Publish container images to quay.io

Also, upgrade ZK to 3.7.1.  This is necessary for recent versions
of Nodepool.  We can upgrade directly from 3.5.5 without changes.

Change-Id: Ie7bb0adbc2019074364a06c5f55fa4a1e8c259e4

.zuul.yaml

@@ -7,25 +7,23 @@
       - playbooks/zuul-operator-functional/test.yaml
     post-run: playbooks/zuul-operator-functional/post.yaml
     vars:
-      # We disable userland-proxy to enable scheduler deployement to connect to the gearman service
-      # see: https://github.com/eclipse/che/issues/8134
-      docker_userland_proxy: false
-      container_runtime: docker
-      minikube_version: v1.22.0  # NOTE(corvus): 1.23.0 failed with no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
+      # Use microk8s to enable podman and speculative quay.io compatibility
+      ensure_kubernetes_type: microk8s
+      kubernetes_runtime: cri-o
 
 - job:
     description: Operator integration tests with Kubernetes
     name: zuul-operator-functional-k8s
     parent: zuul-operator-functional
     pre-run: playbooks/zuul-operator-functional/pre-k8s.yaml
-    nodeset: ubuntu-bionic
+    nodeset: ubuntu-jammy
     vars:
       namespace: 'default'
 
 - job:
     description: Image and buildset registry job
     name: zuul-operator-build-image
-    parent: opendev-build-docker-image
+    parent: opendev-build-container-image
     allowed-projects: zuul/zuul-operator
     requires:
       - zuul-container-image
@@ -37,39 +35,55 @@
       - zuul-operator-container-image
     vars: &image_vars
       zuul_work_dir: "{{ zuul.projects['opendev.org/zuul/zuul-operator'].src_dir }}"
-      docker_images:
+      promote_container_image_method: intermediate-registry
+      promote_container_image_job: zuul-operator-upload-image
+      container_command: docker
+      container_images:
         - context: .
-          dockerfile: build/Dockerfile
-          repository: zuul/zuul-operator
+          container_filename: build/Dockerfile
+          registry: quay.io
+          repository: quay.io/zuul-ci/zuul-operator
           tags:
             # If zuul.tag is defined: [ '3', '3.19', '3.19.0' ].  Only works for 3-component tags.
             # Otherwise: ['latest']
             "{{ zuul.tag is defined | ternary([zuul.get('tag', '').split('.')[0], '.'.join(zuul.get('tag', '').split('.')[:2]), zuul.get('tag', '')], ['latest']) }}"
 
