kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CI: rework pipeline: short/extended based on labels (#11324) 

* CI: reduce VM resources requests to improve scheduling

* CI: Reduce default jobs; add labels(ci-full/extended) to run more test

* CI: use jobs dependencies instead of stages

* precommit one-job

* CI: Use Kubevirt VM to run Molecule and Vagrant jobs
pull/11341/head
Antoine Legrand 2024-07-01 12:25:36 +02:00 committed by GitHub
parent ff18f65a17
commit a0587e0b8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
30 changed files with 433 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
.gitlab-ci.yml
View File

@ -1,12 +1,9 @@
--- ---
stages: stages:
- build - build
- unit-tests - test
- moderator
- deploy-part1 - deploy-part1
- deploy-part2 - deploy-extended
- deploy-part3
- deploy-special
variables: variables:
KUBESPRAY_VERSION: v2.25.0 KUBESPRAY_VERSION: v2.25.0
@ -43,15 +40,26 @@ before_script:
.job: &job .job: &job
tags: tags:
- packet - ffci
image: $PIPELINE_IMAGE image: $PIPELINE_IMAGE
artifacts: artifacts:
when: always when: always
paths: paths:
- cluster-dump/ - cluster-dump/
needs:
- pipeline-image
.job-moderated:
extends: .job
needs:
- pipeline-image
- ci-not-authorized
- check-galaxy-version # lint
- pre-commit # lint
- vagrant-validate # lint
.testcases: &testcases .testcases: &testcases
<<: *job extends: .job-moderated
retry: 1 retry: 1
interruptible: true interruptible: true
before_script: before_script:
@ -61,12 +69,12 @@ before_script:
script: script:
- ./tests/scripts/testcases_run.sh - ./tests/scripts/testcases_run.sh
after_script: after_script:
- chronic ./tests/scripts/testcases_cleanup.sh - ./tests/scripts/testcases_cleanup.sh
# For failfast, at least 1 job must be defined in .gitlab-ci.yml # For failfast, at least 1 job must be defined in .gitlab-ci.yml
# Premoderated with manual actions # Premoderated with manual actions
ci-not-authorized: ci-not-authorized:
stage: moderator stage: build
before_script: [] before_script: []
after_script: [] after_script: []
rules: rules:
@ -87,8 +95,8 @@ ci-not-authorized:
script: script:
- exit $CI_OK_TO_TEST - exit $CI_OK_TO_TEST
tags: tags:
- light - ffci
needs: []
include: include:
- .gitlab-ci/build.yml - .gitlab-ci/build.yml

2
.gitlab-ci/build.yml
View File

@ -5,7 +5,7 @@
paths: paths:
- image-cache - image-cache
tags: tags:
- packet - ffci
stage: build stage: build
image: image:
name: gcr.io/kaniko-project/executor:debug name: gcr.io/kaniko-project/executor:debug

43
.gitlab-ci/lint.yml
View File

@ -1,40 +1,35 @@
--- ---
generate-pre-commit: pre-commit:
image: 'mikefarah/yq@sha256:bcb889a1f9bdb0613c8a054542d02360c2b1b35521041be3e1bd8fbd0534d411' stage: test
stage: build tags:
before_script: [] - ffci
image: 'ghcr.io/pre-commit-ci/runner-image@sha256:aaf2c7b38b22286f2d381c11673bec571c28f61dd086d11b43a1c9444a813cef'
variables:
PRE_COMMIT_HOME: /pre-commit-cache
script: script:
- > - pre-commit run --all-files
yq -r < .pre-commit-config.yaml '.repos[].hooks[].id' | cache:
sed 's/^/ - /' | key: pre-commit-all
cat .gitlab-ci/pre-commit-dynamic-stub.yml - > pre-commit-generated.yml
artifacts:
paths: paths:
- pre-commit-generated.yml - /pre-commit-cache
needs: []
run-pre-commit:
stage: unit-tests
trigger:
include:
- artifact: pre-commit-generated.yml
job: generate-pre-commit
strategy: depend
vagrant-validate: vagrant-validate:
extends: .job extends: .job
stage: unit-tests stage: test
tags: [light] tags: [ffci]
variables: variables:
VAGRANT_VERSION: 2.3.7 VAGRANT_VERSION: 2.3.7
script: script:
- ./tests/scripts/vagrant-validate.sh - ./tests/scripts/vagrant-validate.sh
except: ['triggers', 'master'] except: ['triggers', 'master']
# TODO: convert to pre-commit hook # TODO: convert to pre-commit hook
check-galaxy-version: check-galaxy-version:
stage: unit-tests needs: []
tags: [light] stage: test
tags: [ffci]
image: python:3 image: python:3
script: script:
- tests/scripts/check_galaxy_version.sh - tests/scripts/check_galaxy_version.sh

