Ansible installer needs to create proper service account names for 0.6.0 #4020
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here (e.g. What to do if you already signed the CLAIndividual signers
Corporate signers
|
|
Hi @jmazzitelli. Thanks for your PR. I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Assign the PR to them by writing The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
I signed it! (referring to the CLA) |
|
CLAs look good, thanks! |
|
FYI: the errors you will get if you use the current ansible installer are the following (i.e. this is what the PR fixes): The log from the grafana pod: The log from the prometheus pod: |
This was referenced Mar 7, 2018
|
/okay-to-test |
|
/retest |
|
None of those errors look related to any of this ansible stuff I touched. All this PR changes is the name of the service accounts for grafana and prometheus to match the new names. @christian-posta am I missing something or are these errors unrelated? |
|
They seem to be unrelated @jmazzitelli let me dig in quick and see what's up |
|
/test istio-unit-tests |
|
/test istio-pilot-e2e |
|
FWIW: It appears these tests (or some combination of them) have been failing for a few days at least - looking at recently closed PRs show they were failing for those PRs as well. |
|
@christian-posta based on the fact that recently merged PRs have ignored these test errors as well, what is the liklihood that this PR will be able to be merged soon? |
|
@ldemailly @geeknoid the tests seem to be in an unfriendly state. are we just merging these while tests get sorted? |
sdake
suggested changes
Mar 8, 2018
There was a problem hiding this comment.
I think the v6 text could cause some confusion. Can you update quickly, and then I'll approve the PR?
In the future, given that OpenShift and Kubernetes have completely separate operational modes with Istio, it may make sense to separate the tasks by file (e.g. add_serviceaccount_to_addon_pristine.yml and add_serviceaccount_to_addon_oc.yml.
Also if looking for future work, a gate would be immensely helpful to ensure there are no regressions. Can you file an issue for the work of adding an Ansible deployment gate?
|
|
||
| - set_fact: | ||
| add_on_definition_path: /tmp/{{ add_on_name }}-service-account | ||
|
|
||
| - name: Apply ServiceAccount from template for {{ add_on_name }} | ||
| - name: Apply ServiceAccount from template for {{ add_on_name }} for istio before v6 |
| @@ -9,22 +9,56 @@ | |||
| register: go | |||
| ignore_errors: true | |||
|
|
|||
| - name: Add ServiceAccount to {{ add_on_name }} add-on | |||
| - name: Add ServiceAccount to {{ add_on_name }} add-on for istio before v6 | |||
| - (istio_version_to_use.split(".")[0] | int > 0) or | ||
| (istio_version_to_use.split(".")[1] | int >= 6) | ||
|
|
||
| - name: Define SCC rules to enable containers running with UID zero for Addon service accounts for {{ add_on_name }} for istio before v6 |
|
/test e2e-simple |
|
/test e2e-bookInfo |
|
/test istio-pilot-e2e |
…itly defined and no longer are prefixed/suffixed with "istio-" and "-service-account". The names of the addon service accounts are now simply just the addon names themselves (i.e. "grafana" and "prometheus"). This PR makes this change so when installing 0.6.0+ the service accounts are named properly, however, this PR also maintains backward compatibility by ensuring the service accounts names are those used in the past (i.e. istio-grafana-service-account and istio-prometheus-service-account) when installing 0.5.1 and under.
Codecov Report
@@ Coverage Diff @@
## master #4020 +/- ##
=======================================
- Coverage 75% 75% -<1%
=======================================
Files 305 305
Lines 27514 27947 +433
=======================================
+ Hits 20550 20752 +202
- Misses 5657 5843 +186
- Partials 1307 1352 +45
Continue to review full report at Codecov.
