From 4d286fea6255c99d7a6fff85ed904bdf81b0de82 Mon Sep 17 00:00:00 2001 From: Feilian Xie Date: Thu, 25 Apr 2024 18:53:39 +0800 Subject: [PATCH] Resubmission of PR 50929 with fixes Signed-off-by: Feilian Xie --- ...s-private-release-4.16__amd64-nightly.yaml | 23 ++ ...-tests-private-release-4.16-periodics.yaml | 198 ++++++++++++++++++ ...pershift-extended-enable-guest-commands.sh | 4 +- ...-hypershift-extended-enable-guest-ref.yaml | 2 +- ...pershift-extended-health-check-commands.sh | 10 +- ...xtended-install-private-config-commands.sh | 9 +- ...t-extended-install-private-config-ref.yaml | 6 +- ...rshift-extended-install-private-chain.yaml | 3 + ...shift-extended-install-private-commands.sh | 6 +- ...pershift-extended-install-private-ref.yaml | 6 +- .../hypershift-extended/metadata/OWNERS | 8 + ...t-hypershift-extended-metadata-commands.sh | 24 +++ ...rshift-extended-metadata-ref.metadata.json | 15 ++ ...hift-hypershift-extended-metadata-ref.yaml | 16 ++ .../aws/ipi/ovn/hypershift/private/OWNERS | 14 ++ ...-hypershift-private-workflow.metadata.json | 21 ++ ...s-ipi-ovn-hypershift-private-workflow.yaml | 10 + .../ovn/hypershift/private/deprovision/OWNERS | 10 + ...ft-private-deprovision-chain.metadata.json | 17 ++ ...-hypershift-private-deprovision-chain.yaml | 24 +++ .../ipi/ovn/hypershift/private/guest/OWNERS | 10 + ...shift-private-guest-workflow.metadata.json | 17 ++ ...ovn-hypershift-private-guest-workflow.yaml | 13 ++ .../ovn/hypershift/private/provision/OWNERS | 10 + ...hift-private-provision-chain.metadata.json | 17 ++ ...vn-hypershift-private-provision-chain.yaml | 33 +++ .../create/hypershift-aws-create-chain.yaml | 33 +-- .../destroy/hypershift-aws-destroy-chain.yaml | 7 +- .../step-registry/proxy/config-remove/OWNERS | 1 + .../proxy-config-remove-commands.sh | 11 + .../proxy-config-remove-ref.metadata.json | 12 ++ .../proxy-config-remove-ref.yaml | 15 ++ 32 files changed, 570 insertions(+), 35 deletions(-) create mode 100644 ci-operator/step-registry/cucushift/hypershift-extended/metadata/OWNERS create mode 100644 ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-commands.sh create mode 100644 ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.metadata.json create mode 100644 ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.yaml create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.metadata.json create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.yaml create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.metadata.json create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.yaml create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.metadata.json create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.yaml create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.metadata.json create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.yaml create mode 120000 ci-operator/step-registry/proxy/config-remove/OWNERS create mode 100644 ci-operator/step-registry/proxy/config-remove/proxy-config-remove-commands.sh create mode 100644 ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.metadata.json create mode 100644 ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.yaml diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16__amd64-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16__amd64-nightly.yaml index 615cc9b0127e..3ff03686ee3c 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16__amd64-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16__amd64-nightly.yaml @@ -591,6 +591,29 @@ tests: test: - chain: openshift-e2e-test-hypershift-qe-mgmt workflow: cucushift-installer-rehearse-aws-ipi-ovn-hypershift +- as: aws-ipi-ovn-hypershift-private-guest-f7 + cron: 33 13 2,11,18,25 * * + steps: + cluster_profile: aws-qe + env: + BASE_DOMAIN: qe.devcluster.openshift.com + TEST_FILTERS: ~ChkUpgrade&;~DisconnectedOnly&;~NonPreRelease&;~HyperShiftMGMT&;~MicroShiftOnly&;~NonHyperShiftHOST&;~Serial&;~Disruptive& + TEST_TIMEOUT: "30" + test: + - chain: openshift-e2e-test-hypershift-qe + workflow: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest +- as: aws-ipi-ovn-hypershift-private-mgmt-f7 + cron: 15 1 5,12,21,28 * * + steps: + cluster_profile: aws-qe + env: + BASE_DOMAIN: qe.devcluster.openshift.com + TEST_ADDITIONAL: Hypershift|Network_Observability + TEST_FILTERS: ~ChkUpgrade&;~DisconnectedOnly&;~MicroShiftOnly&;HyperShiftMGMT& + TEST_TIMEOUT: "30" + test: + - chain: openshift-e2e-test-hypershift-qe-mgmt + workflow: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private - as: aws-ipi-ovn-ipsec-f2-obo cron: 26 1 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29 * * steps: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-periodics.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-periodics.yaml index c95296345fda..1351e80e7023 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-periodics.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-periodics.yaml @@ -17781,6 +17781,204 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build05 + cron: 33 13 2,11,18,25 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.16 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-qe + ci-operator.openshift.io/variant: amd64-nightly + ci.openshift.io/generator: prowgen + job-release: "4.16" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.16-amd64-nightly-aws-ipi-ovn-hypershift-private-guest-f7 + reporter_config: + slack: + channel: '#forum-prow-hypershift-qe-ci' + job_states_to_report: + - failure + - error + - success + report_template: '{{if eq .Status.State "success"}} :rainbow: Job *{{.Spec.Job}}* + ended with *{{.Status.State}}*. <{{.Status.URL}}|View logs> :rainbow: {{else}} + :volcano: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. <{{.Status.URL}}|View + logs> :volcano: {{end}}' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/aws-ipi-ovn-hypershift-private-guest-f7-cluster-profile + - --target=aws-ipi-ovn-hypershift-private-guest-f7 + - --variant=amd64-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/aws-ipi-ovn-hypershift-private-guest-f7-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-aws-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build05 + cron: 15 1 5,12,21,28 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.16 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-qe + ci-operator.openshift.io/variant: amd64-nightly + ci.openshift.io/generator: prowgen + job-release: "4.16" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.16-amd64-nightly-aws-ipi-ovn-hypershift-private-mgmt-f7 + reporter_config: + slack: + channel: '#forum-prow-hypershift-qe-ci' + job_states_to_report: + - failure + - error + - success + report_template: '{{if eq .Status.State "success"}} :rainbow: Job *{{.Spec.Job}}* + ended with *{{.Status.State}}*. <{{.Status.URL}}|View logs> :rainbow: {{else}} + :volcano: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. <{{.Status.URL}}|View + logs> :volcano: {{end}}' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/aws-ipi-ovn-hypershift-private-mgmt-f7-cluster-profile + - --target=aws-ipi-ovn-hypershift-private-mgmt-f7 + - --variant=amd64-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/aws-ipi-ovn-hypershift-private-mgmt-f7-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-aws-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build05 cron: 26 1 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29 * * diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-commands.sh b/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-commands.sh index 2ef624fc6e58..4ab505e7718c 100644 --- a/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-commands.sh +++ b/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-commands.sh @@ -6,7 +6,9 @@ if [ ! -f "${SHARED_DIR}/nested_kubeconfig" ]; then exit 1 fi -export