Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests for Multi Tenancy with Service Mesh #2199

Merged
merged 13 commits into from
Aug 3, 2023
Merged

Tests for Multi Tenancy with Service Mesh #2199

merged 13 commits into from
Aug 3, 2023

Conversation

pierDipi
Copy link
Member

@pierDipi pierDipi commented Jul 31, 2023
edited
Loading

Based on #2198

Fixes https://issues.redhat.com/browse/SRVCOM-2522

Proposed Changes

Partial PR with changes from #2126:

  • Rewrite tests from https://github.com/ReToCode/knative-multitenancy in Golang. They're under test/servinge2e/servicemesh/
  • Remove TestKnativeVersusKubeServicesInOneNamespace as it's redundant. Having Knative and k8s service in one namespace is tested with all Eventing tests which now include KSVC in the test scenarios.
  • This PR doesn't include any tests for verifying cross-tenant traffic for Eventing. They depend on Send namespace header in MT components knative/eventing#7048 to be merged and backported.
  • Split the test webhook under serving/metadata-webhook into cluster-resources and namespaced-resources. The second one needs to be applied with -n <namespace>. This is to reduce duplication of code because the webhook is now used in two namespaces: serving-tests, serverless-tests.

TODOs in follow up PRs

  • Eventing MT tests
  • Generate authz policies for the tests from the chart container image during make genarated-files
  • migrate to use mtls: true on the SMCP

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 31, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@pierDipi
Copy link
Member Author

/test 4.10-upstream-e2e-mesh-aws-ocp-410

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Temp: Remove method restrictions
9cdc4e9 
Signed-off-by: Pierangelo Di Pilato <[email protected]>
@pierDipi
Copy link
Member Author

Previous failure due to POST method restriction, to be removed in the chart:

=== CONT  TestBrokerConformance/Knative_Broker_Specification_-_Data_Plane/Ingress/Assert/Conformance_Brokers_MUST_reject_all_HTTP_produce_requests_with_a_method_other_than_POST_responding_with_HTTP_status_code_`405_Method_Not_Supported`.
    data_plane.go:350: Expected statuscode 405 for sequence 1 got 403
            --- FAIL: TestBrokerConformance/Knative_Broker_Specification_-_Data_Plane/Ingress/Assert/Conformance_Brokers_MUST_reject_all_HTTP_produce_requests_with_a_method_other_than_POST_responding_with_HTTP_status_code_`405_Method_Not_Supported`. (39.36s)

@pierDipi
Copy link
Member Author

/test 4.10-upstream-e2e-mesh-aws-ocp-410

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@ReToCode ReToCode mentioned this pull request Jul 31, 2023
Closed
@pierDipi pierDipi mentioned this pull request Jul 31, 2023
Merged
@pierDipi pierDipi reopened this Jul 31, 2023
@pierDipi
Copy link
Member Author

Tests are timing out after 4h

@pierDipi
Copy link
Member Author

openshift/release#41818

@pierDipi
Copy link
Member Author

/test 4.10-upstream-e2e-mesh-aws-ocp-410

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Copy link
Member Author

Passed on 4.10

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Copy link
Member Author

pierDipi commented Aug 1, 2023

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Copy link
Member Author

pierDipi commented Aug 1, 2023

APIServer was down:

"https://172.30.0.1/api/v1/namespaces/serverless-tests/pods/t1dlq-mrgeuoyk": dial tcp 172.30.0.1:443: connect: connection refused"

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi pierDipi marked this pull request as ready for review August 1, 2023 11:23
@openshift-ci openshift-ci bot requested review from lberk and rhuss August 1, 2023 11:23
@pierDipi
Copy link
Member Author

pierDipi commented Aug 1, 2023
edited
Loading

From https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift-knative_serverless-operator/2199/pull-ci-openshift-knative-serverless-operator-main-4.13-upstream-e2e-mesh-aws-ocp-413/1686285486018007040/artifacts/upstream-e2e-mesh-aws-ocp-413/gather-extra/artifacts/pods/serverless-tests_subject-ifdweahz-f6555bd94-dfpmv_user-container.log

2023/08/01 11:15:59 sending cloudevent to http://sink-uzbhnbft.serverless-tests.svc.cluster.local
2023/08/01 11:16:45 failed to send cloudevent: 503:  (10x)

and there is no pod with name sink-uzbhnbft in [1], so it was probably evicted:

[1] https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift-knative_serverless-operator/2199/pull-ci-openshift-knative-serverless-operator-main-4.13-upstream-e2e-mesh-aws-ocp-413/1686285486018007040/artifacts/upstream-e2e-mesh-aws-ocp-413/gather-extra/artifacts/pods.json

@pierDipi
Copy link
Member Author

pierDipi commented Aug 1, 2023

/test 4.13-upstream-e2e-mesh-aws-ocp-413

2 similar comments
@pierDipi
Copy link
Member Author

pierDipi commented Aug 2, 2023

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Copy link
Member Author

pierDipi commented Aug 2, 2023

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Copy link
Member Author

pierDipi commented Aug 2, 2023

The failures are not related to the authorization policies, generally, those tests are pretty flaky already but one run on 4.10 succeeded https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift-knative_serverless-operator/2199/pull-ci-openshift-knative-serverless-operator-main-4.10-upstream-e2e-mesh-aws-ocp-410/1686049565687418880, so I think we can merge this PR

/cc @ReToCode @mgencur

@openshift-ci openshift-ci bot requested review from mgencur and ReToCode August 2, 2023 09:56
@pierDipi pierDipi changed the title [WIP] Tests for Multi Tenancy with Service Mesh Tests for Multi Tenancy with Service Mesh Aug 2, 2023
@pierDipi
Copy link
Member Author

pierDipi commented Aug 2, 2023
edited
Loading

eventing tests flaky reason is that tests' resources are not cleaned up, so the cluster is packed of resources, so sometimes pods just get evicted (we use raw pods in tests).

This will be hopefully fixed by 1.11 and if we really want we can invest some time into backporting the fixes

Refs for commits we need:

@pierDipi
Scale up worker nodes
805914a 
Signed-off-by: Pierangelo Di Pilato <[email protected]>
@pierDipi
Copy link
Member Author

pierDipi commented Aug 2, 2023

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Copy link
Member Author

pierDipi commented Aug 2, 2023

/test 4.13-upstream-e2e-mesh-aws-ocp-413

@pierDipi
Copy link
Member Author

pierDipi commented Aug 2, 2023

/test 4.10-upstream-e2e-mesh-aws-ocp-410

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 2, 2023

@pierDipi: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/4.13-upstream-e2e-mesh-aws-ocp-413 2e9c12e link false /test 4.13-upstream-e2e-mesh-aws-ocp-413

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

ReToCode
ReToCode approved these changes Aug 3, 2023
View reviewed changes
Copy link
Member

@ReToCode ReToCode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with merging this. Mesh tests are already pretty flaky and we have to continue to improve them anyway. It might be good to do it before 1.11 to see where we stand with our mesh changes for the 1.31 release (which is 1.10).

I'll (try) to do the backports and do an additional PR on top here to use mtls: true, enable the new generation script and see if those back-ports make the tests more stable.

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Aug 3, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 3, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pierDipi, ReToCode

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit e133050 into openshift-knative:main Aug 3, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ReToCode ReToCode ReToCode approved these changes

@lberk lberk Awaiting requested review from lberk

@rhuss rhuss Awaiting requested review from rhuss

@mgencur mgencur Awaiting requested review from mgencur

Assignees

@ReToCode ReToCode

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pierDipi @ReToCode @openshift-merge-robot