From 24fed80b6a8063c63d7a7efa6b5edd9f166387e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=98=BF=E7=94=B7?= Date: Tue, 3 Mar 2026 01:27:50 +0800 Subject: [PATCH] Add CI jobs for AWS European Sovereign Cloud (EUSC) Implement continuous integration support for AWS EUSC partition (aws-eusc) in eusc-de-east-1 region. Includes cluster profile definition, service endpoints configuration, custom AMI handling, and periodic test jobs. This enables OpenShift testing on AWS's new European Sovereign Cloud infrastructure, which requires explicit endpoint configuration and custom RHCOS AMIs not available in public regions. --- ...s-private-release-4.22__amd64-nightly.yaml | 23 ++++++++++ .../cluster-profiles-config.yaml | 7 +++ .../rehearse/aws/eusc/ipi/private/OWNERS | 10 ++++ ...ehearse-aws-eusc-ipi-private-workflow.yaml | 20 ++++++++ .../aws/eusc/ipi/private/deprovision/OWNERS | 10 ++++ ...ws-eusc-ipi-private-deprovision-chain.yaml | 6 +++ .../aws/eusc/ipi/private/provision/OWNERS | 10 ++++ ...-aws-eusc-ipi-private-provision-chain.yaml | 18 ++++++++ .../ipi/conf/aws/eusc-ami/OWNERS | 10 ++++ .../ipi-conf-aws-eusc-ami-commands.sh | 27 +++++++++++ .../eusc-ami/ipi-conf-aws-eusc-ami-ref.yaml | 26 +++++++++++ .../ipi/conf/aws/eusc-endpoints/OWNERS | 10 ++++ .../ipi-conf-aws-eusc-endpoints-commands.sh | 46 +++++++++++++++++++ .../ipi-conf-aws-eusc-endpoints-ref.yaml | 26 +++++++++++ 14 files changed, 249 insertions(+) create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/cucushift-installer-rehearse-aws-eusc-ipi-private-workflow.yaml create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/cucushift-installer-rehearse-aws-eusc-ipi-private-deprovision-chain.yaml create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml create mode 100644 ci-operator/step-registry/ipi/conf/aws/eusc-ami/OWNERS create mode 100755 ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-commands.sh create mode 100644 ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-ref.yaml create mode 100644 ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/OWNERS create mode 100755 ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-commands.sh create mode 100644 ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-ref.yaml diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml index 1f1ea895e8114..77a16fc4e3e4c 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml @@ -1851,6 +1851,29 @@ tests: test: - chain: openshift-e2e-test-qe-destructive workflow: cucushift-installer-rehearse-aws-usgov-ipi-private-workers-marketplace +- as: aws-eusc-ipi-private-f60 + cron: 0 6 */60 * * + steps: + cluster_profile: aws-eusc-qe + env: + BASE_DOMAIN: qe.devcluster.openshift.com + AWS_EUSC_REGION: eusc-de-east-1 + TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-aws-eusc-ipi-private +- as: aws-eusc-ipi-private-nlb-f60 + cron: 0 12 */60 * * + steps: + cluster_profile: aws-eusc-qe + env: + BASE_DOMAIN: qe.devcluster.openshift.com + AWS_EUSC_REGION: eusc-de-east-1 + AWS_LB_TYPE: NLB + TEST_FILTERS: ~EdgeZones&;~HyperShiftMGMT&;~MicroShiftOnly& + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-aws-eusc-ipi-private - as: azure-aks-hypershift-arm-nodepool-guest-f7 cron: 1 2 7,14,23,30 * * steps: diff --git a/ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml b/ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml index f7a6506168ac1..8b463085e9c3d 100644 --- a/ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml +++ b/ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml @@ -616,6 +616,13 @@ - openshift-tests-private - verification-tests +- profile: aws-eusc-qe + owners: + - org: openshift + repos: + - openshift-tests-private + - verification-tests + - profile: aws-autorelease-qe owners: - org: openshift diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/OWNERS new file mode 100644 index 0000000000000..dfb427b630047 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/cucushift-installer-rehearse-aws-eusc-ipi-private-workflow.