738 lines
21 KiB
YAML
738 lines
21 KiB
YAML
stages:
|
|
- moderator
|
|
- unit-tests
|
|
- deploy-gce-part1
|
|
- deploy-gce-part2
|
|
- deploy-gce-special
|
|
|
|
variables:
|
|
FAILFASTCI_NAMESPACE: 'kargo-ci'
|
|
# DOCKER_HOST: tcp://localhost:2375
|
|
ANSIBLE_FORCE_COLOR: "true"
|
|
|
|
# asia-east1-a
|
|
# asia-northeast1-a
|
|
# europe-west1-b
|
|
# us-central1-a
|
|
# us-east1-b
|
|
# us-west1-a
|
|
|
|
before_script:
|
|
- pip install -r tests/requirements.txt
|
|
- mkdir -p /.ssh
|
|
- cp tests/ansible.cfg .
|
|
|
|
.job: &job
|
|
tags:
|
|
- kubernetes
|
|
- docker
|
|
image: quay.io/ant31/kargo:master
|
|
|
|
.docker_service: &docker_service
|
|
services:
|
|
- docker:dind
|
|
|
|
.create_cluster: &create_cluster
|
|
<<: *job
|
|
<<: *docker_service
|
|
|
|
.gce_variables: &gce_variables
|
|
GCE_USER: travis
|
|
SSH_USER: $GCE_USER
|
|
TEST_ID: "$CI_PIPELINE_ID-$CI_BUILD_ID"
|
|
CONTAINER_ENGINE: docker
|
|
PRIVATE_KEY: $GCE_PRIVATE_KEY
|
|
GS_ACCESS_KEY_ID: $GS_KEY
|
|
GS_SECRET_ACCESS_KEY: $GS_SECRET
|
|
CLOUD_MACHINE_TYPE: "g1-small"
|
|
ANSIBLE_KEEP_REMOTE_FILES: "1"
|
|
ANSIBLE_CONFIG: ./tests/ansible.cfg
|
|
BOOTSTRAP_OS: none
|
|
DOWNLOAD_LOCALHOST: "false"
|
|
DOWNLOAD_RUN_ONCE: "false"
|
|
IDEMPOT_CHECK: "false"
|
|
RESET_CHECK: "false"
|
|
UPGRADE_TEST: "false"
|
|
KUBEADM_ENABLED: "false"
|
|
RESOLVCONF_MODE: docker_dns
|
|
LOG_LEVEL: "-vv"
|
|
ETCD_DEPLOYMENT: "docker"
|
|
KUBELET_DEPLOYMENT: "host"
|
|
VAULT_DEPLOYMENT: "docker"
|
|
WEAVE_CPU_LIMIT: "100m"
|
|
AUTHORIZATION_MODES: "{ 'authorization_modes': [] }"
|
|
MAGIC: "ci check this"
|
|
|
|
.gce: &gce
|
|
<<: *job
|
|
<<: *docker_service
|
|
cache:
|
|
key: "$CI_BUILD_REF_NAME"
|
|
paths:
|
|
- downloads/
|
|
- $HOME/.cache
|
|
before_script:
|
|
- docker info
|
|
- pip install -r tests/requirements.txt
|
|
- mkdir -p /.ssh
|
|
- mkdir -p $HOME/.ssh
|
|
- echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa
|
|
- echo $GCE_PEM_FILE | base64 -d > $HOME/.ssh/gce
|
|
- echo $GCE_CREDENTIALS > $HOME/.ssh/gce.json
|
|
- chmod 400 $HOME/.ssh/id_rsa
|
|
- ansible-playbook --version
|
|
- export PYPATH=$([ $BOOTSTRAP_OS = none ] && echo /usr/bin/python || echo /opt/bin/python)
|
|
script:
|
|
- pwd
|
|
- ls
|
|
- echo ${PWD}
|
|
- echo "${STARTUP_SCRIPT}"
|
|
- >
|
|
ansible-playbook tests/cloud_playbooks/create-gce.yml -i tests/local_inventory/hosts.cfg -c local
|
|
${LOG_LEVEL}
|
|
-e cloud_image=${CLOUD_IMAGE}
|
|
-e cloud_region=${CLOUD_REGION}
|
|
-e gce_credentials_file=${HOME}/.ssh/gce.json
|
|
-e gce_project_id=${GCE_PROJECT_ID}
|
|
-e gce_service_account_email=${GCE_ACCOUNT}
|
|
-e cloud_machine_type=${CLOUD_MACHINE_TYPE}
|
|
-e inventory_path=${PWD}/inventory/inventory.ini
|
|
-e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
|
-e mode=${CLUSTER_MODE}
|
|
-e test_id=${TEST_ID}
|
|
-e startup_script="'${STARTUP_SCRIPT}'"
|
|
|
|
# Check out latest tag if testing upgrade
|
|
# Uncomment when gitlab kargo repo has tags
|
|
