You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

746 lines
18 KiB

8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
7 years ago
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
7 years ago
6 years ago
8 years ago
6 years ago
8 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
  1. stages:
  2. - unit-tests
  3. - moderator
  4. - deploy-part1
  5. - deploy-part2
  6. - deploy-special
  7. variables:
  8. FAILFASTCI_NAMESPACE: 'kargo-ci'
  9. GITLAB_REPOSITORY: 'kargo-ci/kubernetes-sigs-kubespray'
  10. # DOCKER_HOST: tcp://localhost:2375
  11. ANSIBLE_FORCE_COLOR: "true"
  12. MAGIC: "ci check this"
  13. TEST_ID: "$CI_PIPELINE_ID-$CI_BUILD_ID"
  14. CI_TEST_VARS: "./tests/files/${CI_JOB_NAME}.yml"
  15. GS_ACCESS_KEY_ID: $GS_KEY
  16. GS_SECRET_ACCESS_KEY: $GS_SECRET
  17. CONTAINER_ENGINE: docker
  18. SSH_USER: root
  19. GCE_PREEMPTIBLE: "false"
  20. ANSIBLE_KEEP_REMOTE_FILES: "1"
  21. ANSIBLE_CONFIG: ./tests/ansible.cfg
  22. ANSIBLE_INVENTORY: ./inventory/sample/${CI_JOB_NAME}-${BUILD_NUMBER}.ini
  23. IDEMPOT_CHECK: "false"
  24. RESET_CHECK: "false"
  25. UPGRADE_TEST: "false"
  26. LOG_LEVEL: "-vv"
  27. # asia-east1-a
  28. # asia-northeast1-a
  29. # europe-west1-b
  30. # us-central1-a
  31. # us-east1-b
  32. # us-west1-a
  33. before_script:
  34. - /usr/bin/python -m pip install -r tests/requirements.txt
  35. - mkdir -p /.ssh
  36. .job: &job
  37. tags:
  38. - kubernetes
  39. - docker
  40. image: quay.io/kubespray/kubespray:v2.8
  41. .docker_service: &docker_service
  42. services:
  43. - docker:dind
  44. .create_cluster: &create_cluster
  45. <<: *job
  46. <<: *docker_service
  47. .gce_variables: &gce_variables
  48. GCE_USER: travis
  49. SSH_USER: $GCE_USER
  50. CLOUD_MACHINE_TYPE: "g1-small"
  51. CI_PLATFORM: "gce"
  52. PRIVATE_KEY: $GCE_PRIVATE_KEY
  53. .do_variables: &do_variables
  54. PRIVATE_KEY: $DO_PRIVATE_KEY
  55. CI_PLATFORM: "do"
  56. SSH_USER: root
  57. .testcases: &testcases
  58. <<: *job
  59. <<: *docker_service
  60. cache:
  61. key: "$CI_BUILD_REF_NAME"
  62. paths:
  63. - downloads/
  64. - $HOME/.cache
  65. before_script:
  66. - docker info
  67. - /usr/bin/python -m pip install -r requirements.txt
  68. - /usr/bin/python -m pip install -r tests/requirements.txt
  69. - mkdir -p /.ssh
  70. - mkdir -p $HOME/.ssh
  71. - ansible-playbook --version
  72. - export PYPATH=$([[ ! "$CI_JOB_NAME" =~ "coreos" ]] && echo /usr/bin/python || echo /opt/bin/python)
  73. - echo "CI_JOB_NAME is $CI_JOB_NAME"
  74. - echo "PYPATH is $PYPATH"
  75. script:
  76. - pwd
  77. - ls
  78. - echo ${PWD}
  79. - echo "${STARTUP_SCRIPT}"
  80. - cd tests && make create-${CI_PLATFORM} -s ; cd -
  81. # Check out latest tag if testing upgrade
  82. # Uncomment when gitlab kubespray repo has tags
  83. #- test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
  84. - test "${UPGRADE_TEST}" != "false" && git checkout 9051aa5296ef76fcff69a2e3827cef28752aa475
  85. # Checkout the CI vars file so it is available
  86. - test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" tests/files/${CI_JOB_NAME}.yml
  87. # Workaround https://github.com/kubernetes-sigs/kubespray/issues/2021
  88. - 'sh -c "echo ignore_assert_errors: true | tee -a tests/files/${CI_JOB_NAME}.yml"'
  89. # Create cluster
  90. - >
  91. ansible-playbook
  92. -i ${ANSIBLE_INVENTORY}
  93. -b --become-user=root
  94. --private-key=${HOME}/.ssh/id_rsa
  95. -u $SSH_USER
  96. ${SSH_ARGS}
  97. ${LOG_LEVEL}
  98. -e @${CI_TEST_VARS}
  99. -e ansible_ssh_user=${SSH_USER}
  100. -e local_release_dir=${PWD}/downloads
