Add scs-0210-v2 and scs-0214-v1 zuul checks

Signed-off-by: Matej Feder <matej.feder@dnation.cloud>

.zuul.yaml

@@ -11,6 +11,13 @@
     cleanup-run: playbooks/cleanup.yaml  # executed also when the job is canceled
     vars:
       wait_for_cluster: 600  # 10min
+      extra_env: {}
+      sonobouy:
+        enabled: false
+      scs_version_policy:
+        enabled: false
+      scs_node_distribution:
+        enabled: false
 
 - job:
     name: k8s-cluster-api-provider-e2e-conformance
@@ -21,7 +28,9 @@
       it will test if the Kubernetes cluster is conformant to the CNCF.
     timeout: 10800  # 3h
     vars:
-      sonobouy_mode: conformance
+      sonobouy:
+        enabled: true
+        mode: conformance
 
 - job:
     name: k8s-cluster-api-provider-e2e-quick
@@ -31,7 +40,20 @@
       [sonobuoy](https://sonobuoy.io/) with mode quick.
     timeout: 3600  # 1h
     vars:
-      sonobouy_mode: quick
+      sonobouy:
+        enabled: true
+        mode: quick
+
+- job:
+    name: k8s-cluster-api-provider-scs-version-policy-1.27
+    parent: k8s-cluster-api-provider-e2e-abstract
+    description: |
+      Run scs-version-policy tests scs-0210-v2.
+    vars:
+      extra_env:
+        TF_VAR_kubernetes_version: 1.27.x
+      scs_version_policy:
+        enabled: true
 
 - project:
     name: SovereignCloudStack/k8s-cluster-api-provider

playbooks/e2e.yaml

@@ -17,10 +17,18 @@
     pr_or_main: "{{ 'pr' + zuul.change if zuul.change is defined else 'main' }}"
     prefix: "{{ (pr_or_main + '-' + zuul.build) | truncate(12, True, '') }}"
     testcluster_name: "{{ (pr_or_main + '-' + zuul.build) | truncate(12, True, '') }}"
-  environment:
-    ENVIRONMENT: "{{ cloud_provider }}"
-    PATH: "{{ ansible_user_dir }}/.local/bin:{{ ansible_env.PATH }}"
+    env_variables:
+      ENVIRONMENT: "{{ cloud_provider }}"
+      PATH: "{{ ansible_user_dir }}/.local/bin:{{ ansible_env.PATH }}"
+    env_variables_merged: "{{ env_variables | combine(extra_env | default({}) ) }}"
+  environment: "{{ env_variables_merged }}"
   tasks:
+  # TODO: improve it, and allow to execute multiple checks at once.
+  #   The tricky part here is to concatenate the results from multiple checks.
+  - name: Validate whether only one check is going to be executed
+    ansible.builtin.fail:
+      msg: "Currently, only one check could be executed per pipeline"
+    when: (sonobouy.enabled and scs_version_policy.enabled) or (sonobouy.enabled and scs_node_distribution.enabled) or (scs_version_policy.enabled and scs_node_distribution.enabled)
   - name: Prepare environment
     block:
     - name: Get PR details
@@ -87,7 +95,7 @@
       become: true
       when: mtu.stdout != "1500"
       changed_when: mtu.stdout != "1500"
-  - name: Create k8s cluster and execute sonobouy check
+  - name: Create k8s cluster and execute checks
     block:
     - name: Create k8s cluster
       ansible.builtin.command: "make create GITREFERENCE={{ git_branch_name }} GITREPO={{ git_repository_url }}"
@@ -106,25 +114,25 @@
       environment:
         KUBECONFIG: "{{ testcluster_name }}.yaml.{{ cloud_provider }}"
       changed_when: true
-    - name: Execute sonobouy check mode {{ sonobouy_mode }}
-      ansible.builtin.command: "make check-{{ sonobouy_mode }}"
-      register: sonobouy_results
-      args:
-        chdir: "{{ project_tf_dir }}"
-      changed_when: true
+    - name: Import sonobouy tasks
+      ansible.builtin.import_tasks: tasks/sonobouy.yaml
+      when: sonobouy.enabled
+    - name: Import scs_version_policy tasks
+      ansible.builtin.import_tasks: tasks/scs_version_policy.yaml
+      vars:
+        kubeconfig_path: "{{ project_tf_dir }}/{{ testcluster_name }}.yaml.{{ cloud_provider }}"
+      when: scs_version_policy.enabled
+    - name: Import scs_node_distribution tasks
+      ansible.builtin.import_tasks: tasks/scs_node_distribution.yaml
+      when: scs_node_distribution.enabled
     always:
-    - name: Parse sonobouy results  # noqa: ignore-errors
-      ansible.builtin.set_fact:
-        sonobouy_results_parsed: "{{ sonobouy_results.stdout | regex_search('=== Collecting results ===[\\S\\s]*') }}"
-      when: sonobouy_results is defined
-      ignore_errors: true  # ignore when this task failed as it is nice to have, and we should ensure that fullclean is reached
-    - name: Insert parsed sonobouy results to the warning message that will be appended to the comment zuul leaves on the PR  # noqa: ignore-errors
+    - name: Insert check results to the warning message that will be appended to the comment zuul leaves on the PR  # noqa: ignore-errors
       zuul_return:
         data:
           zuul:
             warnings:
-              - "<details>\n  <summary><b>Sonobouy results</b></summary>\n{{ sonobouy_results_parsed }}\n</details>"
-      when: sonobouy_results_parsed is defined and sonobouy_results_parsed | length > 0
+              - "<details>\n  <summary><b>Sonobouy results</b></summary>\n{{ check_results }}\n</details>"
+      when: check_results is defined and check_results | length > 0
       ignore_errors: true  # ignore when this task failed as it is nice to have, and we should ensure that fullclean is reached
     - name: Cleanup - fullclean
       ansible.builtin.command: "make fullclean"

playbooks/tasks/scs_node_distribution.yaml

@@ -0,0 +1,44 @@
+---
+- name: Download, install, configure, and execute k8s-node-distribution-check check
+  vars:
+    check_dir: "{{ ansible_user_dir }}/k8s-node-distribution-check"
+    python_venv_dir: "{{ ansible_user_dir }}/k8s-node-distribution-check/venv"
+  block:
+  - name: Check if `kubeconfig_path` variable is defined
+    ansible.builtin.fail:
+      msg: "kubeconfig_path is not defined or empty"
+    when: kubeconfig_path is not defined or kubeconfig_path == ''
+  - name: Ensure check directory
+    ansible.builtin.file:
+      path: "{{ check_dir }}"
+      state: directory
+      mode: 0755
+  - name: Download check assets
+    ansible.builtin.get_url:
+      url: "https://raw.githubusercontent.com/SovereignCloudStack/standards/main/Tests/{{ item }}"
+      dest: "{{ check_dir }}/{{ item | basename }}"
+    loop:
+      - requirements.txt
+      - kaas/k8s-node-distribution/k8s-node-distribution-check.py
+      - kaas/k8s-node-distribution/config.yaml.template
+  - name: Create config file from the template
+    command: "mv {{ check_dir }}/config.yaml.template {{ check_dir }}/config.yaml"
+  - name: Install check requirements
+    ansible.builtin.pip:
+      requirements: "{{ check_dir }}/requirements.txt"
+      virtualenv: "{{ python_venv_dir }}"
+  - name: Execute k8s-node-distribution check
+    ansible.builtin.shell:
+      cmd:
+        ". {{ python_venv_dir }}/bin/activate &&
+         python3 {{ check_dir }}/k8s-node-distribution-check.py -c {{ check_dir }}/config.yaml -k {{ kubeconfig_path }}"
+    changed_when: false
+    register: k8s_check_results
+  - name: Parse check results
+    ansible.builtin.set_fact:
+      check_results: "{{ k8s_check_results.stdout  }}"
+    when: k8s_check_results is defined
+  - name: Print check_results to the STDOUT
+    ansible.builtin.debug:
+      msg: "{{ check_results.stdout }}"
+    when: k8s_check_results is defined

playbooks/tasks/scs_version_policy.yaml

@@ -0,0 +1,44 @@
+---
+- name: Download, install, configure, and execute k8s-version-recency check
+  vars:
+    check_dir: "{{ ansible_user_dir }}/k8s_version_recency"
+    python_venv_dir: "{{ ansible_user_dir }}/k8s_version_recency/venv"
+  block:
+  - name: Check if `kubeconfig_path` variable is defined
+    ansible.builtin.fail:
+      msg: "kubeconfig_path is not defined or empty"
+    when: kubeconfig_path is not defined or kubeconfig_path == ''
+  - name: Ensure check directory
+    ansible.builtin.file:
+      path: "{{ check_dir }}"
+      state: directory
+      mode: 0755
+  - name: Download check assets
+    ansible.builtin.get_url:
+      url: "https://raw.githubusercontent.com/SovereignCloudStack/standards/main/Tests/{{ item }}"
+      dest: "{{ check_dir }}/{{ item | basename }}"
+    loop:
+      - requirements.txt
+      - kaas/k8s-version-recency/k8s-version-recency-check.py
+      - kaas/k8s-version-recency/config.yaml.template
+  - name: Create config file from the template
+    command: "mv {{ check_dir }}/config.yaml.template {{ check_dir }}/config.yaml"
+  - name: Install check requirements
+    ansible.builtin.pip:
+      requirements: "{{ check_dir }}/requirements.txt"
+      virtualenv: "{{ python_venv_dir }}"
+  - name: Execute k8s-version-recency check
+    ansible.builtin.shell:
+      cmd:
+        ". {{ python_venv_dir }}/bin/activate &&
+         python3 {{ check_dir }}/k8s-version-recency-check.py -c {{ check_dir }}/config.yaml -k {{ kubeconfig_path }}"
+    changed_when: false
+    register: k8s_check_results
+  - name: Parse check results
+    ansible.builtin.set_fact:
+      check_results: "{{ k8s_check_results.stdout  }}"
+    when: k8s_check_results is defined
+  - name: Print check_results to the STDOUT
+    ansible.builtin.debug:
+      msg: "{{ check_results.stdout }}"
+    when: k8s_check_results is defined

playbooks/tasks/sonobouy.yaml

@@ -0,0 +1,11 @@
+---
+- name: Execute sonobouy check mode {{ sonobouy.mode }}
+  ansible.builtin.command: "make check-{{ sonobouy.mode }}"
+  register: sonobouy_results
+  args:
+    chdir: "{{ project_tf_dir }}"
+  changed_when: true
+- name: Parse sonobouy results
+  ansible.builtin.set_fact:
+    check_results: "{{ sonobouy_results.stdout | regex_search('=== Collecting results ===[\\S\\s]*') }}"
+  when: sonobouy_results is defined