You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

741 lines
21 KiB

8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
  1. stages:
  2. - moderator
  3. - unit-tests
  4. - deploy-gce-part1
  5. - deploy-gce-part2
  6. - deploy-gce-special
  7. variables:
  8. FAILFASTCI_NAMESPACE: 'kargo-ci'
  9. # DOCKER_HOST: tcp://localhost:2375
  10. ANSIBLE_FORCE_COLOR: "true"
  11. # asia-east1-a
  12. # asia-northeast1-a
  13. # europe-west1-b
  14. # us-central1-a
  15. # us-east1-b
  16. # us-west1-a
  17. before_script:
  18. - pip install -r tests/requirements.txt
  19. - mkdir -p /.ssh
  20. - cp tests/ansible.cfg .
  21. .job: &job
  22. tags:
  23. - kubernetes
  24. - docker
  25. image: quay.io/ant31/kargo:master
  26. .docker_service: &docker_service
  27. services:
  28. - docker:dind
  29. .create_cluster: &create_cluster
  30. <<: *job
  31. <<: *docker_service
  32. .gce_variables: &gce_variables
  33. GCE_USER: travis
  34. SSH_USER: $GCE_USER
  35. TEST_ID: "$CI_PIPELINE_ID-$CI_BUILD_ID"
  36. CONTAINER_ENGINE: docker
  37. PRIVATE_KEY: $GCE_PRIVATE_KEY
  38. GS_ACCESS_KEY_ID: $GS_KEY
  39. GS_SECRET_ACCESS_KEY: $GS_SECRET
  40. CLOUD_MACHINE_TYPE: "g1-small"
  41. ANSIBLE_KEEP_REMOTE_FILES: "1"
  42. ANSIBLE_CONFIG: ./tests/ansible.cfg
  43. BOOTSTRAP_OS: none
  44. DOWNLOAD_LOCALHOST: "false"
  45. DOWNLOAD_RUN_ONCE: "false"
  46. IDEMPOT_CHECK: "false"
  47. RESET_CHECK: "false"
  48. UPGRADE_TEST: "false"
  49. KUBEADM_ENABLED: "false"
  50. RESOLVCONF_MODE: docker_dns
  51. LOG_LEVEL: "-vv"
  52. ETCD_DEPLOYMENT: "docker"
  53. KUBELET_DEPLOYMENT: "host"
  54. VAULT_DEPLOYMENT: "docker"
  55. WEAVE_CPU_LIMIT: "100m"
  56. AUTHORIZATION_MODES: "{ 'authorization_modes': [] }"
  57. MAGIC: "ci check this"
  58. .gce: &gce
  59. <<: *job
  60. <<: *docker_service
  61. cache:
  62. key: "$CI_BUILD_REF_NAME"
  63. paths:
  64. - downloads/
  65. - $HOME/.cache
  66. before_script:
  67. - docker info
  68. - pip install -r tests/requirements.txt
  69. - mkdir -p /.ssh
  70. - mkdir -p $HOME/.ssh
  71. - echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa
  72. - echo $GCE_PEM_FILE | base64 -d > $HOME/.ssh/gce
  73. - echo $GCE_CREDENTIALS > $HOME/.ssh/gce.json
  74. - chmod 400 $HOME/.ssh/id_rsa
  75. - ansible-playbook --version
  76. - export PYPATH=$([ $BOOTSTRAP_OS = none ] && echo /usr/bin/python || echo /opt/bin/python)
  77. script:
  78. - pwd
  79. - ls
  80. - echo ${PWD}
  81. - echo "${STARTUP_SCRIPT}"
  82. - >
  83. ansible-playbook tests/cloud_playbooks/create-gce.yml -i tests/local_inventory/hosts.cfg -c local
  84. ${LOG_LEVEL}
  85. -e cloud_image=${CLOUD_IMAGE}
  86. -e cloud_region=${CLOUD_REGION}
  87. -e gce_credentials_file=${HOME}/.ssh/gce.json
  88. -e gce_project_id=${GCE_PROJECT_ID}
  89. -e gce_service_account_email=${GCE_ACCOUNT}
  90. -e cloud_machine_type=${CLOUD_MACHINE_TYPE}
  91. -e inventory_path=${PWD}/inventory/inventory.ini
  92. -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
  93. -e mode=${CLUSTER_MODE}
  94. -e test_id=${TEST_ID}
  95. -e startup_script="'${STARTUP_SCRIPT}'"
  96. # Check out latest tag if testing upgrade
  97. # Uncomment when gitlab kargo repo has tags
  98. #- test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
  99. - test "${UPGRADE_TEST}" != "false" && git checkout 72ae7638bcc94c66afa8620dfa4ad9a9249327ea
  100. # Create cluster
  101. - >
  102. ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER
  103. ${SSH_ARGS}
  104. ${LOG_LEVEL}
  105. -e ansible_python_interpreter=${PYPATH}
  106. -e ansible_ssh_user=${SSH_USER}
  107. -e bootstrap_os=${BOOTSTRAP_OS}
  108. -e cloud_provider=gce
  109. -e cert_management=${CERT_MGMT:-script}
  110. -e "{deploy_netchecker: true}"
  111. -e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
  112. -e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
  113. -e etcd_deployment_type=${ETCD_DEPLOYMENT}
  114. -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
  115. -e kubedns_min_replicas=1
  116. -e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
  117. -e local_release_dir=${PWD}/downloads
  118. -e resolvconf_mode=${RESOLVCONF_MODE}
  119. -e vault_deployment_type=${VAULT_DEPLOYMENT}
  120. -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
  121. -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
  122. -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
  123. -e "${AUTHORIZATION_MODES}"
  124. --limit "all:!fake_hosts"
  125. cluster.yml
  126. # Repeat deployment if testing upgrade
  127. - >
  128. if [ "${UPGRADE_TEST}" != "false" ]; then
  129. test "${UPGRADE_TEST}" == "basic" && PLAYBOOK="cluster.yml";
  130. test "${UPGRADE_TEST}" == "graceful" && PLAYBOOK="upgrade-cluster.yml";
  131. git checkout "${CI_BUILD_REF}";
  132. ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER
  133. ${SSH_ARGS}
  134. ${LOG_LEVEL}
  135. -e ansible_python_interpreter=${PYPATH}
  136. -e ansible_ssh_user=${SSH_USER}
  137. -e bootstrap_os=${BOOTSTRAP_OS}
  138. -e cloud_provider=gce
  139. -e "{deploy_netchecker: true}"
  140. -e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
  141. -e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
  142. -e etcd_deployment_type=${ETCD_DEPLOYMENT}
  143. -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
  144. -e kubedns_min_replicas=1
  145. -e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
  146. -e local_release_dir=${PWD}/downloads
  147. -e resolvconf_mode=${RESOLVCONF_MODE}
  148. -e vault_deployment_type=${VAULT_DEPLOYMENT}
  149. -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
  150. -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
  151. -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
  152. -e "${AUTHORIZATION_MODES}"
  153. --limit "all:!fake_hosts"
  154. $PLAYBOOK;
  155. fi
  156. # Tests Cases
  157. ## Test Master API
  158. - >
  159. ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/010_check-apiserver.yml $LOG_LEVEL
  160. -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
  161. ## Ping the between 2 pod
  162. - ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/030_check-network.yml $LOG_LEVEL
  163. ## Advanced DNS checks
  164. - ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL
  165. ## Idempotency checks 1/5 (repeat deployment)
  166. - >
  167. if [ "${IDEMPOT_CHECK}" = "true" ]; then
  168. ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS
  169. -b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
  170. --private-key=${HOME}/.ssh/id_rsa
  171. -e bootstrap_os=${BOOTSTRAP_OS}
  172. -e cloud_provider=gce
  173. -e ansible_python_interpreter=${PYPATH}
  174. -e "{deploy_netchecker: true}"
  175. -e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
  176. -e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
  177. -e etcd_deployment_type=${ETCD_DEPLOYMENT}
  178. -e kubedns_min_replicas=1