  101. --limit "all:!fake_hosts"
  102. cluster.yml
  103. # Repeat deployment if testing upgrade
  104. - >
  105. if [ "${UPGRADE_TEST}" != "false" ]; then
  106. test "${UPGRADE_TEST}" == "basic" && PLAYBOOK="cluster.yml";
  107. test "${UPGRADE_TEST}" == "graceful" && PLAYBOOK="upgrade-cluster.yml";
  108. git checkout "${CI_BUILD_REF}";
  109. ansible-playbook
  110. -i ${ANSIBLE_INVENTORY}
  111. -b --become-user=root
  112. --private-key=${HOME}/.ssh/id_rsa
  113. -u $SSH_USER
  114. ${SSH_ARGS}
  115. ${LOG_LEVEL}
  116. -e @${CI_TEST_VARS}
  117. -e ansible_ssh_user=${SSH_USER}
  118. -e local_release_dir=${PWD}/downloads
  119. --limit "all:!fake_hosts"
  120. $PLAYBOOK;
  121. fi
  122. # Tests Cases
  123. ## Test Master API
  124. - ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/010_check-apiserver.yml $LOG_LEVEL
  125. ## Ping the between 2 pod
  126. - ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/030_check-network.yml $LOG_LEVEL
  127. ## Advanced DNS checks
  128. - ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL
  129. ## Idempotency checks 1/5 (repeat deployment)
  130. - >
  131. if [ "${IDEMPOT_CHECK}" = "true" ]; then
  132. ansible-playbook
  133. -i ${ANSIBLE_INVENTORY}
  134. -b --become-user=root
  135. --private-key=${HOME}/.ssh/id_rsa
  136. -u $SSH_USER
  137. ${SSH_ARGS}
  138. ${LOG_LEVEL}
  139. -e @${CI_TEST_VARS}
  140. -e ansible_python_interpreter=${PYPATH}
  141. -e local_release_dir=${PWD}/downloads
  142. --limit "all:!fake_hosts"
  143. cluster.yml;
  144. fi
  145. ## Idempotency checks 2/5 (Advanced DNS checks)
  146. - >
  147. if [ "${IDEMPOT_CHECK}" = "true" ]; then
  148. ansible-playbook
  149. -i ${ANSIBLE_INVENTORY}
  150. -b --become-user=root
  151. --private-key=${HOME}/.ssh/id_rsa
  152. -u $SSH_USER
  153. ${SSH_ARGS}
  154. ${LOG_LEVEL}
  155. -e @${CI_TEST_VARS}
  156. --limit "all:!fake_hosts"
  157. tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
  158. fi
  159. ## Idempotency checks 3/5 (reset deployment)
  160. - >
  161. if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
  162. ansible-playbook
  163. -i ${ANSIBLE_INVENTORY}
  164. -b --become-user=root
  165. --private-key=${HOME}/.ssh/id_rsa
  166. -u $SSH_USER
  167. ${SSH_ARGS}
  168. ${LOG_LEVEL}
  169. -e @${CI_TEST_VARS}
  170. -e ansible_python_interpreter=${PYPATH}
  171. -e reset_confirmation=yes
  172. --limit "all:!fake_hosts"
  173. reset.yml;
  174. fi
  175. ## Idempotency checks 4/5 (redeploy after reset)
  176. - >
  177. if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
  178. ansible-playbook
  179. -i ${ANSIBLE_INVENTORY}
  180. -b --become-user=root
  181. --private-key=${HOME}/.ssh/id_rsa
  182. -u $SSH_USER
  183. ${SSH_ARGS}
  184. ${LOG_LEVEL}
  185. -e @${CI_TEST_VARS}
  186. -e ansible_python_interpreter=${PYPATH}
  187. -e local_release_dir=${PWD}/downloads
  188. --limit "all:!fake_hosts"
  189. cluster.yml;
  190. fi
  191. ## Idempotency checks 5/5 (Advanced DNS checks)
  192. - >
  193. if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
  194. ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH}
  195. -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root
  196. --limit "all:!fake_hosts"
  197. tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
  198. fi
  199. after_script:
  200. - cd tests && make delete-${CI_PLATFORM} -s ; cd -
  201. .gce: &gce
  202. <<: *testcases
  203. variables:
  204. <<: *gce_variables
  205. .do: &do
  206. variables:
  207. <<: *do_variables
  208. <<: *testcases
  209. # Test matrix. Leave the comments for markup scripts.