64
.gitlab-ci/molecule.yml
View File

@ -1,30 +1,42 @@
--- ---
.molecule: .molecule:
tags: [c3.small.x86] tags: [ffci-vm-med]
only: [/^pr-.*$/] only: [/^pr-.*$/]
except: ['triggers'] except: ['triggers']
image: $PIPELINE_IMAGE image: quay.io/kubespray/vm-kubespray-ci:v6
services: [] services: []
stage: deploy-part1 stage: deploy-part1
needs: []
# - ci-not-authorized
variables:
VAGRANT_DEFAULT_PROVIDER: "libvirt"
before_script: before_script:
- tests/scripts/rebase.sh - groups
- ./tests/scripts/vagrant_clean.sh - python3 -m venv citest
- source citest/bin/activate
- vagrant plugin expunge --reinstall --force --no-tty
- vagrant plugin install vagrant-libvirt
- pip install --no-compile --no-cache-dir pip -U
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/requirements.txt
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/tests/requirements.txt
- ./tests/scripts/rebase.sh
- ./tests/scripts/vagrant_clean.sh
script: script:
- ./tests/scripts/molecule_run.sh - ./tests/scripts/molecule_run.sh
after_script: after_script:
- chronic ./tests/scripts/molecule_logs.sh - ./tests/scripts/molecule_logs.sh
artifacts: artifacts:
when: always when: always
paths: paths:
- molecule_logs/ - molecule_logs/
# CI template for periodic CI jobs # CI template for periodic CI jobs
# Enabled when PERIODIC_CI_ENABLED var is set # Enabled when PERIODIC_CI_ENABLED var is set
.molecule_periodic: .molecule_periodic:
only: only:
variables: variables:
- $PERIODIC_CI_ENABLED - $PERIODIC_CI_ENABLED
allow_failure: true allow_failure: true
extends: .molecule extends: .molecule
@ -34,50 +46,50 @@ molecule_full:
molecule_no_container_engines: molecule_no_container_engines:
extends: .molecule extends: .molecule
script: script:
- ./tests/scripts/molecule_run.sh -e container-engine - ./tests/scripts/molecule_run.sh -e container-engine
when: on_success when: on_success
molecule_docker: molecule_docker:
extends: .molecule extends: .molecule
script: script:
- ./tests/scripts/molecule_run.sh -i container-engine/cri-dockerd - ./tests/scripts/molecule_run.sh -i container-engine/cri-dockerd
when: on_success when: on_success
molecule_containerd: molecule_containerd:
extends: .molecule extends: .molecule
script: script:
- ./tests/scripts/molecule_run.sh -i container-engine/containerd - ./tests/scripts/molecule_run.sh -i container-engine/containerd
when: on_success when: on_success
molecule_cri-o: molecule_cri-o:
extends: .molecule extends: .molecule
stage: deploy-part2 stage: deploy-part1
script: script:
- ./tests/scripts/molecule_run.sh -i container-engine/cri-o - ./tests/scripts/molecule_run.sh -i container-engine/cri-o
allow_failure: true allow_failure: true
when: on_success when: on_success
# Stage 3 container engines don't get as much attention so allow them to fail # # Stage 3 container engines don't get as much attention so allow them to fail
molecule_kata: # molecule_kata:
extends: .molecule # extends: .molecule
stage: deploy-part3 # stage: deploy-extended
script: # script:
- ./tests/scripts/molecule_run.sh -i container-engine/kata-containers # - ./tests/scripts/molecule_run.sh -i container-engine/kata-containers
when: manual # when: manual
# FIXME: this test is broken (perma-failing) # # FIXME: this test is broken (perma-failing)
molecule_gvisor: molecule_gvisor:
extends: .molecule extends: .molecule
stage: deploy-part3 stage: deploy-extended
script: script:
- ./tests/scripts/molecule_run.sh -i container-engine/gvisor - ./tests/scripts/molecule_run.sh -i container-engine/gvisor
when: manual when: manual
# FIXME: this test is broken (perma-failing) # FIXME: this test is broken (perma-failing)
molecule_youki: molecule_youki:
extends: .molecule extends: .molecule
stage: deploy-part3 stage: deploy-extended
script: script:
- ./tests/scripts/molecule_run.sh -i container-engine/youki - ./tests/scripts/molecule_run.sh -i container-engine/youki
when: manual when: manual
# FIXME: this test is broken (perma-failing) # FIXME: this test is broken (perma-failing)

