Adding Kubernetes 1.27 (rc0) provider (#988)

* Adding Kubernetes 1.27 (rc0) provider as an unmodified copy of 1.26-centos9 Signed-off-by: Jed Lejosne <[email protected]> * Now fix the versions in 1.27 Signed-off-by: Jed Lejosne <[email protected]> --------- Signed-off-by: Jed Lejosne <[email protected]>
kubevirt · Mar 30, 2023 · 054c0ed · 054c0ed
1 parent c731ec1
commit 054c0ed
Show file tree

Hide file tree

Showing 116 changed files with 84,160 additions and 0 deletions.
diff --git a/cluster-provision/k8s/1.27/base b/cluster-provision/k8s/1.27/base
@@ -0,0 +1 @@
+centos9
diff --git a/cluster-provision/k8s/1.27/bind_device_to_vfio.sh b/cluster-provision/k8s/1.27/bind_device_to_vfio.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+set -ex
+
+if [ "$1" != "--vendor" ]; then
+    echo "No vendor provided"
+    exit 1
+fi
+vendor=$2
+
+function get_device_driver() {
+    local dev_driver=$(readlink $driver_path)
+    echo "${dev_driver##*/}"
+}
+
+# find the PCI address of the device by vendor_id:product_id
+pci_address=(`lspci -D -d ${vendor}`)
+pci_address="${pci_address[0]}"
+dev_sysfs_path="/sys/bus/pci/devices/$pci_address"
+
+if [[ ! -d $dev_sysfs_path ]]; then
+    echo "Error: PCI address ${pci_address} does not exist!" 1>&2
+    exit 1
+fi
+
+if [[ ! -d "$dev_sysfs_path/iommu/" ]]; then
+    echo "Error: No vIOMMU found in the VM" 1>&2
+    exit 1
+fi
+
+# set device driver path
+driver_path="${dev_sysfs_path}/driver"
+driver_override="${dev_sysfs_path}/driver_override"
+
+# load the vfio-pci module
+modprobe -i vfio-pci
+
+
+driver=$(get_device_driver)
+
+if [[ "$driver" != "vfio-pci" ]]; then
+
+    # unbind from the original device driver
+    echo ${pci_address} > "${driver_path}/unbind"
+    # bind the device to vfio-pci driver
+    echo "vfio-pci" > ${driver_override}
+    echo $pci_address > /sys/bus/pci/drivers/vfio-pci/bind
+fi
+
+# The device should now be using the vfio-pci driver
+new_driver=$(get_device_driver)
+if [[ $new_driver != "vfio-pci" ]]; then
+    echo "Error: Failed to bind to vfio-pci driver" 1>&2
+    exit 1
+fi
diff --git a/cluster-provision/k8s/1.27/conformance.json b/cluster-provision/k8s/1.27/conformance.json
@@ -0,0 +1,47 @@
+{
+  "Description": "DEFAULT",
+  "UUID": "",
+  "Version": "v0.56.9",
+  "ResultsDir": "/tmp/sonobuoy/results",
+  "Resources": null,
+  "Filters": {
+    "Namespaces": ".*",
+    "LabelSelector": ""
+  },
+  "Limits": {
+    "PodLogs": {
+      "Namespaces": "kube-system",
+      "SonobuoyNamespace": true,
+      "FieldSelectors": [],
+      "LabelSelector": "",
+      "Previous": false,
+      "SinceSeconds": null,
+      "SinceTime": null,
+      "Timestamps": false,
+      "TailLines": null,
+      "LimitBytes": null
+    }
+  },
+  "QPS": 30,
+  "Burst": 50,
+  "Server": {
+    "bindaddress": "0.0.0.0",
+    "bindport": 8080,
+    "advertiseaddress": "",
+    "timeoutseconds": 21600
+  },
+  "Plugins": null,
+  "PluginSearchPath": [
+    "./plugins.d",
+    "/etc/sonobuoy/plugins.d",
+    "~/sonobuoy/plugins.d"
+  ],
+  "Namespace": "sonobuoy",
+  "WorkerImage": "sonobuoy/sonobuoy:v0.56.9",
+  "ImagePullPolicy": "IfNotPresent",
+  "ImagePullSecrets": "",
+  "AggregatorPermissions": "clusterAdmin",
+  "ServiceAccountName": "sonobuoy-serviceaccount",
+  "ProgressUpdatesPort": "8099",
+  "SecurityContextMode": "nonroot"
+}
diff --git a/cluster-provision/k8s/1.27/extra-pre-pull-images b/cluster-provision/k8s/1.27/extra-pre-pull-images
@@ -0,0 +1,10 @@
+quay.io/kubevirtci/grafana-grafana:7.5.4
+quay.io/kubevirtci/install-cni:1.15.0
+quay.io/kubevirtci/operator:1.15.0
+quay.io/kubevirtci/pilot:1.15.0
