Resubmission of PR 50929 with fixes

Signed-off-by: Feilian Xie <fxie@redhat.com>
openshift · Apr 29, 2024 · 0b6319f · 0b6319f
1 parent 3a33d66
commit 0b6319f
Show file tree

Hide file tree

Showing 32 changed files with 567 additions and 35 deletions.
diff --git a/...penshift-tests-private/openshift-openshift-tests-private-release-4.16__amd64-nightly.yaml b/...penshift-tests-private/openshift-openshift-tests-private-release-4.16__amd64-nightly.yaml
@@ -591,6 +591,29 @@ tests:
     test:
     - chain: openshift-e2e-test-hypershift-qe-mgmt
     workflow: cucushift-installer-rehearse-aws-ipi-ovn-hypershift
+- as: aws-ipi-ovn-hypershift-private-guest-f7
+  cron: 33 13 2,11,18,25 * *
+  steps:
+    cluster_profile: aws-qe
+    env:
+      BASE_DOMAIN: qe.devcluster.openshift.com
+      TEST_FILTERS: ~ChkUpgrade&;~DisconnectedOnly&;~NonPreRelease&;~HyperShiftMGMT&;~MicroShiftOnly&;~NonHyperShiftHOST&;~Serial&;~Disruptive&
+      TEST_TIMEOUT: "30"
+    test:
+    - chain: openshift-e2e-test-hypershift-qe
+    workflow: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest
+- as: aws-ipi-ovn-hypershift-private-mgmt-f7
+  cron: 15 1 5,12,21,28 * *
+  steps:
+    cluster_profile: aws-qe
+    env:
+      BASE_DOMAIN: qe.devcluster.openshift.com
+      TEST_ADDITIONAL: Hypershift|Network_Observability
+      TEST_FILTERS: ~ChkUpgrade&;~DisconnectedOnly&;~MicroShiftOnly&;HyperShiftMGMT&
+      TEST_TIMEOUT: "30"
+    test:
+    - chain: openshift-e2e-test-hypershift-qe-mgmt
+    workflow: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private
 - as: aws-ipi-ovn-ipsec-f2-obo
   cron: 26 1 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29 * *
   steps:

