-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set retention for staging images #525
Comments
I would like to work on prow job that will clean up the older images. |
/assign fiorm |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/reopen |
@spiffxp: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I agree 60d for GCR is reasonable. Staging GCR repos have images older than 60d. They should not, or people are going to assume they can use them in perpetuity. This came up because @msau42 mentioned CSI images were close to 60d and was concerned they would expire and break kubernetes CI. They won't.
We should give SIG Storage time to promote their images to k8s.gcr.io and update tests to use them. Then I think we should implement this. /assign @thockin @dims @bartsmykla |
I don't object in theory. There isn't a good mechanism to do it, short of writing our own daily things that loops over every staging repo and nukes old images. |
I can help with our own solution :-) |
Is there a recommended way to do canary testing with the 60d removal? For example, in csi, our periodic canary testing tests multiple repos' canary images in one job. But some repos are more active than others, and the inactive ones may not have any merges for > 60d. Is there a way we can keep the canary images around to facilitate this workflow without having to promote the canary tag? |
Define canary? If you need them long-term, why not promote them?
…On Wed, Aug 5, 2020 at 2:10 PM Michelle Au ***@***.***> wrote:
Is there a recommended way to do canary testing with the 60d removal? For
example, in csi, our periodic canary testing tests multiple repos' canary
images in one job. But some repos are more active than others, and the
inactive ones may not have any merges for > 60d. Is there a way we can keep
the canary images around to facilitate this workflow without having to
promote the canary tag?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#525 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVH5FBZLYUJENK6BUTDR7HDDPANCNFSM4J5IUKCA>
.
|
canary in our case is actually images with a "canary" tag. Every pr that merges, we build and repush the "canary" tag. We have a specific canary job that's configured to test using images with the canary tag. We do end up promoting those images with official release tags, and we have separate jobs that test using release images, but we will still have a canary job that tests against head of everything. |
Yeah, you would not want to promote those, and tags are not mutable in prod
anyway.
So the goal is to keep the last N builds (N may be 1), regardless of age or
whether that build was promoted or not?
That seems like a recipe for flakes, no?
If we were building our own retirement, we could (for example) always leave
a specific tag or something, I guess? But I am still shaky on the idea.
…On Wed, Aug 5, 2020 at 2:44 PM Michelle Au ***@***.***> wrote:
canary in our case is actually images with a "canary" tag. Every pr that
merges, we build and repush the "canary" tag. We have a specific canary job
that's configured to test using images with the canary tag. We do end up
promoting those images with official release tags, and we have separate
jobs that test using release images, but we will still have a canary job
that tests against head of everything.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#525 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVHPSXVOCLOUCJEIQP3R7HHFNANCNFSM4J5IUKCA>
.
|
If there's another way we could achieve a "test against latest for all images, even if some of the repos are inactive", open to suggestions. |
Perhaps we can add a periodic job which rebuilds canary images once a month? The added bonus is that we'll notice if something breaks in the build environment (shouldn't happen, but one never knows...) before actually trying to build a proper release. |
Why do you want to test against head as opposed to the latest release?
Even if that release is explicitly a "daily snapshot" or something? I
guess I don't fully know what all the images are or what you are testing...
…On Thu, Aug 6, 2020 at 12:08 AM Patrick Ohly ***@***.***> wrote:
Perhaps we can add a periodic job which rebuilds canary images once a
month? The added bonus is that we'll notice if something breaks in the
build environment (shouldn't happen, but one never knows...) before
actually trying to build a proper release.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#525 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVALGQLZ2WSHQRQ6GEDR7JJINANCNFSM4J5IUKCA>
.
|
/lifecycle frozen |
I think you meant "we don't promote our canaries", right?
Here's a PR which tentatively defines a job which refreshes "canary" for one repo: kubernetes/test-infra#19734 Release candidates are still problematic. We sometimes need those while preparing new sidecars for an upcoming Kubernetes release. On the other hand, the time period where we do need them might be small enough that the normal retention period is okay, so this might not be a problem? |
What I meant was we do promote canary builds to official release version tags. We don't promote the "canary" tag. Yes I think we can treat release candidates separately. We don't want to promote release candidates and merge any tests that depend on release candidates in k/k |
From https://cloud.google.com/container-registry/docs/managing#deleting_images:
|
/milestone v1.23 |
/milestone clear |
/milestone v1.32 |
/milestone v1.34 |
We have a 90d retention policy enabled already on the artifact registry images in k8s-staging-images, I think we may roll this up into the AR migration? cc @upodroid |
That's correct. We currently have a 90d retention for staging AR registries. We might tighten that in the future. |
If we do any in-place migrations we'll enable this on the ARs then, should be simpler that way. |
We currently set a 60d retention on staging storage and staging gcb storage, but don't enforce any retention for images.
Staging images should be discouraged from being used and therefore adding a retention policy would help setting the right expectations as well as keep our storage needs lower in the long run.
I am proposing the same 60d retention to keep things the same across all staging retention settings. Happy for other suggestions.
Additional notes:
Currently GCR itself doesn't provide retention settings. We could create the retention on the GCR created bucket, but I assume this could lead to weird issues.
The other option could run a prow job every week to clean up older images.
"Manual" removal script example: https://gist.github.com/ahmetb/7ce6d741bd5baa194a3fac6b1fec8bb7
The text was updated successfully, but these errors were encountered: