├── openshift ├── ci-operator │ ├── source-image │ │ └── Dockerfile │ ├── Dockerfile.in │ ├── build-image │ │ ├── kubernetes.repo │ │ └── Dockerfile │ ├── generate-dockerfiles.sh │ ├── update-ci.sh │ └── generate-ci-config.sh ├── release │ ├── knative-eventing-ci.yaml │ ├── generate-release.sh │ ├── resolve.sh │ ├── manifest-patches │ │ ├── 003-serving-pdb.patch │ │ ├── 002-openshift-serving-role.patch │ │ └── 001-serving-namespace-deletion.patch │ ├── create-release-branch.sh │ ├── README.md │ ├── mirror-upstream-branches.sh │ ├── download_release_artifacts.sh │ └── update-to-head.sh ├── e2e-tests-local.sh ├── e2e-tests.sh ├── patches │ ├── 100-ko-baseimage.patch │ ├── 001-object.patch │ ├── 008-remove-seccomp-queue.patch │ ├── 005-k8s-min.patch │ ├── 007-kourier-nonseccomp.patch │ ├── 002-mutemetrics.patch │ ├── 004-grpc.patch │ └── 003-routeretry.patch ├── tui-functions.sh └── e2e-common.sh ├── .gitignore ├── OWNERS ├── OWNERS_ALIASES ├── RELEASE.md ├── Makefile ├── README.md └── LICENSE /openshift/ci-operator/source-image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM src 2 | -------------------------------------------------------------------------------- /openshift/release/knative-eventing-ci.yaml: -------------------------------------------------------------------------------- 1 | # This is a dummy file. "knative-eventing" directory and a manifest file is mandatory when KO_DATA_PATH was overwritten. 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Operating system temporary files 2 | .DS_Store 3 | 4 | # Editor/IDE specific settings 5 | .idea 6 | .vscode/ 7 | 8 | # Temporary output of build tools 9 | bazel-* 10 | *.out -------------------------------------------------------------------------------- /openshift/ci-operator/Dockerfile.in: -------------------------------------------------------------------------------- 1 | # Do not edit! This file was generated via Makefile 2 | FROM openshift/origin-base 3 | USER 65532 4 | 5 | ADD ${bin} /ko-app/${bin} 6 | ENTRYPOINT ["/ko-app/${bin}"] 7 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # The OWNERS file is used by prow to automatically merge approved PRs. 2 | 3 | approvers: 4 | - alanfx 5 | - mgencur 6 | - mvinkler 7 | - nak3 8 | - rhuss 9 | - skonto 10 | 11 | reviewers: 12 | - alanfx 13 | - mgencur 14 | - mvinkler 15 | - nak3 16 | - rhuss 17 | - skonto 18 | -------------------------------------------------------------------------------- /openshift/ci-operator/build-image/kubernetes.repo: -------------------------------------------------------------------------------- 1 | [kubernetes] 2 | name=Kubernetes 3 | baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 4 | enabled=1 5 | gpgcheck=1 6 | repo_gpgcheck=0 7 | gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 8 | -------------------------------------------------------------------------------- /openshift/e2e-tests-local.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # shellcheck disable=SC1090 4 | source "$(dirname "$0")/e2e-common.sh" 5 | 6 | set -x 7 | 8 | env 9 | 10 | failed=0 11 | 12 | (( !failed )) && prepare_knative_serving_tests_nightly || failed=1 13 | (( !failed )) && run_e2e_tests "$TEST" || failed=2 14 | (( failed )) && gather_knative_state 15 | (( failed )) && exit $failed 16 | 17 | success 18 | -------------------------------------------------------------------------------- /openshift/ci-operator/generate-dockerfiles.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -x 4 | 5 | function generate_dockefiles() { 6 | local target_dir=$1; shift 7 | for img in $@; do 8 | local image_base=$(basename $img) 9 | mkdir -p $target_dir/$image_base 10 | bin=$image_base envsubst < openshift/ci-operator/Dockerfile.in > $target_dir/$image_base/Dockerfile 11 | done 12 | } 13 | 14 | generate_dockefiles $@ 15 | -------------------------------------------------------------------------------- /openshift/ci-operator/build-image/Dockerfile: -------------------------------------------------------------------------------- 1 | # Dockerfile to bootstrap build and test in openshift-ci 2 | 3 | FROM registry.ci.openshift.org/openshift/release:golang-1.18 4 | 5 | # Add kubernetes repository 6 | ADD openshift/ci-operator/build-image/kubernetes.repo /etc/yum.repos.d/ 7 | 8 | RUN yum install -y kubectl httpd-tools 9 | 10 | RUN GOFLAGS='' go install github.com/mikefarah/yq/v3@latest 11 | 12 | # Allow runtime users to add entries to /etc/passwd 13 | RUN chmod g+rw /etc/passwd 14 | -------------------------------------------------------------------------------- /openshift/e2e-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # shellcheck disable=SC1090 4 | source "$(dirname "$0")/e2e-common.sh" 5 | 6 | set -x 7 | 8 | env 9 | 10 | failed=0 11 | 12 | export ENABLE_INTERNAL_TLS="${ENABLE_INTERNAL_TLS:-false}" 13 | 14 | (( !failed )) && install_knative || failed=1 15 | (( !failed )) && prepare_knative_serving_tests_nightly || failed=2 16 | (( !failed )) && run_e2e_tests || failed=3 17 | (( failed )) && gather_knative_state 18 | (( failed )) && exit $failed 19 | 20 | success 21 | -------------------------------------------------------------------------------- /openshift/patches/100-ko-baseimage.patch: -------------------------------------------------------------------------------- 1 | diff --git a/.ko.yaml b/.ko.yaml 2 | index 14afa53a5..bceaa1320 100644 3 | --- a/.ko.yaml 4 | +++ b/.ko.yaml 5 | @@ -1,4 +1,5 @@ 6 | # Use :nonroot base image for all containers 7 | -defaultBaseImage: gcr.io/distroless/static:nonroot 8 | +defaultBaseImage: registry.access.redhat.com/ubi8/ubi-minimal:latest 9 | baseImageOverrides: 10 | + knative.dev/serving/test/test_images/runtime: gcr.io/distroless/static:nonroot 11 | knative.dev/serving/vendor/github.com/tsenart/vegeta/v12: ubuntu:latest 12 | -------------------------------------------------------------------------------- /openshift/patches/001-object.patch: -------------------------------------------------------------------------------- 1 | diff --git a/vendor/knative.dev/pkg/test/helpers/name.go b/vendor/knative.dev/pkg/test/helpers/name.go 2 | index 0ceaed594..fd55ec5b0 100644 3 | --- a/vendor/knative.dev/pkg/test/helpers/name.go 4 | +++ b/vendor/knative.dev/pkg/test/helpers/name.go 5 | @@ -26,7 +26,7 @@ import ( 6 | const ( 7 | letterBytes = "abcdefghijklmnopqrstuvwxyz" 8 | randSuffixLen = 8 9 | - nameLengthLimit = 50 10 | + nameLengthLimit = 40 11 | sep = '-' 12 | sepS = "-" 13 | testNamePrefix = "Test" 14 | -------------------------------------------------------------------------------- /openshift/patches/008-remove-seccomp-queue.patch: -------------------------------------------------------------------------------- 1 | diff --git a/pkg/reconciler/revision/resources/queue.go b/pkg/reconciler/revision/resources/queue.go 2 | index 29ac1db50..fc4178433 100644 3 | --- a/pkg/reconciler/revision/resources/queue.go 4 | +++ b/pkg/reconciler/revision/resources/queue.go 5 | @@ -87,9 +87,6 @@ var ( 6 | Capabilities: &corev1.Capabilities{ 7 | Drop: []corev1.Capability{"ALL"}, 8 | }, 9 | - SeccompProfile: &corev1.SeccompProfile{ 10 | - Type: corev1.SeccompProfileTypeRuntimeDefault, 11 | - }, 12 | } 13 | ) 14 | 15 | -------------------------------------------------------------------------------- /openshift/release/generate-release.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | root="$(dirname "${BASH_SOURCE[0]}")" 4 | 5 | source $(dirname $0)/resolve.sh 6 | 7 | release=$1 8 | output_file="openshift/release/knative-serving-${release}.yaml" 9 | 10 | resolve_resources "config/core/ config/hpa-autoscaling/" "$output_file" 11 | 12 | if [[ "$release" != "ci" ]]; then 13 | # Drop the "knative-" suffix, which is added in upstream branch. 14 | # e.g. knative-v1.7.0 => v1.7.0 15 | release=${release#"knative-"} 16 | ${root}/download_release_artifacts.sh $release 17 | fi 18 | -------------------------------------------------------------------------------- /openshift/patches/005-k8s-min.patch: -------------------------------------------------------------------------------- 1 | diff --git a/vendor/knative.dev/pkg/version/version.go b/vendor/knative.dev/pkg/version/version.go 2 | index 39e34464b..c79f442de 100644 3 | --- a/vendor/knative.dev/pkg/version/version.go 4 | +++ b/vendor/knative.dev/pkg/version/version.go 5 | @@ -33,7 +33,7 @@ const ( 6 | // NOTE: If you are changing this line, please also update the minimum kubernetes 7 | // version listed here: 8 | // https://github.com/knative/docs/blob/mkdocs/docs/snippets/prerequisites.md 9 | - defaultMinimumVersion = "v1.23.0" 10 | + defaultMinimumVersion = "v1.19.0" 11 | ) 12 | 13 | func getMinimumVersion() string { 14 | -------------------------------------------------------------------------------- /openshift/release/resolve.