|
|
@sdake - I changed the three instances of "before v6" into "prior to version 0.6". |
created issue #4080 |
|
@jmazzitelli: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@sdake looks like all the tasks have completed and only the "normal" failures occurred - the rest were successful. So this is ready from my perspective. |
sdake
approved these changes
Mar 8, 2018
|
@jmazzitelli I'm not sure what the policy is on squashing/merging with tests in busted shape (even though this code has no test cases and is unrelated to the failures). The community goes back and forth on this point, so would prefer someone else to merge, but I've approved your review. Cheers |
|
Anyone else able to merge this? I'm seeing PRs getting merged actively over the past several days (even past several hours) with these same tests failing. |
|
@ZackButcher you had just merged my somewhat-related PR (the one that fixed the ansible install doc related to the new 0.6.0 jaeger setting). Would you be so kind as to merge this PR too? :) The errors reported here are the same errors every PR lately is seeing - this PR does not introduce any "real" errors and can be merged. FYI: this PR fixes ansible installer so it can install 0.6.0 properly. |
PiotrSikora
added a commit
to PiotrSikora/istio
that referenced
this pull request
Aug 15, 2018
Pulling the following changes from github.com/istio/proxy: 7a0fca9 Update Envoy SHA to latest with LcTrie optimizations (release-1.0). (istio#1919) d93f0fe Fix macOS build on CircleCI (release-1.0). (istio#1921) Pulling the following changes from github.com/envoyproxy/envoy: 73bd3d95c http_filter: add addEncodedTrailers and addDecodedTrailers (istio#3980) c3652aad5 rbac/fuzz: fix build (istio#4150) 07bc27c05 fix flaky RBAC integration test. (istio#4147) b150d61a9 header_map: copy constructor for HeaderMapImpl. (istio#4129) f345c8b23 test: moving websocket tests to using HTTP codec. (istio#4143) da500d20f upstream: init host hc value based on hc value from other priorities (istio#3959) da6194b94 test: add tests for corner-cases around sending requests before run() starts or after run() ends. (istio#4114) 3527f7799 perf: reduce the memory usage of LC Trie construction (istio#4117) b538e46d8 test: moving redundant code in websocket_integration_test to utilities (istio#4127) a3c55bf7b test: make YamlLoadFromStringFail less picky about error msg. (istio#4141) c283439b6 rbac: add rbac network filter. (istio#4083) 5a7152d21 fuzz: route lookup and header finalization fuzzer. (istio#4116) 589467360 Set content-type and content-length (istio#4113) 714ae130a fault: use FractionalPercent for percent (istio#3978) fde378705 test: Fix inverted exact match logic in IntegrationTcpClient::waitForData() (istio#4134) 794a00126 Added cluster_name to load assignment config for static cluster (istio#4123) 19f51e5e1 ssl: refactor ContextConfig to use TlsCertificateConfig (istio#4115) 0a4bffc5a syscall: refactor OsSysCalls for deeper errno latching (istio#4111) ec0d98e5e thrift_proxy: fix oneway bugs (istio#4025) 1381673ad Do not crash when converting YAML to JSON fails (istio#4110) 2662bf1f2 config: allow unknown fields flag (take 2) (istio#4096) 1ab839c1f Use a jittered backoff strategy for handling HdsDelegate stream/connection failures (istio#4108) 7309c14cf bazel: use GCS remote cache (istio#4050) 5fe4e14f0 Add thread local cache of overload action states (istio#4090) 3bb7fbc5f Added TCP healthcheck capabilities to the HdsDelegate (istio#4079) 98037ed37 secret: add secret provider interface and use it for TlsCertificates (istio#4086) 3e15c9490 upstream: allow custom extension protocol options (istio#4098) 9b33c49d1 Rename message types in hds.proto to improve readability (istio#4109) bb70b42bb fuzz: router header formatter/parser fuzz test. (istio#4105) fe57f6b33 fuzz: http parsing utility fuzzer. (istio#4107) 73dfedc95 ci: link ninja-buid to ninja for centos (istio#4106) 1cd509ef1 docs: add curl to Ubuntu deps (istio#4104) 45b900829 Handling updates from the management server on HDS (istio#4077) 510994c6a Don't use SIGTERM for admin /quitquitquit, just shut down directly. (istio#4099) 29b60291e fuzz: access log formatter fuzz test. (istio#4102) 765cac42f Destroy pending updates when updating a cluster (istio#4084) aafdf6037 authz_client_fix: fixed ext_authz http client when request contains content-length greater than 0 (istio#3888) 22ae0ab93 HttpConnectionManager and upstream counters for total completed requests (istio#3995) 04616d676 tcp_proxy: convert TCP proxy to use TCP connection pool (istio#4067) e759eab17 buffer: add prepend functions to Buffer::Instance (istio#4064) 14baa40ea fuzz: h1_capture_fuzz with direct response (istio#3787) d47365a9a Per endpoint load report (istio#4044) 70e9878ed Fix bug in `HostSetImpl::chooseLocality()` (istio#4061) 797e82484 deps: update gRPC to 1.14.0 (istio#4047) 628730666 Remove std::string cast in upstream impl lib and tests. (istio#4080) 33ab6ddac bot: exempt label "no stalebot" for PRs (istio#4081) 699c008d6 Absl string view to std string in dynamic metadata (istio#4078) e9dc1090e collect metrics for RBAC shadow policy (istio#4062) e9d81e179 Combine query-params into admin API's path, with API access from MainCommon sinking to main thread (istio#4059) fccaeade9 Revert "Revert "Basic Implementation of HDS (istio#3973)" (istio#4063)" (istio#4068) e96d4a6c4 http: fix upstream_rq stat increment (istio#4055) 14140ad83 Add overload manager to bootstrap config (istio#4038) b14dee5ee thrift_proxy: introduce MessageMetadata to track message headers and other metadata (istio#3991) 9ee2b2759 authz: correct stat names (istio#4074) c68063c05 Stats interface atomization (istio#4071) 82e3541b0 docs: fix incorrect doc about cluster warming in CDS (istio#4040) 3868326bd Support ListValue for metadata matcher (istio#3964) 4e5258953 Revert "Basic Implementation of HDS (istio#3973)" (istio#4063) f3b0f8580 Basic Implementation of HDS (istio#3973) 7b03f2ef5 tracing: Fixes issue with small LightStep reports. (istio#3989) fd517b356 request_info: initial implementation of dynamic metadata object (istio#3918) d5bbd1e0c Ability to specify a test or a test group when building with docker release (istio#4030) a1c646102 Remove stats_impl.h (istio#4057) 7bf713a93 fuzz: H2 codec fuzzer. (istio#4017) a614808b9 upstream: fix typo (s/lb_type/lb_policy/g) in previous commit. (istio#4051) 346059548 upstream: require opt-in for the x-envoy-original-dst-host header. (istio#4046) f2c9652a9 owners: add Dhi is maintainer (istio#4042) 6a1868dff Revert "tcp_proxy: convert TCP proxy to use TCP connection pool (istio#3938)" (istio#4043) cc3657797 docs: document request_timeout in version_history (istio#4041) a3364380a rest-api: make request timeout configurable (istio#4006) fa628c44e logging: optional details for ASSERT (istio#3934) 55606ec3f bump abseil-cpp commit (istio#4034) 4c3219c0c owners: promote Stephan and Greg to senior maintainer! (istio#4039) ddd661ac0 hot restarter: Log errno for 'panic: cannot open shared memory' error (istio#4032) cb3356fc5 Sds: Ssl socket factory owns ContextConfig (istio#4028) 9bc047226 Refactor TransportSocketFactoryContext and Cluster interfaces. (istio#4026) f8f21c26d Rename duplicated ads integration test case name (istio#4035) 02281809b fix duplicate listeners in lds response (istio#4029) 61421bddf upstream: fix duplicate clusters (istio#4012) 1f1166167 split up stats_impl_test to match the *impl.h and and *impl.cc files. (istio#4024) 5ec8b37da Remove "DO NOT SUBMIT" comment. (istio#4020) 882c49832 Add more information to errors about rejected cipher suite configuration. (istio#4019) ffc8258e5 Rename common/stats/stats_impl.