390
.gitlab-ci/packet.yml
View File

@ -6,14 +6,56 @@
CI_PLATFORM: packet CI_PLATFORM: packet
SSH_USER: kubespray SSH_USER: kubespray
tags: tags:
- packet - ffci
except: [triggers] needs:
- pipeline-image
- ci-not-authorized
# CI template for PRs # CI template for PRs
.packet_pr: .packet_pr:
only: [/^pr-.*$/] stage: deploy-part1
rules:
- if: $PR_LABELS =~ /.*ci-short.*/
when: manual
allow_failure: true
- if: $CI_COMMIT_BRANCH =~ /^pr-.*$/
when: on_success
- when: manual
allow_failure: true
extends: .packet extends: .packet
## Uncomment this to have multiple stages
# needs:
# - packet_ubuntu20-calico-all-in-one
.packet_pr_short:
stage: deploy-part1
extends: .packet
rules:
- if: $CI_COMMIT_BRANCH =~ /^pr-.*$/
when: on_success
- when: manual
allow_failure: true
.packet_pr_manual:
extends: .packet_pr
stage: deploy-extended
rules:
- if: $PR_LABELS =~ /.*ci-full.*/
when: on_success
# Else run as manual
- when: manual
allow_failure: true
.packet_pr_extended:
extends: .packet_pr
stage: deploy-extended
rules:
- if: $PR_LABELS =~ /.*(ci-extended|ci-full).*/
when: on_success
- when: manual
allow_failure: true
# CI template for periodic CI jobs # CI template for periodic CI jobs
# Enabled when PERIODIC_CI_ENABLED var is set # Enabled when PERIODIC_CI_ENABLED var is set
.packet_periodic: .packet_periodic:
@ -34,118 +76,87 @@ packet_cleanup_old:
# The ubuntu20-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken # The ubuntu20-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
packet_ubuntu20-calico-all-in-one: packet_ubuntu20-calico-all-in-one:
stage: deploy-part1 stage: deploy-part1
extends: .packet_pr extends: .packet_pr_short
when: on_success
variables: variables:
RESET_CHECK: "true" RESET_CHECK: "true"
# ### PR JOBS PART2 # ### PR JOBS PART2
packet_ubuntu20-all-in-one-docker: packet_ubuntu20-crio:
stage: deploy-part2 extends: .packet_pr_manual
extends: .packet_pr
when: on_success
packet_ubuntu20-calico-all-in-one-hardening:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu22-all-in-one-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu22-calico-all-in-one: packet_ubuntu22-calico-all-in-one:
stage: deploy-part2
extends: .packet_pr extends: .packet_pr
when: on_success
packet_ubuntu24-all-in-one-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu24-calico-all-in-one:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_ubuntu24-calico-etcd-datastore: packet_ubuntu24-calico-etcd-datastore:
stage: deploy-part2
extends: .packet_pr extends: .packet_pr
when: on_success
packet_centos7-flannel-addons-ha:
extends: .packet_pr
stage: deploy-part2
when: on_success
packet_almalinux8-crio: packet_almalinux8-crio:
extends: .packet_pr extends: .packet_pr
stage: deploy-part2
when: on_success
allow_failure: true
packet_ubuntu20-crio:
packet_almalinux8-kube-ovn:
extends: .packet_pr extends: .packet_pr
stage: deploy-part2
when: manual
packet_fedora37-crio:
extends: .packet_pr
stage: deploy-part2
when: manual
packet_ubuntu20-flannel-ha:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian10-cilium-svc-proxy:
stage: deploy-part2
extends: .packet_periodic
when: on_success
packet_debian10-calico:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian10-docker: packet_debian10-docker:
stage: deploy-part2
extends: .packet_pr extends: .packet_pr
when: on_success
packet_debian11-calico: packet_debian11-calico:
stage: deploy-part2
extends: .packet_pr extends: .packet_pr
when: on_success
packet_debian11-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian12-calico:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian12-docker:
stage: deploy-part2
extends: .packet_pr
when: on_success
packet_debian12-cilium: packet_debian12-cilium:
stage: deploy-part2 extends: .packet_pr
extends: .packet_periodic
when: on_success packet_rockylinux8-calico:
extends: .packet_pr
packet_rockylinux9-cilium:
extends: .packet_pr
variables:
RESET_CHECK: "true"
packet_amazon-linux-2-all-in-one:
extends: .packet_pr
packet_fedora38-docker-weave:
extends: .packet_pr
allow_failure: true
packet_opensuse-docker-cilium:
extends: .packet_pr
packet_ubuntu20-cilium-sep:
extends: .packet_pr
## Extended
packet_debian11-docker:
extends: .packet_pr_extended
packet_debian12-docker:
extends: .packet_pr_extended
packet_debian12-calico:
extends: .packet_pr_extended
packet_almalinux8-calico-remove-node:
extends: .packet_pr_extended
variables:
REMOVE_NODE_CHECK: "true"
REMOVE_NODE_NAME: "instance-3"
packet_rockylinux9-calico:
extends: .packet_pr_extended
packet_almalinux8-calico:
extends: .packet_pr_extended
packet_almalinux8-docker:
extends: .packet_pr_extended
packet_centos7-calico-ha-once-localhost: packet_centos7-calico-ha-once-localhost:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
variables: variables:
# This will instruct Docker not to start over TLS. # This will instruct Docker not to start over TLS.
DOCKER_TLS_CERTDIR: "" DOCKER_TLS_CERTDIR: ""
@ -153,196 +164,127 @@ packet_centos7-calico-ha-once-localhost:
services: services:
- docker:26.1.4-dind - docker:26.1.4-dind
packet_almalinux8-kube-ovn: packet_centos7-flannel-addons-ha:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
packet_almalinux8-calico: packet_debian10-calico:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
packet_rockylinux8-calico: packet_ubuntu20-calico-all-in-one-hardening:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
