From b74b8c375b711ac2f784001a4e74f73d46d7ac79 Mon Sep 17 00:00:00 2001 From: Rohit Patil Date: Tue, 2 Jun 2026 10:39:10 +0530 Subject: [PATCH] Add OTE support for cli-manager, rodoo, cluster-kube-descheduler, and secondary-scheduler operators Add optional and always_run: false parameters for OTE test profiles: - cli-manager-operator: e2e-aws-operator-serial-ote - cluster-kube-descheduler-operator: e2e-aws-operator-serial-ote - secondary-scheduler-operator: e2e-aws-operator-serial-ote These tests are marked as optional to prevent blocking PRs and always_run: false to avoid automatic execution on every commit. Co-Authored-By: Rohit Patil --- .../openshift-cli-manager-operator-main.yaml | 21 ++ ...luster-kube-descheduler-operator-main.yaml | 20 ++ ...-once-duration-override-operator-main.yaml | 20 ++ ...ift-secondary-scheduler-operator-main.yaml | 20 ++ ...-cli-manager-operator-main-presubmits.yaml | 79 ++++++ ...-descheduler-operator-main-presubmits.yaml | 86 ++++++ ...ion-override-operator-main-presubmits.yaml | 79 ++++++ ...ry-scheduler-operator-main-presubmits.yaml | 79 ++++++ ci-operator/step-registry/cli-manager/OWNERS | 12 + .../cli-manager/install-krew/OWNERS | 12 + .../cli-manager-install-krew-commands.sh | 33 +++ ...cli-manager-install-krew-ref.metadata.json | 19 ++ .../cli-manager-install-krew-ref.yaml | 11 + .../cluster-kube-descheduler-operator/OWNERS | 12 + .../setup-out-of-payload/OWNERS | 12 + .../setup-out-of-payload/README.md | 267 ++++++++++++++++++ ...extension-setup-out-of-payload-commands.sh | 145 ++++++++++ ...ion-setup-out-of-payload-ref.metadata.json | 19 ++ ...ts-extension-setup-out-of-payload-ref.yaml | 83 ++++++ .../OWNERS | 12 + .../secondary-scheduler-operator/OWNERS | 12 + 21 files changed, 1053 insertions(+) create mode 100644 ci-operator/step-registry/cli-manager/OWNERS create mode 100644 ci-operator/step-registry/cli-manager/install-krew/OWNERS create mode 100644 ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-commands.sh create mode 100644 ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.metadata.json create mode 100644 ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.yaml create mode 100644 ci-operator/step-registry/cluster-kube-descheduler-operator/OWNERS create mode 100644 ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/OWNERS create mode 100644 ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/README.md create mode 100644 ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-commands.sh create mode 100644 ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.metadata.json create mode 100644 ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.yaml create mode 100644 ci-operator/step-registry/run-once-duration-override-operator/OWNERS create mode 100644 ci-operator/step-registry/secondary-scheduler-operator/OWNERS diff --git a/ci-operator/config/openshift/cli-manager-operator/openshift-cli-manager-operator-main.yaml b/ci-operator/config/openshift/cli-manager-operator/openshift-cli-manager-operator-main.yaml index c235c186623de..ab8eef53f0735 100644 --- a/ci-operator/config/openshift/cli-manager-operator/openshift-cli-manager-operator-main.yaml +++ b/ci-operator/config/openshift/cli-manager-operator/openshift-cli-manager-operator-main.yaml @@ -48,6 +48,27 @@ tests: requests: cpu: 100m workflow: ipi-aws +- always_run: false + as: e2e-aws-operator-serial-ote + optional: true + skip_if_only_changed: ^\.tekton/|bundle.Dockerfile|\.md$|^(LICENSE|OWNERS)$ + steps: + cluster_profile: openshift-org-aws + dependencies: + EXTENSION_IMAGE: cli-manager-operator + env: + EXTENSION_BINARY_PATH: /usr/bin/cli-manager-operator-tests-ext.gz + EXTENSION_COMPONENT_NAME: cli-manager-operator + FIPS_ENABLED: "true" + TEST_SUITE: openshift/cli-manager-operator/operator/serial + pre: + - chain: ipi-aws-pre + - ref: fips-check + test: + - ref: openshift-tests-extension-setup-out-of-payload + - ref: cli-manager-install-krew + - ref: openshift-e2e-test + workflow: ipi-aws - as: security optional: true skip_if_only_changed: ^\.tekton/|bundle.Dockerfile|\.md$|^(LICENSE|OWNERS)$ diff --git a/ci-operator/config/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main.yaml b/ci-operator/config/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main.yaml index cc25aae314b01..ae428db51b60f 100644 --- a/ci-operator/config/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main.yaml +++ b/ci-operator/config/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main.yaml @@ -44,6 +44,26 @@ tests: requests: cpu: 100m workflow: ipi-aws +- always_run: false + as: e2e-aws-operator-serial-ote + optional: true + skip_if_only_changed: ^\.tekton/|^bundle\.Dockerfile$|\.md$|^(?:.*/)?(?:\.gitignore|LICENSE|OWNERS)$ + steps: + cluster_profile: openshift-org-aws + dependencies: + EXTENSION_IMAGE: cluster-kube-descheduler-operator + env: + EXTENSION_BINARY_PATH: /usr/bin/cluster-kube-descheduler-operator-tests-ext.gz + EXTENSION_COMPONENT_NAME: cluster-kube-descheduler-operator + FIPS_ENABLED: "true" + TEST_SUITE: openshift/cluster-kube-descheduler-operator/operator/serial + pre: + - chain: ipi-aws-pre + - ref: fips-check + test: + - ref: openshift-tests-extension-setup-out-of-payload + - ref: openshift-e2e-test + workflow: ipi-aws zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/config/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main.yaml b/ci-operator/config/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main.yaml index 058b15f6ffc7d..d63b2738bc4f3 100644 --- a/ci-operator/config/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main.yaml +++ b/ci-operator/config/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main.yaml @@ -37,6 +37,26 @@ tests: requests: cpu: 100m workflow: ipi-aws +- always_run: false + as: e2e-aws-operator-serial-ote + optional: true + skip_if_only_changed: ^\.tekton/|bundle.Dockerfile|\.md$|^(LICENSE|OWNERS)$ + steps: + cluster_profile: openshift-org-aws + dependencies: + EXTENSION_IMAGE: run-once-duration-override-operator + env: + EXTENSION_BINARY_PATH: /usr/bin/run-once-duration-override-operator-tests-ext.gz + EXTENSION_COMPONENT_NAME: run-once-duration-override-operator + FIPS_ENABLED: "true" + TEST_SUITE: openshift/run-once-duration-override-operator/operator/serial + pre: + - chain: ipi-aws-pre + - ref: fips-check + test: + - ref: openshift-tests-extension-setup-out-of-payload + - ref: openshift-e2e-test + workflow: ipi-aws zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/config/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main.yaml b/ci-operator/config/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main.yaml index 3a811324bfdf6..071a9cadf95e1 100644 --- a/ci-operator/config/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main.yaml +++ b/ci-operator/config/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main.yaml @@ -37,6 +37,26 @@ tests: requests: cpu: 100m workflow: ipi-aws +- always_run: false + as: e2e-aws-operator-serial-ote + optional: true + skip_if_only_changed: ^\.tekton/|^bundle\.Dockerfile$|\.md$|^(?:.*/)?(?:\.gitignore|LICENSE|OWNERS)$ + steps: + cluster_profile: openshift-org-aws + dependencies: + EXTENSION_IMAGE: secondary-scheduler-operator + env: + EXTENSION_BINARY_PATH: /usr/bin/secondary-scheduler-operator-tests-ext.gz + EXTENSION_COMPONENT_NAME: secondary-scheduler-operator + FIPS_ENABLED: "true" + TEST_SUITE: openshift/secondary-scheduler-operator/operator/serial + pre: + - chain: ipi-aws-pre + - ref: fips-check + test: + - ref: openshift-tests-extension-setup-out-of-payload + - ref: openshift-e2e-test + workflow: ipi-aws zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/jobs/openshift/cli-manager-operator/openshift-cli-manager-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/cli-manager-operator/openshift-cli-manager-operator-main-presubmits.yaml index 3fa6a52ac09a6..4b0b41e03df9f 100644 --- a/ci-operator/jobs/openshift/cli-manager-operator/openshift-cli-manager-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/cli-manager-operator/openshift-cli-manager-operator-main-presubmits.yaml @@ -78,6 +78,85 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-operator,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build06 + context: ci/prow/e2e-aws-operator-serial-ote + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.ci + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cli-manager-operator-main-e2e-aws-operator-serial-ote + optional: true + rerun_command: /test e2e-aws-operator-serial-ote + skip_if_only_changed: ^\.tekton/|bundle.Dockerfile|\.md$|^(LICENSE|OWNERS)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --target=e2e-aws-operator-serial-ote + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-operator-serial-ote,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main-presubmits.yaml index 5064e9908097c..08ea21b7b1e78 100644 --- a/ci-operator/jobs/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-kube-descheduler-operator/openshift-cluster-kube-descheduler-operator-main-presubmits.yaml @@ -84,6 +84,92 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-operator,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/e2e-aws-operator-serial-ote + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.rhel7 + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cluster-kube-descheduler-operator-main-e2e-aws-operator-serial-ote + optional: true + rerun_command: /test e2e-aws-operator-serial-ote + skip_if_only_changed: ^\.tekton/|^bundle\.Dockerfile$|\.md$|^(?:.*/)?(?:\.gitignore|LICENSE|OWNERS)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-operator-serial-ote + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-operator-serial-ote,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main-presubmits.yaml index 509b473ea1f4a..458da6cc770c2 100644 --- a/ci-operator/jobs/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/run-once-duration-override-operator/openshift-run-once-duration-override-operator-main-presubmits.yaml @@ -77,6 +77,85 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-operator,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build05 + context: ci/prow/e2e-aws-operator-serial-ote + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.rhel7 + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-run-once-duration-override-operator-main-e2e-aws-operator-serial-ote + optional: true + rerun_command: /test e2e-aws-operator-serial-ote + skip_if_only_changed: ^\.tekton/|bundle.Dockerfile|\.md$|^(LICENSE|OWNERS)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --target=e2e-aws-operator-serial-ote + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-operator-serial-ote,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main-presubmits.yaml index b7cd11c9b7bf1..bb4a6455802ce 100644 --- a/ci-operator/jobs/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/secondary-scheduler-operator/openshift-secondary-scheduler-operator-main-presubmits.yaml @@ -77,6 +77,85 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-operator,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build06 + context: ci/prow/e2e-aws-operator-serial-ote + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - Dockerfile.rhel7 + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-secondary-scheduler-operator-main-e2e-aws-operator-serial-ote + optional: true + rerun_command: /test e2e-aws-operator-serial-ote + skip_if_only_changed: ^\.tekton/|^bundle\.Dockerfile$|\.md$|^(?:.*/)?(?:\.gitignore|LICENSE|OWNERS)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --target=e2e-aws-operator-serial-ote + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-operator-serial-ote,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/step-registry/cli-manager/OWNERS b/ci-operator/step-registry/cli-manager/OWNERS new file mode 100644 index 0000000000000..08454bd16f7b8 --- /dev/null +++ b/ci-operator/step-registry/cli-manager/OWNERS @@ -0,0 +1,12 @@ +approvers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 +reviewers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 diff --git a/ci-operator/step-registry/cli-manager/install-krew/OWNERS b/ci-operator/step-registry/cli-manager/install-krew/OWNERS new file mode 100644 index 0000000000000..08454bd16f7b8 --- /dev/null +++ b/ci-operator/step-registry/cli-manager/install-krew/OWNERS @@ -0,0 +1,12 @@ +approvers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 +reviewers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 diff --git a/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-commands.sh b/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-commands.sh new file mode 100644 index 0000000000000..a4497e8ab5cd5 --- /dev/null +++ b/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-commands.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +echo "=== Installing Krew (kubectl plugin manager) ===" + +# Detect OS and architecture +OS="$(uname | tr '[:upper:]' '[:lower:]')" +ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/' -e 's/armv7l/arm/')" +KREW="krew-${OS}_${ARCH}" + +# Create temporary directory for Krew installation +KREW_TEMP_DIR=$(mktemp -d) +trap 'rm -rf ${KREW_TEMP_DIR}' EXIT + +echo "Downloading Krew ${KREW}..." +curl -fsSL "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" \ + -o "${KREW_TEMP_DIR}/${KREW}.tar.gz" + +echo "Extracting Krew..." +tar -xzf "${KREW_TEMP_DIR}/${KREW}.tar.gz" -C "${KREW_TEMP_DIR}" + +echo "Installing Krew..." +"${KREW_TEMP_DIR}/${KREW}" install krew + +# Verify installation and show version +echo "Krew installed successfully:" +"${KREW_ROOT:-$HOME/.krew}/bin/kubectl-krew" version + +echo "=== Krew installation complete ===" +echo "To use Krew, ensure \${KREW_ROOT:-\$HOME/.krew}/bin is in your PATH" diff --git a/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.metadata.json b/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.metadata.json new file mode 100644 index 0000000000000..8db09886c350a --- /dev/null +++ b/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.metadata.json @@ -0,0 +1,19 @@ +{ + "path": "cli-manager/install-krew/cli-manager-install-krew-ref.yaml", + "owners": { + "approvers": [ + "ardaguclu", + "ingvagabund", + "p0lyn0mial", + "gangwgr", + "ropatil010" + ], + "reviewers": [ + "ardaguclu", + "ingvagabund", + "p0lyn0mial", + "gangwgr", + "ropatil010" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.yaml b/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.yaml new file mode 100644 index 0000000000000..3b9adac5f74a9 --- /dev/null +++ b/ci-operator/step-registry/cli-manager/install-krew/cli-manager-install-krew-ref.yaml @@ -0,0 +1,11 @@ +ref: + as: cli-manager-install-krew + from: tests + commands: cli-manager-install-krew-commands.sh + grace_period: 5m + resources: + requests: + cpu: 100m + memory: 200Mi + documentation: |- + Installs Krew (kubectl plugin manager) required for cli-manager-operator tests. diff --git a/ci-operator/step-registry/cluster-kube-descheduler-operator/OWNERS b/ci-operator/step-registry/cluster-kube-descheduler-operator/OWNERS new file mode 100644 index 0000000000000..08454bd16f7b8 --- /dev/null +++ b/ci-operator/step-registry/cluster-kube-descheduler-operator/OWNERS @@ -0,0 +1,12 @@ +approvers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 +reviewers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 diff --git a/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/OWNERS b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/OWNERS new file mode 100644 index 0000000000000..08454bd16f7b8 --- /dev/null +++ b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/OWNERS @@ -0,0 +1,12 @@ +approvers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 +reviewers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 diff --git a/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/README.md b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/README.md new file mode 100644 index 0000000000000..4e28cad7f7e7f --- /dev/null +++ b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/README.md @@ -0,0 +1,267 @@ +# Out-of-Payload OTE Extension Setup + +This step provides a reusable, parameterized way to set up OpenShift clusters for out-of-payload test extension discovery and execution. + +## Problem Statement + +Previously, each operator implementing OTE (OpenShift Tests Extension) for out-of-payload testing had to duplicate the same setup logic: + +1. Install TestExtensionAdmission CRD +2. Create TestExtensionAdmission CR +3. Create namespace for test extensions +4. Create ImageStream with OTE annotations +5. Wait for ImageStream import +6. Verify the setup + +This led to code duplication and made it harder to maintain consistent behavior across different operators. + +## Solution + +The `openshift-tests-extension-setup-out-of-payload` step provides a single, well-tested implementation that can be parameterized via environment variables for any operator. + +## Usage + +### Basic Usage in a Workflow Chain + +```yaml +chain: + as: my-operator-test-extension + steps: + - ref: openshift-tests-extension-setup-out-of-payload + env: + - name: EXTENSION_COMPONENT_NAME + default: "my-operator" + - name: EXTENSION_BINARY_PATH + default: "/usr/bin/my-operator-tests-ext.gz" + - ref: my-operator-run-tests + env: + - name: EXTENSION_IMAGE + default: "" + documentation: Container image with the test binary (set by CI via dependency injection) +``` + +### Environment Variables + +#### Required Variables + +- **`EXTENSION_COMPONENT_NAME`**: Name of the component being tested (e.g., `"cli-manager-operator"`). + Used in annotations and resource naming. + +- **`EXTENSION_BINARY_PATH`**: Path to the test binary inside the extension container image. + Example: `"/usr/bin/cli-manager-operator-tests-ext.gz"` + +- **`EXTENSION_IMAGE`**: Container image containing the test extension binary. + Typically set automatically by CI configuration via dependency injection. + +#### Optional Variables (with defaults) + +- **`EXTENSION_IMAGESTREAM_NAME`**: Name for the ImageStream resource. + Default: `"${EXTENSION_COMPONENT_NAME}-tests"` + +- **`EXTENSION_ADMISSION_NAME`**: Name for the TestExtensionAdmission CR. + Default: `"${EXTENSION_COMPONENT_NAME}-extensions"` + +- **`EXTENSION_NAMESPACE`**: Namespace where the ImageStream will be created. + Default: `"test-extensions"` + +- **`EXTENSION_PERMIT_PATTERN`**: Pattern for the TestExtensionAdmission permit rule. + Default: `"test-extensions/*"` + +- **`EXTENSION_IMAGESTREAM_TAG`**: Tag for the ImageStream. + Default: `"latest"` + +- **`EXTENSION_WAIT_TIMEOUT`**: Timeout in seconds to wait for ImageStream import to complete. + Default: `"300"` (5 minutes) + +- **`EXTENSION_SKIP_CRD_INSTALL`**: Skip TestExtensionAdmission CRD installation if set to `"true"`. + Useful when the CRD is already installed by a previous step. + Default: `"false"` + +## Real-World Examples + +### Example 1: run-once-duration-override-operator + +See: `ci-operator/step-registry/run-once-duration-override-operator/test-extension-refactored/` + +```yaml +chain: + as: run-once-duration-override-operator-test-extension-refactored + steps: + - ref: openshift-tests-extension-setup-out-of-payload + env: + - name: EXTENSION_COMPONENT_NAME + default: "run-once-duration-override-operator" + - name: EXTENSION_BINARY_PATH + default: "/usr/bin/run-once-duration-override-operator-tests-ext.gz" + - ref: run-once-duration-override-operator-test-extension-refactored-run +``` + +### Example 2: cli-manager-operator (with extra setup) + +See: `ci-operator/step-registry/cli-manager/test-extension-refactored/` + +This example shows how to add component-specific setup (krew installation) alongside the shared setup: + +```yaml +chain: + as: cli-manager-test-extension-refactored + steps: + - ref: openshift-tests-extension-setup-out-of-payload + env: + - name: EXTENSION_COMPONENT_NAME + default: "cli-manager-operator" + - name: EXTENSION_BINARY_PATH + default: "/usr/bin/cli-manager-operator-tests-ext.gz" + - ref: cli-manager-test-extension-refactored-install-krew # Component-specific setup + - ref: cli-manager-test-extension-refactored-run +``` + +## Migration Guide + +To migrate an existing out-of-payload OTE setup to use this shared step: + +### Before (Monolithic Step) + +```yaml +# my-operator-test-extension-ref.yaml +ref: + as: my-operator-test-extension + commands: my-operator-test-extension-commands.sh # Contains setup + test execution + dependencies: + - name: my-operator + env: EXTENSION_IMAGE +``` + +```bash +# my-operator-test-extension-commands.sh +#!/bin/bash +# ... 50+ lines of setup code (duplicated across operators) ... +# ... test execution ... +``` + +### After (Using Shared Step) + +```yaml +# my-operator-test-extension-refactored-chain.yaml +chain: + as: my-operator-test-extension-refactored + steps: + - ref: openshift-tests-extension-setup-out-of-payload + env: + - name: EXTENSION_COMPONENT_NAME + default: "my-operator" + - name: EXTENSION_BINARY_PATH + default: "/usr/bin/my-operator-tests-ext.gz" + - ref: my-operator-test-extension-refactored-run + env: + - name: EXTENSION_IMAGE + default: "" + documentation: Container image (set by CI via dependency injection) +``` + +```yaml +# my-operator-test-extension-refactored-run-ref.yaml +ref: + as: my-operator-test-extension-refactored-run + from: tests + commands: my-operator-test-extension-refactored-run-commands.sh + timeout: 3600s + resources: + requests: + cpu: "3" + memory: 600Mi +``` + +```bash +# my-operator-test-extension-refactored-run-commands.sh +#!/bin/bash +# Only operator-specific test execution (5-10 lines) +set -o nounset +set -o errexit +set -o pipefail + +export PATH=/usr/libexec/origin:$PATH + +openshift-tests run "${TEST_SUITE}" --junit-dir="${ARTIFACT_DIR}/junit" +``` + +### Benefits of Migration + +1. **Less duplication**: 50+ lines of setup code replaced with 3 lines of configuration +2. **Easier maintenance**: Bug fixes and improvements benefit all operators +3. **Consistent behavior**: All operators use the same well-tested setup logic +4. **Better documentation**: Centralized documentation of the setup process +5. **Easier onboarding**: New operators can quickly set up OTE testing + +## CI Configuration Example + +In your `ci-operator/config///--.yaml`: + +```yaml +images: +- dockerfile_path: Dockerfile + to: my-operator + +tests: +- as: e2e-aws-operator-serial-ote + cluster_claim: + architecture: amd64 + cloud: aws + owner: openshift-ci + product: ocp + timeout: 1h0m0s + version: "4.18" + steps: + test: + - ref: my-operator-test-extension-refactored # Use the chain + dependencies: + - name: my-operator + env: EXTENSION_IMAGE +``` + +## Troubleshooting + +### ImageStream import timeout + +If you see timeout errors waiting for ImageStream import, try: + +1. Check if the image exists: `oc describe imagestream -n test-extensions` +2. Increase timeout: Set `EXTENSION_WAIT_TIMEOUT="600"` for 10 minutes +3. Check image pull secrets if using private registries + +### TestExtensionAdmission CRD already exists + +This is normal when running multiple OTE jobs on the same cluster. The step handles this gracefully. + +If you want to skip CRD installation entirely (because another step installs it), set: +```yaml +env: +- name: EXTENSION_SKIP_CRD_INSTALL + default: "true" +``` + +### Tests not discovered by openshift-tests + +Verify the ImageStream has the correct annotations: + +```bash +oc get imagestreamtag :latest -n test-extensions -o json | jq '.metadata.annotations' +``` + +Should show: +```json +{ + "testextension.redhat.io/component": "my-operator", + "testextension.redhat.io/binary": "/usr/bin/my-operator-tests-ext.gz" +} +``` + +## Related Documentation + +- [OpenShift CI Documentation](https://docs.ci.openshift.org/) +- [Step Registry Guide](https://docs.ci.openshift.org/docs/architecture/step-registry/) +- [OTE Documentation](https://docs.ci.openshift.org/docs/architecture/step-registry/#openshift-tests-extensions) + +## Contributing + +Issues or improvements? Please submit a PR to the [openshift/release](https://github.com/openshift/release) repository. diff --git a/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-commands.sh b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-commands.sh new file mode 100644 index 0000000000000..3dc5ef4f97e6a --- /dev/null +++ b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-commands.sh @@ -0,0 +1,145 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +export PATH=/usr/libexec/origin:$PATH +export HOME=/tmp/home +mkdir -p "${HOME}" + +# Required environment variables (validated below): +# - EXTENSION_COMPONENT_NAME: Name of the component (e.g., "cli-manager-operator") +# - EXTENSION_BINARY_PATH: Path to test binary in container (e.g., "/usr/bin/cli-manager-operator-tests-ext.gz") +# - EXTENSION_IMAGE: Container image with the test binary (typically set by CI config) +# +# Optional environment variables: +# - EXTENSION_IMAGESTREAM_NAME: ImageStream name (default: "${EXTENSION_COMPONENT_NAME}-tests") +# - EXTENSION_ADMISSION_NAME: TestExtensionAdmission CR name (default: "${EXTENSION_COMPONENT_NAME}-extensions") +# - EXTENSION_NAMESPACE: Namespace for ImageStream (default: "test-extensions") +# - EXTENSION_PERMIT_PATTERN: Admission permit pattern (default: "test-extensions/*") +# - EXTENSION_IMAGESTREAM_TAG: Tag for ImageStream (default: "latest") +# - EXTENSION_WAIT_TIMEOUT: Timeout in seconds for ImageStream import (default: "300") +# - EXTENSION_SKIP_CRD_INSTALL: Skip CRD installation if set to "true" (default: "false") + +# Validate required environment variables +if [[ -z "${EXTENSION_COMPONENT_NAME:-}" ]]; then + echo "ERROR: EXTENSION_COMPONENT_NAME environment variable is required" + exit 1 +fi + +if [[ -z "${EXTENSION_BINARY_PATH:-}" ]]; then + echo "ERROR: EXTENSION_BINARY_PATH environment variable is required" + exit 1 +fi + +if [[ -z "${EXTENSION_IMAGE:-}" ]]; then + echo "ERROR: EXTENSION_IMAGE environment variable is required" + exit 1 +fi + +# Set defaults for optional variables +EXTENSION_IMAGESTREAM_NAME="${EXTENSION_IMAGESTREAM_NAME:-${EXTENSION_COMPONENT_NAME}-tests}" +EXTENSION_ADMISSION_NAME="${EXTENSION_ADMISSION_NAME:-${EXTENSION_COMPONENT_NAME}-extensions}" +EXTENSION_NAMESPACE="${EXTENSION_NAMESPACE:-test-extensions}" +EXTENSION_PERMIT_PATTERN="${EXTENSION_PERMIT_PATTERN:-test-extensions/*}" +EXTENSION_IMAGESTREAM_TAG="${EXTENSION_IMAGESTREAM_TAG:-latest}" +EXTENSION_WAIT_TIMEOUT="${EXTENSION_WAIT_TIMEOUT:-300}" +EXTENSION_SKIP_CRD_INSTALL="${EXTENSION_SKIP_CRD_INSTALL:-false}" + +echo "=== Setting up out-of-payload OTE extension: ${EXTENSION_COMPONENT_NAME} ===" +echo "Component: ${EXTENSION_COMPONENT_NAME}" +echo "Binary path: ${EXTENSION_BINARY_PATH}" +echo "ImageStream: ${EXTENSION_IMAGESTREAM_NAME}:${EXTENSION_IMAGESTREAM_TAG}" +echo "Namespace: ${EXTENSION_NAMESPACE}" +echo "Admission CR: ${EXTENSION_ADMISSION_NAME}" + +# Install the TestExtensionAdmission CRD (if not skipped) +if [[ "${EXTENSION_SKIP_CRD_INSTALL}" != "true" ]]; then + echo "" + echo "Installing TestExtensionAdmission CRD..." + if ! openshift-tests extension-admission install-crd 2> >(tee /tmp/install-crd.err >&2); then + if ! grep -qi "already exists" /tmp/install-crd.err; then + echo "ERROR: Failed to install TestExtensionAdmission CRD" + exit 1 + fi + echo "TestExtensionAdmission CRD already exists" + else + echo "TestExtensionAdmission CRD installed successfully" + fi +fi + +# Create the TestExtensionAdmission CR +echo "" +echo "Creating TestExtensionAdmission CR..." +openshift-tests extension-admission create "${EXTENSION_ADMISSION_NAME}" \ + --permit="${EXTENSION_PERMIT_PATTERN}" + +# Create namespace and ImageStream +echo "" +echo "Creating ${EXTENSION_NAMESPACE} namespace and ImageStream..." +cat </dev/null; then + echo "ImageStream import completed successfully" + break + fi + echo "Waiting for ImageStream import... ($elapsed/$timeout seconds)" + sleep 5 + elapsed=$((elapsed + 5)) +done + +if [ $elapsed -ge "$timeout" ]; then + echo "ERROR: Timeout waiting for ImageStream import after ${timeout} seconds" + echo "ImageStream status:" + oc get imagestream "${EXTENSION_IMAGESTREAM_NAME}" -n "${EXTENSION_NAMESPACE}" -o yaml || true + exit 1 +fi + +# Verify setup +echo "" +echo "=== Verifying extension setup ===" +echo "" +echo "TestExtensionAdmission CR:" +oc get testextensionadmission "${EXTENSION_ADMISSION_NAME}" -o yaml + +echo "" +echo "ImageStreamTag annotations:" +oc get imagestreamtag "${imagestreamtag}" -n "${EXTENSION_NAMESPACE}" -o json | jq '.metadata.annotations' + +echo "" +echo "=== Out-of-payload OTE extension setup complete ===" diff --git a/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.metadata.json b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.metadata.json new file mode 100644 index 0000000000000..29b444a908d9b --- /dev/null +++ b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.metadata.json @@ -0,0 +1,19 @@ +{ + "path": "openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.yaml", + "owners": { + "approvers": [ + "ardaguclu", + "ingvagabund", + "p0lyn0mial", + "gangwgr", + "ropatil010" + ], + "reviewers": [ + "ardaguclu", + "ingvagabund", + "p0lyn0mial", + "gangwgr", + "ropatil010" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.yaml b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.yaml new file mode 100644 index 0000000000000..266714ab2ffb1 --- /dev/null +++ b/ci-operator/step-registry/openshift-tests-extension/setup-out-of-payload/openshift-tests-extension-setup-out-of-payload-ref.yaml @@ -0,0 +1,83 @@ +ref: + as: openshift-tests-extension-setup-out-of-payload + from: tests + commands: openshift-tests-extension-setup-out-of-payload-commands.sh + resources: + requests: + cpu: 