diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..44e66646f --- /dev/null +++ b/Makefile @@ -0,0 +1,11 @@ +generate: + ./openshift/generate.sh +.PHONY: generate + +generate-release: generate +.PHONY: generate + +e2e-tests: + ./openshift/install.sh + ./openshift/e2e-tests.sh +.PHONY: e2e-tests diff --git a/OWNERS b/OWNERS index e1f43fb9d..8b3b6b669 100644 --- a/OWNERS +++ b/OWNERS @@ -1,11 +1,7 @@ +# The OWNERS file is used by prow to automatically merge approved PRs. + approvers: - - technical-oversight-committee - - knative-release-leads - - eventing-wg-leads - - eventing-writers +- eventing-approvers -# Reviewers are suggested from the reviewers list first, then the approvers -# list. To add reviewers while spreading the load among existing approvers, -# copy the approvers to the reviewers list too. -# reviewers: -# TODO: fill in the owning WG +reviewers: +- eventing-reviewers \ No newline at end of file diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 131e4922b..f7cffeaac 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -1,245 +1,15 @@ -# This file is auto-generated from peribolos. -# Do not modify this file, instead modify peribolos/knative-extensions.yaml - aliases: - autoscaler-keda-approvers: - - skonto - backstage-plugins-reviewers: - - aliok - - cali0707 - - leo6leo - - pierdipi - backstage-plugins-writers: - - aliok - - cali0707 - - leo6leo - - pierdipi - client-wg-leads: - - dsimansk - - rhuss - client-writers: - - dsimansk - - rhuss - discovery-approvers: - - lberk - docs-writers: - - csantanapr - - skonto - eventing-autoscaler-keda-approvers: [] - eventing-awssqs-approvers: - - lberk - - matzew - eventing-ceph-approvers: - - lberk - - matzew - eventing-couchdb-approvers: - - lberk - - lionelvillard - - matzew - eventing-github-approvers: - - lberk - - matzew - eventing-gitlab-approvers: - - lberk - - matzew - - sebgoa - eventing-kafka-approvers: - - aliok - - lberk - - matzew - - pierDipi - eventing-kafka-broker-approvers: + eventing-approvers: - aliok - - matzew - - pierDipi - eventing-kafka-broker-reviewers: - - Leo6Leo - - cali0707 - eventing-kafka-writers: [] - eventing-natss-approvers: - - astelmashenko - - dan-j - eventing-prometheus-approvers: + - creydr - lberk - matzew - eventing-rabbitmq-approvers: - - ikavgo - - mkuratczyk - eventing-redis-approvers: - - aavarghese - - lionelvillard - - matzew + - mgencur + - pierdipi + - skonto eventing-reviewers: - - Leo6Leo - - cali0707 - - creydr - eventing-wg-leads: - - pierDipi - eventing-writers: - - Leo6Leo - aliok - - cali0707 - creydr - - lionelvillard - - matzew - - pierDipi - func-tastic-approvers: - - lance - - lkingland - - matejvasek - - nainaz - - salaboy - functastic-writers: - - lance - - lkingland - - matejvasek - - matzew - - nainaz - - salaboy - function-runtime-approvers: - - lance - - lkingland - - matejvasek - - matzew - - nainaz - - salaboy - function-runtime-writers: - - lance - - lkingland - - matejvasek + - lberk - matzew - - nainaz - - salaboy - homebrew-kn-plugins-approvers: - - dsimansk - - rhuss - kn-plugin-admin-approvers: - - dsimansk - - rhuss - kn-plugin-event-approvers: - - cardil - - rhuss - kn-plugin-operator-approvers: - - dsimansk - - houshengbo - - rhuss - kn-plugin-quickstart-approvers: - - dsimansk - - psschwei - - rhuss - kn-plugin-sample-approvers: - - dsimansk - - rhuss - kn-plugin-service-log-approvers: - - rhuss - kn-plugin-source-kafka-approvers: - - daisy-ycguo - - dsimansk - - rhuss - kn-plugin-source-kamelet-approvers: - - christophd - - rhuss - knative-admin: - - aliok - - cardil - - davidhadas - - dprotaso - - dsimansk - - evankanderson - - knative-automation - - knative-prow-releaser-robot - - knative-prow-robot - - knative-prow-updater-robot - - knative-test-reporter-robot - - nainaz - - psschwei - - salaboy - - upodroid - knative-release-leads: [] - knative-robots: - - knative-automation - - knative-prow-releaser-robot - - knative-prow-robot - - knative-prow-updater-robot - - knative-test-reporter-robot - net-contour-approvers: - - KauzClay - - dprotaso - net-gateway-api-approvers: - - dprotaso - net-http01-approvers: [] - net-istio-approvers: - - skonto - net-kourier-approvers: - - skonto - operations-wg-leads: - - houshengbo - operations-writers: - - dprotaso - - houshengbo - - upodroid - productivity-leads: - - cardil - - upodroid - productivity-wg-leads: - - cardil - - upodroid - productivity-writers: - - cardil - - upodroid - security-guard-approvers: - - davidhadas - - psschwei - - rhuss - security-wg-leads: - - davidhadas - - evankanderson - security-writers: - - davidhadas - - evankanderson - serving-approvers: - - skonto - serving-progressive-rollout-approvers: - - alexagriffith - - houshengbo - - sukumargaonkar - - yuzisun - serving-reviewers: - - izabelacg - - skonto - serving-triage: - - izabelacg - - skonto - serving-wg-leads: - - dprotaso - serving-writers: - - dprotaso - - skonto - steering-committee: - - aliok - - davidhadas - - dprotaso - - dsimansk - - evankanderson - - nainaz - - psschwei - - salaboy - technical-oversight-committee: - - aliok - - davidhadas - - dprotaso - - dsimansk - - evankanderson - - nainaz - - psschwei - - salaboy - ux-wg-leads: - - cali0707 - - leo6leo - - mmejia02 - - zainabhusain227 - ux-writers: - - cali0707 - - leo6leo - - mmejia02 - - zainabhusain227 + - pierdipi \ No newline at end of file diff --git a/openshift/ci-operator/build-image/Dockerfile b/openshift/ci-operator/build-image/Dockerfile new file mode 100755 index 000000000..deaa53199 --- /dev/null +++ b/openshift/ci-operator/build-image/Dockerfile @@ -0,0 +1,26 @@ +# DO NOT EDIT! Generated Dockerfile. + +FROM registry.ci.openshift.org/ocp/4.17:cli-artifacts as tools + +# Dockerfile to bootstrap build and test in openshift-ci +FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 as builder + +ARG TARGETARCH + +COPY --from=tools /usr/share/openshift/linux_$TARGETARCH/oc.rhel8 /usr/bin/oc + +RUN ln -s /usr/bin/oc /usr/bin/kubectl + +RUN yum install -y httpd-tools + +RUN wget https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \ + chmod 700 ./get-helm-3 + +RUN ./get-helm-3 --version v3.11.3 --no-sudo && helm version + +RUN GOFLAGS='' go install github.com/mikefarah/yq/v3@latest +RUN GOFLAGS='' go install -tags="exclude_graphdriver_btrfs containers_image_openpgp" github.com/containers/skopeo/cmd/skopeo@v1.16.1 + +# go install creates $GOPATH/.cache with root permissions, we delete it here +# to avoid permission issues with the runtime users +RUN rm -rf $GOPATH/.cache diff --git a/openshift/ci-operator/knative-images/controller/Dockerfile b/openshift/ci-operator/knative-images/controller/Dockerfile new file mode 100755 index 000000000..30c8fea94 --- /dev/null +++ b/openshift/ci-operator/knative-images/controller/Dockerfile @@ -0,0 +1,35 @@ +# DO NOT EDIT! Generated Dockerfile for cmd/controller. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /workspace +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./cmd/controller + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/controller +COPY LICENSE /licenses/ + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-istio-controller-rhel8-container" \ + name="openshift-serverless-1/eventing-istio-controller-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Istio Controller" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Istio Controller" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Istio Controller" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Istio Controller" \ + io.openshift.tags="controller" + +ENTRYPOINT ["/usr/bin/controller"] diff --git a/openshift/ci-operator/source-image/Dockerfile b/openshift/ci-operator/source-image/Dockerfile new file mode 100755 index 000000000..0bc58d0cd --- /dev/null +++ b/openshift/ci-operator/source-image/Dockerfile @@ -0,0 +1,7 @@ +# DO NOT EDIT! Generated Dockerfile. + +FROM src + +RUN chmod +x vendor/k8s.io/code-generator/generate-groups.sh || true +RUN chmod +x vendor/knative.dev/pkg/hack/generate-knative.sh || true +RUN chmod +x vendor/k8s.io/code-generator/generate-internal-groups.sh || true diff --git a/openshift/e2e-tests.sh b/openshift/e2e-tests.sh new file mode 100755 index 000000000..43bd9a302 --- /dev/null +++ b/openshift/e2e-tests.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +repo_root_dir=$(dirname "$(realpath "${BASH_SOURCE[0]}")")/.. + +export SKIP_INITIALIZE=true +export GOPATH=/tmp/go +export GOCACHE=/tmp/go-cache +export ARTIFACTS=${ARTIFACT_DIR:-$(mktemp -u -t -d)} + +"${repo_root_dir}/test/e2e-tests.sh" diff --git a/openshift/generate.sh b/openshift/generate.sh new file mode 100755 index 000000000..bfaed40e2 --- /dev/null +++ b/openshift/generate.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +set -euo pipefail + +repo_root_dir=$(dirname "$(realpath "${BASH_SOURCE[0]}")")/.. + +release=$(yq r openshift/project.yaml project.tag) +release=${release/knative/release} + +function resolve_resources(){ + echo $@ + + local dir=$1 + local resolved_file_name=$2 + + local version=${release/release-/} + + echo "Writing resolved yaml to $resolved_file_name" + + for yaml in "$dir"/*.yaml; do + echo "Resolving ${yaml}" + + echo "---" >> "$resolved_file_name" + + sed \ + -e "s+eventing.knative.dev/release: devel+eventing.knative.dev/release: ${version}+" \ + -e "s+app.kubernetes.io/version: devel+app.kubernetes.io/version: ${version}+" \ + "$yaml" >> "$resolved_file_name" + done +} + +"${repo_root_dir}/hack/update-deps.sh" + +tmp_dir=$(mktemp -d) +git clone --branch main https://github.com/openshift-knative/hack "$tmp_dir" + +pushd "$tmp_dir" +go install github.com/openshift-knative/hack/cmd/generate +popd + +rm -rf "$tmp_dir" + +$(go env GOPATH)/bin/generate \ + --root-dir "${repo_root_dir}" \ + --generators dockerfile \ + --excludes "vendor.*" \ + --excludes "third_party.*" \ + --images-from eventing \ + --images-from eventing-kafka-broker + +"$repo_root_dir/hack/update-codegen.sh" + +rm -rf "${repo_root_dir}/openshift/release/artifacts" +mkdir -p "${repo_root_dir}/openshift/release/artifacts" +resolve_resources "${repo_root_dir}/config/eventing-istio/roles" "${repo_root_dir}/openshift/release/artifacts/eventing-istio-controller.yaml" +resolve_resources "${repo_root_dir}/config/eventing-istio/controller" "${repo_root_dir}/openshift/release/artifacts/eventing-istio-controller.yaml" diff --git a/openshift/images.yaml b/openshift/images.yaml new file mode 100755 index 000000000..9bee03d0c --- /dev/null +++ b/openshift/images.yaml @@ -0,0 +1,38 @@ +knative.dev/eventing-istio/cmd/controller: registry.ci.openshift.org/openshift/knative-eventing-istio-controller:knative-nightly +knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-controller: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-kafka-controller:knative-nightly +knative.dev/eventing-kafka-broker/control-plane/cmd/kafka-source-controller: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-kafka-source-controller:knative-nightly +knative.dev/eventing-kafka-broker/control-plane/cmd/post-install: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-post-install:knative-nightly +knative.dev/eventing-kafka-broker/control-plane/cmd/webhook-kafka: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-webhook-kafka:knative-nightly +knative.dev/eventing-kafka-broker/test/cmd/logs-exporter: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-test-logs-exporter:knative-nightly +knative.dev/eventing-kafka-broker/test/cmd/watch-cm: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-test-watch-cm:knative-nightly +knative.dev/eventing-kafka-broker/test/test_images/committed-offset: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-test-committed-offset:knative-nightly +knative.dev/eventing-kafka-broker/test/test_images/consumer-group-lag-provider-test: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-test-consumer-group-lag-provider-test:knative-nightly +knative.dev/eventing-kafka-broker/test/test_images/kafka-consumer: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-test-kafka-consumer:knative-nightly +knative.dev/eventing/cmd/apiserver_receive_adapter: registry.ci.openshift.org/openshift/knative-eventing-apiserver-receive-adapter:knative-nightly +knative.dev/eventing/cmd/appender: registry.ci.openshift.org/openshift/knative-eventing-appender:knative-nightly +knative.dev/eventing/cmd/broker/filter: registry.ci.openshift.org/openshift/knative-eventing-filter:knative-nightly +knative.dev/eventing/cmd/broker/ingress: registry.ci.openshift.org/openshift/knative-eventing-ingress:knative-nightly +knative.dev/eventing/cmd/controller: registry.ci.openshift.org/openshift/knative-eventing-controller:knative-nightly +knative.dev/eventing/cmd/event_display: registry.ci.openshift.org/openshift/knative-eventing-event-display:knative-nightly +knative.dev/eventing/cmd/heartbeats: registry.ci.openshift.org/openshift/knative-eventing-heartbeats:knative-nightly +knative.dev/eventing/cmd/heartbeats_receiver: registry.ci.openshift.org/openshift/knative-eventing-heartbeats-receiver:knative-nightly +knative.dev/eventing/cmd/in_memory/channel_controller: registry.ci.openshift.org/openshift/knative-eventing-channel-controller:knative-nightly +knative.dev/eventing/cmd/in_memory/channel_dispatcher: registry.ci.openshift.org/openshift/knative-eventing-channel-dispatcher:knative-nightly +knative.dev/eventing/cmd/jobsink: registry.ci.openshift.org/openshift/knative-eventing-jobsink:knative-nightly +knative.dev/eventing/cmd/mqttsource: registry.ci.openshift.org/openshift/knative-eventing-mqttsource:knative-nightly +knative.dev/eventing/cmd/mtchannel_broker: registry.ci.openshift.org/openshift/knative-eventing-mtchannel-broker:knative-nightly +knative.dev/eventing/cmd/mtping: registry.ci.openshift.org/openshift/knative-eventing-mtping:knative-nightly +knative.dev/eventing/cmd/pong: registry.ci.openshift.org/openshift/knative-eventing-pong:knative-nightly +knative.dev/eventing/cmd/schema: registry.ci.openshift.org/openshift/knative-eventing-schema:knative-nightly +knative.dev/eventing/cmd/webhook: registry.ci.openshift.org/openshift/knative-eventing-webhook:knative-nightly +knative.dev/eventing/cmd/websocketsource: registry.ci.openshift.org/openshift/knative-eventing-websocketsource:knative-nightly +knative.dev/eventing/test/test_images/event-sender: registry.ci.openshift.org/openshift/knative-eventing-test-event-sender:knative-nightly +knative.dev/eventing/test/test_images/print: registry.ci.openshift.org/openshift/knative-eventing-test-print:knative-nightly +knative.dev/eventing/test/test_images/recordevents: registry.ci.openshift.org/openshift/knative-eventing-test-recordevents:knative-nightly +knative.dev/eventing/test/test_images/request-sender: registry.ci.openshift.org/openshift/knative-eventing-test-request-sender:knative-nightly +knative.dev/eventing/test/test_images/wathola-fetcher: registry.ci.openshift.org/openshift/knative-eventing-test-wathola-fetcher:knative-nightly +knative.dev/eventing/test/test_images/wathola-forwarder: registry.ci.openshift.org/openshift/knative-eventing-test-wathola-forwarder:knative-nightly +knative.dev/eventing/test/test_images/wathola-receiver: registry.ci.openshift.org/openshift/knative-eventing-test-wathola-receiver:knative-nightly +knative.dev/eventing/test/test_images/wathola-sender: registry.ci.openshift.org/openshift/knative-eventing-test-wathola-sender:knative-nightly +knative.dev/pkg/apiextensions/storageversion/cmd/migrate: registry.ci.openshift.org/openshift/knative-eventing-migrate:knative-nightly +knative.dev/reconciler-test/cmd/eventshub: registry.ci.openshift.org/openshift/knative-eventing-test-eventshub:knative-nightly diff --git a/openshift/install.sh b/openshift/install.sh new file mode 100755 index 000000000..cdadd15de --- /dev/null +++ b/openshift/install.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +function install_eventing_with_mesh() { + + KNATIVE_EVENTING_ISTIO_MANIFESTS_DIR="${SCRIPT_DIR}/release/artifacts" + export KNATIVE_EVENTING_ISTIO_MANIFESTS_DIR + + go install github.com/openshift-knative/hack/cmd/sobranch@latest + + local release + release=$(yq r "${SCRIPT_DIR}/project.yaml" project.tag) + release=${release/knative-/} + so_branch=$( $(go env GOPATH)/bin/sobranch --upstream-version "${release}") + + USE_IMAGE_RELEASE_TAG="$(yq r "${SCRIPT_DIR}/project.yaml" project.tag)" + export USE_IMAGE_RELEASE_TAG + + local operator_dir=/tmp/serverless-operator + git clone --branch "${so_branch}" https://github.com/openshift-knative/serverless-operator.git $operator_dir || git clone --branch main https://github.com/openshift-knative/serverless-operator.git $operator_dir + + pushd $operator_dir || return $? + + export ON_CLUSTER_BUILDS=true + export DOCKER_REPO_OVERRIDE=image-registry.openshift-image-registry.svc:5000/openshift-marketplace + + make OPENSHIFT_CI="true" SCALE_UP=5 TRACING_BACKEND=zipkin generated-files images install-certmanager install-strimzi install-kafka-with-mesh || return $? + + popd || return $? +} + +install_eventing_with_mesh || exit 1 diff --git a/openshift/patches/01-openshift_tests.patch b/openshift/patches/01-openshift_tests.patch new file mode 100644 index 000000000..4b069ef01 --- /dev/null +++ b/openshift/patches/01-openshift_tests.patch @@ -0,0 +1,85 @@ +diff --git a/test/e2e-common.sh b/test/e2e-common.sh +index 8b67cf7..d690543 100755 +--- a/test/e2e-common.sh ++++ b/test/e2e-common.sh +@@ -28,6 +28,8 @@ function run_eventing_core_tests() { + -parallel=12 \ + -run TestPingSource \ + ./test/rekt/ \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" go_test_e2e \ +@@ -35,6 +37,8 @@ function run_eventing_core_tests() { + -parallel=12 \ + -run TestBrokerConformance \ + ./test/rekt/ \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + BROKER_TEMPLATES="${KAFKA_NAMESPACED_BROKER_TEMPLATES}" go_test_e2e \ +@@ -42,6 +46,8 @@ function run_eventing_core_tests() { + -parallel=12 \ + -run TestBrokerConformance \ + ./test/rekt/ \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" go_test_e2e \ +@@ -49,6 +55,8 @@ function run_eventing_core_tests() { + -parallel=12 \ + -run TestContainerSource \ + ./test/rekt/ \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" go_test_e2e \ +@@ -56,6 +64,8 @@ function run_eventing_core_tests() { + -parallel=12 \ + -run TestSinkBinding \ + ./test/rekt/ \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + CHANNEL_GROUP_KIND="InMemoryChannel.messaging.knative.dev" \ +@@ -65,6 +75,8 @@ function run_eventing_core_tests() { + -parallel=18 \ + -run TestChannel \ + ./test/rekt/ \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + CHANNEL_GROUP_KIND="KafkaChannel.messaging.knative.dev" \ +@@ -74,6 +86,8 @@ function run_eventing_core_tests() { + -parallel=18 \ + -run TestChannel \ + ./test/rekt/ \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + popd +@@ -87,6 +101,8 @@ function run_eventing_kafka_broker_tests() { + -parallel=12 \ + -run TestKafkaSource \ + ./test/e2e_new/... \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" BROKER_CLASS="Kafka" go_test_e2e \ +@@ -94,6 +110,8 @@ function run_eventing_kafka_broker_tests() { + -parallel=12 \ + -run TestKafkaSink \ + ./test/e2e_new/... \ ++ --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ ++ --environment.namespace="serverless-tests" \ + --istio.enabled=true || return $? + + popd diff --git a/openshift/project.yaml b/openshift/project.yaml new file mode 100644 index 000000000..29a7b84e8 --- /dev/null +++ b/openshift/project.yaml @@ -0,0 +1,3 @@ +project: + tag: knative-nightly + imagePrefix: knative-eventing-istio diff --git a/openshift/release/artifacts/eventing-istio-controller.yaml b/openshift/release/artifacts/eventing-istio-controller.yaml new file mode 100644 index 000000000..7ad7fdae3 --- /dev/null +++ b/openshift/release/artifacts/eventing-istio-controller.yaml @@ -0,0 +1,223 @@ +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-eventing-istio-controller + labels: + app.kubernetes.io/version: nightly + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "services" + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + + - apiGroups: + - "" + resources: + - "services/finalizers" + verbs: + - "create" + - "update" + - "delete" + - "get" + - "list" + - "watch" + + - apiGroups: + - "networking.istio.io" + resources: + - "destinationrules" + verbs: &everything + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + + # For leader election + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: *everything + + # For creating events and reporting errors + - apiGroups: + - "" + resources: + - "events" + verbs: *everything +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: eventing-istio-controller + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + app.kubernetes.io/name: knative-eventing + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eventing-istio-controller + labels: + app.kubernetes.io/version: nightly + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: eventing-istio-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-eventing-istio-controller + apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eventing-istio-controller + namespace: knative-eventing + labels: + knative.dev/high-availability: "true" + app.kubernetes.io/component: eventing-istio-controller + app.kubernetes.io/version: nightly + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: eventing-istio-controller + template: + metadata: + labels: + app: eventing-istio-controller + app.kubernetes.io/component: eventing-istio-controller + app.kubernetes.io/version: nightly + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: eventing-istio-controller + topologyKey: kubernetes.io/hostname + weight: 100 + + serviceAccountName: eventing-istio-controller + enableServiceLinks: false + containers: + - name: eventing-istio-controller + terminationMessagePolicy: FallbackToLogsOnError + image: ko://knative.dev/eventing-istio/cmd/controller + + resources: + requests: + cpu: 100m + memory: 100Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/eventing-istio + # APIServerSource + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 diff --git a/openshift/release/create-release-branch.sh b/openshift/release/create-release-branch.sh new file mode 100755 index 000000000..5751cf72d --- /dev/null +++ b/openshift/release/create-release-branch.