test: Run kubectl in test VM for older K8s releases #11072
Conversation
061b97b to
720cb3d
Compare
|
this PR has been marked as a draft PR since it had a WIP label. Please click in "Ready for review" [below vvv ] once the PR is ready to be reviewed. CI will still run for draft PRs. |
|
@aanm istioctl failing with K8s 1.14 and 1.15 may be due to the installed kubectl being version 1.18. When testing locally on Mac I had to downgrade kubectl to match the server version to make it work. Do you know how I could downgrade kubectl, or maybe we should do it universally for older k8s versions? Ref:
|
Downgrade |
|
istioctl is complaining that it can't find kubectl in $PATH. My hunch is that the installed kubectl version (1.18) is found, but then fails due to some compatibility reason. I'm assuming istioctl is trying to invoke kubectl from the $PATH, but the installed kubectl version (at /usr/local/bin/kubectl) is version 1.18, even though the VM is booted with K8S_VERSION=1.1[45]. This is the output of the commands I added in this PR for debugging purposes: |
|
@aanm Do you know why the kubectl reports client version 1.18 on a test VM with |
|
VM start scripts shows: But then when running tests |
IIRC @jrajahalme that is the version of the |
|
@aanm Exactly, istioctl is run in the host, just like any kubectl command run in the test? |
|
So I conflated the VM k8s install to the host kubectl above, sorry. |
|
This PR adds: Which reports client version 1.18. It would make sense that this is coming from the host, but |
@jrajahalme and isn't that VM running k8s 1.18? |
|
@aanm I don't know, is it different from the ones started under |
|
And why would we configure |
720cb3d to
76d2ee0
Compare
|
test-missed-k8s |
6abed98 to
62d5c00
Compare
|
test-missed-k8s |
Add the missing file suffix (.sh) to print-node-ip calls in Jenkinsfile. This prevents unnecessary Cilium compilation and helps speed up test runs. Add OSX support to 'test/print-node-ip.sh'. Use simpler 'cut' instead of 'awk' for Linux. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
kubectl is guaranteed to be compatible with limited number of earlier releases: > kubectl is supported within one minor version (older or newer) of > kube-apiserver. So far we have been using the latest kubectl in the host (now 1.18) to control clusters from K8s 1.11 to 1.18. This did not work any more with 'istioctl', which complained about "kubectl not being found in $PATH". When pairing istioctl with the same version of kubectl as the cluster this started working again. Downgrading kubectl in the test hosts may not be practical, but the CI infra also supports running kubectl in the cluster's master node (k8s1). This is triggered via the value of the Ginkgo 'cilium.kubeconfig' option. When 'cilium.kubeconfig' is non-empty, it is assumed to be a path to a valid kubeconfig for connecting kubectl in the host to the test cluster. When 'cilium.kubeconfig' is empty, CI Ginkgo helpers assume that kubectl should be run on "k8s1". 'test/vagrant-ci-start.sh' expects KUBECONFIG environment variable to be set to the path to the file into which the kubeconfig fetched from the test cluster should be stored. Modify 'test/vagrant-ci-start.sh' to accept undefined KUBECONFIG to signify the need to run kubectl in the test cluster's master node (k8s1). Finally, remove setting of both the KUBECONFIG environment variable before calling 'vagrant-ci-start.sh' and the Ginkgo option 'cilium.kubeconfig' in 'ginkgo-kubernetes-all.Jenkinsfile' which is used to run the CI K8s test suite on k8s versions from 1.11 to 1.17. This way we always use the kubectl installed as part of the testing cluster itself, in the master node. This solves the compatibility problem with istioctl and should help guard that we have not introduced any kubectl syntax that would not be compatible with the target k8s version. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
cb2b100 to
f755217
Compare
|
test-me-please |
|
never-tell-me-the-odds |
There was a problem hiding this comment.
Great job with finding the root cause of the issue!
While this change fixes the problem, I believe that going back to "the old way" of running kubectl via SSH in isn't the way to go.
SSH-specific execution code is left in the test framework exclusively to support Runtime tests. Historically, SSH to vagrant VM was unreliable and made debugging harder. As we retire Runtime tests, we should be able to delete this code with minimal pain.
I would strongly prefer fixing this by adding multiple versions of kubectl binaries on CI nodes and manipulating PATH. I can add downloading of all needed kubectl binaries into node provisioning scripts, after that this change would just need symlinking to them appropriately and setting the PATH.
Also, thanks for fixing print-node-ip bugs, I am not sure how these could have persisted for so long
|
test-me-please |
|
@nebril Running K8s CI tests locally on a Mac host without Jenkins, when started with I'll revise this PR after you have made the old kubectl versions available. We probably should use an old version for the k8s 1.11 tests in the regular ginkgo k8s test suite as well. |
|
after discussing offline let's merge this as an immediate mitigation |
kubectl is guaranteed to be compatible with limited number of earlier
releases:
So far we have been using the latest kubectl in the host (now 1.18) to
control clusters from K8s 1.11 to 1.18. This did not work any more
with 'istioctl', which complained about "kubectl not being found in
$PATH". When pairing istioctl with the same version of kubectl as the
cluster this started working again.
Downgrading kubectl in the test hosts may not be practical, but the CI
infra also supports running kubectl in the cluster's master node
(k8s1). This is triggered via the value of the Ginkgo
'cilium.kubeconfig' option. When 'cilium.kubeconfig' is non-empty, it
is assumed to be a path to a valid kubeconfig for connecting kubectl
in the host to the test cluster. When 'cilium.kubeconfig' is empty, CI
Ginkgo helpers assume that kubectl should be run on
"k8s1". 'test/vagrant-ci-start.sh' expects KUBECONFIG environment
variable to be set to the path to the file into which the kubeconfig
fetched from the test cluster should be stored. Modify
'test/vagrant-ci-start.sh' to accept undefined KUBECONFIG to signify
the need to run kubectl in the test cluster's master node (k8s1).
Finally, remove setting of both the KUBECONFIG environment variable
before calling 'vagrant-ci-start.sh' and the Ginkgo option
'cilium.kubeconfig' in 'ginkgo-kubernetes-all.Jenkinsfile' which is
used to run the CI K8s test suite on k8s versions from 1.11 to
1.17. This way we always use the kubectl installed as part of the
testing cluster itself, in the master node. This solves the
compatibility problem with istioctl and should help guard that we have
not introduced any kubectl syntax that would not be compatible with
the target k8s version.
Signed-off-by: Jarno Rajahalme jarno@covalent.io