KUBECONFIG="${SHARED_DIR}/kubeconfig" +if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then + source "${SHARED_DIR}/proxy-conf.sh" +fi echo "https://$(oc --kubeconfig="$SHARED_DIR"/nested_kubeconfig -n openshift-console get routes console -o=jsonpath='{.spec.host}')" > "$SHARED_DIR/hostedcluster_console.url" echo "hostedcluster_console.url path:$SHARED_DIR/hostedcluster_console.url" diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-ref.yaml b/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-ref.yaml index 6389c40b83df..d350850be789 100644 --- a/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-ref.yaml +++ b/ci-operator/step-registry/cucushift/hypershift-extended/enable-guest/cucushift-hypershift-extended-enable-guest-ref.yaml @@ -15,4 +15,4 @@ ref: documentation: |- enable Hypershift hostedcluster by setting "${SHARED_DIR}/nested_kubeconfig" as $KUBECONFIG to support hypershift. The current cluster should be the mgmt cluster and there is at least one hostedcluster. - The hotsedcluster’s kubeconfig file should be "${SHARED_DIR}/nested_kubeconfig". \ No newline at end of file + The hostedcluster’s kubeconfig file should be "${SHARED_DIR}/nested_kubeconfig". diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/health-check/cucushift-hypershift-extended-health-check-commands.sh b/ci-operator/step-registry/cucushift/hypershift-extended/health-check/cucushift-hypershift-extended-health-check-commands.sh index 414c75f80128..40d87b819394 100644 --- a/ci-operator/step-registry/cucushift/hypershift-extended/health-check/cucushift-hypershift-extended-health-check-commands.sh +++ b/ci-operator/step-registry/cucushift/hypershift-extended/health-check/cucushift-hypershift-extended-health-check-commands.sh @@ -109,14 +109,15 @@ function check_node_status { } ###Main### +export KUBECONFIG=${SHARED_DIR}/kubeconfig +if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then + source "${SHARED_DIR}/proxy-conf.sh" +fi + if [ -f "${SHARED_DIR}/cluster-type" ] ; then CLUSTER_TYPE=$(cat "${SHARED_DIR}/cluster-type") if [[ "$CLUSTER_TYPE" == "osd" ]] || [[ "$CLUSTER_TYPE" == "rosa" ]]; then echo "this cluster is ROSA-HyperShift" - export KUBECONFIG=${SHARED_DIR}/kubeconfig - if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then - source "${SHARED_DIR}/proxy-conf.sh" - fi print_clusterversion check_node_status || exit 1 retry check_cluster_operators || exit 1 @@ -126,7 +127,6 @@ if [ -f "${SHARED_DIR}/cluster-type" ] ; then fi echo "check mgmt cluster's HyperShift part" -export KUBECONFIG=${SHARED_DIR}/kubeconfig if test -s "${SHARED_DIR}/mgmt_kubeconfig" ; then export KUBECONFIG=${SHARED_DIR}/mgmt_kubeconfig print_clusterversion diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-commands.sh b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-commands.sh index 3a6315fc2e9c..96819ae9554f 100644 --- a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-commands.sh +++ b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-commands.sh @@ -4,16 +4,17 @@ set -o nounset set -o pipefail export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" +REGION=${HYPERSHIFT_AWS_REGION:-$LEASED_RESOURCE} BUCKET_NAME="$(echo -n $PROW_JOB_ID|sha256sum|cut -c-20)" -echo "create bucket name: $BUCKET_NAME ,region $HYPERSHIFT_AWS_REGION" -if [ "$HYPERSHIFT_AWS_REGION" == "us-east-1" ]; then +echo "create bucket name: $BUCKET_NAME, region $REGION" +if [ "$REGION" == "us-east-1" ]; then aws s3api create-bucket --bucket "$BUCKET_NAME" \ --region us-east-1 else aws s3api create-bucket --bucket "$BUCKET_NAME" \ - --create-bucket-configuration LocationConstraint="$HYPERSHIFT_AWS_REGION" \ - --region "$HYPERSHIFT_AWS_REGION" + --create-bucket-configuration LocationConstraint="$REGION" \ + --region "$REGION" fi aws s3api delete-public-access-block --bucket "$BUCKET_NAME" export BUCKET_NAME=$BUCKET_NAME diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-ref.yaml b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-ref.yaml index e20469c154c6..4d6623413a0c 100644 --- a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-ref.yaml +++ b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/config/cucushift-hypershift-extended-install-private-config-ref.yaml @@ -6,8 +6,10 @@ ref: tag: upi-installer env: - name: HYPERSHIFT_AWS_REGION - default: "us-east-1" - documentation: "The AWS region of the cluster." + default: "" + documentation: | + Specifies the AWS region for the cluster. If left as an empty string, + the region defaults to that of the management cluster. commands: cucushift-hypershift-extended-install-private-config-commands.sh grace_period: 10m0s resources: diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-chain.yaml b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-chain.yaml index 51ce02b40d0c..1375846c2b3d 100644 --- a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-chain.yaml +++ b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-chain.yaml @@ -3,6 +3,9 @@ chain: steps: - ref: cucushift-hypershift-extended-install-private-config - ref: cucushift-hypershift-extended-install-private + env: + - name: HYPERSHIFT_AWS_REGION + default: "" documentation: |- Create a hypershift-operator IAM user(hypershift-operator) in the management account with cluster-profile's credentials Create Bucket with public read access for hypershift OIDC diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-commands.sh b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-commands.sh index 534ff5ce6ed9..5965a2316848 100755 --- a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-commands.sh +++ b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-commands.sh @@ -3,7 +3,7 @@ set -u BUCKET_NAME="$(echo -n $PROW_JOB_ID|sha256sum|cut -c-20)" - +REGION=${HYPERSHIFT_AWS_REGION:-$LEASED_RESOURCE} EXTRA_ARGS="" OPERATOR_IMAGE=$HYPERSHIFT_RELEASE_LATEST @@ -14,7 +14,7 @@ fi if [ "${ENABLE_PRIVATE}" = "true" ]; then EXTRA_ARGS="${EXTRA_ARGS} --private-platform=AWS \ --aws-private-creds=/etc/hypershift-pool-aws-credentials/awsprivatecred \ - --aws-private-region=${HYPERSHIFT_AWS_REGION} \ + --aws-private-region=${REGION} \ --external-dns-credentials=${CLUSTER_PROFILE_DIR}/.awscred \ --external-dns-provider=aws \ --external-dns-domain-filter=hypershift-ext.qe.devcluster.openshift.com " @@ -34,7 +34,7 @@ set -xe bin/hypershift install --hypershift-image=${OPERATOR_IMAGE} \ --oidc-storage-provider-s3-credentials=${CLUSTER_PROFILE_DIR}/.awscred \ --oidc-storage-provider-s3-bucket-name=${BUCKET_NAME} \ ---oidc-storage-provider-s3-region=${HYPERSHIFT_AWS_REGION} \ +--oidc-storage-provider-s3-region=${REGION} \ --wait-until-available \ ${EXTRA_ARGS} echo "" > ${SHARED_DIR}/.awsprivatecred \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-ref.yaml b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-ref.yaml index fbdf06869a92..569516de4be1 100644 --- a/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-ref.yaml +++ b/ci-operator/step-registry/cucushift/hypershift-extended/install-private/cucushift-hypershift-extended-install-private-ref.yaml @@ -6,8 +6,10 @@ ref: name: hypershift-operator env: - name: HYPERSHIFT_AWS_REGION - default: "us-east-1" - documentation: "The AWS region of the cluster." + default: "" + documentation: | + Specifies the AWS region for the cluster. If left as an empty string, + the region defaults to that of the management cluster. - name: OCP_ARCH default: "amd64" documentation: "The architecture of the control plane nodes (e.g., amd64, arm64)." diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/metadata/OWNERS b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/OWNERS new file mode 100644 index 000000000000..878bbf66f43a --- /dev/null +++ b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/OWNERS @@ -0,0 +1,8 @@ +approvers: + - LiangquanLi930 + - heliubj18 + - fxierh +reviewers: + - LiangquanLi930 + - heliubj18 + - fxierh diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-commands.sh b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-commands.sh new file mode 100644 index 000000000000..e5ac11f44cdb --- /dev/null +++ b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-commands.