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function resolve_resources(){ 4 | local dir=$1 5 | local resolved_file_name=$2 6 | 7 | echo "Writing resolved yaml to $resolved_file_name" 8 | 9 | > "$resolved_file_name" 10 | 11 | for yaml in `find $dir -name "*.yaml" | sort`; do 12 | resolve_file "$yaml" "$resolved_file_name" 13 | done 14 | } 15 | 16 | function resolve_file() { 17 | local file=$1 18 | local to=$2 19 | 20 | echo "---" >> "$to" 21 | # 1. Rewrite image references 22 | # 2. Update config map entry 23 | # 3. Replace serving.knative.dev/release label. 24 | # 4. Remove seccompProfile. 25 | sed -e "s+app.kubernetes.io/version: devel+app.kubernetes.io/version: \"v1.2.0\"+" \ 26 | -e "s+seccompProfile:++" \ 27 | -e "s+type: RuntimeDefault++" \ 28 | "$file" >> "$to" 29 | } 30 | -------------------------------------------------------------------------------- /openshift/release/manifest-patches/003-serving-pdb.patch: -------------------------------------------------------------------------------- 1 | diff --git a/openshift/release/artifacts/2-serving-core.yaml b/openshift/release/artifacts/2-serving-core.yaml 2 | index 1616f3311..ecc27ee95 100644 3 | --- a/openshift/release/artifacts/2-serving-core.yaml 4 | +++ b/openshift/release/artifacts/2-serving-core.yaml 5 | @@ -4883,7 +4883,7 @@ metadata: 6 | app.kubernetes.io/name: knative-serving 7 | app.kubernetes.io/version: "REPLACE_VERSION" 8 | spec: 9 | - minAvailable: 80% 10 | + minAvailable: 1 11 | selector: 12 | matchLabels: 13 | app: activator 14 | @@ -5570,7 +5570,7 @@ metadata: 15 | app.kubernetes.io/name: knative-serving 16 | app.kubernetes.io/version: "REPLACE_VERSION" 17 | spec: 18 | - minAvailable: 80% 19 | + minAvailable: 1 20 | selector: 21 | matchLabels: 22 | app: webhook 23 | -------------------------------------------------------------------------------- /openshift/patches/007-kourier-nonseccomp.patch: -------------------------------------------------------------------------------- 1 | diff --git a/third_party/kourier-latest/kourier.yaml b/third_party/kourier-latest/kourier.yaml 2 | index b0feaa0d0..53c438831 100644 3 | --- a/third_party/kourier-latest/kourier.yaml 4 | +++ b/third_party/kourier-latest/kourier.yaml 5 | @@ -362,8 +362,6 @@ spec: 6 | capabilities: 7 | drop: 8 | - ALL 9 | - seccompProfile: 10 | - type: RuntimeDefault 11 | restartPolicy: Always 12 | serviceAccountName: net-kourier 13 | --- 14 | @@ -459,13 +457,9 @@ spec: 15 | allowPrivilegeEscalation: false 16 | readOnlyRootFilesystem: false 17 | runAsNonRoot: true 18 | - runAsUser: 65534 19 | - runAsGroup: 65534 20 | capabilities: 21 | drop: 22 | - ALL 23 | - seccompProfile: 24 | - type: RuntimeDefault 25 | volumeMounts: 26 | - name: config-volume 27 | mountPath: /tmp/config 28 | -------------------------------------------------------------------------------- /openshift/release/manifest-patches/002-openshift-serving-role.patch: -------------------------------------------------------------------------------- 1 | diff --git a/openshift/release/artifacts/2-serving-core.yaml b/openshift/release/artifacts/2-serving-core.yaml 2 | index 4f7af33d..4a5ce15f 100644 3 | --- a/openshift/release/artifacts/2-serving-core.yaml 4 | +++ b/openshift/release/artifacts/2-serving-core.yaml 5 | @@ -5935,3 +5935,27 @@ metadata: 6 | # The data is populated at install time. 7 | 8 | --- 9 | +kind: Role 10 | +apiVersion: rbac.authorization.k8s.io/v1 11 | +metadata: 12 | + namespace: knative-serving 13 | + name: openshift-serverless-view-serving-configmaps 14 | +rules: 15 | + - apiGroups: [""] 16 | + resources: ["configmaps"] 17 | + resourceNames: ["config-autoscaler"] 18 | + verbs: ["get", "list", "watch"] 19 | +--- 20 | +kind: RoleBinding 21 | +apiVersion: rbac.authorization.k8s.io/v1 22 | +metadata: 23 | + name: openshift-serverless-view-serving-configmaps 24 | + namespace: knative-serving 25 | +subjects: 26 | + - kind: Group 27 | + name: system:authenticated 28 | + apiGroup: rbac.authorization.k8s.io 29 | +roleRef: 30 | + apiGroup: rbac.authorization.k8s.io 31 | + kind: Role 32 | + name: openshift-serverless-view-serving-configmaps 33 | -------------------------------------------------------------------------------- /openshift/release/manifest-patches/001-serving-namespace-deletion.patch: -------------------------------------------------------------------------------- 1 | diff --git a/openshift/release/artifacts/2-serving-core.yaml b/openshift/release/artifacts/2-serving-core.yaml 2 | index 53f1a1b3f..b166104c8 100644 3 | --- a/openshift/release/artifacts/2-serving-core.yaml 4 | +++ b/openshift/release/artifacts/2-serving-core.yaml 5 | @@ -1,25 +1,3 @@ 6 | -# Copyright 2018 The Knative Authors 7 | -# 8 | -# Licensed under the Apache License, Version 2.0 (the "License"); 9 | -# you may not use this file except in compliance with the License. 10 | -# You may obtain a copy of the License at 11 | -# 12 | -# https://www.apache.org/licenses/LICENSE-2.0 13 | -# 14 | -# Unless required by applicable law or agreed to in writing, software 15 | -# distributed under the License is distributed on an "AS IS" BASIS, 16 | -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | -# See the License for the specific language governing permissions and 18 | -# limitations under the License. 19 | - 20 | -apiVersion: v1 21 | -kind: Namespace 22 | -metadata: 23 | - name: knative-serving 24 | - labels: 25 | - app.kubernetes.io/name: knative-serving 26 | - app.kubernetes.io/version: "REPLACE_VERSION" 27 | - 28 | --- 29 | # Copyright 2019 The Knative Authors 30 | # 31 | -------------------------------------------------------------------------------- /openshift/release/create-release-branch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Usage: create-release-branch.sh v0.4.1 release-0.4 4 | 5 | set -e # Exit immediately on error. 6 | 7 | release=$1 8 | target=$2 9 | 10 | # Fetch the latest tags and checkout a new branch from the wanted tag. 11 | git fetch upstream --tags 12 | git checkout -b "$target" "$release" 13 | 14 | # Copy the openshift extra files from the OPENSHIFT/main branch. 15 | git fetch openshift main 16 | git checkout openshift/main -- openshift OWNERS_ALIASES OWNERS Makefile 17 | make generate-dockerfiles 18 | make RELEASE=$release generate-release 19 | make RELEASE=ci generate-release 20 | git add openshift OWNERS_ALIASES OWNERS Makefile 21 | git commit -m "Add openshift specific files." 22 | 23 | # Apply patches . 24 | PATCH_DIR="openshift/patches" 25 | # Use release-specific patch dir if exists 26 | if [ -d "openshift/patches-${release}" ]; then 27 | PATCH_DIR="openshift/patches-${release}" 28 | # Update the nightly test images to actual versioned images 29 | sed -i "s/knative-nightly:knative/knative-${release}:knative/g" ${PATCH_DIR}/*.patch 30 | fi 31 | git apply $PATCH_DIR/* 32 | make RELEASE=$release generate-release 33 | make RELEASE=ci generate-release 34 | git add . 35 | git commit -am ":fire: Apply carried patches." 36 | -------------------------------------------------------------------------------- /openshift/patches/002-mutemetrics.patch: -------------------------------------------------------------------------------- 1 | diff --git a/vendor/knative.dev/pkg/controller/stats_reporter.go b/vendor/knative.dev/pkg/controller/stats_reporter.go 2 | index 6735285db..67ec3d6a1 100644 3 | --- a/vendor/knative.dev/pkg/controller/stats_reporter.go 4 | +++ b/vendor/knative.dev/pkg/controller/stats_reporter.go 5 | @@ -199,7 +199,7 @@ func (r *reporter) ReportReconcile(duration time.Duration, success string, key t 6 | return err 7 | } 8 | 9 | - metrics.RecordBatch(ctx, reconcileCountStat.M(1), 10 | - reconcileLatencyStat.M(duration.Milliseconds())) 11 | + // TODO skonto: fix latency histograms 12 | + metrics.Record(ctx, reconcileCountStat.M(1)) 13 | return nil 14 | } 15 | diff --git a/vendor/knative.dev/pkg/webhook/stats_reporter.go b/vendor/knative.dev/pkg/webhook/stats_reporter.go 16 | index 9d64634fe..a735367e3 100644 17 | --- a/vendor/knative.dev/pkg/webhook/stats_reporter.go 18 | +++ b/vendor/knative.dev/pkg/webhook/stats_reporter.go 19 | @@ -99,9 +99,8 @@ func (r *reporter) ReportRequest(req *admissionv1.AdmissionRequest, resp *admiss 20 | return err 21 | } 22 | 23 | - metrics.RecordBatch(ctx, requestCountM.M(1), 24 | - // Convert time.Duration in nanoseconds to milliseconds 25 | - responseTimeInMsecM.M(float64(d.Milliseconds()))) 26 | + // TODO skonto: fix latency histograms 27 | + metrics.Record(ctx, requestCountM.M(1)) 28 | return nil 29 | } 30 | 31 | -------------------------------------------------------------------------------- /openshift/release/README.md: -------------------------------------------------------------------------------- 1 | # Release creation 2 | 3 | ## Branching 4 | 5 | As far as branching goes, we have two use-cases: 6 | 7 | 1. Creating a branch based off an upstream release tag. 8 | 2. Having a branch that follow upstream's HEAD and serves as a vehicle for continuous integration. 9 | 10 | A prerequisite for both scripts is that your local clone of the repository has a remote "upstream" 11 | that points to the upstream repository and a remote "openshift" that points to the openshift fork. 12 | 13 | Run the scripts from the root of the repository. 