* to common/stats/source_impl.* and fix refs (istio#4021) 891135e38 Fix overload manager unit test build (istio#4022) c2f204cc7 Add stats for overload manager (istio#4001) aec92237a remove unused variables (istio#4013) e999cfacc Re-order functions in stats_impl to group classes together (istio#4004) d5805b171 typos (istio#4009) aeb3f2875 Fix perf_annotation_test compilation under gcc 8.1.1 (istio#4000) da3c1eaf8 test/mock: Add 3 new gmock matchers (istio#3972) 6a8b84384 test: Add timeouts to methods that could wait forever in test/integration/fake_upstream.h. (istio#3936) d0f10faff HeapStatData with a distinct allocation mechanism for RawStatData (istio#3710) 2012c3e4c rds: make RouteConfigProvider unique_ptr (istio#3967) 62441f9fe Add option for merging cluster updates (istio#3941) eb5ea98ff fuzz: fixes oss-fuzz: 9599, 9600 (istio#3979) b27068bd0 listener: add socket api in os sys calls for additional tests (istio#3968) 83b9e2da8 Add overload manager for Envoy (istio#3954) f0ca75415 Fix prometheus typo. (istio#3999) 028387a3b tcp_proxy: convert TCP proxy to use TCP connection pool (istio#3938) f882e74dc syscall: use Api::SysCallResult in buffer impl (istio#3976) 7d61b0017 fuzz: fixes oss-fuzz: 9621 (istio#3988) dc03a9a41 docs: fix grammar errors (istio#3983) ed131cfa9 docs: minor typo and grammar fixups (istio#3984) 08fadcc41 http: fix segfault when idle timer fires before request headers received. (istio#3970) 8b9fd9aa7 Refactor setSocketOption for better errno latching (istio#3915) 6b65dbe3a Change drop_percentage to FractionalPercent (istio#3974) f28dc53f4 Remove deprecated handling of mutating admin requests from GET. (istio#3975) 324e628b7 syscall: refactor address APIs for deeper errno latching (istio#3897) Fixes istio#7710, fixes istio#7817, and hopefully fixes istio#7759. Signed-off-by: Piotr Sikora <piotrsikora@google.com>
costinm
pushed a commit
that referenced
this pull request
Aug 16, 2018
* Update Envoy SHA to latest (release-1.0). Pulling the following changes from github.com/istio/proxy: 7a0fca9 Update Envoy SHA to latest with LcTrie optimizations (release-1.0). (#1919) d93f0fe Fix macOS build on CircleCI (release-1.0). (#1921) Pulling the following changes from github.com/envoyproxy/envoy: 73bd3d95c http_filter: add addEncodedTrailers and addDecodedTrailers (#3980) c3652aad5 rbac/fuzz: fix build (#4150) 07bc27c05 fix flaky RBAC integration test. (#4147) b150d61a9 header_map: copy constructor for HeaderMapImpl. (#4129) f345c8b23 test: moving websocket tests to using HTTP codec. (#4143) da500d20f upstream: init host hc value based on hc value from other priorities (#3959) da6194b94 test: add tests for corner-cases around sending requests before run() starts or after run() ends. (#4114) 3527f7799 perf: reduce the memory usage of LC Trie construction (#4117) b538e46d8 test: moving redundant code in websocket_integration_test to utilities (#4127) a3c55bf7b test: make YamlLoadFromStringFail less picky about error msg. (#4141) c283439b6 rbac: add rbac network filter. (#4083) 5a7152d21 fuzz: route lookup and header finalization fuzzer. (#4116) 589467360 Set content-type and content-length (#4113) 714ae130a fault: use