Consume the latest kubevirt-ci fixing the kind lane.

Pin the sriov config daemon version and move all the pfs into the
node's namespace.
References in kubevirt/kubevirtci#248

Signed-off-by: Federico Paolinelli <[email protected]>

cluster-up-sha.txt

@@ -1 +1 @@
-485ca765a95ec0a7797a1a6128fc0edf9d358a70
+dfa2be010812c39ce653331db5bd974ae347c652

cluster-up/cluster/images.sh

@@ -5,7 +5,7 @@ set -e
 declare -A IMAGES
 IMAGES[gocli]="gocli@sha256:e48c7285ac9e4e61fe0f89f35ac5f9090497ea7c8165deeadb61e464c88d8afd"
 if [ -z $KUBEVIRTCI_PROVISION_CHECK ]; then
-    IMAGES[k8s-1.17.0]="k8s-1.17.0@sha256:7ec5504f84983dc1dd3dd2dfdcaf2aeeb4314de021c6636e099e616be76f73a0"
+    IMAGES[k8s-1.17.0]="k8s-1.17.0@sha256:7c932e8551f26d1d84b3b7846ac88de3ee835399f10623fc447654b55c0b91e6"
     IMAGES[k8s-1.16.2]="k8s-1.16.2@sha256:5bae6a5f3b996952c5ceb4ba12ac635146425909801df89d34a592f3d3502b0c"
     IMAGES[k8s-1.15.1]="k8s-1.15.1@sha256:14d7b1806f24e527167d2913deafd910ea46e69b830bf0b094dde35ba961b159"
     IMAGES[k8s-1.14.6]="k8s-1.14.6@sha256:ec29c07c94fce22f37a448cb85ca1fb9215d1854f52573316752d19a1c88bcb3"

