Golang dep unable to resolve dependencies - kubernetes

I am using kubebuilder to create kubernetes operator project. After running the project init command described in quickstart guide
kubebuilder init --domain k8s.io --license apache2 --owner "The Kubernetes Authors"
dep ensure returns with error log given below.
Solving failure: No versions of k8s.io/client-go met constraints:
v8.0.0: Could not introduce k8s.io/client-go#v8.0.0, as it is not allowed by constraints from the following projects:
kubernetes-1.10.1 from (root)
kubernetes-1.10.1 from sigs.k8s.io/controller-runtime#master
v7.0.0: Could not introduce k8s.io/client-go#v7.0.0, as it is not allowed by constraints from the following projects:
kubernetes-1.10.1 from (root)
kubernetes-1.10.1 from sigs.k8s.io/controller-runtime#master
v6.0.0: Could not introduce k8s.io/client-go#v6.0.0, as it is not allowed by constraints from the following projects:
kubernetes-1.10.1 from (root)
kubernetes-1.10.1 from sigs.k8s.io/controller-runtime#master

Try using the latest kubebuilder from here. It's likely that the dependencies for the version in the quick start are out of date.
It works fine for me with v1.0.3
~/go/src/github.com $ kubebuilder init --domain k8s.io --license apache2 --owner "The Kubernetes Authors"
Run `dep ensure` to fetch dependencies (Recommended) [y/n]?
y
dep ensure
Running make...
make
go generate ./pkg/... ./cmd/...
go fmt ./pkg/... ./cmd/...
go vet ./pkg/... ./cmd/...
go run vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go all
CRD manifests generated under '/root/go/src/github.com/config/crds'
RBAC manifests generated under '/root/go/src/github.com/config/rbac'
go test ./pkg/... ./cmd/... -coverprofile cover.out
? github.com/pkg/apis [no test files]
? github.com/pkg/controller [no test files]
ok github.com/pkg/errors 0.207s coverage: 100.0% of statements
? github.com/cmd/manager [no test files]
go build -o bin/manager github.com/cmd/manager
Next: Define a resource with:
$ kubebuilder create api

Related

Github Action failing to Build Images for the plugins being used in workflow

I am trying to use a plugin in my eks based k8s cluster,
I am using a Github Action controller that spawns on demand Container as Self Hosted runner
When the Github action start this plugin or any other that needs to build itself as a docker image fails with below error, any thoughts or ideas ?
This is my self hosted runner image Link
FYI : If i run a standalone alpine container in the cluster all typical cmd works, and this also works with default ubuntu based self hosted runner, so i dont think its the cluster
/usr/local/bin/docker build -t 60e226:1b6fc15462134e6fb8520b7df48cf7fd -f "/runner/_work/_actions/aquasecurity/trivy-action/master/Dockerfile" "/runner/_work/_actions/aquasecurity/trivy-action/master"
Sending build context to Docker daemon 644.6kB
Step 1/5 : FROM ghcr.io/aquasecurity/trivy:0.[3](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:3)7.1
0.37.1: Pulling from aquasecurity/trivy
c158987b0551: Pulling fs layer
67a7d067ef7d: Pulling fs layer[6]Download complete
67a7d067ef7d: Pull complete
2ec1cdd48f38: Verifying Checksum
2ec1cdd48f38: Download complete
2ec1cdd48f38: Pull complete
fe56e6aa700e: Pull complete
Digest: sha256:7c[16](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:16)7f7f3002948f1ec099555aa968bd8b8b097780603a38cc801fe965da0a69
Status: Downloaded newer image for ghcr.io/aquasecurity/trivy:0.37.1
---> c3e68408cd24
Step 2/5 : COPY entrypoint.sh /
---> 1f1da443ea86
Step 3/5 : RUN apk --no-cache add bash curl npm
---> Running in 647f7f479cac
fetch https://dl-cdn.alpinelinux.org/alpine/v3.[17](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:17)/main/x86_64/APKINDEX.tar.gz
48ABC73BEB7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:[18](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:18)89:
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/main: Permission denied
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
48ABC73BEB7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/community: Permission denied
ERROR: unable to select packages:
bash (no such package):
required by: world[bash]
curl (no such package):
required by: world[curl]
npm (no such package):
required by: world[npm]
The command '/bin/sh -c apk --no-cache add bash curl npm' returned a non-zero code: 3
Warning: Docker build failed with exit code 3, back off 6.807 seconds before retry.
It was expected to build the docker image and proceed with the github action workflow
Tried different flavors of image and nothing worked except for ubunut-latest
the plugin in question
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action#master
with:
image-ref: 'test:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

Is it possible to run Karate test in a pod? If possible, then how?

I just want to know whether I can run Karate test in a pod. Or is there any good suggestion on how to run it?
I tried to run the Karate test in terminal and it works. Just want to know if I can run it from Kubernetes pod. Nginx also running in the pod.
You can everything in pod whatever you are running outside environment. Pod run the container inside it.
So create the docker file and generate the docker image using docker file. Using that docker image and start the karate pod.
You can write the docker file like this
FROM maven:3-jdk-8-alpine
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY settings.xml /usr/share/maven/ref/
COPY pom.xml /tmp/pom.xml
COPY . /usr/src/app
RUN mvn -B -f /tmp/pom.xml -s /usr/share/maven/ref/settings-docker.xml prepare-package -DskipTests
CMD ["/usr/src/app/maven_runner.sh"]
I found here one example : https://github.com/neillfontes/karate-sample
Posting as Community Wiki for future use.
#Harsh Manvar provided good example, however if you will just build it from Dockerfile, you will recieved errors. You have to download all files mentioned in Github. Correct oreder will be:
$ git clone https://github.com/neillfontes/karate-sample.git
$ cd karate-sample
$ docker build -t karate_docker .
After image was built you can check it:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
karate_docker latest 9dc6d7a5278a About a minute ago 136MB
Later you can start testing using:
$ docker run karate_docker
START: Running tests...
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running demo.DemoTest
11:57:49.684 [main] DEBUG c.i.karate.cucumber.CucumberRunner - init test class: class demo.DemoTest
11:57:50.412 [main] DEBUG c.i.karate.cucumber.CucumberRunner - loading feature: /usr/src/app/target/test-classes/demo/features/get-token.feature
11:57:50.663 [main] DEBUG c.i.karate.cucumber.CucumberRunner - loading feature: /usr/src/app/target/test-classes/demo/features/make-request.feature
11:57:53.898 [main] INFO com.intuit.karate.ScriptBridge - karate.env system property was: null
11:57:54.867 [main] DEBUG c.i.k.h.a.RequestLoggingInterceptor -
1 > POST http://brentertainment.com/oauth2/lockdin/token
1 > Accept-Encoding: gzip,deflate
1 > Connection: Keep-Alive
1 > Content-Length: 96

How to run e2e tests on custom cluster within Kubernetes.

https://github.com/kubernetes/community/blob/master/contributors/devel/e2e-tests.md#testing-against-local-clusters
I have been following the above guide, but I keep getting this error:
2017/07/12 09:53:58 util.go:131: Step './cluster/kubectl.sh version --match-server-version=false' finished in 20.604745ms
2017/07/12 09:53:58 util.go:129: Running: ./hack/e2e-internal/e2e-status.sh
WARNING: The bash deployment for AWS is obsolete. The
v1.5.x releases are the last to support cluster/kube-up.sh with AWS.
For a list of viable alternatives, (...)
2017/07/12 09:53:58 util.go:131: Step './hack/e2e-internal/e2e-status.sh' finished in 18.71843ms
2017/07/12 09:53:58 main.go:216: Something went wrong: encountered 2 errors: [error during ./cluster/kubectl.sh version --match-server-version=false: exit status 1 error during ./hack/e2e-internal/e2e-status.sh: exit status 1]
2017/07/12 09:53:58 e2e.go:78: err: exit status 1
How do I fix this, what am I doing wrong?
If you just want to execute e2e tests without setting up the whole cluster, you can compile them from kubernetes repository: make all WHAT=test/e2e/e2e.test, and then run this compiled e2e binary against your cluster: ./e2e.test --host="<your apiserver>" --provider=local --kubeconfig=<kubeconfig location> -ginkgo.Focus="/[Conformance/]". Conformance tests should pass for any kubernetes cluster, but of course you can set any filter you want. To list all available tests, type: ./e2e.test --ginkgo.DryRun.
Some supplements
You can also compile ginkgo:
make WHAT=vendor/github.com/onsi/ginkgo/ginkgo
Some options are useful:(ginkgo --help to see details)
-flakeAttempts
-focus
-nodes
-outputdir
-skip
-v
To run tests parellely:(set --node=1 for serial tests)
./_output/bin/ginkgo --nodes=25 --flakeAttempts=2 \
./_output/bin/e2e.test -- --host="http://127.0.0.1:8080" \
--provider="local" --ginkgo.v=true --kubeconfig="~/.kube/config" \
--ginkgo.focus="Conformance" --ginkgo.skip="Serial|Slow" \
--ginkgo.failFast=false
And if you want to launch local cluster for e2e testing, hack/local-up-cluster.sh is handy.