100m + memory: 100Mi + dependencies: + - name: EXTENSION_IMAGE + env: EXTENSION_IMAGE + env: + - name: EXTENSION_COMPONENT_NAME + default: "" + documentation: |- + REQUIRED: Name of the component being tested (e.g., "cli-manager-operator", "run-once-duration-override-operator"). + This is used in annotations and resource naming. + - name: EXTENSION_BINARY_PATH + default: "" + documentation: |- + REQUIRED: Path to the test binary inside the extension container image. + Example: "/usr/bin/cli-manager-operator-tests-ext.gz" + - name: EXTENSION_IMAGE + default: "" + documentation: |- + REQUIRED: Container image containing the test extension binary. + Typically set automatically by CI configuration referencing the built operator image. + - name: EXTENSION_IMAGESTREAM_NAME + default: "" + documentation: |- + Optional: Name for the ImageStream resource. Defaults to "${EXTENSION_COMPONENT_NAME}-tests" if not set. + - name: EXTENSION_ADMISSION_NAME + default: "" + documentation: |- + Optional: Name for the TestExtensionAdmission CR. Defaults to "${EXTENSION_COMPONENT_NAME}-extensions" if not set. + - name: EXTENSION_NAMESPACE + default: "test-extensions" + documentation: |- + Optional: Namespace where the ImageStream will be created. Defaults to "test-extensions". + - name: EXTENSION_PERMIT_PATTERN + default: "test-extensions/*" + documentation: |- + Optional: Pattern for the TestExtensionAdmission permit rule. Defaults to "test-extensions/*". + - name: EXTENSION_IMAGESTREAM_TAG + default: "latest" + documentation: |- + Optional: Tag for the ImageStream. Defaults to "latest". + - name: EXTENSION_WAIT_TIMEOUT + default: "300" + documentation: |- + Optional: Timeout in seconds to wait for ImageStream import to complete. Defaults to 300 seconds (5 minutes). + - name: EXTENSION_SKIP_CRD_INSTALL + default: "false" + documentation: |- + Optional: Skip TestExtensionAdmission CRD installation if set to "true". Useful when the CRD is already installed + by a previous step or chain. Defaults to "false". + documentation: |- + Sets up the OpenShift cluster for out-of-payload test extension discovery and execution. + + This step creates the necessary resources for openshift-tests to discover and execute test binaries + from operator containers that are not part of the OpenShift release payload. It is designed to be + reusable across different operators by parameterizing component-specific values via environment variables. + + The step performs the following actions: + 1. Installs the TestExtensionAdmission CRD (unless EXTENSION_SKIP_CRD_INSTALL=true) + 2. Creates a TestExtensionAdmission CR to permit test extensions + 3. Creates a namespace for test extensions (default: test-extensions) + 4. Creates an ImageStream pointing to the operator image with OTE annotations + 5. Waits for ImageStream import to complete with configurable timeout + 6. Verifies the setup by checking resources and annotations + + After this step completes, openshift-tests can discover and run the extension test suite using: + openshift-tests run --junit-dir= + + Example usage in a workflow: + - ref: openshift-tests-extension-setup-out-of-payload + env: + - name: EXTENSION_COMPONENT_NAME + default: "my-operator" + - name: EXTENSION_BINARY_PATH + default: "/usr/bin/my-operator-tests-ext.gz" + - name: EXTENSION_IMAGE + default: "pipeline:my-operator-image" diff --git a/ci-operator/step-registry/run-once-duration-override-operator/OWNERS b/ci-operator/step-registry/run-once-duration-override-operator/OWNERS new file mode 100644 index 0000000000000..08454bd16f7b8 --- /dev/null +++ b/ci-operator/step-registry/run-once-duration-override-operator/OWNERS @@ -0,0 +1,12 @@ +approvers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 +reviewers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 diff --git a/ci-operator/step-registry/secondary-scheduler-operator/OWNERS b/ci-operator/step-registry/secondary-scheduler-operator/OWNERS new file mode 100644 index 0000000000000..08454bd16f7b8 --- /dev/null +++ b/ci-operator/step-registry/secondary-scheduler-operator/OWNERS @@ -0,0 +1,12 @@ +approvers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010 +reviewers: +- ardaguclu +- ingvagabund +- p0lyn0mial +- gangwgr +- ropatil010