aws: add openshift-e2e-aws-byohostedzone workflow

ci-operator/config/openshift/installer/openshift-installer-master.yaml

@@ -225,6 +225,10 @@ tests:
   steps:
     cluster_profile: aws
     workflow: openshift-e2e-aws-sharednetwork
+- as: e2e-aws-byo-hostedzone
+  steps:
+    cluster_profile: aws
+    workflow: openshift-e2e-aws-byohostedzone
 - as: e2e-gcp
   steps:
     cluster_profile: gcp

ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml

@@ -65,6 +65,71 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-aws,?($|\s.*)
+  - agent: kubernetes
+    always_run: false
+    branches:
+    - master
+    cluster: build01
+    context: ci/prow/e2e-aws-byo-hostedzone
+    decorate: true
+    labels:
+      ci-operator.openshift.io/prowgen-controlled: "true"
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-installer-master-e2e-aws-byo-hostedzone
+    optional: true
+    rerun_command: /test e2e-aws-byo-hostedzone
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/usr/local/e2e-aws-byo-hostedzone-cluster-profile
+        - --target=e2e-aws-byo-hostedzone
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /usr/local/e2e-aws-byo-hostedzone-cluster-profile
+          name: cluster-profile
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: cluster-profile
+        projected:
+          sources:
+          - secret:
+              name: cluster-secrets-aws
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )e2e-aws-byo-hostedzone,?($|\s.*)
   - agent: kubernetes
     always_run: false
     branches:

ci-operator/step-registry/ipi/aws/post/byohostedzone/OWNERS

@@ -0,0 +1,11 @@
+approvers:
+- smarterclayton
+- wking
+- stevekuznetsov
+- vrutkovs
+- abhinavdahiya
+- deads2k
+- crawford
+- ewolinetz
+- csrwng
+- staebler

ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.metadata.json

@@ -0,0 +1,17 @@
+{
+	"path": "ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.yaml",
+	"owners": {
+		"approvers": [
+			"smarterclayton",
+			"wking",
+			"stevekuznetsov",
+			"vrutkovs",
+			"abhinavdahiya",
+			"deads2k",
+			"crawford",
+			"ewolinetz",
+			"csrwng",
+			"staebler"
+		]
+	}
+}

ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.yaml

@@ -0,0 +1,7 @@
+chain:
+  as: ipi-aws-post-byohostedzone
+  steps:
+  - ref: ipi-deprovision-aws-byohostedzone
+  - ref: ipi-deprovision-aws-sharednetwork
+  documentation: |-
+    The IPI post step contains the steps for cleaning up the AWS resources created for the BYO private hosted zone.

ci-operator/step-registry/ipi/aws/pre/byohostedzone/OWNERS

@@ -0,0 +1,10 @@
+approvers:
+- smarterclayton
+- wking
+- vrutkovs
+- abhinavdahiya
+- deads2k
+- crawford
+- ewolinetz
+- csrwng
+- staebler

ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.metadata.json

@@ -0,0 +1,16 @@
+{
+	"path": "ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.yaml",
+	"owners": {
+		"approvers": [
+			"smarterclayton",
+			"wking",
+			"vrutkovs",
+			"abhinavdahiya",
+			"deads2k",
+			"crawford",
+			"ewolinetz",
+			"csrwng",
+			"staebler"
+		]
+	}
+}

ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.yaml

@@ -0,0 +1,8 @@
+chain:
+  as: ipi-aws-pre-byohostedzone
+  steps:
+  - chain: ipi-conf-aws-byohostedzone
+  - chain: ipi-install
+  documentation: |-
+    The IPI setup step contains all steps that provision an OpenShift cluster
+    using a BYO private hostedzone on AWS.

ci-operator/step-registry/ipi/conf/aws/byohostedzone/OWNERS

@@ -0,0 +1,10 @@
+approvers:
+- smarterclayton
+- wking
+- vrutkovs
+- abhinavdahiya
+- deads2k
+- crawford
+- ewolinetz
+- csrwng
+- staebler

ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.metadata.json

@@ -0,0 +1,16 @@
+{
+	"path": "ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.yaml",
+	"owners": {
+		"approvers": [
+			"smarterclayton",
+			"wking",
+			"vrutkovs",
+			"abhinavdahiya",
+			"deads2k",
+			"crawford",
+			"ewolinetz",
+			"csrwng",
+			"staebler"
+		]
+	}
+}

ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.yaml

@@ -0,0 +1,7 @@
+chain:
+  as: ipi-conf-aws-byohostedzone
+  steps:
+  - chain: ipi-conf-aws-sharednetwork
+  - ref: ipi-conf-aws-byohostedzone
+  documentation: |-
+    The IPI configure step chain configures an AWS IPI install to use a BYO private hostedzone.

ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-commands.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+# TODO: move to image
+pip3 install --user yq
+export PATH=~/.local/bin:$PATH
+
+export AWS_SHARED_CREDENTIALS_FILE=$CLUSTER_PROFILE_DIR/.awscred
+
+EXPIRATION_DATE=$(date -d '4 hours' --iso=minutes --utc)
+TAGS="Key=expirationDate,Value=${EXPIRATION_DATE}"
+
+CONFIG="${SHARED_DIR}/install-config.yaml"
+
+REGION="${LEASED_RESOURCE}"
+
+STACK_NAME=$(cat "${SHARED_DIR}/sharednetworkstackname")
+
+vpc_id="$(aws --region "${REGION}" cloudformation describe-stacks --stack-name "${STACK_NAME}" | jq -c '.Stacks[].Outputs[] | select(.OutputKey=="VpcId") | .OutputValue')"
+echo "Using vpc_id: ${vpc_id}"
+
+cluster_domain=$(yq -r '.metadata.name + "." + .baseDomain' "${CONFIG}")
+hosted_zone="$(aws route53 create-hosted-zone \
+    --name "${cluster_domain}" \
+    --vpc VPCRegion="${REGION}",VPCId="${vpc_id}" \
+    --caller-reference "${cluster_domain}-$(date +"%Y-%m-%d-%H-%M-%S")" \
+    --hosted-zone-config Comment="BYO hosted zone for ${cluster_domain}",PrivateZone=true |
+  jq -r '.HostedZone.Id' | \
+  sed -E 's|^/hostedzone/(.+)$|\1|' \
+  )"
+echo "Using hosted zone: ${hosted_zone}"
+
+# save hostedzone name to ${SHARED_DIR} for deprovision step
+echo "${hosted_zone}" >> "${SHARED_DIR}/byohostedzonename"
+
+aws route53 change-tags-for-resource \
+  --resource-type hostedzone \
+  --resource-id "${hosted_zone}" \
+  --add-tags "${TAGS}"
+
+<"${CONFIG}" yq -y --arg zone "${hosted_zone}" '.platform.aws.hostedZone=$zone' > "${CONFIG}.patched"
+mv "${CONFIG}.patched" "${CONFIG}"

ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.metadata.json

@@ -0,0 +1,16 @@
+{
+	"path": "ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.yaml",
+	"owners": {
+		"approvers": [
+			"smarterclayton",
+			"wking",
+			"vrutkovs",
+			"abhinavdahiya",
+			"deads2k",
+			"crawford",
+			"ewolinetz",
+			"csrwng",
+			"staebler"
+		]
+	}
+}

ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.yaml

@@ -0,0 +1,13 @@
+ref:
+  as: ipi-conf-aws-byohostedzone
+  from_image:
+    namespace: ocp
+    name: "4.8"
+    tag: upi-installer
+  commands: ipi-conf-aws-byohostedzone-commands.sh
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+  documentation: |-
+    This step creates a private hostedzone associated with the VPC created in the sharednetwork step and updates the install-config.yaml to use the hostedzone.

ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- e-tienne
+- ewolinetz
+- jhixson74
+- jstuever
+- patrickdillon
+- staebler
+- wking

ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-commands.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -o nounset
+set -o errexit
+set -o pipefail
+
+trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM
+
+export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred"
+
+hosted_zone="$(cat "${SHARED_DIR}/byohostedzonename")"
+echo "Deleting hostedzone ${hosted_zone}"
+
+aws route53 delete-hostedzone --id "${hosted_zone}"
+echo "${hosted_zone} deleted"

ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.metadata.json

@@ -0,0 +1,14 @@
+{
+	"path": "ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.yaml",
+	"owners": {
+		"approvers": [
+			"e-tienne",
+			"ewolinetz",
+			"jhixson74",
+			"jstuever",
+			"patrickdillon",
+			"staebler",
+			"wking"
+		]
+	}
+}

ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.yaml

@@ -0,0 +1,14 @@
+ref:
+  as: ipi-deprovision-aws-byohostedzone
+  from_image:
+    namespace: ocp
+    name: "4.8"
+    tag: upi-installer
+  grace_period: 10m
+  commands: ipi-deprovision-aws-byohostedzone-commands.sh
+  resources:
+    requests:
+      cpu: 300m
+      memory: 300Mi
+  documentation: |-
+    The deprovision step tears down the BYO private hostedzone.

ci-operator/step-registry/openshift/e2e/aws/byohostedzone/OWNERS

@@ -0,0 +1,10 @@
+approvers:
+- smarterclayton
+- wking
+- vrutkovs
+- abhinavdahiya
+- deads2k
+- crawford
+- ewolinetz
+- csrwng
+- staebler

ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.metadata.json

@@ -0,0 +1,16 @@
+{
+	"path": "openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.yaml",
+	"owners": {
+		"approvers": [
+			"smarterclayton",
+			"wking",
+			"vrutkovs",
+			"abhinavdahiya",
+			"deads2k",
+			"crawford",
+			"ewolinetz",
+			"csrwng",
+			"staebler"
+		]
+	}
+}

ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.yaml

@@ -0,0 +1,12 @@
+workflow:
+  as: openshift-e2e-aws-byohostedzone
+  steps:
+    pre:
+    - chain: ipi-aws-pre-byohostedzone
+    test:
+    - ref: openshift-e2e-test
+    post:
+    - chain: ipi-aws-post
+    - chain: ipi-aws-post-byohostedzone
+  documentation: |-
+    The Openshift E2E AWS workflow executes the common end-to-end test suite on AWS in a cluster using a BYO private hostedzone.