FractionalPercent for percent (#3978) fde378705 test: Fix inverted exact match logic in IntegrationTcpClient::waitForData() (#4134) 794a00126 Added cluster_name to load assignment config for static cluster (#4123) 19f51e5e1 ssl: refactor ContextConfig to use TlsCertificateConfig (#4115) 0a4bffc5a syscall: refactor OsSysCalls for deeper errno latching (#4111) ec0d98e5e thrift_proxy: fix oneway bugs (#4025) 1381673ad Do not crash when converting YAML to JSON fails (#4110) 2662bf1f2 config: allow unknown fields flag (take 2) (#4096) 1ab839c1f Use a jittered backoff strategy for handling HdsDelegate stream/connection failures (#4108) 7309c14cf bazel: use GCS remote cache (#4050) 5fe4e14f0 Add thread local cache of overload action states (#4090) 3bb7fbc5f Added TCP healthcheck capabilities to the HdsDelegate (#4079) 98037ed37 secret: add secret provider interface and use it for TlsCertificates (#4086) 3e15c9490 upstream: allow custom extension protocol options (#4098) 9b33c49d1 Rename message types in hds.proto to improve readability (#4109) bb70b42bb fuzz: router header formatter/parser fuzz test. (#4105) fe57f6b33 fuzz: http parsing utility fuzzer. (#4107) 73dfedc95 ci: link ninja-buid to ninja for centos (#4106) 1cd509ef1 docs: add curl to Ubuntu deps (#4104) 45b900829 Handling updates from the management server on HDS (#4077) 510994c6a Don't use SIGTERM for admin /quitquitquit, just shut down directly. (#4099) 29b60291e fuzz: access log formatter fuzz test. (#4102) 765cac42f Destroy pending updates when updating a cluster (#4084) aafdf6037 authz_client_fix: fixed ext_authz http client when request contains content-length greater than 0 (#3888) 22ae0ab93 HttpConnectionManager and upstream counters for total completed requests (#3995) 04616d676 tcp_proxy: convert TCP proxy to use TCP connection pool (#4067) e759eab17 buffer: add prepend functions to Buffer::Instance (#4064) 14baa40ea fuzz: h1_capture_fuzz with direct response (#3787) d47365a9a Per endpoint load report (#4044) 70e9878ed Fix bug in `HostSetImpl::chooseLocality()` (#4061) 797e82484 deps: update gRPC to 1.14.0 (#4047) 628730666 Remove std::string cast in upstream impl lib and tests. (#4080) 33ab6ddac bot: exempt label "no stalebot" for PRs (#4081) 699c008d6 Absl string view to std string in dynamic metadata (#4078) e9dc1090e collect metrics for RBAC shadow policy (#4062) e9d81e179 Combine query-params into admin API's path, with API access from MainCommon sinking to main thread (#4059) fccaeade9 Revert "Revert "Basic Implementation of HDS (#3973)" (#4063)" (#4068) e96d4a6c4 http: fix upstream_rq stat increment (#4055) 14140ad83 Add overload manager to bootstrap config (#4038) b14dee5ee thrift_proxy: introduce MessageMetadata to track message headers and other metadata (#3991) 9ee2b2759 authz: correct stat names (#4074) c68063c05 Stats interface atomization (#4071) 82e3541b0 docs: fix incorrect doc about cluster warming in CDS (#4040) 3868326bd Support ListValue for metadata matcher (#3964) 4e5258953 Revert "Basic Implementation of HDS (#3973)" (#4063) f3b0f8580 Basic Implementation of HDS (#3973) 7b03f2ef5 tracing: Fixes issue with small LightStep reports. (#3989) fd517b356 request_info: initial implementation of dynamic metadata object (#3918) d5bbd1e0c Ability to specify a test or a test group when building with docker release (#4030) a1c646102 Remove stats_impl.h (#4057) 7bf713a93 fuzz: H2 codec fuzzer. (#4017) a614808b9 upstream: fix typo (s/lb_type/lb_policy/g) in previous commit. (#4051) 346059548 upstream: require opt-in for the x-envoy-original-dst-host header. (#4046) f2c9652a9 owners: add Dhi is