SPLAT-2501: added jobs for CCM-AWS and CCCMO TechPreview

mtulio · mtulio · commit 0e15bbe549cc · 2025-09-16T14:00:00.000-03:00
Introduce optional presubmit and presubmit jobs for CCM-AWS and
CCCMO projects using feature set TechPreview to test gates under
this set, including the NLB+SG feature.

Additionally, the e2e-aws-ccm workflow is now collecting the
loadbalancer information from a service (router as example).
diff --git a/ci-operator/config/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main.yaml b/ci-operator/config/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main.yaml
@@ -113,6 +113,15 @@ tests:
   steps:
     cluster_profile: aws-2
     workflow: openshift-upgrade-aws
+- always_run: false
+  as: e2e-aws-ovn-techpreview
+  optional: true
+  skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$
+  steps:
+    cluster_profile: aws
+    env:
+      FEATURE_SET: TechPreviewNoUpgrade
+    workflow: openshift-e2e-aws-ccm-techpreview
 - as: e2e-aws-ovn-cgroupsv2
   optional: true
   skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$
diff --git a/ci-operator/config/openshift/cluster-cloud-controller-manager-operator/openshift-cluster-cloud-controller-manager-operator-main.yaml b/ci-operator/config/openshift/cluster-cloud-controller-manager-operator/openshift-cluster-cloud-controller-manager-operator-main.yaml
@@ -88,6 +88,15 @@ tests:
   steps:
     cluster_profile: aws-2
     workflow: openshift-upgrade-aws
+- always_run: false
+  as: e2e-aws-ovn-techpreview
+  optional: true
+  skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$
+  steps:
+    cluster_profile: aws
+    env:
+      FEATURE_SET: TechPreviewNoUpgrade
+    workflow: openshift-e2e-aws-ccm-techpreview
 - always_run: false
   as: e2e-azure-manual-oidc
   optional: true
diff --git a/ci-operator/config/openshift/release/openshift-release-master__nightly-4.21.yaml b/ci-operator/config/openshift/release/openshift-release-master__nightly-4.21.yaml
@@ -167,6 +167,13 @@ tests:
       enable:
       - observers-resource-watch
     workflow: openshift-e2e-aws-single-node
+- as: e2e-aws-ccm-techpreview
+  interval: 168h
+  steps:
+    cluster_profile: aws
+    env:
+      FEATURE_SET: TechPreviewNoUpgrade
+    workflow: openshift-e2e-aws-ccm-techpreview
 - as: e2e-metal-ovn-single-node-rt-upgrade
   interval: 168h
   steps:
diff --git a/ci-operator/jobs/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main-presubmits.yaml b/ci-operator/jobs/openshift/cloud-provider-aws/openshift-cloud-provider-aws-main-presubmits.yaml
@@ -149,6 +149,81 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-aws-ovn-cgroupsv2,?($|\s.*)
+  - agent: kubernetes
+    always_run: false
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build03
+    context: ci/prow/e2e-aws-ovn-techpreview
+    decorate: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-cloud-provider-aws-main-e2e-aws-ovn-techpreview
+    optional: true
+    path_alias: k8s.io/cloud-provider-aws
+    rerun_command: /test e2e-aws-ovn-techpreview
+    skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=e2e-aws-ovn-techpreview
+        command:
+        - ci-operator
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )e2e-aws-ovn-techpreview,?($|\s.*)
   - agent: kubernetes
     always_run: false
     branches:
diff --git a/ci-operator/jobs/openshift/cluster-cloud-controller-manager-operator/openshift-cluster-cloud-controller-manager-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/cluster-cloud-controller-manager-operator/openshift-cluster-cloud-controller-manager-operator-main-presubmits.yaml
@@ -73,6 +73,80 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-aws-ovn,?($|\s.*)
+  - agent: kubernetes