packet_rockylinux9-calico: packet_ubuntu24-calico-all-in-one:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
packet_rockylinux9-cilium: packet_ubuntu20-calico-etcd-kubeadm:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
variables:
RESET_CHECK: "true"
packet_almalinux8-docker: packet_ubuntu24-all-in-one-docker:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
packet_amazon-linux-2-all-in-one: packet_ubuntu22-all-in-one-docker:
stage: deploy-part2 extends: .packet_pr_extended
extends: .packet_pr
when: on_success
packet_fedora38-docker-weave:
stage: deploy-part2
extends: .packet_pr
when: on_success
allow_failure: true
packet_opensuse-docker-cilium:
stage: deploy-part2
extends: .packet_pr
when: on_success
# ### MANUAL JOBS # ### MANUAL JOBS
packet_centos7-calico-ha:
extends: .packet_pr_manual
packet_fedora37-crio:
extends: .packet_pr_manual
packet_ubuntu20-flannel-ha:
extends: .packet_pr_manual
packet_ubuntu20-all-in-one-docker:
extends: .packet_pr_manual
packet_ubuntu20-docker-weave-sep: packet_ubuntu20-docker-weave-sep:
stage: deploy-part2 extends: .packet_pr_manual
extends: .packet_pr
when: manual
packet_ubuntu20-cilium-sep:
stage: deploy-special
extends: .packet_pr
when: manual
packet_ubuntu20-flannel-ha-once: packet_ubuntu20-flannel-ha-once:
stage: deploy-part2 extends: .packet_pr_manual
extends: .packet_pr
when: manual packet_fedora37-calico-swap-selinux:
extends: .packet_pr_manual
# Calico HA eBPF
packet_almalinux8-calico-ha-ebpf: packet_almalinux8-calico-ha-ebpf:
stage: deploy-part2 extends: .packet_pr_manual
extends: .packet_pr
when: manual packet_almalinux8-calico-nodelocaldns-secondary:
extends: .packet_pr_manual
packet_debian10-macvlan: packet_debian10-macvlan:
stage: deploy-part2 extends: .packet_pr_manual
extends: .packet_pr
when: manual
packet_centos7-calico-ha:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_centos7-multus-calico: packet_centos7-multus-calico:
stage: deploy-part2 extends: .packet_pr_manual
extends: .packet_pr
when: manual
packet_debian11-custom-cni:
extends: .packet_pr_manual
packet_debian11-kubelet-csr-approver:
extends: .packet_pr_manual
packet_debian12-custom-cni-helm:
extends: .packet_pr_manual
packet_ubuntu20-calico-ha-wireguard:
extends: .packet_pr_manual
# PERIODIC
packet_fedora38-docker-calico: packet_fedora38-docker-calico:
stage: deploy-part2 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
variables: variables:
RESET_CHECK: "true" RESET_CHECK: "true"
packet_fedora37-calico-selinux: packet_fedora37-calico-selinux:
stage: deploy-part2 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
packet_fedora37-calico-swap-selinux:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_almalinux8-calico-nodelocaldns-secondary:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_fedora38-kube-ovn: packet_fedora38-kube-ovn:
stage: deploy-part2 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
packet_debian11-custom-cni:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian11-kubelet-csr-approver:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian12-custom-cni-helm:
stage: deploy-part2
extends: .packet_pr
when: manual
# ### PR JOBS PART3
# Long jobs (45min+)
packet_centos7-weave-upgrade-ha: packet_centos7-weave-upgrade-ha:
stage: deploy-part3 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
variables: variables:
UPGRADE_TEST: basic UPGRADE_TEST: basic
packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha: packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha:
stage: deploy-part3 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
variables: variables:
UPGRADE_TEST: basic UPGRADE_TEST: basic
# Calico HA Wireguard
packet_ubuntu20-calico-ha-wireguard:
stage: deploy-part2
extends: .packet_pr
when: manual
packet_debian11-calico-upgrade:
stage: deploy-part3
extends: .packet_pr
when: on_success
variables:
UPGRADE_TEST: graceful
packet_almalinux8-calico-remove-node:
stage: deploy-part3
extends: .packet_pr
when: on_success
variables:
REMOVE_NODE_CHECK: "true"
REMOVE_NODE_NAME: "instance-3"
packet_ubuntu20-calico-etcd-kubeadm:
stage: deploy-part3
extends: .packet_pr
when: on_success
packet_debian11-calico-upgrade-once: packet_debian11-calico-upgrade-once:
stage: deploy-part3 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
variables: variables:
UPGRADE_TEST: graceful UPGRADE_TEST: graceful
packet_ubuntu20-calico-ha-recover: packet_ubuntu20-calico-ha-recover:
stage: deploy-part3 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
variables: variables:
RECOVER_CONTROL_PLANE_TEST: "true" RECOVER_CONTROL_PLANE_TEST: "true"
RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:]:kube_control_plane[1:]" RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:]:kube_control_plane[1:]"
packet_ubuntu20-calico-ha-recover-noquorum: packet_ubuntu20-calico-ha-recover-noquorum:
stage: deploy-part3 stage: deploy-extended
extends: .packet_periodic extends: .packet_periodic
when: on_success
variables: variables:
RECOVER_CONTROL_PLANE_TEST: "true" RECOVER_CONTROL_PLANE_TEST: "true"
RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[1:]:kube_control_plane[1:]" RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[1:]:kube_control_plane[1:]"
packet_debian10-cilium-svc-proxy:
stage: deploy-extended
extends: .packet_periodic
packet_debian11-calico-upgrade:
stage: deploy-extended
extends: .packet_periodic
variables:
UPGRADE_TEST: graceful

