OCPBUGS-36001: PODAUTO-204: Upstream rebase to 2.14.0 #32
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e#5421) Signed-off-by: Siva Guruvareddiar <sivagurunath@gmail.com> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
…re#5427) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Yoon Park <yoongon.park@gmail.com>
* Update Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> * Update Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> --------- Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
…ok (kedacore#5403) Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com>
* chore: bump deps Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * update manifests Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
…re#5485) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
…s and properly close the connecctions (kedacore#5452) * fix(gcp scalers): Restore previous time horizon to fix missing metrics Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Close gcp client on scaler closing Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix style Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
* add grpc authority head override command-line flag Signed-off-by: Ali Aqel <aliaqel@stripe.com> Signed-off-by: aliaqel-stripe <120822631+aliaqel-stripe@users.noreply.github.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>
Signed-off-by: rahulii <r.sawra@gmail.com>
Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
Signed-off-by: googs1025 <googs1025@gmail.com>
…edacore#5518) Signed-off-by: Vinod Kumar Nair <vinod827@gmail.com>
Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
Signed-off-by: June Han <sorrowitsch@gmail.com>
…e#5433) Signed-off-by: atilsensalduz <atil.eren@outlook.com>
Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
| datasource | package | from | to | | ----------- | ------------- | ------ | ------ | | github-tags | actions/cache | v4.0.0 | v4.0.1 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
… creation (kedacore#5524) Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
…riggerAuthentication (kedacore#5517) Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Paul Yu <pauyu@microsoft.com> Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Arun Yogesh <6723526+ArunYogesh@users.noreply.github.com>
…acore#5591) Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Allow the test setup to skip the installation of KEDA and/or Kafka so that tests can run even if they were installed via other methods, such as OLM operators. Signed-off-by: Joel Smith <joelsmith@redhat.com>
…core#5593) Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
* feat: add schema field in mongodb scaler Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com> * test: mongodb scaler support srv scheme Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com> * docs: Changelog about MongoDB Scaler scheme field Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com> --------- Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com> Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
* Allow privileged pods in OpenShift test namespaces The way the e2e test suite is set up, there are several pods that are to running with more privilege than our "restricted" SCC provides. Long-term I don't think there is anything in here that *requires* the privilege, but we'll need to do some testing and find out. In the mean time, this injects an adjusted pod admission policy into each test namespace via the centralized namespace creation helper function so that those privileged pods can run in the test namespaces. * Specify securityContext for privileged e2e pods The e2e test suite here is used to running in a "vanilla kube" environment that does not have OpenShift/OpenShift CI restrictions. This becomes a problem when one of the test containers attempts to do something privileged (like bind to a privileged port) and is denied. This just adds securityContexts to the pods that require privilege so that they can get assigned a proper SCC and successfully run. The securityContext addition is limited to only the tests that OpenShift runs (internal, sequential, cpu/memory/kafka scalers) because we haven't tested the others. * Allow e2e test image overrides for OpenShift CI The e2e test suite references multiple images spread across multiple public registries (ghcr.io,docker.io,k8s.io) and some of those registries have pull limits, which will cause our tests to fail. We also cache some of these upstream images in our CI system, and so it is beneficial to be able to reference our cached copy rather than have to pull it from "the internet" every time. Anyway, the way that the e2e tests are set up, all those images are hard-coded in each of the manifests, which are just vars that exist in each test's .go file. They are not templated. There is, however a central helper function that applies all these resources (using kubectl). So, in order for us to be able to override the image list for CI, this temporarily: - adds an image rewrite map that specifies replacement images for images we might have difficulty pulling - adds a helper function that will let those replacement images be specified by environment variables for use in CI until we can figure out a more elegant refactor. * Account for OpenShift CI in Prometheus build test There is a test in the prometheus sequential suite that checks the git commit hash of the current code and compares it to the containers running in the test to make sure that the test version matches the code version. This version is injected as GIT_COMMIT during the docker builds in the Makefile, but it does not get injected when the containers are build in OpenShift CI. I would like to find a way to inject it via CI, but until then we are supplying a dummy string "dummy-ci-commit-value" that is at least "yes you are running against a CI payload we built, and not one that you pulled from upstream". Eventually when we figure out how to make all the variables available in CI and inject them, this can go away because then the commits will match.
* Pull test container dockerfile out of CI and into keda repo Previously we were building the test container in CI from a dockerfile_literal, which was kind of hacky and more difficult to manage than it being here in the keda repo. This pulls that dockerfile out of CI and into a Dockerfile.tests which we now just reference from CI. * Add Makefile targets to makefile for OpenShift tests We kind of stuffed those tests into CI quick so we had something, and when we did we didn't heavily consider ergonomics. Now that we find ourselves having to enable additional tests for fixes and new features, it will be much easier in the long run if we can manage the test targets here in the repo so we don't have to put in a separate PR to the release repo to see if our changes work. This adds some e2e-test-openshift* makefile targets that we can point and whatever we need to, and once CI is updated, it can just call those targets, whatever they happen to entail. * Reenable CPU scaler test Now that we figured out how the CPU test was broken, we can add it back in to the testing since it's supported. This adds the cpu test into the e2e-test-openshift Makefile target, so when CI calls it, it will run with the rest of the scaler tests Signed-off-by: John Kyros <jkyros@redhat.com>
This excludes deps and tests from snyk scans to cut down on noise. This also excludes the tests/ directory as it contains some launcher .go files that don't end in _test.go, but are part of the testing suite and are not shipped with the final product.
This scaledjob test template was missing its namespace, which doesn't generally matter for the test -- the test is just checking if the webhook works, it doesn't care where the scaledjob ends up. Where it does matter, is if you happen to run this test suite in a more restrictive environment where you can't write to the default namespace, because you fail with a namespace-related creation error instead of the expected "no triggers defined in the ScaledObject/ScaledJob" error. This just adds the namespace to the template so it's just like all the other ones in the test suite. Signed-off-by: John Kyros <jkyros@redhat.com>
There are a ton of credentials in our test suite because of how keda works, but every last one of them is fake/useless. This just excludes our test files from the scanner so they will stop generating false-positives. The preferred method to deal with them is to comment the exact line as "# notasecret" but that's not feasible given the size of the test suite and the number of fake credentials. This should stop the scary false positive ALERT! emails. Signed-off-by: John Kyros <jkyros@redhat.com>
Signed-off-by: John Kyros <jkyros@redhat.com>
…e/v2.14 branch instead of main Signed-off-by: John Kyros <jkyros@redhat.com>
|
@jkyros: This pull request references PODAUTO-204 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
Do you think it's worth pulling in 10840ef which is the only commit we're missing from 2.14.1? Most of it is more deps bumps, upstream build & test infra and scalers we don't care about, but there are some ScaledJobs changes from kedacore#5876 and kedacore#5916 that might be good to get in. Plus, then we could call our release 2.14.1 |
* bump golang Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * chore: build with keda-tools:1.22.5 (kedacore#5971) * chore: build with keda-tools:1.22.5 to resolve CVE-2024-24790, CVE-2024-24789, and CVE-2024-24791 bump github.com/Azure/azure-sdk-for-go/sdk/azidentity to resolve CVE-2024-35255 Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: use go install instead of go get and replacing deprecated tools Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * chore: vendor dependency cleanup Signed-off-by: Paul Yu <paul.d.yu@gmail.com> * Update missing references to 1.21 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * [BUG-5922] Report failing ScaledJob triggers in status (kedacore#5916) Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * [BUG-5656] Annotate Jobs with parent ScaledJob generation (kedacore#5876) * Annotate Jobs with parent ScaledJob generation Signed-off-by: Josef Karasek <josef@kedify.io> * fix tests Signed-off-by: Josef Karasek <josef@kedify.io> * fix lint Signed-off-by: Josef Karasek <josef@kedify.io> * fix log message Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> * update changelog Signed-off-by: Josef Karasek <josef@kedify.io> --------- Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: `+srv` mongodb url scheme parsing bug (kedacore#5773) This commit fixs issue kedacore#5760. where OP was facing problem with +srv schema Signed-off-by: Rishikesh Betigeri <53863619+Rishikesh01@users.noreply.github.