diff --git a/...ift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-periodics.yaml b/...ift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-periodics.yaml
@@ -17781,6 +17781,204 @@ periodics:
     - name: result-aggregator
       secret:
         secretName: result-aggregator
+- agent: kubernetes
+  cluster: build05
+  cron: 33 13 2,11,18,25 * *
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: release-4.16
+    org: openshift
+    repo: openshift-tests-private
+  labels:
+    ci-operator.openshift.io/cloud: aws
+    ci-operator.openshift.io/cloud-cluster-profile: aws-qe
+    ci-operator.openshift.io/variant: amd64-nightly
+    ci.openshift.io/generator: prowgen
+    job-release: "4.16"
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-openshift-tests-private-release-4.16-amd64-nightly-aws-ipi-ovn-hypershift-private-guest-f7
+  reporter_config:
+    slack:
+      channel: '#forum-prow-hypershift-qe-ci'
+      job_states_to_report:
+      - failure
+      - error
+      - success
+      report_template: '{{if eq .Status.State "success"}} :rainbow: Job *{{.Spec.Job}}*
+        ended with *{{.Status.State}}*. <{{.Status.URL}}|View logs> :rainbow: {{else}}
+        :volcano: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. <{{.Status.URL}}|View
+        logs> :volcano: {{end}}'
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --lease-server-credentials-file=/etc/boskos/credentials
+      - --oauth-token-path=/usr/local/github-credentials/oauth
+      - --report-credentials-file=/etc/report/credentials
+      - --secret-dir=/secrets/ci-pull-credentials
+      - --secret-dir=/usr/local/aws-ipi-ovn-hypershift-private-guest-f7-cluster-profile
+      - --target=aws-ipi-ovn-hypershift-private-guest-f7
+      - --variant=amd64-nightly
+      command:
+      - ci-operator
+      image: ci-operator:latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /etc/boskos
+        name: boskos
+        readOnly: true
+      - mountPath: /secrets/ci-pull-credentials
+        name: ci-pull-credentials
+        readOnly: true
+      - mountPath: /usr/local/aws-ipi-ovn-hypershift-private-guest-f7-cluster-profile
+        name: cluster-profile
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /usr/local/github-credentials
+        name: github-credentials-openshift-ci-robot-private-git-cloner
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: boskos
+      secret:
+        items:
+        - key: credentials
+          path: credentials
+        secretName: boskos-credentials
+    - name: ci-pull-credentials
+      secret:
+        secretName: ci-pull-credentials
+    - name: cluster-profile
+      secret:
+        secretName: cluster-secrets-aws-qe
+    - name: github-credentials-openshift-ci-robot-private-git-cloner
+      secret:
+        secretName: github-credentials-openshift-ci-robot-private-git-cloner
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator
+- agent: kubernetes
+  cluster: build05
+  cron: 15 1 5,12,21,28 * *
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: release-4.16
+    org: openshift
+    repo: openshift-tests-private
+  labels:
+    ci-operator.openshift.io/cloud: aws
+    ci-operator.openshift.io/cloud-cluster-profile: aws-qe
+    ci-operator.openshift.io/variant: amd64-nightly
+    ci.openshift.io/generator: prowgen
+    job-release: "4.16"
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-openshift-tests-private-release-4.16-amd64-nightly-aws-ipi-ovn-hypershift-private-mgmt-f7
+  reporter_config:
+    slack:
+      channel: '#forum-prow-hypershift-qe-ci'
+      job_states_to_report:
+      - failure
+      - error
+      - success
+      report_template: '{{if eq .Status.State "success"}} :rainbow: Job *{{.Spec.Job}}*
+        ended with *{{.Status.State}}*. <{{.Status.URL}}|View logs> :rainbow: {{else}}
+        :volcano: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. <{{.Status.URL}}|View
+        logs> :volcano: {{end}}'
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --lease-server-credentials-file=/etc/boskos/credentials
+      - --oauth-token-path=/usr/local/github-credentials/oauth
+      - --report-credentials-file=/etc/report/credentials
+      - --secret-dir=/secrets/ci-pull-credentials
+      - --secret-dir=/usr/local/aws-ipi-ovn-hypershift-private-mgmt-f7-cluster-profile
+      - --target=aws-ipi-ovn-hypershift-private-mgmt-f7
+      - --variant=amd64-nightly
+      command:
+      - ci-operator
+      image: ci-operator:latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /etc/boskos
+        name: boskos
+        readOnly: true
+      - mountPath: /secrets/ci-pull-credentials
+        name: ci-pull-credentials
+        readOnly: true
+      - mountPath: /usr/local/aws-ipi-ovn-hypershift-private-mgmt-f7-cluster-profile
+        name: cluster-profile
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /usr/local/github-credentials
+        name: github-credentials-openshift-ci-robot-private-git-cloner
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: boskos
+      secret:
+        items:
+        - key: credentials
+          path: credentials
+        secretName: boskos-credentials
+    - name: ci-pull-credentials
+      secret:
+        secretName: ci-pull-credentials
+    - name: cluster-profile
+      secret:
+        secretName: cluster-secrets-aws-qe
+    - name: github-credentials-openshift-ci-robot-private-git-cloner
+      secret:
+        secretName: github-credentials-openshift-ci-robot-private-git-cloner
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator
 - agent: kubernetes
   cluster: build05
   cron: 26 1 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29 * *

diff --git a/...t/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-commands.sh b/...t/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-commands.sh
@@ -6,7 +6,9 @@ if [ ! -f "${SHARED_DIR}/nested_kubeconfig" ]; then
   exit 1
 fi
 
-export KUBECONFIG="${SHARED_DIR}/kubeconfig"
+if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then
+    source "${SHARED_DIR}/proxy-conf.sh"
+fi
 
 echo "https://$(oc --kubeconfig="$SHARED_DIR"/nested_kubeconfig -n openshift-console get routes console -o=jsonpath='{.spec.host}')" > "$SHARED_DIR/hostedcluster_console.url"
 echo "hostedcluster_console.url path:$SHARED_DIR/hostedcluster_console.url"

diff --git a/...hift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-ref.yaml b/...hift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-ref.yaml
@@ -15,4 +15,4 @@ ref:
   documentation: |-
     enable Hypershift hostedcluster by setting "${SHARED_DIR}/nested_kubeconfig" as $KUBECONFIG to support hypershift. 
     The current cluster should be the mgmt cluster and there is at least one hostedcluster.
-    The hotsedcluster’s kubeconfig file should be "${SHARED_DIR}/nested_kubeconfig".
+    The hostedcluster’s kubeconfig file should be "${SHARED_DIR}/nested_kubeconfig".
diff --git a/...t/hypershift-extended/health-check/cucushift-hypershift-extended-health-check-commands.sh b/...t/hypershift-extended/health-check/cucushift-hypershift-extended-health-check-commands.sh
@@ -109,14 +109,15 @@ function check_node_status {
 }
 
 ###Main###
+export KUBECONFIG=${SHARED_DIR}/kubeconfig
+if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then
+    source "${SHARED_DIR}/proxy-conf.sh"
+fi
+
 if [ -f "${SHARED_DIR}/cluster-type" ] ; then
     CLUSTER_TYPE=$(cat "${SHARED_DIR}/cluster-type")
     if [[ "$CLUSTER_TYPE" == "osd" ]] || [[ "$CLUSTER_TYPE" == "rosa" ]]; then
         echo "this cluster is ROSA-HyperShift"
-        export KUBECONFIG=${SHARED_DIR}/kubeconfig
-        if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then
-            source "${SHARED_DIR}/proxy-conf.sh"
-        fi
         print_clusterversion
         check_node_status || exit 1
         retry check_cluster_operators || exit 1
@@ -126,7 +127,6 @@ if [ -f "${SHARED_DIR}/cluster-type" ] ; then
 fi
 
 echo "check mgmt cluster's HyperShift part"
-export KUBECONFIG=${SHARED_DIR}/kubeconfig
 if test -s "${SHARED_DIR}/mgmt_kubeconfig" ; then
   export KUBECONFIG=${SHARED_DIR}/mgmt_kubeconfig
   print_clusterversion

diff --git a/...d/install-private/config/cucushift-hypershift-extended-install-private-config-commands.sh b/...d/install-private/config/cucushift-hypershift-extended-install-private-config-commands.sh
@@ -4,16 +4,17 @@ set -o nounset
 set -o pipefail
 
 export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred"
+REGION=${HYPERSHIFT_AWS_REGION:-$LEASED_RESOURCE}
 
 BUCKET_NAME="$(echo -n $PROW_JOB_ID|sha256sum|cut -c-20)"
-echo "create bucket name: $BUCKET_NAME ,region $HYPERSHIFT_AWS_REGION"
-if [ "$HYPERSHIFT_AWS_REGION" == "us-east-1" ]; then
+echo "create bucket name: $BUCKET_NAME, region $REGION"
+if [ "$REGION" == "us-east-1" ]; then
     aws s3api create-bucket --bucket "$BUCKET_NAME" \
         --region us-east-1
 else
     aws s3api create-bucket --bucket "$BUCKET_NAME" \
-        --create-bucket-configuration LocationConstraint="$HYPERSHIFT_AWS_REGION" \
-        --region "$HYPERSHIFT_AWS_REGION"
+        --create-bucket-configuration LocationConstraint="$REGION" \
+        --region "$REGION"
 fi
 aws s3api delete-public-access-block --bucket "$BUCKET_NAME"
 export BUCKET_NAME=$BUCKET_NAME

