Clarify that the image mirroring requirement applies to conformance tests only #26912
Conversation
|
@smarterclayton @sttts @soltysh ptal The lack of clarity here caused some consternation recently as we discovered a bunch of build tests that consume redhat product images for exercising app building/deployment. While it's probably undesirable that they do that, i don't see anyone investing in rewriting them to use an alternate image any time soon, nor, i imagine, do we want to mirror those product images since they aren't ours to publish. |
openshift-ci
bot
added
e2e-images-update
| # Images used by e2e tests | ||
|
|
||
| We limit the set of images used by e2e to reduce duplication and to allow us to provide offline mirroring of images for customers and restricted test environments. Every image used in e2e must be part of this utility package or referenced by the upstream `k8s.io/kubernetes/test/utils/image` package. | ||
| We limit the set of images used by conformance e2e to reduce duplication and to allow us to provide offline mirroring of images for customers and restricted test environments. Every image used in e2e must be part of this utility package or referenced by the upstream `k8s.io/kubernetes/test/utils/image` package. |
There was a problem hiding this comment.
I don't think this applies to conformance tests only, the way we have it configured we don't differentiate between conformance and non-conformance images.
There was a problem hiding this comment.
pulledInvalidImages allows pulls from registry.redhat.io, among other places (for particular images), it is not enforcing that everything come from quay.io/openshift/community-e2e-images
There was a problem hiding this comment.
in fact weirdly, that code does not allow quay.io/openshift/community-e2e-images which raises a whole other set of questions about how the jobs are being run:
origin/cmd/openshift-tests/images.go
Line 190 in 1c7bf01
There was a problem hiding this comment.
(guessing maybe quay.io/openshift/community-e2e-images is being passed in as the arg to pulledInvalidImages so it gets added as a valid prefix?)
regardless, we definitely have tests that run today that pull from other locations and aren't being flagged by this. Possibly because it is builds that are pulling the image, not pods.
There was a problem hiding this comment.
and as another example of the murky waters we are currently in, take this test fixture for example:
origin/test/extended/testdata/deployments/deployment-example.yaml
Lines 43 to 50 in 3b2752d
technically this is ok(passed image prefix validation) because it results in a pod that pulls from the internal registry because the imagestream it references is configured with local reference policy(i.e. it uses pullthrough). But the reality is that the image being pulled is coming from registry.redhat.io and unless someone mirrored the content and configured the samples operator to ref the mirror for the imagestreams it manages, it won't actually work in a disconnected environment.
It certainly isn't meeting the currently stated policy of "All images used by e2e are mirrored to quay.io/openshift/community-e2e-images:tag"
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bparees, derekwaynecarr The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/override ci/prow/e2e-aws-csi |
|
@bparees: Overrode contexts on behalf of bparees: ci/prow/e2e-aws-csi, ci/prow/e2e-aws-fips, ci/prow/e2e-aws-single-node DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@bparees: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
5 participants
This is my understanding after discussion with @derekwaynecarr