14 | 15 | ### Creating a branch based off an upstream release tag 16 | 17 | To create a clean branch from an upstream release tag, use the `create-release-branch.sh` script: 18 | 19 | ```bash 20 | $ ./openshift/release/create-release-branch.sh v0.4.1 release-0.4 21 | ``` 22 | 23 | This will create a new branch "release-0.4" based off the tag "v0.4.1" and add all OpenShift specific 24 | files that we need to run CI on top of it. 25 | 26 | ### Updating the release-next branch that follow upstream's HEAD 27 | 28 | To update a branch to the latest HEAD of upstream use the `update-to-head.sh` script: 29 | 30 | ```bash 31 | $ ./openshift/release/update-to-head.sh 32 | ``` 33 | 34 | That will pull the latest main from upstream, rebase the current fixes on the release-next branch 35 | on top of it, update the Openshift specific files if necessary, and then trigger CI. -------------------------------------------------------------------------------- /openshift/release/mirror-upstream-branches.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Usage: openshift/release/mirror-upstream-branches.sh 4 | # This should be run from the basedir of the repo with no arguments 5 | 6 | 7 | set -ex 8 | readonly TMPDIR=$(mktemp -d knativeEventingBranchingCheckXXXX -p /tmp/) 9 | 10 | git fetch upstream --tags 11 | git fetch openshift --tags 12 | 13 | # We need to seed this with a few releases that, otherwise, would make 14 | # the processing regex less clear with more anomalies 15 | cat >> "$TMPDIR"/midstream_branches < "$TMPDIR"/upstream_branches 21 | git branch --list -a "openshift/release-v1.*" | cut -f3 -d'/' | cut -f2 -d'v' | cut -f1,2 -d'.' >> "$TMPDIR"/midstream_branches 22 | 23 | sort -o "$TMPDIR"/midstream_branches "$TMPDIR"/midstream_branches 24 | sort -o "$TMPDIR"/upstream_branches "$TMPDIR"/upstream_branches 25 | comm -32 "$TMPDIR"/upstream_branches "$TMPDIR"/midstream_branches > "$TMPDIR"/new_branches 26 | 27 | UPSTREAM_BRANCH=$(cat "$TMPDIR"/new_branches | head -1) 28 | if [ -z "$UPSTREAM_BRANCH" ]; then 29 | echo "no new branch, exiting" 30 | exit 0 31 | fi 32 | echo "found upstream branch: $UPSTREAM_BRANCH" 33 | readonly UPSTREAM_TAG="knative-v$UPSTREAM_BRANCH.0" 34 | readonly MIDSTREAM_BRANCH="release-v$UPSTREAM_BRANCH" 35 | openshift/release/create-release-branch.sh "$UPSTREAM_TAG" "$MIDSTREAM_BRANCH" 36 | # we would check the error code, but we 'set -e', so assume we're fine 37 | git push openshift "$MIDSTREAM_BRANCH" 38 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | aliases: 2 | serving-approvers: 3 | - alanfx 4 | - mgencur 5 | - mvinkler 6 | - nak3 7 | - rhuss 8 | - skonto 9 | serving-reviewers: 10 | - alanfx 11 | - mgencur 12 | - mvinkler 13 | - nak3 14 | - rhuss 15 | - skonto 16 | 17 | serving-api-approvers: 18 | - alanfx 19 | - mgencur 20 | - mvinkler 21 | - nak3 22 | - rhuss 23 | - skonto 24 | serving-api-reviewers: 25 | - alanfx 26 | - mgencur 27 | - mvinkler 28 | - nak3 29 | - rhuss 30 | - skonto 31 | 32 | autoscaling-approvers: 33 | - alanfx 34 | - mgencur 35 | - mvinkler 36 | - nak3 37 | - rhuss 38 | - skonto 39 | autoscaling-reviewers: 40 | - alanfx 41 | - mgencur 42 | - mvinkler 43 | - nak3 44 | - rhuss 45 | - skonto 46 | 47 | monitoring-approvers: 48 | - alanfx 49 | - mgencur 50 | - mvinkler 51 | - nak3 52 | - rhuss 53 | - skonto 54 | monitoring-reviewers: 55 | - alanfx 56 | - mgencur 57 | - mvinkler 58 | - nak3 59 | - rhuss 60 | - skonto 61 | 62 | productivity-approvers: 63 | - alanfx 64 | - mgencur 65 | - mvinkler 66 | - nak3 67 | - rhuss 68 | - skonto 69 | productivity-reviewers: 70 | - alanfx 71 | - mgencur 72 | - mvinkler 73 | - nak3 74 | - rhuss 75 | - skonto 76 | 77 | networking-approvers: 78 | - alanfx 79 | - mgencur 80 | - mvinkler 81 | - nak3 82 | - rhuss 83 | - skonto 84 | networking-reviewers: 85 | - alanfx 86 | - mgencur 87 | - mvinkler 88 | - nak3 89 | - rhuss 90 | - skonto 91 | 92 | build-approvers: 93 | - alanfx 94 | - mgencur 95 | - mvinkler 96 | - nak3 97 | - rhuss 98 | - skonto 99 | build-reviewers: 100 | - alanfx 101 | - mgencur 102 | - mvinkler 103 | - nak3 104 | - rhuss 105 | - skonto 106 | 107 | -------------------------------------------------------------------------------- /openshift/release/download_release_artifacts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Usage example: ./download_release_artifacts.sh v1.4.0 4 | 5 | set -Eeuo pipefail 6 | 7 | SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")" 8 | 9 | manifest_path="${SCRIPT_DIR}/manifest-patches" 10 | artifacts_path="${SCRIPT_DIR}/artifacts" 11 | mkdir -p "${manifest_path}" 12 | mkdir -p "${artifacts_path}" 13 | # These files could in theory change from release to release, though their names should 14 | # be fairly stable. 15 | serving_files=(serving-crds serving-core serving-hpa serving-post-install-jobs) 16 | 17 | function download_serving { 18 | component=$1 19 | version=$2 20 | shift 21 | shift 22 | 23 | files=("$@") 24 | 25 | component_dir="${artifacts_path}" 26 | release_suffix="${version%?}0" 27 | target_dir="${component_dir}" 28 | rm -r "$component_dir" 29 | mkdir -p "$target_dir" 30 | 31 | for (( i=0; i<${#files[@]}; i++ )); 32 | do 33 | index=$(( i+1 )) 34 | file="${files[$i]}.yaml" 35 | target_file="$target_dir/$index-$file" 36 | 37 | url="https://github.com/knative/$component/releases/download/knative-$release_suffix/$file" 38 | wget --no-check-certificate "$url" -O "$target_file" 39 | done 40 | } 41 | 42 | download_serving serving "$1" "${serving_files[@]}" 43 | 44 | sed -i "s/REPLACE_VERSION/${release_suffix:1}/g" "${manifest_path}/001-serving-namespace-deletion.patch" 45 | sed -i "s/REPLACE_VERSION/${release_suffix:1}/g" "${manifest_path}/002-openshift-serving-role.patch" 46 | sed -i "s/REPLACE_VERSION/${release_suffix:1}/g" "${manifest_path}/003-serving-pdb.patch" 47 | 48 | # Drop namespace from manifest. 49 | git apply "${manifest_path}/001-serving-namespace-deletion.patch" 50 | 51 | # Extra role for downstream, so that users can get the autoscaling CM to fetch defaults. 52 | git apply "${manifest_path}/002-openshift-serving-role.patch" 53 | 54 | # TODO: Remove this once upstream fixed https://github.com/knative/operator/issues/376. 55 | # See also https://issues.redhat.com/browse/SRVKS-670. 56 | git apply "${manifest_path}/003-serving-pdb.patch" 57 | -------------------------------------------------------------------------------- /openshift/release/update-to-head.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Synchs the release-next branch to main and then triggers CI 4 | # Usage: update-to-head.sh 5 | 6 | set -e 7 | REPO_NAME=$(basename $(git rev-parse --show-toplevel)) 8 | 9 | # Check if there's an upstream release we need to mirror downstream 10 | openshift/release/mirror-upstream-branches.sh 11 | 12 | # Reset release-next to upstream/main. 13 | git fetch upstream main 14 | git checkout upstream/main -B release-next 15 | 16 | # Update openshift's main and take all needed files from there. 17 | git fetch openshift main 18 | git checkout openshift/main openshift OWNERS_ALIASES OWNERS Makefile 19 | # Apply patches . 20 | git apply openshift/patches/* 21 | git add . 22 | git commit -am ":fire: Apply carried patches." 23 | 24 | # Revert the autoscaling API version change. 25 | git revert 974d19d03644dff46b097a15efb4d3d7167765ad 26 | 27 | # Revert the autoscaling API version change in webhook resource. 28 | git revert a6a18b857be4f9e03a5bc4e196ea8450ff68828e 29 | 30 | make generate-dockerfiles 31 | make RELEASE=ci generate-release 32 | git add openshift OWNERS_ALIASES OWNERS Makefile 33 | git commit -m ":open_file_folder: Update openshift specific files." 34 | 35 | git push -f openshift release-next 36 | 37 | # Trigger CI 38 | git checkout release-next -B release-next-ci 39 | date > ci 40 | git add ci 41 | git commit -m ":robot: Triggering CI on branch 'release-next' after synching to upstream/main" 42 | git push -f openshift release-next-ci 43 | 44 | if hash hub 2>/dev/null; then 45 | # Test if there is already a sync PR in 46 | COUNT=$(hub api -H "Accept: application/vnd.github.v3+json" repos/openshift/${REPO_NAME}/pulls --flat \ 47 | | grep -c ":robot: Triggering CI on branch 'release-next' after synching to upstream/main") || true 48 | if [ "$COUNT" = "0" ]; then 49 | hub pull-request --no-edit -l "kind/sync-fork-to-upstream" -b openshift/${REPO_NAME}:release-next -h openshift/${REPO_NAME}:release-next-ci 50 | fi 51 | else 52 | echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually." 