Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Other] Test scs-compatible K8S Standards with Gardener #794

Open
3 of 9 tasks
anjastrunk opened this issue Oct 29, 2024 · 17 comments
Open
3 of 9 tasks

[Other] Test scs-compatible K8S Standards with Gardener #794

anjastrunk opened this issue Oct 29, 2024 · 17 comments
Assignees
Labels
SCS-VP10 Related to tender lot SCS-VP10

Comments

@anjastrunk
Copy link
Contributor

anjastrunk commented Oct 29, 2024

We defined as set of standards for SCS compatible K8S certificate v1 in #615 and want check, if these standard apply to k8s implementation with Gardener, too.

Tasks

  • Setup k8s with Gardener
  • Run Compliance Tests, from [EPIC] KaaS standards #615
  • In case of failing tests, document reasons as well as what has to be adjusted in k8s be SCS compatible

Standards to be to checked:

@berendt
Copy link
Contributor

berendt commented Oct 29, 2024

@michal-gubricky If you need access to a Gardener test project please ping me on Matrix.

@michal-gubricky
Copy link
Contributor

@michal-gubricky If you need access to a Gardener test project please ping me on Matrix.

Thank you @berendt. I've already sent you a DM on Matrix chat.

@michal-gubricky michal-gubricky moved this from Backlog to Doing in Sovereign Cloud Stack Nov 8, 2024
@michal-gubricky
Copy link
Contributor

I have successfully set up a Gardener-managed k8s cluster (a "shoot cluster") locally. I hope it is enough to run the tests against it.

SCS K8S Version Policy v2:

  • Gardener does not support yet k8s version 1.31.2, which is the latest. Therefore I must change this file to be able to spawn shoot cluster with k8s 1.31.2 version.
  • I found that k8s-eol-data.yml file isn't up-to-date, Add k8s v1.31 to k8s-version-policy #814

@mbuechse
Copy link
Contributor

mbuechse commented Nov 8, 2024

How long has it been since 1.31.2 got released? The standard says

The latest minor version MUST be provided no later than 4 months after release.

So, if we are still inside this 4-month window, we can of course use 1.31.1.

@mbuechse
Copy link
Contributor

mbuechse commented Nov 8, 2024

Another question. Now that you have created a shoot cluster -- how hard do you think it would be to make a Gardener plugin for our compliance tests, similar to your ClusterStacks plugin?

@michal-gubricky
Copy link
Contributor

How long has it been since 1.31.2 got released? The standard says

The latest minor version MUST be provided no later than 4 months after release.

So, if we are still inside this 4-month window, we can of course use 1.31.1.

The version 1.31.2 was released on 2024-10-22, which was about 17 days ago.

But this is a patch version, not a minor one and standard says

The latest patch version MUST be provided no later than 2 weeks after release.

@michal-gubricky
Copy link
Contributor

michal-gubricky commented Nov 8, 2024

Another question. Now that you have created a shoot cluster -- how hard do you think it would be to make a Gardener plugin for our compliance tests, similar to your ClusterStacks plugin?

Hmmm, it's really hard to say since the Gardener project is still new to me. But I would say a very rough estimate for spawning a gardener cluster locally would be at least 4 days if not more. And also based on docs, you need at least 8 CPUs and 8Gi memory.

@berendt
Copy link
Contributor

berendt commented Nov 8, 2024

@michal-gubricky If you need access to a Gardener test project please ping me on Matrix.

Thank you @berendt. I've already sent you a DM on Matrix chat.

Sorry, I think you wrote to an old account of me, unfortunately I didn't get anything on my active account.

@berendt
Copy link
Contributor

berendt commented Nov 8, 2024

How long has it been since 1.31.2 got released? The standard says

The latest minor version MUST be provided no later than 4 months after release.

So, if we are still inside this 4-month window, we can of course use 1.31.1.

Gardener is currently using 1.30 and 1.31 will come with the next release of Gardener.

@michal-gubricky
Copy link
Contributor

@michal-gubricky If you need access to a Gardener test project please ping me on Matrix.

Thank you @berendt. I've already sent you a DM on Matrix chat.

Sorry, I think you wrote to an old account of me, unfortunately I didn't get anything on my active account.

I wrote you at @cberendt:matrix.org

@michal-gubricky
Copy link
Contributor

michal-gubricky commented Nov 11, 2024

SCS KaaS default storage class v2:

Kubernetes Node Distribution and Availability v2:

  • Currently testing. It seems that a locally deployed Gardener may not be sufficient for this purpose.
  • @berendt could you please provide me access to a Gardener test project?

@michal-gubricky
Copy link
Contributor

Yesterday afternoon and this morning, I was trying to deploy the Gardener cluster on top of OpenStack (gx-scs infra) since I still don't have access to the Gardener test project. However, one or two nodes continue to encounter this error: No valid host was found. There are not enough hosts available.

Requirements for container registries v1:

  • In my opinion, we don't need to test this standard because it is related to the registries themselves, not to how the k8s cluster was deployed.
  • @anjastrunk can I remove this point from the issue?

@anjastrunk
Copy link
Contributor Author

Yesterday afternoon and this morning, I was trying to deploy the Gardener cluster on top of OpenStack (gx-scs infra) since I still don't have access to the Gardener test project. However, one or two nodes continue to encounter this error: No valid host was found. There are not enough hosts available.

Requirements for container registries v1:

* In my opinion, we don't need to test this standard because it is related to the registries themselves, not to how the k8s cluster was deployed.

* @anjastrunk can I remove this point from the issue?

Yes, I think so as

  1. All requirements are recommended
  2. There is no conformance test related to scs-0212-v1-requirements-for-container-registries

@michal-gubricky michal-gubricky moved this from Doing to Blocked / On hold in Sovereign Cloud Stack Nov 21, 2024
@michal-gubricky
Copy link
Contributor

On hold, as I still haven't been able to get access to the Gardener test project.

@anjastrunk
Copy link
Contributor Author

On hold, as I still haven't been able to get access to the Gardener test project.

What was the problem? Wouldn't @berendt provide you access to a Gardener test project?

@michal-gubricky
Copy link
Contributor

On hold, as I still haven't been able to get access to the Gardener test project.

What was the problem? Wouldn't @berendt provide you access to a Gardener test project?

Yes, access to a Gardener test project was not provided.

@anjastrunk
Copy link
Contributor Author

On hold, as I still haven't been able to get access to the Gardener test project.

What was the problem? Wouldn't @berendt provide you access to a Gardener test project?

Yes, access to a Gardener test project was not provided.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
SCS-VP10 Related to tender lot SCS-VP10
Projects
Status: Blocked / On hold
Development

No branches or pull requests

4 participants