From fc57f9adbf305d1abea3fa35cded9084263618ff Mon Sep 17 00:00:00 2001 From: Navid Shaikh Date: Tue, 28 May 2019 17:45:29 +0530 Subject: [PATCH] Adds OpenShift specific files Adds scripts and files for configuring CI setup against OpenShift. --- LICENSE | 202 +++++++++++++++++ Makefile | 22 ++ OWNERS | 7 + OWNERS_ALIASES | 17 ++ openshift/build-image/Dockerfile | 11 + openshift/build-image/kubernetes.repo | 7 + openshift/ci-operator/generate-ci-config.sh | 36 ++++ openshift/e2e-tests-openshift.sh | 228 ++++++++++++++++++++ openshift/release/README.md | 35 +++ openshift/release/create-release-branch.sh | 18 ++ openshift/release/generate-release.sh | 16 ++ openshift/release/resolve.sh | 29 +++ openshift/release/update-to-head.sh | 34 +++ 13 files changed, 662 insertions(+) create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 OWNERS create mode 100644 OWNERS_ALIASES create mode 100644 openshift/build-image/Dockerfile create mode 100644 openshift/build-image/kubernetes.repo create mode 100755 openshift/ci-operator/generate-ci-config.sh create mode 100755 openshift/e2e-tests-openshift.sh create mode 100644 openshift/release/README.md create mode 100755 openshift/release/create-release-branch.sh create mode 100755 openshift/release/generate-release.sh create mode 100755 openshift/release/resolve.sh create mode 100755 openshift/release/update-to-head.sh diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000000..e580aa0c70 --- /dev/null +++ b/Makefile @@ -0,0 +1,22 @@ +#This makefile is used by ci-operator + +CGO_ENABLED=0 +GOOS=linux + +build: + ./hack/build.sh +.PHONY: build + +test-e2e: + ./openshift/e2e-tests-openshift.sh +.PHONY: test-e2e + +# Generates a ci-operator configuration for a specific branch. +generate-ci-config: + ./openshift/ci-operator/generate-ci-config.sh $(BRANCH) > ci-operator-config.yaml +.PHONY: generate-ci-config + +# Generate an aggregated knative yaml file with replaced image references +generate-release: + ./openshift/release/generate-release.sh $(RELEASE) +.PHONY: generate-release diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000000..31f5b2180f --- /dev/null +++ b/OWNERS @@ -0,0 +1,7 @@ +# The OWNERS file is used by prow to automatically merge approved PRs. + +approvers: +- client-approvers + +reviewers: +- client-reviewers diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 0000000000..674ede81cc --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,17 @@ +aliases: + client-approvers: + - alanfx + - bbrowning + - markusthoemmes + - vdemeester + - matzew + - rhuss + - navidshaikh + client-reviewers: + - alanfx + - bbrowning + - markusthoemmes + - vdemeester + - matzew + - rhuss + - navidshaikh diff --git a/openshift/build-image/Dockerfile b/openshift/build-image/Dockerfile new file mode 100644 index 0000000000..0020279035 --- /dev/null +++ b/openshift/build-image/Dockerfile @@ -0,0 +1,11 @@ +# Dockerfile to bootstrap build and test in openshift-ci + +FROM openshift/origin-release:golang-1.12 + +# Add kubernetes repository +ADD openshift/ci-operator/build-image/kubernetes.repo /etc/yum.repos.d/ + +RUN yum install -y kubectl ansible + +# Allow runtime users to add entries to /etc/passwd +RUN chmod g+rw /etc/passwd diff --git a/openshift/build-image/kubernetes.repo b/openshift/build-image/kubernetes.repo new file mode 100644 index 0000000000..65eda50b5b --- /dev/null +++ b/openshift/build-image/kubernetes.repo @@ -0,0 +1,7 @@ +[kubernetes] +name=Kubernetes +baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=1 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg diff --git a/openshift/ci-operator/generate-ci-config.sh b/openshift/ci-operator/generate-ci-config.sh new file mode 100755 index 0000000000..fd33a4f8fa --- /dev/null +++ b/openshift/ci-operator/generate-ci-config.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +branch=${1-'master'} + +cat <> Patching Knative Serving CatalogSource to reference CI produced images" + RELEASE_YAML="https://raw.githubusercontent.com/openshift/knative-serving/$SERVING_RELEASE_BRANCH/openshift/release/knative-serving-ci.yaml" + sed "s|--filename=.*|--filename=${RELEASE_YAML}|" openshift/olm/knative-serving.catalogsource.yaml > knative-serving.catalogsource-ci.yaml + + # Install CatalogSources in OLM namespace + oc apply -n $OLM_NAMESPACE -f knative-serving.catalogsource-ci.yaml + timeout 900 '[[ $(oc get pods -n $OLM_NAMESPACE | grep -c knative) -eq 0 ]]' || return 1 + wait_until_pods_running $OLM_NAMESPACE + + # Deploy Knative Operators Serving + deploy_knative_operator serving + + # Wait for 6 pods to appear first + timeout 900 '[[ $(oc get pods -n $SERVING_NAMESPACE --no-headers | wc -l) -lt 6 ]]' || return 1 + wait_until_pods_running knative-serving || return 1 + + #enable_knative_interaction_with_registry + + # Wait for 2 pods to appear first + timeout 900 '[[ $(oc get pods -n istio-system --no-headers | wc -l) -lt 2 ]]' || return 1 + wait_until_service_has_external_ip istio-system istio-ingressgateway || fail_test "Ingress has no external IP" + + wait_until_hostname_resolves $(kubectl get svc -n istio-system istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].hostname}") + + header "Knative Installed successfully" +} + +function deploy_knative_operator(){ + local COMPONENT="knative-$1" + + cat <<-EOF | oc apply -f - + apiVersion: v1 + kind: Namespace + metadata: + name: ${COMPONENT} + EOF + if oc get crd operatorgroups.operators.coreos.com >/dev/null 2>&1; then + cat <<-EOF | oc apply -f - + apiVersion: operators.coreos.com/v1 + kind: OperatorGroup + metadata: + name: ${COMPONENT} + namespace: ${COMPONENT} + EOF + fi + cat <<-EOF | oc apply -f - + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: ${COMPONENT}-subscription + generateName: ${COMPONENT}- + namespace: ${COMPONENT} + spec: + source: ${COMPONENT}-operator + sourceNamespace: $OLM_NAMESPACE + name: ${COMPONENT}-operator + channel: alpha + EOF + cat <<-EOF | oc apply -f - + apiVersion: serving.knative.dev/v1alpha1 + kind: Install + metadata: + name: ${COMPONENT} + namespace: ${COMPONENT} + EOF +} + + +function enable_knative_interaction_with_registry() { + local configmap_name=config-service-ca + local cert_name=service-ca.crt + local mount_path=/var/run/secrets/kubernetes.io/servicecerts + + oc -n $SERVING_NAMESPACE create configmap $configmap_name + oc -n $SERVING_NAMESPACE annotate configmap $configmap_name service.alpha.openshift.io/inject-cabundle="true" + wait_until_configmap_contains $SERVING_NAMESPACE $configmap_name $cert_name + oc -n $SERVING_NAMESPACE set volume deployment/controller --add --name=service-ca --configmap-name=$configmap_name --mount-path=$mount_path + oc -n $SERVING_NAMESPACE set env deployment/controller SSL_CERT_FILE=$mount_path/$cert_name +} + +function create_test_namespace(){ + oc new-project $TEST_NAMESPACE + oc new-project $TEST_NAMESPACE_ALT + oc adm policy add-scc-to-user privileged -z default -n $TEST_NAMESPACE + oc adm policy add-scc-to-user privileged -z default -n $TEST_NAMESPACE_ALT +} + +function build_knative_client() { + failed=0 + ./hack/build.sh || failed=1 + return $failed +} + +function run_e2e_tests(){ + header "Running tests" + failed=0 + + # adding the basic workflow tests for now + # TODO: Link the integration tests written in go here once the PR is merged upstream + + ./kn service create hello --image $KN_DEFAULT_TEST_IMAGE -e TARGET=Knative || failed=1 + sleep 5 + ./kn service get || failed=1 + ./kn service update hello --env TARGET=kn || failed=1 + sleep 3 + ./kn revision get || failed=1 + ./kn service get || failed=1 + ./kn service create hello --force --image $KN_DEFAULT_TEST_IMAGE -e TARGET=Awesome || failed=1 + ./kn service create foo --force --image $KN_DEFAULT_TEST_IMAGE -e TARGET=foo || failed=1 + sleep 5 + ./kn revision get || failed=1 + ./kn service get || failed=1 + ./kn service describe hello || failed=1 + ./kn service delete hello || failed=1 + ./kn service delete foo || failed=1 + + return $failed +} + +function delete_knative_openshift() { + echo ">> Bringing down Knative Serving, Build and Pipeline" + oc delete --ignore-not-found=true -n $OLM_NAMESPACE -f knative-serving.catalogsource-ci.yaml + oc delete --ignore-not-found=true -f third_party/config/build/release.yaml + oc delete --ignore-not-found=true -f third_party/config/pipeline/release.yaml + + oc delete project $SERVING_NAMESPACE + oc delete project knative-build + oc delete project knative-build-pipeline +} + +function delete_test_namespace(){ + echo ">> Deleting test namespaces" + oc delete project $TEST_NAMESPACE + oc delete project $TEST_NAMESPACE_ALT +} + +function teardown() { + delete_test_namespace + delete_knative_openshift +} + +create_test_namespace || exit 1 + +failed=0 + +(( !failed )) && build_knative_client || failed=1 + +(( !failed )) && install_knative || failed=1 + +(( !failed )) && run_e2e_tests || failed=1 + +teardown + +(( failed )) && exit 1 + +success diff --git a/openshift/release/README.md b/openshift/release/README.md new file mode 100644 index 0000000000..2d7a668fc1 --- /dev/null +++ b/openshift/release/README.md @@ -0,0 +1,35 @@ +# Release creation + +## Branching + +As far as branching goes, we have two use-cases: + +1. Creating a branch based off an upstream release tag. +2. Having a branch that follow upstream's HEAD and serves as a vehicle for continuous integration. + +A prerequisite for both scripts is that your local clone of the repository has a remote "upstream" +that points to the upstream repository and a remote "openshift" that points to the openshift fork. + +Run the scripts from the root of the repository. + +### Creating a branch based off an upstream release tag + +To create a clean branch from an upstream release tag, use the `create-release-branch.sh` script: + +```bash +$ ./openshift/release/create-release-branch.sh v0.4.1 release-0.4 +``` + +This will create a new branch "release-0.4" based off the tag "v0.4.1" and add all OpenShift specific +files that we need to run CI on top of it. + +### Updating the release-next branch that follow upstream's HEAD + +To update a branch to the latest HEAD of upstream use the `update-to-head.sh` script: + +```bash +$ ./openshift/release/update-to-head.sh +``` + +That will pull the latest master from upstream, rebase the current fixes on the release-next branch +on top of it, update the Openshift specific files if necessary, and then trigger CI. \ No newline at end of file diff --git a/openshift/release/create-release-branch.sh b/openshift/release/create-release-branch.sh new file mode 100755 index 0000000000..e9a4bf3578 --- /dev/null +++ b/openshift/release/create-release-branch.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Usage: create-release-branch.sh v0.4.1 release-0.4 + +release=$1 +target=$2 + +# Fetch the latest tags and checkout a new branch from the wanted tag. +git fetch upstream --tags +git checkout -b "$target" "$release" + +# Update openshift's master and take all needed files from there. +git fetch openshift master +git checkout openshift/master -- openshift OWNERS_ALIASES OWNERS Makefile +make RELEASE=$release generate-release +make RELEASE=ci generate-release +git add openshift OWNERS_ALIASES OWNERS Makefile +git commit -m "Add openshift specific files." diff --git a/openshift/release/generate-release.sh b/openshift/release/generate-release.sh new file mode 100755 index 0000000000..582b66c86a --- /dev/null +++ b/openshift/release/generate-release.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +#source $(dirname $0)/resolve.sh + +release=$1 +output_binary="kn" + +if [ $release = "ci" ]; then + output_binary="kn-ci" + tag="" +else + output_binary="kn" + tag=$release +fi + +resolve_resources config/ $output_file $image_prefix $tag diff --git a/openshift/release/resolve.sh b/openshift/release/resolve.sh new file mode 100755 index 0000000000..c3146ed73b --- /dev/null +++ b/openshift/release/resolve.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +function resolve_resources(){ + local dir=$1 + local resolved_file_name=$2 + local image_prefix=$3 + local image_tag=$4 + + [[ -n $image_tag ]] && image_tag=":$image_tag" + + echo "Writing resolved yaml to $resolved_file_name" + + > $resolved_file_name + + for yaml in "$dir"/*.yaml; do + echo "---" >> $resolved_file_name + # 1. Prefix test image references with test- + # 2. Rewrite image references + # 3. Update config map entry + # 4. Remove comment lines + # 5. Remove empty lines + sed -e "s+\(.* image: \)\(github.com\)\(.*/\)\(test/\)\(.*\)+\1\2 \3\4test-\5+g" \ + -e "s+\(.* image: \)\(github.com\)\(.*/\)\(.*\)+\1 ${image_prefix}\4${image_tag}+g" \ + -e "s+\(.* queueSidecarImage: \)\(github.com\)\(.*/\)\(.*\)+\1 ${image_prefix}\4${image_tag}+g" \ + -e '/^[ \t]*#/d' \ + -e '/^[ \t]*$/d' \ + "$yaml" >> $resolved_file_name + done +} diff --git a/openshift/release/update-to-head.sh b/openshift/release/update-to-head.sh new file mode 100755 index 0000000000..39be3422ed --- /dev/null +++ b/openshift/release/update-to-head.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +# Synchs the release-next branch to master and then triggers CI +# Usage: update-to-head.sh + +set -e +REPO_NAME=`basename $(git rev-parse --show-toplevel)` + +# Reset release-next to upstream/master. +git fetch upstream master +git checkout upstream/master -B release-next + +# Update openshift's master and take all needed files from there. +git fetch openshift master +git checkout openshift/master openshift OWNERS_ALIASES OWNERS Makefile +#make generate-dockerfiles +make RELEASE=ci generate-release +git add openshift OWNERS_ALIASES OWNERS Makefile +git commit -m ":open_file_folder: Update openshift specific files." + +git push -f openshift release-next + +# Trigger CI +git checkout release-next -B release-next-ci +date > ci +git add ci +git commit -m ":robot: Triggering CI on branch 'release-next' after synching to upstream/master" +git push -f openshift release-next-ci + +if hash hub 2>/dev/null; then + hub pull-request --no-edit -l "kind/sync-fork-to-upstream" -b openshift/${REPO_NAME}:release-next -h openshift/${REPO_NAME}:release-next-ci +else + echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually." +fi