From 8d93a0f54c254f261e332c47dbdb9ca9b7f03972 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Mon, 14 Mar 2022 20:42:48 +0100 Subject: [PATCH 1/2] Use CCO image directly for Alibaba steps Use cloud-credential-operator image with injected /bin/oc to run ccoctl instead of extracting ccoctl from an image. --- ...-conf-alibabacloud-cloud-creds-deprovision-commands.sh | 8 +------- ...ipi-conf-alibabacloud-cloud-creds-deprovision-ref.yaml | 3 ++- ...pi-conf-alibabacloud-cloud-creds-provision-commands.sh | 7 +------ .../ipi-conf-alibabacloud-cloud-creds-provision-ref.yaml | 3 ++- 4 files changed, 6 insertions(+), 15 deletions(-) diff --git a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-commands.sh b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-commands.sh index 1cdf5126dfe37..222f39c7b9625 100755 --- a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-commands.sh +++ b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-commands.sh @@ -7,13 +7,7 @@ set -o pipefail export ALIBABA_CLOUD_CREDENTIALS_FILE=${SHARED_DIR}/alibabacreds.ini cluster_id="${NAMESPACE}-${JOB_NAME_HASH}" -# extract ccoctl from the release image -CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "${RELEASE_IMAGE_LATEST}") -cd "/tmp" -oc image extract "${CCO_IMAGE}" --file="/usr/bin/ccoctl" -chmod 555 "/tmp/ccoctl" - # delete credentials infrastructure created by cloud-creds-provision configure step -"/tmp/ccoctl" alibabacloud \ +ccoctl alibabacloud \ delete-ram-users \ --name="${cluster_id}" diff --git a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-ref.yaml b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-ref.yaml index c2227c280265b..94e58f834333a 100644 --- a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-deprovision/ipi-conf-alibabacloud-cloud-creds-deprovision-ref.yaml @@ -1,6 +1,7 @@ ref: as: ipi-conf-alibabacloud-cloud-creds-deprovision - from: cli + from: cloud-credential-operator + cli: latest commands: ipi-conf-alibabacloud-cloud-creds-deprovision-commands.sh resources: requests: diff --git a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-commands.sh b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-commands.sh index 1cef158628646..f54780779e5b5 100755 --- a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-commands.sh +++ b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-commands.sh @@ -11,16 +11,11 @@ export ALIBABA_CLOUD_CREDENTIALS_FILE="${SHARED_DIR}/alibabacreds.ini" # extract ccoctl from the release image oc registry login -CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' "${RELEASE_IMAGE_LATEST}") -cd "/tmp" -oc --loglevel 10 image extract -a "${CLUSTER_PROFILE_DIR}/pull-secret" "${CCO_IMAGE}" --file="/usr/bin/ccoctl" -chmod 555 "/tmp/ccoctl" - # extract alibabacloud credentials requests from the release image oc --loglevel 10 adm release extract -a "${CLUSTER_PROFILE_DIR}/pull-secret" --credentials-requests --cloud=alibabacloud --to="${CR_PATH}" "${RELEASE_IMAGE_LATEST}" # create required credentials infrastructure and installer manifests for workload identity -"/tmp/ccoctl" alibabacloud create-ram-users \ +ccoctl alibabacloud create-ram-users \ --region "${LEASED_RESOURCE}" \ --name="${cluster_id}" \ --credentials-requests-dir="${CR_PATH}" \ diff --git a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-ref.yaml b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-ref.yaml index 911294b539ac6..b3667403cec0b 100644 --- a/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/alibabacloud/cloud-creds-provision/ipi-conf-alibabacloud-cloud-creds-provision-ref.yaml @@ -1,6 +1,7 @@ ref: as: ipi-conf-alibabacloud-cloud-creds-provision - from: cli + from: cloud-credential-operator + cli: latest commands: ipi-conf-alibabacloud-cloud-creds-provision-commands.sh resources: requests: From e31222ef20aa3029503b8a3e886ac9a82eecc2bc Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Mon, 14 Mar 2022 12:07:38 +0100 Subject: [PATCH 2/2] Add periodic jobs for Alibaba Disk CSI driver tests Every 24 hours, like other CSI