Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update kaniko build + push test to actually push #144

Closed
bobcatfish opened this issue Oct 12, 2018 · 4 comments
Closed

Update kaniko build + push test to actually push #144

bobcatfish opened this issue Oct 12, 2018 · 4 comments

Comments

@bobcatfish
Copy link
Collaborator

bobcatfish commented Oct 12, 2018
edited
Loading

Expected Behavior

Our integration test for the kaniko build and push functionality(#62, implemented in #120) should be able to actually push an image to a docker registry and verify that it was pushed by checking in the registry.

The kaniko integration test should also verify that this image has been pushed by looking at info about it in the registry.

Actual Behavior

Our integration test is running kaniko with --no-push because although boskos + the other test infra scripts setup auth such that we can interact with the boskos project (including the boskos GCR registry at $DOCKER_REPO_OVERRIDE), this secret is not provided to the system under test, and after talking about this with @krzyzacy there doesn't seem to currently be a good/safe way to do this.

Steps to Reproduce the Problem

  1. Remove --no-push from the arguments to kaniko in kaniko_test_task.go
  2. Run the test (see integration test instructions in prow (note this can work locally if you provide a docker repo you are authed with) by opening a PR
  3. You will see that the test will timeout and fail, though sadly due to Create solution for making logs available when running Tasks #143 you won't actually see any logs indicating why this has happened - we are assuming that it's the registry permissions issue but we haven't verified htis

Additional Info

The best solution that came up when discussing with @krzyzacy was to create a new registry just for this, and whitelist the boskos system accounts.

The system accounts look like this $PROJECT_NUMBER-compute@developer.gserviceaccount.com. We can get the values for $PROJECT_NUMBER that we need to white list from the knative boskos config.

I'm not a huge fan of having to maintain test infrastructure that not all contributors will have access too but this is the best solution so far!
@bobcatfish bobcatfish mentioned this issue Oct 12, 2018
Merged
@aaron-prindle aaron-prindle self-assigned this Oct 12, 2018
@nader-ziada
Copy link
Member

@aaron-prindle @bobcatfish I think this might not be an issue anymore, I think I was having issues because of the building of the image, but was hard to tell since we don't get back logs from build to know what happened. Check #120

@nader-ziada
Copy link
Member

Should this issue be closed?

@bobcatfish
Copy link
Collaborator Author

Yeah let's close it, I'll open another one to add a check to the integration test that the image was actually pushed. We should also make another one to use the serviceAccount in the pipelineparams so that you can push to arbitrary registries.

@bobcatfish bobcatfish mentioned this issue Oct 12, 2018
Closed
@bobcatfish
Copy link
Collaborator Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bobcatfish @aaron-prindle @nader-ziada