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -e +set -u +set -x +set -o pipefail + +export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" +REGION=${LEASED_RESOURCE} + +vpc_id=$(oc get hc -A -o jsonpath='{.items[0].spec.platform.aws.cloudProviderConfig.vpc}') +infra_id="$(oc get hc -A -o jsonpath='{.items[0].spec.infraID}')" +public_subnet=$(aws --region "${REGION}" ec2 describe-subnets --filters "Name=tag:kubernetes.io/cluster/${infra_id},Values=owned" "Name=tag:Name,Values=*public*" --query 'Subnets[0].SubnetId' --output text) + +if [[ -f "${SHARED_DIR}/vpc_id" ]]; then + echo "Error: The file ${SHARED_DIR}/vpc_id already exists. Operation aborted to prevent overwriting." + exit 1 +fi +if [[ -f "${SHARED_DIR}/public_subnet_ids" ]]; then + echo "Error: The file ${SHARED_DIR}/public_subnet_ids already exists. Operation aborted to prevent overwriting." + exit 1 +fi +echo "$vpc_id" > "${SHARED_DIR}/vpc_id" +echo "- $public_subnet" > "${SHARED_DIR}/public_subnet_ids" diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.metadata.json b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.metadata.json new file mode 100644 index 000000000000..2e97ddc418a3 --- /dev/null +++ b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.yaml", + "owners": { + "approvers": [ + "LiangquanLi930", + "heliubj18", + "fxierh" + ], + "reviewers": [ + "LiangquanLi930", + "heliubj18", + "fxierh" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.yaml b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.yaml new file mode 100644 index 000000000000..18b4e48fb735 --- /dev/null +++ b/ci-operator/step-registry/cucushift/hypershift-extended/metadata/cucushift-hypershift-extended-metadata-ref.yaml @@ -0,0 +1,16 @@ +ref: + as: cucushift-hypershift-extended-metadata + from_image: + namespace: ocp + name: "4.16" + tag: upi-installer + cli: latest + commands: cucushift-hypershift-extended-metadata-commands.sh + grace_period: 10m0s + resources: + requests: + cpu: 100m + documentation: |- + This step retrieves the VPC ID and a public subnet ID from the first hosted cluster from the management cluster. + Files named ${SHARED_DIR}/vpc_id and ${SHARED_DIR}/public_subnet_ids are created to store these IDs, respectively. + It is expected that these files do not exist prior to this step. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/OWNERS new file mode 100644 index 000000000000..f4b8fdb18476 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/OWNERS @@ -0,0 +1,14 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh +- heliubj18 +- LiangquanLi930 +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh +- heliubj18 +- LiangquanLi930 diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.metadata.json new file mode 100644 index 000000000000..0118caa79009 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.metadata.json @@ -0,0 +1,21 @@ +{ + "path": "cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh", + "heliubj18", + "LiangquanLi930" + ], + "reviewers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh", + "heliubj18", + "LiangquanLi930" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.yaml new file mode 100644 index 000000000000..c85f7092e803 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-workflow.yaml @@ -0,0 +1,10 @@ +workflow: + as: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private + steps: + pre: + - chain: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision + post: + - chain: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision + documentation: |- + This workflow creates and later destroys a fully private hypershift hosted cluster on AWS. + oc commands in the tests will target the management cluster. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/OWNERS new file mode 100644 index 000000000000..5e09bd9344b3 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.metadata.json new file mode 100644 index 000000000000..aa8cde08a546 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.metadata.json @@ -0,0 +1,17 @@ +{ + "path": "cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh" + ], + "reviewers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.yaml new file mode 100644 index 000000000000..8f62efecc291 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/deprovision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision-chain.yaml @@ -0,0 +1,24 @@ +chain: + as: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision + steps: + - chain: hypershift-dump + - chain: gather-network + - ref: gather-proxy + - chain: gather-core-dump + - ref: gather-aws-console + - ref: aws-deprovision-stacks + - ref: aws-deprovision-s3buckets + - ref: proxy-config-remove + - chain: hypershift-aws-destroy + - chain: ipi-deprovision + env: + - name: HYPERSHIFT_AWS_REGION + default: "" + - name: HYPERSHIFT_BASE_DOMAIN + default: "hypershift-ci.qe.devcluster.openshift.com" + - name: HYPERSHIFT_GUEST_INFRA_OCP_ACCOUNT + default: "true" + documentation: |- + This chain deprovisions a fully private Hypershift hosted cluster on AWS. + Note that the bastion host must be deprovisioned before the hosted cluster to avoid dependency violations + which will otherwise occur during the removal of the hosted cluster. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/OWNERS new file mode 100644 index 000000000000..5e09bd9344b3 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.metadata.json new file mode 100644 index 000000000000..3dc74de9e314 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.metadata.json @@ -0,0 +1,17 @@ +{ + "path": "cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh" + ], + "reviewers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.yaml new file mode 100644 index 000000000000..6d038c7d0338 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/guest/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest-workflow.yaml @@ -0,0 +1,13 @@ +workflow: + as: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-guest + steps: + pre: + - chain: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision + - ref: cucushift-hypershift-extended-idp-htpasswd + - ref: cucushift-hypershift-extended-enable-guest + post: + - ref: cucushift-hypershift-extended-disable-guest + - chain: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-deprovision + documentation: |- + This workflow creates and later destroys a fully private hypershift hosted cluster on AWS. + oc commands in the tests will target the hosted cluster. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/OWNERS new file mode 100644 index 000000000000..5e09bd9344b3 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- fxierh diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.metadata.json new file mode 100644 index 000000000000..dbe61dca278f --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.metadata.json @@ -0,0 +1,17 @@ +{ + "path": "cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh" + ], + "reviewers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "fxierh" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.yaml new file mode 100644 index 000000000000..3ce288f6c8be --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/ipi/ovn/hypershift/private/provision/cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision-chain.yaml @@ -0,0 +1,33 @@ +chain: + as: cucushift-installer-rehearse-aws-ipi-ovn-hypershift-private-provision + steps: + - chain: cucushift-installer-rehearse-aws-ipi-ovn-provision + - chain: cucushift-hypershift-extended-install-private + - chain: hypershift-aws-create + - ref: cucushift-hypershift-extended-metadata + - chain: aws-provision-bastionhost + - ref: proxy-config-generate + - chain: cucushift-hypershift-extended-enable-qe-catalogsource + env: + - name: HYPERSHIFT_AWS_REGION + default: "" + - name: HYPERSHIFT_HC_ZONES + default: "" + - name: HYPERSHIFT_EXTERNAL_DNS_DOMAIN + default: "hypershift-ext.qe.devcluster.openshift.com" + - name: HYPERSHIFT_BASE_DOMAIN + default: "hypershift-ci.qe.devcluster.openshift.com" + - name: HYPERSHIFT_GUEST_INFRA_OCP_ACCOUNT + default: "true" + - name: HYPERSHIFT_CP_AVAILABILITY_POLICY + default: "HighlyAvailable" + - name: HYPERSHIFT_INFRA_AVAILABILITY_POLICY + default: "HighlyAvailable" + - name: ZONES_COUNT + default: "3" + - name: ENDPOINT_ACCESS + default: "Private" + - name: COMPUTE_NODE_REPLICAS + default: "3" + documentation: |- + This chain provisions a fully private hypershift hosted cluster. diff --git a/ci-operator/step-registry/hypershift/aws/create/hypershift-aws-create-chain.yaml b/ci-operator/step-registry/hypershift/aws/create/hypershift-aws-create-chain.yaml index 771a46f3c580..535f3b4ecfb8 100644 --- a/ci-operator/step-registry/hypershift/aws/create/hypershift-aws-create-chain.yaml +++ b/ci-operator/step-registry/hypershift/aws/create/hypershift-aws-create-chain.yaml @@ -12,10 +12,14 @@ chain: documentation: "The cluster's FQDN will be a subdomain of the base domain." - name: HYPERSHIFT_AWS_REGION default: "us-east-1" - documentation: "The AWS region of the cluster." + documentation: | + Specifies the AWS region for the cluster. If intentionally left as an empty string, + the region defaults to that of the management cluster. - name: HYPERSHIFT_HC_ZONES default: "us-east-1a" - documentation: "The zones where to create NodePools" + documentation: | + Specifies the AWS AZs to create the NodePools. If intentionally left as an empty string, + it defaults to an AZ utilized by the management cluster. - name: ENDPOINT_ACCESS default: "Public" documentation: "Access for control plane endpoints (Public, PublicAndPrivate, Private)" @@ -51,6 +55,12 @@ chain: AWS_GUEST_INFRA_CREDENTIALS_FILE="/etc/hypershift-ci-jobs-awscreds/credentials" DEFAULT_BASE_DOMAIN=ci.hypershift.devcluster.openshift.com + HC_REGION=${HYPERSHIFT_AWS_REGION:-$LEASED_RESOURCE} + HC_ZONES="${HYPERSHIFT_HC_ZONES}" + if [[ -z "$HC_ZONES" ]]; then + HC_ZONES="$(oc get node -o jsonpath='{.items[0].metadata.labels.topology\.kubernetes\.io/zone}')" + fi + if [[ $HYPERSHIFT_GUEST_INFRA_OCP_ACCOUNT == "true" ]]; then AWS_GUEST_INFRA_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" DEFAULT_BASE_DOMAIN=origin-ci-int-aws.dev.rhcloud.com @@ -77,8 +87,8 @@ chain: --instance-type ${HYPERSHIFT_INSTANCE_TYPE} \ --base-domain ${DOMAIN} \ --endpoint-access ${ENDPOINT_ACCESS} \ - --region ${HYPERSHIFT_AWS_REGION} \ - --zones ${HYPERSHIFT_HC_ZONES} \ + --region ${HC_REGION} \ + --zones ${HC_ZONES} \ --control-plane-availability-policy ${HYPERSHIFT_CP_AVAILABILITY_POLICY} \ --infra-availability-policy ${HYPERSHIFT_INFRA_AVAILABILITY_POLICY} \ --pull-secret=/etc/ci-pull-credentials/.dockerconfigjson \ @@ -88,19 +98,12 @@ chain: --annotations=hypershift.openshift.io/skip-release-image-validation=true \ --additional-tags="expirationDate=$(date -d '4 hours' --iso=minutes --utc)" - # The timeout should be much lower, this is due to https://bugzilla.redhat.com/show_bug.cgi?id=2060091 - echo "Waiting for cluster to become available" - oc wait --timeout=30m --for=condition=Available --namespace=clusters hostedcluster/${CLUSTER_NAME} + until [[ "$(oc get -n clusters hostedcluster/${CLUSTER_NAME} -o jsonpath='{.status.version.history[?(@.state!