From a290a3f44459f50512951d1157e314958221a0d0 Mon Sep 17 00:00:00 2001 From: Aditya Narayanaswamy Date: Wed, 7 Jan 2026 16:25:13 -0500 Subject: [PATCH] aws: Adding dualstack presubmit job Adding two presubmit jobs for the dualstack work in aws to support ipv6 along with ipv4. One for ipv4 and one for ipv6 primary. Code generated by claude. --- .../installer/openshift-installer-main.yaml | 20 +++ .../openshift-installer-main-presubmits.yaml | 154 +++++++++++++++++- .../ipi/conf/aws/ipi-conf-aws-commands.sh | 50 ++++++ .../ipi/conf/aws/ipi-conf-aws-ref.yaml | 6 + 4 files changed, 226 insertions(+), 4 deletions(-) diff --git a/ci-operator/config/openshift/installer/openshift-installer-main.yaml b/ci-operator/config/openshift/installer/openshift-installer-main.yaml index 1b5adf3133fd3..cb33569d84fd5 100644 --- a/ci-operator/config/openshift/installer/openshift-installer-main.yaml +++ b/ci-operator/config/openshift/installer/openshift-installer-main.yaml @@ -242,6 +242,26 @@ tests: keyB valueB keyC valueC workflow: openshift-e2e-aws +- always_run: false + as: e2e-aws-ovn-dualstack-ipv4-primary-techpreview + optional: true + run_if_changed: aws + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + IP_FAMILY: DualStackIPv4Primary + workflow: openshift-e2e-aws +- always_run: false + as: e2e-aws-ovn-dualstack-ipv6-primary-techpreview + optional: true + run_if_changed: aws + steps: + cluster_profile: aws-3 + env: + FEATURE_SET: TechPreviewNoUpgrade + IP_FAMILY: DualStackIPv6Primary + workflow: openshift-e2e-aws - always_run: false as: e2e-aws-ovn-proxy optional: true diff --git a/ci-operator/jobs/openshift/installer/openshift-installer-main-presubmits.yaml b/ci-operator/jobs/openshift/installer/openshift-installer-main-presubmits.yaml index 97d6ddb4f1970..1e8aef5b57a16 100644 --- a/ci-operator/jobs/openshift/installer/openshift-installer-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/installer/openshift-installer-main-presubmits.yaml @@ -1,7 +1,7 @@ presubmits: openshift/installer: - agent: kubernetes - always_run: false + always_run: true branches: - ^main$ - ^main- @@ -14,7 +14,6 @@ presubmits: pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-installer-main-artifacts-images rerun_command: /test artifacts-images - skip_if_only_changed: (^docs/)|((^|/)OWNERS(_ALIASES)?$)|((^|/)[A-Z]+\.md$) spec: containers: - args: @@ -1549,6 +1548,154 @@ presubmits: - ^main$ - ^main- cluster: build10 + context: ci/prow/e2e-aws-ovn-dualstack-ipv4-primary-techpreview + decorate: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-installer-main-e2e-aws-ovn-dualstack-ipv4-primary-techpreview + optional: true + rerun_command: /test e2e-aws-ovn-dualstack-ipv4-primary-techpreview + run_if_changed: aws + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-ovn-dualstack-ipv4-primary-techpreview + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-ovn-dualstack-ipv4-primary-techpreview,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build10 + context: ci/prow/e2e-aws-ovn-dualstack-ipv6-primary-techpreview + decorate: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-3 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-installer-main-e2e-aws-ovn-dualstack-ipv6-primary-techpreview + optional: true + rerun_command: /test e2e-aws-ovn-dualstack-ipv6-primary-techpreview + run_if_changed: aws + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-ovn-dualstack-ipv6-primary-techpreview + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-ovn-dualstack-ipv6-primary-techpreview,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build01 context: ci/prow/e2e-aws-ovn-edge-zones decorate: true labels: @@ -7870,7 +8017,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )okd-scos-e2e-aws-ovn,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^main$ - ^main- @@ -7885,7 +8032,6 @@ presubmits: pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-installer-main-okd-scos-images rerun_command: /test okd-scos-images - skip_if_only_changed: (^docs/)|((^|/)OWNERS(_ALIASES)?$)|((^|/)[A-Z]+\.md$) spec: containers: - args: diff --git a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh index 9c937896c24fc..a0ef1f2cfed09 100755 --- a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh +++ b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh @@ -450,3 +450,53 @@ EOF yq-go m -x -i ${CONFIG} ${patch_dedicated_host} cp "${patch_dedicated_host}" "${ARTIFACT_DIR}/" fi + +# Configure dual-stack networking if IP_FAMILY is set +if [[ -n "${IP_FAMILY:-}" ]]; then + echo "Configuring AWS dual-stack networking with ipFamily: ${IP_FAMILY}" + patch_dualstack="${SHARED_DIR}/install-config-dualstack.yaml.patch" + + # For IPv6Primary, IPv6 addresses must be listed first + if [[ "${IP_FAMILY}" == "DualStackIPv6Primary" ]]; then + cat > "${patch_dualstack}" << EOF +platform: + aws: + ipFamily: ${IP_FAMILY} +networking: + networkType: OVNKubernetes + machineNetwork: + - cidr: 10.0.0.0/16 + clusterNetwork: + - cidr: fd01::/48 + hostPrefix: 64 + - cidr: 10.128.0.0/14 + hostPrefix: 23 + serviceNetwork: + - fd02::/112 + - 172.30.0.0/16 +EOF + else + # DualStackIPv4Primary or default - IPv4 addresses listed first + cat > "${patch_dualstack}" << EOF +platform: + aws: + ipFamily: ${IP_FAMILY} +networking: + networkType: OVNKubernetes + machineNetwork: + - cidr: 10.0.0.0/16 + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 + - cidr: fd01::/48 + hostPrefix: 64 + serviceNetwork: + - 172.30.0.0/16 + - fd02::/112 +EOF + fi + + yq-go m -a -x -i "${CONFIG}" "${patch_dualstack}" + cp "${patch_dualstack}" "${ARTIFACT_DIR}/" + echo "Dual-stack networking configuration added to install-config.yaml" +fi diff --git a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml index 410547aaec7a3..543475f24e401 100644 --- a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml @@ -121,5 +121,11 @@ ref: documentation: |- Allows users to enable configuration of dedicated hosts for compute nodes. Valid options are "yes" and "no". When "yes", the configuration will create a dedicated host for each zone the "worker" compute pool has configured. + - name: IP_FAMILY + default: "" + documentation: |- + IP family configuration for dual-stack. Valid values: DualStackIPv4Primary, DualStackIPv6Primary. + When set, configures both IPv4 and IPv6 network stacks for AWS clusters using the ipFamily field. + When "" (default), dual-stack is not configured. documentation: |- The IPI AWS configure step generates the AWS-specific install-config.yaml contents based on the cluster profile and optional input files.