53 | fi 54 | -------------------------------------------------------------------------------- /openshift/patches/004-grpc.patch: -------------------------------------------------------------------------------- 1 | diff --git a/test/e2e/grpc_test.go b/test/e2e/grpc_test.go 2 | index cab0aa22d..ee64c3b29 100644 3 | --- a/test/e2e/grpc_test.go 4 | +++ b/test/e2e/grpc_test.go 5 | @@ -34,7 +34,6 @@ import ( 6 | 7 | "golang.org/x/sync/errgroup" 8 | "google.golang.org/grpc" 9 | - "google.golang.org/grpc/credentials" 10 | "google.golang.org/grpc/credentials/insecure" 11 | 12 | corev1 "k8s.io/api/core/v1" 13 | @@ -68,9 +67,6 @@ func hasPort(u string) bool { 14 | 15 | func dial(ctx *TestContext, host, domain string) (*grpc.ClientConn, error) { 16 | defaultPort := "80" 17 | - if test.ServingFlags.HTTPS { 18 | - defaultPort = "443" 19 | - } 20 | if !hasPort(host) { 21 | host = net.JoinHostPort(host, defaultPort) 22 | } 23 | @@ -83,12 +79,6 @@ func dial(ctx *TestContext, host, domain string) (*grpc.ClientConn, error) { 24 | } 25 | 26 | creds := insecure.NewCredentials() 27 | - if test.ServingFlags.HTTPS { 28 | - tlsConfig := test.TLSClientConfig(context.Background(), ctx.t.Logf, ctx.clients) 29 | - // Set ServerName for pseudo hostname with TLS. 30 | - tlsConfig.ServerName = domain 31 | - creds = credentials.NewTLS(tlsConfig) 32 | - } 33 | 34 | return grpc.Dial( 35 | host, 36 | @@ -324,11 +314,6 @@ func streamTest(tc *TestContext, host, domain string) { 37 | 38 | func testGRPC(t *testing.T, f grpcTest, fopts ...rtesting.ServiceOption) { 39 | t.Helper() 40 | - // TODO: https option with parallel leads to flakes. 41 | - // https://github.com/knative/serving/issues/11387 42 | - if !test.ServingFlags.HTTPS { 43 | - t.Parallel() 44 | - } 45 | 46 | // Setup 47 | clients := Setup(t) 48 | @@ -369,16 +354,13 @@ func testGRPC(t *testing.T, f grpcTest, fopts ...rtesting.ServiceOption) { 49 | } 50 | 51 | host := url.Host 52 | - if !test.ServingFlags.ResolvableDomain { 53 | + if true { 54 | addr, mapper, err := ingress.GetIngressEndpoint(context.Background(), clients.KubeClient, pkgTest.Flags.IngressEndpoint) 55 | if err != nil { 56 | t.Fatal("Could not get service endpoint:", err) 57 | } 58 | - if test.ServingFlags.HTTPS { 59 | - host = net.JoinHostPort(addr, mapper("443")) 60 | - } else { 61 | - host = net.JoinHostPort(addr, mapper("80")) 62 | - } 63 | + 64 | + host = net.JoinHostPort(addr, mapper("80")) 65 | } 66 | 67 | f(&TestContext{ 68 | -------------------------------------------------------------------------------- /openshift/tui-functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Colors 4 | COLOR_OFF='\033[0m' # Text Reset 5 | RED='\033[0;31m' # Red 6 | GREEN='\033[0;32m' # Green 7 | YELLOW='\033[0;93m' # Yellow 8 | COLOR="" # Points to current set color 9 | 10 | # Use the following functions to help printing your script output in a more user-friendly and readable 11 | # format. If you group your script's logic into a set of logical stages, each executing a set of steps, 12 | # then use the 'stage' function to print the main stage message, then the 'step' for each step message 13 | # and step_error for each step error message. 14 | 15 | # Prints its argument within a box. 16 | # It supports a maximum message of 120 characters. 17 | # Will print in 60 ch box if the message fits. 18 | function text_box() { 19 | MSG=$* 20 | MSG_SIZE=${#MSG} 21 | [[ $MSG_SIZE -lt 60 ]] && WIDTH=60 || WIDTH=120 22 | printf "┌" 23 | printf "─%.0s" $(seq 1 $WIDTH) 24 | printf "┐" 25 | printf "\n│ " 26 | ((PADDING = ($WIDTH - $MSG_SIZE) - 1)) 27 | printf "${COLOR}${MSG}${COLOR_OFF}" 28 | printf " %.0s" $(seq 1 $PADDING) 29 | printf "│\n" 30 | printf "└" 31 | printf "─%.0s" $(seq 1 $WIDTH) 32 | printf "┘" 33 | printf "\n" 34 | } 35 | 36 | # Prints its argument indented as an indented text with a leeding bread crump indicator. 37 | function box_sub_text() { 38 | MSG=$* 39 | printf "│─── " 40 | printf "${COLOR}${MSG}${COLOR_OFF}" 41 | printf "\n" 42 | } 43 | 44 | # Prints a stage header message of max 120 ch in green. 45 | function stage() { 46 | COLOR=$GREEN 47 | text_box "${*}..." 48 | } 49 | 50 | # Prints a normal step message in green. 51 | function step() { 52 | COLOR=$GREEN 53 | box_sub_text $* 54 | } 55 | 56 | # Prints an error step message in red. 57 | function step_error() { 58 | COLOR=$RED 59 | box_sub_text $* 60 | } 61 | 62 | # Prints a warning step message in yellow. 63 | function step_warn() { 64 | MSG=$* 65 | printf "${YELLOW}│─── " 66 | printf "⚠️ ${MSG}${COLOR_OFF} ⚠️" 67 | printf "\n" 68 | } 69 | 70 | # Prints a stage warning header message of max 120 ch in yellow. 71 | function stage_warn() { 72 | MSG=$* 73 | MSG_SIZE=${#MSG} 74 | [[ $MSG_SIZE -lt 60 ]] && WIDTH=60 || WIDTH=120 75 | printf "${YELLOW}┌" 76 | printf "─%.0s" $(seq 1 $WIDTH) 77 | printf "┐" 78 | printf "\n│ ${COLOR_OFF}" 79 | ((PADDING = ($WIDTH - $MSG_SIZE) - 1)) 80 | printf "${MSG}" 81 | printf " %.0s" $(seq 1 $PADDING) 82 | printf "${YELLOW}│\n" 83 | printf "└" 84 | printf "─%.0s" $(seq 1 $WIDTH) 85 | printf "┘${COLOR_OFF}" 86 | printf "\n" 87 | } 88 | -------------------------------------------------------------------------------- /RELEASE.md: -------------------------------------------------------------------------------- 1 | # OpenShift Knative Serving Release procedure 2 | 3 | The OpenShift Knative Serving release cut is mostly automated and requires only two manual steps for enabling the CI runs on the `openshift/release` repository. 4 | 5 | No manual creation of a midstream `release-v1.x` branch is needed. The nightly Jenkins job, does create a `release` branch, as soon as the upstream has created a new release tag. The code for this script is located in this [script](./openshift/release/mirror-upstream-branches.sh), which does mirror the upstream release tag to our midstream `release` branches. 6 | 7 | ## Enable CI for the release branch 8 | 9 | * Create a fork and clone of https://github.com/openshift/release into your `$GOPATH` 10 | * On your `openshift/knative-serving` root folder checkout the new `release-vX.Y` branch and run: 11 | 12 | ```bash 13 | # Invoke CI config generation, and mirroring images 14 | 15 | make update-ci 16 | ``` 17 | 18 | The above `make update-ci` adds new CI configuration to the `openshift/release` repository and afterwards shows which new files were added, like below: 19 | 20 | ```bash 21 | ┌────────────────────────────────────────────────────────────┐ 22 | │ Summary... │ 23 | └────────────────────────────────────────────────────────────┘ 24 | │─── Modified files in /home/knakayam/.go/src/github.com/openshift/release 25 | core-services/image-mirroring/knative/mapping_knative_v1_3_quay 26 | │─── New files in /home/knakayam/.go/src/github.com/openshift/release 27 | ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-v1.3__410.yaml 28 | ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-v1.3__46.yaml 29 | ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-v1.3__47.yaml 30 | ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-v1.3__48.yaml 31 | ci-operator/config/openshift/knative-serving/openshift-knative-serving-release-v1.3__49.yaml 32 | ci-operator/jobs/openshift/knative-serving/openshift-knative-serving-release-v1.3-periodics.yaml 33 | ci-operator/jobs/openshift/knative-serving/openshift-knative-serving-release-v1.3-postsubmits.yaml 34 | ci-operator/jobs/openshift/knative-serving/openshift-knative-serving-release-v1.3-presubmits.yaml 35 | ┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ 36 | │ Commit changes to /home/knakayam/.go/src/github.com/openshift/release and create a PR │ 37 | └────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ 38 | ``` 39 | 40 | As stated by the `make` target, these changes need to be PR'd against that repository. Once the PR is merged, the CI jobs for the new `release-vX.Y` repo is done. 41 | 42 | ### Serverless Operator 43 | 44 | _Making use of the midstream release on the serverless operator is discussed on its own release manual..._ 45 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | #This makefile is used by ci-operator 2 | 3 | CGO_ENABLED=0 4 | GOOS=linux 5 | CORE_IMAGES=./cmd/activator ./cmd/autoscaler ./cmd/autoscaler-hpa ./cmd/controller ./cmd/queue ./cmd/webhook ./vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate ./cmd/domain-mapping ./cmd/domain-mapping-webhook 6 | TEST_IMAGES=$(shell find ./test/test_images ./test/test_images/multicontainer -mindepth 1 -maxdepth 1 -type d) 7 | TEST_IMAGE_TAG=latest 8 | DOCKER_REPO_OVERRIDE= 9 | KO_FLAGS= 10 | BRANCH= 11 | TEST= 12 | IMAGE= 13 | 14 | # Guess location of openshift/release repo. NOTE: override this if it is not correct. 15 | OPENSHIFT=${CURDIR}/../../github.com/openshift/release 16 | 17 | install: 18 | for img in $(CORE_IMAGES); do \ 19 | go install -tags="disable_gcp,disable_aws,disable_azure" $$img ; \ 20 | done 21 | .PHONY: install 22 | 23 | test-install: 24 | for img in $(TEST_IMAGES); do \ 25 | go install $$img ; \ 26 | done 27 | .PHONY: test-install 28 | 29 | test-e2e: 30 | ./openshift/e2e-tests.sh 31 | .PHONY: test-e2e 32 | 33 | test-e2e-tls: 34 | ENABLE_INTERNAL_TLS="true" ./openshift/e2e-tests.sh 35 | .PHONY: test-e2e-tls 36 | 37 | test-images: 38 | for img in $(TEST_IMAGES); do \ 39 | KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko resolve --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -RBf $$img ; \ 40 | done 41 | .PHONY: test-images 42 | 43 | test-image-single: 44 | KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko resolve --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -RBf test/test_images/$(IMAGE) 45 | .PHONY: test-image-single 46 | 47 | # Run make DOCKER_REPO_OVERRIDE= test-e2e-local if test images are available 48 | # in the given repository. Make sure you first build and push them there by running `make test-images`. 