-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tags: Adds [Excluded:WindowsDocker] tag #5355
tags: Adds [Excluded:WindowsDocker] tag #5355
Conversation
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
/cc @spiffxp |
@@ -450,6 +450,11 @@ to be eligible for this tag. This tag does not supersed any other labels. | |||
(e.g.: seLinuxOptions) or is unable to run on Windows nodes, it is labeled | |||
`[LinuxOnly]`. When using Windows nodes, this tag should be added to the | |||
`skip` argument. | |||
- `[Exclude:WindowsDocker]`: Windows Kubelet supports both Docker and Containerd, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feature:NotSupportedByWindowsDocker would mean we don't have to change our existing tag regexes I think? I might be wrong
I think this needs some changes with an eye toward how we use tags with conformance. Maybe just docs, maybe some of the verify code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are quite a lot of test jobs that have \[Feature:.+\]
as their skip regex, so that would mean we'd suddenly exclude these tests from all jobs, even though we shouldn't. It would be harder to update all those regexes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is something of a general downside of [Feature] and the whole regex tags thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think I like [Excluded:WindowsDocker]
as a bikeshed (As in the linked kubernetes PR) because it implies that it will automatically be excluded somehow (which is also not the sort of logic conformance tests could even have and some of these are conformance tests).
Docker being deprecated, I think it's honestly reasonable to just maintain a list of excluded tests in the windows docker jobs until docker is removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIK, dockershim is going to be removed in Kubernetes 1.24, so there's still some time until then. This tag would only be temporary until then, and it would be removed afterwards anyways.
Hm, I'd say the purpose of this tag is to extend the test suite we're running on Windows, rather than the other way around. Right now, those tests are being excluded for all Windows runs, by simply having the [LinuxOnly]
tag. There are a couple of tests that can easily run and pass on Windows containerd since it has more features, which is why this tag is proposed, so we can run those tests on Windows containerd, while not including them in Windows docker runs.
Indeed, The alternative would be to remove the [LinuxOnly]
tag, and add to the skip regex a very long string that would represent that list of tests. But it would be simpler to just exclude [Excluded:WindowsDocker]
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are also some tests that sniff the runtime and auto skip, though not conformance.
I still bikeshed the name at least, the current one sound automatic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's bikesheding, then what about:
[SkipWindowsDocker]
[PartialWindowsSupport]
Or, since it's related to additional containerd features:
[Containerd]
[ContainerdOnly]
(not a fan of this, it would imply that it wouldn't work on Linux docker, which might not be true)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should start tagging with [Containerd]
, docker on linux aside there's also cri-o or future runtimes ...
The first two sound ok @spiffxp ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It sounds like you're saying there are things [Windows]
nodes cannot do with [Docker]
but can do with [Containerd]
. Is the situation the same for [Linux]
nodes?
Trying to squish:
- Node os capabilities
- CRI capabilities
- Node os implementation
- CRI implementation
All into a single string tag (or taxonomy) is really showing this system's limits, again.
Thinking through my own bikeshed on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't think of any other features at the moment, only one comes to mind: single file mounts / mappings. That works in Linux using Docker, but it has been known to not work on Windows using Docker (https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md#windows--linux-considerations , see Storage section). However, that scenario now works with Windows using Containerd (actually, we should update the docs for this as well). We had a couple of PRs that enabled single file mappings for Windows Containerd (example: kubernetes/kubernetes#83057 ). I have sent a PR that would enable some Conformance tests for Windows Containerd as well: kubernetes/kubernetes#97045
It's not a very common scenario, and it's mostly a requirement for Conformance tests since we can't have any Skip logic in them. It might happen more if more tests will be promoted to Conformance.
/remove-lifecycle stale |
Can you help us understand the scope of the change here by listing out the tests you would propose changing to follow this pollicy? I'm also trying to understand what this gains Windows users and vendors. I assume this isn't proposing dropping We really need to have a broader conversation about how we're going to detect and select capabilities for a variety of cluster configurations, not just along the dimensions of Node OS and CRI... think CSI, CNI, and Cloud Provider too. Having said all that, we have a |
btw, if we will proceed with the plan of removing the dockershim in 1.24, this tag will not be needed. So we are talking about 1 release (unless plans will change). Not sure if bike shedding is important here. It is definitely not ideal to run tests marked |
Sure. The tests that are currently targeted are:
These tests are targeted here: kubernetes/kubernetes#97045 There are a few tests that I haven't checked yet, that might still be applicable:
Beyond that, there seems to be a lot of tests that seem to relate to single-file mappings (which is supported in Windows Containerd), which are not conformance:
We've recently merged a bug fix regarding the Subpath Atomic writer volumes on Windows (they were supposed to work for Windows containerd pods), so we'd want to also cover these cases, so we'd have a guarantee that we won't have regressions there: kubernetes/kubernetes#97642 There are other Windows containerd-only features that could benefit from such a tag, like the newly introduced HostProcess containers: kubernetes/kubernetes#99576 . Also, HostProcess containers can have HostNetwork enabled, which could potentially enable other sets of tests (although, it is debatable if it's the same scenario / case).
Correct, some things are just incompatible between Linux and Windows, like SELinux, RunAsUser (although we have RunAsUsername), RunAsGroup, etc.
Correct. Hm, could you give an example of such a proxy test? I can't really imagine it right now. As a test, it should still have a name, which should be regex-selectable somehow (e.g.: label), and avoid running the same test twice for every other platform CI. |
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
8811c4e
to
3d02c5d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: claudiubelu, spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There are some tests that are currently tagged as
[LinuxOnly]
, but they can run and pass on Windows containerd nodes, as it has more features than Windows docker nodes. Ideally, we would run those tests on the Windows containerd runs.This PR proposes a different tag,
[Excluded:WindowsDocker]
, which can be used to tag those tests than can pass on Windows containerd and not on Windows docker, so we can use it as a regex to filter those specific tests.This would be a temporary tag, since dockershim is getting removed in Kubernetes 1.24. After that, this tag will be removed as well.
Which issue(s) this PR fixes:
Fixes #