#- test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
|
|
- test "${UPGRADE_TEST}" != "false" && git checkout 72ae7638bcc94c66afa8620dfa4ad9a9249327ea
|
|
|
|
|
|
# Create cluster
|
|
- >
|
|
ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER
|
|
${SSH_ARGS}
|
|
${LOG_LEVEL}
|
|
-e ansible_python_interpreter=${PYPATH}
|
|
-e ansible_ssh_user=${SSH_USER}
|
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
|
-e cert_management=${CERT_MGMT:-script}
|
|
-e cloud_provider=gce
|
|
-e "{deploy_netchecker: true}"
|
|
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
|
-e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
|
|
-e etcd_deployment_type=${ETCD_DEPLOYMENT}
|
|
-e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
|
-e kubedns_min_replicas=1
|
|
-e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
|
|
-e local_release_dir=${PWD}/downloads
|
|
-e resolvconf_mode=${RESOLVCONF_MODE}
|
|
-e vault_deployment_type=${VAULT_DEPLOYMENT}
|
|
-e weave_cpu_requests=${WEAVE_CPU_LIMIT}
|
|
-e weave_cpu_limit=${WEAVE_CPU_LIMIT}
|
|
-e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
|
|
-e "${AUTHORIZATION_MODES}"
|
|
--limit "all:!fake_hosts"
|
|
cluster.yml
|
|
|
|
# Repeat deployment if testing upgrade
|
|
- >
|
|
if [ "${UPGRADE_TEST}" != "false" ]; then
|
|
test "${UPGRADE_TEST}" == "basic" && PLAYBOOK="cluster.yml";
|
|
test "${UPGRADE_TEST}" == "graceful" && PLAYBOOK="upgrade-cluster.yml";
|
|
git checkout "${CI_BUILD_REF}";
|
|
ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER
|
|
${SSH_ARGS}
|
|
${LOG_LEVEL}
|
|
-e ansible_python_interpreter=${PYPATH}
|
|
-e ansible_ssh_user=${SSH_USER}
|
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
|
-e cloud_provider=gce
|
|
-e "{deploy_netchecker: true}"
|
|
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
|
-e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
|
|
-e etcd_deployment_type=${ETCD_DEPLOYMENT}
|
|
-e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
|
-e kubedns_min_replicas=1
|
|
-e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
|
|
-e local_release_dir=${PWD}/downloads
|
|
-e resolvconf_mode=${RESOLVCONF_MODE}
|
|
-e vault_deployment_type=${VAULT_DEPLOYMENT}
|
|
-e weave_cpu_requests=${WEAVE_CPU_LIMIT}
|
|
-e weave_cpu_limit=${WEAVE_CPU_LIMIT}
|
|
-e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
|
|
-e "${AUTHORIZATION_MODES}"
|
|
--limit "all:!fake_hosts"
|
|
$PLAYBOOK;
|
|
fi
|
|
|
|
# Tests Cases
|
|
## Test Master API
|
|
- >
|
|
ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/010_check-apiserver.yml $LOG_LEVEL
|
|
-e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
|
|
|
|
## Ping the between 2 pod
|
|
- ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/030_check-network.yml $LOG_LEVEL
|
|
|
|
## Advanced DNS checks
|
|
- ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL
|
|
|
|
## Idempotency checks 1/5 (repeat deployment)
|
|
- >
|
|
if [ "${IDEMPOT_CHECK}" = "true" ]; then
|
|
ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS
|
|
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
|
--private-key=${HOME}/.ssh/id_rsa
|
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
|
-e ansible_python_interpreter=${PYPATH}
|
|
-e "{deploy_netchecker: true}"
|
|
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
|
-e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
|
|
-e etcd_deployment_type=${ETCD_DEPLOYMENT}
|
|
-e kubedns_min_replicas=1
|
|
-e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
|
|
-e local_release_dir=${PWD}/downloads
|
|
-e resolvconf_mode=${RESOLVCONF_MODE}
|
|
-e vault_deployment_type=${VAULT_DEPLOYMENT}
|
|
-e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
|
|
-e weave_cpu_requests=${WEAVE_CPU_LIMIT}
|
|
-e weave_cpu_limit=${WEAVE_CPU_LIMIT}
|
|
-e "${AUTHORIZATION_MODES}"
|
|
--limit "all:!fake_hosts"
|
|
cluster.yml;
|
|
fi
|
|
|
|
## Idempotency checks 2/5 (Advanced DNS checks)
|
|
- >
|
|
if [ "${IDEMPOT_CHECK}" = "true" ]; then
|
|
ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH}
|
|
-u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root
|
|
--limit "all:!fake_hosts"
|
|
tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
|
|
fi
|
|
|
|
## Idempotency checks 3/5 (reset deployment)
|
|
- >
|
|
if [ "${IDEMPOT_CHECK}" = "true" AND "${RESET_CHECK}" = "true" ]; then
|
|
ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS
|
|
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
|
--private-key=${HOME}/.ssh/id_rsa
|
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
|
-e ansible_python_interpreter=${PYPATH}
|
|
-e reset_confirmation=yes
|
|
--limit "all:!fake_hosts"
|
|
reset.yml;
|
|
fi
|
|
|
|
## Idempotency checks 4/5 (redeploy after reset)
|
|
- >
|
|
if [ "${IDEMPOT_CHECK}" = "true" AND "${RESET_CHECK}" = "true" ]; then
|
|
ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS
|
|
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
|
--private-key=${HOME}/.ssh/id_rsa
|
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
|
-e ansible_python_interpreter=${PYPATH}
|
|
-e "{deploy_netchecker: true}"
|
|
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
|
-e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
|
|
-e etcd_deployment_type=${ETCD_DEPLOYMENT}
|
|
-e kubedns_min_replicas=1
|
|
-e kubelet_deployment_type=${KUBELET_DEPLOYMENT}
|
|
-e local_release_dir=${PWD}/downloads
|
|
-e resolvconf_mode=${RESOLVCONF_MODE}
|
|
-e vault_deployment_type=${VAULT_DEPLOYMENT}
|
|
-e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
|
|
-e weave_cpu_requests=${WEAVE_CPU_LIMIT}
|
|
-e weave_cpu_limit=${WEAVE_CPU_LIMIT}
|
|
-e "${AUTHORIZATION_MODES}"
|
|
--limit "all:!fake_hosts"
|
|
cluster.yml;
|
|
fi
|
|
|
|
## Idempotency checks 5/5 (Advanced DNS checks)
|
|
- >
|
|
if [ "${IDEMPOT_CHECK}" = "true" AND "${RESET_CHECK}" = "true" ]; then
|
|
ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH}
|
|
-u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root
|
|
--limit "all:!fake_hosts"
|
|
tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
|
|
fi
|
|
|
|
# after_script:
|
|
# - >
|
|
# ansible-playbook -i inventory/inventory.ini tests/cloud_playbooks/delete-gce.yml -c local $LOG_LEVEL
|
|
# -e mode=${CLUSTER_MODE}
|
|
# -e test_id=${TEST_ID}
|
|
# -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
|
# -e gce_project_id=${GCE_PROJECT_ID}
|
|
# -e gce_service_account_email=${GCE_ACCOUNT}
|
|
# -e gce_credentials_file=${HOME}/.ssh/gce.json
|
|
# -e cloud_image=${CLOUD_IMAGE}
|
|
# -e inventory_path=${PWD}/inventory/inventory.ini
|
|
# -e cloud_region=${CLOUD_REGION}
|
|
|
|
# Test matrix. Leave the comments for markup scripts.
|
|
.coreos_calico_aio_variables: &coreos_calico_aio_variables
|
|
# stage: deploy-gce-part1
|
|
AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
|
|
KUBE_NETWORK_PLUGIN: calico
|
|
CLOUD_IMAGE: coreos-stable-1465-6-0-v20170817
|
|
CLOUD_REGION: us-west1-b
|
|
CLOUD_MACHINE_TYPE: "n1-standard-2"
|
|
CLUSTER_MODE: aio
|
|
BOOTSTRAP_OS: coreos
|
|
RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
|
|
##User-data to simply turn off coreos upgrades
|
|
STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'
|
|
|
|
.ubuntu_canal_ha_rbac_variables: &ubuntu_canal_ha_rbac_variables
|
|
# stage: deploy-gce-part1
|
|
KUBE_NETWORK_PLUGIN: canal
|
|
AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
|
|
CLOUD_IMAGE: ubuntu-1604-xenial
|
|
CLOUD_REGION: europe-west1-b
|
|
CLUSTER_MODE: ha
|
|
UPGRADE_TEST: "graceful"
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.centos_weave_kubeadm_variables: ¢os_weave_kubeadm_variables
|
|
# stage: deploy-gce-part1
|
|
KUBE_NETWORK_PLUGIN: weave
|
|
AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
|
|
CLOUD_IMAGE: centos-7
|
|
CLOUD_MACHINE_TYPE: "n1-standard-1"
|
|
CLOUD_REGION: us-central1-b
|
|
CLUSTER_MODE: ha
|
|
KUBEADM_ENABLED: "true"
|
|
UPGRADE_TEST: "graceful"
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.ubuntu_canal_kubeadm_variables: &ubuntu_canal_kubeadm_variables
|
|
# stage: deploy-gce-part1
|
|
KUBE_NETWORK_PLUGIN: canal
|
|
AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
|
|
CLOUD_IMAGE: ubuntu-1604-xenial
|
|
CLOUD_MACHINE_TYPE: "n1-standard-1"
|
|
CLOUD_REGION: europe-west1-b
|
|
CLUSTER_MODE: ha
|
|
KUBEADM_ENABLED: "true"
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.rhel7_weave_variables: &rhel7_weave_variables
|
|
# stage: deploy-gce-part1
|
|
KUBE_NETWORK_PLUGIN: weave
|
|
CLOUD_IMAGE: rhel-7
|
|
CLOUD_REGION: europe-west1-b
|
|
CLUSTER_MODE: default
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.centos7_flannel_variables: ¢os7_flannel_variables
|
|
# stage: deploy-gce-part2
|
|
KUBE_NETWORK_PLUGIN: flannel
|
|
CLOUD_IMAGE: centos-7
|
|
CLOUD_REGION: us-west1-a
|
|
CLOUD_MACHINE_TYPE: "n1-standard-2"
|
|
CLUSTER_MODE: default
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.debian8_calico_variables: &debian8_calico_variables
|
|
# stage: deploy-gce-part2
|
|
KUBE_NETWORK_PLUGIN: calico
|
|
CLOUD_IMAGE: debian-8-kubespray
|
|
CLOUD_REGION: us-central1-b
|
|
CLUSTER_MODE: default
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.coreos_canal_variables: &coreos_canal_variables
|
|
# stage: deploy-gce-part2
|
|
KUBE_NETWORK_PLUGIN: canal
|
|
CLOUD_IMAGE: coreos-stable-1465-6-0-v20170817
|
|
CLOUD_REGION: us-east1-b
|
|
CLUSTER_MODE: default
|
|
BOOTSTRAP_OS: coreos
|
|
IDEMPOT_CHECK: "true"
|
|
RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
|
|
STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'
|
|
|
|
.rhel7_canal_sep_variables: &rhel7_canal_sep_variables
|
|
# stage: deploy-gce-special
|
|
KUBE_NETWORK_PLUGIN: canal
|
|
CLOUD_IMAGE: rhel-7
|
|
CLOUD_REGION: us-east1-b
|
|
CLUSTER_MODE: separate