cluster-up/cluster/k8s-1.17.0/dev-guide.md

@@ -0,0 +1,149 @@
+# kubevirtci K8s provider dev guide.
+
+The purpose of kubevirtci is to create pre-provisioned K8s clusters as container images,
+allowing people to easily run a K8s cluster.
+
+The target audience is developers of kubevirtci, who want to create a new provider, or to update an existing one.
+
+Please refer first to the following documents on how to run k8s-1.17.0:\
+[k8s-1.17.0 cluster-up](https://github.com/kubevirt/kubevirtci/blob/master/cluster-up/cluster/k8s-1.17.0/README.md)
+
+In this doc, we will go on what kubevirtci provider image consist of, what its inner architecture,
+flow of start a pre-provisioned cluster, flow of creating a new provider, and how to create a new provider.
+
+A provider includes all the images (K8s base image, nodes OS image) and the scripts that allows it to start a
+cluster offline, without downloading / installing / compiling new resources.
+Deploying a cluster will create containers, which communicate with each other, in order to act as a K8s cluster.
+It's a bit different from running bare-metal cluster where the nodes are physical machines or when the nodes are virtual machines on the host itself,
+It gives us isolation advantage and state freezing of the needed components, allowing offline deploy, agnostic of the host OS, and installed packages. 
+
+# Project structure
+* cluster-provision folder - creating preprovisioned clusters.
+* cluster-up folder - spinning up preprovisioned clusters.
+* gocli - gocli is a binary that assist in provisioning and spinning up a cluster. sources of gocli are at cluster-provision/gocli.
+
+# K8s Deployment
+Running `make cluster-up` will deploy a pre-provisioned cluster.
+Upon finishing deployment of a K8s deploy, we will have 3 containers:
+* k8s-1.17.0 vm container - a container that runs a qemu VM, which is the K8s node, in which the pods will run.
+* Registry container - a shared image registry.
+* k8s-1.17.0 dnsmasq container - a container that run dnsmasq, which gives dns and dhcp services.
+
+The containers are running and looks like this:
+```
+[root@modi01 1.17.0]# docker ps
+CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS              PORTS                                                                                                                          NAMES
+3589e85efc7d        kubevirtci/k8s-1.17.0   "/bin/bash -c '/vm.s…"   About an hour ago   Up About an hour                                                                                                                                   k8s-1.17.0-node01
+4742dc02add2        registry:2.7.1          "/entrypoint.sh /etc…"   About an hour ago   Up About an hour                                                                                                                                   k8s-1.17.0-registry
+13787e7d4ac9        kubevirtci/k8s-1.17.0   "/bin/bash -c /dnsma…"   About an hour ago   Up About an hour    127.0.0.1:8443->8443/tcp, 0.0.0.0:32794->2201/tcp, 0.0.0.0:32793->5000/tcp, 0.0.0.0:32792->5901/tcp, 0.0.0.0:32791->6443/tcp   k8s-1.17.0-dnsmasq
+```
+
+Nodes:
+```
+[root@modi01 kubevirtci]# oc get nodes
+NAME     STATUS   ROLES    AGE   VERSION
+node01   Ready    master   83m   v1.17.0
+```
+
+# Inner look of a deployed cluster
+We can connect to the node of the cluster by:
+```
+./cluster-up/ssh.sh node01
+```
+
+List the pods
+```
+[vagrant@node01 ~]$ sudo crictl pods
+POD ID              CREATED             STATE               NAME                             NAMESPACE           ATTEMPT
+403513878c8b7       10 minutes ago      Ready               coredns-6955765f44-m6ckl         kube-system         4
+0c3e25e58b9d0       10 minutes ago      Ready               local-volume-provisioner-fkzgk   default             4
+e6d96770770f4       10 minutes ago      Ready               coredns-6955765f44-mhfgg         kube-system         4
+19ad529c78acc       10 minutes ago      Ready               kube-flannel-ds-amd64-mq5cx      kube-system         0
+47acef4276900       10 minutes ago      Ready               kube-proxy-vtj59                 kube-system         0
+df5863c55a52f       11 minutes ago      Ready               kube-scheduler-node01            kube-system         0
+ca0637d5ac82f       11 minutes ago      Ready               kube-apiserver-node01            kube-system         0