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +# Usage: create-release-branch.sh v0.4.1 release-0.4 + +set -ex # Exit immediately on error. + +release=$1 +target=$2 + +# Fetch the latest tags and checkout a new branch from the wanted tag. +git fetch upstream -v --tags +git checkout -b "$target" "$release" + +# Remove GH Action hooks from upstream +rm -rf .github/workflows +git commit -sm ":fire: remove unneeded workflows" .github/ + +# Copy the openshift extra files from the OPENSHIFT/main branch. +git fetch openshift main +git checkout openshift/main -- openshift OWNERS OWNERS_ALIASES Makefile + +tag=${target/release-/} +yq write --inplace openshift/project.yaml project.tag "knative-$tag" + +# Update submodules to point to midstream repos with correct branch +git submodule set-branch --branch "$target" -- "third_party/eventing" +git submodule set-url -- "third_party/eventing" https://github.com/openshift-knative/eventing.git + +git submodule set-branch --branch "$target" -- "third_party/eventing-kafka-broker" +git submodule set-url -- "third_party/eventing-kafka-broker" https://github.com/openshift-knative/eventing-kafka-broker.git + +# Generate our OCP artifacts +make generate +git apply openshift/patches/* +git add . +git commit -m "Add openshift specific files." diff --git a/openshift/release/mirror-upstream-branches.sh b/openshift/release/mirror-upstream-branches.sh new file mode 100755 index 000000000..15ba50512 --- /dev/null +++ b/openshift/release/mirror-upstream-branches.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +# Usage: openshift/release/mirror-upstream-branches.sh +# This should be run from the basedir of the repo with no arguments + + +set -ex +readonly TMPDIR=$(mktemp -d knativeEventingIstioBranchingCheckXXXX -p /tmp/) + +git fetch upstream --tags +git fetch openshift --tags + +# We need to seed this with a few releases that, otherwise, would make +# the processing regex less clear with more anomalies +cat >> "$TMPDIR"/midstream_branches < "$TMPDIR"/upstream_branches +git branch --list -a "openshift/release-v1.*" | cut -f3 -d'/' | cut -f2 -d'v' | cut -f1,2 -d'.' >> "$TMPDIR"/midstream_branches + +sort -o "$TMPDIR"/midstream_branches "$TMPDIR"/midstream_branches +sort -o "$TMPDIR"/upstream_branches "$TMPDIR"/upstream_branches +comm -32 "$TMPDIR"/upstream_branches "$TMPDIR"/midstream_branches > "$TMPDIR"/new_branches + +UPSTREAM_BRANCH=$(cat "$TMPDIR"/new_branches) +if [ -z "$UPSTREAM_BRANCH" ]; then + echo "no new branch, exiting" + exit 0 +fi +echo "found upstream branch: $UPSTREAM_BRANCH" +readonly UPSTREAM_TAG="knative-v$UPSTREAM_BRANCH.0" +readonly MIDSTREAM_BRANCH="release-v$UPSTREAM_BRANCH" +openshift/release/create-release-branch.sh "$UPSTREAM_TAG" "$MIDSTREAM_BRANCH" +# we would check the error code, but we 'set -e', so assume we're fine +git push openshift "$MIDSTREAM_BRANCH" diff --git a/openshift/release/update-to-head.sh b/openshift/release/update-to-head.sh new file mode 100755 index 000000000..1535355ea --- /dev/null +++ b/openshift/release/update-to-head.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# Synchs the REPO_BRANCH branch to main and then triggers CI +# Usage: update-to-head.sh + +set -e +REPO_NAME="eventing-istio" +REPO_OWNER_NAME="openshift-knative" +REPO_BRANCH="release-next" +REPO_BRANCH_CI="${REPO_BRANCH}-ci" + +# Check if there's an upstream release we need to mirror downstream +openshift/release/mirror-upstream-branches.sh + +# Reset REPO_BRANCH to upstream/main. +git fetch upstream main +git checkout upstream/main -B ${REPO_BRANCH} + +# Update openshift's main and take all needed files from there. +git fetch openshift main +git checkout openshift/main openshift OWNERS OWNERS_ALIASES Makefile +git checkout openshift/main .konflux .tekton || true + +# Generate our OCP artifacts +make generate +git apply openshift/patches/* +git add . +git commit -m ":open_file_folder: Update openshift specific files." +git push -f openshift ${REPO_BRANCH} + +# Trigger CI +git checkout ${REPO_BRANCH} -B ${REPO_BRANCH_CI} +date > ci +git add ci +git commit -m ":robot: Triggering CI on branch '${REPO_BRANCH}' after synching to upstream/main" +git push -f openshift ${REPO_BRANCH_CI} + +if hash hub 2>/dev/null; then + # Test if there is already a sync PR in + COUNT=$(hub api -H "Accept: application/vnd.github.v3+json" repos/${REPO_OWNER_NAME}/${REPO_NAME}/pulls --flat \ + | grep -c ":robot: Triggering CI on branch '${REPO_BRANCH}' after synching to upstream/main") || true + if [ "$COUNT" = "0" ]; then + hub pull-request --no-edit -l "kind/sync-fork-to-upstream,approved,lgtm" -b ${REPO_OWNER_NAME}/${REPO_NAME}:${REPO_BRANCH} -h ${REPO_OWNER_NAME}/${REPO_NAME}:${REPO_BRANCH_CI} + fi +else + echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually." +fi diff --git a/test/e2e-common.sh b/test/e2e-common.sh index 44a5c8840..fb0e182c1 100755 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -28,6 +28,8 @@ function run_eventing_core_tests() { -parallel=12 \ -run TestPingSource \ ./test/rekt/ \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" go_test_e2e \ @@ -35,6 +37,8 @@ function run_eventing_core_tests() { -parallel=12 \ -run TestBrokerConformance \ ./test/rekt/ \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? BROKER_TEMPLATES="${KAFKA_NAMESPACED_BROKER_TEMPLATES}" go_test_e2e \ @@ -42,6 +46,8 @@ function run_eventing_core_tests() { -parallel=12 \ -run TestBrokerConformance \ ./test/rekt/ \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" go_test_e2e \ @@ -49,6 +55,8 @@ function run_eventing_core_tests() { -parallel=12 \ -run TestContainerSource \ ./test/rekt/ \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" go_test_e2e \ @@ -56,6 +64,8 @@ function run_eventing_core_tests() { -parallel=12 \ -run TestSinkBinding \ ./test/rekt/ \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? CHANNEL_GROUP_KIND="InMemoryChannel.messaging.knative.dev" \ @@ -65,6 +75,8 @@ function run_eventing_core_tests() { -parallel=18 \ -run TestChannel \ ./test/rekt/ \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? CHANNEL_GROUP_KIND="KafkaChannel.messaging.knative.dev" \ @@ -74,6 +86,8 @@ function run_eventing_core_tests() { -parallel=18 \ -run TestChannel \ ./test/rekt/ \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? popd @@ -87,6 +101,8 @@ function run_eventing_kafka_broker_tests() { -parallel=12 \ -run TestKafkaSource \ ./test/e2e_new/... \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? BROKER_TEMPLATES="${KAFKA_BROKER_TEMPLATES}" BROKER_CLASS="Kafka" go_test_e2e \ @@ -94,6 +110,8 @@ function run_eventing_kafka_broker_tests() { -parallel=12 \ -run TestKafkaSink \ ./test/e2e_new/... \ + --images.producer.file="${REPO_ROOT_DIR}/openshift/images.yaml" \ + --environment.namespace="serverless-tests" \ --istio.enabled=true || return $? popd