  179. -e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
  180. -e local_release_dir=${PWD}/downloads
  181. -e resolvconf_mode=${RESOLVCONF_MODE}
  182. -e vault_deployment_type=${VAULT_DEPLOYMENT}
  183. -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
  184. -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
  185. -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
  186. -e "${AUTHORIZATION_MODES}"
  187. --limit "all:!fake_hosts"
  188. cluster.yml;
  189. fi
  190. ## Idempotency checks 2/5 (Advanced DNS checks)
  191. - >
  192. if [ "${IDEMPOT_CHECK}" = "true" ]; then
  193. ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH}
  194. -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root
  195. --limit "all:!fake_hosts"
  196. tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
  197. fi
  198. ## Idempotency checks 3/5 (reset deployment)
  199. - >
  200. if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
  201. ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS
  202. -b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
  203. --private-key=${HOME}/.ssh/id_rsa
  204. -e bootstrap_os=${BOOTSTRAP_OS}
  205. -e cloud_provider=gce
  206. -e ansible_python_interpreter=${PYPATH}
  207. -e reset_confirmation=yes
  208. --limit "all:!fake_hosts"
  209. reset.yml;
  210. fi
  211. ## Idempotency checks 4/5 (redeploy after reset)
  212. - >
  213. if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
  214. ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS
  215. -b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
  216. --private-key=${HOME}/.ssh/id_rsa
  217. -e bootstrap_os=${BOOTSTRAP_OS}
  218. -e cloud_provider=gce
  219. -e ansible_python_interpreter=${PYPATH}
  220. -e "{deploy_netchecker: true}"
  221. -e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
  222. -e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
  223. -e etcd_deployment_type=${ETCD_DEPLOYMENT}
  224. -e kubedns_min_replicas=1
  225. -e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
  226. -e local_release_dir=${PWD}/downloads
  227. -e resolvconf_mode=${RESOLVCONF_MODE}
  228. -e vault_deployment_type=${VAULT_DEPLOYMENT}
  229. -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
  230. -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
  231. -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
  232. -e "${AUTHORIZATION_MODES}"
  233. --limit "all:!fake_hosts"
  234. cluster.yml;
  235. fi
  236. ## Idempotency checks 5/5 (Advanced DNS checks)
  237. - >
  238. if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
  239. ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH}
  240. -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root
  241. --limit "all:!fake_hosts"
  242. tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
  243. fi
  244. after_script:
  245. - >
  246. ansible-playbook -i inventory/inventory.ini tests/cloud_playbooks/delete-gce.yml -c local $LOG_LEVEL
  247. -e mode=${CLUSTER_MODE}
  248. -e test_id=${TEST_ID}
  249. -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
  250. -e gce_project_id=${GCE_PROJECT_ID}
  251. -e gce_service_account_email=${GCE_ACCOUNT}
  252. -e gce_credentials_file=${HOME}/.ssh/gce.json
  253. -e cloud_image=${CLOUD_IMAGE}
  254. -e inventory_path=${PWD}/inventory/inventory.ini
  255. -e cloud_region=${CLOUD_REGION}
  256. # Test matrix. Leave the comments for markup scripts.
  257. .coreos_calico_aio_variables: &coreos_calico_aio_variables
  258. # stage: deploy-gce-part1
  259. AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
  260. KUBE_NETWORK_PLUGIN: calico
  261. CLOUD_IMAGE: coreos-stable-1465-6-0-v20170817
  262. CLOUD_REGION: us-west1-b
  263. CLOUD_MACHINE_TYPE: "n1-standard-2"
  264. CLUSTER_MODE: aio
  265. BOOTSTRAP_OS: coreos
  266. RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
  267. ##User-data to simply turn off coreos upgrades
  268. STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'
  269. .ubuntu_canal_ha_rbac_variables: &ubuntu_canal_ha_rbac_variables
  270. # stage: deploy-gce-part1
  271. KUBE_NETWORK_PLUGIN: canal
  272. AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
  273. CLOUD_IMAGE: ubuntu-1604-xenial
  274. CLOUD_REGION: europe-west1-b
  275. CLUSTER_MODE: ha
  276. UPGRADE_TEST: "graceful"
  277. STARTUP_SCRIPT: ""
  278. .centos_weave_kubeadm_variables: &centos_weave_kubeadm_variables
  279. # stage: deploy-gce-part1
  280. KUBE_NETWORK_PLUGIN: weave
  281. AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
  282. CLOUD_IMAGE: centos-7
  283. CLOUD_MACHINE_TYPE: "n1-standard-1"
  284. CLOUD_REGION: us-central1-b
  285. CLUSTER_MODE: ha
  286. KUBEADM_ENABLED: "true"
  287. UPGRADE_TEST: "graceful"
  288. STARTUP_SCRIPT: ""
  289. .ubuntu_canal_kubeadm_variables: &ubuntu_canal_kubeadm_variables
  290. # stage: deploy-gce-part1
  291. KUBE_NETWORK_PLUGIN: canal
  292. AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
  293. CLOUD_IMAGE: ubuntu-1604-xenial
  294. CLOUD_MACHINE_TYPE: "n1-standard-1"
  295. CLOUD_REGION: europe-west1-b
  296. CLUSTER_MODE: ha
  297. KUBEADM_ENABLED: "true"
  298. STARTUP_SCRIPT: ""
  299. .rhel7_weave_variables: &rhel7_weave_variables
  300. # stage: deploy-gce-part1
  301. KUBE_NETWORK_PLUGIN: weave
  302. CLOUD_IMAGE: rhel-7
  303. CLOUD_REGION: europe-west1-b
  304. CLUSTER_MODE: default
  305. STARTUP_SCRIPT: ""
  306. .centos7_flannel_variables: &centos7_flannel_variables
  307. # stage: deploy-gce-part2
  308. KUBE_NETWORK_PLUGIN: flannel
  309. CLOUD_IMAGE: centos-7
  310. CLOUD_REGION: us-west1-a
  311. CLOUD_MACHINE_TYPE: "n1-standard-2"
  312. CLUSTER_MODE: default
  313. STARTUP_SCRIPT: ""
  314. .debian8_calico_variables: &debian8_calico_variables
  315. # stage: deploy-gce-part2
  316. KUBE_NETWORK_PLUGIN: calico
  317. CLOUD_IMAGE: debian-8-kubespray
  318. CLOUD_REGION: us-central1-b
  319. CLUSTER_MODE: default
  320. STARTUP_SCRIPT: ""
  321. .coreos_canal_variables: &coreos_canal_variables
  322. # stage: deploy-gce-part2
  323. KUBE_NETWORK_PLUGIN: canal
  324. CLOUD_IMAGE: coreos-stable-1465-6-0-v20170817
  325. CLOUD_REGION: us-east1-b
  326. CLUSTER_MODE: default
  327. BOOTSTRAP_OS: coreos
  328. IDEMPOT_CHECK: "true"
  329. RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
  330. STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'
  331. .rhel7_canal_sep_variables: &rhel7_canal_sep_variables
  332. # stage: deploy-gce-special
  333. KUBE_NETWORK_PLUGIN: canal
  334. CLOUD_IMAGE: rhel-7
  335. CLOUD_REGION: us-east1-b
  336. CLUSTER_MODE: separate
  337. STARTUP_SCRIPT: ""
  338. .ubuntu_weave_sep_variables: &ubuntu_weave_sep_variables
  339. # stage: deploy-gce-special
  340. KUBE_NETWORK_PLUGIN: weave
  341. CLOUD_IMAGE: ubuntu-1604-xenial
  342. CLOUD_REGION: us-central1-b
  343. CLUSTER_MODE: separate
  344. IDEMPOT_CHECK: "false"
  345. STARTUP_SCRIPT: ""
  346. .centos7_calico_ha_variables: &centos7_calico_ha_variables
  347. # stage: deploy-gce-special
  348. KUBE_NETWORK_PLUGIN: calico
  349. DOWNLOAD_LOCALHOST: "true"
  350. DOWNLOAD_RUN_ONCE: "true"
  351. CLOUD_IMAGE: centos-7
  352. CLOUD_REGION: europe-west1-b
  353. CLUSTER_MODE: ha-scale
  354. IDEMPOT_CHECK: "true"
  355. STARTUP_SCRIPT: ""
  356. .coreos_alpha_weave_ha_variables: &coreos_alpha_weave_ha_variables
  357. # stage: deploy-gce-special
  358. KUBE_NETWORK_PLUGIN: weave
  359. CLOUD_IMAGE: coreos-alpha-1506-0-0-v20170817
  360. CLOUD_REGION: us-west1-a
  361. CLUSTER_MODE: ha-scale
  362. BOOTSTRAP_OS: coreos
  363. RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
  364. STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'
  365. .ubuntu_rkt_sep_variables: &ubuntu_rkt_sep_variables
  366. # stage: deploy-gce-part1
  367. KUBE_NETWORK_PLUGIN: flannel
  368. CLOUD_IMAGE: ubuntu-1604-xenial
  369. CLOUD_REGION: us-central1-b
  370. CLUSTER_MODE: separate
  371. ETCD_DEPLOYMENT: rkt
  372. KUBELET_DEPLOYMENT: rkt
  373. STARTUP_SCRIPT: ""
  374. .ubuntu_vault_sep_variables: &ubuntu_vault_sep_variables
  375. # stage: deploy-gce-part1
  376. AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
  377. CLOUD_MACHINE_TYPE: "n1-standard-2"
  378. KUBE_NETWORK_PLUGIN: canal
  379. CERT_MGMT: vault
  380. CLOUD_IMAGE: ubuntu-1604-xenial
  381. CLOUD_REGION: us-central1-b
  382. CLUSTER_MODE: separate
  383. STARTUP_SCRIPT: ""
  384. .ubuntu_flannel_rbac_variables: &ubuntu_flannel_rbac_variables
  385. # stage: deploy-gce-special
  386. AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
  387. KUBE_NETWORK_PLUGIN: flannel
  388. CLOUD_IMAGE: ubuntu-1604-xenial
  389. CLOUD_REGION: europe-west1-b
  390. CLUSTER_MODE: separate
  391. STARTUP_SCRIPT: ""
  392. # Builds for PRs only (premoderated by unit-tests step) and triggers (auto)
  393. coreos-calico-aio:
  394. stage: deploy-gce-part1
  395. <<: *job
  396. <<: *gce
  397. variables:
  398. <<: *gce_variables
  399. <<: *coreos_calico_aio_variables
  400. when: on_success
  401. except: ['triggers']
  402. only: [/^pr-.*$/]
  403. coreos-calico-sep-triggers:
  404. stage: deploy-gce-part1
  405. <<: *job
  406. <<: *gce
  407. variables:
  408. <<: *gce_variables
  409. <<: *coreos_calico_aio_variables
  410. when: on_success
  411. only: ['triggers']
  412. centos7-flannel:
  413. stage: deploy-gce-part2
  414. <<: *job
  415. <<: *gce
  416. variables:
  417. <<: *gce_variables
  418. <<: *centos7_flannel_variables
  419. when: on_success
  420. except: ['triggers']
  421. only: [/^pr-.*$/]
  422. centos7-flannel-triggers:
  423. stage: deploy-gce-part1
  424. <<: *job
  425. <<: *gce
  426. variables:
  427. <<: *gce_variables
  428. <<: *centos7_flannel_variables
  429. when: on_success
  430. only: ['triggers']
  431. ubuntu-weave-sep:
  432. stage: deploy-gce-special
  433. <<: *job
  434. <<: *gce
  435. variables:
  436. <<: *gce_variables
  437. <<: *ubuntu_weave_sep_variables
  438. when: on_success
  439. except: ['triggers']
  440. only: [/^pr-.*$/]
  441. ubuntu-weave-sep-triggers:
  442. stage: deploy-gce-part1
  443. <<: *job
  444. <<: *gce
  445. variables:
  446. <<: *gce_variables
  447. <<: *ubuntu_weave_sep_variables
  448. when: on_success
  449. only: ['triggers']
  450. # More builds for PRs/merges (manual) and triggers (auto)
  451. ubuntu-canal-ha-rbac:
  452. stage: deploy-gce-part1
  453. <<: *job
  454. <<: *gce
  455. variables:
  456. <<: *gce_variables
  457. <<: *ubuntu_canal_ha_rbac_variables
  458. when: manual
  459. except: ['triggers']
  460. only: ['master', /^pr-.*$/]
  461. ubuntu-canal-ha-rbac-triggers:
  462. stage: deploy-gce-part1
  463. <<: *job
  464. <<: *gce
  465. variables:
  466. <<: *gce_variables
  467. <<: *ubuntu_canal_ha_rbac_variables
  468. when: on_success
  469. only: ['triggers']
  470. ubuntu-canal-kubeadm-rbac:
  471. stage: deploy-gce-part1
  472. <<: *job
  473. <<: *gce
  474. variables:
  475. <<: *gce_variables
  476. <<: *ubuntu_canal_kubeadm_variables
  477. when: manual
  478. except: ['triggers']
  479. only: ['master', /^pr-.*$/]
  480. ubuntu-canal-kubeadm-triggers:
  481. stage: deploy-gce-part1
  482. <<: *job
  483. <<: *gce
  484. variables:
  485. <<: *gce_variables
  486. <<: *ubuntu_canal_kubeadm_variables
  487. when: on_success
  488. only: ['triggers']
  489. centos-weave-kubeadm-rbac:
  490. stage: deploy-gce-part1
  491. <<: *job
  492. <<: *gce
  493. variables:
  494. <<: *gce_variables
  495. <<: *centos_weave_kubeadm_variables
  496. when: manual
  497. except: ['triggers']
  498. only: ['master', /^pr-.*$/]
  499. centos-weave-kubeadm-triggers:
  500. stage: deploy-gce-part1
  501. <<: *job
  502. <<: *gce
  503. variables:
  504. <<: *gce_variables
  505. <<: *centos_weave_kubeadm_variables
  506. when: on_success
  507. only: ['triggers']
  508. rhel7-weave:
  509. stage: deploy-gce-part1
  510. <<: *job
  511. <<: *gce
  512. variables:
  513. <<: *gce_variables
  514. <<: *rhel7_weave_variables
  515. when: manual
  516. except: ['triggers']
  517. only: ['master', /^pr-.*$/]
  518. rhel7-weave-triggers:
  519. stage: deploy-gce-part1
  520. <<: *job
  521. <<: *gce
  522. variables:
  523. <<: *gce_variables
  524. <<: *rhel7_weave_variables
  525. when: on_success
  526. only: ['triggers']
  527. debian8-calico-upgrade:
  528. stage: deploy-gce-part2
  529. <<: *job
  530. <<: *gce
  531. variables:
  532. <<: *gce_variables
  533. <<: *debian8_calico_variables
  534. when: manual
  535. except: ['triggers']
  536. only: ['master', /^pr-.*$/]
  537. debian8-calico-triggers:
  538. stage: deploy-gce-part1
  539. <<: *job
  540. <<: *gce
  541. variables:
  542. <<: *gce_variables
  543. <<: *debian8_calico_variables
  544. when: on_success
  545. only: ['triggers']
  546. coreos-canal:
  547. stage: deploy-gce-part2
  548. <<: *job
  549. <<: *gce
  550. variables:
  551. <<: *gce_variables
  552. <<: *coreos_canal_variables
  553. when: manual
  554. except: ['triggers']
  555. only: ['master', /^pr-.*$/]
  556. coreos-canal-triggers:
  557. stage: deploy-gce-part1
  558. <<: *job
  559. <<: *gce
  560. variables:
  561. <<: *gce_variables