maintainer (#4042) 6a1868dff Revert "tcp_proxy: convert TCP proxy to use TCP connection pool (#3938)" (#4043) cc3657797 docs: document request_timeout in version_history (#4041) a3364380a rest-api: make request timeout configurable (#4006) fa628c44e logging: optional details for ASSERT (#3934) 55606ec3f bump abseil-cpp commit (#4034) 4c3219c0c owners: promote Stephan and Greg to senior maintainer! (#4039) ddd661ac0 hot restarter: Log errno for 'panic: cannot open shared memory' error (#4032) cb3356fc5 Sds: Ssl socket factory owns ContextConfig (#4028) 9bc047226 Refactor TransportSocketFactoryContext and Cluster interfaces. (#4026) f8f21c26d Rename duplicated ads integration test case name (#4035) 02281809b fix duplicate listeners in lds response (#4029) 61421bddf upstream: fix duplicate clusters (#4012) 1f1166167 split up stats_impl_test to match the *impl.h and and *impl.cc files. (#4024) 5ec8b37da Remove "DO NOT SUBMIT" comment. (#4020) 882c49832 Add more information to errors about rejected cipher suite configuration. (#4019) ffc8258e5 Rename common/stats/stats_impl.* to common/stats/source_impl.* and fix refs (#4021) 891135e38 Fix overload manager unit test build (#4022) c2f204cc7 Add stats for overload manager (#4001) aec92237a remove unused variables (#4013) e999cfacc Re-order functions in stats_impl to group classes together (#4004) d5805b171 typos (#4009) aeb3f2875 Fix perf_annotation_test compilation under gcc 8.1.1 (#4000) da3c1eaf8 test/mock: Add 3 new gmock matchers (#3972) 6a8b84384 test: Add timeouts to methods that could wait forever in test/integration/fake_upstream.h. (#3936) d0f10faff HeapStatData with a distinct allocation mechanism for RawStatData (#3710) 2012c3e4c rds: make RouteConfigProvider unique_ptr (#3967) 62441f9fe Add option for merging cluster updates (#3941) eb5ea98ff fuzz: fixes oss-fuzz: 9599, 9600 (#3979) b27068bd0 listener: add socket api in os sys calls for additional tests (#3968) 83b9e2da8 Add overload manager for Envoy (#3954) f0ca75415 Fix prometheus typo. (#3999) 028387a3b tcp_proxy: convert TCP proxy to use TCP connection pool (#3938) f882e74dc syscall: use Api::SysCallResult in buffer impl (#3976) 7d61b0017 fuzz: fixes oss-fuzz: 9621 (#3988) dc03a9a41 docs: fix grammar errors (#3983) ed131cfa9 docs: minor typo and grammar fixups (#3984) 08fadcc41 http: fix segfault when idle timer fires before request headers received. (#3970) 8b9fd9aa7 Refactor setSocketOption for better errno latching (#3915) 6b65dbe3a Change drop_percentage to FractionalPercent (#3974) f28dc53f4 Remove deprecated handling of mutating admin requests from GET. (#3975) 324e628b7 syscall: refactor address APIs for deeper errno latching (#3897) Fixes #7710, fixes #7817, and hopefully fixes #7759. Signed-off-by: Piotr Sikora <piotrsikora@google.com> * reivew: fix for duplicate clusters (backported from master). Signed-off-by: Piotr Sikora <piotrsikora@google.com> * review: disable broken tests (backported from master). Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In 0.6.0, it seems the names of the addon service accounts are explicitly
defined and no longer are prefixed/suffixed with "istio-" and
"-service-account". The names of the addon service accounts are now simply
just the addon names themselves (i.e. "grafana" and "prometheus").
This PR makes this change so when installing 0.6.0+ the service
accounts are named properly, however, this PR also maintains
backward compatibility by ensuring the service accounts names
are those used in the past (i.e. istio-grafana-service-account
and istio-prometheus-service-account) when installing 0.5.1 and under.