  210. .coreos_calico_aio_variables: &coreos_calico_aio_variables
  211. # stage: deploy-part1
  212. MOVED_TO_GROUP_VARS: "true"
  213. .ubuntu18_flannel_aio_variables: &ubuntu18_flannel_aio_variables
  214. # stage: deploy-part1
  215. MOVED_TO_GROUP_VARS: "true"
  216. .centos_weave_kubeadm_variables: &centos_weave_kubeadm_variables
  217. # stage: deploy-part1
  218. UPGRADE_TEST: "graceful"
  219. .ubuntu_canal_kubeadm_variables: &ubuntu_canal_kubeadm_variables
  220. # stage: deploy-part1
  221. MOVED_TO_GROUP_VARS: "true"
  222. .ubuntu_canal_ha_variables: &ubuntu_canal_ha_variables
  223. # stage: deploy-special
  224. MOVED_TO_GROUP_VARS: "true"
  225. .ubuntu_contiv_sep_variables: &ubuntu_contiv_sep_variables
  226. # stage: deploy-special
  227. MOVED_TO_GROUP_VARS: "true"
  228. .coreos_cilium_variables: &coreos_cilium_variables
  229. # stage: deploy-special
  230. MOVED_TO_GROUP_VARS: "true"
  231. .ubuntu_cilium_sep_variables: &ubuntu_cilium_sep_variables
  232. # stage: deploy-special
  233. MOVED_TO_GROUP_VARS: "true"
  234. .rhel7_weave_variables: &rhel7_weave_variables
  235. # stage: deploy-part1
  236. MOVED_TO_GROUP_VARS: "true"
  237. .centos7_flannel_addons_variables: &centos7_flannel_addons_variables
  238. # stage: deploy-part2
  239. MOVED_TO_GROUP_VARS: "true"
  240. .debian9_calico_variables: &debian9_calico_variables
  241. # stage: deploy-part2
  242. MOVED_TO_GROUP_VARS: "true"
  243. .coreos_canal_variables: &coreos_canal_variables
  244. # stage: deploy-part2
  245. MOVED_TO_GROUP_VARS: "true"
  246. .rhel7_canal_sep_variables: &rhel7_canal_sep_variables
  247. # stage: deploy-special
  248. MOVED_TO_GROUP_VARS: "true"
  249. .ubuntu_weave_sep_variables: &ubuntu_weave_sep_variables
  250. # stage: deploy-special
  251. MOVED_TO_GROUP_VARS: "true"
  252. .centos7_calico_ha_variables: &centos7_calico_ha_variables
  253. # stage: deploy-special
  254. MOVED_TO_GROUP_VARS: "true"
  255. .centos7_kube_router_variables: &centos7_kube_router_variables
  256. # stage: deploy-special
  257. MOVED_TO_GROUP_VARS: "true"
  258. .centos7_multus_calico_variables: &centos7_multus_calico_variables
  259. # stage: deploy-part2
  260. UPGRADE_TEST: "graceful"
  261. .coreos_alpha_weave_ha_variables: &coreos_alpha_weave_ha_variables
  262. # stage: deploy-special
  263. MOVED_TO_GROUP_VARS: "true"
  264. .coreos_kube_router_variables: &coreos_kube_router_variables
  265. # stage: deploy-special
  266. MOVED_TO_GROUP_VARS: "true"
  267. .ubuntu_rkt_sep_variables: &ubuntu_rkt_sep_variables
  268. # stage: deploy-part1
  269. MOVED_TO_GROUP_VARS: "true"
  270. .ubuntu_flannel_variables: &ubuntu_flannel_variables
  271. # stage: deploy-part2
  272. MOVED_TO_GROUP_VARS: "true"
  273. .ubuntu_kube_router_variables: &ubuntu_kube_router_variables
  274. # stage: deploy-special
  275. MOVED_TO_GROUP_VARS: "true"
  276. .opensuse_canal_variables: &opensuse_canal_variables
  277. # stage: deploy-part2
  278. MOVED_TO_GROUP_VARS: "true"
  279. # Builds for PRs only (premoderated by unit-tests step) and triggers (auto)
  280. ### PR JOBS PART1
  281. gce_ubuntu18-flannel-aio:
  282. stage: deploy-part1
  283. <<: *job
  284. <<: *gce
  285. variables:
  286. <<: *ubuntu18_flannel_aio_variables
  287. <<: *gce_variables
  288. when: on_success
  289. except: ['triggers']
  290. only: [/^pr-.*$/]
  291. ### PR JOBS PART2
  292. gce_coreos-calico-aio:
  293. stage: deploy-part2
  294. <<: *job
  295. <<: *gce
  296. variables:
  297. <<: *coreos_calico_aio_variables
  298. <<: *gce_variables
  299. when: on_success
  300. except: ['triggers']
  301. only: [/^pr-.*$/]
  302. gce_centos7-flannel-addons:
  303. stage: deploy-part2
  304. <<: *job
  305. <<: *gce
  306. variables:
  307. <<: *gce_variables
  308. <<: *centos7_flannel_addons_variables
  309. when: on_success
  310. except: ['triggers']
  311. only: [/^pr-.*$/]
  312. gce_centos-weave-kubeadm-sep:
  313. stage: deploy-part2
  314. <<: *job
  315. <<: *gce
  316. variables:
  317. <<: *gce_variables
  318. <<: *centos_weave_kubeadm_variables
  319. when: on_success
  320. except: ['triggers']
  321. only: [/^pr-.*$/]
  322. gce_ubuntu-flannel-ha:
  323. stage: deploy-part2
  324. <<: *job
  325. <<: *gce
  326. variables:
  327. <<: *gce_variables
  328. <<: *ubuntu_flannel_variables
  329. when: on_success
  330. except: ['triggers']
  331. only: [/^pr-.*$/]
  332. ### MANUAL JOBS
  333. gce_ubuntu-weave-sep:
  334. stage: deploy-part2
  335. <<: *job
  336. <<: *gce
  337. variables:
  338. <<: *gce_variables
  339. <<: *ubuntu_weave_sep_variables
  340. when: manual
  341. except: ['triggers']
  342. only: [/^pr-.*$/]
  343. gce_coreos-calico-sep-triggers:
  344. stage: deploy-part2
  345. <<: *job
  346. <<: *gce
  347. variables:
  348. <<: *gce_variables
  349. <<: *coreos_calico_aio_variables
  350. when: on_success
  351. only: ['triggers']
  352. gce_ubuntu-canal-ha-triggers:
  353. stage: deploy-special
  354. <<: *job
  355. <<: *gce
  356. variables:
  357. <<: *gce_variables
  358. <<: *ubuntu_canal_ha_variables
  359. when: on_success
  360. only: ['triggers']
  361. gce_centos7-flannel-addons-triggers:
  362. stage: deploy-part2
  363. <<: *job
  364. <<: *gce
  365. variables:
  366. <<: *gce_variables
  367. <<: *centos7_flannel_addons_variables
  368. when: on_success
  369. only: ['triggers']
  370. gce_ubuntu-weave-sep-triggers:
  371. stage: deploy-part2
  372. <<: *job
  373. <<: *gce
  374. variables:
  375. <<: *gce_variables
  376. <<: *ubuntu_weave_sep_variables
  377. when: on_success
  378. only: ['triggers']
  379. # More builds for PRs/merges (manual) and triggers (auto)
  380. do_ubuntu-canal-ha:
  381. stage: deploy-part2
  382. <<: *job
  383. <<: *do
  384. variables:
  385. <<: *do_variables
  386. when: manual
  387. except: ['triggers']
  388. only: ['master', /^pr-.*$/]
  389. gce_ubuntu-canal-ha:
  390. stage: deploy-special
  391. <<: *job
  392. <<: *gce
  393. variables:
  394. <<: *gce_variables
  395. <<: *ubuntu_canal_ha_variables
  396. when: manual
  397. except: ['triggers']
  398. only: ['master', /^pr-.*$/]
  399. gce_ubuntu-canal-kubeadm:
  400. stage: deploy-part2
  401. <<: *job
  402. <<: *gce
  403. variables:
  404. <<: *gce_variables
  405. <<: *ubuntu_canal_kubeadm_variables
  406. when: manual
  407. except: ['triggers']
  408. only: ['master', /^pr-.*$/]
  409. gce_ubuntu-canal-kubeadm-triggers:
  410. stage: deploy-part2
  411. <<: *job
  412. <<: *gce
