Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enclave-cc e2e updates #353

Merged
merged 2 commits into from
Apr 4, 2024
Merged

enclave-cc e2e updates #353

merged 2 commits into from
Apr 4, 2024

Conversation

mythi
Copy link
Contributor

@mythi mythi commented Mar 14, 2024

No description provided.

@mythi
ci: fix enclave-cc nightly tests
61726a7 
enclave-cc nightly tests have been failing since the latest
payload images moved to a different Occlum instance path.

Since the same pod .yaml is used for both v0.8.0 based payload
and "latest" payload, just patch the path for the nightly tests
until a new release payload is available.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
@mythi
ci: update to k8s 1.29.x for enclave-cc tests
d52e050 
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
ldoktor
ldoktor approved these changes Mar 15, 2024
View reviewed changes
Copy link
Contributor

@ldoktor ldoktor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello Mikko, this does fixes the problem. Since on that would you consider adding some debug info when such issue happens (like kubectl describe pod/enclave-cc-pod-sim) to the workflow?

Also this is the first time I tried running this locally, is there a suggested way of doing that? I used a kcli vm with kind installed, then I ran tests/e2e/operator.sh to create the registry (and populate it), then I created the kind cluster, modified it's /etc/hosts to point registry to main route and then I was able to run the test successfully. Not really straight forward so I guess there ought to be a better way.

@mythi
Copy link
Contributor Author

mythi commented Mar 15, 2024

Hello Mikko, this does fixes the problem. Since on that would you consider adding some debug info when such issue happens (like kubectl describe pod/enclave-cc-pod-sim) to the workflow?

Good point, I can look into adding something there.

Also this is the first time I tried running this locally, is there a suggested way of doing that? I used a kcli vm with kind installed, then I ran tests/e2e/operator.sh to create the registry (and populate it), then I created the kind cluster, modified it's /etc/hosts to point registry to main route and then I was able to run the test successfully. Not really straight forward so I guess there ought to be a better way.

I don't have any good script. A kcli vm with kind installed is a good starting point since it's roughly what a Github runner is. All the steps after that are in

operator/.github/workflows/enclave-cc-e2e.yaml

Lines 35 to 70 in 016a7d4

- name: Build and push the pre-install to local registry
run: |
pushd install/pre-install-payload
make reqs-image registry="${REGISTRY}" extra_docker_manifest_flags="--insecure"
popd
env:
REGISTRY: localhost:5000/reqs-payload
- name: Setup kind cluster
run: |
kind create cluster --image "kindest/node:v1.27.3" -n coco-sgx --config tests/e2e/enclave-cc-kind-config.yaml --wait 120s
kubectl label node coco-sgx-worker node.kubernetes.io/worker=
docker network connect kind registry
- name: Deploy operator from the local registry
run: |
cd config/default
kustomize edit set image quay.io/confidential-containers/operator=localhost:5000/cc-operator:latest
kubectl apply -k .
sleep 1
kubectl wait --for=jsonpath='{.status.conditions[0].status}'=True deployments/cc-operator-controller-manager -n confidential-containers-system
img=$(kubectl get deployments/cc-operator-controller-manager -n confidential-containers-system -o jsonpath='{.spec.template.spec.containers[?(@.name == "manager")].image}')
[ "${img}" = "localhost:5000/cc-operator:latest" ]
- name: Install enclave-cc sim
run: |
cd config/samples/enclave-cc/sim
kustomize edit set image quay.io/confidential-containers/reqs-payload=localhost:5000/reqs-payload:latest
kubectl apply -k .
sleep 1
kubectl wait --for=jsonpath='{.status.runtimeClass}'=enclave-cc ccruntime/ccruntime-enclave-cc-sgx-mode-sim --timeout=90s
- name: Deploy sample workload
run: |
kubectl apply -f tests/e2e/enclave-cc-pod-sim.yaml
kubectl wait --for=condition=Ready pod/enclave-cc-pod-sim
and it should be possible to just copy-and-paste there. The tests I'm fixing here are not using tests/e2e/operator.sh

@ldoktor
Copy link
Contributor

ldoktor commented Mar 15, 2024

Hello Mikko, this does fixes the problem. Since on that would you consider adding some debug info when such issue happens (like kubectl describe pod/enclave-cc-pod-sim) to the workflow?

Good point, I can look into adding something there.

Thanks, could be a separate PR to not to block this fix, though

Also this is the first time I tried running this locally, is there a suggested way of doing that? I used a kcli vm with kind installed, then I ran tests/e2e/operator.sh to create the registry (and populate it), then I created the kind cluster, modified it's /etc/hosts to point registry to main route and then I was able to run the test successfully. Not really straight forward so I guess there ought to be a better way.

I don't have any good script. A kcli vm with kind installed is a good starting point since it's roughly what a Github runner is. All the steps after that are in

operator/.github/workflows/enclave-cc-e2e.yaml

Lines 35 to 70 in 016a7d4

- name: Build and push the pre-install to local registry
run: |
pushd install/pre-install-payload
make reqs-image registry="${REGISTRY}" extra_docker_manifest_flags="--insecure"
popd
env:
REGISTRY: localhost:5000/reqs-payload
- name: Setup kind cluster
run: |
kind create cluster --image "kindest/node:v1.27.3" -n coco-sgx --config tests/e2e/enclave-cc-kind-config.yaml --wait 120s
kubectl label node coco-sgx-worker node.kubernetes.io/worker=
docker network connect kind registry
- name: Deploy operator from the local registry
run: |
cd config/default
kustomize edit set image quay.io/confidential-containers/operator=localhost:5000/cc-operator:latest
kubectl apply -k .
sleep 1
kubectl wait --for=jsonpath='{.status.conditions[0].status}'=True deployments/cc-operator-controller-manager -n confidential-containers-system
img=$(kubectl get deployments/cc-operator-controller-manager -n confidential-containers-system -o jsonpath='{.spec.template.spec.containers[?(@.name == "manager")].image}')
[ "${img}" = "localhost:5000/cc-operator:latest" ]
- name: Install enclave-cc sim
run: |
cd config/samples/enclave-cc/sim
kustomize edit set image quay.io/confidential-containers/reqs-payload=localhost:5000/reqs-payload:latest
kubectl apply -k .
sleep 1
kubectl wait --for=jsonpath='{.status.runtimeClass}'=enclave-cc ccruntime/ccruntime-enclave-cc-sgx-mode-sim --timeout=90s
- name: Deploy sample workload
run: |
kubectl apply -f tests/e2e/enclave-cc-pod-sim.yaml
kubectl wait --for=condition=Ready pod/enclave-cc-pod-sim

and it should be possible to just copy-and-paste there.

Sure, that's what I followed, propagating the docker registry was the only troublemaker... Still would be nice to have a simple way to reproduce things locally...

The tests I'm fixing here are not using tests/e2e/operator.sh

I know, but it can serve well to setup the registry :-).

@ldoktor ldoktor requested a review from wainersm March 15, 2024 18:02
@ldoktor ldoktor requested a review from a team April 3, 2024 16:15
@ldoktor ldoktor merged commit 955d88c into confidential-containers:main Apr 4, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ldoktor ldoktor ldoktor approved these changes

@dcmiddle dcmiddle dcmiddle approved these changes

@wainersm wainersm Awaiting requested review from wainersm

Assignees
No one assigned
Labels
ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mythi @ldoktor @dcmiddle