 - secret:
-    name: zuul-operator-dockerhub
+    name: zuul-operator-registry-credentials
     data:
-      username: zuulzuul
-      password: !encrypted/pkcs1-oaep
-        - QVrNMxcxfu35rLxt2m/ZGWPRHDm0rbw/rybpkbuL8B7v0CvJjgsLxfZ2uonMRINk53gex
-          TN9Y6vdM3YUu/Bdu4Z7cTKV+ohBRdCbEzJAVHJGclYRAFVzAMLDgKWZRFNrJVY1/0U9AZ
-          a4F32AS8hWAdH03Ntv77cK+NX/y0pSAySin7o45XrHAA21vAASp9PSGLCSCB5pVfHELyR
-          lgpu4+NMh2ocbbDwzQFAJbYgb60OYRYlsvI4ECCvDDm2Jxma6iOYnSe62E8v/K7fhFzVr
-          orBystkKaOy1154aGYTajtR0vebTGw6XJt4SYID3dHKS9XTwjpTEJySfFtSRDHDi0lhdN
-          gSS7ZojBlOrj1/a/Oddca9iGgjqLaC2iOJGsABXXP14WambZNvDG07/eEaS2dhV745k06
-          HPdapriUCuTBqivSkItighYYB8eh9LkqwVxXJ/feyewMERasWkKPDkT/mX5+R1KJCTnwS
-          xmEvngPk5gLwpDexLL+nmNahYNbz7alzFUGCSR7jTLORZUgimGDzfaguTHZNhzb4jE9kU
-          0s5nzOti9LdQNCkKVAvRCsOyp7+U9zvf6LHQhO35ivW3vrSmEfyqQqUVdJMBHhBE8M0jj
-          AYLhYdFc748RTCVJzka6uAQ69QJuv0wSP0+MHKy39OrnOSDZUGm1dkeTQwqpWA=
+      quay.io:
+        username: zuul-ci+opendevzuul
+        password: !encrypted/pkcs1-oaep
+          - QEH6ht5DiBnOOaANKQvuLB6Ebe2w9tsnyVKbn7o+ULtt3Yl4og4m5pDjDHriUhyiTUFn8
+            lBh21BNtxg0zpjezUPNMIZQLg3lcmQZ29sZm6c3rIWcy9VmU287rZCN725AKzXYsy80VT
+            1Glk7GlyH9CNG2foUfEB+NY1rfjYTaGVJiz3x/SXe4LuSZZftyRyZlOZJ8QTw5cKKu7kz
+            xuiTwY9CaARkqyBULnf8XY4DeVYVq7E63UBMJ964BFm+KgBQQr1UUvP+TYC9YOMFzTZkO
+            EdceMMsZPYJhlM3FQXCEzfTlo+aEGijuFFpEGLhy+vd1J3PMRbrLHG1JfAK7bIXBSx8QV
+            +n6xO8290ojjyKTnwlPvFGoaxZ4cEP/r4sPl6PDZLuW7aKOzVRacojuVRijDHU/E9zHzT
+            tN2nwm3ZiMh5Sk59NAiW8CJuVuS1S4PCe5qs7k9efyBXPHXxSFt/StiLVZd0ftzZZxZ07
+            rGsb4gZk8QWNpShT3UthzieSCDvIl7sSmZVwKHZlwnI2JNsgSXkNvLeg5LUUoOv8w7tDG
+            EIxAUHxiTZqZLIb/zP0k6ET84HDXbOG3+8EhxNIMKPZeuykA+ycHwJQxJ7ykUGPKX/76v
+            GGtsGKSZlWjxT/Z3Xz5WFSy4iEG/1crrY1+vWPkb4Wgp5XFHo4SRR1TnJpZBQM=
+        api_token: !encrypted/pkcs1-oaep
+          - E8MqHar0rNwH/NK8CGyGI+b46NIbfwxCTJuhfs1xak6xrZPHC8C9IJdlC6IIxNlKE/8ND
+            KywN9Tx+wSnnOpTLWZmMmQSKAelZ3679q1QHPtGW6GZDE6OH2LWX7YCnD4z4XKZrzdRet
+            ZnYDNxVepg+V4S5kzrmRoGTcU1nMGHUcTnMTPKbs3hziS3tmNFUWTDUICxM7f6LpxlDfK
+            2tNSjLJ0gjmQ9NiyLt1/4+MJ9yCeZuFdWxsJd8f2y7b5fyrSXpWWl4q0E7x+3S5H5B7BK
+            7P7hmyCh3A7EURGNF2OkY8xKbwZHaKmUmKSKuhzxSYpThciJS6r0MLGswYgq9cDUUkQU7
+            uDQQPin6uDzmwH/I8g6eB9mjmAKc0yPpb4TmVQVQIy9bT5A+3RAWhv7FAzJZCsQRtrE/2
+            gChuGv3MCGHxrZr7DhI5A77a7vqxp4YR38OmKdCe2VfL0alSJsrzp1UGZKW7/uBKZjKMw
+            Mx4uE3yr5HyA0MCI21BXjWJYClFaSJ7FFFxsoCpYgVYzWM5CKGsytZYuWffuWHdnL+JdO
+            44OmxSw4On0E9vf0mSgMlY5JIYIwhoDWhPTI0lGgf4YBnOFnK1o2LLpv0BT/HopkgdJvQ
+            nmJMvnMKV5KF8Mcqt+T0esX8A1pkyrfpcanZa5X3F3ukl90UVH3Pt+MhDn5xjA=
 