  413. variables:
  414. <<: *gce_variables
  415. <<: *ubuntu_canal_kubeadm_variables
  416. when: on_success
  417. only: ['triggers']
  418. gce_centos-weave-kubeadm-triggers:
  419. stage: deploy-part2
  420. <<: *job
  421. <<: *gce
  422. variables:
  423. <<: *gce_variables
  424. <<: *centos_weave_kubeadm_variables
  425. when: on_success
  426. only: ['triggers']
  427. gce_ubuntu-contiv-sep:
  428. stage: deploy-special
  429. <<: *job
  430. <<: *gce
  431. variables:
  432. <<: *gce_variables
  433. <<: *ubuntu_contiv_sep_variables
  434. when: manual
  435. except: ['triggers']
  436. only: ['master', /^pr-.*$/]
  437. gce_coreos-cilium:
  438. stage: deploy-special
  439. <<: *job
  440. <<: *gce
  441. variables:
  442. <<: *gce_variables
  443. <<: *coreos_cilium_variables
  444. when: manual
  445. except: ['triggers']
  446. only: ['master', /^pr-.*$/]
  447. gce_ubuntu-cilium-sep:
  448. stage: deploy-special
  449. <<: *job
  450. <<: *gce
  451. variables:
  452. <<: *gce_variables
  453. <<: *ubuntu_cilium_sep_variables
  454. when: manual
  455. except: ['triggers']
  456. only: ['master', /^pr-.*$/]
  457. gce_rhel7-weave:
  458. stage: deploy-part2
  459. <<: *job
  460. <<: *gce
  461. variables:
  462. <<: *gce_variables
  463. <<: *rhel7_weave_variables
  464. when: manual
  465. except: ['triggers']
  466. only: ['master', /^pr-.*$/]
  467. gce_rhel7-weave-triggers:
  468. stage: deploy-part2
  469. <<: *job
  470. <<: *gce
  471. variables:
  472. <<: *gce_variables
  473. <<: *rhel7_weave_variables
  474. when: on_success
  475. only: ['triggers']
  476. gce_debian9-calico-upgrade:
  477. stage: deploy-part2
  478. <<: *job
  479. <<: *gce
  480. variables:
  481. <<: *gce_variables
  482. <<: *debian9_calico_variables
  483. when: manual
  484. except: ['triggers']
  485. only: ['master', /^pr-.*$/]
  486. gce_debian9-calico-triggers:
  487. stage: deploy-part2
  488. <<: *job
  489. <<: *gce
  490. variables:
  491. <<: *gce_variables
  492. <<: *debian9_calico_variables
  493. when: on_success
  494. only: ['triggers']
  495. gce_coreos-canal:
  496. stage: deploy-part2
  497. <<: *job
  498. <<: *gce
  499. variables:
  500. <<: *gce_variables
  501. <<: *coreos_canal_variables
  502. when: manual
  503. except: ['triggers']
  504. only: ['master', /^pr-.*$/]
  505. gce_coreos-canal-triggers:
  506. stage: deploy-part2
  507. <<: *job
  508. <<: *gce
  509. variables:
  510. <<: *gce_variables
  511. <<: *coreos_canal_variables
  512. when: on_success
  513. only: ['triggers']
  514. gce_rhel7-canal-sep:
  515. stage: deploy-special
  516. <<: *job
  517. <<: *gce
  518. variables:
  519. <<: *gce_variables
  520. <<: *rhel7_canal_sep_variables
  521. when: manual
  522. except: ['triggers']
  523. only: ['master', /^pr-.*$/]
  524. gce_rhel7-canal-sep-triggers:
  525. stage: deploy-part2
  526. <<: *job
  527. <<: *gce
  528. variables:
  529. <<: *gce_variables
  530. <<: *rhel7_canal_sep_variables
  531. when: on_success
  532. only: ['triggers']
  533. gce_centos7-calico-ha:
  534. stage: deploy-special
  535. <<: *job
  536. <<: *gce
  537. variables:
  538. <<: *gce_variables
  539. <<: *centos7_calico_ha_variables
  540. when: manual
  541. except: ['triggers']