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/cucushift-installer-rehearse-aws-eusc-ipi-private-workflow.yaml new file mode 100644 index 0000000000000..1dd43f8238063 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/cucushift-installer-rehearse-aws-eusc-ipi-private-workflow.yaml @@ -0,0 +1,20 @@ +workflow: + as: cucushift-installer-rehearse-aws-eusc-ipi-private + steps: + pre: + - chain: cucushift-installer-rehearse-aws-eusc-ipi-private-provision + - ref: cucushift-installer-reportportal-marker + post: + - chain: cucushift-installer-rehearse-aws-eusc-ipi-private-deprovision + - ref: send-results-to-reportportal + documentation: |- + This workflow provisions an OpenShift cluster on AWS European Sovereign + Cloud (EUSC) using IPI with private network configuration, runs tests, + and deprovisions the cluster. + + EUSC-specific features: + - Region: eusc-de-east-1 (Brandenburg, Germany) + - Partition: aws-eusc + - Custom service endpoints configuration + - Custom RHCOS AMI requirement + - 2 availability zones only (eusc-de-east-1a, eusc-de-east-1b) diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/OWNERS new file mode 100644 index 0000000000000..dfb427b630047 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/cucushift-installer-rehearse-aws-eusc-ipi-private-deprovision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/cucushift-installer-rehearse-aws-eusc-ipi-private-deprovision-chain.yaml new file mode 100644 index 0000000000000..e29e0b5af4155 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/deprovision/cucushift-installer-rehearse-aws-eusc-ipi-private-deprovision-chain.yaml @@ -0,0 +1,6 @@ +chain: + as: cucushift-installer-rehearse-aws-eusc-ipi-private-deprovision + steps: + - chain: ipi-deprovision + documentation: |- + Deprovision an OpenShift cluster from AWS EUSC and collect artifacts. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/OWNERS new file mode 100644 index 0000000000000..dfb427b630047 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml new file mode 100644 index 0000000000000..2abbfcd47cac5 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/aws/eusc/ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml @@ -0,0 +1,18 @@ +chain: + as: cucushift-installer-rehearse-aws-eusc-ipi-private-provision + steps: + - ref: ipi-conf + - ref: ipi-conf-telemetry + - ref: ipi-conf-aws + - ref: ipi-conf-aws-eusc-endpoints + - ref: ipi-conf-aws-eusc-ami + - chain: ipi-install + - chain: cucushift-installer-check + documentation: |- + Provision an OpenShift cluster on AWS European Sovereign Cloud (EUSC) + with private network configuration. + + This chain configures EUSC-specific requirements: + - Service endpoints for eusc-de-east-1 region + - Custom RHCOS AMI (required for EUSC) + - Standard AWS IPI configuration diff --git a/ci-operator/step-registry/ipi/conf/aws/eusc-ami/OWNERS b/ci-operator/step-registry/ipi/conf/aws/eusc-ami/OWNERS new file mode 100644 index 0000000000000..dfb427b630047 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/eusc-ami/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan diff --git a/ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-commands.sh b/ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-commands.sh new file mode 100755 index 0000000000000..01d0d268d2393 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-commands.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -o nounset +set -o errexit +set -o pipefail + +CONFIG="${SHARED_DIR}/install-config.yaml" + +if [[ -z "${AWS_EUSC_AMI_ID}" ]]; then + echo "ERROR: AWS_EUSC_AMI_ID is not set. EUSC regions require custom RHCOS AMI." + echo "Please provide a valid AMI ID for eusc-de-east-1 region." + exit 1 +fi + +echo "Configuring custom RHCOS AMI: ${AWS_EUSC_AMI_ID}" + +# Create patch for custom AMI +CONFIG_PATCH="${SHARED_DIR}/install-config-eusc-ami.yaml.patch" +cat > "${CONFIG_PATCH}" << EOF +platform: + aws: + amiID: ${AWS_EUSC_AMI_ID} +EOF + +# Apply patch +yq-go m -x -i "${CONFIG}" "${CONFIG_PATCH}" + +echo "Custom AMI configured successfully" diff --git a/ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-ref.yaml new file mode 100644 index 0000000000000..2a4d2d14cdc49 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-ref.yaml @@ -0,0 +1,26 @@ +ref: + as: ipi-conf-aws-eusc-ami + from_image: + namespace: ocp + name: "4.22" + tag: upi-installer + commands: ipi-conf-aws-eusc-ami-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: AWS_EUSC_AMI_ID + default: "" + documentation: |- + Custom RHCOS AMI ID for EUSC region. Required because no public + RHCOS AMIs are available in eusc-de-east-1. + + This should be set in the cluster profile secrets or provided + via environment variable in the job configuration. + documentation: |- + Configure custom RHCOS AMI for AWS EUSC region. + + EUSC regions do not have public RHCOS AMIs available, so a custom + AMI must be provided. This step configures the install-config.yaml + to use the specified AMI ID. diff --git a/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/OWNERS b/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/OWNERS new file mode 100644 index 0000000000000..dfb427b630047 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- liweinan diff --git a/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-commands.sh b/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-commands.sh new file mode 100755 index 0000000000000..6cec0ddfc7a0a --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-commands.sh @@ -0,0 +1,46 @@ +#!/bin/bash +set -o nounset +set -o errexit +set -o pipefail + +CONFIG="${SHARED_DIR}/install-config.yaml" +REGION="${AWS_EUSC_REGION}" + +echo "Configuring AWS EUSC service endpoints for region: ${REGION}" + +# EUSC service endpoints configuration +# Note: Route53 is a global service, others are regional +declare -A EUSC_ENDPOINTS=( + ["ec2"]="https://ec2.${REGION}.amazonaws.eu" + ["elasticloadbalancing"]="https://elasticloadbalancing.${REGION}.amazonaws.eu" + ["s3"]="https://s3.${REGION}.amazonaws.eu" + ["route53"]="https://route53.amazonaws.eu" + ["iam"]="https://iam.${REGION}.amazonaws.eu" + ["sts"]="https://sts.${REGION}.amazonaws.eu" + ["tagging"]="https://tagging.${REGION}.amazonaws.eu" +) + +# Build serviceEndpoints YAML array +ENDPOINTS_YAML="" +for service_name in "${!EUSC_ENDPOINTS[@]}"; do + endpoint_url="${EUSC_ENDPOINTS[$service_name]}" + ENDPOINTS_YAML+=" - name: ${service_name} + url: ${endpoint_url} +" + echo " - ${service_name}: ${endpoint_url}" +done + +# Create patch file +CONFIG_PATCH="${SHARED_DIR}/install-config-eusc-endpoints.yaml.patch" +cat > "${CONFIG_PATCH}" << EOF +platform: + aws: + serviceEndpoints: +${ENDPOINTS_YAML} +EOF + +# Apply patch using yq-go +echo "Applying EUSC endpoints patch to install-config.yaml..." +yq-go m -a -x -i "${CONFIG}" "${CONFIG_PATCH}" + +echo "EUSC service endpoints configured successfully" diff --git a/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-ref.yaml new file mode 100644 index 0000000000000..441a66f839ddf --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/eusc-endpoints/ipi-conf-aws-eusc-endpoints-ref.yaml @@ -0,0 +1,26 @@ +ref: + as: ipi-conf-aws-eusc-endpoints + from_image: + namespace: ocp + name: "4.22" + tag: upi-installer + commands: ipi-conf-aws-eusc-endpoints-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: AWS_EUSC_REGION + default: "eusc-de-east-1" + documentation: |- + AWS EUSC region for deployment (currently only eusc-de-east-1 is supported) + documentation: |- + Configure AWS European Sovereign Cloud (EUSC) service endpoints. + + EUSC requires explicit service endpoint configuration because AWS SDK v1 + cannot automatically resolve endpoints in this new partition (aws-eusc). + + This step configures all required service endpoints for eusc-de-east-1: + - EC2, ELB, S3 (regional services) + - Route53 (global service at route53.amazonaws.eu) + - IAM, STS, Tagging (regional services)