Fedora CI requires privileged access[1],[4],[5] in order to run their workloads on the CentOS CI Infra Openshift 4.5 cluster. Fedora CI has this level access currently on the CentOS CI Infra Openshift 3.6 cluster. We want to ensure that Fedora CI is not blocked during their migration to the new CentOS CI Infra Openshift 4.5 cluster, this access has been granted there also.
privileged
During the fortnightly #fedora-ci meeting, we raised having privileged permissions as being an issue. We learned that in the future, a move to using tmt will resolve this in that Fedora CI will no longer require access to privileged containers when this work is completed. However there is no clear timeline for when this work will take place, and actually Fedora CI has been told not to count on having access to tmt any time soon. We would like to propose that Fedora CI consider a modification to their pipeline, to move to a more supportable workflow, making use of the Kubevirt operator.
#fedora-ci
tmt
On the new Openshift 4.5 cluster, we have a solution to run these KVM workloads without the use of a privileged container. We have installed a Kubevirt operator[6] and made it available for use by users. In order to make use of this operator, it would require that Fedora CI make some changes to their workflow.
Hmm, sorry for missing this meeting, but the TMT / STI pipelines should be accessible this week, similarly to recently enabled rpmdeplint pipeline. Still ;) my Testing Farm Team is interested in using kubevirt in the future. So is this operator now enabled on the new CentOS Openshift cluster?
https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/rpmdeplint-pipeline/job/master/
@mvadkert yep we've enabled it on the new CentOS Openshift 4.5 cluster :)
@dkirwan we use just the old cluster, what is now the onboard process for the new one?
We've written up a document with the basics on how to get started migrating over to the new cluster here: https://github.com/centosci/ocp4-docs/blob/master/sops/migration/README.md
Open a ticket to start the process to have accounts/namespace created: https://pagure.io/centos-infra/new_issue?template=ci-migration
Thanks very much!
Closing in favor of https://pagure.io/centos-infra/issue/102
Fedora CI is migrating to Testing Farm service, which runs now on AWS but will in the future try to use also kubevirt from the cluster ...
Metadata Update from @mvadkert: - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.