  542. only: ['master', /^pr-.*$/]
  543. gce_centos7-calico-ha-triggers:
  544. stage: deploy-part2
  545. <<: *job
  546. <<: *gce
  547. variables:
  548. <<: *gce_variables
  549. <<: *centos7_calico_ha_variables
  550. when: on_success
  551. only: ['triggers']
  552. gce_centos7-kube-router:
  553. stage: deploy-special
  554. <<: *job
  555. <<: *gce
  556. variables:
  557. <<: *gce_variables
  558. <<: *centos7_kube_router_variables
  559. when: manual
  560. except: ['triggers']
  561. only: ['master', /^pr-.*$/]
  562. gce_centos7-multus-calico:
  563. stage: deploy-part2
  564. <<: *job
  565. <<: *gce
  566. variables:
  567. <<: *gce_variables
  568. <<: *centos7_multus_calico_variables
  569. when: manual
  570. except: ['triggers']
  571. only: ['master', /^pr-.*$/]
  572. gce_opensuse-canal:
  573. stage: deploy-part2
  574. <<: *job
  575. <<: *gce
  576. variables:
  577. <<: *gce_variables
  578. <<: *opensuse_canal_variables
  579. when: manual
  580. except: ['triggers']
  581. only: ['master', /^pr-.*$/]
  582. # no triggers yet https://github.com/kubernetes-incubator/kargo/issues/613
  583. gce_coreos-alpha-weave-ha:
  584. stage: deploy-special
  585. <<: *job
  586. <<: *gce
  587. variables:
  588. <<: *gce_variables
  589. <<: *coreos_alpha_weave_ha_variables
  590. when: manual
  591. except: ['triggers']
  592. only: ['master', /^pr-.*$/]
  593. gce_coreos-kube-router:
  594. stage: deploy-special
  595. <<: *job
  596. <<: *gce
  597. variables:
  598. <<: *gce_variables
  599. <<: *coreos_kube_router_variables
  600. when: manual
  601. except: ['triggers']
  602. only: ['master', /^pr-.*$/]
  603. gce_ubuntu-rkt-sep:
  604. stage: deploy-part2
  605. <<: *job
  606. <<: *gce
  607. variables:
  608. <<: *gce_variables
  609. <<: *ubuntu_rkt_sep_variables
  610. when: manual
  611. except: ['triggers']
  612. only: ['master', /^pr-.*$/]
  613. gce_ubuntu-kube-router-sep:
  614. stage: deploy-special
  615. <<: *job
  616. <<: *gce
  617. variables:
  618. <<: *gce_variables
  619. <<: *ubuntu_kube_router_variables
  620. when: manual
  621. except: ['triggers']
  622. only: ['master', /^pr-.*$/]
  623. # Premoderated with manual actions
  624. ci-authorized:
  625. <<: *job
  626. stage: moderator
  627. before_script:
  628. - apt-get -y install jq
  629. script:
  630. - /bin/sh scripts/premoderator.sh
  631. except: ['triggers', 'master']
  632. syntax-check:
  633. <<: *job
  634. stage: unit-tests
  635. script:
  636. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root cluster.yml -vvv --syntax-check
  637. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root upgrade-cluster.yml -vvv --syntax-check
  638. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root reset.yml -vvv --syntax-check
  639. - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
  640. except: ['triggers', 'master']
  641. yamllint:
  642. <<: *job
  643. stage: unit-tests
  644. script:
  645. - yamllint roles
  646. except: ['triggers', 'master']
  647. tox-inventory-builder:
  648. stage: unit-tests
  649. <<: *job
  650. script:
  651. - pip install tox
  652. - cd contrib/inventory_builder && tox
  653. when: manual
  654. except: ['triggers', 'master']