diff --git a/...nded/install-private/config/cucushift-hypershift-extended-install-private-config-ref.yaml b/...nded/install-private/config/cucushift-hypershift-extended-install-private-config-ref.yaml
@@ -6,8 +6,10 @@ ref:
     tag: upi-installer
   env:
   - name: HYPERSHIFT_AWS_REGION
-    default: "us-east-1"
-    documentation: "The AWS region of the cluster."
+    default: ""
+    documentation: |
+      Specifies the AWS region for the cluster. If left as an empty string, 
+      the region defaults to that of the management cluster.
   commands: cucushift-hypershift-extended-install-private-config-commands.sh
   grace_period: 10m0s
   resources:

diff --git a/...ershift-extended/install-private/cucushift-hypershift-extended-install-private-chain.yaml b/...ershift-extended/install-private/cucushift-hypershift-extended-install-private-chain.yaml
@@ -3,6 +3,9 @@ chain:
   steps:
   - ref: cucushift-hypershift-extended-install-private-config
   - ref: cucushift-hypershift-extended-install-private
+  env:
+  - name: HYPERSHIFT_AWS_REGION
+    default: ""
   documentation: |-
     Create a hypershift-operator IAM user(hypershift-operator) in the management account with cluster-profile's credentials
     Create Bucket with public read access for hypershift OIDC
diff --git a/...rshift-extended/install-private/cucushift-hypershift-extended-install-private-commands.sh b/...rshift-extended/install-private/cucushift-hypershift-extended-install-private-commands.sh
@@ -3,7 +3,7 @@
 set -u
 
 BUCKET_NAME="$(echo -n $PROW_JOB_ID|sha256sum|cut -c-20)"
-
+REGION=${HYPERSHIFT_AWS_REGION:-$LEASED_RESOURCE}
 EXTRA_ARGS=""
 
 OPERATOR_IMAGE=$HYPERSHIFT_RELEASE_LATEST
@@ -14,7 +14,7 @@ fi
 if [ "${ENABLE_PRIVATE}" = "true" ]; then
   EXTRA_ARGS="${EXTRA_ARGS} --private-platform=AWS \
   --aws-private-creds=/etc/hypershift-pool-aws-credentials/awsprivatecred \
-  --aws-private-region=${HYPERSHIFT_AWS_REGION} \
+  --aws-private-region=${REGION} \
   --external-dns-credentials=${CLUSTER_PROFILE_DIR}/.awscred \
   --external-dns-provider=aws \
   --external-dns-domain-filter=hypershift-ext.qe.devcluster.openshift.com "
@@ -34,7 +34,7 @@ set -xe
 bin/hypershift install --hypershift-image=${OPERATOR_IMAGE} \
 --oidc-storage-provider-s3-credentials=${CLUSTER_PROFILE_DIR}/.awscred \
 --oidc-storage-provider-s3-bucket-name=${BUCKET_NAME} \
---oidc-storage-provider-s3-region=${HYPERSHIFT_AWS_REGION} \
+--oidc-storage-provider-s3-region=${REGION} \
 --wait-until-available \
 ${EXTRA_ARGS}
 echo "" > ${SHARED_DIR}/.awsprivatecred
diff --git a/...ypershift-extended/install-private/cucushift-hypershift-extended-install-private-ref.yaml b/...ypershift-extended/install-private/cucushift-hypershift-extended-install-private-ref.yaml
@@ -6,8 +6,10 @@ ref:
     name: hypershift-operator
   env:
   - name: HYPERSHIFT_AWS_REGION
-    default: "us-east-1"
-    documentation: "The AWS region of the cluster."
+    default: ""
+    documentation: |
+      Specifies the AWS region for the cluster. If left as an empty string, 
+      the region defaults to that of the management cluster.
   - name: OCP_ARCH
     default: "amd64"
     documentation: "The architecture of the control plane nodes (e.g., amd64, arm64)."

diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/metadata/OWNERS b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/OWNERS
@@ -0,0 +1,8 @@
+approvers:
+  - LiangquanLi930
+  - heliubj18
+  - fxierh
+reviewers:
+  - LiangquanLi930
+  - heliubj18
+  - fxierh