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.ubuntu_weave_sep_variables: &ubuntu_weave_sep_variables
|
|
# stage: deploy-gce-special
|
|
KUBE_NETWORK_PLUGIN: weave
|
|
CLOUD_IMAGE: ubuntu-1604-xenial
|
|
CLOUD_REGION: us-central1-b
|
|
CLUSTER_MODE: separate
|
|
IDEMPOT_CHECK: "false"
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.centos7_calico_ha_variables: ¢os7_calico_ha_variables
|
|
# stage: deploy-gce-special
|
|
KUBE_NETWORK_PLUGIN: calico
|
|
DOWNLOAD_LOCALHOST: "true"
|
|
DOWNLOAD_RUN_ONCE: "true"
|
|
CLOUD_IMAGE: centos-7
|
|
CLOUD_REGION: europe-west1-b
|
|
CLUSTER_MODE: ha-scale
|
|
IDEMPOT_CHECK: "true"
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.coreos_alpha_weave_ha_variables: &coreos_alpha_weave_ha_variables
|
|
# stage: deploy-gce-special
|
|
KUBE_NETWORK_PLUGIN: weave
|
|
CLOUD_IMAGE: coreos-alpha-1506-0-0-v20170817
|
|
CLOUD_REGION: us-west1-a
|
|
CLUSTER_MODE: ha-scale
|
|
BOOTSTRAP_OS: coreos
|
|
RESOLVCONF_MODE: host_resolvconf # This is required as long as the CoreOS stable channel uses docker < 1.12
|
|
STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'
|
|
|
|
.ubuntu_rkt_sep_variables: &ubuntu_rkt_sep_variables
|
|
# stage: deploy-gce-part1
|
|
KUBE_NETWORK_PLUGIN: flannel
|
|
CLOUD_IMAGE: ubuntu-1604-xenial
|
|
CLOUD_REGION: us-central1-b
|
|
CLUSTER_MODE: separate
|
|
ETCD_DEPLOYMENT: rkt
|
|
KUBELET_DEPLOYMENT: rkt
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.ubuntu_vault_sep_variables: &ubuntu_vault_sep_variables
|
|
# stage: deploy-gce-part1
|
|
AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
|
|
CLOUD_MACHINE_TYPE: "n1-standard-2"
|
|
KUBE_NETWORK_PLUGIN: canal
|
|
CERT_MGMT: vault
|
|
CLOUD_IMAGE: ubuntu-1604-xenial
|
|
CLOUD_REGION: us-central1-b
|
|
CLUSTER_MODE: separate
|
|
STARTUP_SCRIPT: ""
|
|
|
|
.ubuntu_flannel_rbac_variables: &ubuntu_flannel_rbac_variables
|
|
# stage: deploy-gce-special
|
|
AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }"
|
|
KUBE_NETWORK_PLUGIN: flannel
|
|
CLOUD_IMAGE: ubuntu-1604-xenial
|
|
CLOUD_REGION: europe-west1-b
|
|
CLUSTER_MODE: separate
|
|
STARTUP_SCRIPT: ""
|
|
|
|
# Builds for PRs only (premoderated by unit-tests step) and triggers (auto)
|
|
coreos-calico-aio:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *coreos_calico_aio_variables
|
|
when: on_success
|
|
except: ['triggers']
|
|
only: [/^pr-.*$/]
|
|
|
|
coreos-calico-sep-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *coreos_calico_aio_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
centos7-flannel:
|
|
stage: deploy-gce-part2
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *centos7_flannel_variables
|
|
when: on_success
|
|
except: ['triggers']
|
|
only: [/^pr-.*$/]
|
|
|
|
centos7-flannel-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *centos7_flannel_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
ubuntu-weave-sep:
|
|
stage: deploy-gce-special
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_weave_sep_variables
|
|
when: on_success
|
|
except: ['triggers']
|
|
only: [/^pr-.*$/]
|
|
|
|
ubuntu-weave-sep-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_weave_sep_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
# More builds for PRs/merges (manual) and triggers (auto)
|
|
ubuntu-canal-ha-rbac:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_canal_ha_rbac_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
ubuntu-canal-ha-rbac-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_canal_ha_rbac_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
ubuntu-canal-kubeadm-rbac:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_canal_kubeadm_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