+    always_run: false
+    branches:
+    - ^main$
+    - ^main-
+    cluster: build01
+    context: ci/prow/e2e-aws-ovn-techpreview
+    decorate: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-cluster-cloud-controller-manager-operator-main-e2e-aws-ovn-techpreview
+    optional: true
+    rerun_command: /test e2e-aws-ovn-techpreview
+    skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=e2e-aws-ovn-techpreview
+        command:
+        - ci-operator
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )e2e-aws-ovn-techpreview,?($|\s.*)
   - agent: kubernetes
     always_run: false
     branches:
diff --git a/ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml b/ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml
@@ -161167,6 +161167,82 @@ periodics:
     - name: result-aggregator
       secret:
         secretName: result-aggregator
+- agent: kubernetes
+  cluster: build11
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: master
+    org: openshift
+    repo: release
+  interval: 168h
+  labels:
+    ci-operator.openshift.io/cloud: aws
+    ci-operator.openshift.io/cloud-cluster-profile: aws
+    ci-operator.openshift.io/variant: nightly-4.21
+    ci.openshift.io/generator: prowgen
+    ci.openshift.io/no-builds: "true"
+    job-release: "4.21"
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-release-master-nightly-4.21-e2e-aws-ccm-techpreview
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --lease-server-credentials-file=/etc/boskos/credentials
+      - --report-credentials-file=/etc/report/credentials
+      - --secret-dir=/secrets/ci-pull-credentials
+      - --target=e2e-aws-ccm-techpreview
+      - --variant=nightly-4.21
+      command:
+      - ci-operator
+      image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /etc/boskos
+        name: boskos
+        readOnly: true
+      - mountPath: /secrets/ci-pull-credentials
+        name: ci-pull-credentials
+        readOnly: true
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: boskos
+      secret:
+        items:
+        - key: credentials
+          path: credentials
+        secretName: boskos-credentials
+    - name: ci-pull-credentials
+      secret:
+        secretName: ci-pull-credentials
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator
 - agent: kubernetes
   cluster: build11
   decorate: true
diff --git a/ci-operator/step-registry/ccm/gather/OWNERS b/ci-operator/step-registry/ccm/gather/OWNERS
@@ -0,0 +1 @@
+../OWNERS
diff --git a/ci-operator/step-registry/ccm/gather/service-aws/OWNERS b/ci-operator/step-registry/ccm/gather/service-aws/OWNERS
@@ -0,0 +1 @@
+../OWNERS
diff --git a/ci-operator/step-registry/ccm/gather/service-aws/ccm-gather-service-aws-commands.sh b/ci-operator/step-registry/ccm/gather/service-aws/ccm-gather-service-aws-commands.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+#
+#  ccm-gather-service-aws step collects Load Balancer information from AWS API.
+#
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+if test ! -f "${KUBECONFIG}"
+then
+	echo "No kubeconfig, so no point in calling ccm-gather-service-aws."
+	exit 0
+fi
+
+if ! command -v aws &>/dev/null; then
+	echo "AWS CLI not found, skipping..."
+	exit 0
+fi
+
+if test ! -f "${CLUSTER_PROFILE_DIR}/.awscred"; then
+	echo "No AWS credentials, skipping..."
+	exit 0
+fi
+
+export AWS_SHARED_CREDENTIALS_FILE=${CLUSTER_PROFILE_DIR}/.awscred
+export AWS_REGION=${LEASED_RESOURCE}
+
+function gather_lb_info_for_service() {
+	local service_name=$1
+	local namespace=$2
+	local artifact_file="${ARTIFACT_DIR}/${namespace}-${service_name}-loadbalancer.json"
+
+	echo "Gathering Service LoadBalancer Hostname of ${namespace}/${service_name} service..."
+
+	LB_DNS=$(oc get svc/"${service_name}" -n "${namespace}" -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+	LB_NAME=$(echo $LB_DNS | sed -e 's/\..*//' -e 's/-[^-]*$//')
+
+	echo "Service (${namespace}/${service_name}): LoadBalancer Name=${LB_NAME} Hostname=${LB_DNS}"
+
+	# CLB lookup
+	{
+		if aws elb describe-load-balancers --load-balancer-names $LB_NAME \
+			--query 'LoadBalancerDescriptions[0].{LoadBalancerName:LoadBalancerName,DNSName:DNSName,CreatedTime:CreatedTime,AvailabilityZones:AvailabilityZones,SecurityGroups:SecurityGroups,IpAddressType:IpAddressType,Scheme:Scheme}' \
+			--output json | jq '. + {Type: "Classic"}' > /tmp/output_clb.json; then
+			echo "CLB found for LoadBalancer Name=${LB_NAME}, saving to ${artifact_file}"
+			cat /tmp/output_clb.json >> "${artifact_file}"
+		else
+			echo "No CLB found for LoadBalancer Name=${LB_NAME}"
+		fi
+	} || true
+
+	# NLB lookup
+	{
+		if aws elbv2 describe-load-balancers --names $LB_NAME \
+			--query 'LoadBalancers[0].{DNSName:DNSName,CreatedTime:CreatedTime,LoadBalancerName:LoadBalancerName,State:State,Type:Type,AvailabilityZones:AvailabilityZones,SecurityGroups:SecurityGroups,IpAddressType:IpAddressType,Scheme:Scheme}' \
+			> /tmp/output_nlb.json; then
+			echo "NLB found for LoadBalancer Name=${LB_NAME}, saving to ${artifact_file}"
+			cat /tmp/output_nlb.json >> "${artifact_file}"
+		else
+			echo "No NLB found for LoadBalancer Name=${LB_NAME}"
+		fi
+	} || true
+}
+
+# Discovery the Load Balancer hostname of default ingresscontroller service and
+# remove the domain from the hostname and AWS-appended random string to get the load balancer name
+gather_lb_info_for_service "router-default" "openshift-ingress"
diff --git a/ci-operator/step-registry/ccm/gather/service-aws/ccm-gather-service-aws-ref.metadata.json b/ci-operator/step-registry/ccm/gather/service-aws/ccm-gather-service-aws-ref.metadata.json
@@ -0,0 +1,23 @@
+{
+	"path": "ccm/gather/service-aws/ccm-gather-service-aws-ref.yaml",
+	"owners": {
+		"approvers": [
+			"danil-grigorev",
+			"elmiko",
+			"fedosin",
+			"joelspeed",
+			"mandre",
+			"mdbooth",
+			"stephenfin"
+		],
+		"reviewers": [
+			"danil-grigorev",
+			"elmiko",
+			"fedosin",
+			"joelspeed",
+			"mandre",
+			"mdbooth",
+			"stephenfin"
+		]
+	}
+}
diff --git a/ci-operator/step-registry/ccm/gather/service-aws/ccm-gather-service-aws-ref.yaml b/ci-operator/step-registry/ccm/gather/service-aws/ccm-gather-service-aws-ref.yaml
diff --git a/ci-operator/step-registry/openshift/e2e/aws/ccm/techpreview/OWNERS b/ci-operator/step-registry/openshift/e2e/aws/ccm/techpreview/OWNERS
diff --git a/ci-operator/step-registry/openshift/e2e/aws/ccm/techpreview/openshift-e2e-aws-ccm-techpreview-workflow.metadata.json b/ci-operator/step-registry/openshift/e2e/aws/ccm/techpreview/openshift-e2e-aws-ccm-techpreview-workflow.metadata.json
diff --git a/ci-operator/step-registry/openshift/e2e/aws/ccm/techpreview/openshift-e2e-aws-ccm-techpreview-workflow.yaml b/ci-operator/step-registry/openshift/e2e/aws/ccm/techpreview/openshift-e2e-aws-ccm-techpreview-workflow.yaml
