From eb45471a7d29ee696be1a930b220309c53d8b3a5 Mon Sep 17 00:00:00 2001 From: Yuedong Wu Date: Wed, 1 Jan 2025 19:33:46 +0800 Subject: [PATCH] ci --- ...ert-manager-operator-master__ocp-4.17.yaml | 82 +++++++ ...ert-manager-operator-master-periodics.yaml | 226 ++++++++++++++++++ .../install/cert-manager-install-commands.sh | 178 ++++++++------ .../install/cert-manager-install-ref.yaml | 41 ++-- 4 files changed, 442 insertions(+), 85 deletions(-) create mode 100644 ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master__ocp-4.17.yaml create mode 100644 ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-periodics.yaml diff --git a/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master__ocp-4.17.yaml b/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master__ocp-4.17.yaml new file mode 100644 index 0000000000000..43d685c720e53 --- /dev/null +++ b/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master__ocp-4.17.yaml @@ -0,0 +1,82 @@ +base_images: + cli: + name: "4.17" + namespace: ocp + tag: cli + upi-installer: + name: "4.17" + namespace: ocp + tag: upi-installer + tests-private: + name: tests-private + namespace: ci + tag: "4.17" +build_root: + image_stream_tag: + name: release + namespace: openshift + tag: golang-1.21 + use_build_cache: true +releases: + latest: + candidate: + product: ocp + stream: nightly + version: "4.17" + architecture: amd64 +resources: + '*': + requests: + cpu: 100m + memory: 200Mi +tests: +- as: e2e-operator + cron: '@weekly' + steps: + cluster_profile: aws-qe + env: + BASE_DOMAIN: qe.devcluster.openshift.com + TEST_FILTERS: CFE&;~ChkUpgrade&; + TEST_SCENARIOS: cert-manager + test: + - ref: openshift-extended-test + - ref: openshift-e2e-test-qe-report + workflow: cucushift-installer-rehearse-aws-ipi +- as: e2e-operator-prod + cron: '@weekly' + steps: + cluster_profile: aws + env: + CHANNEL: stable-v1.14 + TARGET_NAMESPACES: cert-manager-operator + test: + - ref: cert-manager-install + - as: test + cli: latest + commands: make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws +- as: e2e-operator-stage + cron: '@weekly' + steps: + cluster_profile: aws + env: + INDEX_IMG: quay.io/redhat-user-workloads/cert-manager-oape-tenant/cert-manager-operator-1-15/cert-manager-operator-fbc-1-15:bf2b01d9ed2c009b6007c5f651b7b18043f8941a + test: + - ref: cert-manager-install + - as: test + cli: latest + commands: make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws +zz_generated_metadata: + branch: master + org: openshift + repo: cert-manager-operator + variant: ocp-4.17 diff --git a/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-periodics.yaml b/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-periodics.yaml new file mode 100644 index 0000000000000..d50b45c1729e2 --- /dev/null +++ b/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-periodics.yaml @@ -0,0 +1,226 @@ +periodics: +- agent: kubernetes + cluster: build10 + cron: '@weekly' + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: cert-manager-operator + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-qe + ci-operator.openshift.io/variant: ocp-4.17 + ci.openshift.io/generator: prowgen + job-release: "4.17" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cert-manager-operator-master-ocp-4.17-e2e-operator + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator + - --variant=ocp-4.17 + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build10 + cron: '@weekly' + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: cert-manager-operator + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws + ci-operator.openshift.io/variant: ocp-4.17 + ci.openshift.io/generator: prowgen + job-release: "4.17" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cert-manager-operator-master-ocp-4.17-e2e-operator-prod + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-prod + - --variant=ocp-4.17 + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build10 + cron: '@weekly' + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: cert-manager-operator + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws + ci-operator.openshift.io/variant: ocp-4.17 + ci.openshift.io/generator: prowgen + job-release: "4.17" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-cert-manager-operator-master-ocp-4.17-e2e-operator-stage + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-stage + - --variant=ocp-4.17 + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/step-registry/cert-manager/install/cert-manager-install-commands.sh b/ci-operator/step-registry/cert-manager/install/cert-manager-install-commands.sh index f13369ecdc109..0be33000d9c58 100644 --- a/ci-operator/step-registry/cert-manager/install/cert-manager-install-commands.sh +++ b/ci-operator/step-registry/cert-manager/install/cert-manager-install-commands.sh @@ -4,18 +4,79 @@ set -e set -u set -o pipefail -if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then - source "${SHARED_DIR}/proxy-conf.sh" - echo "proxy: ${SHARED_DIR}/proxy-conf.sh" -fi +function run_command() { + local cmd="$1" + echo "Running Command: ${cmd}" + eval "${cmd}" +} -CATSRC=qe-app-registry -if [[ ! "$(oc get catalogsource qe-app-registry -n openshift-marketplace -o yaml)" =~ "lastObservedState: READY" ]]; then - echo "The catalogsource qe-app-registry is either not existing or not ready. Will use redhat-operators to install cert-manager Operator." - CATSRC=redhat-operators -fi +function set_proxy () { + if test -s "${SHARED_DIR}/proxy-conf.sh" ; then + echo "Setting proxy configuration" + source "${SHARED_DIR}/proxy-conf.sh" + else + echo "No proxy settings found. Skipping proxy configuration" + fi +} + +function auth_stage_registry () { + echo "Retrieving the 'registry.stage.redhat.io' auth config from shared credentials" + local stage_registry_path="/var/run/vault/mirror-registry/registry_stage.json" + local stage_auth_user=$(jq -r '.user' $stage_registry_path) + local stage_auth_password=$(jq -r '.password' $stage_registry_path) + local stage_auth_config=$(echo -n " " "$stage_auth_user":"$stage_auth_password" | base64 -w 0) + + echo "Updating the image pull secret with the auth config" + oc extract secret/pull-secret -n openshift-config --confirm --to /tmp + local new_dockerconfig="/tmp/.new-dockerconfigjson" + jq --argjson a "{\"registry.stage.redhat.io\": {\"auth\": \"$stage_auth_config\"}}" '.auths |= . + $a' "/tmp/.dockerconfigjson" >"$new_dockerconfig" + oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=$new_dockerconfig +} + +function wait_for_state() { + local object="$1" + local state="$2" + local timeout="$3" + local namespace="${4:-}" + local selector="${5:-}" + + echo "Waiting for (${object}) in namespace (${namespace}) with selector (${selector}) to exist..." + for i in {1..60}; do + oc get ${object} --selector="${selector}" -n=${namespace} |& grep -ivE "(no resources found|not found)" && break || sleep 5 + done -oc create -f - << EOF + echo "Waiting for (${object}) in namespace (${namespace}) with selector (${selector}) to become (${state})..." + oc wait --for=${state} --timeout=${timeout} ${object} --selector="${selector}" -n="${namespace}" +} + +function create_catalogsource () { + echo "Creating a custom catalogsource using image: $INDEX_IMG" + oc apply -f - << EOF +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: $CATSRC + namespace: openshift-marketplace +spec: + sourceType: grpc + image: $INDEX_IMG +EOF +} + +function is_catalogsource_ready () { + if wait_for_state "catalogsource/${CATSRC}" "jsonpath={.status.connectionState.lastObservedState}=READY" "5m" "openshift-marketplace"; then + echo "CatalogSource is ready" + else + echo "Timed out after 5m. Dumping resources for debugging..." + run_command "oc get pod -n openshift-marketplace" + run_command "oc get event -n openshift-marketplace | grep ${CATSRC}" + exit 1 + fi +} + +function subscribe_operator () { + echo "Creating the Namespace, OperatorGroup and Subscription for the operator installation" + oc apply -f - <