Skip to content

Commit

Permalink
Merge pull request #32125 from jsafrane/selinux-rwx
Browse files Browse the repository at this point in the history 
Add CI job for SELinuxMount feature gate
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Mar 1, 2024
2 parents 2f9c1ce + 645c7c7 commit f0b607a
Show file tree
Hide file tree
Showing 11 changed files with 334 additions and 231 deletions.
39 changes: 36 additions & 3 deletions config/jobs/kubernetes/kops/build_jobs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -858,7 +858,7 @@ def generate_misc():
runs_per_day=3,
extra_dashboards=['kops-misc']),

# [sig-storage, @jsafrane] A one-off scenario testing SELinux features, because kops
# [sig-storage, @jsafrane] Test SELinux features, because kops
# is the only way how to get Kubernetes on a Linux with SELinux in enforcing mode in CI.
# Test the latest kops and CI build of Kubernetes (=almost master).
build_test(name_override="kops-aws-selinux",
Expand All @@ -868,7 +868,6 @@ def generate_misc():
k8s_version="ci",
kops_channel="alpha",
feature_flags=['SELinuxMount'],
kubernetes_feature_gates="SELinuxMountReadWriteOncePod,ReadWriteOncePod",
extra_flags=[
"--set=cluster.spec.containerd.selinuxEnabled=true",
],
Expand All @@ -880,14 +879,48 @@ def generate_misc():
# - Driver: local: this is optimization only, the volume plugin does not
# support SELinux and there are several subvariants of local volumes
# that multiply nr. of tests.
skip_regex=r"\[Feature:Volumes\]|\[Driver:.nfs\]|\[Driver:.local\]",
# - FeatureGate:SELinuxMount: the feature gate is alpha / disabled by default
# in v1.30.
skip_regex=r"\[Feature:Volumes\]|\[Driver:.nfs\]|\[Driver:.local\]|\FeatureGate:SELinuxMount\]", # pylint: disable=line-too-long
# [Serial] and [Disruptive] are intentionally not skipped, therefore run
# everything as serial.
test_parallelism=1,
# Serial and Disruptive tests can be slow.
test_timeout_minutes=120,
runs_per_day=3),

# [sig-storage, @jsafrane] A one-off scenario testing SELinuxMount feature (alpha in v1.30).
# This will need to merge with kops-aws-selinux when SELinuxMount gets enabled by default.
build_test(name_override="kops-aws-selinux-alpha",
# RHEL8 VM image is enforcing SELinux by default.
distro="rhel8",
networking="cilium",
k8s_version="ci",
kops_channel="alpha",
feature_flags=['SELinuxMount'],
kubernetes_feature_gates="SELinuxMount",
extra_flags=[
"--set=cluster.spec.containerd.selinuxEnabled=true",
],
focus_regex=r"\[Feature:SELinux\]",
# Skip:
# - Feature:Volumes: skips iSCSI and Ceph tests, they don't have client tools
# installed on nodes.
# - Driver: nfs: NFS does not have client tools installed on nodes.
# - Driver: local: this is optimization only, the volume plugin does not
# support SELinux and there are several subvariants of local volumes
# that multiply nr. of tests.
# - Feature:SELinuxMountReadWriteOncePodOnly: these tests require SELinuxMount
# feature gate off.
skip_regex=r"\[Feature:Volumes\]|\[Driver:.nfs\]|\[Driver:.local\]|\[Feature:SELinuxMountReadWriteOncePodOnly\]", # pylint: disable=line-too-long
# [Serial] and [Disruptive] are intentionally not skipped, therefore run
# everything as serial.
test_parallelism=1,
# Serial and Disruptive tests can be slow.
test_timeout_minutes=120,
runs_per_day=3),


# test kube-up to kops jobs migration
build_test(name_override="ci-kubernetes-e2e-cos-gce-canary",
cloud="gce",
Expand Down
12 changes: 6 additions & 6 deletions config/jobs/kubernetes/kops/kops-periodics-conformance.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240220' --channel=alpha --networking=calico --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240301' --channel=alpha --networking=calico --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/markers/release-1.29/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable-1.29.txt \
--test=kops \
Expand Down Expand Up @@ -98,7 +98,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240220' --channel=alpha --networking=calico --zones=eu-central-1a --node-size=t4g.large --master-size=t4g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240301' --channel=alpha --networking=calico --zones=eu-central-1a --node-size=t4g.large --master-size=t4g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/markers/release-1.29/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable-1.29.txt \
--test=kops \
Expand Down Expand Up @@ -164,7 +164,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240220' --channel=alpha --networking=calico --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240301' --channel=alpha --networking=calico --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/markers/release-1.28/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable-1.28.txt \
--test=kops \
Expand Down Expand Up @@ -230,7 +230,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240220' --channel=alpha --networking=calico --zones=eu-central-1a --node-size=t4g.large --master-size=t4g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240301' --channel=alpha --networking=calico --zones=eu-central-1a --node-size=t4g.large --master-size=t4g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/markers/release-1.28/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable-1.28.txt \
--test=kops \
Expand Down Expand Up @@ -296,7 +296,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240220' --channel=alpha --networking=calico --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240301' --channel=alpha --networking=calico --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/markers/release-1.27/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable-1.27.txt \
--test=kops \
Expand Down Expand Up @@ -362,7 +362,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240220' --channel=alpha --networking=calico --zones=eu-central-1a --node-size=t4g.large --master-size=t4g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240301' --channel=alpha --networking=calico --zones=eu-central-1a --node-size=t4g.large --master-size=t4g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/markers/release-1.27/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable-1.27.txt \
--test=kops \
Expand Down
10 changes: 5 additions & 5 deletions config/jobs/kubernetes/kops/kops-periodics-distros.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20240215' --channel=alpha --networking=cilium --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20240229' --channel=alpha --networking=cilium --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/bin/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable.txt \
--test=kops \
Expand Down Expand Up @@ -288,7 +288,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-20240215' --channel=alpha --networking=cilium --zones=eu-west-1a --node-size=m6g.large --master-size=m6g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-20240229' --channel=alpha --networking=cilium --zones=eu-west-1a --node-size=m6g.large --master-size=m6g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/bin/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable.txt \
--test=kops \
Expand Down Expand Up @@ -352,7 +352,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240220' --channel=alpha --networking=cilium --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240301' --channel=alpha --networking=cilium --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/bin/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable.txt \
--test=kops \
Expand Down Expand Up @@ -416,7 +416,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240220' --channel=alpha --networking=cilium --zones=eu-west-1a --node-size=m6g.large --master-size=m6g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20240301' --channel=alpha --networking=cilium --zones=eu-west-1a --node-size=m6g.large --master-size=m6g.large --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/bin/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable.txt \
--test=kops \
Expand Down Expand Up @@ -480,7 +480,7 @@ periodics:
-v 2 \
--up --down \
--cloud-provider=aws \
--create-args="--image='137112412989/amzn2-ami-kernel-5.10-hvm-2.0.20240131.0-x86_64-gp2' --channel=alpha --networking=cilium --discovery-store=s3://k8s-kops-prow/discovery" \
--create-args="--image='137112412989/amzn2-ami-kernel-5.10-hvm-2.0.20240223.0-x86_64-gp2' --channel=alpha --networking=cilium --discovery-store=s3://k8s-kops-prow/discovery" \
--kops-version-marker=https://storage.googleapis.com/kops-ci/bin/latest-ci-updown-green.txt \
--kubernetes-version=https://dl.k8s.io/release/stable.txt \
--test=kops \
Expand Down
Loading

0 comments on commit f0b607a

Please sign in to comment.