="")].state}')" = Completed ]]; do + sleep 15 + done + echo "Cluster became available, creating kubeconfig" bin/hypershift create kubeconfig --namespace=clusters --name=${CLUSTER_NAME} >${SHARED_DIR}/nested_kubeconfig - echo "Waiting for clusteroperators to be ready" - export KUBECONFIG=${SHARED_DIR}/nested_kubeconfig - until \ - oc wait clusterversion/version --for='condition=Available=True' > /dev/null; do - echo "$(date --rfc-3339=seconds) Clusteroperators not yet ready" - oc get clusterversion 2>/dev/null || true - sleep 1s - done from: hypershift-operator grace_period: 5m0s resources: diff --git a/ci-operator/step-registry/hypershift/aws/destroy/hypershift-aws-destroy-chain.yaml b/ci-operator/step-registry/hypershift/aws/destroy/hypershift-aws-destroy-chain.yaml index 8c1a1f052b46..cf674892568e 100644 --- a/ci-operator/step-registry/hypershift/aws/destroy/hypershift-aws-destroy-chain.yaml +++ b/ci-operator/step-registry/hypershift/aws/destroy/hypershift-aws-destroy-chain.yaml @@ -9,7 +9,9 @@ chain: documentation: "The cluster's FQDN will be a subdomain of the base domain." - name: HYPERSHIFT_AWS_REGION default: "us-east-1" - documentation: "The AWS region of the cluster." + documentation: | + Specifies the AWS region for the cluster. If intentionally left as an empty string, + the region defaults to that of the management cluster. - name: HYPERSHIFT_GUEST_INFRA_OCP_ACCOUNT default: "false" documentation: "Whether to use the generic CI account or the HyperShift OSD account for the guest clusters infra. For the infra created for the clusters. E.g. For cluster-bot we use the generic CI account" @@ -24,13 +26,14 @@ chain: DEFAULT_BASE_DOMAIN=origin-ci-int-aws.dev.rhcloud.com fi DOMAIN=${HYPERSHIFT_BASE_DOMAIN:-$DEFAULT_BASE_DOMAIN} + HC_REGION=${HYPERSHIFT_AWS_REGION:-$LEASED_RESOURCE} CLUSTER_NAME="$(echo -n $PROW_JOB_ID|sha256sum|cut -c-20)" echo "$(date) Deleting HyperShift cluster ${CLUSTER_NAME}" bin/hypershift destroy cluster aws \ --aws-creds=${AWS_GUEST_INFRA_CREDENTIALS_FILE} \ --name ${CLUSTER_NAME} \ - --region ${HYPERSHIFT_AWS_REGION} \ + --region ${HC_REGION} \ --base-domain ${DOMAIN} \ --cluster-grace-period 40m echo "$(date) Finished deleting cluster" diff --git a/ci-operator/step-registry/proxy/config-remove/OWNERS b/ci-operator/step-registry/proxy/config-remove/OWNERS new file mode 120000 index 000000000000..ec405d65a79d --- /dev/null +++ b/ci-operator/step-registry/proxy/config-remove/OWNERS @@ -0,0 +1 @@ +../OWNERS \ No newline at end of file diff --git a/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-commands.sh b/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-commands.sh new file mode 100644 index 000000000000..5dc1b4a2cf81 --- /dev/null +++ b/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-commands.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euxo pipefail + +if [ -f "${SHARED_DIR}/proxy-conf.sh" ]; then + rm "${SHARED_DIR}/proxy-conf.sh" +fi + +if [ -f "${SHARED_DIR}/unset-proxy.sh" ]; then + rm "${SHARED_DIR}/unset-proxy.sh" +fi diff --git a/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.metadata.json b/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.metadata.json new file mode 100644 index 000000000000..ce86112b369c --- /dev/null +++ b/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.metadata.json @@ -0,0 +1,12 @@ +{ + "path": "proxy/config-remove/proxy-config-remove-ref.yaml", + "owners": { + "approvers": [ + "patrickdillon", + "yunjiang29", + "Amoghrd", + "MayXuQQ", + "jianlinliu" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.yaml b/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.yaml new file mode 100644 index 000000000000..af4d4ae0cd99 --- /dev/null +++ b/ci-operator/step-registry/proxy/config-remove/proxy-config-remove-ref.yaml @@ -0,0 +1,15 @@ +ref: + as: proxy-config-remove + from_image: + namespace: ocp + name: "4.16" + tag: upi-installer + commands: proxy-config-remove-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + credentials: + documentation: |- + This step removes the proxy configuration files (e.g. proxy-conf.sh, unset-proxy.sh) if they are + found within $SHARED_DIR. This is to ensure that these files are not inadvertently sourced by subsequent steps.