Step: ipi-conf-azure-arcconformance

Runs the Arc Enabled Kubernetes Validation Program[1] suite. [1] https://github.com/Azure/azure-arc-validation.

Container image used for this step: azure/ci-base:latest

azure/ci-base:latest resolves to an image imported from the specified imagestream tag on the build farm (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
AZURE_SA_CONNECTION_STRING_PATH Parameter[?] (default: /var/run/cluster-secrets-azure-arcconformance-sa/azure-arcconformance-sa-connection-string)
AZURE_SA_CONTAINER_NAME Parameter[?] (default: redhat-testresults)
AZURE_REGION Parameter[?] (default: eastus)

Source Code

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/bin/bash

set -o nounset
set -o errexit
set -o pipefail

echo "$(date -u --rfc-3339=seconds) - Leased resource is ${LEASED_RESOURCE}"

if [[ -z "$AZURE_SA_CONNECTION_STRING_PATH" ]]; then
  echo "$(date -u --rfc-3339=seconds) - Connection string secret is not set"
  exit 1
else
  if [[ -f "${AZURE_SA_CONNECTION_STRING_PATH}" ]]; then
    AZURE_SA_CONNECTION_STRING=$(<${AZURE_SA_CONNECTION_STRING_PATH})
  else
    echo "$(date -u --rfc-3339=seconds) - Connection string secret file not present"
    exit 1
  fi
fi

export PATH=$PATH:/tmp/bin
mkdir /tmp/bin

echo "$(date -u --rfc-3339=seconds) - Installing tools..."

# install sonobuoy
# TODO move to image
curl -L https://github.com/vmware-tanzu/sonobuoy/releases/download/v0.20.0/sonobuoy_0.20.0_linux_amd64.tar.gz | tar xvzf - -C /tmp/bin/ sonobuoy
chmod ug+x /tmp/bin/sonobuoy
sonobuoy version

# install jq
# TODO move to image
curl -sL https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 > /tmp/bin/jq
chmod ug+x /tmp/bin/jq
jq

# install yq
# TODO move to image
curl -L https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 > /tmp/bin/yq 
chmod ug+x /tmp/bin/yq
yq --version

# az should already be there
az version

# install newest oc
curl https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz | tar xvzf - -C /tmp/bin/ oc
chmod ug+x /tmp/bin/oc

echo "$(date -u --rfc-3339=seconds) - Collecting parameters..."

# set the parameters we'll need as env vars
AZURE_AUTH_LOCATION="${CLUSTER_PROFILE_DIR}/osServicePrincipal.json"
AZURE_AUTH_CLIENT_ID="$(cat ${AZURE_AUTH_LOCATION} | jq -r .clientId)"
AZURE_AUTH_CLIENT_SECRET="$(cat ${AZURE_AUTH_LOCATION} | jq -r .clientSecret)"
AZURE_AUTH_TENANT_ID="$(cat ${AZURE_AUTH_LOCATION} | jq -r .tenantId)"
AZURE_AUTH_SUBSCRIPTION_ID="$(cat ${AZURE_AUTH_LOCATION} | jq -r .subscriptionId)"

CLUSTER_NAME="$(oc get -o jsonpath='{.status.infrastructureName}' infrastructure cluster)"
CLUSTER_VERSION="$(/tmp/bin/oc adm release info -o json | jq -r .metadata.version)"
RESOURCE_GROUP="$(oc get -o jsonpath='{.status.platformStatus.azure.resourceGroupName}' infrastructure cluster)"
if [ -z $AZURE_REGION ]; then REGION="${LEASED_RESOURCE}"; else REGION="${AZURE_REGION}"; fi
KUBERNETES_DISTRIBUTION="openshift"
DNS_NAMESPACE="openshift-dns"
DNS_POD_LABELS="dns.operator.openshift.io/daemonset-dns"
CONFORMANCE_YAML_PATH="${ARTIFACT_DIR}/conformance.yaml"

echo "$(date -u --rfc-3339=seconds) - Logging in to Azure..."

# log in with az
az login --service-principal -u "${AZURE_AUTH_CLIENT_ID}" -p "${AZURE_AUTH_CLIENT_SECRET}" --tenant "${AZURE_AUTH_TENANT_ID}"

echo "$(date -u --rfc-3339=seconds) - Registering Kubernetes provider to Azure subscription..."

# make sure the provider is registered in this Azure subscription
az provider register --namespace Microsoft.Kubernetes --wait

echo "$(date -u --rfc-3339=seconds) - Downloading conformance test suite..."