2
.gitlab-ci/pre-commit-dynamic-stub.yml
View File

@ -7,7 +7,7 @@ pre-commit:
variables: variables:
PRE_COMMIT_HOME: /pre-commit-cache PRE_COMMIT_HOME: /pre-commit-cache
script: script:
- pre-commit run -a $HOOK_ID - pre-commit run --all-files
cache: cache:
key: pre-commit-$HOOK_ID key: pre-commit-$HOOK_ID
paths: paths:

22
.gitlab-ci/terraform.yml
View File

@ -2,6 +2,10 @@
# Tests for contrib/terraform/ # Tests for contrib/terraform/
.terraform_install: .terraform_install:
extends: .job extends: .job
needs:
- ci-not-authorized
- pipeline-image
stage: deploy-part1
before_script: before_script:
- update-alternatives --install /usr/bin/python python /usr/bin/python3 1 - update-alternatives --install /usr/bin/python python /usr/bin/python3 1
- ./tests/scripts/rebase.sh - ./tests/scripts/rebase.sh
@ -24,17 +28,19 @@
.terraform_validate: .terraform_validate:
extends: .terraform_install extends: .terraform_install
stage: unit-tests tags: [ffci]
tags: [light]
only: ['master', /^pr-.*$/] only: ['master', /^pr-.*$/]
script: script:
- terraform -chdir="contrib/terraform/$PROVIDER" validate - terraform -chdir="contrib/terraform/$PROVIDER" validate
- terraform -chdir="contrib/terraform/$PROVIDER" fmt -check -diff - terraform -chdir="contrib/terraform/$PROVIDER" fmt -check -diff
stage: test
needs:
- pipeline-image
.terraform_apply: .terraform_apply:
extends: .terraform_install extends: .terraform_install
tags: [light] tags: [ffci]
stage: deploy-part3 stage: deploy-extended
when: manual when: manual
only: [/^pr-.*$/] only: [/^pr-.*$/]
artifacts: artifacts:
@ -51,7 +57,7 @@
- tests/scripts/testcases_run.sh - tests/scripts/testcases_run.sh
after_script: after_script:
# Cleanup regardless of exit code # Cleanup regardless of exit code
- chronic ./tests/scripts/testcases_cleanup.sh - ./tests/scripts/testcases_cleanup.sh
tf-validate-openstack: tf-validate-openstack:
extends: .terraform_validate extends: .terraform_validate
@ -146,8 +152,7 @@ tf-validate-nifcloud:
TF_VAR_router_id: "ab95917c-41fb-4881-b507-3a6dfe9403df" TF_VAR_router_id: "ab95917c-41fb-4881-b507-3a6dfe9403df"
tf-elastx_cleanup: tf-elastx_cleanup:
stage: unit-tests tags: [ffci]
tags: [light]
image: python image: python
variables: variables:
<<: *elastx_variables <<: *elastx_variables
@ -155,10 +160,11 @@ tf-elastx_cleanup:
- pip install -r scripts/openstack-cleanup/requirements.txt - pip install -r scripts/openstack-cleanup/requirements.txt
script: script:
- ./scripts/openstack-cleanup/main.py - ./scripts/openstack-cleanup/main.py
allow_failure: true
tf-elastx_ubuntu20-calico: tf-elastx_ubuntu20-calico:
extends: .terraform_apply extends: .terraform_apply
stage: deploy-part3 stage: deploy-part1
when: on_success when: on_success
allow_failure: true allow_failure: true
variables: variables:

41
.gitlab-ci/vagrant.yml
View File

@ -1,64 +1,73 @@
--- ---
.vagrant: .vagrant:
extends: .testcases extends: .testcases
needs:
- ci-not-authorized
variables: variables:
CI_PLATFORM: "vagrant" CI_PLATFORM: "vagrant"
SSH_USER: "vagrant" SSH_USER: "vagrant"
VAGRANT_DEFAULT_PROVIDER: "libvirt" VAGRANT_DEFAULT_PROVIDER: "libvirt"
KUBESPRAY_VAGRANT_CONFIG: tests/files/${CI_JOB_NAME}.rb KUBESPRAY_VAGRANT_CONFIG: tests/files/${CI_JOB_NAME}.rb
tags: [c3.small.x86] DOCKER_NAME: vagrant
only: [/^pr-.*$/] VAGRANT_ANSIBLE_TAGS: facts
except: ['triggers'] tags: [ffci-vm-large]
image: $PIPELINE_IMAGE # only: [/^pr-.*$/]
# except: ['triggers']
image: quay.io/kubespray/vm-kubespray-ci:v6
services: [] services: []
before_script: before_script:
- echo $USER
- python3 -m venv citest
- source citest/bin/activate
- vagrant plugin expunge --reinstall --force --no-tty
- vagrant plugin install vagrant-libvirt
- pip install --no-compile --no-cache-dir pip -U
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/requirements.txt
- pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/tests/requirements.txt
- ./tests/scripts/vagrant_clean.sh - ./tests/scripts/vagrant_clean.sh
script: script:
- ./tests/scripts/testcases_run.sh - ./tests/scripts/testcases_run.sh
after_script:
- chronic ./tests/scripts/testcases_cleanup.sh
vagrant_ubuntu20-calico-dual-stack: vagrant_ubuntu20-calico-dual-stack:
stage: deploy-part2 stage: deploy-extended
extends: .vagrant extends: .vagrant
when: manual when: manual
# FIXME: this test if broken (perma-failing) # FIXME: this test if broken (perma-failing)
vagrant_ubuntu20-weave-medium: vagrant_ubuntu20-weave-medium:
stage: deploy-part2 stage: deploy-extended
extends: .vagrant extends: .vagrant
when: manual when: manual
vagrant_ubuntu20-flannel: vagrant_ubuntu20-flannel:
stage: deploy-part2 stage: deploy-part1
extends: .vagrant extends: .vagrant
when: on_success when: on_success
allow_failure: false allow_failure: false
vagrant_ubuntu20-flannel-collection: vagrant_ubuntu20-flannel-collection:
stage: deploy-part2 stage: deploy-extended
extends: .vagrant extends: .vagrant
when: on_success when: manual
vagrant_ubuntu20-kube-router-sep: vagrant_ubuntu20-kube-router-sep:
stage: deploy-part2 stage: deploy-extended
extends: .vagrant extends: .vagrant
when: manual when: manual
# Service proxy test fails connectivity testing # Service proxy test fails connectivity testing
vagrant_ubuntu20-kube-router-svc-proxy: vagrant_ubuntu20-kube-router-svc-proxy:
stage: deploy-part2 stage: deploy-extended
extends: .vagrant extends: .vagrant
when: manual when: manual
vagrant_fedora37-kube-router: vagrant_fedora37-kube-router:
stage: deploy-part2 stage: deploy-extended
extends: .vagrant extends: .vagrant
when: manual when: manual
# FIXME: this test if broken (perma-failing) # FIXME: this test if broken (perma-failing)
vagrant_centos7-kube-router: vagrant_centos7-kube-router:
stage: deploy-part2 stage: deploy-extended
extends: .vagrant extends: .vagrant
when: manual when: manual

