The default value for --acme-http01-solver-image was off.
quay.io/jetstack/cert-manager-acmesolver:v1.7.0-beta.0-260-gd0abb71ef0a78d
<-------------------------------------->
incorrect
cert-manager-acmesolver-amd64:v1.7.0-beta.0-260-gd0abb71ef0a78d
<--------------------------->
correct
Signed-off-by: Maël Valais <mael@vls.dev>
Not sure how the end-to-end tests were ever able to run previously. My
guess: the sample-external-issuer end-to-end suite is disabled.
Signed-off-by: Maël Valais <mael@vls.dev>
Previously, the XML was saved to $ARTIFACTS, which was not picked up by
the Prow UI. The XML files must be of the form: junit_*.xml.
This format is required by our Spyglass configuration (Spyglass is the
name the Prow UI) [1].
[1]: https://github.com/jetstack/testing/blob/d04c4641f/config/config.yaml#L80-L81
Signed-off-by: Maël Valais <mael@vls.dev>
This is to work around the fact that binaries in hostPath-mounted
directories cannot be executed even if the permissions are correct.
Signed-off-by: Maël Valais <mael@vls.dev>
This makes it easier to tell when a build was made by the makefile
workflow and therefore to adjust `cmrel publish` to adapt to changes
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
These two targets are not used by our end-to-end tests meaning that they
may either be broken or removed in the future.
Signed-off-by: Maël Valais <mael@vls.dev>
Otherwise, the target 'e2e-setup' fails. At least, that gives people a
chance to have some of the end-to-end tests pass. I added a warning to
let people know that they can still force using CRI_ARCH=amd64, which is
possible on Docker Desktop thanks to the QEMU emulation that kicks in
when a container with the arch amd64 tries to execute.
Note that this work around does not work on Colima at the moment.
Signed-off-by: Maël Valais <mael@vls.dev>
It seems like Ginkgo isn't running from the root of the repository, that's why
it can't find binaries, e.g., bin/tools/etcd.
Signed-off-by: Maël Valais <mael@vls.dev>
I had written instructions that would show up when you don't have one of
the mandatory system tools such as go or jq. After some feedback, I
decided to remove these instructions since we are concerned that these
instructions may become out of date.
Signed-off-by: Maël Valais <mael@vls.dev>
The commands can be run concurrently, with the exception of e2e that
has to be run after e2e-setup is done. The e2e target does not check
whether cert-manager and the addons are installed.
The two only scripts that were kept are:
- make/e2e.sh (previously called ./devel/run-e2e.sh)
- make/cluster.sh (previsouly called ./devel/cluster/create.sh)
The reason for the removal of the other scripts is that they didn't
have that much logic and could easily ported to Make, improving greatly
the execution speed thanks to make's concurrency.
make/e2e.sh now behaves "as expected" when using -ginkgo.focus or
GINKGO_FOCUS; previously, the logs would not be shown before the end
of the test.
make/cluster.sh has lost the ability to create an OpenShift 3.11 cluster.
for running the end-to-end tests. The two reasons are that OpenShift 4
wasn't supported by the script devel/cluster/create.sh, and OpenShift
3.11 is not supported by cert-manager anymore.
The Makefile targets that were used in the Prow jobs (verify, verify_deps,
verify_chart, verify_upgrade, and cluster) have been kept around. They
now show a warning to encourage people to use the new Make-based targets.
When running one of the deprecated targets the Makefile won't check the
presence of the system tools such as Go and jq, since Bazel takes care of
these dependencies.
On version change, downloaded tools and images are re-downloaded. The
command 'make clean' now keeps the downloaded images and tools.
Note that a lot of attention has been put into having a Make system that works
flawlessly both on Linux and on BSDs (such as macOS).
You will note that some recursive calls to make are made, and $(MAKE)
instead of plain "make" is used in that case. If we didn't use $(MAKE),
we would have concurrency issues, and warnings such as:
make[1]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule.
Signed-off-by: Maël Valais <mael@vls.dev>
Also modifies the script to run without bazel, and tweaks it so that
it'll detect errors in itself too.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
We use FORCE instead of .PHONY because this is a real file that can be
used as a prerequisite. If we were to use .PHONY, then the file's
timestamp would not be used to check whether targets should be rebuilt,
and they would get constantly rebuilt.
Signed-off-by: Maël Valais <mael@vls.dev>
Previously, we had one .dockerignore that would do its best to only have
the binaries and licenses copied into the Docker (or nerdctl, or
buildah). Unfortunately, that meant it had to copy all of bin/server and
bin/cmctl, which could become quite large (I measured 1.6 GB).
Instead of relying on a single .dockerignore file, we copy the licenses
and binaries into a "scratch context" directory. The downside is that
all the binaries are in two different places (bin/server and
bin/scratch/containers). Note that we can't use symlinks because Docker
won't dereference them.
Signed-off-by: Maël Valais <mael@vls.dev>
When switching branches, the Go files may not change. But since the
images contain the commit hash, e.g.:
cert-manager-controller-amd64:v1.7.0-beta.0-142-gfc0819af6
It is surprising when trying to deploy to Kind: the git commit that is
checked out does not match the commit hash of the image.
To avoid confusion, I added bin/release-version that gets updated only
when the currently checked out commit changes.
Signed-off-by: Maël Valais <mael@vls.dev>
