CORS-4336: Add CI jobs for AWS European Sovereign Cloud (EUSC)#75568
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@liweinan: This pull request references CORS-4336 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@liweinan, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml
Outdated
Show resolved
Hide resolved
...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml
Outdated
Show resolved
Hide resolved
ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml
Outdated
Show resolved
Hide resolved
...ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml
Outdated
Show resolved
Hide resolved
...ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml
Outdated
Show resolved
Hide resolved
...ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml
Outdated
Show resolved
Hide resolved
ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-commands.sh
Outdated
Show resolved
Hide resolved
|
@liweinan as we discussed offline, for the new partition we need three types of cluster:
|
...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml
Show resolved
Hide resolved
|
@yunjiang29 Thanks for the review! I'll refactor this PR today. |
liweinan
force-pushed
the
add-aws-eusc-ci-jobs
branch
from
24fed80 to
de00d69
Compare
|
@liweinan, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
|
@yunjiang29 Thanks for the detailed review! I'll update the PR recordingly. |
|
@liweinan, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
Address yunfei's review comments on PR openshift#75568: 1. Job naming convention: - Rename jobs from -f60 to -f7 suffix (non-destructive tests) - Update cron schedule to standard f7 pattern: 7,14,23,30 2. Private cluster configuration: - Add complete private cluster setup with bastion host - Add VPC, security groups, and proxy configuration - Set PUBLISH=Internal for private cluster access - Add minimal IAM permission provisioning - Follow pattern from cucushift-installer-rehearse-aws-ipi-private-provision 3. AMI configuration fix: - Replace deprecated compute.platform.aws.amiID field - Use platform.aws.defaultMachinePlatform.amiID instead
liweinan
force-pushed
the
add-aws-eusc-ci-jobs
branch
from
4b73bfe to
7f83d83
Compare
|
@liweinan, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
1. Job naming convention:
- Rename jobs from -f60 to -f7 suffix (non-destructive tests)
- Update cron schedule to standard f7 pattern: 7,14,23,30
2. Private cluster configuration:
- Add complete private cluster setup with bastion host
- Add VPC, security groups, and proxy configuration
- Set PUBLISH=Internal for private cluster access
- Add minimal IAM permission provisioning
- Follow pattern from cucushift-installer-rehearse-aws-ipi-private-provision
3. AMI configuration fix:
- Replace deprecated compute.platform.aws.amiID field
- Use platform.aws.defaultMachinePlatform.amiID instead
4. Generalize step registry components for reusability:
- Enhance ipi-conf-aws-custom-endpoints to support multiple AWS partitions
* Add AWS_DOMAIN_SUFFIX env var (defaults to amazonaws.com)
* Support amazonaws.eu for EUSC, amazonaws.com.cn for China
* Allow full URLs for maximum flexibility
- Make ipi-conf-aws-eusc-ami more generic
* Support AWS_CUSTOM_AMI_ID for general use
* Maintain AWS_EUSC_AMI_ID for backward compatibility
* Can be used for EUSC, China, GovCloud, or custom AMI scenarios
- Use generic steps in EUSC provision chain with partition-specific config
- Remove obsolete ipi-conf-aws-eusc-endpoints (replaced by generic version)
liweinan
force-pushed
the
add-aws-eusc-ci-jobs
branch
from
7f83d83 to
55daf83
Compare
|
@liweinan, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
...erator/step-registry/ipi/conf/aws/custom-endpoints/ipi-conf-aws-custom-endpoints-commands.sh
Outdated
Show resolved
Hide resolved
1. Job naming convention:
- Rename jobs from -f60 to -f7 suffix (non-destructive tests)
- Update cron schedule to standard f7 pattern: 7,14,23,30
2. Private cluster configuration:
- Add complete private cluster setup with bastion host
- Add VPC, security groups, and proxy configuration
- Set PUBLISH=Internal for private cluster access
- Add minimal IAM permission provisioning
- Follow pattern from cucushift-installer-rehearse-aws-ipi-private-provision
3. Generalize step registry components for maximum reusability:
a) Enhance ipi-conf-aws-custom-endpoints for all AWS partitions:
- Add AWS_DOMAIN_SUFFIX env var (defaults to amazonaws.com)
- Support amazonaws.eu (EUSC), amazonaws.com.cn (China)
- Allow full URLs for maximum flexibility
- Remove obsolete ipi-conf-aws-eusc-endpoints step
b) Extend ipi-conf-aws to support custom AMI configuration:
- Add AWS_AMI_ID env var for custom RHCOS AMI
- Useful for EUSC, China, GovCloud, or any partition without public AMIs
- Fix deprecated amiID field -> defaultMachinePlatform.amiID
- Auto-detection still works for C2S/SC2S
- Remove obsolete ipi-conf-aws-eusc-ami step
c) EUSC provision chain now uses only generic steps with env config
This refactoring reduces code duplication (net -59 lines) and makes step
components reusable across all AWS partitions.
