojea aojea mentioned this pull request Sep 12, 2020
Closed
@riaankleinhans riaankleinhans mentioned this pull request Sep 13, 2020
Closed
@zachmandeville
Copy link
Contributor Author

You can see an example of this job on prow.cncf.io:

  • the logs from a passing job( as 1.20.0 currently has no new untested endpoints)
  • the logs from a purposefully failing job(it looks at untested endpoints from prior releases)

Do you have a spyglass or gcsweb uri for those? They expired

@spiffxp , I do! The logs are coming from jobs running at https://prow.cncf.io
Here's a link to the logs for the most recent job

(note: this job is now failing as 1.20.0 has a new, untested stable endpoint with getInternalApiserverAPIGroup)

@zachmandeville
Copy link
Contributor Author

2 questions:

1. can we have another job to gate per percentage? i.e. fail if GA less than 75%, beta less than 50%

2. can we use a different terminology to differentiate between API endpoints and the endpoints API?

To answer your questions, @aojea:

  1. This would be straightforward to do with the foundations set in this job.
  2. It would be straightforward to update the messages given in the logs to use different terminology, if this is what you mean?

spiffxp
spiffxp suggested changes Sep 23, 2020
View reviewed changes
Copy link
Member

@spiffxp spiffxp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments/questions

config/jobs/kubernetes/sig-arch/conformance-gate.yaml Outdated Show resolved Hide resolved
config/jobs/kubernetes/sig-arch/conformance-gate.yaml Outdated Show resolved Hide resolved
@MushuEE
Copy link
Contributor

MushuEE commented Sep 23, 2020

/label tide/merge-method-squash

@k8s-ci-robot k8s-ci-robot added tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/invalid-owners-file Indicates that a PR should not merge because it has an invalid OWNERS file in it. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 23, 2020
@k8s-ci-robot k8s-ci-robot added area/testgrid and removed do-not-merge/invalid-owners-file Indicates that a PR should not merge because it has an invalid OWNERS file in it. labels Sep 24, 2020
@spiffxp
Copy link
Member

spiffxp commented Sep 24, 2020

/cc @johnbelamaric
LGTM, but I'd like to get the /lgtm from @johnbelamaric as sig-arch chair

@spiffxp spiffxp requested a review from BenTheElder September 24, 2020 22:03
johnbelamaric
johnbelamaric suggested changes Sep 24, 2020
View reviewed changes
Copy link
Member

@johnbelamaric johnbelamaric left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general, please update to use the test failures group alias I just created.

config/jobs/kubernetes/sig-arch/conformance-gate.yaml Outdated Show resolved Hide resolved
@zachmandeville
Add apisnoop conformance gate
96d7583 
Co-authored-by: hh <hh@ii.coop>

change alert email to newly-made mailing list
@harche
Copy link
Contributor

harche commented Sep 26, 2020

/test pull-kubernetes-node-crio-e2e

@k8s-ci-robot
Copy link
Contributor

@harche: The specified target(s) for /test were not found.
The following commands are available to trigger jobs:

  • /test pull-test-infra-bazel
  • /test pull-test-infra-gubernator
  • /test pull-test-infra-verify-file-perms
  • /test pull-test-infra-yamllint
  • /test pull-test-infra-prow-checkconfig

Use /test all to run all jobs.

In response to this:

/test pull-kubernetes-node-crio-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@harche
Copy link
Contributor

harche commented Sep 26, 2020

sorry my bad. Wrong repo.

spiffxp
spiffxp approved these changes Sep 28, 2020
View reviewed changes
Copy link
Member

@spiffxp spiffxp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 28, 2020
@johnbelamaric
Copy link
Member

/lgtm
/approve
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 28, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, johnbelamaric, spiffxp, zachmandeville

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 06a8bab into kubernetes:master Sep 28, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.20 milestone Sep 28, 2020
@k8s-ci-robot
Copy link
Contributor

@zachmandeville: Updated the job-config configmap in namespace default at cluster test-infra-trusted using the following files:

  • key conformance-gate.yaml using file config/jobs/kubernetes/sig-arch/conformance-gate.yaml

In response to this:

Summary

This PR introduces a job to check whether any stable endpoints promoted in the release are without conformance tests.

Background

It is a requirement that GA/stable API's have conformance tests. This requirement is hard to enforce and multiple releases have had stable endpoints promoted without tests. This creates technical debt for conformance,with test writers working on new tests to target API's from older releases. You can see this in this graph from APISnoop:
visualization(3)
where the orange bars in each release mark newly promoted endpoints without tests, and the accumulation of technical debt.

This job

This prow job uses the same APISnoop database to pull in the audit logs from the most recent runs of these two e2e jobs:

  • ci-kubernetes-e2e-gci-gce
  • ci-kubernetes-gce-conformance-latest
    It compares the endpoints hit by conformance tests in the audit logs to the endpoints defined in the open API spec, and lists any new GA endpoints that are not hit by a conformance test. If the list is empty, the job succeeds. If not, the job fails. One can then look at the bottom of the logs to find a list of untested endpoints.
    You can see an example of this job on prow.cncf.io.

This job is intended to ultimately work as a release blocking job, and so its configured to fit the release blocking criteria.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

MushuEE pushed a commit to MushuEE/test-infra that referenced this pull request Oct 12, 2020
@zachmandeville @MushuEE
Add apisnoop conformance gate (kubernetes#19173)
e8434f4 
Co-authored-by: hh <hh@ii.coop>

change alert email to newly-made mailing list
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@feiskyer feiskyer feiskyer left review comments

@neolit123 neolit123 neolit123 left review comments

@johnbelamaric johnbelamaric johnbelamaric requested changes

@spiffxp spiffxp spiffxp approved these changes

@hasheddan hasheddan Awaiting requested review from hasheddan

@BenTheElder BenTheElder Awaiting requested review from BenTheElder

Assignees

@hh hh

@spiffxp spiffxp

@justaugustus justaugustus

@johnbelamaric johnbelamaric

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/config Issues or PRs related to code in /config area/conformance Issues or PRs related to kubernetes conformance tests area/jobs area/release-eng Issues or PRs related to the Release Engineering subproject area/testgrid cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. sig/release Categorizes an issue or PR as relevant to SIG Release. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
v1.20
Development

Successfully merging this pull request may close these issues.