configs/openshift/installer: Add jobs for Azure testing #3877
Conversation
openshift-ci-robot
added
the
size/L
|
|
||
| | Key | Description | | ||
| | ----------------------------------| ----------- | | ||
| | `osServicePrincipal.json` | Credentials for the Azure API. This is a json file that contains fields described in [upstream credentials doc](https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-create-service-principals#create-a-service-principal-using-a-client-secret). | |
There was a problem hiding this comment.
@coverprice this would be the secret we need in bitwarden
abhinavdahiya
force-pushed
the
azure_test
branch
2 times, most recently
from
4ab0a9a to
1417ae8
Compare
|
/retest |
abhinavdahiya
force-pushed
the
azure_test
branch
3 times, most recently
from
0381c70 to
a62511c
Compare
|
/test pj-rehearse |
| @@ -415,7 +422,7 @@ objects: | |||
| if [[ "${CLUSTER_TYPE}" == "aws" ]]; then | |||
| cat > /tmp/artifacts/installer/install-config.yaml << EOF | |||
| apiVersion: v1beta4 | |||
| baseDomain: ${BASE_DOMAIN} | |||
| baseDomain: origin-ci-int-aws.dev.rhcloud.com | |||
There was a problem hiding this comment.
This might break folks who want to run soak tests in a different CI account or some such? Can we leave the template-scoped parameter, default it to empty, use this fallback value for AWS, and error if it's non-empty on Azure?
There was a problem hiding this comment.
This might break folks who want to run soak tests in a different CI account or some such?
do we have docs on how to do that? So that i can take a look at how its done.
| @@ -452,6 +459,35 @@ objects: | |||
| sshKey: | | |||
| ${SSH_PUB_KEY} | |||
| EOF | |||
| elif [[ "${CLUSTER_TYPE}" == "azure4" ]]; then | |||
| cat > /tmp/artifacts/installer/install-config.yaml << EOF | |||
| apiVersion: v1beta4 | |||
| replicas: 3 | ||
| compute: | ||
| - name: worker | ||
| replicas: 3 |
There was a problem hiding this comment.
I don't see a need to set controlPlane or compute unless we're overriding defaults. Same for networking below (I've filed #3914 to drop unnecessary networking entries from master).
azure4 cluster-profile will be used for OpenShift 4 Azure testing.
Azure uses a separate base-domain because OpenshShift 4 Azure clusters need a DNS Zone in the same subscription as the cluster. Therefore, the base domain logic is moved into the setup container where base domain is chosen per platform The CLUSTER_TYPE for Azure tests is `azure4` to differentiate from pre-existing profile for other testing. PRs for ci-operator [1] and ci-operator-prowgen [2] should solidify the choice. Also updates the test container to run Azure e2e and conformance tests. [1]: openshift/ci-operator#352 [2]: openshift/ci-operator-prowgen#169
```console $ ci-operator-prowgen --from-dir ci-operator/config/ --to-dir ci-operator/jobs ``` Also jobs/openshift/installer: make e2e-azure optional and manual trigger only
|
updated PR (a62511c...72021dc) to address comments and get changes from #3914 @wking PTAL |
|
/test pj-rehearse |
1 similar comment
|
/test pj-rehearse |
|
/lgtm |
| @@ -315,6 +315,15 @@ azure-secrets: | |||
| oc create secret generic codecov-token --from-literal=upload=${CODECOV_UPLOAD_TOKEN} -o yaml --dry-run | oc apply -n azure -f - | |||
| .PHONY: azure-secrets | |||
|
|
|||
| azure4-secrets: | |||
There was a problem hiding this comment.
Please call this azure-e2e-secrets for now (azure4 is confusing). @jim-minter since azure is camping on the convention that the rest of the e2e suites run, I would prefer if you guys can over time migrate from azure-secrets to azure-aro-secrets or similar. The base namespace belongs to the core CI platform.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, stevekuznetsov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
/retest Please review the full test history for this PR and help us cut down flakes. |
| @@ -315,6 +315,15 @@ azure-secrets: | |||
| oc create secret generic codecov-token --from-literal=upload=${CODECOV_UPLOAD_TOKEN} -o yaml --dry-run | oc apply -n azure -f - | |||
| .PHONY: azure-secrets | |||
|
|
|||
| azure4-secrets: | |||
| oc create secret generic cluster-secrets-azure4 \ | |||
| --from-file=cluster/test-deploy/azure4/osServicePrincipal.json \ | |||
There was a problem hiding this comment.
This actually shouldn't be used, can you remove this section? ci-operator/populate-secrets-from-bitwarden is used instead.
| @@ -225,8 +236,8 @@ objects: | |||
|
|
|||
| if [[ "${CLUSTER_TYPE}" == "aws" ]]; then | |||
| cat > /tmp/artifacts/installer/install-config.yaml << EOF | |||
| apiVersion: v1beta4 | |||
| baseDomain: ${BASE_DOMAIN} | |||
| apiVersion: v1 | |||
There was a problem hiding this comment.
Is v1 supported back to rc5? Note from now on you can't bump this ever because 4.1 clusters have to be able to install using this template (templates have to work for all 4.y GA versions).
There was a problem hiding this comment.
We GA'd the v1 API before rc4 openshift/installer#1589 (April 14)
|
@abhinavdahiya: Updated the following 8 configmaps:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@abhinavdahiya: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
| @@ -255,10 +266,31 @@ objects: | |||
| sshKey: | | |||
| ${SSH_PUB_KEY} | |||
| EOF | |||
| elif [[ "${CLUSTER_TYPE}" == "azure4" ]]; then | |||
There was a problem hiding this comment.
I would prefer cluster type to be azure - you can still mount the other secrets to the azure name even if the secret name is different.
| replicas: 3 | ||
| platform: | ||
| azure: | ||
| baseDomainResourceGroupName: os4-common |
There was a problem hiding this comment.
Is this already a set name? Something that is part of the account?
There was a problem hiding this comment.
installer currently picks the first DNS Zone from the account based on the base domain, while most cloud providers allow multiple DNS zones with the same name.
We have https://jira.coreos.com/browse/CORS-1070 already in pipeline to allow users to choose the exact Zone (without the guessing). But Microsoft people were far too un-comfortable with leaving the guessing for Azure addition and insisted we add this field to Azure platform while we were frozen for AWS.
Something that is part of the account?
Yes this resource group is present in the CI subscription.
| @@ -296,6 +328,14 @@ objects: | |||
| value: ${NAMESPACE}-${JOB_NAME_HASH} | |||
| - name: TYPE | |||
| value: ${CLUSTER_TYPE} | |||
| - name: AWS_SHARED_CREDENTIALS_FILE | |||
There was a problem hiding this comment.
Was this file inconsistent with the others?
There was a problem hiding this comment.
All other containers use the ENV to setup the creds. expect teardown, so this change makes it uniform.
| # TODO: make openshift-tests auto-discover this from cluster config | ||
| export TEST_PROVIDER='{"type":"azure","region":"centralus","multizone":true,"multimaster":true}' | ||
| export KUBE_SSH_USER=core | ||
| fi |
… Drop *_REGION from teardown These came in with d00da5d (templates/openshift/installer: Add azure cluster test configuration, 2019-05-23, openshift#3877), but the installer should be extracting the region from metadata.json [1,2]. [1]: https://github.com/openshift/installer/blob/d9a9648cf2330d467cca9f2988846d031464125e/pkg/types/aws/metadata.go#L5 [2]: https://github.com/openshift/installer/blob/d9a9648cf2330d467cca9f2988846d031464125e/pkg/types/azure/metadata.go#L5
azure4 cluster-profile will be used for OpenShift 4 Azure testing.
Azure uses a separate base-domain because OpenshShift 4 Azure clusters need a DNS Zone in the same subscription as the cluster.
Therefore, the base domain logic is moved into the setup container where base domain is chosen per platform
The CLUSTER_TYPE for Azure tests is
azure4to differentiate from pre-existing profile for other testing. PRs for ci-operator 1 and ci-oerpator-prowgen 2 should solidify the choice.Also updates the test container to run Azure e2e and conformance tests.
Requires openshift/ci-operator-prowgen#169 to allow auto generated jobs.