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: issue when GitHub organization contains more than 30 repos (kedacore#5746) Signed-off-by: Simon Kobler <github@kobler.me> Signed-off-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Simon Kobler <github@kobler.me> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Fix scaler leak during cache refresh (kedacore#5807) Signed-off-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Prepare release v2.14.1 Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * add missing change Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * update changelog Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix: e2e test regex check tag (kedacore#5831) Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * Validate regex before building image for e2e test (kedacore#5783) * added regex pre check before building image Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated changelog Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * refactored Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * corrected Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * corrected changelog Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated the workflow Signed-off-by: Yaxhveer <yaxhcod@gmail.com> * updated the workflow Signed-off-by: Yaxhveer <yaxhcod@gmail.com> --------- Signed-off-by: Yaxhveer <yaxhcod@gmail.com> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix some pending tasks Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> * use AAD-Pod-Identity always Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> --------- Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Paul Yu <paul.d.yu@gmail.com> Signed-off-by: Josef Karasek <josef@kedify.io> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Rishikesh Betigeri <53863619+Rishikesh01@users.noreply.github.com> Signed-off-by: Simon Kobler <github@kobler.me> Signed-off-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Signed-off-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Signed-off-by: Jan Wozniak <wozniak.jan@gmail.com> Signed-off-by: Yaxhveer <yaxhcod@gmail.com> Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Co-authored-by: Paul Yu <paul.d.yu@gmail.com> Co-authored-by: Josef Karasek <josef@kedify.io> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Rishikesh <53863619+Rishikesh01@users.noreply.github.com> Co-authored-by: Simon Kobler <32038731+KoblerS@users.noreply.github.com> Co-authored-by: Simon Kobler <github@kobler.me> Co-authored-by: Guillaume Jacquet <guillaume.jacquet@gmail.com> Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com> Co-authored-by: Yashveer <101015836+Yaxhveer@users.noreply.github.com>
|
Yep, pulled it in, and thanks for doing the legwork on the diff there 😄 |
|
This all looks good except for one small thing: it seems like rebasebot doesn't handle re-picking numbered PRs when it is used in the branch switching way that we use it. So upstream 5859 got dropped by this rebase. Could you please cherry-pick 929fa69 again? That commit will be in 2.15, so we won't have to worry about it next time, but we do apparently have to check all numbered picks to make sure that they are present, and re-pick them if not. AFAICT, that's the only one on this release. |
Signed-off-by: Joel Smith <joelsmith@redhat.com>
|
@jkyros: This pull request references PODAUTO-204 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Great catch, thank you. I've added kedacore#5859 it back. I wonder if it's "all versions of rebasebot" or just that my version is too new. That 2.14.1 commit we picked also looks like it might have broken the tests -- something around pod identity in setup. I'm looking into that now (I expect it to fail again this time). |
This is not a cherry-pick of upstream 5782, this is my downstream fix that will go away once upstream 5782 obsoletes it. They removed the AAD pod identity config variable upstream and just flipped it to "always on" for 2.14, but we had it turned off down here. This just explicitly turns it off for us until the tests go away. Signed-off-by: John Kyros <jkyros@redhat.com>
|
The test failure looks like just some hacks from upstream -- they force-enabled the add pod identity test for 2.14, but we previously had it disabled. It's apparently obsolete and will all go away in 2.15 (kedacore#5782) so I just force-set it back to disabled for now. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jkyros, joelsmith The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Hmmm, seems like that run had trouble deleting the prometheus namespace, we'll see what this one does: |
|
@jkyros: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
jkyros
changed the title
|
@jkyros: Jira Issue OCPBUGS-36001: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-36001 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
.ci-operator.yamlto referencerhel-9-release-golang-1.21-openshift-4.17(vs 4.16, staying on go 1.21 for now)go get -u github.com/hashicorp/go-retryablehttpfor CVE-2024-6104Dockerfile.testsFROM image to the 1.22 builder (the tooling requires it, it will complain if it's on 1.21 even though the operator is on 1.21)Weirdness:
.gitleaks.tomlthat excludes*._test.goso incoming upstream tests don't trigger false positives when we do a branch push after a rebase