ACM-16170 - Build the hypershift binary and use it for hypershift dumps #348
Conversation
|
Hi @bng0y. Thanks for your PR. I'm waiting for a stolostron member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
build/Dockerfile
Outdated
| @@ -6,19 +6,25 @@ FROM quay.io/openshift/origin-cli:4.17 as builder | |||
| RUN wget https://github.com/mikefarah/yq/releases/download/v4.44.2/yq_linux_amd64 -O /usr/bin/yq && \ | |||
| chmod +x /usr/bin/yq | |||
|
|
|||
| FROM registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.22-openshift-4.18 AS hcpcli-builder | |||
| RUN git clone https://github.com/openshift/hypershift /hypershift | |||
There was a problem hiding this comment.
Thank you for this PR @bng0y
This might work most of the time if the hypershift CLI is backward and forward compatible with the hypershift operator in the hosting cluster. However, there might be a chance that they can be incompatible, for example, the hypershift dump might be looking for invalid resources from the running hypershift operator perspective.
We need to find a way to ensure that the hypershift CLI binary in the must-gather container is the same as the hypershift CLI binary in the hypershift operator container.
There was a problem hiding this comment.
Agreed. Ideally this would instead copy the binary directly from the hypershift operator image. That way, the CLI can stay appropriately versioned, stable, and tested rather than always using the absolute latest commit. Konflux should be able to keep it up-to-date to align with the respective version.
There was a problem hiding this comment.
The concern for ROSA HCP is that copying the binary is not possible since the debug handlers are disabled in Production.
There was a problem hiding this comment.
Right, I'm saying to copy the binary from the operator image during the build rather than building the binary from source.
There was a problem hiding this comment.
I understand. There should be a way to copy and inject the binary into the must-gather during the build time. Let me look into it.
There was a problem hiding this comment.
I'm thinking something like this:
COPY --from=registry.ci.openshift.org/hypershift/hypershift-operator:latest /usr/bin/hypershift /usr/bin/hypershift
@roke is there a better image/tag we can use here, like from Quay? (For Konflux, we should be able to reference the images built there.)
There was a problem hiding this comment.
@dhaiducek MCE builds this same CLI from a certain commit for another container (the hypershift operator container) and I would like this to be the same as that or build this binary from the same source in this must-gather container .
There was a problem hiding this comment.
@rokej
For Dockerfile, we could use quay.io/stolostron/hypershift-operator:latest--I'm not sure whether there's a better versioned tag there or a different/better repo that's publicly accessible like somewhere in the Prow registries (or if we want to make the Konflux repo public).
Might need input from the Konflux team but for Dockerfile.rhtap at least, I think we could use quay.io/redhat-user-workloads/crt-redhat-acm-tenant/hypershift-release-mce-28 (at least once the build succeeds for that component) and MintMaker should keep the SHA up-to-date.
There was a problem hiding this comment.
@dhaiducek quay.io/stolostron/hypershift-operator:latest is pointing to an old image.
{
"created": "2022-03-24T03:37:18.17372047Z",
"created_by": "/bin/sh -c #(nop) LABEL \"io.openshift.build.name\"=\"hypershift-operator\" \"io.openshift.build.namespace\"=\"ci-op-ng18i04n\" \"io.openshift.build.commit.author\"=\"\" \"io.openshift.build.commit.date\"=\"\" \"io.openshift.build.commit.id\"=\"bf6d41f367c955d75c27dfe89ccf702adcd6b6d4\" \"io.openshift.build.commit.message\"=\"\" \"io.openshift.build.commit.ref\"=\"main\" \"io.openshift.build.name\"=\"\" \"io.openshift.build.namespace\"=\"\" \"io.openshift.build.source-context-dir\"=\"\" \"io.openshift.build.source-location\"=\"https://github.com/openshift/hypershift\" \"io.openshift.ci.from.base\"=\"sha256:08d6257f593d5a0f147f9a9b339ed0daa238b5de00f9e378ff491013bfaeb59c\" \"vcs-ref\"=\"bf6d41f367c955d75c27dfe89ccf702adcd6b6d4\" \"vcs-type\"=\"git\" \"vcs-url\"=\"https://github.com/openshift/hypershift\"",
"comment": "FROM image-registry.openshift-image-registry.svc:5000/ci-op-ng18i04n/pipeline@sha256:193ea454385f941f53c46c98b453222b9f80a01f3783c9952f5bdd430ec5ddd0"
}
There was a problem hiding this comment.
Hmmm. Maybe we could try 2.8.0-677d121a0f3a340ce737db637a49c8d07a5c5d2c and see whether Konflux can handle keeping it up-to-date...
There was a problem hiding this comment.
Thanks for the PR, @bng0y! This PR is missing the DCO sign-off, the alternative to the CLA. To add the sign-off, rebase this PR with the --signoff flag and force-push.
ref: https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff
build/Dockerfile.rhtap
Outdated
| FROM registry.access.redhat.com/ubi9/ubi-minimal:latest | ||
|
|
||
| ENV BASE_COLLECTION_PATH=/must-gather \ | ||
| USER_UID=1001 \ | ||
| USER_NAME=must-gather | ||
|
|
||
| RUN microdnf update -y \ | ||
| && microdnf install -y rsync findutils \ | ||
| && microdnf install -y tar findutils \ |
There was a problem hiding this comment.
I think rsync might still be required--let's add tar and leave rsync in place just in case.
| && microdnf install -y tar findutils \ | |
| && microdnf install -y rsync tar findutils \ |
collection-scripts/gather_spoke_logs
Outdated
| @@ -90,3 +92,4 @@ if oc get crd policies.policy.open-cluster-management.io &>/dev/null; then | |||
| # Version info | |||
| run_inspect clusterversions | |||
| fi | |||
|
|
|||
There was a problem hiding this comment.
(nit) Remove trailing whitespace
collection-scripts/gather_utils
Outdated
| log "No hosted cluster found." | ||
| return | ||
| fi | ||
| } |
There was a problem hiding this comment.
(nit) Missing trailing newline
| } | |
| } | |
collection-scripts/gather_utils
Outdated
| # This is not supported yet | ||
| gather_all_hostedclusters() { |
There was a problem hiding this comment.
(nit) This entire function needs to be un-indented.
| @@ -56,15 +56,15 @@ if $MCE_CLUSTER; then | |||
| if $HUB_CLUSTER; then | |||
| # NOTE: The `gather_all_logs` script includes `gather_mce_logs` | |||
| log "Running ACM MultiClusterHub Must-Gather" | |||
| ${SCRIPT_DIR}/gather_all_logs | |||
| ${SCRIPT_DIR}/gather_all_logs "$@" | |||
There was a problem hiding this comment.
Thanks for this update! I'm realizing now that in my refactor for 2.12, I removed the source command here and the Hypershift collection is likely currently broken since it doesn't pass down the arguments, so this update will definitely need to be backported to 2.12.
build/Dockerfile
Outdated
| @@ -6,19 +6,25 @@ FROM quay.io/openshift/origin-cli:4.17 as builder | |||
| RUN wget https://github.com/mikefarah/yq/releases/download/v4.44.2/yq_linux_amd64 -O /usr/bin/yq && \ | |||
| chmod +x /usr/bin/yq | |||
|
|
|||
| FROM registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.22-openshift-4.18 AS hcpcli-builder | |||
| RUN git clone https://github.com/openshift/hypershift /hypershift | |||
There was a problem hiding this comment.
Agreed. Ideally this would instead copy the binary directly from the hypershift operator image. That way, the CLI can stay appropriately versioned, stable, and tested rather than always using the absolute latest commit. Konflux should be able to keep it up-to-date to align with the respective version.
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
This pr has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days (1 week), if no further activity occurs. |
|
This pr has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days (1 week), if no further activity occurs. |
|
Closing pull-request due to lack of activity. |
|
/reopen |
|
@typeid: You can't reopen an issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/reopen |
|
@rokej: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: bng0y The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
There was a change to build and include the hypershift CLI binary in the must gather container. With this, I am going to modify this PR to locate the hypershift binary in the following order.
|
Signed-off-by: Roke Jung <[email protected]>
Signed-off-by: Roke Jung <[email protected]>
Signed-off-by: Roke Jung <[email protected]>
Signed-off-by: Roke Jung <[email protected]>
@rokej If we're building the binary into the container, I don't think we need fallbacks. I think I'd prefer keeping it simple and just assume the binary is present. What do you think? |
|
Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits. 📝 Please follow instructions in the contributing guide to update your commits with the DCO Full details of the Developer Certificate of Origin can be found at developercertificate.org. The list of commits missing DCO signoff: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
I decided to close this PR and continue in #411. We should not build the binary here but rely on the one added to the image by CICD or in upstream case, extract from the hypershift operator. |
Related Issue:
https://issues.redhat.com/browse/ACM-16170
Description of Changes:
What resource(s) are being added:
Is this a Hub or Managed cluster change?:
Notes: