e2e-hub: install in different namespaces

We want to transition to bundles for those CI jobs and operator-sdk will refuse to install both operators in the same OperatorGroup because they have different install modes.
rh-ecosystem-edge · Apr 8, 2024 · 67e9287 · 67e9287
1 parent 73fe579
commit 67e9287
Show file tree

Hide file tree

Showing 18 changed files with 271 additions and 366 deletions.
diff --git a/ci/e2e-hub/Dockerfile b/ci/e2e-hub/Dockerfile
@@ -0,0 +1,8 @@
+# Create a kmod image that mocks the load of a kmod.
+# The e2e-hub test only checks that the kmod image is successfully pulled by the Spoke; it does not verify that the
+# kmod is actually loaded.
+
+ARG DTK_AUTO
+FROM $DTK_AUTO
+
+RUN ln -s /usr/bin/true /bin/modprobe
diff --git a/ci/e2e-hub/kustomization.yaml b/ci/e2e-hub/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: openshift-kmm-hub
+
+resources:
+  - ../sign-key-certs
+  - policy.yaml
+  - placementrule.yaml
+  - placementbinding.yaml
+  - managedclustermodule.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+  - name: mod-example
+    files: [dockerfile=Dockerfile]
diff --git a/ci/e2e-hub/managedclustermodule.yaml b/ci/e2e-hub/managedclustermodule.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: hub.kmm.sigs.x-k8s.io/v1beta1
+kind: ManagedClusterModule
+metadata:
+  name: mod-example
+spec:
+  spokeNamespace: openshift-kmm
+  selector:
+    name: local-cluster
+  moduleSpec:
+    moduleLoader:
+      container:
+        modprobe:
+          moduleName: mod-example
+        imagePullPolicy: Always
+        kernelMappings:
+        - regexp: '^.+$'
+          containerImage: image-registry.openshift-image-registry.svc:5000/$MOD_NAMESPACE/$MOD_NAME:$KERNEL_FULL_VERSION
+          registryTLS:
+            insecure: true
+          build:
+            baseImageRegistryTLS:
+              insecure: true
+            dockerfileConfigMap:
+              name: mod-example
+          sign:
+            keySecret:
+              name: kmm-kmod-signing-key
+            certSecret:
+              name: kmm-kmod-signing-cert
+            unsignedImageRegistryTLS:
+              insecure: true
+            filesToSign:
+              - /bin/getconf
+    selector:
+      node-role.kubernetes.io/worker: ""
diff --git a/ci/e2e-hub/placementbinding.yaml b/ci/e2e-hub/placementbinding.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: PlacementBinding
+metadata:
+  name: bind-klusterlet-kmm-all-clusters
+placementRef:
+  apiGroup: apps.open-cluster-management.io
+  kind: PlacementRule
+  name: all-managed-clusters
+subjects:
+  - apiGroup: policy.open-cluster-management.io
+    kind: Policy
+    name: allow-klusterlet-deploy-kmm-modules
diff --git a/ci/e2e-hub/placementrule.yaml b/ci/e2e-hub/placementrule.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: apps.open-cluster-management.io/v1
+kind: PlacementRule
+metadata:
+  name: all-managed-clusters
+spec:
+  clusterSelector:
+    matchExpressions: []
diff --git a/ci/e2e-hub/policy.yaml b/ci/e2e-hub/policy.yaml
@@ -0,0 +1,40 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  name: allow-klusterlet-deploy-kmm-modules
+spec:
+  remediationAction: enforce
+  disabled: false
+  policy-templates:
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: klusterlet-deploy-modules
+        spec:
+          severity: high
+          object-templates:
+            - complianceType: mustonlyhave
+              objectDefinition:
+                apiVersion: rbac.authorization.k8s.io/v1
+                kind: ClusterRole
+                metadata:
+                  name: kmm-module-manager
+                rules:
+                  - apiGroups: [kmm.sigs.x-k8s.io]
+                    resources: [modules]
+                    verbs: [create, delete, get, list, patch, update, watch]
+            - complianceType: mustonlyhave
+              objectDefinition:
+                apiVersion: rbac.authorization.k8s.io/v1
+                kind: ClusterRoleBinding
+                metadata:
+                  name: klusterlet-kmm
+                subjects:
+                  - kind: ServiceAccount
+                    name: klusterlet-work-sa
+                    namespace: open-cluster-management-agent
+                roleRef:
+                  kind: ClusterRole
+                  name: kmm-module-manager
+                  apiGroup: rbac.authorization.k8s.io
diff --git a/ci/e2e/Dockerfile b/ci/e2e/Dockerfile
@@ -0,0 +1,25 @@
+ARG DTK_AUTO
+
+FROM ${DTK_AUTO} as builder
+
+ARG KERNEL_VERSION
+
+WORKDIR /usr/src
+
+RUN grep super-secret-value /run/secrets/build-secret/ci-build-secret
+
+RUN git clone https://github.com/rh-ecosystem-edge/kernel-module-management.git
+
+WORKDIR /usr/src/kernel-module-management/ci/kmm-kmod
+
+RUN KERNEL_SRC_DIR=/lib/modules/${KERNEL_VERSION}/build make all
+
+FROM registry.redhat.io/ubi9/ubi-minimal
+
+ARG KERNEL_VERSION
+
+RUN ["microdnf", "install", "-y", "kmod"]
+
+COPY --from=builder /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_a.ko /opt/lib/modules/${KERNEL_VERSION}/
+COPY --from=builder /usr/src/kernel-module-management/ci/kmm-kmod/kmm_ci_b.ko /opt/lib/modules/${KERNEL_VERSION}/
+RUN depmod -b /opt ${KERNEL_VERSION}
diff --git a/ci/e2e/kustomization.yaml b/ci/e2e/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../sign-key-certs
+  - module.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+  - name: kmm-kmod-dockerfile
+    files: [dockerfile=Dockerfile]
+
+secretGenerator:
+  - name: build-secret
+    literals: [ci-build-secret=super-secret-value]
diff --git a/ci/module-kmm-ci-build-sign.yaml → ci/e2e/module.yaml b/ci/module-kmm-ci-build-sign.yaml → ci/e2e/module.yaml
diff --git a/ci/install-ci-hub/kustomization.yaml b/ci/install-ci-hub/kustomization.yaml
diff --git a/ci/kmm-kmod-dockerfile.yaml b/ci/kmm-kmod-dockerfile.yaml