@@ -26,6 +26,7 @@ parameters:
2626- name : ENABLE_PROXY
2727- name : BUILD_ID
2828 required : false
29+ - name : ENABLE_MIRROR
2930
3031objects :
3132
@@ -56,6 +57,35 @@ objects:
5657 namespace : ci
5758 name : ci-chat-bot
5859
60+ # Role for giving the e2e pod permissions to update imagestreams
61+ - kind : Role
62+ apiVersion : authorization.openshift.io/v1
63+ metadata :
64+ name : imagestream-updater
65+ namespace : ${NAMESPACE}
66+ rules :
67+ - apiGroups : ["image.openshift.io"]
68+ resources : ["imagestreams/layers"]
69+ verbs : ["get", "update"]
70+ - apiGroups : ["image.openshift.io"]
71+ resources : ["imagestreams", "imagestreamtags"]
72+ verbs : ["get", "create", "update", "delete", "list"]
73+
74+ # Give the e2e pod access to the imagestream-updater role
75+ - kind : RoleBinding
76+ apiVersion : authorization.openshift.io/v1
77+ metadata :
78+ name : ${JOB_NAME_SAFE}-imagestream-updater-binding
79+ namespace : ${NAMESPACE}
80+ roleRef :
81+ kind : Role
82+ namespace : ${NAMESPACE}
83+ name : imagestream-updater
84+ subjects :
85+ - kind : ServiceAccount
86+ namespace : ${NAMESPACE}
87+ name : default
88+
5989# The e2e pod spins up a cluster, runs e2e tests, and then cleans up the cluster.
6090- kind : Pod
6191 apiVersion : v1
@@ -174,6 +204,8 @@ objects:
174204 value : ${IMAGE_FORMAT}
175205 - name : KUBECONFIG
176206 value : /tmp/artifacts/installer/auth/kubeconfig
207+ - name : MIRROR_BASE
208+ value : registry.svc.ci.openshift.org/${NAMESPACE}/release
177209 command :
178210 - /bin/bash
179211 - -c
@@ -186,8 +218,54 @@ objects:
186218 trap 'touch /tmp/shared/exit' EXIT
187219 trap 'kill $(jobs -p); exit 0' TERM
188220
221+ function patch_image_specs() {
222+ cat <<EOF >samples-patch.yaml
223+ - op: add
224+ path: /spec/skippedImagestreams
225+ value:
226+ - jenkins
227+ - jenkins-agent-maven
228+ - jenkins-agent-nodejs
229+ EOF
230+ oc patch config.samples.operator.openshift.io cluster --type json -p "$(cat samples-patch.yaml)"
231+
232+ NAMES='cli cli-artifacts installer installer-artifacts must-gather tests jenkins jenkins-agent-maven jenkins-agent-nodejs'
233+ cat <<EOF >version-patch.yaml
234+ - op: add
235+ path: /spec/overrides
236+ value:
237+ EOF
238+ for NAME in ${NAMES}
239+ do
240+ cat <<EOF >>version-patch.yaml
241+ - group: image.openshift.io/v1
242+ kind: ImageStream
243+ name: ${NAME}
244+ namespace: openshift
245+ unmanaged: true
246+ EOF
247+ done
248+ oc patch clusterversion version --type json -p "$(cat version-patch.yaml)"
249+
250+ for NAME in ${NAMES}
251+ do
252+ DIGEST="$(oc adm release info --image-for="${NAME}" | sed 's/.*@//')"
253+ cat <<EOF >image-stream-new-source.yaml
254+ - op: replace
255+ path: /spec/tags/0/from
256+ value:
257+ kind: DockerImage
258+ name: "${MIRROR_BASE}@${DIGEST}"
259+ EOF
260+ oc -n openshift patch imagestream "${NAME}" --type json -p "$(cat image-stream-new-source.yaml)"
261+ done
262+ }
263+
189264 mkdir -p "${HOME}"
190265
266+ # Share oc with other containers
267+ cp "$(command -v oc)" /tmp/shared
268+
191269 # wait for the API to come up
192270 while true; do
193271 if [[ -f /tmp/shared/exit ]]; then
@@ -678,10 +756,14 @@ objects:
678756 value : ${RELEASE_IMAGE_LATEST}
679757 - name : OPENSHIFT_INSTALL_INVOKER
680758 value : openshift-internal-ci/${JOB_NAME_SAFE}/${BUILD_ID}
759+ - name : ENABLE_MIRROR
760+ value : ${ENABLE_MIRROR}
681761 - name : USER
682762 value : test
683763 - name : HOME
684764 value : /tmp
765+ - name : MIRROR_BASE
766+ value : registry.svc.ci.openshift.org/${NAMESPACE}/release
685767 - name : INSTALL_INITIAL_RELEASE
686768 - name : RELEASE_IMAGE_INITIAL
687769 command :
@@ -713,6 +795,21 @@ objects:
713795 if [[ -n "${INSTALL_INITIAL_RELEASE}" && -n "${RELEASE_IMAGE_INITIAL}" ]]; then
714796 echo "Installing from initial release ${RELEASE_IMAGE_INITIAL}"
715797 OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE="${RELEASE_IMAGE_INITIAL}"
798+ elif [[ "${ENABLE_MIRROR}" == "true" ]]; then
799+ export PATH=$PATH:/tmp # gain access to oc
800+ while [ ! command -V oc ]; do sleep 1; done # poll to make sure that the test container has dropped oc into the shared volume
801+
802+ # mirror the release image and override the release image to point to the mirrored one
803+ mkdir /tmp/.docker && cp /etc/openshift-installer/pull-secret /tmp/.docker/config.json
804+ oc registry login
805+ oc adm release new --from-release ${RELEASE_IMAGE_LATEST} --to-image ${MIRROR_BASE}-scratch:release --mirror ${MIRROR_BASE}-scratch || echo 'ignore: the release could not be reproduced from its inputs'
806+ oc adm release mirror --from ${MIRROR_BASE}-scratch:release --to ${MIRROR_BASE} --to-release-image ${MIRROR_BASE}:mirrored
807+ RELEASE_PAYLOAD_IMAGE_SHA=$(oc get istag ${MIRROR_BASE##*/}:mirrored -o=jsonpath="{.image.metadata.name}")
808+ oc delete imagestream "$(basename "${MIRROR_BASE}-scratch")"
809+ RELEASE_IMAGE_MIRROR="${MIRROR_BASE}@${RELEASE_PAYLOAD_IMAGE_SHA}"
810+
811+ echo "Installing from mirror override release ${RELEASE_IMAGE_MIRROR}"
812+ OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE="${RELEASE_IMAGE_MIRROR}"
716813 else
717814 echo "Installing from release ${RELEASE_IMAGE_LATEST}"
718815 fi
@@ -892,6 +989,15 @@ objects:
892989 EOF
893990 fi
894991
992+ if [[ "${ENABLE_MIRROR}" == "true" ]]; then
993+ cat >> /tmp/artifacts/installer/install-config.yaml << EOF
994+ imageContentSources:
995+ - source: "${MIRROR_BASE}-scratch"
996+ mirrors:
997+ - "${MIRROR_BASE}"
998+ EOF
999+ fi
1000+
8951001 # TODO: Replace with a more concise manifest injection approach
8961002 if [[ -n "${CLUSTER_NETWORK_MANIFEST}" ]]; then
8971003 openshift-install --dir=/tmp/artifacts/installer/ create manifests
0 commit comments