+quay.io/kubevirtci/proxyv2:1.15.0
+quay.io/prometheus-operator/prometheus-config-reloader:v0.47.0
+quay.io/calico/cni:v3.18.0
+quay.io/calico/kube-controllers:v3.18.0
+quay.io/calico/node:v3.18.0
+quay.io/calico/pod2daemon-flexvol:v3.18.0
diff --git a/cluster-provision/k8s/1.27/fetch-images.sh b/cluster-provision/k8s/1.27/fetch-images.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set -euo pipefail
+
+function usage() {
+    cat <<EOF
+Usage: $0 <k8s-cluster-dir> [source-image-list]
+
+    Fetches all images from the cluster provision source and manifests. Returns a list that is sorted and
+    without double entries.
+
+    If source-image-list is provided this is taken as an input and added to the result.
+
+EOF
+}
+
+function check_args() {
+    if [ "$#" -lt 1 ]; then
+        usage
+        exit 1
+    fi
+    if [ ! -d "$1" ]; then
+        usage
+        echo "Directory $1 does not exist"
+        exit 1
+    fi
+}
+
+function main() {
+    check_args "$@"
+
+    temp_file=$(mktemp)
+    trap 'rm -f "${temp_file}"' EXIT SIGINT SIGTERM
+
+    provision_dir="$1"
+    image_regex='([a-z0-9\_\.]+[/-]?)+(@sha256)?:[a-z0-9\_\.\-]+'
+    image_regex_w_double_quotes='"?'"${image_regex}"'"?'
+
+    (
+        # Avoid bailing out because of nothing found in scripts part
+        set +e
+        find "$provision_dir" -type f -name '*.sh' -print0 |
+            xargs -0 grep -iE '(docker|podman)[ _]pull[^ ]+ '"${image_regex_w_double_quotes}"
+        find "$provision_dir" -type f -name '*.yaml' -print0 |
+            xargs -0 grep -iE '(image|value): '"${image_regex_w_double_quotes}"
+        set -e
+        # last `grep -v` is necessary to avoid trying to pre pull istio "images", as the regex also matches on values
+        # from the generated istio deployment manifest
+    ) | grep -ioE "${image_regex_w_double_quotes}"'$' | grep -v '.svc:' >>"${temp_file}"
+
+    sed -E 's/"//g' "${temp_file}" | sort | uniq
+}
+
+main "$@"
diff --git a/cluster-provision/k8s/1.27/istio.sh b/cluster-provision/k8s/1.27/istio.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+set -xe
+
+source /var/lib/kubevirtci/shared_vars.sh
+
+export PATH=$ISTIO_BIN_DIR:$PATH
+
+kubectl --kubeconfig /etc/kubernetes/admin.conf create ns istio-system
+istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init
+
+istio_manifests_dir=/opt/istio
+mkdir -p /opt/istio
+cat <<EOF >$istio_manifests_dir/istio-operator.tpl.yaml
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+  namespace: istio-system
+  name: istio-operator
+spec:
+  profile: demo
+  hub: quay.io/kubevirtci
+  components:
+    cni:
+      enabled: true
+      namespace: kube-system
+  values:
+    global:
+      jwtPolicy: first-party-jwt
+    cni:
+      chained: \$ISTIO_CNI_CHAINED
+      cniBinDir: /opt/cni/bin
+      cniConfDir: \$ISTIO_CNI_CONF_DIR
+      privileged: true
+      excludeNamespaces:
+       - istio-system
+       - kube-system
+      logLevel: debug
+EOF
+
+# generate istio-operator for usage with cnao enabled
+ISTIO_CNI_CHAINED=false ISTIO_CNI_CONF_DIR=/etc/cni/multus/net.d envsubst < $istio_manifests_dir/istio-operator.tpl.yaml > $istio_manifests_dir/istio-operator-with-cnao.cr.yaml
+cat <<EOF >>$istio_manifests_dir/istio-operator-with-cnao.yaml
+      cniConfFileName: "istio-cni.conf"
+    sidecarInjectorWebhook:
+      injectedAnnotations:
+        "k8s.v1.cni.cncf.io/networks": istio-cni
+EOF
+
+# generate istio-operator cr for usage without cnao
+ISTIO_CNI_CHAINED=true ISTIO_CNI_CONF_DIR=/etc/cni/net.d envsubst < $istio_manifests_dir/istio-operator.tpl.yaml > $istio_manifests_dir/istio-operator.cr.yaml