chef recipe doesn't find ohai plugin defined resource

I want to add additional resource 'version of installed openssh' to Ohai to use it in my openssh maintaining recipe.
On RHEL 5.11 Chef 12.4.1 Ohai 8.5.0 test workstation I have created and tested Ohai plugin
$ cat cookbooks/test/files/default/plugins/openssh.rb
Ohai.plugin(:Openssh) do
provides "openssh"
Ohai::Log.debug('plugin start')
def create_objects
openssh Mash.new
end
collect_data do
create_objects
openssh[:version] = 'ssh -V 2>&1 |head -1| cut -d, -f1| cut -d_ -f2 '
end
end
Local test of ohai plugin in irb is working fine.
Now I'm trying to check resource visibility in Chef recipe
$ cat test/recipes/default.rb
file "#{ENV['HOME']}/x.txt" do
content 'HELLO WORLD'
end
output="#{Chef::JSONCompat.to_json_pretty(node.to_hash)}"
file '/tmp/node.json' do
content output
end
Chef::Log.info("============ test cookbook ** #{openssh['version']} **")
\#Chef::Log.info("============ test cookbook ** #{node['kernel']} **")
by running local chef-client
$ chef-client -z -m test/recipes/default.rb
To make additional plugin visible line is added to config files
$grep Ohai ~/.chef/*.rb
~/.chef/client.rb:Ohai::Config[:plugin_path] << '~/chef/cookbooks/test/files/default/plugins/'
~/.chef/knife.rb:Ohai::Config[:plugin_path] << '~/chef/cookbooks/test/files/default/plugins/'
(I understand that this is too explicit )
Although running with printing node['kernel'] is working fine , openssh version is not running with debug log that shows:
[2016-01-27T11:48:21-08:00] DEBUG: Cookbooks detail: []
[2016-01-27T11:48:21-08:00] DEBUG: Cookbooks to compile: []
[2016-01-27T11:48:21-08:00] DEBUG: **Loading Recipe File XXX/cookbooks/test/recipes/default.rb**
[2016-01-27T11:48:21-08:00] DEBUG: Resources for generic file resource enabled on node include: [Chef::Resource::File]
[2016-01-27T11:48:21-08:00] DEBUG: Resource for file is Chef::Resource::File
[2016-01-27T11:48:21-08:00] DEBUG: Resources for generic file resource enabled on node include: [Chef::Resource::File]
[2016-01-27T11:48:21-08:00] DEBUG: Resource for file is Chef::Resource::File
[2016-01-27T11:48:21-08:00] DEBUG: Resources for generic openssh resource enabled on node include: []
[2016-01-27T11:48:21-08:00] DEBUG: **Dynamic resource resolver FAILED to resolve a resource for openssh**
[2016-01-27T11:48:21-08:00] DEBUG: Re-raising exception: NameError - No resource, method, or local variable named `openssh' for `Chef::Recipe "XXX/cookbooks/test/recipes/default.rb"'
Questions:
How properly chef out additional plugin to recipe for local and remote execution? How to check that it is cheffed out and ready?
How properly notify chef-client to execute ohai additional plugin for local single recipe run and for remote run as well?
Any explanations and suggestions are welcomed.
Alex
A few issues: first check out https://github.com/coderanger/ohai-example to see how to package an ohai plugin in a cookbook for distribution. Second, node attributes from custom plugins still need to be accessed via the node object: node['openssh']['version']. Third, remember how execution ordering works in Chef (https://coderanger.net/two-pass/) and that the custom attributes won't be available until after the plugin is loaded and run.
Checkout mainstream before google!
This project describes how to deploy you plugin in 2017 year!
https://github.com/chef-cookbooks/ohai

Does "Placing binaries" mean building k8s successfully?

I follow this Getting started with Kubernetes on Mesos to try to build Kubernetes-Mesos:
git clone https://github.com/kubernetes/kubernetes
cd kubernetes
export KUBERNETES_CONTRIB=mesos
make
But executing make, it outputs following log:
$ make
hack/build-go.sh
+++ [1204 04:38:23] Building go targets for linux/amd64:
cmd/kube-proxy
cmd/kube-apiserver
cmd/kube-controller-manager
cmd/kubelet
cmd/kubemark
cmd/hyperkube
cmd/linkcheck
plugin/cmd/kube-scheduler
contrib/mesos/cmd/k8sm-scheduler
contrib/mesos/cmd/k8sm-executor
contrib/mesos/cmd/k8sm-controller-manager
contrib/mesos/cmd/km
cmd/kubectl
cmd/integration
cmd/gendocs
cmd/genkubedocs
cmd/genman
cmd/mungedocs
cmd/genbashcomp
cmd/genconversion
cmd/gendeepcopy
cmd/genswaggertypedocs
examples/k8petstore/web-server/src
github.com/onsi/ginkgo/ginkgo
test/e2e/e2e.test
+++ [1204 04:38:34] Placing binaries
$
So is the build success or not? I can't find useful prompt info.
Yes, that indicates a successful build.