  562. <<: *coreos_canal_variables
  563. when: on_success
  564. only: ['triggers']
  565. rhel7-canal-sep:
  566. stage: deploy-gce-special
  567. <<: *job
  568. <<: *gce
  569. variables:
  570. <<: *gce_variables
  571. <<: *rhel7_canal_sep_variables
  572. when: manual
  573. except: ['triggers']
  574. only: ['master', /^pr-.*$/,]
  575. rhel7-canal-sep-triggers:
  576. stage: deploy-gce-part1
  577. <<: *job
  578. <<: *gce
  579. variables:
  580. <<: *gce_variables
  581. <<: *rhel7_canal_sep_variables
  582. when: on_success
  583. only: ['triggers']
  584. centos7-calico-ha:
  585. stage: deploy-gce-special
  586. <<: *job
  587. <<: *gce
  588. variables:
  589. <<: *gce_variables
  590. <<: *centos7_calico_ha_variables
  591. when: manual
  592. except: ['triggers']
  593. only: ['master', /^pr-.*$/]
  594. centos7-calico-ha-triggers:
  595. stage: deploy-gce-part1
  596. <<: *job
  597. <<: *gce
  598. variables:
  599. <<: *gce_variables
  600. <<: *centos7_calico_ha_variables
  601. when: on_success
  602. only: ['triggers']
  603. # no triggers yet https://github.com/kubernetes-incubator/kargo/issues/613
  604. coreos-alpha-weave-ha:
  605. stage: deploy-gce-special
  606. <<: *job
  607. <<: *gce
  608. variables:
  609. <<: *gce_variables
  610. <<: *coreos_alpha_weave_ha_variables
  611. when: manual
  612. except: ['triggers']
  613. only: ['master', /^pr-.*$/]
  614. ubuntu-rkt-sep:
  615. stage: deploy-gce-part1
  616. <<: *job
  617. <<: *gce
  618. variables:
  619. <<: *gce_variables
  620. <<: *ubuntu_rkt_sep_variables
  621. when: manual
  622. except: ['triggers']
  623. only: ['master', /^pr-.*$/]
  624. ubuntu-vault-sep:
  625. stage: deploy-gce-part1
  626. <<: *job
  627. <<: *gce
  628. variables:
  629. <<: *gce_variables
  630. <<: *ubuntu_vault_sep_variables
  631. when: manual
  632. except: ['triggers']
  633. only: ['master', /^pr-.*$/]
  634. ubuntu-flannel-rbac-sep:
  635. stage: deploy-gce-special
  636. <<: *job
  637. <<: *gce
  638. variables:
  639. <<: *gce_variables
  640. <<: *ubuntu_flannel_rbac_variables
  641. when: manual
  642. except: ['triggers']
  643. only: ['master', /^pr-.*$/]
  644. # Premoderated with manual actions
  645. ci-authorized:
  646. <<: *job
  647. stage: moderator
  648. before_script:
  649. - apt-get -y install jq
  650. script:
  651. - /bin/sh scripts/premoderator.sh
  652. except: ['triggers', 'master']
  653. syntax-check:
  654. <<: *job
  655. stage: unit-tests
  656. script:
  657. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root cluster.yml -vvv --syntax-check
  658. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root upgrade-cluster.yml -vvv --syntax-check
  659. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root reset.yml -vvv --syntax-check
  660. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
  661. except: ['triggers', 'master']
  662. yamllint:
  663. <<: *job
  664. stage: unit-tests
  665. script:
  666. - yamllint roles
  667. except: ['triggers', 'master']
  668. tox-inventory-builder:
  669. stage: unit-tests
  670. <<: *job
  671. script:
  672. - pip install tox
  673. - cd contrib/inventory_builder && tox
  674. when: manual
  675. except: ['triggers', 'master']