49 | # Run make BRANCH= test-e2e-local if test images from the latest CI 50 | # build for this branch should be used. Example: `make BRANCH=knative-v0.13.2 test-e2e-local`. 51 | # If neither DOCKER_REPO_OVERRIDE nor BRANCH are defined the tests will use test images 52 | # from the last nightly build. 53 | # If TEST is defined then only the single test will be run. 54 | test-e2e-local: 55 | ./openshift/e2e-tests-local.sh $(TEST) 56 | .PHONY: test-e2e-local 57 | 58 | # Generate Dockerfiles for core and test images used by ci-operator. The files need to be committed manually. 59 | generate-dockerfiles: 60 | ./openshift/ci-operator/generate-dockerfiles.sh openshift/ci-operator/knative-images $(CORE_IMAGES) 61 | ./openshift/ci-operator/generate-dockerfiles.sh openshift/ci-operator/knative-test-images $(TEST_IMAGES) 62 | .PHONY: generate-dockerfiles 63 | 64 | # Generates a ci-operator configuration for a specific branch. 65 | generate-ci-config: 66 | ./openshift/ci-operator/generate-ci-config.sh $(BRANCH) > ci-operator-config.yaml 67 | .PHONY: generate-ci-config 68 | 69 | # Generate an aggregated knative yaml file with replaced image references 70 | generate-release: 71 | ./openshift/release/generate-release.sh $(RELEASE) 72 | .PHONY: generate-release 73 | 74 | # Update CI configuration in the $(OPENSHIFT) directory. 75 | # NOTE: Makes changes outside this repository. 76 | update-ci: 77 | sh ./openshift/ci-operator/update-ci.sh $(OPENSHIFT) $(CORE_IMAGES) 78 | -------------------------------------------------------------------------------- /openshift/patches/003-routeretry.patch: -------------------------------------------------------------------------------- 1 | diff --git a/vendor/knative.dev/pkg/test/spoof/openshift_checks.go b/vendor/knative.dev/pkg/test/spoof/openshift_checks.go 2 | new file mode 100644 3 | index 000000000..acaebe95b 4 | --- /dev/null 5 | +++ b/vendor/knative.dev/pkg/test/spoof/openshift_checks.go 6 | @@ -0,0 +1,40 @@ 7 | +package spoof 8 | + 9 | +import ( 10 | + "fmt" 11 | + "net/http" 12 | + "strings" 13 | +) 14 | + 15 | +// isUnknownAuthority checks if the error contains "certificate signed by unknown authority". 16 | +// This error happens when OpenShift Route starts/changes to use passthrough mode. It takes a little bit time to be synced. 17 | +func isUnknownAuthority(err error) bool { 18 | + return err != nil && strings.Contains(err.Error(), "certificate signed by unknown authority") 19 | +} 20 | + 21 | +// RetryingRouteInconsistency retries common requests seen when creating a new route 22 | +// - 503 to account for Openshift route inconsistency (https://jira.coreos.com/browse/SRVKS-157) 23 | +func RouteInconsistencyRetryChecker(resp *Response) (bool, error) { 24 | + if resp.StatusCode == http.StatusServiceUnavailable { 25 | + return true, fmt.Errorf("retrying route inconsistency request: %s", resp) 26 | + } 27 | + return false, nil 28 | +} 29 | + 30 | +// RouteInconsistencyMultiRetryChecker retries common requests seen when creating a new route 31 | +// - 503 to account for Openshift route inconsistency (https://jira.coreos.com/browse/SRVKS-157) 32 | +func RouteInconsistencyMultiRetryChecker() ResponseChecker { 33 | + const neededSuccesses = 32 34 | + var successes int 35 | + return func(resp *Response) (bool, error) { 36 | + if resp.StatusCode == http.StatusServiceUnavailable { 37 | + successes = 0 38 | + return true, fmt.Errorf("retrying route inconsistency request: %s", resp) 39 | + } 40 | + successes++ 41 | + if successes < neededSuccesses { 42 | + return true, fmt.Errorf("successful requests: %d, required: %d", successes, neededSuccesses) 43 | + } 44 | + return false, nil 45 | + } 46 | +} 47 | diff --git a/vendor/knative.dev/pkg/test/spoof/spoof.go b/vendor/knative.dev/pkg/test/spoof/spoof.go 48 | index 147a64adc..5ee44906e 100644 49 | --- a/vendor/knative.dev/pkg/test/spoof/spoof.go 50 | +++ b/vendor/knative.dev/pkg/test/spoof/spoof.go 51 | @@ -164,7 +164,7 @@ func (sc *SpoofingClient) Do(req *http.Request, errorRetryCheckers ...interface{ 52 | // If no retry checkers are specified `DefaultErrorRetryChecker` will be used. 53 | func (sc *SpoofingClient) Poll(req *http.Request, inState ResponseChecker, checkers ...interface{}) (*Response, error) { 54 | if len(checkers) == 0 { 55 | - checkers = []interface{}{ErrorRetryChecker(DefaultErrorRetryChecker), ResponseRetryChecker(DefaultResponseRetryChecker)} 56 | + checkers = []interface{}{ErrorRetryChecker(DefaultErrorRetryChecker), ResponseRetryChecker(DefaultResponseRetryChecker), ResponseRetryChecker(RouteInconsistencyRetryChecker)} 57 | } 58 | 59 | var resp *Response 60 | @@ -252,6 +252,9 @@ func DefaultErrorRetryChecker(err error) (bool, error) { 61 | if isNoRouteToHostError(err) { 62 | return true, fmt.Errorf("retrying for 'no route to host' error: %w", err) 63 | } 64 | + if isUnknownAuthority(err) { 65 | + return true, fmt.Errorf("retrying for certificate signed by unknown authority: %w", err) 66 | + } 67 | return false, err 68 | } 69 | 70 | @@ -328,6 +331,9 @@ func (sc *SpoofingClient) endpointState( 71 | } 72 | 73 | func (sc *SpoofingClient) Check(req *http.Request, inState ResponseChecker, checkers ...interface{}) (*Response, error) { 74 | + if len(checkers) == 0 { 75 | + checkers = []interface{}{ErrorRetryChecker(DefaultErrorRetryChecker), ResponseRetryChecker(DefaultResponseRetryChecker), ResponseRetryChecker(RouteInconsistencyMultiRetryChecker())} 76 | + } 77 | resp, err := sc.Do(req, checkers...) 78 | if err != nil { 79 | return nil, err 80 | -------------------------------------------------------------------------------- /openshift/ci-operator/update-ci.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # A script that will update the mapping file in github.com/openshift/release 3 | 4 | set -e 5 | 6 | source "$(dirname "$0")/../tui-functions.sh" 7 | 8 | readonly TMPDIR=$(mktemp -d knativeServingPeriodicReporterXXXX -p /tmp/) 9 | 10 | fail() { echo; echo "$*"; exit 1; } 11 | 12 | cat >> "$TMPDIR"/reporterConfig < :rainbow: {{else}} :volcano: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. <{{.Status.URL}}|View logs> :volcano: {{end}}' 21 | EOF 22 | 23 | # Deduce branch name and X.Y.Z version. 24 | BRANCH=$(git rev-parse --abbrev-ref HEAD) 25 | VERSION=$(echo $BRANCH | sed -E 's/^.*(v[0-9]+\.[0-9]+|next)|.*/\1/') 26 | test -n "$VERSION" || fail "'$BRANCH' is not a release branch" 27 | 28 | # Set up variables for important locations in the openshift/release repo. 29 | OPENSHIFT=$(realpath "$1"); shift 30 | test -d "$OPENSHIFT/.git" || fail "'$OPENSHIFT' is not a git repo" 31 | CONFIGDIR=$OPENSHIFT/ci-operator/config/openshift/knative-serving 32 | test -d "$CONFIGDIR" || fail "'$CONFIGDIR' is not a directory" 33 | PERIODIC_CONFIGDIR=$OPENSHIFT/ci-operator/jobs/openshift/knative-serving 34 | test -d "$PERIODIC_CONFIGDIR" || fail "'$PERIODIC_CONFIGDIR' is not a directory" 35 | 36 | # Generate CI config files 37 | stage "Generating CI config files" 38 | CONFIG=$CONFIGDIR/openshift-knative-serving-release-$VERSION 39 | PERIODIC_CONFIG=$PERIODIC_CONFIGDIR/openshift-knative-serving-release-$VERSION-periodics.yaml 40 | CURDIR=$(dirname $0) 41 | 42 | # $1=branch $2=openshift $3=promotion_disabled $4=generate_continuous $5=internal_tls_enabled(optional) 43 | $CURDIR/generate-ci-config.sh knative-$VERSION 4.8 true false > ${CONFIG}__48.yaml 44 | $CURDIR/generate-ci-config.sh knative-$VERSION 4.9 true false > ${CONFIG}__49.yaml 45 | $CURDIR/generate-ci-config.sh knative-$VERSION 4.11 true false > ${CONFIG}__411.yaml 46 | $CURDIR/generate-ci-config.sh knative-$VERSION 4.11 false true true > ${CONFIG}__411.yaml 47 | 48 | # Append missing lines to the mirror file. 49 | if [[ "$VERSION" != "next" ]]; then 50 | stage "Syncing mirror file" 51 | VER=$(echo $VERSION | sed 's/\./_/;s/\.[0-9]\+$//') # X_Y form of version 52 | MIRROR="$OPENSHIFT/core-services/image-mirroring/knative/mapping_knative_${VER}_quay" 53 | [ -n "$(tail -c1 $MIRROR)" ] && echo >> $MIRROR # Make sure there's a newline 54 | exclude_images="-not -name multicontainer -not -name initcontainers" 55 | test_images=$(find ./openshift/ci-operator/knative-test-images -mindepth 1 -maxdepth 1 -type d $exclude_images | LC_COLLATE=posix sort) 56 | for IMAGE in $test_images; do 57 | NAME=knative-serving-test-$(basename $IMAGE | sed 's/_/-/' | sed 's/_/-/' | sed 's/[_.]/-/' | sed 's/[_.]