1
Vagrantfile vendored
View File

@ -278,6 +278,7 @@ Vagrant.configure("2") do |config|
"local_path_provisioner_enabled": "#{$local_path_provisioner_enabled}", "local_path_provisioner_enabled": "#{$local_path_provisioner_enabled}",
"local_path_provisioner_claim_root": "#{$local_path_provisioner_claim_root}", "local_path_provisioner_claim_root": "#{$local_path_provisioner_claim_root}",
"ansible_ssh_user": SUPPORTED_OS[$os][:user], "ansible_ssh_user": SUPPORTED_OS[$os][:user],
"ansible_ssh_private_key_file": File.join(Dir.home, ".vagrant.d", "insecure_private_key"),
"unsafe_show_logs": "True" "unsafe_show_logs": "True"
} }

4
docs/developers/ci-setup.md
View File

@ -5,8 +5,8 @@
1. build: build a docker image to be used in the pipeline 1. build: build a docker image to be used in the pipeline
2. unit-tests: fast jobs for fast feedback (linting, etc...) 2. unit-tests: fast jobs for fast feedback (linting, etc...)
3. deploy-part1: small number of jobs to test if the PR works with default settings 3. deploy-part1: small number of jobs to test if the PR works with default settings
4. deploy-part2: slow jobs testing different platforms, OS, settings, CNI, etc... 4. deploy-extended: slow jobs testing different platforms, OS, settings, CNI, etc...
5. deploy-part3: very slow jobs (upgrades, etc...) 5. deploy-extended: very slow jobs (upgrades, etc...)
## Runners ## Runners

5
pipeline.Dockerfile
View File

@ -4,7 +4,7 @@ FROM ubuntu:jammy-20230308
# Pip needs this as well at the moment to install ansible # Pip needs this as well at the moment to install ansible
# (and potentially other packages) # (and potentially other packages)
# See: https://github.com/pypa/pip/issues/10219 # See: https://github.com/pypa/pip/issues/10219
ENV VAGRANT_VERSION=2.3.7 \ ENV VAGRANT_VERSION=2.4.1 \
VAGRANT_DEFAULT_PROVIDER=libvirt \ VAGRANT_DEFAULT_PROVIDER=libvirt \
VAGRANT_ANSIBLE_TAGS=facts \ VAGRANT_ANSIBLE_TAGS=facts \
LANG=C.UTF-8 \ LANG=C.UTF-8 \
@ -31,6 +31,8 @@ RUN apt update -q \
unzip \ unzip \
libvirt-clients \ libvirt-clients \
qemu-utils \ qemu-utils \
qemu-kvm \
dnsmasq \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
&& add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ && add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
&& apt update -q \ && apt update -q \
@ -46,6 +48,7 @@ ADD ./roles/kubespray-defaults/defaults/main/main.yml /kubespray/roles/kubespray
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
&& pip install --no-compile --no-cache-dir pip -U \ && pip install --no-compile --no-cache-dir pip -U \
&& pip install --no-compile --no-cache-dir -r tests/requirements.txt \ && pip install --no-compile --no-cache-dir -r tests/requirements.txt \
&& pip install --no-compile --no-cache-dir -r requirements.txt \
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main/main.yml) \ && KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main/main.yml) \
&& curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \ && curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
&& echo $(curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \ && echo $(curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \

3
tests/Makefile
View File

@ -35,8 +35,7 @@ cleanup-packet:
create-vagrant: create-vagrant:
vagrant up vagrant up
find / -name vagrant_ansible_inventory cp $(CI_PROJECT_DIR)/inventory/sample/vagrant_ansible_inventory $(INVENTORY)
cp /builds/kargo-ci/kubernetes-sigs-kubespray/inventory/sample/vagrant_ansible_inventory $(INVENTORY)
delete-vagrant: delete-vagrant:
vagrant destroy -f vagrant destroy -f

5
tests/cloud_playbooks/roles/packet-ci/defaults/main.yml
View File

@ -4,14 +4,13 @@
vm_cpu_cores: 2 vm_cpu_cores: 2
vm_cpu_sockets: 1 vm_cpu_sockets: 1
vm_cpu_threads: 2 vm_cpu_threads: 2
vm_memory: 2048Mi vm_memory: 2048
# Replace invalid characters so that we can use the branch name in kubernetes labels # Replace invalid characters so that we can use the branch name in kubernetes labels
branch_name_sane: "{{ branch | regex_replace('/', '-') }}" branch_name_sane: "{{ branch | regex_replace('/', '-') }}"
# Request/Limit allocation settings # Request/Limit allocation settings
cpu_allocation_ratio: 0.25
cpu_allocation_ratio: 0.5
memory_allocation_ratio: 1 memory_allocation_ratio: 1
# Default path for inventory # Default path for inventory

6
tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2
View File

@ -4,6 +4,8 @@ kind: VirtualMachine
metadata: metadata:
name: "instance-{{ vm_id }}" name: "instance-{{ vm_id }}"
namespace: "{{ test_name }}" namespace: "{{ test_name }}"
annotations:
kubespray.com/ci.template-path: "tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2"
labels: labels:
kubevirt.io/os: {{ cloud_image }} kubevirt.io/os: {{ cloud_image }}
spec: spec:
@ -34,10 +36,10 @@ spec:
threads: {{ vm_cpu_threads }} threads: {{ vm_cpu_threads }}
resources: resources:
requests: requests:
memory: {{ vm_memory * memory_allocation_ratio }} memory: "{{ vm_memory * memory_allocation_ratio }}Mi"
cpu: {{ vm_cpu_cores * cpu_allocation_ratio }} cpu: {{ vm_cpu_cores * cpu_allocation_ratio }}
limits: limits:
memory: {{ vm_memory }} memory: "{{ vm_memory }}Mi"
cpu: {{ vm_cpu_cores }} cpu: {{ vm_cpu_cores }}
networks: networks:
- name: default - name: default

2
tests/files/packet_almalinux8-calico-ha-ebpf.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: almalinux-8 cloud_image: almalinux-8
mode: ha mode: ha
vm_memory: 3072Mi vm_memory: 3072
# Kubespray settings # Kubespray settings
calico_bpf_enabled: true calico_bpf_enabled: true

2
tests/files/packet_almalinux8-calico-nodelocaldns-secondary.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: almalinux-8 cloud_image: almalinux-8
mode: default mode: default
vm_memory: 3072Mi vm_memory: 3072
# Kubespray settings # Kubespray settings
enable_nodelocaldns_secondary: true enable_nodelocaldns_secondary: true

2
tests/files/packet_almalinux8-calico.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: almalinux-8 cloud_image: almalinux-8
mode: default mode: default
vm_memory: 3072Mi vm_memory: 3072
# Kubespray settings # Kubespray settings
metrics_server_enabled: true metrics_server_enabled: true

2
tests/files/packet_almalinux8-docker.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: almalinux-8 cloud_image: almalinux-8
mode: default mode: default
vm_memory: 3072Mi vm_memory: 3072
# Use docker # Use docker
container_manager: docker container_manager: docker

2
tests/files/packet_almalinux8-kube-ovn.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: almalinux-8 cloud_image: almalinux-8
mode: default mode: default
vm_memory: 3072Mi vm_memory: 3072
# Kubespray settings # Kubespray settings
kube_network_plugin: kube-ovn kube_network_plugin: kube-ovn

2
tests/files/packet_rockylinux8-calico.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: rockylinux-8 cloud_image: rockylinux-8
mode: default mode: default
vm_memory: 3072Mi vm_memory: 3072
# Kubespray settings # Kubespray settings
metrics_server_enabled: true metrics_server_enabled: true

2
tests/files/packet_rockylinux9-calico.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: rockylinux-9 cloud_image: rockylinux-9
mode: default mode: default
vm_memory: 3072Mi vm_memory: 3072
# Kubespray settings # Kubespray settings
metrics_server_enabled: true metrics_server_enabled: true

2
tests/files/packet_rockylinux9-cilium.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: rockylinux-9 cloud_image: rockylinux-9
mode: default mode: default
vm_memory: 3072Mi vm_memory: 3072
# Kubespray settings # Kubespray settings
kube_network_plugin: cilium kube_network_plugin: cilium

2
tests/files/packet_ubuntu22-all-in-one-docker.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: ubuntu-2204 cloud_image: ubuntu-2204
mode: all-in-one mode: all-in-one
vm_memory: 1600Mi vm_memory: 1600
# Kubespray settings # Kubespray settings
auto_renew_certificates: true auto_renew_certificates: true

2
tests/files/packet_ubuntu22-calico-all-in-one.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: ubuntu-2204 cloud_image: ubuntu-2204
mode: all-in-one mode: all-in-one
vm_memory: 1600Mi vm_memory: 1600
# Kubespray settings # Kubespray settings
auto_renew_certificates: true auto_renew_certificates: true