liweinan
force-pushed
the
add-aws-eusc-ci-jobs
branch
from
55daf83 to
c6c4827
Compare
|
@liweinan, Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
|
Relative PRs merged: #75441 / openshift/ci-tools#4973 |
openshift-ci
bot
added
the
needs-rebase
liweinan
force-pushed
the
add-aws-eusc-ci-jobs
branch
from
569bb19 to
d1b255c
Compare
|
@liweinan: job(s): periodic-ci-openshift-openshift-tests-private-release-4.22-multi-nightly-aws-eusc-ipi-private-tp-arm-f7, pull-ci-openshift-installer-main-e2e-aws-eusc-techpreview either don't exist or were not found to be affected, and cannot be rehearsed |
openshift-ci-robot
added
the
rehearsals-ack
liweinan
force-pushed
the
add-aws-eusc-ci-jobs
branch
from
d1b255c to
cac1c53
Compare
|
/lgtm |
|
@liangxia PTAL |
|
/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-multi-nightly-aws-eusc-ipi-private-tp-arm-f7 pull-ci-openshift-installer-main-e2e-aws-eusc-techpreview |
|
@liweinan: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
Hold this PR until openshift/sippy#3383 merged |
|
Tests are still using |
|
/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-multi-nightly-aws-eusc-ipi-private-tp-arm-f7 |
|
@liweinan: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse pull-ci-openshift-installer-main-e2e-aws-eusc-techpreview |
|
@liweinan: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse pull-ci-openshift-installer-main-e2e-aws-eusc-techpreview |
|
@liweinan: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
ci-operator/step-registry/aws/deprovision/verification/aws-deprovision-verification-commands.sh
Show resolved
Hide resolved
This commit adds comprehensive support for AWS European Sovereign Cloud (EUSC)
cluster type across the OpenShift CI infrastructure.
Changes include:
1. Cluster profiles and provisioning:
- Added aws-eusc cluster profile configuration
- Updated bastion host provisioning for EUSC regions
- Modified IPI install scripts to handle EUSC region names
2. CI job configurations:
- Added e2e-aws-eusc-techpreview job for openshift/installer (main, 4.22, 4.23, 5.0)
- Added multi-nightly-eusc jobs for openshift-tests-private (4.22, 4.23, 5.0)
- Jobs use aws-eusc cluster profile and eusc-de-east-1 region
3. Test infrastructure:
- E2E test script: Added aws-eusc to CLUSTER_TYPE case statement
- AWS deprovision verification: Region handling for IAM and Route53
* EUSC partition: explicitly sets eusc-de-east-1 region
* Other partitions: rely on AWS SDK defaults to avoid breaking aws-cn, aws-us-gov, aws-iso
Technical details:
- EUSC regions use pattern: eusc-{location}-{zone} (e.g., eusc-de-east-1)
- AMI IDs follow format: ami-{17-char-hex} (longer than standard AWS)
- DNS domain: .elb.amazonaws.eu instead of .elb.amazonaws.com
This enables testing OpenShift on AWS European Sovereign Cloud infrastructure,
which provides EU data residency and sovereignty guarantees.
|
/pj-rehearse pull-ci-openshift-installer-main-e2e-aws-eusc-techpreview |
|
@tthvo: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
tthvo
left a comment
tthvo
left a comment
There was a problem hiding this comment.
/lgtm
@yunjiang29 would you like to unhold this PR if it looks good to you? openshift/sippy#3383 is merged now :D
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liangxia, liweinan, patrickdillon, tthvo, yunjiang29 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/unhold |
|
/pj-rehearse ack |
|
@yunjiang29: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
@liweinan: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
7 participants
Implement continuous integration support for AWS EUSC partition (aws-eusc) in eusc-de-east-1 region. Includes cluster profile definition, service endpoints configuration, custom AMI handling, and periodic test jobs.
This enables OpenShift testing on AWS's new European Sovereign Cloud infrastructure, which requires explicit endpoint configuration and custom RHCOS AMIs not available in public regions.