These are mostly CI fixes:
* Use podman+cri-o based minikube:
* This is still considered experimental, but seems to be
more supported than the 'none' driver.
* Fix an issue where ssh to the emulated static node fails:
* PAM needed to be disabled for openssh
* openssh needs more permissions to run - cri-o based minikube
is more strict
* Rebase test container to Fedora 40
* Update the ingress definition to current API version
* Update zookeeper from 3.5.5 to 3.8.4:
* required for nodepool 9.0.0+
* Update the percona operator from 1.11 to 1.14:
* required for kubernetes 1.24+
* Update test node to Ubuntu Jammy from Ubuntu Bionic
* Update minikube to 1.33.1
* Added some more explicit logging to the k8s state, this
could be split off into a role in future.
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/924970
Change-Id: I7bf27750073fa807069af6f85f2689173b278abe
This expands the noxfile to include the linters session and switches
the tox-linters job with the nox-linters job.
Change-Id: If5ff34aded40c66667eaa468baea10fb2658e2b3
Do this to take advantage of python 3.10's speed improvements as
illustrated by Zuul proper. But als OpenDev is looking at dropping
python 3.8 image builds to make room for python 3.11.
Change-Id: I0bb4902d32003ab8e8fb35e6cc39e62ceed88aa8
* Pin minikube to 1.22.0
Version 1.23.0 is failing with
error: unable to recognize "deploy/crds/zuul-ci_v1alpha2_zuul_crd.yaml":
no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
Until we learn more, pin to the previously working k8s version.
* Add debug log-level to the podman login test command
This change should improve the test failure debugging where it
currently may just prints "Shutting down, got signal: Terminated".
* Remove "https://" from registry login
f8136e70f9
Added path-based authentication to "podman login" which they argue
is incompatible with including https:// in the registry identifier.
Doing so now produces an error.
Co-Authored-By: Tristan Cacqueray <tdecacqu@redhat.com>
Change-Id: Ic44b56a2eb6ac15cc5f4af5312fa4e3956d6e457
This switches from the ansible/dhall operator framework to kopf,
an operator framework written in pure Python. This allows us to:
* Build the operator application as a Python app.
* Build the operator image using the opendev python builder images.
* Run the operator as a Python CLI program "zuul-operator".
* Write procedural Python code to handle operator tasks (such as
creating new nodepool launchers when providers are added).
* Use Jinja for templating config files and k8s resource files
(direct pythonic manipulation of resources is an option too).
The new CR nearly matches the existing one, with some minor differences.
Some missing features and documentation are added in the commits
immediately following; they should be reviewed and merged as a unit.
Also, fx waiting for scheduler to settle in functional test since
we changed this log line in Zuul.
Change-Id: Ib37b67e3444b7cd44692d48eee77775ee9049e9f
Change-Id: I70ec31ecd8fe264118215944022b2e7b513dced9
It seems like the zuul-operator-promote-image job does not
upload the image. This change adds a new gate job to upload
the image and fix the promote job.
Depends-On: https://review.opendev.org/727868
Change-Id: Ic3b41e3b29182135f71dc1adf8c6ebd9c26d798d
This change adds a new input toggle to enable using a cert-manager service.
The operator currently only setup a selfSigned CA.
Change-Id: Ifc63768a87f9508c66e4414d5286bae2969985e7
This change adds an optional registry configuration to the spec:
registry:
image: docker.io/zuul/zuul-registry:latest
count: 0
storage-size: 20
public-url: https://registry:9000
The operator expect a {{ cr_name }}-registry-tls secret to be provided
for tls and user configuration. If the secret is missing, the operator
creates self signed certificates and generates the user password.
Depends-On: https://review.opendev.org/710644
Change-Id: I0c054485b0ad01d53ddcff93f7bcbf34d1810325
In some case, the test node needs more time to pull the
zuul image. This change increases the wait time to 8 minutes
to prevent false positive failure.
Thsi change also:
* adds a build artifact with the generated kubernetes resources.
* redirects post commands output to logfiles to unclutter the
job-output console.
* replaces kubectl wait by rollout status.
* wait for operator and nodepool-launcher deployment.
Change-Id: I1c499bd11576f92b98511cd1ff180026b8aa70d8
This change adds a new run playbook to perform some integration
tests:
- add a config project with a periodic pipeline
- ensure the executor run a job
- ensure the job results are published in the db
- ensure the console-stream is working
Change-Id: I85187c741b376eaafdef1066452f13e2853caed7
Rather than rely on the implicit docker-image provides/requires
list explicit per-image requirements for related jobs to reduce,
unecessarily serialization in change queues.
Change-Id: If31a57ff9c7e242bad4050d88df3c33e0eb2f27f
This change replaces the existing tasks with a dhall function to
generates all the kubernetes objects. The operator nows converts
the CR spec to a dhall `Input`, then it applies the function
output to the cluster. Follow-up changes demonstrate how
runtime operations can be performed around that function.
This change updates the zuul-ci_v1alpha1_zuul_cr.yaml file with
the actual CR defined in the zuul specification so that it can
be used in the functional tests.
Depends-On: https://review.opendev.org/702753
Change-Id: Iea51bccf90def6e827d2c5846ad6a7e4c86a5bc1
This change adds a couple of new tools in the operator image.
This change also disables the CI job and the follow-up changes
will re-active it step by step.
Change-Id: I106b34a5e11aec5e88ca2f491c69c82527551952
A job that will run playbooks which start kubernetes, and verify that the
zuul-operator builds properly. This will be added to check and gate and
is the first step to https://review.opendev.org/#/c/659180/
Change-Id: Idf677621cf178b3af9975bbd22fbfe0d30df7ee5