/-/' | sed 's/v0/upgrade-v0/') 58 | 59 | step "Adding $NAME to mirror file as $VERSION tag" 60 | LINE="registry.ci.openshift.org/openshift/knative-$VERSION.0:$NAME quay.io/openshift-knative/${NAME/knative-serving-test-/}:$VERSION" 61 | # Add $LINE if not already present 62 | grep -q "^$LINE\$" $MIRROR || echo "$LINE" >> $MIRROR 63 | 64 | VER=$(echo $VER | sed 's/\_/./') 65 | step "Adding $NAME to mirror file as $VER tag" 66 | LINE="registry.ci.openshift.org/openshift/knative-$VERSION.0:$NAME quay.io/openshift-knative/${NAME/knative-serving-test-/}:$VER" 67 | # Add $LINE if not already present 68 | grep -q "^$LINE\$" $MIRROR || echo "$LINE" >> $MIRROR 69 | done 70 | else 71 | stage "Syncing mirror file" 72 | MIRROR="$OPENSHIFT/core-services/image-mirroring/knative/mapping_knative_nightly_quay" 73 | [ -n "$(tail -c1 $MIRROR)" ] && echo >> $MIRROR # Make sure there's a newline 74 | test_images=$(find ./openshift/ci-operator/knative-test-images -mindepth 1 -maxdepth 1 -type d | LC_COLLATE=posix sort) 75 | for IMAGE in $test_images; do 76 | NAME=knative-serving-test-$(basename $IMAGE | sed 's/_/-/' | sed 's/_/-/' | sed 's/[_.]/-/' | sed 's/[_.]/-/' | sed 's/v0/upgrade-v0/') 77 | step "Adding $NAME to mirror file as latest tag" 78 | LINE="registry.ci.openshift.org/openshift/knative-nightly:$NAME quay.io/openshift-knative/${NAME/knative-serving-test-/}:latest" 79 | # Add $LINE if not already present 80 | grep -q "^$LINE\$" $MIRROR || echo "$LINE" >> $MIRROR 81 | done 82 | fi 83 | # Switch to openshift/release to generate PROW files 84 | cd $OPENSHIFT 85 | stage "Generating PROW job in $OPENSHIFT" 86 | make jobs 87 | stage "Generating ci-operator-config in $OPENSHIFT" 88 | make ci-operator-config 89 | RERUN_MAKE=false 90 | # We have to do this manually, see: https://docs.ci.openshift.org/docs/how-tos/notification/ 91 | if [[ "$VERSION" != "next" ]]; then 92 | stage "Adding reporter_config to periodics" 93 | # These version MUST match the ocp version we used above 94 | for OCP_VERSION in 411; do 95 | JOB="periodic-ci-openshift-knative-serving-release-${VERSION}-${OCP_VERSION}-e2e-aws-ocp-${OCP_VERSION}-continuous" 96 | if [[ $(sed -n "/ name: $JOB/ r $TMPDIR/reporterConfig" "$PERIODIC_CONFIG") ]]; then 97 | sed -i "/ name: $JOB/ r $TMPDIR/reporterConfig" "$PERIODIC_CONFIG" 98 | RERUN_MAKE=true 99 | step "Updating job $JOB - Done." 100 | else 101 | step "Skip updating job $JOB - probably generate_continuous is not enabled." 102 | fi 103 | done 104 | fi 105 | 106 | if [[ "$RERUN_MAKE" == "true" ]]; then 107 | # One last run to format any manual changes to the jobs 108 | stage "Generating PROW job in $OPENSHIFT" 109 | step "Running make job again to format any manually added configuration" 110 | make jobs 111 | fi 112 | 113 | stage "Summary" 114 | GIT_OUTPUT=$(git ls-files --modified) 115 | if [[ -n "${GIT_OUTPUT}" ]]; then 116 | step "Modified files in $OPENSHIFT" 117 | git ls-files --modified 118 | fi 119 | GIT_OUTPUT=$(git ls-files --others --exclude-standard) 120 | if [[ -n "${GIT_OUTPUT}" ]]; then 121 | step "New files in $OPENSHIFT" 122 | git ls-files --others --exclude-standard 123 | fi 124 | stage_warn "Commit changes to $OPENSHIFT and create a PR" 125 | -------------------------------------------------------------------------------- /openshift/ci-operator/generate-ci-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | branch=${1-'knative-v0.6.0'} 4 | openshift=${2-'4.3'} 5 | promotion_disabled=${3-false} 6 | generate_continuous=${4-false} 7 | internal_tls_enabled=${5-false} 8 | 9 | if [[ "$branch" == "knative-next" ]]; then 10 | promotion_name="knative-nightly" 11 | generate_continuous=false 12 | else 13 | promotion_name="$branch.0" 14 | fi 15 | 16 | core_images=$(find ./openshift/ci-operator/knative-images -mindepth 1 -maxdepth 1 -type d | LC_COLLATE=posix sort) 17 | exclude_images="-not -name multicontainer -not -name initcontainers" 18 | test_images=$(find ./openshift/ci-operator/knative-test-images -mindepth 1 -maxdepth 1 -type d $exclude_images | LC_COLLATE=posix sort) 19 | 20 | function generate_image_dependencies { 21 | for img in $core_images; do 22 | image_base=knative-serving-$(basename $img) 23 | to_image=$(echo ${image_base//[_.]/-}) 24 | to_image=$(echo ${to_image//v0/upgrade-v0}) 25 | to_image=$(echo ${to_image//migrate/storage-version-migration}) 26 | image_env=$(echo ${to_image//-/_}) 27 | image_env=$(echo ${image_env^^}) 28 | cat < openshift/olm/knative-serving.catalogsource.yaml 121 | ``` 122 | 123 | #### Tag the repository 124 | 125 | #### Get a "LGTM" from QE 126 | 127 | #### Get a "LGTM" from Docs 128 | 129 | #### Gather release notes from JIRA/GitHub 130 | 131 | #### Send a release announcement 132 | 133 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /openshift/e2e-common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | root="$(dirname "${BASH_SOURCE[0]}")" 4 | 5 | # shellcheck disable=SC1090 6 | source "$(dirname "$0")/../test/e2e-common.sh" 7 | source "$(dirname "$0")/release/resolve.sh" 8 | 9 | readonly SERVING_NAMESPACE=knative-serving 10 | readonly SERVING_INGRESS_NAMESPACE=knative-serving-ingress 11 | 12 | # The OLM global namespace was moved to openshift-marketplace since v4.2 13 | # ref: https://jira.coreos.com/browse/OLM-1190 14 | readonly OLM_NAMESPACE="openshift-marketplace" 15 | 16 | # Determine if we're running locally or in CI. 17 | if [ -n "$OPENSHIFT_BUILD_NAMESPACE" ]; then 18 | TEST_IMAGE_TEMPLATE=$(cat <<-END 19 | {{- with .Name }} 20 | {{- if eq . "volumes"}}$KNATIVE_SERVING_TEST_VOLUMES{{end -}} 21 | {{- if eq . "readiness"}}$KNATIVE_SERVING_TEST_READINESS{{end -}} 22 | {{- if eq . "pizzaplanetv1"}}$KNATIVE_SERVING_TEST_PIZZAPLANETV1{{end -}} 23 | {{- if eq . "pizzaplanetv2"}}$KNATIVE_SERVING_TEST_PIZZAPLANETV2{{end -}} 24 | {{- if eq . "helloworld"}}$KNATIVE_SERVING_TEST_HELLOWORLD{{end -}} 25 | {{- if eq . "runtime"}}$KNATIVE_SERVING_TEST_RUNTIME{{end -}} 26 | {{- if eq . "timeout"}}$KNATIVE_SERVING_TEST_TIMEOUT{{end -}} 27 | {{- if eq . "observed-concurrency"}}$KNATIVE_SERVING_TEST_OBSERVED_CONCURRENCY{{end -}} 28 | {{- if eq . "grpc-ping"}}$KNATIVE_SERVING_TEST_GRPC_PING{{end -}} 29 | {{- if eq . "failing"}}$KNATIVE_SERVING_TEST_FAILING{{end -}} 30 | {{- if eq . "autoscale"}}$KNATIVE_SERVING_TEST_AUTOSCALE{{end -}} 31 | {{- if eq . "wsserver"}}$KNATIVE_SERVING_TEST_WSSERVER{{end -}} 32 | {{- if eq . "httpproxy"}}$KNATIVE_SERVING_TEST_HTTPPROXY{{end -}} 33 | {{- if eq . "singlethreaded"}}$KNATIVE_SERVING_TEST_SINGLETHREADED{{end -}} 34 | {{- if eq . "servingcontainer"}}$KNATIVE_SERVING_TEST_SERVINGCONTAINER{{end -}} 35 | {{- if eq . "sidecarcontainer"}}$KNATIVE_SERVING_TEST_SIDECARCONTAINER{{end -}} 36 | {{- if eq . "hellohttp2"}}$KNATIVE_SERVING_TEST_HELLOHTTP2{{end -}} 37 | {{- if eq . "hellovolume"}}$KNATIVE_SERVING_TEST_HELLOVOLUME{{end -}} 38 | {{- if eq . "invalidhelloworld"}}quay.io/openshift-knative/helloworld:invalid{{end -}} 39 | {{end -}} 40 | END 41 | ) 42 | elif [ -n "$DOCKER_REPO_OVERRIDE" ]; then 43 | readonly TEST_IMAGE_TEMPLATE="${DOCKER_REPO_OVERRIDE}/{{.Name}}" 44 | elif [ -n "$BRANCH" ]; then 45 | readonly TEST_IMAGE_TEMPLATE="registry.ci.openshift.org/openshift/${BRANCH}:knative-serving-test-{{.Name}}" 46 | elif [ -n "$TEMPLATE" ]; then 47 | readonly TEST_IMAGE_TEMPLATE="$TEMPLATE" 48 | else 49 | readonly TEST_IMAGE_TEMPLATE="registry.ci.openshift.org/openshift/knative-nightly:knative-serving-test-{{.Name}}" 50 | fi 51 | 52 | env 53 | 54 | # Waits until the machineset in the given namespaces scales up to the 55 | # desired number of replicas 56 | # Parameters: $1 - namespace 57 | # $2 - machineset name 58 | # $3 - desired number of replicas 59 | function wait_until_machineset_scales_up() { 60 | echo -n "Waiting until machineset $2 in namespace $1 scales up to $3 replicas" 61 | for _ in {1..150}; do # timeout after 15 minutes 62 | local available 63 | available=$(oc get machineset -n "$1" "$2" -o jsonpath="{.status.availableReplicas}") 64 | if [[ ${available} -eq $3 ]]; then 65 | echo -e "\nMachineSet $2 in namespace $1 successfully scaled up to $3 replicas" 66 | return 0 67 | fi 68 | echo -n "." 69 | sleep 6 70 | done 71 | echo - "Error: timeout waiting for machineset $2 in namespace $1 to scale up to $3 replicas" 72 | return 1 73 | } 74 | 75 | # Waits until the given hostname resolves via DNS 76 | # Parameters: $1 - hostname 77 | function wait_until_hostname_resolves() { 78 | echo -n "Waiting until hostname $1 resolves via DNS" 79 | for _ in {1..150}; do # timeout after 15 minutes 80 | local output 81 | output=$(host -t a "$1" | grep 'has address') 82 | if [[ -n "${output}" ]]; then 83 | echo -e "\n${output}" 84 | return 0 85 | fi 86 | echo -n "." 87 | sleep 6 88 | done 89 | echo -e "\n\nERROR: timeout waiting for hostname $1 to resolve via DNS" 90 | return 1 91 | } 92 | 93 | # Loops until duration (car) is exceeded or command (cdr) returns non-zero 94 | function timeout() { 95 | SECONDS=0; TIMEOUT=$1; shift 96 | while eval $*; do 97 | sleep 5 98 | [[ $SECONDS -gt $TIMEOUT ]] && echo "ERROR: Timed out" && return 1 99 | done 100 | return 0 101 | } 102 | 103 | function update_csv(){ 104 | local SERVING_DIR=$1 105 | 106 | source ./hack/lib/metadata.bash 107 | local SERVING_VERSION=$(metadata.get dependencies.serving) 108 | local EVENTING_VERSION=$(metadata.get dependencies.eventing) 109 | local KOURIER_VERSION=$(metadata.get dependencies.kourier) 110 | local KOURIER_MINOR_VERSION=${KOURIER_VERSION%.*} # e.g. "0.21.0" => "0.21" 111 | 112 | export KNATIVE_KOURIER_CONTROL="registry.ci.openshift.org/openshift/knative-v${KOURIER_VERSION}:kourier" 113 | export KNATIVE_KOURIER_GATEWAY=$(grep -w "docker.io/maistra/proxyv2-ubi8" $SERVING_DIR/third_party/kourier-latest/kourier.yaml | awk '{print $NF}') 114 | local CSV="olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml" 115 | 116 | # release-next branch keeps updating the latest manifest in knative-serving-ci.yaml for serving resources. 117 | # see: https://github.com/openshift/knative-serving/blob/release-next/openshift/release/knative-serving-ci.yaml 118 | # So mount the manifest and use it by KO_DATA_PATH env value. 119 | 120 | cat << EOF | yq write --inplace --script - $CSV || return $? 121 | - command: update 122 | path: spec.install.spec.deployments.(name==knative-operator-webhook).spec.template.spec.containers.(name==knative-operator).env[+] 123 | value: 124 | name: "KO_DATA_PATH" 125 | value: "/tmp/knative/" 126 | - command: update 127 | path: spec.install.spec.deployments.(name==knative-operator-webhook).spec.template.spec.containers.(name==knative-operator).volumeMounts[+] 128 | value: 129 | name: "serving-manifest" 130 | mountPath: "/tmp/knative/knative-serving/${SERVING_VERSION}" 131 | - command: update 132 | path: spec.install.spec.deployments.(name==knative-operator-webhook).spec.template.spec.volumes[+] 133 | value: 134 | name: "serving-manifest" 135 | configMap: 136 | name: "ko-data-serving" 137 | items: 138 | - key: "knative-serving-ci.yaml" 139 | path: "knative-serving-ci.yaml" 140 | # eventing 141 | - command: update 142 | path: spec.install.spec.deployments.(name==knative-operator-webhook).spec.template.spec.containers.(name==knative-operator).volumeMounts[+] 143 | value: 144 | name: "eventing-manifest" 145 | mountPath: "/tmp/knative/knative-eventing/${EVENTING_VERSION}" 146 | - command: update 147 | path: spec.install.spec.deployments.(name==knative-operator-webhook).spec.template.spec.volumes[+] 148 | value: 149 | name: "eventing-manifest" 150 | configMap: 151 | name: "ko-data-eventing" 152 | items: 153 | - key: "knative-eventing-ci.yaml" 154 | path: "knative-eventing-ci.yaml" 155 | # kourier 156 | - command: update 157 | path: spec.install.spec.deployments.(name==knative-operator-webhook).spec.template.spec.containers.(name==knative-operator).volumeMounts[+] 158 | value: 159 | name: "kourier-manifest" 160 | mountPath: "/tmp/knative/ingress/${KOURIER_MINOR_VERSION}" 161 | - command: update 162 | path: spec.install.spec.deployments.(name==knative-operator-webhook).spec.template.spec.volumes[+] 163 | value: 164 | name: "kourier-manifest" 165 | configMap: 166 | name: "kourier-cm" 167 | items: 168 | - key: "kourier.yaml" 169 | path: "kourier.yaml" 170 | EOF 171 | cat ./openshift-knative-operator/cmd/operator/kodata/ingress/${KOURIER_MINOR_VERSION}/0-kourier.yaml \ 172 | ./openshift-knative-operator/cmd/operator/kodata/ingress/${KOURIER_MINOR_VERSION}/1-config-network.yaml > /tmp/kourier.yaml 173 | 174 | oc create configmap kourier-cm -n $OPERATORS_NAMESPACE --from-file="/tmp/kourier.yaml" || return $? 175 | } 176 | 177 | function install_catalogsource(){ 178 | 179 | # And checkout the setup script based on that commit. 180 | local SERVERLESS_DIR=$(mktemp -d) 181 | local CURRENT_DIR=$(pwd) 182 | git clone --depth 1 https://github.com/openshift-knative/serverless-operator.git ${SERVERLESS_DIR} 183 | pushd ${SERVERLESS_DIR} 184 | 185 | source ./test/lib.bash 186 | create_namespaces "${SYSTEM_NAMESPACES[@]}" 187 | export GOPATH=/tmp/go 188 | OPENSHIFT_CI="true" make generated-files || return $? 189 | update_csv $CURRENT_DIR || return $? 190 | # Make OPENSHIFT_CI non-empty to build the serverless index and use S-O nightly build images. 191 | OPENSHIFT_CI="true" ensure_catalogsource_installed || return $? 192 | # Create a secret for https test. 193 | trust_router_ca || return $? 194 | popd 195 | } 196 | 197 | function install_knative(){ 198 | header "Installing Knative" 199 | export KNATIVE_SERVING_TEST_MANIFESTS_DIR="${root}/release" 200 | install_catalogsource || return $? 201 | create_configmaps || return $? 202 | deploy_serverless_operator "$CURRENT_CSV" || return $? 203 | 204 | # Wait for the CRD to appear 205 | timeout 900 '[[ $(oc get crd | grep -c knativeservings) -eq 0 ]]' || return 1 206 | 207 | # Install Knative Serving with initial values in test/config/config-observability.yaml. 208 | cat <<-EOF | oc apply -f - || return $? 209 | apiVersion: operator.knative.dev/v1alpha1 210 | kind: KnativeServing 211 | metadata: 212 | name: knative-serving 213 | namespace: ${SERVING_NAMESPACE} 214 | spec: 215 | ingress: 216 | kourier: 217 | service-type: "LoadBalancer" # To enable gRPC and HTTP2 tests. 218 | config: 219 | deployment: 220 | progressDeadline: "120s" 221 | observability: 222 | logging.request-log-template: '{"httpRequest": {"requestMethod": "{{.Request.Method}}", 223 | "requestUrl": "{{js .Request.RequestURI}}", "requestSize": "{{.Request.ContentLength}}", 224 | "status": {{.Response.Code}}, "responseSize": "{{.Response.Size}}", "userAgent": 225 | "{{js .Request.UserAgent}}", "remoteIp": "{{js .Request.RemoteAddr}}", "serverIp": 226 | "{{.Revision.PodIP}}", "referer": "{{js .Request.Referer}}", "latency": "{{.Response.Latency}}s", 227 | "protocol": "{{.Request.Proto}}"}, "traceId": "{{index .Request.Header "X-B3-Traceid"}}"}' 228 | logging.enable-probe-request-log: "true" 229 | logging.enable-request-log: "true" 230 | EOF 231 | 232 | # Wait for 4 pods to appear first 233 | timeout 600 '[[ $(oc get pods -n $SERVING_NAMESPACE --no-headers | wc -l) -lt 4 ]]' || return 1 234 | wait_until_pods_running $SERVING_NAMESPACE || return 1 235 | 236 | wait_until_service_has_external_ip $SERVING_INGRESS_NAMESPACE kourier || fail_test "Ingress has no external IP" 237 | wait_until_hostname_resolves "$(kubectl get svc -n $SERVING_INGRESS_NAMESPACE kourier -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" 238 | 239 | # TODO: Only one cluster enables internal-tls but it should be enabled by default when the feature is stable. 240 | if [[ ${ENABLE_INTERNAL_TLS:-} == "true" ]]; then 241 | oc patch knativeserving knative-serving \ 242 | -n "${SERVING_NAMESPACE}" \ 243 | --type merge --patch '{"spec": {"config": {"network": {"internal-encryption": "true"}}}}' 244 | oc patch knativeserving knative-serving \ 245 | -n "${SERVING_NAMESPACE}" \ 246 | --type merge --patch '{"spec": {"config": {"kourier": {"cluster-cert-secret": "server-certs"}}}}' 247 | # Deploy certificates for testing TLS with cluster-local gateway 248 | timeout 600 '[[ $(oc get ns $SERVING_INGRESS_NAMESPACE -oname | wc -l) == 0 ]]' || return 1 249 | yq read --doc 1 ./test/config/tls/cert-secret.yaml | yq write - metadata.namespace ${SERVING_INGRESS_NAMESPACE} | oc apply -f - 250 | echo "Restart activator to mount the certificates" 251 | oc delete pod -n ${SERVING_NAMESPACE} -l app=activator 252 | oc wait --timeout=60s --for=condition=Available deployment -n ${SERVING_NAMESPACE} activator 253 | echo "internal-encryption is enabled" 254 | fi 255 | 256 | header "Knative Installed successfully" 257 | } 258 | 259 | function create_configmaps(){ 260 | # Create configmap to use the latest manifest. 261 | oc create configmap ko-data-serving -n $OPERATORS_NAMESPACE --from-file="${KNATIVE_SERVING_TEST_MANIFESTS_DIR}/knative-serving-ci.yaml" || return $? 262 | 263 | # Create eventing manifest. We don't want to do this, but upstream designed that knative-eventing dir is mandatory 264 | # when KO_DATA_PATH was overwritten. 265 | oc create configmap ko-data-eventing -n $OPERATORS_NAMESPACE --from-file="${KNATIVE_SERVING_TEST_MANIFESTS_DIR}/knative-eventing-ci.yaml" || return $? 266 | } 267 | 268 | function prepare_knative_serving_tests_nightly { 269 | echo ">> Creating test resources for OpenShift (test/config/)" 270 | 271 | kubectl apply -f test/config/cluster-resources.yaml 272 | kubectl apply -f test/config/test-resources.yaml 273 | 274 | # Apply resource quota in rq-test namespace, needed for the related e2e test. 275 | oc apply -f ./test/config/resource-quota/resource-quota.yaml 276 | 277 | # Apply persistent volume claim needed, needed for the related e2e test. 278 | oc apply -f ./test/config/pvc/pvc.yaml 279 | 280 | oc adm policy add-scc-to-user privileged -z default -n serving-tests 281 | oc adm policy add-scc-to-user privileged -z default -n serving-tests-alt 282 | # Adding scc for anyuid to test TestShouldRunAsUserContainerDefault. 283 | oc adm policy add-scc-to-user anyuid -z default -n serving-tests 284 | 285 | export SYSTEM_NAMESPACE="$SERVING_NAMESPACE" 286 | export GATEWAY_OVERRIDE=kourier 287 | export GATEWAY_NAMESPACE_OVERRIDE="$SERVING_INGRESS_NAMESPACE" 288 | export INGRESS_CLASS=kourier.ingress.networking.knative.dev 289 | 290 | if [[ ${ENABLE_INTERNAL_TLS} == "true" ]]; then 291 | # Deploy CA cert for testing TLS with cluster-local gateway 292 | yq read --doc 0 ./test/config/tls/cert-secret.yaml | oc apply -f - 293 | # This needs to match the name of Secret in test/config/tls/cert-secret.yaml 294 | export CA_CERT=ca-cert 295 | # This needs to match $san from test/config/tls/generate.sh 296 | export SERVER_NAME=knative.dev 297 | fi 298 | } 299 | 300 | function run_e2e_tests(){ 301 | header "Running tests" 302 | 303 | local test_name=$1 304 | local failed=0 305 | 306 | # Keep this in sync with test/ha/ha.go 307 | readonly OPENSHIFT_REPLICAS=2 308 | # TODO: Increase BUCKETS size more than 1 when operator supports configmap/config-leader-election setting. 309 | readonly OPENSHIFT_BUCKETS=1 310 | 311 | # Changing the bucket count and cycling the controllers will leave around stale 312 | # lease resources at the old sharding factor, so clean these up. 313 | kubectl -n ${SYSTEM_NAMESPACE} delete leases --all 314 | 315 | # Wait for a new leader Controller to prevent race conditions during service reconciliation 316 | wait_for_leader_controller || failed=1 317 | 318 | # Dump the leases post-setup. 319 | header "Leaders" 320 | kubectl get lease -n "${SYSTEM_NAMESPACE}" 321 | 322 | # Give the controller time to sync with the rest of the system components. 323 | sleep 30 324 | subdomain=$(oc get ingresses.config.openshift.io cluster -o jsonpath="{.spec.domain}") 325 | 326 | if [ -n "$test_name" ]; then 327 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-volumes-emptydir": "enabled"}}}}' || fail_test 328 | go_test_e2e -tags=e2e -timeout=15m -parallel=1 \ 329 | ./test/e2e ./test/conformance/api/... ./test/conformance/runtime/... \ 330 | -run "^(${test_name})$" \ 331 | --kubeconfig "$KUBECONFIG" \ 332 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 333 | --enable-alpha \ 334 | --enable-beta \ 335 | --customdomain=$subdomain \ 336 | --https \ 337 | --skip-cleanup-on-fail \ 338 | --resolvabledomain || failed=$? 339 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-volumes-emptydir": "disabled"}}}}' || fail_test 340 | 341 | return $failed 342 | fi 343 | 344 | local parallel=3 345 | 346 | if [[ $(oc get infrastructure cluster -ojsonpath='{.status.platform}') = VSphere ]]; then 347 | # Since we don't have LoadBalancers working, gRPC tests will always fail. 348 | rm ./test/e2e/grpc_test.go 349 | parallel=2 350 | fi 351 | 352 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-volumes-emptydir": "enabled"}}}}' || fail_test 353 | go_test_e2e -tags=e2e -timeout=30m -parallel=$parallel \ 354 | ./test/e2e ./test/conformance/api/... ./test/conformance/runtime/... \ 355 | --kubeconfig "$KUBECONFIG" \ 356 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 357 | --enable-alpha \ 358 | --enable-beta \ 359 | --customdomain=$subdomain \ 360 | --https \ 361 | --skip-cleanup-on-fail \ 362 | --resolvabledomain || failed=1 363 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-volumes-emptydir": "disabled"}}}}' || fail_test 364 | 365 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"tag-header-based-routing": "enabled"}}}}' || fail_test 366 | go_test_e2e -timeout=2m ./test/e2e/tagheader \ 367 | --kubeconfig "$KUBECONFIG" \ 368 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 369 | --https \ 370 | --skip-cleanup-on-fail \ 371 | --resolvabledomain || failed=1 372 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"tag-header-based-routing": "disabled"}}}}' || fail_test 373 | 374 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "autoscaler": {"allow-zero-initial-scale": "true"}}}}' || fail_test 375 | # wait 10 sec until sync. 376 | sleep 10 377 | go_test_e2e -timeout=2m ./test/e2e/initscale \ 378 | --kubeconfig "$KUBECONFIG" \ 379 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 380 | --https \ 381 | --skip-cleanup-on-fail \ 382 | --resolvabledomain || failed=1 383 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "autoscaler": {"allow-zero-initial-scale": "false"}}}}' || fail_test 384 | 385 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"responsive-revision-gc": "enabled"}}}}' || fail_test 386 | # immediate_gc 387 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "gc": {"retain-since-create-time":"disabled","retain-since-last-active-time":"disabled","min-non-active-revisions":"0","max-non-active-revisions":"0"}}}}' || fail_test 388 | go_test_e2e -timeout=2m ./test/e2e/gc \ 389 | --kubeconfig "$KUBECONFIG" \ 390 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 391 | --https \ 392 | --skip-cleanup-on-fail \ 393 | --resolvabledomain || failed=1 394 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"responsive-revision-gc": "disabled"}}}}' || fail_test 395 | 396 | # Run HPA tests 397 | go_test_e2e -timeout=30m -tags=hpa ./test/e2e \ 398 | --kubeconfig "$KUBECONFIG" \ 399 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 400 | --https \ 401 | --skip-cleanup-on-fail \ 402 | --resolvabledomain || failed=1 403 | 404 | # Run init-containers test 405 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-volumes-emptydir": "enabled"}}}}' || fail_test 406 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-init-containers": "enabled"}}}}' || fail_test 407 | go_test_e2e -timeout=2m ./test/e2e/initcontainers \ 408 | --kubeconfig "$KUBECONFIG" \ 409 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 410 | --https \ 411 | --skip-cleanup-on-fail \ 412 | --resolvabledomain || failed=1 413 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-volumes-emptydir": "disabled"}}}}' || fail_test 414 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-init-containers": "disabled"}}}}' || fail_test 415 | 416 | # Run PVC test 417 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-persistent-volume-claim": "enabled"}}}}' || fail_test 418 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-persistent-volume-write": "enabled"}}}}' || fail_test 419 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-securitycontext": "enabled"}}}}' || fail_test 420 | go_test_e2e -timeout=5m ./test/e2e/pvc \ 421 | --kubeconfig "$KUBECONFIG" \ 422 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 423 | --enable-alpha \ 424 | --https \ 425 | --skip-cleanup-on-fail \ 426 | --resolvabledomain || failed=1 427 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-persistent-volume-claim": "disabled"}}}}' || fail_test 428 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-persistent-volume-write": "disabled"}}}}' || fail_test 429 | oc -n ${SYSTEM_NAMESPACE} patch knativeserving/knative-serving --type=merge --patch='{"spec": {"config": { "features": {"kubernetes.podspec-securitycontext": "disabled"}}}}' || fail_test 430 | 431 | # Run the helloworld test with an image pulled into the internal registry. 432 | local image_to_tag=$KNATIVE_SERVING_TEST_HELLOWORLD 433 | oc tag -n serving-tests "$image_to_tag" "helloworld:latest" --reference-policy=local 434 | go_test_e2e -tags=e2e -timeout=30m ./test/e2e -run "^(TestHelloWorld)$" \ 435 | --https \ 436 | --skip-cleanup-on-fail \ 437 | --resolvabledomain --kubeconfig "$KUBECONFIG" \ 438 | --imagetemplate "image-registry.openshift-image-registry.svc:5000/serving-tests/{{.Name}}" || failed=2 439 | 440 | # Prevent HPA from scaling to make the tests more stable 441 | oc -n "$SERVING_NAMESPACE" patch hpa activator \ 442 | --type 'merge' \ 443 | --patch '{"spec": {"maxReplicas": '${OPENSHIFT_REPLICAS}', "minReplicas": '${OPENSHIFT_REPLICAS}'}}' || return 1 444 | 445 | # Use sed as the -spoofinterval parameter is not available yet 446 | sed "s/\(.*requestInterval =\).*/\1 10 * time.Millisecond/" -i vendor/knative.dev/pkg/test/spoof/spoof.go 447 | 448 | # Run HA tests separately as they're stopping core Knative Serving pods 449 | # Define short -spoofinterval to ensure frequent probing while stopping pods 450 | go_test_e2e -tags=e2e -timeout=15m -failfast -parallel=1 \ 451 | ./test/ha \ 452 | -replicas="${OPENSHIFT_REPLICAS}" -buckets="${OPENSHIFT_BUCKETS}" -spoofinterval="10ms" \ 453 | --kubeconfig "$KUBECONFIG" \ 454 | --imagetemplate "$TEST_IMAGE_TEMPLATE" \ 455 | --enable-alpha \ 456 | --enable-beta \ 457 | --customdomain=$subdomain \ 458 | --https \ 459 | --skip-cleanup-on-fail \ 460 | --resolvabledomain || failed=3 461 | 462 | return $failed 463 | } 464 | 465 | function gather_knative_state { 466 | logger.info 'Gather knative state' 467 | local gather_dir="${ARTIFACT_DIR:-/tmp}/gather-knative" 468 | mkdir -p "$gather_dir" 469 | 470 | oc --insecure-skip-tls-verify adm must-gather \ 471 | --image=quay.io/openshift-knative/must-gather \ 472 | --dest-dir "$gather_dir" > "${gather_dir}/gather-knative.log" 473 | } 474 | --------------------------------------------------------------------------------