# download the latest certification conformance suite
curl -L https://raw.githubusercontent.com/Azure/azure-arc-validation/main/conformance.yaml 2>/dev/null > ${CONFORMANCE_YAML_PATH}

echo "$(date -u --rfc-3339=seconds) - Starting test suite from ${CONFORMANCE_YAML_PATH}..."

# run sonobuoy
sonobuoy run --plugin "${CONFORMANCE_YAML_PATH}" \
  --plugin-env azure-arc-conformance.TENANT_ID="${AZURE_AUTH_TENANT_ID}" \
  --plugin-env azure-arc-conformance.SUBSCRIPTION_ID="${AZURE_AUTH_SUBSCRIPTION_ID}" \
  --plugin-env azure-arc-conformance.RESOURCE_GROUP="${RESOURCE_GROUP}" \
  --plugin-env azure-arc-conformance.CLUSTER_NAME="${CLUSTER_NAME}" \
  --plugin-env azure-arc-conformance.LOCATION="${REGION}" \
  --plugin-env azure-arc-conformance.CLIENT_ID="${AZURE_AUTH_CLIENT_ID}" \
  --plugin-env azure-arc-conformance.CLIENT_SECRET="${AZURE_AUTH_CLIENT_SECRET}" \
  --plugin-env azure-arc-conformance.KUBERNETES_DISTRIBUTION="${KUBERNETES_DISTRIBUTION}" \
  --dns-namespace="${DNS_NAMESPACE}" \
  --dns-pod-labels="${DNS_POD_LABELS}"

# wait for the sonobuoy instance to become ready
oc wait pod/sonobuoy -n sonobuoy --for condition=Ready --timeout=30s

# wait for sonobuoy to finish
status="running"
while [[ "$status" =~ "running" ]]; do
  sleep 5
  status=$(sonobuoy status --json | jq -r ".plugins[0].status")
done

echo "$(date -u --rfc-3339=seconds) - Waiting for tests to finish..."

# check sonobuoy run status
result=""
while [[ -z "${result}" ]]; do
  sleep 5
  result=$(sonobuoy status --json | jq -r '.plugins[0]["result-status"]')
done

echo "$(date -u --rfc-3339=seconds) - Testing finished, retrieving status and assets..."

sonobuoy status --json > /tmp/status.json
sonobuoy retrieve "${ARTIFACT_DIR}"

# upload assets to the shared blob defined in the AZURE_SA_CONNECTION_STRING env var
echo "$(date -u --rfc-3339=seconds) - Uploading assets to Azure blob..."

SONOBUOY_ASSETS_FILE_PATH="$(find ${ARTIFACT_DIR} -type f -name "*_sonobuoy_*" -regextype posix-extended -regex ".*\.(tar|tar\.gz)$" | head -1)"

if [[ -z "$SONOBUOY_ASSETS_FILE_PATH" ]]; then
  echo "$(date -u --rfc-3339=seconds) - Sonobuoy assets file not present, skipping upload"
else
  SONOBUOY_ASSETS_FILENAME="$(basename -- ${SONOBUOY_ASSETS_FILE_PATH})"
  base="$(echo "${SONOBUOY_ASSETS_FILENAME}" | cut -f 1 -d '.')"

  echo "$(date -u --rfc-3339=seconds) - Uploading ${SONOBUOY_ASSETS_FILENAME} to container ${AZURE_SA_CONTAINER_NAME}..."
  az storage blob upload \
    --container-name "${AZURE_SA_CONTAINER_NAME}" \
    --name "${CLUSTER_VERSION}/${SONOBUOY_ASSETS_FILENAME}" \
    --file "${SONOBUOY_ASSETS_FILE_PATH}" \
    --connection-string "${AZURE_SA_CONNECTION_STRING}" \
    --auth-mode key \
    --validate-content \
    --metadata "result=${result}"

  echo "$(date -u --rfc-3339=seconds) - Uploading status json file to container ${AZURE_SA_CONTAINER_NAME}..."
  az storage blob upload \
    --container-name "${AZURE_SA_CONTAINER_NAME}" \
    --name "${CLUSTER_VERSION}/${base}.json" \
    --file "/tmp/status.json" \
    --connection-string "${AZURE_SA_CONNECTION_STRING}" \
    --auth-mode key \
    --validate-content \
    --metadata "result=${result}"
fi

echo "$(date -u --rfc-3339=seconds) - Tearing down..."

sonobuoy delete

echo "$(date -u --rfc-3339=seconds) - Sonobuoy test result is: ${result}"
if [[ "$result" =~ "failed" ]]; then
  exit 1
fi

Properties

Property Value Description
Resource requests (cpu) 100m Used in .resources.requests of the pod running this step.
Resource requests (memory) 100Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/ipi/conf/azure/arcconformance/ipi-conf-azure-arcconformance-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub