Moving from -nodes 10 to -nodes 20 has lowered the e2e time from 35 to
30 minutes on n1-standard-8 with a request (for the prow job pod) of
3500m (the memory limit of 12Gi is never reached).
Signed-off-by: Maël Valais <mael@vls.dev>
This change adds the ability to express certificate duration using
the Kubernetes CSR spec.expirationSeconds field alongside the existing
approach of using the experimental.cert-manager.io/request-duration
annotation. Both approaches are supported as the expirationSeconds
field requires Kubernetes v1.22+.
Signed-off-by: Monis Khan <mok@vmware.com>
The commands can be run concurrently, with the exception of e2e that
has to be run after e2e-setup is done. The e2e target does not check
whether cert-manager and the addons are installed.
The two only scripts that were kept are:
- make/e2e.sh (previously called ./devel/run-e2e.sh)
- make/cluster.sh (previsouly called ./devel/cluster/create.sh)
The reason for the removal of the other scripts is that they didn't
have that much logic and could easily ported to Make, improving greatly
the execution speed thanks to make's concurrency.
make/e2e.sh now behaves "as expected" when using -ginkgo.focus or
GINKGO_FOCUS; previously, the logs would not be shown before the end
of the test.
make/cluster.sh has lost the ability to create an OpenShift 3.11 cluster.
for running the end-to-end tests. The two reasons are that OpenShift 4
wasn't supported by the script devel/cluster/create.sh, and OpenShift
3.11 is not supported by cert-manager anymore.
The Makefile targets that were used in the Prow jobs (verify, verify_deps,
verify_chart, verify_upgrade, and cluster) have been kept around. They
now show a warning to encourage people to use the new Make-based targets.
When running one of the deprecated targets the Makefile won't check the
presence of the system tools such as Go and jq, since Bazel takes care of
these dependencies.
On version change, downloaded tools and images are re-downloaded. The
command 'make clean' now keeps the downloaded images and tools.
Note that a lot of attention has been put into having a Make system that works
flawlessly both on Linux and on BSDs (such as macOS).
You will note that some recursive calls to make are made, and $(MAKE)
instead of plain "make" is used in that case. If we didn't use $(MAKE),
we would have concurrency issues, and warnings such as:
make[1]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule.
Signed-off-by: Maël Valais <mael@vls.dev>
The messages "Running test suite with unsupported features: <list>" was
initially meant to remind us, in case of failure, why a given test would
be failing (i.e., it could be failing due to a set of supported features
too wide or too restrictive). This message should only show on failures;
as it is, it is not actionabe since it does not mention which issuer is
being tested. Removing this log line improves the user experience of
running the Ginkgo suite: the green dots, signifying a passing test, are
not interleaved with these messages.
Signed-off-by: Maël Valais <mael@vls.dev>
The Ginkgo logs would be constantly printing this message. Since this
message does not contain any actionable information, I figured we could
remove it. As a consequence, the user experience of running the Ginkgo
suite has slightly improved, since the green dots (signifying a passing
test) aren't interleaved with these messages.
Signed-off-by: Maël Valais <mael@vls.dev>
The test:
[Conformance] Certificates with issuer type ACME DNS01 Issuer should allow updating an existing certificate with a new dns name
was flaky due to an update that was not properly retried on conflict.
The error was:
Operation cannot be fulfilled on certificates.cert-manager.io \"testcert\": the object has been modified
This error appeared in 127 different prow jobs.
Signed-off-by: Maël Valais <mael@vls.dev>
The error:
Operation cannot be fulfilled on certificates.cert-manager.io "serving-certs"
has appeared in 162 different prow builds in the past.
Signed-off-by: Maël Valais <mael@vls.dev>
This was initially part of #4565 which was closed in favour of moving
integration tests, but the consensus was that the e2e test is a special
case.
The e2e test requires so much more ahead-of-time setup that our bazel
build flow special cases it by marking it manual. This is a `go test`
equivalent to that, which enables the e2e test to remain under the test/
directory while still allowing `go test ./test/...` to work generally
for all other tests.
We'll add make targets for the e2e tests down the road. For now, we add
the build tag and define it in bazel so this commit should be a no-op
in effect.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
