feat: add support to testing operator on disconnected env

vprashar2929 · vprashar2929 · commit 62310ad16c72 · 2025-02-04T16:06:13.000+05:30
Signed-off-by: Vibhu Prashar &lt;vibhu.sharma2929@gmail.com&gt;
diff --git a/ci-operator/config/openshift-power-monitoring/power-monitoring-operator/openshift-power-monitoring-power-monitoring-operator-v1alpha1__ocp-4.17-disconnected.yaml b/ci-operator/config/openshift-power-monitoring/power-monitoring-operator/openshift-power-monitoring-power-monitoring-operator-v1alpha1__ocp-4.17-disconnected.yaml
@@ -0,0 +1,46 @@
+base_images:
+  cli:
+    name: "4.17"
+    namespace: ocp
+    tag: cli
+  tools:
+    name: "4.17"
+    namespace: ocp
+    tag: tools
+  upi-installer:
+    name: "4.17"
+    namespace: ocp
+    tag: upi-installer
+build_root:
+  image_stream_tag:
+    name: release
+    namespace: openshift
+    tag: rhel-8-release-golang-1.21-openshift-4.16
+images:
+- context_dir: .
+  dockerfile_path: tests/Dockerfile
+  to: power-monitoring-operator-tests-runner
+releases:
+  latest:
+    candidate:
+      product: ocp
+      stream: nightly
+      version: "4.17"
+resources:
+  '*':
+    requests:
+      cpu: 100m
+      memory: 200Mi
+tests:
+- always_run: false
+  as: powermonitoring-tests-disconnected
+  steps:
+    cluster_profile: gcp-qe
+    test:
+    - ref: openshift-power-monitoring-install-disconnected
+    workflow: cucushift-installer-rehearse-gcp-ipi-disconnected
+zz_generated_metadata:
+  branch: v1alpha1
+  org: openshift-power-monitoring
+  repo: power-monitoring-operator
+  variant: ocp-4.17-disconnected
diff --git a/ci-operator/jobs/openshift-power-monitoring/power-monitoring-operator/openshift-power-monitoring-power-monitoring-operator-v1alpha1-presubmits.yaml b/ci-operator/jobs/openshift-power-monitoring/power-monitoring-operator/openshift-power-monitoring-power-monitoring-operator-v1alpha1-presubmits.yaml
@@ -112,6 +112,141 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )images,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^v1alpha1$
+    - ^v1alpha1-
+    cluster: build10
+    context: ci/prow/ocp-4.17-disconnected-images
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci-operator.openshift.io/variant: ocp-4.17-disconnected
+      ci.openshift.io/generator: prowgen
+      job-release: "4.17"
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-power-monitoring-power-monitoring-operator-v1alpha1-ocp-4.17-disconnected-images
+    rerun_command: /test ocp-4.17-disconnected-images
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --report-credentials-file=/etc/report/credentials
+        - --target=[images]
+        - --variant=ocp-4.17-disconnected
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )ocp-4.17-disconnected-images,?($|\s.*)
+  - agent: kubernetes
+    always_run: false
+    branches:
+    - ^v1alpha1$
+    - ^v1alpha1-
+    cluster: build02
+    context: ci/prow/ocp-4.17-disconnected-powermonitoring-tests-disconnected
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci-operator.openshift.io/cloud: gcp
+      ci-operator.openshift.io/cloud-cluster-profile: gcp-qe
+      ci-operator.openshift.io/variant: ocp-4.17-disconnected
+      ci.openshift.io/generator: prowgen
+      job-release: "4.17"
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-power-monitoring-power-monitoring-operator-v1alpha1-ocp-4.17-disconnected-powermonitoring-tests-disconnected
+    rerun_command: /test ocp-4.17-disconnected-powermonitoring-tests-disconnected
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=powermonitoring-tests-disconnected
+        - --variant=ocp-4.17-disconnected
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )(ocp-4.17-disconnected-powermonitoring-tests-disconnected|remaining-required),?($|\s.*)
   - agent: kubernetes
     always_run: false
     branches:
diff --git a/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/OWNERS b/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/OWNERS
diff --git a/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-commands.sh b/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-commands.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+set -e
+set -u
+set -o pipefail
+
+# Set XDG_RUNTIME_DIR/containers to be used by oc mirror
+export HOME=/tmp/home
+export XDG_RUNTIME_DIR="${HOME}/run"
+export REGISTRY_AUTH_PREFERENCE=podman
+mkdir -p "${XDG_RUNTIME_DIR}/containers"
+cd "$HOME" || exit 1
+
+function run_command() {
+	local CMD="$1"
+	echo "Running Command: ${CMD}"
+	eval "${CMD}"
+}
+
+# Mirror operator and test images to the Mirror registry. Create Catalog sources and Image Content Source Policy.
+function mirror_catalog_icsp() {
+	registry_cred=$(head -n 1 "/var/run/vault/mirror-registry/registry_creds" | base64 -w 0)
+
+	optional_auth_user=$(cat "/var/run/vault/mirror-registry/registry_quay.json" | jq -r '.user')
+	optional_auth_password=$(cat "/var/run/vault/mirror-registry/registry_quay.json" | jq -r '.password')
+	qe_registry_auth=$(echo -n "${optional_auth_user}:${optional_auth_password}" | base64 -w 0)
+
+	openshifttest_auth_user=$(cat "/var/run/vault/mirror-registry/registry_quay_openshifttest.json" | jq -r '.user')
+	openshifttest_auth_password=$(cat "/var/run/vault/mirror-registry/registry_quay_openshifttest.json" | jq -r '.password')
+	openshifttest_registry_auth=$(echo -n "${openshifttest_auth_user}:${openshifttest_auth_password}" | base64 -w 0)
+
+	brew_auth_user=$(cat "/var/run/vault/mirror-registry/registry_brew.json" | jq -r '.user')
+	brew_auth_password=$(cat "/var/run/vault/mirror-registry/registry_brew.json" | jq -r '.password')
+	brew_registry_auth=$(echo -n "${brew_auth_user}:${brew_auth_password}" | base64 -w 0)
+
+	stage_auth_user=$(cat "/var/run/vault/mirror-registry/registry_stage.json" | jq -r '.user')
+	stage_auth_password=$(cat "/var/run/vault/mirror-registry/registry_stage.json" | jq -r '.password')
+	stage_registry_auth=$(echo -n "${stage_auth_user}:${stage_auth_password}" | base64 -w 0)
+
+	redhat_auth_user=$(cat "/var/run/vault/mirror-registry/registry_redhat.json" | jq -r '.user')
+	redhat_auth_password=$(cat "/var/run/vault/mirror-registry/registry_redhat.json" | jq -r '.password')
+	redhat_registry_auth=$(echo -n "${redhat_auth_user}:${redhat_auth_password}" | base64 -w 0)
+
+	# run_command "cat ${CLUSTER_PROFILE_DIR}/pull-secret"
+	# Running Command: cat /tmp/.dockerconfigjson
+	# {"auths":{"ec2-3-92-162-185.compute-1.amazonaws.com:5000":{"auth":"XXXXXXXXXXXXXXXX"}}}
+	run_command "oc extract secret/pull-secret -n openshift-config --confirm --to /tmp"
+	ret=$?
+	MIRROR_REGISTRY_HOST=$(head -n 1 "${SHARED_DIR}/mirror_registry_url")
+	echo $MIRROR_REGISTRY_HOST
+	if [[ $ret -eq 0 ]]; then
+		jq --argjson a "{\"registry.stage.redhat.io\": {\"auth\": \"$stage_registry_auth\"}, \"brew.registry.redhat.io\": {\"auth\": \"$brew_registry_auth\"}, \"registry.redhat.io\": {\"auth\": \"$redhat_registry_auth\"}, \"${MIRROR_REGISTRY_HOST}\": {\"auth\": \"$registry_cred\"}, \"quay.io/openshift-qe-optional-operators\": {\"auth\": \"${qe_registry_auth}\", \"email\":\"jiazha@redhat.com\"},\"quay.io/openshifttest\": {\"auth\": \"${openshifttest_registry_auth}\"}}" '.auths |= . + $a' "/tmp/.dockerconfigjson" >${XDG_RUNTIME_DIR}/containers/auth.json
+		export REG_CREDS=${XDG_RUNTIME_DIR}/containers/auth.json
+	else
+		echo "!!! fail to extract the auth of the cluster"
+		return 1
+	fi
+
+	# prepare ImageSetConfiguration
+	run_command "mkdir /tmp/images"
+	cat <<EOF >/tmp/image-set.yaml
+
+kind: ImageSetConfiguration
+apiVersion: mirror.openshift.io/v1alpha2
+archiveSize: 30
+storageConfig:
+  local:
+    path: /tmp/images
+mirror:
+  additionalImages:
+  # Used for running disconnected tests
+  - name: quay.io/redhat-user-workloads/rhpm-tenant/power-monitoring-operator-bundle:v0.4.0
+  - name: quay.io/redhat-user-workloads/rhpm-tenant/power-monitoring-operator:v0.15.0
+  - name: quay.io/redhat-user-workloads/rhpm-tenant/kepler:v0.7.12
+EOF
+
+	run_command "cd /tmp"
+	run_command "curl -L -o oc-mirror.tar.gz https://mirror.openshift.com/pub/openshift-v4/amd64/clients/ocp/latest/oc-mirror.tar.gz && tar -xvzf oc-mirror.tar.gz && chmod +x oc-mirror"
+	run_command "./oc-mirror --config=/tmp/image-set.yaml docker://${MIRROR_REGISTRY_HOST} --continue-on-error --ignore-history --source-skip-tls --dest-skip-tls || true"
+	run_command "cp oc-mirror-workspace/results-*/mapping.txt ."
+	# run_command "sed -e 's|registry.redhat.io|registry.stage.redhat.io|g' -e 's|brew.registry.stage.redhat.io/rh-osbs/tempo|brew.registry.redhat.io/rh-osbs/iib|g' -e 's|brew.registry.stage.redhat.io/rh-osbs/otel|brew.registry.redhat.io/rh-osbs/iib|g' -e 's|brew.registry.stage.redhat.io/rh-osbs/jaeger|brew.registry.redhat.io/rh-osbs/iib|g' mapping.txt > mapping-stage.txt"
+	run_command "oc image mirror -a ${REG_CREDS} -f mapping.txt --insecure --filter-by-os='.*'"
+
+	echo "Creating Image Content Source Policy"
+	oc apply -f - <<EOF
+  apiVersion: operator.openshift.io/v1alpha1
+  kind: ImageContentSourcePolicy
+  metadata:
+    name: test-registry
+  spec:
+    repositoryDigestMirrors:
+    - mirrors:
+      - $MIRROR_REGISTRY_HOST
+      source: quay.io
+EOF
+	echo "Install operator-sdk and dependencies"
+	export OPERATOR_SDK_VERSION=1.36.1
+	export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac)
+	export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v${OPERATOR_SDK_VERSION}
+	curl -Lo operator-sdk ${OPERATOR_SDK_DL_URL}/operator-sdk_linux_${ARCH}
+	chmod +x operator-sdk
+	./operator-sdk version
+
+	./operator-sdk run bundle --timeout=5m --namespace "openshift-operators" "quay.io/redhat-user-workloads/rhpm-tenant/power-monitoring-operator-bundle:v0.4.0" --verbose
+
+	oc logs -n openshift-operators -f deployment/kepler-operator-controller
+
+}
+
+run_command "oc whoami"
+run_command "oc version -o yaml"
+
+mirror_catalog_icsp
+
+while [[ -f /tmp/unsleep ]]; do
+	echo "sleeping for 10 seconds"
+	sleep 10
+done
diff --git a/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.metadata.json b/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.metadata.json
@@ -0,0 +1,4 @@
+{
+	"path": "openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.yaml",
+	"owners": {}
+}
diff --git a/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.yaml b/ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.yaml
@@ -0,0 +1,18 @@
+ref:
+  as: openshift-power-monitoring-install-disconnected
+  from: upi-installer
+  timeout: 3h0m0s
+  cli: latest
+  grace_period: 10m
+  commands: openshift-power-monitoring-install-disconnected-commands.sh
+  resources:
+    requests:
+      cpu: 100m
+      memory: 100Mi
+  credentials:
+  - namespace: test-credentials
+    name: openshift-custom-mirror-registry
+    mount_path: /var/run/vault/mirror-registry
+  documentation: |-
+    Install Power Monitoring Operator catalog source for running operators in disconnected env.
+

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +	"path": "openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.yaml",
 +	"owners": {}
 +}