diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__amd64-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__amd64-nightly.yaml index 60b6fd90ba2c..b217efb6f2c2 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__amd64-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__amd64-nightly.yaml @@ -1857,6 +1857,18 @@ tests: test: - chain: openshift-e2e-test-qe-destructive workflow: cucushift-installer-rehearse-azure-ipi-vmgenv1 +- as: azure-ipi-workload-identity-tp-p1-f14 + cron: 54 19 8,23 * * + steps: + cluster_profile: azure-qe + env: + BASE_DOMAIN: qe.azure.devcluster.openshift.com + E2E_RUN_TAGS: '@amd64 and @azure-ipi and @network-ovnkubernetes and not @fips' + FEATURE_SET: TechPreviewNoUpgrade + TAG_VERSION: '@4.14' + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity - as: azure-ipi-workers-rhel8-p2-f14 cron: 13 20 11,26 * * steps: diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__arm64-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__arm64-nightly.yaml index c8cb5e9b154d..016f58a0fdec 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__arm64-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__arm64-nightly.yaml @@ -1590,6 +1590,22 @@ tests: test: - chain: openshift-e2e-test-qe-destructive workflow: cucushift-installer-rehearse-azure-ipi-usertags +- as: azure-ipi-workload-identity-tp-p1-f14 + cron: 17 17 9,24 * * + steps: + cluster_profile: azure-qe + dependencies: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:arm64-latest + env: + BASE_DOMAIN: qe.azure.devcluster.openshift.com + COMPUTE_NODE_TYPE: Standard_D4ps_v5 + E2E_RUN_TAGS: '@arm64 and @azure-ipi and @network-ovnkubernetes and not @fips' + FEATURE_SET: TechPreviewNoUpgrade + OCP_ARCH: arm64 + TAG_VERSION: '@4.14' + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity - as: azure-upi-p3-f28 cron: 17 17 19 * * steps: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml index 1f575e9acaec..9b01d800fa31 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml @@ -37575,6 +37575,88 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build03 + cron: 54 19 8,23 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.14 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: azure4 + ci-operator.openshift.io/cloud-cluster-profile: azure-qe + ci-operator.openshift.io/variant: amd64-nightly + ci.openshift.io/generator: prowgen + job-release: "4.14" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-nightly-azure-ipi-workload-identity-tp-p1-f14 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/azure-ipi-workload-identity-tp-p1-f14-cluster-profile + - --target=azure-ipi-workload-identity-tp-p1-f14 + - --variant=amd64-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/azure-ipi-workload-identity-tp-p1-f14-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-azure-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build03 cron: 11 3 13,28 * * @@ -63215,6 +63297,88 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build03 + cron: 17 17 9,24 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.14 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: azure4 + ci-operator.openshift.io/cloud-cluster-profile: azure-qe + ci-operator.openshift.io/variant: arm64-nightly + ci.openshift.io/generator: prowgen + job-release: "4.14" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.14-arm64-nightly-azure-ipi-workload-identity-tp-p1-f14 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/azure-ipi-workload-identity-tp-p1-f14-cluster-profile + - --target=azure-ipi-workload-identity-tp-p1-f14 + - --variant=arm64-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/azure-ipi-workload-identity-tp-p1-f14-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-azure-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build03 cron: 17 17 19 * * diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/OWNERS new file mode 100644 index 000000000000..c562b1ae7b47 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/OWNERS @@ -0,0 +1,16 @@ +approvers: +- jianlinliu +- Amoghrd +- yunjiang29 +- mgahagan73 +- MayXuQQ +- huangmingxia +- jianping-shu +reviewers: +- jianlinliu +- Amoghrd +- yunjiang29 +- mgahagan73 +- MayXuQQ +- huangmingxia +- jianping-shu diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-workflow.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-workflow.metadata.json new file mode 100644 index 000000000000..6908cf92e8c1 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-workflow.metadata.json @@ -0,0 +1,23 @@ +{ + "path": "cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-workflow.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "Amoghrd", + "yunjiang29", + "mgahagan73", + "MayXuQQ", + "huangmingxia", + "jianping-shu" + ], + "reviewers": [ + "jianlinliu", + "Amoghrd", + "yunjiang29", + "mgahagan73", + "MayXuQQ", + "huangmingxia", + "jianping-shu" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-workflow.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-workflow.yaml new file mode 100644 index 000000000000..00c87f9eb463 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-workflow.yaml @@ -0,0 +1,15 @@ +workflow: + as: cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity + steps: + pre: + - chain: cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision + post: + - chain: cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision + documentation: |- + The IPI workflow provides provision- and deprovision- steps that provision and + deprovision an OpenShift cluster with AZURE workload identity, allowing job authors + to inject their own end-to-end test logic. + All modifications to this workflow should be done by modifying the + ` cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-{provision,deprovision}` + chains to allow other workflows to mimic and extend this base workflow without + a need to backport changes. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/OWNERS new file mode 100644 index 000000000000..c562b1ae7b47 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/OWNERS @@ -0,0 +1,16 @@ +approvers: +- jianlinliu +- Amoghrd +- yunjiang29 +- mgahagan73 +- MayXuQQ +- huangmingxia +- jianping-shu +reviewers: +- jianlinliu +- Amoghrd +- yunjiang29 +- mgahagan73 +- MayXuQQ +- huangmingxia +- jianping-shu diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision-chain.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision-chain.metadata.json new file mode 100644 index 000000000000..dbd83435b2d6 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision-chain.metadata.json @@ -0,0 +1,23 @@ +{ + "path": "cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision-chain.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "Amoghrd", + "yunjiang29", + "mgahagan73", + "MayXuQQ", + "huangmingxia", + "jianping-shu" + ], + "reviewers": [ + "jianlinliu", + "Amoghrd", + "yunjiang29", + "mgahagan73", + "MayXuQQ", + "huangmingxia", + "jianping-shu" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision-chain.yaml new file mode 100644 index 000000000000..14277114cf8a --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/deprovision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision-chain.yaml @@ -0,0 +1,7 @@ +chain: + as: cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-deprovision + steps: + - chain: cucushift-installer-rehearse-azure-ipi-deprovision + - ref: ipi-conf-azure-oidc-creds-deprovision + documentation: |- + The chain destroys resources created by "cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision". diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/OWNERS new file mode 100644 index 000000000000..c562b1ae7b47 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/OWNERS @@ -0,0 +1,16 @@ +approvers: +- jianlinliu +- Amoghrd +- yunjiang29 +- mgahagan73 +- MayXuQQ +- huangmingxia +- jianping-shu +reviewers: +- jianlinliu +- Amoghrd +- yunjiang29 +- mgahagan73 +- MayXuQQ +- huangmingxia +- jianping-shu diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision-chain.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision-chain.metadata.json new file mode 100644 index 000000000000..1104aa87687a --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision-chain.metadata.json @@ -0,0 +1,23 @@ +{ + "path": "cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision-chain.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "Amoghrd", + "yunjiang29", + "mgahagan73", + "MayXuQQ", + "huangmingxia", + "jianping-shu" + ], + "reviewers": [ + "jianlinliu", + "Amoghrd", + "yunjiang29", + "mgahagan73", + "MayXuQQ", + "huangmingxia", + "jianping-shu" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision-chain.yaml new file mode 100644 index 000000000000..525ba24b1e45 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/azure/ipi/cco-manual-workload-identity/provision/cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision-chain.yaml @@ -0,0 +1,12 @@ +chain: + as: cucushift-installer-rehearse-azure-ipi-cco-manual-workload-identity-provision + steps: + - chain: ipi-conf-azure + - ref: ipi-conf-manual-creds + - ref: ipi-conf-azure-oidc-creds-provision + - ref: ipi-conf-azure-provisioned-resourcegroup + - ref: ipi-conf-manual-creds-remove-unnecessary-creds + - chain: ipi-install + - ref: enable-qe-catalogsource + documentation: |- + Create an IPI cluster with AZURE workload identity for QE e2e tests.