ubuntu-canal-kubeadm-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_canal_kubeadm_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
centos-weave-kubeadm-rbac:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *centos_weave_kubeadm_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
centos-weave-kubeadm-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *centos_weave_kubeadm_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
rhel7-weave:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *rhel7_weave_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
rhel7-weave-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *rhel7_weave_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
debian8-calico-upgrade:
|
|
stage: deploy-gce-part2
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *debian8_calico_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
debian8-calico-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *debian8_calico_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
coreos-canal:
|
|
stage: deploy-gce-part2
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *coreos_canal_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
coreos-canal-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *coreos_canal_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
rhel7-canal-sep:
|
|
stage: deploy-gce-special
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *rhel7_canal_sep_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/,]
|
|
|
|
rhel7-canal-sep-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *rhel7_canal_sep_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
centos7-calico-ha:
|
|
stage: deploy-gce-special
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *centos7_calico_ha_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
centos7-calico-ha-triggers:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *centos7_calico_ha_variables
|
|
when: on_success
|
|
only: ['triggers']
|
|
|
|
# no triggers yet https://github.com/kubernetes-incubator/kargo/issues/613
|
|
coreos-alpha-weave-ha:
|
|
stage: deploy-gce-special
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *coreos_alpha_weave_ha_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
ubuntu-rkt-sep:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_rkt_sep_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
ubuntu-vault-sep:
|
|
stage: deploy-gce-part1
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_vault_sep_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
ubuntu-flannel-rbac-sep:
|
|
stage: deploy-gce-special
|
|
<<: *job
|
|
<<: *gce
|
|
variables:
|
|
<<: *gce_variables
|
|
<<: *ubuntu_flannel_rbac_variables
|
|
when: manual
|
|
except: ['triggers']
|
|
only: ['master', /^pr-.*$/]
|
|
|
|
# Premoderated with manual actions
|
|
ci-authorized:
|
|
<<: *job
|
|
stage: moderator
|
|
before_script:
|
|
- apt-get -y install jq
|
|
script:
|
|
- /bin/sh scripts/premoderator.sh
|
|
except: ['triggers', 'master']
|
|
|
|
syntax-check:
|
|
<<: *job
|
|
stage: unit-tests
|
|
script:
|
|
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root cluster.yml -vvv --syntax-check
|
|
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root upgrade-cluster.yml -vvv --syntax-check
|
|
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root reset.yml -vvv --syntax-check
|
|
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
|
|
except: ['triggers', 'master']
|
|
|
|
yamllint:
|
|
<<: *job
|
|
stage: unit-tests
|
|
script:
|
|
- yamllint roles
|
|
except: ['triggers', 'master']
|
|
|
|
tox-inventory-builder:
|
|
stage: unit-tests
|
|
<<: *job
|
|
script:
|
|
- pip install tox
|
|
- cd contrib/inventory_builder && tox
|
|
when: manual
|
|
except: ['triggers', 'master']
|