 - job:
-    description: Build Docker images and upload to Docker Hub.
+    description: Build container images and upload.
     name: zuul-operator-upload-image
-    parent: opendev-upload-docker-image
+    parent: opendev-upload-container-image
     allowed-projects: zuul/zuul-operator
     secrets:
-      name: docker_credentials
-      secret: zuul-operator-dockerhub
+      name: container_registry_credentials
+      secret: zuul-operator-registry-credentials
       pass-to-parent: true
     requires:
       - zuul-container-image
@@ -84,11 +98,11 @@
 - job:
     description: Promote previously uploaded images.
     name: zuul-operator-promote-image
-    parent: opendev-promote-docker-image
+    parent: opendev-promote-container-image
     allowed-projects: zuul/zuul-operator
     secrets:
-      name: docker_credentials
-      secret: zuul-operator-dockerhub
+      name: container_registry_credentials
+      secret: zuul-operator-registry-credentials
       pass-to-parent: true
     nodeset:
       nodes: []
@@ -118,4 +132,4 @@
         - zuul-operator-upload-image:
             vars:
               <<: *image_vars
-              upload_docker_image_promote: false
+              upload_container_image_promote: false

Makefile

@@ -1,5 +1,5 @@
 image:
-	podman build -f build/Dockerfile -t docker.io/zuul/zuul-operator .
+	podman build -f build/Dockerfile -t quay.io/zuul-ci/zuul-operator .
 
 install:
 	kubectl apply -f deploy/crds/zuul-ci_v1alpha2_zuul_crd.yaml -f deploy/rbac-admin.yaml -f deploy/operator.yaml

deploy/crds/zuul-ci_v1alpha2_zuul_cr.yaml

@@ -3,7 +3,7 @@ kind: Zuul
 metadata:
   name: zuul
 spec:
-  imagePrefix: docker.io/zuul
+  imagePrefix: quay.io/zuul-ci
   executor:
     count: 1
     sshkey:

deploy/operator.yaml

@@ -15,5 +15,5 @@ spec:
       serviceAccountName: zuul-operator
       containers:
         - name: operator
-          image: "docker.io/zuul/zuul-operator"
+          image: "quay.io/zuul-ci/zuul-operator"
           imagePullPolicy: "IfNotPresent"

doc/source/index.rst

@@ -232,7 +232,7 @@ verbatim):
    apiVersion: zuul-ci.org/v1alpha2
    kind: Zuul
    spec:
-     imagePrefix: docker.io/zuul
+     imagePrefix: quay.io/zuul-ci
      imagePullSecrets:
        - name: my-docker-secret
      zuulImageVersion: latest
@@ -289,7 +289,7 @@ verbatim):
    .. attr:: spec
 
       .. attr:: imagePrefix
-         :default: docker.io/zuul
+         :default: quay.io/zuul-ci
 
          The prefix to use for images.  The image names are fixed
          (``zuul-executor``, etc).  However, changing the prefix will

playbooks/zuul-operator-functional/post.yaml

@@ -1,6 +1,6 @@
 - hosts: all
   roles:
-    - collect-container-logs
+    - collect-kubernetes-logs
   post_tasks:
     - name: Describe resources
       command: "bash -c 'kubectl describe {{ item }} > ~/zuul-output/logs/describe-{{ item }}.txt'"

playbooks/zuul-operator-functional/pre-k8s.yaml

@@ -6,11 +6,10 @@
     - role: ensure-podman
     - role: ensure-kubernetes
       vars:
-        minikube_dns_resolvers:
-          - '1.1.1.1'
-          - '8.8.8.8'
-        ensure_kubernetes_minikube_addons:
+        ensure_kubernetes_microk8s_addons:
           - ingress
+          - dns
+          - storage
     - role: use-buildset-registry
       buildset_registry_docker_user: root
   post_tasks:

playbooks/zuul-operator-functional/run.yaml

@@ -5,7 +5,6 @@
     # locally for development.
     install_operator: true
     zuul_work_dir: "{{ zuul.projects['opendev.org/zuul/zuul-operator'].src_dir }}"
-    runtime: minikube
   tasks:
     - name: Setup CRD
       command: kubectl apply -f deploy/crds/zuul-ci_v1alpha2_zuul_crd.yaml -f deploy/rbac.yaml

playbooks/zuul-operator-functional/tasks/create_static_node.yaml

@@ -1,17 +1,8 @@
 - name: Create static node image
-  when: "runtime == 'minikube'"
+  become: true
   args:
     chdir: "{{ zuul_work_dir }}/playbooks/zuul-operator-functional/static-node"
-  shell: |
-    /tmp/minikube image build . -t static-node
-
-- name: Create static node image
-  when: "runtime == 'kind'"
-  args:
-    chdir: "{{ zuul_work_dir }}/playbooks/zuul-operator-functional/static-node"
-  shell: |
-    docker build . -t static-node
-    kind load docker-image static-node
+  command: podman build . -t static-node
 