+f0d90506ce3b8       11 minutes ago      Ready               kube-controller-manager-node01   kube-system         0
+f873785341215       11 minutes ago      Ready               etcd-node01                      kube-system         0
+```
+
+Check kubelet service status
+```
+[vagrant@node01 ~]$ systemctl status kubelet
+● kubelet.service - kubelet: The Kubernetes Node Agent
+   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
+  Drop-In: /usr/lib/systemd/system/kubelet.service.d
+           └─10-kubeadm.conf
+   Active: active (running) since Wed 2020-01-15 13:39:54 UTC; 11min ago
+     Docs: https://kubernetes.io/docs/
+ Main PID: 4294 (kubelet)
+   CGroup: /system.slice/kubelet.service
+           ‣ 4294 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/boo...
+```
+
+Connect to the container that runs the vm:
+```
+CONTAINER=$(docker ps | grep vm | awk '{print $1}')
+docker exec -it $CONTAINER bash
+```
+
+From within the container we can see there is a process of qemu which runs the node as a virtual machine.
+```
+[root@855de8c8310f /]# ps -ef | grep qemu
+root         1     0 36 13:39 ?        00:05:22 qemu-system-x86_64 -enable-kvm -drive format=qcow2,file=/var/run/disk/disk.qcow2,if=virtio,cache=unsafe -device virtio-net-pci,netdev=network0,mac=52:55:00:d1:55:01 -netdev tap,id=network0,ifname=tap01,script=no,downscript=no -device virtio-rng-pci -vnc :01 -cpu host -m 5120M -smp 5 -serial pty
+```
+
+# Flow of K8s provisioning (1.17 for example)
+`cluster-provision/k8s/1.17.0/provision.sh`
+* Runs the common cluster-provision/k8s/provision.sh.
+    * Runs cluster-provision/cli/cli (bash script).
+        * Creates a container for dnsmasq and runs dnsmasq.sh in it.
+        * Create a container, and runs vm.sh in it.
+            * Creates a vm using qemu, and checks its ready (according ssh).
+            * Runs cluster-provision/k8s/scripts/provision.sh in the container.
+                * Update docker trusted registries.
+                * Start kubelet service and K8s cluster.
+                * Enable ip routing.
+                * Apply additional manifests, such as flannel.
+                * Wait for pods to become ready.
+                * Pull needed images such as Ceph CSI, fluentd logger.
+                * Create local volume directiories.
+            * Shutdown the vm and commit its container.
+
+# Flow of K8s cluster-up (1.17 for example)
+Run
+```
+export KUBEVIRT_PROVIDER=k8s-1.17.0
+make cluster-up
+```
+* Runs cluster-up/up.sh which sources the following:
+    * cluster-up/cluster/k8s-1.17.0/provider.sh (selected according $KUBEVIRT_PROVIDER), which sources:
+        * cluster-up/cluster/k8s-provider-common.sh
+* Runs `up` (which appears at cluster-up/cluster/k8s-provider-common.sh).
+It Triggers `gocli run` - (cluster-provision/gocli/cmd/run.go) which create the following containers:
+    * Cluster container (that one with the vm from the provisioning, vm.sh is used with parameters here that starts an already created vm).
+    * Registry.
+    * Container for dnsmasq (provides dns, dhcp services).
+
+# Creating new K8s provider
+Clone folders of k8s, folder name should be x/y as in the provider name x-y (ie. k8s-1.17.0) and includes:
+* cluster-provision/k8s/1.17.0/provision.sh  # used to create a new provider
+* cluster-provision/k8s/1.17.0/publish.sh  # used to publish new provider
+* cluster-up/cluster/k8s-1.17.0/provider.sh  # used by cluster-up
+* cluster-up/cluster/k8s-1.17.0/README.md
+
+# Example - Adding a new manifest to K8s 1.17
+* First add the file at cluster-provision/manifests, this folder would be copied to /tmp in the container,
+by cluster-provision/cli/cli as part of provision.
+* Add this snippet at cluster-provision/k8s/scripts/provision.sh, before "Wait at least for 7 pods" line.
+```
+custom_manifest="/tmp/custom_manifest.yaml"
+kubectl --kubeconfig=/etc/kubernetes/admin.conf create -f "$custom_manifest" 
+```
+* Run ./cluster-provision/k8s/1.17.0/provision.sh, it will create a new provision and test it.
+* Run ./cluster-provision/k8s/1.17.0/publish.sh, it will publish the new created image to docker.io
+* Update k8s-1.17.0 image line at cluster-up/cluster/images.sh, to point on the newly published image.
+* Create a PR with the following files:
+    * The new manifest.
+    * Updated cluster-provision/k8s/scripts/provision.sh
+    * Updated cluster-up/cluster/images.sh.
+

cluster-up/cluster/kind-k8s-sriov-1.14.2/config_sriov.sh

@@ -33,7 +33,7 @@ function deploy_sriov_operator {
     # be merged in openshift sriov operator. We need latest since that feature was not tagged yet
     sed -i '/SRIOV_CNI_IMAGE/!b;n;c\              value: nfvpe\/sriov-cni' ./deploy/operator.yaml
     sed -i 's#image: quay.io/openshift/origin-sriov-network-operator$#image: quay.io/openshift/origin-sriov-network-operator:4.2#' ./deploy/operator.yaml
-
+    sed -i 's#value: quay.io/openshift/origin-sriov-network-config-daemon$#value: quay.io/openshift/origin-sriov-network-config-daemon:4.2#' ./deploy/operator.yaml
     # on prow nodes the default shell is dash and some commands are not working
     make deploy-setup-k8s SHELL=/bin/bash OPERATOR_EXEC="${KUBECTL}"
   popd
@@ -78,16 +78,20 @@ for ifs in "${sriov_pfs[@]}"; do
     continue
   fi
 
-  # These values are used to populate the network definition policy yaml.
-  # We just use the first suitable pf
-  # We need the num of vfs because if we don't set this value equals to the total, in case of mellanox
-  # the sriov operator will trigger a node reboot to update the firmware
-  export NODE_PF="$ifs_name"
-  export NODE_PF_NUM_VFS=$(cat /sys/class/net/"$NODE_PF"/device/sriov_totalvfs)
-  break
+  # We set the variable below only in the first iteration as we need only one PF
+  # to inject into the Network Configuration manifest. We need to move all pfs to
+  # the node's namespace and for that reason we do not interrupt the loop.
+  if [ -z "$NODE_PF" ]; then
+    # These values are used to populate the network definition policy yaml.
+    # We just use the first suitable pf
+    # We need the num of vfs because if we don't set this value equals to the total, in case of mellanox
+    # the sriov operator will trigger a node reboot to update the firmware
+    export NODE_PF="$ifs_name"
+    export NODE_PF_NUM_VFS=$(cat /sys/class/net/"$NODE_PF"/device/sriov_totalvfs)
+  fi
+  ip link set "$ifs_name" netns "$SRIOV_NODE"
 done
 
-ip link set "$NODE_PF" netns "$SRIOV_NODE"
 
 # deploy multus
 _kubectl create -f $MANIFESTS_DIR/multus.yaml
@@ -117,4 +121,4 @@ deploy_network_resource_injector
 sleep 5
 wait_pods_ready
 
-${SRIOV_NODE_CMD} chmod 666 /dev/vfio/vfio
+${SRIOV_NODE_CMD} chmod 666 /dev/vfio/vfio

cluster-up/cluster/ocp-4.3/provider.sh

@@ -40,7 +40,7 @@ function up() {
     fi
 
     # The auth has the format base64(user:password)
-    auth=$(cat ~/.docker/config.json  | jq -r '.auths["'$container_registry'"]["auth"]' |base64 -d)
+    auth=$(cat ~/.docker/config.json  | docker run --rm -i imega/jq:1.6 -r '.auths["'$container_registry'"]["auth"]' |base64 -d)
     user=$(echo $auth |awk -F: '{print $1}')
     password=$(echo $auth |awk -F: '{print $2}')
 

cluster-up/container.sh

@@ -3,7 +3,8 @@
 set -e
 
 if [[ $KUBEVIRT_PROVIDER =~ (ocp|okd).* ]]; then
-    CONTAINER=$(docker ps | grep kubevirt | grep $KUBEVIRT_PROVIDER | awk '{print $1}')
+    POSTFIX="cluster"
+    CONTAINER=$(docker ps | grep kubevirt | grep "${KUBEVIRT_PROVIDER}-${POSTFIX}" | awk '{print $1}')
     if [ -z $CONTAINER ]; then
         echo "container was not found"
         exit 0

cluster-up/version.txt

@@ -1 +1 @@
-78dcc4f8aaec467bba8ae325646056128268a169
+f5c7e4db7238ac4130c4e76698807b1c46359b7b

hack/config-default.sh

@@ -11,7 +11,7 @@ cdi_namespace=cdi
 image_pull_policy=${IMAGE_PULL_POLICY:-IfNotPresent}
 verbosity=${VERBOSITY:-2}
 package_name=${PACKAGE_NAME:-kubevirt-dev}
-kubevirtci_git_hash="78dcc4f8aaec467bba8ae325646056128268a169"
+kubevirtci_git_hash="f5c7e4db7238ac4130c4e76698807b1c46359b7b"
 
 # try to derive csv_version from docker tag. But it must start with x.y.z, without leading v
 default_csv_version="${docker_tag/latest/0.0.0}"