Merge "Add template for qa images systests"
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index c15172e..c022c28 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -500,3 +500,56 @@
type: string
description: Environment salt model
default: "{{model}}"
+ oscore-oscc-ci-template:
+ name: "{{job_prefix}}-oscc-ci"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: oscc-ci-pipeline.groovy
+ param:
+ # general
+ DEPLOY_JOB_NAME:
+ type: string
+ description: "Job name tp deploy envs are going to be tested"
+ default: "{{job_prefix}}-{{deployJobPrefix}}"
+ DISTRIBUTION:
+ type: string
+ default: "{{distribution}}"
+ description: "Distribution for the published repo"
+ COMPONENTS:
+ type: string
+ default: "{{components}}"
+ description: "Components for repo"
+ TMP_REPO_NODE_NAME:
+ type: string
+ default: "{{tmp_repo_node_name}}"
+ description: "Node name where temp repo will be published"
+ STACK_RECLASS_ADDRESS:
+ type: string
+ default: "{{stack_reclass_address}}"
+ OPENSTACK_RELEASES:
+ type: string
+ default: "{{openstack_releases}}"
+ description: "OpenStack releases with comma delimeter which have to be testes. For example: pike,ocata"
+ SOURCE_REPO_NAME:
+ type: string
+ description: "Name of the repo where packages are stored"
+ default: "{{source_repo_name}}"
+ APTLY_API_URL:
+ type: string
+ description: URL for the aptly API
+ default: "${_param:jenkins_aptly_url}"
+ STACK_DELETE:
+ type: boolean
+ default: "{{stack_delete}}"
+ description: Do not enable it if you need to use the lab after
diff --git a/nginx/server/proxy/openstack/glare.yml b/nginx/server/proxy/openstack/glare.yml
index ac16abc..898f622 100644
--- a/nginx/server/proxy/openstack/glare.yml
+++ b/nginx/server/proxy/openstack/glare.yml
@@ -12,7 +12,7 @@
underscores_in_headers: true
check: false
proxy:
- host: ${_param:nginx_proxy_openstack_api_proxy_host}
+ host: ${_param:glance_service_host}
port: 9494
protocol: http
size: 30000m
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index 06d83c4..be262b5 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -8,6 +8,34 @@
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index 179d534..e9c7d79 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml
@@ -8,6 +8,34 @@
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}