 - name: Run static node
   k8s:

playbooks/zuul-operator-functional/test.yaml

@@ -2,7 +2,6 @@
   hosts: all
   vars:
     zuul_work_dir: "{{ zuul.projects['opendev.org/zuul/zuul-operator'].src_dir }}"
-    runtime: minikube
   tasks:
     - name: Install ingress
       include_tasks: tasks/ingress.yaml
@@ -13,22 +12,10 @@
       register: git_root
 
     - name: get cluster ip
-      when: runtime == 'minikube'
-      command: /tmp/minikube ip
+      command: microk8s kubectl get node -o json | jq '.items[].status.addresses[] | select(.type=="InternalIP") | .address'
       register: _cluster_ip
 
     - name: set cluster ip
-      when: runtime == 'minikube'
-      set_fact:
-        cluster_ip: "{{ _cluster_ip.stdout_lines[0] }}"
-
-    - name: get cluster ip
-      when: runtime == 'kind'
-      command: docker inspect -f "{% raw %}{{ .NetworkSettings.IPAddress }}{% endraw %}" kind-control-plane
-      register: _cluster_ip
-
-    - name: set cluster ip
-      when: runtime == 'kind'
       set_fact:
         cluster_ip: "{{ _cluster_ip.stdout_lines[0] }}"
 

tools/restart.sh

@@ -24,16 +24,16 @@ $KIND create cluster --config kind.yaml
 HEAVY=true
 
 common_images=(
-    docker.io/library/zookeeper:3.5.5
+    docker.io/library/zookeeper:3.7.1
     quay.io/jetstack/cert-manager-cainjector:v1.2.0
     quay.io/jetstack/cert-manager-controller:v1.2.0
     quay.io/jetstack/cert-manager-webhook:v1.2.0
     docker.io/jettech/kube-webhook-certgen:v1.5.1
-    docker.io/zuul/zuul-web:latest
-    docker.io/zuul/zuul-scheduler:latest
-    docker.io/zuul/zuul-executor:latest
-    docker.io/zuul/zuul-preview:latest
-    docker.io/zuul/zuul-registry:latest
+    quay.io/zuul-ci/zuul-web:latest
+    quay.io/zuul-ci/zuul-scheduler:latest
+    quay.io/zuul-ci/zuul-executor:latest
+    quay.io/zuul-ci/zuul-preview:latest
+    quay.io/zuul-ci/zuul-registry:latest
 )
 
 heavy_images=(
@@ -66,7 +66,7 @@ else
     done
 fi
 
-$KIND load docker-image docker.io/zuul/zuul-operator:latest
+$KIND load docker-image quay.io/zuul-ci/zuul-operator:latest
 
 $KUBECTL apply -f ingress.yaml &
 

zuul_operator/templates/zookeeper.yaml

@@ -265,7 +265,7 @@ spec:
       containers:
 
         - name: zookeeper
-          image: "zookeeper:3.5.5"
+          image: "zookeeper:3.7.1"
           imagePullPolicy: IfNotPresent
           command:
              - "/bin/bash"

zuul_operator/zuul.py

@@ -86,7 +86,7 @@ class Zuul:
         self.manage_registry_cert = ('secretName' not in registry_tls)
         registry_tls.setdefault('secretName', 'zuul-registry-tls')
 
-        self.spec.setdefault('imagePrefix', 'docker.io/zuul')
+        self.spec.setdefault('imagePrefix', 'quay.io/zuul-ci')
         self.spec.setdefault('imagePullSecrets', [])
         self.spec.setdefault('zuulImageVersion', 'latest')
         self.spec.setdefault('zuulPreviewImageVersion', 'latest')