2
tests/files/packet_ubuntu24-all-in-one-docker.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: ubuntu-2404 cloud_image: ubuntu-2404
mode: all-in-one mode: all-in-one
vm_memory: 1600Mi vm_memory: 1600
# Kubespray settings # Kubespray settings
auto_renew_certificates: true auto_renew_certificates: true

2
tests/files/packet_ubuntu24-calico-all-in-one.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: ubuntu-2404 cloud_image: ubuntu-2404
mode: all-in-one mode: all-in-one
vm_memory: 1600Mi vm_memory: 1600
# Kubespray settings # Kubespray settings
auto_renew_certificates: true auto_renew_certificates: true

2
tests/files/packet_ubuntu24-calico-etcd-datastore.yml
View File

@ -2,7 +2,7 @@
# Instance settings # Instance settings
cloud_image: ubuntu-2404 cloud_image: ubuntu-2404
mode: node-etcd-client mode: node-etcd-client
vm_memory: 1600Mi vm_memory: 1600
# Kubespray settings # Kubespray settings
auto_renew_certificates: true auto_renew_certificates: true

1
tests/files/vagrant_ubuntu20-flannel.rb
View File

@ -2,7 +2,6 @@ $os = "ubuntu2004"
# For CI we are not worries about data persistence across reboot # For CI we are not worries about data persistence across reboot
$libvirt_volume_cache = "unsafe" $libvirt_volume_cache = "unsafe"
# Checking for box update can trigger API rate limiting # Checking for box update can trigger API rate limiting
# https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html # https://www.vagrantup.com/docs/vagrant-cloud/request-limits.html
$box_check_update = false $box_check_update = false

1
tests/files/vagrant_ubuntu20-flannel.yml
View File

@ -1,3 +1,4 @@
--- ---
# Kubespray settings # Kubespray settings
kube_network_plugin: flannel kube_network_plugin: flannel
ansible_ssh_private_key: .vagrant.d/insecure_private_key

122
tests/scripts/vagrant-install.sh 100755
View File

@ -0,0 +1,122 @@
#!/bin/bash
# install_vagrant() {
# sudo apt install vagrant-libvirt vagrant -y
# sudo vagrant plugin install vagrant-libvirt
# }
# prep(){
# sudo apt-get update -y
# sudo apt-get install ca-certificates curl libvirt-daemon-system\
# libvirt-clients qemu-utils qemu-kvm htop atop -y
# sudo install -m 0755 -d /etc/apt/keyrings
# }
# install_docker() {
# VERSION_STRING=5:26.1.0-1~ubuntu.24.04~noble
# sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
# sudo chmod a+r /etc/apt/keyrings/docker.asc
# # Add the repository to Apt sources:
# echo \
# "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
# $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
# sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# sudo apt-get update -y
# sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
# }
# install_docker_auto () {
# curl -fsSL https://get.docker.com -o get-docker.sh
# sudo sh ./get-docker.sh --dry-run
# }
VAGRANT_VERSION=2.4.1
VAGRANT_DEFAULT_PROVIDER=libvirt
VAGRANT_ANSIBLE_TAGS=facts
LANG=C.UTF-8
DEBIAN_FRONTEND=noninteractive
PYTHONDONTWRITEBYTECODE=1
KUBE_VERSION=1.29.5
pipeline_install() {
cp /etc/apt/sources.list /etc/apt/sources.list."$(date +"%F")"
sed -i -e '/^# deb-src.*universe$/s/# //g' /etc/apt/sources.list
sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/ubuntu.sources
apt update
# libssl-dev \
# python3-dev \
# # jq \
# moreutils \
# libvirt-dev \
# # rsync \
# git \
# # htop \
# gpg \
# atop
# gnupg2 \
# software-properties-common
#
apt install --no-install-recommends -y \
git \
make \
python3-pip \
sshpass \
apt-transport-https \
openssh-client \
ca-certificates \
curl \
libfuse2 \
unzip \
qemu-utils \
libvirt-daemon-system \
libvirt-clients \
qemu-kvm \
ebtables libguestfs-tools \
ruby-fog-libvirt \
libvirt-dev \
gcc \
build-essential \
ruby-libvirt \
libxslt-dev libxml2-dev zlib1g-dev \
python3-venv python3-full \
dnsmasq
apt-get build-dep -y ruby-libvirt ruby-dev
### VAGRANT ###
# apt-get install -y unzip
curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_linux_amd64.zip
unzip vagrant_${VAGRANT_VERSION}_linux_amd64.zip
mv vagrant /usr/local/bin/vagrant
chmod a+x /usr/local/bin/vagrant
# ls -la /usr/local/bin/vagrant
/usr/local/bin/vagrant plugin install vagrant-libvirt
usermod -aG kvm kubespray
usermod -aG libvirt kubespray
### DOCKER ###
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository -y "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt update
apt install --no-install-recommends -y docker-ce
apt autoremove -y --purge && apt clean && rm -rf /var/lib/apt/lists/* /var/log/*
### KUBECTL ###
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
mv kubectl /usr/local/bin/kubectl
chmod a+x /usr/local/bin/kubectl
systemctl restart libvirtd
# Install Vagrant
# apt update -y
# echo apt-get install -y unzip libfuse2 vagrant vagrant-libvirt
# apt --fix-broken install -y
# dpkg --configure -a -y
}
# wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
pipeline_install