The authz test flaked as no RPCs of the expected type had completed
within the sampling window. Server logs showed authz logs completing
batch of 276 RPCs back-to-back, without the expected 40 ms separation
(qps=25). It took a bit over 1 second to process through the backlog.
With the sample duration of 500 ms and there being a polling delay
between when the channel is READY and when the test driver polls
channelz, it makes sense that we can get lucky much of the time.
Obviously, adding a sleep isn't great either, but measuring the queue
length indirectly is more complex than really appropriate here. The real
solution is to stop using this continuous-qps test client.
```
Traceback (most recent call last):
File "/tmp/work/grpc/tools/run_tests/xds_k8s_test_driver/tests/authz_test.py", line 252, in test_tls_allow
grpc.StatusCode.OK)
File "/tmp/work/grpc/tools/run_tests/xds_k8s_test_driver/tests/authz_test.py", line 183, in configure_and_assert
method=rpc_type)
File "/tmp/work/grpc/tools/run_tests/xds_k8s_test_driver/framework/xds_k8s_testcase.py", line 284, in assertRpcStatusCodes
self.assertGreater(stats.result[status_code.value[0]], 0)
AssertionError: 0 not greater than 0
```
* Add back references and scope field
* Set scope in router
* Reverse order of cleanup
* Add router_scope flag
* Use router_scope flag to create Router
* I apparently don't know how to brain
* Yapf
* Yeah, that can't be the default
* Remove debug print
* Remove impossible todos
* And another
* Switch from router-scope to config-scope
* Implement schema changes
* Use backend service URL
* Use CLH reference format to backend service
* I am an idiot
* *internal screaming*
* Try project number
* Why is this all awful
* Go back to trying project name
* Try cleaning things up
* Agh
* Address review comments
* Remove superfluous Optional type
A broken fix for the server-side bug is producing invalid configuration,
causing the server to reject all the configuration. Disable the
configuration and tests until fix is fixed.
* Support generic_xds_config in GCE/GKE frameworks and Python tests
* Correct the field name
* Address comments
* Add new CSDS support to the regular K8s testcases
* Support incomplete CSDS config dump
The control plane was updated to more properly match the principal being
present, so now plaintext and mTLS are working properly. But the change
is using slightly the wrong semantics for TLS, so we get to change which
tests are commented out.
* Add compute alpha API config file
* WIP
* Try not to create a new job
* Change from using discovery file to use version flag
* Give compute_api_version a default value
* Extend the timeout of xds_k8s_lb
* Apply suggestions from code review
Co-authored-by: Sergii Tkachenko <hi@sergii.org>
Co-authored-by: Sergii Tkachenko <hi@sergii.org>
* xds-k8s: fix typo WORKLOAD_SERVICE_ACCOUNT to WORKLOAD_SA_EMAIL
also add content about image access and privateCAs
cluster create not to use beta and use mesh certs
Co-authored-by: Sergii Tkachenko <hi@sergii.org>
Error example:
google.protobuf.json_format.ParseError:
Failed to parse details field: Can not find message descriptor
by type_url: type.googleapis.com/google.rpc.BadRequest..
* xds/interop: turn on validate-for-proxyless for urlmap tests
It was turned off because retry and affinity configs were not allowed
for proxyless gRPC.
* REVERT THIS, regenerate resources
* Revert "REVERT THIS, regenerate resources"
This reverts commit a26e2916ef.
* Fix several minor issues with url-map k8s tests
* Revert changes about backend service
* Fix a k8s flag name
* Update tools/run_tests/xds_k8s_test_driver/config/local-dev.cfg.example
Co-authored-by: Sergii Tkachenko <hi@sergii.org>
Co-authored-by: Sergii Tkachenko <hi@sergii.org>
* wip: port non-security tests to k8s
* port forwarding offset
* combine and log health status changes
* split tests
* add remove_neg method
* implement assertRpcsEventuallyGoToGivenServers
* remove neg and change backend
* make maxRatePerEndpoint configurable
* _test suffix
* "rebase" onto master
* yapf and isort
* add to grpc_xds_k8s.sh
* undo change to run_test_server.py
* fix (avoid?) cleanup error with reuse_namespace=True when run with force_cleanup flag
otherwise cleaning up the secondary KubernetesServerRunner tries to
delete the namespace as well (since force overrides the reuse_namespace
flag in
https://github.com/grpc/grpc/blob/master/tools/run_tests/xds_k8s_test_driver/framework/test_app/base_runner.py#L76)
I'm not sure of the intended semantics of reuse_namespace and force, so
unclear if that conditional in base_runner.py should be changed to allow
the calls to cleanup the secondary KubernetesServerRunners continue to
forward the values of the cleanup/force_cleanup flags
* fix dates
* Add support for secondary kube context for failover test
* Revert "Add support for secondary kube context for failover test"
This reverts commit b7455f2a92.
* Revert "add to grpc_xds_k8s.sh"
This reverts commit 737f13fdc8.
Otherwise, unless force_cleanup is set to true, the HTTP target proxy
deletion fails but still unsets the target_proxy field, resulting in the
gRPC target proxy deletion being skipped (and preventing all subsequent
cleanup operations)
* Add xds retry interop test to GKE test framework
* s/Affinity/Retry/
* more informative test name
* enable retry
* update java test server
* add missing import
* Add isort_code.sh to sanity tests
* Run tools/distrib/isort_code.sh
* Fine tune the import order for relative imports
* Make pylint and project generation happy
* Fix a few corner cases
* Use --check instead of --diff
* The import order impacts test result somehow
* Make isort print diff and check output at the same time
* Let tools/run_tests/python_utils be firstparty library
* Run isort against latest HEAD
* affinity test
- most basic affinity test
- verify that the received RDS and CDS are correctly configured for affinity
- verify that all RPCs are only sent to the one backend
- verify that only one sub-channel is connected, the other 2 are IDLE
And infra changes:
- add argument to set affinity config when creating backend service
- add a new backend service "affinity" to be shared by all affinity test
- this backend service is configured to do header affinity
- it has 3 endpoints
- replica support copied from PR https://github.com/grpc/grpc/pull/26360
- update backend services from GRPC to HTTP2, to disable validate-for-proxyless
- this will be reverted later
- add channelz function to query subchannels
- add method to configure the initial RPC config (RPC types and RPC metadata) when creating the client
- set env var to enable RING_HASH support
* c1
* REVERT THIS: update strategy to trigger a manual build
* config: suffix to prefix
* Revert "REVERT THIS: update strategy to trigger a manual build"
This reverts commit 830776fef9.
Richard Belleville
Lidi Zheng
Eric Anderson
yifeizhuang
Sergii Tkachenko
Menghan Li
Doug Fawley
sanjaypujare
Eric Gribkoff
ZHANG Dapeng