tests. --- ...penshift-release-master__nightly-4.10.yaml | 11 ++ ...penshift-release-master__nightly-4.11.yaml | 11 ++ .../openshift-release-master-periodics.yaml | 152 ++++++++++++++++++ 3 files changed, 174 insertions(+) diff --git a/ci-operator/config/openshift/release/openshift-release-master__nightly-4.10.yaml b/ci-operator/config/openshift/release/openshift-release-master__nightly-4.10.yaml index 42cb6a3978d5f..d229dcc2bc24d 100644 --- a/ci-operator/config/openshift/release/openshift-release-master__nightly-4.10.yaml +++ b/ci-operator/config/openshift/release/openshift-release-master__nightly-4.10.yaml @@ -1,4 +1,8 @@ base_images: + alibaba-disk-csi-driver-operator-test: + name: "4.10" + namespace: ocp + tag: alibaba-disk-csi-driver-operator-test ansible: name: "4.10" namespace: ocp @@ -604,6 +608,13 @@ tests: env: BASE_DOMAIN: alicloud-dev.devcluster.openshift.com workflow: openshift-e2e-alibabacloud +- as: e2e-alibaba-csi + interval: 24h + steps: + cluster_profile: alibabacloud + env: + BASE_DOMAIN: alicloud-dev.devcluster.openshift.com + workflow: openshift-e2e-alibabacloud-disk-csi zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/config/openshift/release/openshift-release-master__nightly-4.11.yaml b/ci-operator/config/openshift/release/openshift-release-master__nightly-4.11.yaml index eb3a544fe9d4a..1fea7700b4906 100644 --- a/ci-operator/config/openshift/release/openshift-release-master__nightly-4.11.yaml +++ b/ci-operator/config/openshift/release/openshift-release-master__nightly-4.11.yaml @@ -1,4 +1,8 @@ base_images: + alibaba-disk-csi-driver-operator-test: + name: "4.11" + namespace: ocp + tag: alibaba-disk-csi-driver-operator-test ansible: name: "4.11" namespace: ocp @@ -592,6 +596,13 @@ tests: env: BASE_DOMAIN: alicloud-dev.devcluster.openshift.com workflow: openshift-e2e-alibabacloud +- as: e2e-alibaba-csi + interval: 24h + steps: + cluster_profile: alibabacloud + env: + BASE_DOMAIN: alicloud-dev.devcluster.openshift.com + workflow: openshift-e2e-alibabacloud-disk-csi zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml b/ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml index 99aa247110039..b686ee1462887 100644 --- a/ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml +++ b/ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml @@ -19117,6 +19117,82 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build02 + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: release + interval: 24h + labels: + ci-operator.openshift.io/cloud: alibabacloud + ci-operator.openshift.io/cloud-cluster-profile: alibabacloud + ci-operator.openshift.io/variant: nightly-4.10 + ci.openshift.io/generator: prowgen + ci.openshift.io/no-builds: "true" + job-release: "4.10" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-release-master-nightly-4.10-e2e-alibaba-csi + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/e2e-alibaba-csi-cluster-profile + - --target=e2e-alibaba-csi + - --variant=nightly-4.10 + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/e2e-alibaba-csi-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-alibabacloud + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build02 decorate: true @@ -24216,6 +24292,82 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build02 + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: release + interval: 24h + labels: + ci-operator.openshift.io/cloud: alibabacloud + ci-operator.openshift.io/cloud-cluster-profile: alibabacloud + ci-operator.openshift.io/variant: nightly-4.11 + ci.openshift.io/generator: prowgen + ci.openshift.io/no-builds: "true" + job-release: "4.11" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-release-master-nightly-4.11-e2e-alibaba-csi + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/e2e-alibaba-csi-cluster-profile + - --target=e2e-alibaba-csi + - --variant=nightly-4.11 + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/e2e-alibaba-csi-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-alibabacloud + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build02 decorate: true