diff --git a/ci-operator/config/openshift/sandboxed-containers-operator/openshift-sandboxed-containers-operator-devel__periodics.yaml b/ci-operator/config/openshift/sandboxed-containers-operator/openshift-sandboxed-containers-operator-devel__periodics.yaml new file mode 100644 index 0000000000000..85312ca24f3d5 --- /dev/null +++ b/ci-operator/config/openshift/sandboxed-containers-operator/openshift-sandboxed-containers-operator-devel__periodics.yaml @@ -0,0 +1,147 @@ +base_images: + tests-private: + name: tests-private + namespace: ci + tag: "4.22" + tls-scanner-tool: + name: tls-scanner + namespace: tls-scanner + tag: tls-scanner-tool + upi-installer: + name: "4.21" + namespace: ocp + tag: upi-installer +build_root: + image_stream_tag: + name: builder + namespace: ocp + tag: rhel-9-golang-1.25-openshift-4.21 +releases: + latest: + integration: + name: "4.21" + namespace: ocp +resources: + '*': + requests: + cpu: 100m + memory: 200Mi +tests: +- as: tls-scanner-default + interval: 72h + steps: + cluster_profile: aws-sandboxed-containers-operator + env: + AWS_REGION_OVERRIDE: us-east-2 + ENABLEPEERPODS: "true" + RUNTIMECLASS: kata-remote + SCAN_NAMESPACE: openshift-sandboxed-containers-operator + TEST_SCENARIOS: C00113 + WORKLOAD_TO_TEST: peer-pods + test: + - ref: openshift-extended-test + - as: create-peer-pod + cli: latest + commands: | + cat <<'EOF' | oc apply -f - + apiVersion: v1 + kind: Pod + metadata: + name: tls-scan-peerpod + namespace: openshift-sandboxed-containers-operator + spec: + runtimeClassName: kata-remote + containers: + - name: hello-openshift + image: quay.io/openshift/origin-hello-openshift + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + EOF + oc wait pod/tls-scan-peerpod -n openshift-sandboxed-containers-operator --for=condition=Ready --timeout=10m + from: src + resources: + requests: + cpu: 100m + memory: 200Mi + - ref: tls-scanner-run + - as: delete-peer-pod + cli: latest + commands: | + oc delete pod/tls-scan-peerpod -n openshift-sandboxed-containers-operator --ignore-not-found --timeout=5m + from: src + resources: + requests: + cpu: 100m + memory: 200Mi + workflow: sandboxed-containers-operator-e2e-aws +- as: tls-scanner-pqc + interval: 72h + steps: + cluster_profile: aws-sandboxed-containers-operator + env: + AWS_REGION_OVERRIDE: us-east-2 + ENABLEPEERPODS: "true" + PQC_CHECK: "true" + RUNTIMECLASS: kata-remote + SCAN_NAMESPACE: openshift-sandboxed-containers-operator + TEST_SCENARIOS: C00113 + WORKLOAD_TO_TEST: peer-pods + test: + - ref: openshift-extended-test + - as: create-peer-pod + cli: latest + commands: | + cat <<'EOF' | oc apply -f - + apiVersion: v1 + kind: Pod + metadata: + name: tls-scan-peerpod + namespace: openshift-sandboxed-containers-operator + spec: + runtimeClassName: kata-remote + containers: + - name: hello-openshift + image: quay.io/openshift/origin-hello-openshift + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + EOF + oc wait pod/tls-scan-peerpod -n openshift-sandboxed-containers-operator --for=condition=Ready --timeout=10m + from: src + resources: + requests: + cpu: 100m + memory: 200Mi + - ref: tls-scanner-run + - as: delete-peer-pod + cli: latest + commands: | + oc delete pod/tls-scan-peerpod -n openshift-sandboxed-containers-operator --ignore-not-found --timeout=5m + from: src + resources: + requests: + cpu: 100m + memory: 200Mi + workflow: sandboxed-containers-operator-e2e-aws +zz_generated_metadata: + branch: devel + org: openshift + repo: sandboxed-containers-operator + variant: periodics diff --git a/ci-operator/jobs/openshift/sandboxed-containers-operator/openshift-sandboxed-containers-operator-devel-periodics.yaml b/ci-operator/jobs/openshift/sandboxed-containers-operator/openshift-sandboxed-containers-operator-devel-periodics.yaml index ea278d814439b..60cfff53d50b3 100644 --- a/ci-operator/jobs/openshift/sandboxed-containers-operator/openshift-sandboxed-containers-operator-devel-periodics.yaml +++ b/ci-operator/jobs/openshift/sandboxed-containers-operator/openshift-sandboxed-containers-operator-devel-periodics.yaml @@ -4605,3 +4605,167 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build07 + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: devel + org: openshift + repo: sandboxed-containers-operator + interval: 72h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-sandboxed-containers-operator + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-sandboxed-containers-operator-devel-periodics-tls-scanner-default + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=tls-scanner-default + - --variant=periodics + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build07 + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: devel + org: openshift + repo: sandboxed-containers-operator + interval: 72h + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-sandboxed-containers-operator + ci-operator.openshift.io/variant: periodics + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-sandboxed-containers-operator-devel-periodics-tls-scanner-pqc + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=tls-scanner-pqc + - --variant=periodics + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator