CORS-4336: Add CI jobs for AWS European Sovereign Cloud (EUSC) #75568
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1862,6 +1862,98 @@ tests: | |
| test: | ||
| - chain: openshift-e2e-test-qe-destructive | ||
| workflow: cucushift-installer-rehearse-aws-usgov-ipi-private-workers-marketplace | ||
| - as: aws-eusc-ipi-f7 | ||
| cron: 0 0 7,14,23,30 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi | ||
| - as: aws-eusc-ipi-f28-destructive | ||
| cron: 0 0 28 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe-destructive | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi | ||
| - as: aws-eusc-ipi-private-f7 | ||
| cron: 0 6 7,14,23,30 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
|
Contributor
There was a problem hiding this comment. This public domain is being used by another AWS account, you can apply a new one from PGE team.
Contributor
Author
There was a problem hiding this comment. request submitted: https://issues.redhat.com/browse/DPP-19749 |
||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi-private | ||
| - as: aws-eusc-ipi-private-f28-destructive | ||
| cron: 0 6 28 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe-destructive | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi-private | ||
| - as: aws-eusc-ipi-fips-f7 | ||
| cron: 0 3 7,14,23,30 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| FIPS_ENABLED: "true" | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi | ||
| - as: aws-eusc-ipi-private-fips-f7 | ||
| cron: 0 9 7,14,23,30 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| FIPS_ENABLED: "true" | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi-private | ||
| - as: aws-eusc-ipi-disconnected-private-f7 | ||
| cron: 0 12 7,14,23,30 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private | ||
| - as: aws-eusc-ipi-sts-f7 | ||
| cron: 0 15 7,14,23,30 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi-sts | ||
| - as: aws-eusc-ipi-byo-kms-f7 | ||
| cron: 0 18 7,14,23,30 * * | ||
| steps: | ||
| cluster_profile: aws-eusc | ||
| env: | ||
| BASE_DOMAIN: qe.devcluster.openshift.com | ||
| TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& | ||
| test: | ||
| - chain: openshift-e2e-test-qe | ||
| workflow: cucushift-installer-rehearse-aws-eusc-ipi-byo-kms | ||
| - as: azure-aks-hypershift-arm-nodepool-guest-f7 | ||
| cron: 1 2 7,14,23,30 * * | ||
| steps: | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| workflow: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi-byo-kms | ||
| steps: | ||
| pre: | ||
| - chain: cucushift-installer-rehearse-aws-eusc-ipi-byo-kms-provision | ||
| - ref: cucushift-installer-reportportal-marker | ||
| post: | ||
| - chain: cucushift-installer-rehearse-aws-eusc-ipi-byo-kms-deprovision | ||
| - ref: send-results-to-reportportal | ||
| documentation: |- | ||
| Workflow for IPI cluster with custom KMS key and etcd encryption on AWS EUSC for QE e2e tests. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| chain: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi-byo-kms-deprovision | ||
| steps: | ||
| - chain: cucushift-installer-rehearse-aws-ipi-deprovision | ||
| - ref: aws-deprovision-kms-key | ||
| documentation: |- | ||
| Deprovision an OpenShift cluster with custom KMS key from AWS EUSC. | ||
|
|
||
| This chain performs cleanup for KMS clusters: | ||
| - Standard cluster deprovision | ||
| - Remove custom KMS key |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| chain: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi-byo-kms-provision | ||
| steps: | ||
| - ref: aws-provision-kms-key | ||
| - ref: ipi-conf | ||
| - ref: ipi-conf-telemetry | ||
| - ref: ipi-conf-aws | ||
| - ref: ipi-conf-aws-custom-endpoints | ||
| - ref: ipi-conf-aws-kms-key | ||
| - ref: ipi-install-monitoringpvc | ||
| - ref: ipi-conf-aws-usage-info | ||
| - chain: aws-provision-iam-user-minimal-permission | ||
| - chain: ipi-install | ||
| - ref: enable-qe-catalogsource | ||
| - ref: etcd-encryption | ||
| - chain: cucushift-installer-check | ||
| - ref: cucushift-installer-check-aws-byo-kms-key | ||
| env: | ||
| - name: CONTROL_PLANE_INSTANCE_TYPE | ||
| default: "m6i.xlarge" | ||
| documentation: "Instance type for control plane nodes" | ||
| - name: COMPUTE_NODE_TYPE | ||
| default: "m5.xlarge" | ||
| documentation: "Instance type for compute nodes" | ||
| documentation: |- | ||
| Provision an OpenShift cluster on AWS EUSC with custom KMS key and etcd encryption. | ||
|
|
||
| This chain configures EUSC-specific KMS requirements: | ||
| - Custom KMS key for encryption | ||
| - Service endpoints auto-detected for EUSC partition (.amazonaws.eu domain) | ||
| - Custom RHCOS AMI (set CONTROL_PLANE_AMI/COMPUTE_AMI in cluster profile) | ||
| - Etcd encryption enabled | ||
| - KMS key applied to both control plane and compute nodes | ||
| - Minimal IAM permissions | ||
|
|
||
| Note: CONTROL_PLANE_AMI and/or COMPUTE_AMI must be provided as EUSC regions | ||
| don't have public RHCOS AMIs. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| workflow: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi | ||
| steps: | ||
| pre: | ||
| - chain: cucushift-installer-rehearse-aws-eusc-ipi-provision | ||
| - ref: cucushift-installer-reportportal-marker | ||
| post: | ||
| - chain: cucushift-installer-rehearse-aws-eusc-ipi-deprovision | ||
| - ref: send-results-to-reportportal | ||
| documentation: |- | ||
| This workflow provisions a standard OpenShift cluster on AWS European | ||
| Sovereign Cloud (EUSC) using IPI, runs tests, and deprovisions the cluster. | ||
|
|
||
| EUSC-specific features: | ||
| - Region: eusc-de-east-1 (Brandenburg, Germany) | ||
| - Partition: aws-eusc | ||
| - Custom service endpoints configuration (.amazonaws.eu domain) | ||
| - Custom RHCOS AMI requirement | ||
| - 2 availability zones only (eusc-de-east-1a, eusc-de-east-1b) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| chain: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi-deprovision | ||
| steps: | ||
| - chain: cucushift-installer-rehearse-aws-ipi-deprovision | ||
| documentation: |- | ||
| Deprovision a standard OpenShift cluster from AWS EUSC. | ||
|
|
||
| This chain performs standard cluster cleanup for IPI installations. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| workflow: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private | ||
| steps: | ||
| pre: | ||
| - chain: cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private-provision | ||
| - ref: cucushift-installer-reportportal-marker | ||
| post: | ||
| - chain: cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private-deprovision | ||
| - ref: send-results-to-reportportal | ||
| documentation: |- | ||
| Workflow for disconnected (air-gapped) private IPI cluster on AWS EUSC for QE e2e tests. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| chain: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private-deprovision | ||
| steps: | ||
| - ref: gather-installer-boostrap-logs-in-bastion | ||
| - ref: gather-mirror-registry | ||
| - chain: cucushift-installer-rehearse-aws-ipi-deprovision | ||
| - ref: aws-deprovision-security-group | ||
| - ref: aws-deprovision-stacks | ||
| - ref: aws-deprovision-s3buckets | ||
| documentation: |- | ||
| Deprovision a disconnected private OpenShift cluster from AWS EUSC. | ||
|
|
||
| This chain performs complete cleanup for disconnected clusters: | ||
| - Gather bootstrap logs from bastion host | ||
| - Gather mirror registry logs | ||
| - Standard cluster deprovision | ||
| - Remove custom security groups | ||
| - Clean up CloudFormation stacks | ||
| - Remove S3 buckets created during installation |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| chain: | ||
| as: cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private-provision | ||
| steps: | ||
| - ref: aws-provision-vpc-disconnected | ||
| - chain: aws-provision-bastionhost | ||
| - ref: aws-provision-security-group | ||
| - chain: mirror-images-payload | ||
| - ref: ipi-conf | ||
| - ref: ipi-conf-telemetry | ||
| - ref: ipi-conf-aws-custom-vpc | ||
| - ref: ipi-conf-manual-creds | ||
| - ref: ipi-conf-aws | ||
| - ref: ipi-conf-aws-custom-security-groups | ||
| - ref: ipi-conf-aws-custom-endpoints | ||
| - ref: ipi-conf-mirror | ||
| - ref: ipi-install-monitoringpvc | ||
| - ref: proxy-config-generate | ||
| - ref: aws-provision-cco-manual-users-static | ||
| - ref: ipi-conf-manual-creds-remove-unnecessary-creds | ||
| - ref: ipi-conf-aws-usage-info | ||
| - chain: aws-provision-iam-user-minimal-permission | ||
| - ref: ipi-install-install-aws | ||
| - ref: cucushift-installer-check-cco-manual-mode | ||
| - ref: ipi-install-times-collection | ||
| - ref: aws-provision-tags-for-byo-vpc | ||
| - ref: cucushift-installer-check-aws-custom-vpc | ||
| - ref: enable-qe-catalogsource-disconnected | ||
| - ref: mirror-images-tag-images | ||
| - ref: set-sample-operator-disconnected | ||
| - chain: cucushift-installer-check | ||
| env: | ||
| - name: CONTROL_PLANE_INSTANCE_TYPE | ||
| default: "m6i.xlarge" | ||
| documentation: "Instance type for control plane nodes" | ||
| - name: COMPUTE_NODE_TYPE | ||
| default: "m5.xlarge" | ||
| documentation: "Instance type for compute nodes" | ||
| - name: ADD_INGRESS_RECORDS_MANUALLY | ||
| default: "yes" | ||
| documentation: "Enable manually create apps dns record." | ||
| - name: PUBLISH | ||
| default: "Internal" | ||
| documentation: "Cluster publish strategy." | ||
| - name: MIRROR_IN_BASTION | ||
| default: "yes" | ||
| documentation: |- | ||
| Provision a disconnected (air-gapped) private OpenShift cluster on AWS EUSC. | ||
|
|
||
| This chain configures EUSC-specific disconnected cluster requirements: | ||
| - Disconnected VPC with no internet gateway | ||
| - Bastion host for installer access | ||
| - Mirror registry for container images | ||
| - Service endpoints auto-detected for EUSC partition (.amazonaws.eu domain) | ||
| - Custom RHCOS AMI (set CONTROL_PLANE_AMI/COMPUTE_AMI in cluster profile) | ||
| - Manual credential mode for CCO | ||
| - Minimal IAM permissions | ||
| - Internal publish strategy | ||
|
|
||
| Note: CONTROL_PLANE_AMI and/or COMPUTE_AMI must be provided as EUSC regions | ||
| don't have public RHCOS AMIs. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| approvers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan | ||
| reviewers: | ||
| - jianlinliu | ||
| - yunjiang29 | ||
| - gpei | ||
| - liweinan |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned in this comment, can we add some other feature to this job?
And we also needs a destructive job.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay!