Add IPsec job for NAT-T encapsulation

Signed-off-by: Periyasamy Palanisamy <[email protected]>

Author: pperiyasamy

ci-operator/config/openshift-priv/cluster-network-operator/openshift-priv-cluster-network-operator-master.yaml

@@ -132,6 +132,15 @@ tests:
       EXTRA_MG_ARGS: --host-network
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws
+    env:
+      EXTRA_MG_ARGS: --host-network
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-metal-ipi-ovn-ipv6
   cluster: build05
   steps:

ci-operator/config/openshift-priv/cluster-network-operator/openshift-priv-cluster-network-operator-release-4.19.yaml

@@ -133,6 +133,15 @@ tests:
       EXTRA_MG_ARGS: --host-network
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws
+    env:
+      EXTRA_MG_ARGS: --host-network
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-metal-ipi-ovn-ipv6
   cluster: build05
   steps:

ci-operator/config/openshift-priv/cluster-network-operator/openshift-priv-cluster-network-operator-release-4.20.yaml

@@ -132,6 +132,15 @@ tests:
       EXTRA_MG_ARGS: --host-network
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws
+    env:
+      EXTRA_MG_ARGS: --host-network
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-metal-ipi-ovn-ipv6
   cluster: build05
   steps:

ci-operator/config/openshift-priv/origin/openshift-priv-origin-main.yaml

@@ -341,6 +341,16 @@ tests:
       BASE_DOMAIN: aws-2.ci.openshift.org
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- always_run: false
+  as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws-2
+    env:
+      BASE_DOMAIN: aws-2.ci.openshift.org
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-aws-csi
   optional: true
   skip_if_only_changed: ^(?:docs|\.github)/|\.md$|^(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$

ci-operator/config/openshift-priv/origin/openshift-priv-origin-release-4.19.yaml

@@ -342,6 +342,16 @@ tests:
       BASE_DOMAIN: aws-2.ci.openshift.org
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- always_run: false
+  as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws-2
+    env:
+      BASE_DOMAIN: aws-2.ci.openshift.org
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-aws-csi
   optional: true
   skip_if_only_changed: ^(?:docs|\.github)/|\.md$|^(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$

ci-operator/config/openshift-priv/origin/openshift-priv-origin-release-4.20.yaml

@@ -341,6 +341,16 @@ tests:
       BASE_DOMAIN: aws-2.ci.openshift.org
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- always_run: false
+  as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws-2
+    env:
+      BASE_DOMAIN: aws-2.ci.openshift.org
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-aws-csi
   optional: true
   skip_if_only_changed: ^(?:docs|\.github)/|\.md$|^(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$

ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-master.yaml

@@ -131,6 +131,15 @@ tests:
       EXTRA_MG_ARGS: --host-network
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws
+    env:
+      EXTRA_MG_ARGS: --host-network
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-metal-ipi-ovn-ipv6
   cluster: build05
   steps:

ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19.yaml

@@ -132,6 +132,15 @@ tests:
       EXTRA_MG_ARGS: --host-network
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws
+    env:
+      EXTRA_MG_ARGS: --host-network
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-metal-ipi-ovn-ipv6
   cluster: build05
   steps:

ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20.yaml

@@ -131,7 +131,15 @@ tests:
       EXTRA_MG_ARGS: --host-network
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
-  timeout: 6h0m0s
+- as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws
+    env:
+      EXTRA_MG_ARGS: --host-network
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-metal-ipi-ovn-ipv6
   cluster: build05
   steps:

ci-operator/config/openshift/origin/openshift-origin-main.yaml

@@ -340,6 +340,16 @@ tests:
       BASE_DOMAIN: aws-2.ci.openshift.org
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- always_run: false
+  as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws-2
+    env:
+      BASE_DOMAIN: aws-2.ci.openshift.org
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-aws-csi
   optional: true
   skip_if_only_changed: ^(?:docs|\.github)/|\.md$|^(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$

ci-operator/config/openshift/origin/openshift-origin-release-4.19.yaml

@@ -341,6 +341,16 @@ tests:
       BASE_DOMAIN: aws-2.ci.openshift.org
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- always_run: false
+  as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws-2
+    env:
+      BASE_DOMAIN: aws-2.ci.openshift.org
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-aws-csi
   optional: true
   skip_if_only_changed: ^(?:docs|\.github)/|\.md$|^(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$

ci-operator/config/openshift/origin/openshift-origin-release-4.20.yaml

@@ -340,6 +340,16 @@ tests:
       BASE_DOMAIN: aws-2.ci.openshift.org
       IPSEC_MODE: External
     workflow: openshift-e2e-aws-ovn-ipsec-serial
+- always_run: false
+  as: e2e-aws-ovn-ipsec-full-natt-mode
+  optional: true
+  steps:
+    cluster_profile: aws-2
+    env:
+      BASE_DOMAIN: aws-2.ci.openshift.org
+      IPSEC_ENCAPSULATION: Always
+      IPSEC_MODE: Full
+    workflow: openshift-e2e-aws-ovn-ipsec-serial
 - as: e2e-aws-csi
   optional: true
   skip_if_only_changed: ^(?:docs|\.github)/|\.md$|^(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$

ci-operator/jobs/openshift-priv/cluster-network-operator/openshift-priv-cluster-network-operator-master-presubmits.yaml

@@ -331,6 +331,89 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-aws-ovn-ipsec-full-mode,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^master$
+    - ^master-
+    cluster: build11
+    context: ci/prow/e2e-aws-ovn-ipsec-full-natt-mode
+    decorate: true
+    decoration_config:
+      oauth_token_secret:
+        key: oauth
+        name: github-credentials-openshift-ci-robot-private-git-cloner
+    hidden: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-priv-cluster-network-operator-master-e2e-aws-ovn-ipsec-full-natt-mode
+    optional: true
+    path_alias: github.com/openshift/cluster-network-operator
+    rerun_command: /test e2e-aws-ovn-ipsec-full-natt-mode
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --oauth-token-path=/usr/local/github-credentials/oauth
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=e2e-aws-ovn-ipsec-full-natt-mode
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /usr/local/github-credentials
+          name: github-credentials-openshift-ci-robot-private-git-cloner
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )e2e-aws-ovn-ipsec-full-natt-mode,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:

ci-operator/jobs/openshift-priv/cluster-network-operator/openshift-priv-cluster-network-operator-release-4.19-presubmits.yaml

@@ -331,6 +331,89 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-aws-ovn-ipsec-full-mode,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^release-4\.19$
+    - ^release-4\.19-
+    cluster: build09
+    context: ci/prow/e2e-aws-ovn-ipsec-full-natt-mode
+    decorate: true
+    decoration_config:
+      oauth_token_secret:
+        key: oauth
+        name: github-credentials-openshift-ci-robot-private-git-cloner
+    hidden: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-priv-cluster-network-operator-release-4.19-e2e-aws-ovn-ipsec-full-natt-mode
+    optional: true
+    path_alias: github.com/openshift/cluster-network-operator
+    rerun_command: /test e2e-aws-ovn-ipsec-full-natt-mode
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --oauth-token-path=/usr/local/github-credentials/oauth
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=e2e-aws-ovn-ipsec-full-natt-mode
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /usr/local/github-credentials
+          name: github-credentials-openshift-ci-robot-private-git-cloner
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )e2e-aws-ovn-ipsec-full-natt-mode,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches: